diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2012-04-10 11:17:35 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2012-04-10 11:17:35 -0400 |
commit | e03aedec1f8a0d36f2b177f167f29cca645737e7 (patch) | |
tree | 33f99518347c81e5d79b2f25891680803c201e6d | |
parent | Grsec/PaX: 2.9-{2.6.32.59,3.2.14,3.3.1}-201204062020 (diff) | |
download | hardened-patchset-e03aedec1f8a0d36f2b177f167f29cca645737e7.tar.gz hardened-patchset-e03aedec1f8a0d36f2b177f167f29cca645737e7.tar.bz2 hardened-patchset-e03aedec1f8a0d36f2b177f167f29cca645737e7.zip |
Grsec/PaX: 2.9-{2.6.32.59,3.2.14,3.3.1}-201204062020
-rw-r--r-- | 2.6.32/0000_README | 2 | ||||
-rw-r--r-- | 2.6.32/4420_grsecurity-2.9-2.6.32.59-201204081845.patch (renamed from 2.6.32/4420_grsecurity-2.9-2.6.32.59-201204062020.patch) | 3195 | ||||
-rw-r--r-- | 3.2.14/0000_README | 2 | ||||
-rw-r--r-- | 3.2.14/4420_grsecurity-2.9-3.2.14-201204081846.patch (renamed from 3.2.14/4420_grsecurity-2.9-3.2.14-201204062020.patch) | 2786 | ||||
-rw-r--r-- | 3.3.1/0000_README | 2 | ||||
-rw-r--r-- | 3.3.1/4420_grsecurity-2.9-3.3.1-201204081847.patch (renamed from 3.3.1/4420_grsecurity-2.9-3.3.1-201204062021.patch) | 6867 |
6 files changed, 10326 insertions, 2528 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index e55e10a..5165b40 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch From: http://www.kernel.org Desc: Linux 2.6.32.59 -Patch: 4420_grsecurity-2.9-2.6.32.59-201204062020.patch +Patch: 4420_grsecurity-2.9-2.6.32.59-201204081845.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204062020.patch b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204081845.patch index 8d7ed1b..221682f 100644 --- a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204062020.patch +++ b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204081845.patch @@ -19397,7 +19397,7 @@ index 63b0ec8..6d92227 100644 #endif pv_mmu_ops.flush_tlb_user = kvm_flush_tlb; diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c -index ec6ef60..d784780 100644 +index ec6ef60..89b859f 100644 --- a/arch/x86/kernel/ldt.c +++ b/arch/x86/kernel/ldt.c @@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload) @@ -19458,7 +19458,15 @@ index ec6ef60..d784780 100644 static int read_ldt(void __user *ptr, unsigned long bytecount) { int err; -@@ -229,6 +248,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) +@@ -174,6 +193,7 @@ error_return: + return err; + } + ++static int read_default_ldt(void __user *ptr, unsigned long bytecount) __size_overflow(2); + static int read_default_ldt(void __user *ptr, unsigned long bytecount) + { + /* CHECKME: Can we use _one_ random number ? */ +@@ -229,6 +249,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) } } @@ -21345,6 +21353,19 @@ index be25734..87fe232 100644 } return pc; } +diff --git a/arch/x86/kernel/tlb_uv.c b/arch/x86/kernel/tlb_uv.c +index 364d015ef..dd42f22 100644 +--- a/arch/x86/kernel/tlb_uv.c ++++ b/arch/x86/kernel/tlb_uv.c +@@ -560,6 +560,8 @@ static int uv_ptc_seq_show(struct seq_file *file, void *data) + * >0: retry limit + */ + static ssize_t uv_ptc_proc_write(struct file *file, const char __user *user, ++ size_t count, loff_t *data) __size_overflow(3); ++static ssize_t uv_ptc_proc_write(struct file *file, const char __user *user, + size_t count, loff_t *data) + { + long newmode; diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c index 6bb7b85..8f88b4a 100644 --- a/arch/x86/kernel/tls.c @@ -22553,6 +22574,19 @@ index 8dfeaaa..4daa395 100644 #define APIC_LVT_NUM 6 /* 14 is the version for Xeon and Pentium 8.4.8*/ +diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c +index fdf2e28..d7f29ea 100644 +--- a/arch/x86/kvm/mmu.c ++++ b/arch/x86/kvm/mmu.c +@@ -3065,6 +3065,8 @@ static void *pv_mmu_read_buffer(struct kvm_pv_mmu_op_buffer *buffer, + } + + static int kvm_pv_mmu_write(struct kvm_vcpu *vcpu, ++ gpa_t addr, gpa_t value) __size_overflow(2); ++static int kvm_pv_mmu_write(struct kvm_vcpu *vcpu, + gpa_t addr, gpa_t value) + { + int bytes = 8; diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h index 3bc2707..dd157e2 100644 --- a/arch/x86/kvm/paging_tmpl.h @@ -27287,10 +27321,10 @@ index df3d5c8..c2223e1 100644 p += get_opcode(p, &opcode); for (i = 0; i < ARRAY_SIZE(imm_wop); i++) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c -index e0e6fad..c56b495 100644 +index e0e6fad..2d8a9a5 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c -@@ -83,9 +83,52 @@ static inline void pgd_list_del(pgd_t *pgd) +@@ -83,9 +83,56 @@ static inline void pgd_list_del(pgd_t *pgd) list_del(&page->lru); } @@ -27309,14 +27343,18 @@ index e0e6fad..c56b495 100644 +#ifdef CONFIG_PAX_PER_CPU_PGD +void __clone_user_pgds(pgd_t *dst, const pgd_t *src, int count) +{ -+ while (count--) ++ while (count--) { ++ pgd_t pgd; ++ ++ pgd = __pgd(pgd_val(*src++) | _PAGE_USER); + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ *dst++ = __pgd(pgd_val(*src++) & clone_pgd_mask); -+#else -+ *dst++ = *src++; ++ pgd = __pgd(pgd_val(pgd) & clone_pgd_mask); +#endif + ++ *dst++ = pgd; ++ } ++ +} +#endif + @@ -27345,7 +27383,7 @@ index e0e6fad..c56b495 100644 static void pgd_ctor(pgd_t *pgd) { /* If the pgd points to a shared pagetable level (either the -@@ -119,6 +162,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -119,6 +166,7 @@ static void pgd_dtor(pgd_t *pgd) pgd_list_del(pgd); spin_unlock_irqrestore(&pgd_lock, flags); } @@ -27353,7 +27391,7 @@ index e0e6fad..c56b495 100644 /* * List of all pgd's needed for non-PAE so it can invalidate entries -@@ -131,7 +175,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -131,7 +179,7 @@ static void pgd_dtor(pgd_t *pgd) * -- wli */ @@ -27362,7 +27400,7 @@ index e0e6fad..c56b495 100644 /* * In PAE mode, we need to do a cr3 reload (=tlb flush) when * updating the top-level pagetable entries to guarantee the -@@ -143,7 +187,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -143,7 +191,7 @@ static void pgd_dtor(pgd_t *pgd) * not shared between pagetables (!SHARED_KERNEL_PMDS), we allocate * and initialize the kernel pmds here. */ @@ -27371,7 +27409,7 @@ index e0e6fad..c56b495 100644 void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) { -@@ -161,36 +205,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) +@@ -161,36 +209,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) */ flush_tlb_mm(mm); } @@ -27421,7 +27459,7 @@ index e0e6fad..c56b495 100644 return -ENOMEM; } -@@ -203,51 +249,56 @@ static int preallocate_pmds(pmd_t *pmds[]) +@@ -203,51 +253,56 @@ static int preallocate_pmds(pmd_t *pmds[]) * preallocate which never got a corresponding vma will need to be * freed manually. */ @@ -27495,7 +27533,7 @@ index e0e6fad..c56b495 100644 unsigned long flags; pgd = (pgd_t *)__get_free_page(PGALLOC_GFP); -@@ -257,11 +308,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm) +@@ -257,11 +312,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm) mm->pgd = pgd; @@ -27509,7 +27547,7 @@ index e0e6fad..c56b495 100644 /* * Make sure that pre-populating the pmds is atomic with -@@ -271,14 +322,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm) +@@ -271,14 +326,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm) spin_lock_irqsave(&pgd_lock, flags); pgd_ctor(pgd); @@ -27527,7 +27565,7 @@ index e0e6fad..c56b495 100644 out_free_pgd: free_page((unsigned long)pgd); out: -@@ -287,7 +338,7 @@ out: +@@ -287,7 +342,7 @@ out: void pgd_free(struct mm_struct *mm, pgd_t *pgd) { @@ -33413,6 +33451,19 @@ index db6dcfa..13834cb 100644 if (copy_from_user(&stl_dummyport, arg, sizeof(struct stlport))) return -EFAULT; portp = stl_getport(stl_dummyport.brdnr, stl_dummyport.panelnr, +diff --git a/drivers/char/sysrq.c b/drivers/char/sysrq.c +index 44203ff..09a3678 100644 +--- a/drivers/char/sysrq.c ++++ b/drivers/char/sysrq.c +@@ -591,7 +591,7 @@ EXPORT_SYMBOL(unregister_sysrq_key); + static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf, + size_t count, loff_t *ppos) + { +- if (count) { ++ if (count && capable(CAP_SYS_ADMIN)) { + char c; + + if (get_user(c, buf)) diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c index a0789f6..cea3902 100644 --- a/drivers/char/tpm/tpm.c @@ -38390,6 +38441,30 @@ index 482d0f3..ee1e202 100644 return -EFAULT; return i; } +diff --git a/drivers/media/video/cpia.c b/drivers/media/video/cpia.c +index 2377313..1fe1929 100644 +--- a/drivers/media/video/cpia.c ++++ b/drivers/media/video/cpia.c +@@ -199,6 +199,7 @@ static void set_flicker(struct cam_params *params, volatile u32 *command_flags, + * Memory management + * + **********************************************************************/ ++static void *rvmalloc(unsigned long size) __size_overflow(1); + static void *rvmalloc(unsigned long size) + { + void *mem; +diff --git a/drivers/media/video/cpia2/cpia2_core.c b/drivers/media/video/cpia2/cpia2_core.c +index 1cc0df8..7545bfb 100644 +--- a/drivers/media/video/cpia2/cpia2_core.c ++++ b/drivers/media/video/cpia2/cpia2_core.c +@@ -86,6 +86,7 @@ static inline unsigned long kvirt_to_pa(unsigned long adr) + return ret; + } + ++static void *rvmalloc(unsigned long size) __size_overflow(1); + static void *rvmalloc(unsigned long size) + { + void *mem; diff --git a/drivers/media/video/cx18/cx18-driver.c b/drivers/media/video/cx18/cx18-driver.c index 6dd51e2..0359b92 100644 --- a/drivers/media/video/cx18/cx18-driver.c @@ -38421,6 +38496,44 @@ index 6dd51e2..0359b92 100644 if (i >= CX18_MAX_CARDS) { printk(KERN_ERR "cx18: cannot manage card %d, driver has a " "limit of 0 - %d\n", i, CX18_MAX_CARDS - 1); +diff --git a/drivers/media/video/cx231xx/cx231xx-audio.c b/drivers/media/video/cx231xx/cx231xx-audio.c +index 7793d60..2a3f58f 100644 +--- a/drivers/media/video/cx231xx/cx231xx-audio.c ++++ b/drivers/media/video/cx231xx/cx231xx-audio.c +@@ -240,6 +240,8 @@ static int cx231xx_cmd(struct cx231xx *dev, int cmd, int arg) + } + + static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, ++ size_t size) __size_overflow(2); ++static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, + size_t size) + { + struct snd_pcm_runtime *runtime = subs->runtime; +diff --git a/drivers/media/video/em28xx/em28xx-audio.c b/drivers/media/video/em28xx/em28xx-audio.c +index ac947ae..f017085 100644 +--- a/drivers/media/video/em28xx/em28xx-audio.c ++++ b/drivers/media/video/em28xx/em28xx-audio.c +@@ -243,6 +243,8 @@ static int em28xx_cmd(struct em28xx *dev, int cmd, int arg) + } + + static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, ++ size_t size) __size_overflow(2); ++static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, + size_t size) + { + struct snd_pcm_runtime *runtime = subs->runtime; +diff --git a/drivers/media/video/gspca/gspca.c b/drivers/media/video/gspca/gspca.c +index 23d3fb7..295f320 100644 +--- a/drivers/media/video/gspca/gspca.c ++++ b/drivers/media/video/gspca/gspca.c +@@ -331,6 +331,7 @@ static int gspca_is_compressed(__u32 format) + return 0; + } + ++static void *rvmalloc(unsigned long size) __size_overflow(1); + static void *rvmalloc(unsigned long size) + { + void *mem; diff --git a/drivers/media/video/ivtv/ivtv-driver.c b/drivers/media/video/ivtv/ivtv-driver.c index 463ec34..2f4625a 100644 --- a/drivers/media/video/ivtv/ivtv-driver.c @@ -38434,6 +38547,18 @@ index 463ec34..2f4625a 100644 /* Parameter declarations */ static int cardtype[IVTV_MAX_CARDS]; +diff --git a/drivers/media/video/meye.c b/drivers/media/video/meye.c +index 01e1eef..ee31c17 100644 +--- a/drivers/media/video/meye.c ++++ b/drivers/media/video/meye.c +@@ -70,6 +70,7 @@ static struct meye meye; + /****************************************************************************/ + /* Memory allocation routines (stolen from bttv-driver.c) */ + /****************************************************************************/ ++static void *rvmalloc(unsigned long size) __size_overflow(1); + static void *rvmalloc(unsigned long size) + { + void *mem; diff --git a/drivers/media/video/omap24xxcam.c b/drivers/media/video/omap24xxcam.c index 5fc4ac0..652a54a 100644 --- a/drivers/media/video/omap24xxcam.c @@ -38460,6 +38585,19 @@ index 2ce67f5..cf26a5b 100644 /* accessing cam here doesn't need serialisation: it's constant */ struct omap24xxcam_device *cam; }; +diff --git a/drivers/media/video/ov511.c b/drivers/media/video/ov511.c +index 2bed9e2..a22bbc0 100644 +--- a/drivers/media/video/ov511.c ++++ b/drivers/media/video/ov511.c +@@ -312,6 +312,8 @@ static struct symbolic_list urb_errlist[] = { + * Memory management + **********************************************************************/ + static void * ++rvmalloc(unsigned long size) __size_overflow(1); ++static void * + rvmalloc(unsigned long size) + { + void *mem; diff --git a/drivers/media/video/pvrusb2/pvrusb2-eeprom.c b/drivers/media/video/pvrusb2/pvrusb2-eeprom.c index 299afa4..eb47459 100644 --- a/drivers/media/video/pvrusb2/pvrusb2-eeprom.c @@ -38521,6 +38659,30 @@ index 9c1d3ac..b1b49e9 100644 while (loop) { tmComResInfo_t tRsp = { 0, 0, 0, 0, 0, 0 }; +diff --git a/drivers/media/video/se401.c b/drivers/media/video/se401.c +index 85ffc2c..8bdc3b8 100644 +--- a/drivers/media/video/se401.c ++++ b/drivers/media/video/se401.c +@@ -66,6 +66,7 @@ static struct usb_driver se401_driver; + * Memory management + * + **********************************************************************/ ++static void *rvmalloc(unsigned long size) __size_overflow(1); + static void *rvmalloc(unsigned long size) + { + void *mem; +diff --git a/drivers/media/video/stv680.c b/drivers/media/video/stv680.c +index 6a91714..633e57a 100644 +--- a/drivers/media/video/stv680.c ++++ b/drivers/media/video/stv680.c +@@ -125,6 +125,7 @@ module_param(video_nr, int, 0); + * + * And the STV0680 driver - Kevin + ********************************************************************/ ++static void *rvmalloc (unsigned long size) __size_overflow(1); + static void *rvmalloc (unsigned long size) + { + void *mem; diff --git a/drivers/media/video/usbvideo/ibmcam.c b/drivers/media/video/usbvideo/ibmcam.c index b085496..cde0270 100644 --- a/drivers/media/video/usbvideo/ibmcam.c @@ -38668,6 +38830,18 @@ index c66985b..7fa143a 100644 struct usbvideo { int num_cameras; /* As allocated */ +diff --git a/drivers/media/video/usbvideo/vicam.c b/drivers/media/video/usbvideo/vicam.c +index 45fce39..15110fc 100644 +--- a/drivers/media/video/usbvideo/vicam.c ++++ b/drivers/media/video/usbvideo/vicam.c +@@ -81,6 +81,7 @@ + * in the future. + * + */ ++static void *rvmalloc(unsigned long size) __size_overflow(1); + static void *rvmalloc(unsigned long size) + { + void *mem; diff --git a/drivers/media/video/usbvision/usbvision-core.c b/drivers/media/video/usbvision/usbvision-core.c index e0f91e4..37554ea 100644 --- a/drivers/media/video/usbvision/usbvision-core.c @@ -38698,10 +38872,18 @@ index 0d06e7c..3d17d24 100644 if (basename[len - 1] >= '0' && basename[len - 1] <= '9') diff --git a/drivers/media/video/videobuf-dma-sg.c b/drivers/media/video/videobuf-dma-sg.c -index 032ebae..4ebd8e8 100644 +index 032ebae..a655547 100644 --- a/drivers/media/video/videobuf-dma-sg.c +++ b/drivers/media/video/videobuf-dma-sg.c -@@ -631,6 +631,9 @@ static int __videobuf_mmap_mapper(struct videobuf_queue *q, +@@ -412,6 +412,7 @@ static const struct vm_operations_struct videobuf_vm_ops = + struct videobuf_dma_sg_memory + */ + ++static void *__videobuf_alloc(size_t size) __size_overflow(1); + static void *__videobuf_alloc(size_t size) + { + struct videobuf_dma_sg_memory *mem; +@@ -631,6 +632,9 @@ static int __videobuf_mmap_mapper(struct videobuf_queue *q, static int __videobuf_copy_to_user ( struct videobuf_queue *q, char __user *data, size_t count, @@ -38711,7 +38893,17 @@ index 032ebae..4ebd8e8 100644 int nonblocking ) { struct videobuf_dma_sg_memory *mem = q->read_buf->priv; -@@ -693,6 +696,8 @@ void *videobuf_sg_alloc(size_t size) +@@ -649,6 +653,9 @@ static int __videobuf_copy_to_user ( struct videobuf_queue *q, + + static int __videobuf_copy_stream ( struct videobuf_queue *q, + char __user *data, size_t count, size_t pos, ++ int vbihack, int nonblocking ) __size_overflow(3); ++static int __videobuf_copy_stream ( struct videobuf_queue *q, ++ char __user *data, size_t count, size_t pos, + int vbihack, int nonblocking ) + { + unsigned int *fc; +@@ -693,6 +700,8 @@ void *videobuf_sg_alloc(size_t size) { struct videobuf_queue q; @@ -38721,10 +38913,18 @@ index 032ebae..4ebd8e8 100644 q.int_ops = &sg_ops; diff --git a/drivers/media/video/videobuf-vmalloc.c b/drivers/media/video/videobuf-vmalloc.c -index 35f3900..aa7c2f1 100644 +index 35f3900..00d7051 100644 --- a/drivers/media/video/videobuf-vmalloc.c +++ b/drivers/media/video/videobuf-vmalloc.c -@@ -330,6 +330,9 @@ error: +@@ -132,6 +132,7 @@ static const struct vm_operations_struct videobuf_vm_ops = + struct videobuf_dma_sg_memory + */ + ++static void *__videobuf_alloc(size_t size) __size_overflow(1); + static void *__videobuf_alloc(size_t size) + { + struct videobuf_vmalloc_memory *mem; +@@ -330,6 +331,9 @@ error: static int __videobuf_copy_to_user ( struct videobuf_queue *q, char __user *data, size_t count, @@ -38734,6 +38934,29 @@ index 35f3900..aa7c2f1 100644 int nonblocking ) { struct videobuf_vmalloc_memory *mem=q->read_buf->priv; +@@ -350,6 +354,9 @@ static int __videobuf_copy_to_user ( struct videobuf_queue *q, + + static int __videobuf_copy_stream ( struct videobuf_queue *q, + char __user *data, size_t count, size_t pos, ++ int vbihack, int nonblocking ) __size_overflow(3); ++static int __videobuf_copy_stream ( struct videobuf_queue *q, ++ char __user *data, size_t count, size_t pos, + int vbihack, int nonblocking ) + { + unsigned int *fc; +diff --git a/drivers/media/video/w9968cf.c b/drivers/media/video/w9968cf.c +index 37fcdc4..03f5890 100644 +--- a/drivers/media/video/w9968cf.c ++++ b/drivers/media/video/w9968cf.c +@@ -430,7 +430,7 @@ static int w9968cf_i2c_smbus_xfer(struct i2c_adapter*, u16 addr, + static u32 w9968cf_i2c_func(struct i2c_adapter*); + + /* Memory management */ +-static void* rvmalloc(unsigned long size); ++static void* rvmalloc(unsigned long size) __size_overflow(1); + static void rvfree(void *mem, unsigned long size); + static void w9968cf_deallocate_memory(struct w9968cf_device*); + static int w9968cf_allocate_memory(struct w9968cf_device*); diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c index b6992b7..9fa7547 100644 --- a/drivers/message/fusion/mptbase.c @@ -39552,49 +39775,6 @@ index 8b22b18..6fada85 100644 /* Assume logical EraseSize == physical erasesize for starting the scan. We'll sort it out later if we find a MediaHeader which says otherwise */ /* Actually, we won't. The new DiskOnChip driver has already scanned -diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c -index 14cec04..09d8519 100644 ---- a/drivers/mtd/ubi/build.c -+++ b/drivers/mtd/ubi/build.c -@@ -1255,7 +1255,7 @@ module_exit(ubi_exit); - static int __init bytes_str_to_int(const char *str) - { - char *endp; -- unsigned long result; -+ unsigned long result, scale = 1; - - result = simple_strtoul(str, &endp, 0); - if (str == endp || result >= INT_MAX) { -@@ -1266,11 +1266,11 @@ static int __init bytes_str_to_int(const char *str) - - switch (*endp) { - case 'G': -- result *= 1024; -+ scale *= 1024; - case 'M': -- result *= 1024; -+ scale *= 1024; - case 'K': -- result *= 1024; -+ scale *= 1024; - if (endp[1] == 'i' && endp[2] == 'B') - endp += 2; - case '\0': -@@ -1281,7 +1281,13 @@ static int __init bytes_str_to_int(const char *str) - return -EINVAL; - } - -- return result; -+ if (result*scale >= INT_MAX) { -+ printk(KERN_ERR "UBI error: incorrect bytes count: \"%s\"\n", -+ str); -+ return -EINVAL; -+ } -+ -+ return result*scale; - } - - /** diff --git a/drivers/net/atlx/atl2.c b/drivers/net/atlx/atl2.c index ab68886..ca405e8 100644 --- a/drivers/net/atlx/atl2.c @@ -52243,6 +52423,19 @@ index 4874b2b..67f8526 100644 if ((rc = bnx2_nvram_read(bp, 0, data, 4)) != 0) goto test_nvram_done; +diff --git a/drivers/net/chelsio/sge.c b/drivers/net/chelsio/sge.c +index 8c658cf..8d365aa 100644 +--- a/drivers/net/chelsio/sge.c ++++ b/drivers/net/chelsio/sge.c +@@ -1045,6 +1045,8 @@ MODULE_PARM_DESC(copybreak, "Receive copy threshold"); + * be copied but there is no memory for the copy. + */ + static inline struct sk_buff *get_packet(struct pci_dev *pdev, ++ struct freelQ *fl, unsigned int len) __size_overflow(3); ++static inline struct sk_buff *get_packet(struct pci_dev *pdev, + struct freelQ *fl, unsigned int len) + { + struct sk_buff *skb; diff --git a/drivers/net/cxgb3/l2t.h b/drivers/net/cxgb3/l2t.h index fd3eb07..8a6978d 100644 --- a/drivers/net/cxgb3/l2t.h @@ -52256,6 +52449,19 @@ index fd3eb07..8a6978d 100644 #define L2T_SKB_CB(skb) ((struct l2t_skb_cb *)(skb)->cb) +diff --git a/drivers/net/cxgb3/sge.c b/drivers/net/cxgb3/sge.c +index 6366061..9bb668a 100644 +--- a/drivers/net/cxgb3/sge.c ++++ b/drivers/net/cxgb3/sge.c +@@ -775,6 +775,8 @@ static inline unsigned int flits_to_desc(unsigned int n) + * be copied but there is no memory for the copy. + */ + static struct sk_buff *get_packet(struct adapter *adap, struct sge_fl *fl, ++ unsigned int len, unsigned int drop_thres) __size_overflow(3); ++static struct sk_buff *get_packet(struct adapter *adap, struct sge_fl *fl, + unsigned int len, unsigned int drop_thres) + { + struct sk_buff *skb = NULL; diff --git a/drivers/net/cxgb3/t3_hw.c b/drivers/net/cxgb3/t3_hw.c index 032cfe0..411af379 100644 --- a/drivers/net/cxgb3/t3_hw.c @@ -64990,7 +65196,7 @@ index 0133b5a..3710d09 100644 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); #ifdef __alpha__ diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index a64fde6..aea5248 100644 +index a64fde6..b3f1464 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -31,6 +31,7 @@ @@ -65633,7 +65839,7 @@ index a64fde6..aea5248 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -877,11 +1339,37 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -877,11 +1339,36 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -65651,13 +65857,12 @@ index a64fde6..aea5248 100644 + if (current->mm->pax_flags & MF_PAX_RANDMMAP) { + unsigned long start, size; + -+ current->mm->end_data = end_data = elf_brk; + start = ELF_PAGEALIGN(elf_brk); + size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4); -+ current->mm->start_brk = start + size; + down_write(¤t->mm->mmap_sem); + retval = -ENOMEM; + if (!find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) { ++ current->mm->brk_gap = PAGE_ALIGN(size) >> PAGE_SHIFT; + start = do_mmap(NULL, start, size, PROT_NONE, MAP_ANONYMOUS | MAP_FIXED | MAP_PRIVATE, 0); + retval = IS_ERR_VALUE(start) ? start : 0; + } @@ -65674,7 +65879,7 @@ index a64fde6..aea5248 100644 if (elf_interpreter) { unsigned long uninitialized_var(interp_map_addr); -@@ -1112,8 +1600,10 @@ static int dump_seek(struct file *file, loff_t off) +@@ -1112,8 +1599,10 @@ static int dump_seek(struct file *file, loff_t off) unsigned long n = off; if (n > PAGE_SIZE) n = PAGE_SIZE; @@ -65686,7 +65891,7 @@ index a64fde6..aea5248 100644 off -= n; } free_page((unsigned long)buf); -@@ -1125,7 +1615,7 @@ static int dump_seek(struct file *file, loff_t off) +@@ -1125,7 +1614,7 @@ static int dump_seek(struct file *file, loff_t off) * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -65695,7 +65900,7 @@ index a64fde6..aea5248 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1159,7 +1649,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1159,7 +1648,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -65704,7 +65909,7 @@ index a64fde6..aea5248 100644 goto whole; /* -@@ -1255,8 +1745,11 @@ static int writenote(struct memelfnote *men, struct file *file, +@@ -1255,8 +1744,11 @@ static int writenote(struct memelfnote *men, struct file *file, #undef DUMP_WRITE #define DUMP_WRITE(addr, nr) \ @@ -65717,7 +65922,7 @@ index a64fde6..aea5248 100644 static void fill_elf_header(struct elfhdr *elf, int segs, u16 machine, u32 flags, u8 osabi) -@@ -1385,9 +1878,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1385,9 +1877,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -65729,7 +65934,7 @@ index a64fde6..aea5248 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1973,7 +2466,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un +@@ -1973,7 +2465,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -65738,7 +65943,7 @@ index a64fde6..aea5248 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2006,7 +2499,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un +@@ -2006,7 +2498,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un unsigned long addr; unsigned long end; @@ -65747,7 +65952,7 @@ index a64fde6..aea5248 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2015,6 +2508,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un +@@ -2015,6 +2507,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -65755,7 +65960,7 @@ index a64fde6..aea5248 100644 stop = ((size += PAGE_SIZE) > limit) || !dump_write(file, kaddr, PAGE_SIZE); kunmap(page); -@@ -2042,6 +2536,97 @@ out: +@@ -2042,6 +2535,97 @@ out: #endif /* USE_ELF_CORE_DUMP */ @@ -67012,6 +67217,19 @@ index 8e48b52..f01ed91 100644 if (next->s_dentry) ino = next->s_dentry->d_inode->i_ino; else +diff --git a/fs/configfs/file.c b/fs/configfs/file.c +index 2b6cb23..d76e879 100644 +--- a/fs/configfs/file.c ++++ b/fs/configfs/file.c +@@ -135,6 +135,8 @@ out: + */ + + static int ++fill_write_buffer(struct configfs_buffer * buffer, const char __user * buf, size_t count) __size_overflow(3); ++static int + fill_write_buffer(struct configfs_buffer * buffer, const char __user * buf, size_t count) + { + int error; diff --git a/fs/dcache.c b/fs/dcache.c index 44c0aea..a663f95 100644 --- a/fs/dcache.c @@ -73458,7 +73676,7 @@ index e020183..18d64b4 100644 sd = sysfs_new_dirent(name, mode, SYSFS_DIR); if (!sd) diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c -index 7118a38..70af853 100644 +index 7118a38..be0691e 100644 --- a/fs/sysfs/file.c +++ b/fs/sysfs/file.c @@ -44,7 +44,7 @@ static DEFINE_SPINLOCK(sysfs_open_dirent_lock); @@ -73497,7 +73715,16 @@ index 7118a38..70af853 100644 count = ops->show(kobj, attr_sd->s_attr.attr, buffer->page); sysfs_put_active_two(attr_sd); -@@ -199,7 +199,7 @@ flush_write_buffer(struct dentry * dentry, struct sysfs_buffer * buffer, size_t +@@ -163,6 +163,8 @@ out: + */ + + static int ++fill_write_buffer(struct sysfs_buffer * buffer, const char __user * buf, size_t count) __size_overflow(3); ++static int + fill_write_buffer(struct sysfs_buffer * buffer, const char __user * buf, size_t count) + { + int error; +@@ -199,7 +201,7 @@ flush_write_buffer(struct dentry * dentry, struct sysfs_buffer * buffer, size_t { struct sysfs_dirent *attr_sd = dentry->d_fsdata; struct kobject *kobj = attr_sd->s_parent->s_dir.kobj; @@ -73506,7 +73733,7 @@ index 7118a38..70af853 100644 int rc; /* need attr_sd for attr and ops, its parent for kobj */ -@@ -294,7 +294,7 @@ static int sysfs_get_open_dirent(struct sysfs_dirent *sd, +@@ -294,7 +296,7 @@ static int sysfs_get_open_dirent(struct sysfs_dirent *sd, return -ENOMEM; atomic_set(&new_od->refcnt, 0); @@ -73515,7 +73742,7 @@ index 7118a38..70af853 100644 init_waitqueue_head(&new_od->poll); INIT_LIST_HEAD(&new_od->buffers); goto retry; -@@ -335,7 +335,7 @@ static int sysfs_open_file(struct inode *inode, struct file *file) +@@ -335,7 +337,7 @@ static int sysfs_open_file(struct inode *inode, struct file *file) struct sysfs_dirent *attr_sd = file->f_path.dentry->d_fsdata; struct kobject *kobj = attr_sd->s_parent->s_dir.kobj; struct sysfs_buffer *buffer; @@ -73524,7 +73751,7 @@ index 7118a38..70af853 100644 int error = -EACCES; char *p; -@@ -444,7 +444,7 @@ static unsigned int sysfs_poll(struct file *filp, poll_table *wait) +@@ -444,7 +446,7 @@ static unsigned int sysfs_poll(struct file *filp, poll_table *wait) sysfs_put_active_two(attr_sd); @@ -73533,7 +73760,7 @@ index 7118a38..70af853 100644 goto trigger; return DEFAULT_POLLMASK; -@@ -463,7 +463,7 @@ void sysfs_notify_dirent(struct sysfs_dirent *sd) +@@ -463,7 +465,7 @@ void sysfs_notify_dirent(struct sysfs_dirent *sd) od = sd->s_attr.open; if (od) { @@ -74958,10 +75185,10 @@ index 0000000..1b9afa9 +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..d881a39 +index 0000000..67b34b9 --- /dev/null +++ b/grsecurity/gracl.c -@@ -0,0 +1,4156 @@ +@@ -0,0 +1,4169 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -77503,19 +77730,32 @@ index 0000000..d881a39 + + newacl = chk_subj_label(dentry, mnt, task->role); + -+ task_lock(task); ++ /* special handling for if we did an strace -f -p <pid> from an admin role, where pid then ++ did an exec ++ */ ++ rcu_read_lock(); ++ read_lock(&tasklist_lock); ++ if (task->ptrace && task->parent && ((task->parent->role->roletype & GR_ROLE_GOD) || ++ (task->parent->acl->mode & GR_POVERRIDE))) { ++ read_unlock(&tasklist_lock); ++ rcu_read_unlock(); ++ goto skip_check; ++ } ++ read_unlock(&tasklist_lock); ++ rcu_read_unlock(); ++ + if (unsafe_flags && !(task->acl->mode & GR_POVERRIDE) && (task->acl != newacl) && + !(task->role->roletype & GR_ROLE_GOD) && + !gr_search_file(dentry, GR_PTRACERD, mnt) && + !(task->acl->mode & (GR_LEARN | GR_INHERITLEARN))) { -+ task_unlock(task); + if (unsafe_flags & LSM_UNSAFE_SHARE) + gr_log_fs_generic(GR_DONT_AUDIT, GR_UNSAFESHARE_EXEC_ACL_MSG, dentry, mnt); + else + gr_log_fs_generic(GR_DONT_AUDIT, GR_PTRACE_EXEC_ACL_MSG, dentry, mnt); + return -EACCES; + } -+ task_unlock(task); ++ ++skip_check: + + obj = chk_obj_label(dentry, mnt, task->acl); + retmode = obj->mode & (GR_INHERIT | GR_AUDIT_INHERIT); @@ -79779,10 +80019,10 @@ index 0000000..8c4595a +} diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c new file mode 100644 -index 0000000..cd07b96 +index 0000000..dd925aa --- /dev/null +++ b/grsecurity/gracl_ip.c -@@ -0,0 +1,382 @@ +@@ -0,0 +1,385 @@ +#include <linux/kernel.h> +#include <asm/uaccess.h> +#include <asm/errno.h> @@ -80105,6 +80345,9 @@ index 0000000..cd07b96 +int +gr_search_connect(struct socket *sock, struct sockaddr_in *addr) +{ ++ /* always allow disconnection of dgram sockets with connect */ ++ if (addr->sin_family == AF_UNSPEC) ++ return 0; + return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sock->sk, addr, sock->type); +} + @@ -86966,7 +87209,7 @@ index 58ae8e0..3950d3c 100644 static inline struct kset *to_kset(struct kobject *kobj) diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h -index c728a50..762821f 100644 +index c728a50..a7e516a 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -210,7 +210,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu); @@ -86978,6 +87221,15 @@ index c728a50..762821f 100644 struct module *module); void kvm_exit(void); +@@ -258,7 +258,7 @@ void kvm_get_pfn(pfn_t pfn); + int kvm_read_guest_page(struct kvm *kvm, gfn_t gfn, void *data, int offset, + int len); + int kvm_read_guest_atomic(struct kvm *kvm, gpa_t gpa, void *data, +- unsigned long len); ++ unsigned long len) __size_overflow(4); + int kvm_read_guest(struct kvm *kvm, gpa_t gpa, void *data, unsigned long len); + int kvm_write_guest_page(struct kvm *kvm, gfn_t gfn, const void *data, + int offset, int len); @@ -316,7 +316,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg); int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run); @@ -87190,7 +87442,7 @@ index 11e5be6..1ff2423 100644 #endif /* __KERNEL__ */ #endif /* _LINUX_MM_H */ diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h -index 9d12ed5..6d9707a 100644 +index 9d12ed5..c5e5ab6 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h @@ -186,6 +186,8 @@ struct vm_area_struct { @@ -87202,12 +87454,21 @@ index 9d12ed5..6d9707a 100644 }; struct core_thread { +@@ -235,7 +237,7 @@ struct mm_struct { + unsigned long total_vm, locked_vm, shared_vm, exec_vm; + unsigned long stack_vm, reserved_vm, def_flags, nr_ptes; + unsigned long start_code, end_code, start_data, end_data; +- unsigned long start_brk, brk, start_stack; ++ unsigned long brk_gap, start_brk, brk, start_stack; + unsigned long arg_start, arg_end, env_start, env_end; + + unsigned long saved_auxv[AT_VECTOR_SIZE]; /* for /proc/PID/auxv */ @@ -287,6 +289,24 @@ struct mm_struct { #ifdef CONFIG_MMU_NOTIFIER struct mmu_notifier_mm *mmu_notifier_mm; #endif + -+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) ++#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_XATTR_PAX_FLAGS) || defined(CONFIG_PAX_HAVE_ACL_FLAGS) || defined(CONFIG_PAX_HOOK_ACL_FLAGS) + unsigned long pax_flags; +#endif + @@ -89821,7 +90082,7 @@ index bb008d0..4fa3933 100644 + sys_chroot((__force char __user *)"."); } diff --git a/init/do_mounts.h b/init/do_mounts.h -index f5b978a..69dbfe8 100644 +index f5b978a..a34abde 100644 --- a/init/do_mounts.h +++ b/init/do_mounts.h @@ -15,15 +15,15 @@ extern int root_mountflags; @@ -89848,7 +90109,7 @@ index f5b978a..69dbfe8 100644 { struct stat stat; - if (sys_newstat(name, &stat) != 0) -+ if (sys_newstat((const char __force_user *)name, (struct stat __force_user *)&stat) != 0) ++ if (sys_newstat((char __force_user *)name, (struct stat __force_user *)&stat) != 0) return 0; if (!S_ISBLK(stat.st_mode)) return 0; @@ -91850,6 +92111,19 @@ index 176d825..77fa8ea 100644 head = &kprobe_table[i]; preempt_disable(); +diff --git a/kernel/ksysfs.c b/kernel/ksysfs.c +index 9cd2b1c..ab201ef 100644 +--- a/kernel/ksysfs.c ++++ b/kernel/ksysfs.c +@@ -45,6 +45,8 @@ static ssize_t uevent_helper_store(struct kobject *kobj, + { + if (count+1 > UEVENT_HELPER_PATH_LEN) + return -ENOENT; ++ if (!capable(CAP_SYS_ADMIN)) ++ return -EPERM; + memcpy(uevent_helper, buf, count); + uevent_helper[count] = '\0'; + if (count && uevent_helper[count-1] == '\n') diff --git a/kernel/lockdep.c b/kernel/lockdep.c index d86fe89..d12fc66 100644 --- a/kernel/lockdep.c @@ -96873,7 +97147,7 @@ index 2d846cf..98134d2 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index 4b80cbf..073ac3e 100644 +index 4b80cbf..f1145be 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -45,6 +45,16 @@ @@ -98129,17 +98403,15 @@ index 4b80cbf..073ac3e 100644 /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2236,8 +2690,14 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) - unsigned long cur = mm->total_vm; /* pages */ - unsigned long lim; +@@ -2238,6 +2692,12 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) + + lim = current->signal->rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT; +#ifdef CONFIG_PAX_RANDMMAP -+ if ((mm->pax_flags & MF_PAX_RANDMMAP) && mm->end_data) -+ cur -= (mm->start_brk - mm->end_data) >> PAGE_SHIFT; ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ cur -= mm->brk_gap; +#endif + - lim = current->signal->rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT; - + gr_learn_resource(current, RLIMIT_AS, (cur + npages) << PAGE_SHIFT, 1); if (cur + npages > lim) return 0; @@ -99973,6 +100245,18 @@ index 820643a..ce77fb3 100644 .show = brport_show, .store = brport_store, }; +diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c +index ce50688..a55f037 100644 +--- a/net/bridge/netfilter/ebt_ulog.c ++++ b/net/bridge/netfilter/ebt_ulog.c +@@ -98,6 +98,7 @@ static void ulog_timer(unsigned long data) + spin_unlock_bh(&ulog_buffers[data].lock); + } + ++static struct sk_buff *ulog_alloc_skb(unsigned int size) __size_overflow(1); + static struct sk_buff *ulog_alloc_skb(unsigned int size) + { + struct sk_buff *skb; diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index d73d47f..72df42a 100644 --- a/net/bridge/netfilter/ebtables.c @@ -100294,7 +100578,7 @@ index 45329d7..626aaa6 100644 } #endif diff --git a/net/core/skbuff.c b/net/core/skbuff.c -index 025f924..70a71c4 100644 +index 025f924..a014894 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -1544,6 +1544,8 @@ int skb_splice_bits(struct sk_buff *skb, unsigned int offset, @@ -100306,6 +100590,24 @@ index 025f924..70a71c4 100644 /* * __skb_splice_bits() only fails if the output has no room left, * so no point in going over the frag_list for the error case. +@@ -2989,6 +2991,8 @@ static void sock_rmem_free(struct sk_buff *skb) + */ + int sock_queue_err_skb(struct sock *sk, struct sk_buff *skb) + { ++ int len = skb->len; ++ + if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >= + (unsigned)sk->sk_rcvbuf) + return -ENOMEM; +@@ -3000,7 +3004,7 @@ int sock_queue_err_skb(struct sock *sk, struct sk_buff *skb) + + skb_queue_tail(&sk->sk_error_queue, skb); + if (!sock_flag(sk, SOCK_DEAD)) +- sk->sk_data_ready(sk, skb->len); ++ sk->sk_data_ready(sk, len); + return 0; + } + EXPORT_SYMBOL(sock_queue_err_skb); diff --git a/net/core/sock.c b/net/core/sock.c index 6605e75..3acebda 100644 --- a/net/core/sock.c @@ -100636,10 +100938,21 @@ index c156db2..e772975 100644 skblen = skb->len; diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c -index 0606db1..918b88a 100644 +index 0606db1..6a15e53 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c -@@ -1141,6 +1141,7 @@ static int get_info(struct net *net, void __user *user, int *len, int compat) +@@ -963,6 +963,10 @@ static struct xt_counters * alloc_counters(struct xt_table *table) + static int + copy_entries_to_user(unsigned int total_size, + struct xt_table *table, ++ void __user *userptr) __size_overflow(1); ++static int ++copy_entries_to_user(unsigned int total_size, ++ struct xt_table *table, + void __user *userptr) + { + unsigned int off, num; +@@ -1141,6 +1145,7 @@ static int get_info(struct net *net, void __user *user, int *len, int compat) private = &tmp; } #endif @@ -100647,7 +100960,7 @@ index 0606db1..918b88a 100644 info.valid_hooks = t->valid_hooks; memcpy(info.hook_entry, private->hook_entry, sizeof(info.hook_entry)); -@@ -1208,6 +1209,10 @@ get_entries(struct net *net, struct ipt_get_entries __user *uptr, int *len) +@@ -1208,6 +1213,10 @@ get_entries(struct net *net, struct ipt_get_entries __user *uptr, int *len) static int __do_replace(struct net *net, const char *name, unsigned int valid_hooks, struct xt_table_info *newinfo, unsigned int num_counters, @@ -100658,7 +100971,7 @@ index 0606db1..918b88a 100644 void __user *counters_ptr) { int ret; -@@ -1339,6 +1344,8 @@ add_counter_to_entry(struct ipt_entry *e, +@@ -1339,6 +1348,8 @@ add_counter_to_entry(struct ipt_entry *e, } static int @@ -100667,6 +100980,18 @@ index 0606db1..918b88a 100644 do_add_counters(struct net *net, void __user *user, unsigned int len, int compat) { unsigned int i, curcpu; +diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c +index d32cc4b..353cbd2 100644 +--- a/net/ipv4/netfilter/ipt_ULOG.c ++++ b/net/ipv4/netfilter/ipt_ULOG.c +@@ -126,6 +126,7 @@ static void ulog_timer(unsigned long data) + spin_unlock_bh(&ulog_lock); + } + ++static struct sk_buff *ulog_alloc_skb(unsigned int size) __size_overflow(1); + static struct sk_buff *ulog_alloc_skb(unsigned int size) + { + struct sk_buff *skb; diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c index d9521f6..127fa44 100644 --- a/net/ipv4/netfilter/nf_nat_snmp_basic.c @@ -101191,10 +101516,21 @@ index 1cf3f0c..1d4376f 100644 skblen = skb->len; diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c -index 78b5a36..2b9bb06 100644 +index 78b5a36..5615b58 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c -@@ -1173,6 +1173,7 @@ static int get_info(struct net *net, void __user *user, int *len, int compat) +@@ -995,6 +995,10 @@ static struct xt_counters *alloc_counters(struct xt_table *table) + static int + copy_entries_to_user(unsigned int total_size, + struct xt_table *table, ++ void __user *userptr) __size_overflow(1); ++static int ++copy_entries_to_user(unsigned int total_size, ++ struct xt_table *table, + void __user *userptr) + { + unsigned int off, num; +@@ -1173,6 +1177,7 @@ static int get_info(struct net *net, void __user *user, int *len, int compat) private = &tmp; } #endif @@ -101202,7 +101538,7 @@ index 78b5a36..2b9bb06 100644 info.valid_hooks = t->valid_hooks; memcpy(info.hook_entry, private->hook_entry, sizeof(info.hook_entry)); -@@ -1240,6 +1241,10 @@ get_entries(struct net *net, struct ip6t_get_entries __user *uptr, int *len) +@@ -1240,6 +1245,10 @@ get_entries(struct net *net, struct ip6t_get_entries __user *uptr, int *len) static int __do_replace(struct net *net, const char *name, unsigned int valid_hooks, struct xt_table_info *newinfo, unsigned int num_counters, @@ -101213,7 +101549,7 @@ index 78b5a36..2b9bb06 100644 void __user *counters_ptr) { int ret; -@@ -1373,6 +1378,9 @@ add_counter_to_entry(struct ip6t_entry *e, +@@ -1373,6 +1382,9 @@ add_counter_to_entry(struct ip6t_entry *e, static int do_add_counters(struct net *net, void __user *user, unsigned int len, @@ -103756,9 +104092,18 @@ index 62a9025..65b82ad 100644 sprintf(alias, "dmi*"); diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c -index 03efeab..0888989 100644 +index 03efeab..f65608f 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c +@@ -764,7 +764,7 @@ static void check_section(const char *modname, struct elf_info *elf, + + #define ALL_INIT_DATA_SECTIONS \ + ".init.setup$", ".init.rodata$", \ +- ".devinit.rodata$", ".cpuinit.rodata$", ".meminit.rodata$" \ ++ ".devinit.rodata$", ".cpuinit.rodata$", ".meminit.rodata$", \ + ".init.data$", ".devinit.data$", ".cpuinit.data$", ".meminit.data$" + #define ALL_EXIT_DATA_SECTIONS \ + ".exit.data$", ".devexit.data$", ".cpuexit.data$", ".memexit.data$" @@ -835,6 +835,7 @@ enum mismatch { INIT_TO_EXIT, EXIT_TO_INIT, @@ -103915,7 +104260,7 @@ index 5c11312..72742b5 100644 write_hex_cnt = 0; for (i = 0; i < logo_clutsize; i++) { diff --git a/scripts/tags.sh b/scripts/tags.sh -index d52f7a0..269eb1b 100755 +index d52f7a0..b66cdd9 100755 --- a/scripts/tags.sh +++ b/scripts/tags.sh @@ -93,6 +93,11 @@ docscope() @@ -103924,7 +104269,7 @@ index d52f7a0..269eb1b 100755 +dogtags() +{ -+ all_sources | gtags -f - ++ all_sources | gtags -i -f - +} + exuberant() @@ -105213,6 +105558,18 @@ index 60158e2..0a0cc1a 100644 int mode[PORTMAN_NUM_INPUT_PORTS]; struct snd_rawmidi_substream *midi_input[PORTMAN_NUM_INPUT_PORTS]; }; +diff --git a/sound/drivers/vx/vx_pcm.c b/sound/drivers/vx/vx_pcm.c +index 6644d00..fc3c531 100644 +--- a/sound/drivers/vx/vx_pcm.c ++++ b/sound/drivers/vx/vx_pcm.c +@@ -72,6 +72,7 @@ static struct page *snd_pcm_get_vmalloc_page(struct snd_pcm_substream *subs, + * called from hw_params + * NOTE: this may be called not only once per pcm open! + */ ++static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, size_t size) __size_overflow(2); + static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, size_t size) + { + struct snd_pcm_runtime *runtime = subs->runtime; diff --git a/sound/isa/cmi8330.c b/sound/isa/cmi8330.c index 02f79d2..8691d43 100644 --- a/sound/isa/cmi8330.c @@ -105785,6 +106142,18 @@ index 5518371..45cf7ac 100644 chip->card = card; chip->pci = pci; chip->irq = -1; +diff --git a/sound/pcmcia/pdaudiocf/pdaudiocf_pcm.c b/sound/pcmcia/pdaudiocf/pdaudiocf_pcm.c +index 5cfa608..7a067dd 100644 +--- a/sound/pcmcia/pdaudiocf/pdaudiocf_pcm.c ++++ b/sound/pcmcia/pdaudiocf/pdaudiocf_pcm.c +@@ -43,6 +43,7 @@ static struct page *snd_pcm_get_vmalloc_page(struct snd_pcm_substream *subs, uns + * hw_params callback + * NOTE: this may be called not only once per pcm open! + */ ++static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, size_t size) __size_overflow(2); + static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, size_t size) + { + struct snd_pcm_runtime *runtime = subs->runtime; diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c index 0a1b2f6..776bb19 100644 --- a/sound/soc/soc-core.c @@ -105799,10 +106168,18 @@ index 0a1b2f6..776bb19 100644 .close = soc_codec_close, .hw_params = soc_pcm_hw_params, diff --git a/sound/usb/usbaudio.c b/sound/usb/usbaudio.c -index 79633ea..9732e90 100644 +index 79633ea..68e7197 100644 --- a/sound/usb/usbaudio.c +++ b/sound/usb/usbaudio.c -@@ -963,12 +963,12 @@ static int snd_usb_pcm_playback_trigger(struct snd_pcm_substream *substream, +@@ -744,6 +744,7 @@ static struct page *snd_pcm_get_vmalloc_page(struct snd_pcm_substream *subs, + } + + /* allocate virtual buffer; may be called more than once */ ++static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, size_t size) __size_overflow(2); + static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, size_t size) + { + struct snd_pcm_runtime *runtime = subs->runtime; +@@ -963,12 +964,12 @@ static int snd_usb_pcm_playback_trigger(struct snd_pcm_substream *substream, switch (cmd) { case SNDRV_PCM_TRIGGER_START: case SNDRV_PCM_TRIGGER_PAUSE_RELEASE: @@ -105817,7 +106194,7 @@ index 79633ea..9732e90 100644 return 0; default: return -EINVAL; -@@ -985,15 +985,15 @@ static int snd_usb_pcm_capture_trigger(struct snd_pcm_substream *substream, +@@ -985,15 +986,15 @@ static int snd_usb_pcm_capture_trigger(struct snd_pcm_substream *substream, switch (cmd) { case SNDRV_PCM_TRIGGER_START: @@ -105836,7 +106213,7 @@ index 79633ea..9732e90 100644 return 0; default: return -EINVAL; -@@ -1542,7 +1542,7 @@ static int snd_usb_pcm_prepare(struct snd_pcm_substream *substream) +@@ -1542,7 +1543,7 @@ static int snd_usb_pcm_prepare(struct snd_pcm_substream *substream) /* for playback, submit the URBs now; otherwise, the first hwptr_done * updates for all URBs would happen at the same time when starting */ if (subs->direction == SNDRV_PCM_STREAM_PLAYBACK) { @@ -105845,7 +106222,7 @@ index 79633ea..9732e90 100644 return start_urbs(subs, runtime); } else return 0; -@@ -2228,14 +2228,14 @@ static void init_substream(struct snd_usb_stream *as, int stream, struct audiofo +@@ -2228,14 +2229,14 @@ static void init_substream(struct snd_usb_stream *as, int stream, struct audiofo subs->direction = stream; subs->dev = as->chip->dev; if (snd_usb_get_speed(subs->dev) == USB_SPEED_FULL) { @@ -106709,7 +107086,7 @@ index 0000000..a5eabce +} diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c new file mode 100644 -index 0000000..008f159 +index 0000000..d8a8da2 --- /dev/null +++ b/tools/gcc/kernexec_plugin.c @@ -0,0 +1,427 @@ @@ -106919,7 +107296,7 @@ index 0000000..008f159 + update_stmt(assign_intptr); + + // cast temporary unsigned long back to a temporary fptr variable -+ new_fptr = create_tmp_var(TREE_TYPE(old_fptr), "kernexec"); ++ new_fptr = create_tmp_var(TREE_TYPE(old_fptr), "kernexec_fptr"); + add_referenced_var(new_fptr); + mark_sym_for_renaming(new_fptr); + assign_new_fptr = gimple_build_assign(new_fptr, fold_convert(TREE_TYPE(old_fptr), intptr)); @@ -107142,137 +107519,281 @@ index 0000000..008f159 +} diff --git a/tools/gcc/size_overflow_hash1.h b/tools/gcc/size_overflow_hash1.h new file mode 100644 -index 0000000..5b08f5c +index 0000000..c0257c1 --- /dev/null +++ b/tools/gcc/size_overflow_hash1.h -@@ -0,0 +1,1055 @@ +@@ -0,0 +1,2413 @@ +struct size_overflow_hash size_overflow_hash1[65536] = { ++ [10013].file = "security/smack/smackfs.c", ++ [10013].name = "smk_write_direct", ++ [10013].param3 = 1, ++ [10158].file = "drivers/net/wireless/ray_cs.c", ++ [10158].name = "write_int", ++ [10158].param3 = 1, + [10167].file = "sound/core/oss/pcm_plugin.c", + [10167].name = "snd_pcm_plugin_build", + [10167].param5 = 1, + [1022].file = "sound/pci/rme9652/rme9652.c", + [1022].name = "snd_rme9652_playback_copy", + [1022].param5 = 1, ++ [10321].file = "drivers/platform/x86/thinkpad_acpi.c", ++ [10321].name = "create_attr_set", ++ [10321].param1 = 1, + [10341].file = "fs/nfsd/nfs4xdr.c", + [10341].name = "read_buf", + [10341].param2 = 1, -+ [10496].file = "drivers/bluetooth/hci_vhci.c", -+ [10496].name = "vhci_read", -+ [10496].param3 = 1, ++ [10357].file = "net/sunrpc/cache.c", ++ [10357].name = "cache_read", ++ [10357].param3 = 1, ++ [10399].file = "kernel/trace/trace.c", ++ [10399].name = "trace_seq_to_user", ++ [10399].param3 = 1, ++ [10414].file = "drivers/char/vt.c", ++ [10414].name = "vc_do_resize", ++ [10414].param3 = 1, ++ [10414].param4 = 1, + [10623].file = "drivers/infiniband/core/user_mad.c", + [10623].name = "ib_umad_write", + [10623].param3 = 1, + [10674].file = "drivers/mtd/mtdchar.c", + [10674].name = "mtd_do_writeoob", + [10674].param4 = 1, ++ [1073].file = "drivers/block/aoe/aoecmd.c", ++ [1073].name = "addtgt", ++ [1073].param3 = 1, ++ [10750].file = "drivers/net/wireless/iwmc3200wifi/rx.c", ++ [10750].name = "iwm_ntf_calib_res", ++ [10750].param3 = 1, + [10773].file = "drivers/input/mousedev.c", + [10773].name = "mousedev_read", + [10773].param3 = 1, + [10776].file = "drivers/media/video/gspca/t613.c", + [10776].name = "reg_w_buf", + [10776].param3 = 1, ++ [10777].file = "fs/ntfs/file.c", ++ [10777].name = "ntfs_file_buffered_write", ++ [10777].param6 = 1, ++ [10893].file = "drivers/misc/sgi-gru/gruprocfs.c", ++ [10893].name = "options_write", ++ [10893].param3 = 1, + [10919].file = "net/ipv4/netfilter/arp_tables.c", + [10919].name = "do_arpt_set_ctl", + [10919].param4 = 1, -+ [11054].file = "drivers/net/wireless/libertas/debugfs.c", -+ [11054].name = "lbs_wrmac_write", -+ [11054].param3 = 1, -+ [11068].file = "drivers/net/wireless/libertas/debugfs.c", -+ [11068].name = "lbs_wrrf_write", -+ [11068].param3 = 1, ++ [11230].file = "net/core/neighbour.c", ++ [11230].name = "neigh_hash_grow", ++ [11230].param2 = 1, + [11385].file = "net/tipc/socket.c", + [11385].name = "recv_msg", + [11385].param4 = 1, -+ [11402].file = "drivers/net/wireless/libertas/debugfs.c", -+ [11402].name = "lbs_threshold_write", -+ [11402].param5 = 1, -+ [11494].file = "drivers/video/via/viafbdev.c", -+ [11494].name = "viafb_dvp1_proc_write", -+ [11494].param3 = 1, ++ [114].file = "security/selinux/selinuxfs.c", ++ [114].name = "sel_write_relabel", ++ [114].param3 = 1, ++ [11568].file = "drivers/gpu/drm/drm_scatter.c", ++ [11568].name = "drm_vmalloc_dma", ++ [11568].param1 = 1, ++ [11582].file = "drivers/scsi/lpfc/lpfc_sli.c", ++ [11582].name = "lpfc_sli4_queue_alloc", ++ [11582].param3 = 1, ++ [11616].file = "security/selinux/selinuxfs.c", ++ [11616].name = "sel_write_enforce", ++ [11616].param3 = 1, + [11699].file = "drivers/net/vxge/vxge-config.h", + [11699].name = "vxge_os_dma_malloc", + [11699].param2 = 1, ++ [11766].file = "drivers/block/paride/pt.c", ++ [11766].name = "pt_read", ++ [11766].param3 = 1, ++ [11919].file = "drivers/lguest/core.c", ++ [11919].name = "__lgread", ++ [11919].param4 = 1, ++ [11924].file = "drivers/media/video/usbvideo/usbvideo.c", ++ [11924].name = "usbvideo_v4l_read", ++ [11924].param3 = 1, ++ [11925].file = "kernel/trace/trace.c", ++ [11925].name = "trace_options_write", ++ [11925].param3 = 1, ++ [11943].file = "drivers/mtd/mtdchar.c", ++ [11943].name = "mtd_read", ++ [11943].param3 = 1, ++ [11985].file = "drivers/block/floppy.c", ++ [11985].name = "fd_copyin", ++ [11985].param3 = 1, + [11986].file = "drivers/net/usb/asix.c", + [11986].name = "asix_read_cmd", + [11986].param5 = 1, ++ [12018].file = "sound/core/oss/pcm_oss.c", ++ [12018].name = "snd_pcm_oss_read1", ++ [12018].param3 = 1, ++ [12059].file = "drivers/net/wireless/libertas/debugfs.c", ++ [12059].name = "lbs_debugfs_write", ++ [12059].param3 = 1, + [12205].file = "fs/reiserfs/journal.c", + [12205].name = "reiserfs_allocate_list_bitmaps", + [12205].param3 = 1, -+ [1248].file = "kernel/kprobes.c", -+ [1248].name = "write_enabled_file_bool", -+ [1248].param3 = 1, -+ [12591].file = "sound/core/pcm_lib.c", -+ [12591].name = "snd_pcm_lib_writev_transfer", -+ [12591].param5 = 1, ++ [12234].file = "include/acpi/platform/aclinux.h", ++ [12234].name = "acpi_os_allocate", ++ [12234].param1 = 1, ++ [12602].file = "net/sunrpc/cache.c", ++ [12602].name = "cache_downcall", ++ [12602].param3 = 1, + [12755].file = "sound/drivers/opl4/opl4_proc.c", + [12755].name = "snd_opl4_mem_proc_read", + [12755].param5 = 1, ++ [12755].param6 = 1, + [12833].file = "net/sctp/auth.c", + [12833].name = "sctp_auth_create_key", + [12833].param1 = 1, ++ [12840].file = "net/sctp/tsnmap.c", ++ [12840].name = "sctp_tsnmap_mark", ++ [12840].param2 = 1, + [12954].file = "fs/proc/base.c", + [12954].name = "oom_adjust_write", + [12954].param3 = 1, ++ [13103].file = "drivers/acpi/acpica/utobject.c", ++ [13103].name = "acpi_ut_create_string_object", ++ [13103].param1 = 1, + [13121].file = "net/ipv4/ip_sockglue.c", + [13121].name = "do_ip_setsockopt", + [13121].param5 = 1, -+ [13863].file = "drivers/net/wireless/iwlwifi/iwl-agn-rs.c", -+ [13863].name = "rs_sta_dbgfs_scale_table_write", -+ [13863].param3 = 1, ++ [13155].file = "fs/nfs/read.c", ++ [13155].name = "nfs_pagein_one", ++ [13155].param3 = 1, ++ [1327].file = "net/netfilter/nfnetlink_log.c", ++ [1327].name = "nfulnl_alloc_skb", ++ [1327].param2 = 1, ++ [13337].file = "net/core/iovec.c", ++ [13337].name = "csum_partial_copy_fromiovecend", ++ [13337].param4 = 1, ++ [13339].file = "security/smack/smackfs.c", ++ [13339].name = "smk_write_netlbladdr", ++ [13339].param3 = 1, ++ [13435].file = "mm/maccess.c", ++ [13435].name = "probe_kernel_read", ++ [13435].param3 = 1, ++ [1346].file = "drivers/usb/serial/oti6858.c", ++ [1346].name = "oti6858_buf_alloc", ++ [1346].param1 = 1, ++ [13559].file = "drivers/media/video/ivtv/ivtv-fileops.c", ++ [13559].name = "ivtv_read", ++ [13559].param3 = 1, ++ [13659].file = "drivers/net/wan/hdlc.c", ++ [13659].name = "attach_hdlc_protocol", ++ [13659].param3 = 1, ++ [13868].file = "fs/lockd/mon.c", ++ [13868].name = "nsm_create_handle", ++ [13868].param4 = 1, + [13924].file = "net/ipv4/netfilter/ip_tables.c", + [13924].name = "do_ipt_set_ctl", + [13924].param4 = 1, ++ [13958].file = "drivers/platform/x86/asus_acpi.c", ++ [13958].name = "proc_write_bluetooth", ++ [13958].param3 = 1, + [14019].file = "fs/cifs/dns_resolve.c", + [14019].name = "dns_resolver_instantiate", + [14019].param3 = 1, + [14025].file = "net/ax25/af_ax25.c", + [14025].name = "ax25_setsockopt", + [14025].param5 = 1, -+ [14031].file = "drivers/net/wireless/ath/ath5k/debug.c", -+ [14031].name = "write_file_beacon", -+ [14031].param3 = 1, + [14090].file = "drivers/bluetooth/btmrvl_debugfs.c", + [14090].name = "btmrvl_hsmode_write", + [14090].param3 = 1, ++ [14125].file = "kernel/module.c", ++ [14125].name = "load_module", ++ [14125].param2 = 1, ++ [14149].file = "drivers/hid/hidraw.c", ++ [14149].name = "hidraw_ioctl", ++ [14149].param2 = 1, ++ [14162].file = "kernel/trace/trace.c", ++ [14162].name = "tracing_ctrl_write", ++ [14162].param3 = 1, + [14174].file = "sound/pci/es1938.c", + [14174].name = "snd_es1938_capture_copy", + [14174].param5 = 1, -+ [14299].file = "sound/core/oss/pcm_plugin.c", -+ [14299].name = "snd_pcm_plugin_alloc", -+ [14299].param2 = 1, + [14345].file = "fs/cachefiles/daemon.c", + [14345].name = "cachefiles_daemon_write", + [14345].param3 = 1, + [14347].file = "drivers/media/dvb/dvb-core/dvb_ca_en50221.c", + [14347].name = "dvb_ca_en50221_io_write", + [14347].param3 = 1, -+ [15071].file = "drivers/net/wireless/ipw2x00/libipw_module.c", -+ [15071].name = "store_debug_level", -+ [15071].param3 = 1, -+ [15112].file = "drivers/xen/evtchn.c", -+ [15112].name = "evtchn_write", -+ [15112].param3 = 1, ++ [14379].file = "drivers/acpi/video.c", ++ [14379].name = "acpi_video_device_write_brightness", ++ [14379].param3 = 1, ++ [14566].file = "drivers/pci/hotplug/ibmphp_ebda.c", ++ [14566].name = "alloc_ebda_hpc", ++ [14566].param1 = 1, ++ [14566].param2 = 1, ++ [14646].file = "fs/compat.c", ++ [14646].name = "compat_writev", ++ [14646].param3 = 1, ++ [14684].file = "drivers/media/video/stk-webcam.c", ++ [14684].name = "stk_allocate_buffers", ++ [14684].param2 = 1, ++ [1482].file = "drivers/scsi/scsi_netlink.c", ++ [1482].name = "scsi_nl_send_vendor_msg", ++ [1482].param5 = 1, ++ [15017].file = "drivers/edac/edac_device.c", ++ [15017].name = "edac_device_alloc_ctl_info", ++ [15017].param1 = 1, ++ [15044].file = "drivers/uio/uio.c", ++ [15044].name = "uio_write", ++ [15044].param3 = 1, ++ [15065].file = "drivers/acpi/debug.c", ++ [15065].name = "acpi_system_debug_proc_write", ++ [15065].param3 = 1, ++ [15130].file = "net/bluetooth/hci_core.c", ++ [15130].name = "hci_send_cmd", ++ [15130].param3 = 1, ++ [15135].file = "drivers/usb/serial/pl2303.c", ++ [15135].name = "pl2303_buf_alloc", ++ [15135].param1 = 1, ++ [15202].file = "net/bluetooth/rfcomm/tty.c", ++ [15202].name = "rfcomm_wmalloc", ++ [15202].param2 = 1, + [15274].file = "crypto/shash.c", + [15274].name = "crypto_shash_setkey", + [15274].param3 = 1, + [15319].file = "net/netfilter/xt_recent.c", + [15319].name = "recent_old_proc_write", + [15319].param3 = 1, -+ [15891].file = "drivers/media/video/videobuf-dma-sg.c", -+ [15891].name = "__videobuf_alloc", -+ [15891].param1 = 1, -+ [1603].file = "fs/debugfs/file.c", -+ [1603].name = "write_file_bool", -+ [1603].param3 = 1, ++ [15354].file = "drivers/isdn/mISDN/socket.c", ++ [15354].name = "mISDN_sock_sendmsg", ++ [15354].param4 = 1, ++ [15361].file = "drivers/char/agp/generic.c", ++ [15361].name = "agp_allocate_memory", ++ [15361].param2 = 1, ++ [15422].file = "drivers/usb/serial/io_ti.c", ++ [15422].name = "edge_buf_alloc", ++ [15422].param1 = 1, ++ [15551].file = "net/ipv4/netfilter/ipt_CLUSTERIP.c", ++ [15551].name = "clusterip_proc_write", ++ [15551].param3 = 1, ++ [15835].file = "drivers/usb/misc/vstusb.c", ++ [15835].name = "vstusb_write", ++ [15835].param3 = 1, ++ [15883].file = "security/keys/keyctl.c", ++ [15883].name = "sys_add_key", ++ [15883].param4 = 1, + [16073].file = "net/sctp/socket.c", + [16073].name = "sctp_setsockopt", + [16073].param5 = 1, ++ [16138].file = "security/selinux/ss/services.c", ++ [16138].name = "security_context_to_sid_force", ++ [16138].param2 = 1, + [16166].file = "drivers/platform/x86/thinkpad_acpi.c", + [16166].name = "dispatch_proc_write", + [16166].param3 = 1, -+ [16344].file = "lib/scatterlist.c", -+ [16344].name = "sg_kmalloc", -+ [16344].param1 = 1, ++ [16229].file = "drivers/scsi/scsi_transport_iscsi.c", ++ [16229].name = "iscsi_offload_mesg", ++ [16229].param5 = 1, ++ [16447].file = "drivers/hid/usbhid/hiddev.c", ++ [16447].name = "hiddev_ioctl", ++ [16447].param2 = 1, ++ [16453].file = "include/linux/slab.h", ++ [16453].name = "kzalloc", ++ [16453].param1 = 1, ++ [16535].file = "fs/proc/generic.c", ++ [16535].name = "proc_file_read", ++ [16535].param3 = 1, + [16605].file = "fs/ecryptfs/miscdev.c", + [16605].name = "ecryptfs_send_miscdev", + [16605].param2 = 1, @@ -107285,120 +107806,244 @@ index 0000000..5b08f5c + [16911].file = "drivers/media/dvb/ttpci/av7110_hw.c", + [16911].name = "LoadBitmap", + [16911].param2 = 1, -+ [17139].file = "fs/ubifs/xattr.c", -+ [17139].name = "ubifs_setxattr", -+ [17139].param4 = 1, ++ [16969].file = "kernel/trace/ftrace.c", ++ [16969].name = "ftrace_profile_write", ++ [16969].param3 = 1, ++ [169].file = "drivers/net/pcnet32.c", ++ [169].name = "pcnet32_realloc_rx_ring", ++ [169].param3 = 1, ++ [17075].file = "sound/isa/gus/gus_dram.c", ++ [17075].name = "snd_gus_dram_write", ++ [17075].param4 = 1, ++ [17133].file = "drivers/usb/misc/iowarrior.c", ++ [17133].name = "iowarrior_read", ++ [17133].param3 = 1, + [17170].file = "drivers/media/video/zc0301/zc0301_core.c", + [17170].name = "zc0301_read", + [17170].param3 = 1, ++ [17185].file = "net/wireless/scan.c", ++ [17185].name = "cfg80211_inform_bss", ++ [17185].param8 = 1, + [17224].file = "drivers/media/video/w9968cf.c", + [17224].name = "w9968cf_read", + [17224].param3 = 1, + [17377].file = "drivers/usb/class/cdc-wdm.c", + [17377].name = "wdm_write", + [17377].param3 = 1, ++ [17459].file = "drivers/usb/misc/rio500.c", ++ [17459].name = "write_rio", ++ [17459].param3 = 1, + [17460].file = "fs/nfsd/nfscache.c", + [17460].name = "nfsd_cache_update", + [17460].param3 = 1, + [17492].file = "net/dccp/proto.c", + [17492].name = "do_dccp_setsockopt", + [17492].param5 = 1, ++ [1754].file = "sound/core/oss/pcm_oss.c", ++ [1754].name = "snd_pcm_oss_write", ++ [1754].param3 = 1, ++ [17604].file = "fs/proc/generic.c", ++ [17604].name = "__proc_file_read", ++ [17604].param3 = 1, + [17828].file = "kernel/sched.c", + [17828].name = "sched_feat_write", + [17828].param3 = 1, ++ [17841].file = "drivers/misc/tifm_core.c", ++ [17841].name = "tifm_alloc_adapter", ++ [17841].param1 = 1, ++ [17946].file = "drivers/net/wireless/libertas/if_spi.c", ++ [17946].name = "if_spi_host_to_card", ++ [17946].param4 = 1, + [1800].file = "drivers/media/dvb/dvb-core/dmxdev.c", + [1800].name = "dvb_dvr_do_ioctl", + [1800].param4 = 1, -+ [18224].file = "drivers/xen/grant-table.c", -+ [18224].name = "gnttab_map", -+ [18224].param2 = 1, ++ [1822].file = "drivers/hwmon/ibmaem.c", ++ [1822].name = "aem_read_sensor", ++ [1822].param5 = 1, + [18232].file = "fs/nfs/write.c", + [18232].name = "nfs_writedata_alloc", + [18232].param1 = 1, ++ [18247].file = "drivers/char/agp/generic.c", ++ [18247].name = "agp_create_user_memory", ++ [18247].param1 = 1, + [18303].file = "fs/xattr.c", + [18303].name = "getxattr", + [18303].param4 = 1, + [18313].file = "drivers/platform/x86/toshiba_acpi.c", + [18313].name = "dispatch_write", + [18313].param3 = 1, ++ [18334].file = "drivers/net/wireless/zd1211rw/zd_chip.c", ++ [18334].name = "zd_ioread32v", ++ [18334].param4 = 1, + [18353].file = "net/rfkill/core.c", + [18353].name = "rfkill_fop_read", + [18353].param3 = 1, ++ [18386].file = "fs/read_write.c", ++ [18386].name = "vfs_readv", ++ [18386].param3 = 1, ++ [18391].file = "fs/ocfs2/stack_user.c", ++ [18391].name = "ocfs2_control_write", ++ [18391].param3 = 1, + [183].file = "crypto/ahash.c", + [183].name = "crypto_ahash_setkey", + [183].param3 = 1, ++ [1845].file = "drivers/net/wireless/rt2x00/rt2x00debug.c", ++ [1845].name = "rt2x00debug_write_rf", ++ [1845].param3 = 1, ++ [18465].file = "drivers/net/cxgb3/cxgb3_offload.c", ++ [18465].name = "cxgb_alloc_mem", ++ [18465].param1 = 1, + [1858].file = "net/ipv6/netfilter/ip6_tables.c", + [1858].name = "do_ip6t_set_ctl", + [1858].param4 = 1, + [18592].file = "drivers/base/platform.c", + [18592].name = "platform_device_add_resources", + [18592].param3 = 1, ++ [18659].file = "drivers/media/dvb/dvb-core/dvbdev.c", ++ [18659].name = "dvb_usercopy", ++ [18659].param3 = 1, ++ [18775].file = "include/linux/textsearch.h", ++ [18775].name = "alloc_ts_config", ++ [18775].param1 = 1, ++ [18940].file = "drivers/usb/host/hwa-hc.c", ++ [18940].name = "__hwahc_op_set_gtk", ++ [18940].param4 = 1, + [19012].file = "drivers/acpi/event.c", + [19012].name = "acpi_system_read_event", + [19012].param3 = 1, -+ [19261].file = "net/netlabel/netlabel_domainhash.c", -+ [19261].name = "netlbl_domhsh_init", -+ [19261].param1 = 1, -+ [19288].file = "net/ipv6/raw.c", -+ [19288].name = "rawv6_setsockopt", -+ [19288].param5 = 1, ++ [19028].file = "mm/filemap.c", ++ [19028].name = "iov_iter_copy_from_user_atomic", ++ [19028].param4 = 1, ++ [19240].file = "net/sctp/socket.c", ++ [19240].name = "sctp_setsockopt_delayed_ack", ++ [19240].param3 = 1, ++ [19274].file = "net/core/pktgen.c", ++ [19274].name = "pktgen_if_write", ++ [19274].param3 = 1, ++ [19308].file = "drivers/char/mem.c", ++ [19308].name = "read_oldmem", ++ [19308].param3 = 1, ++ [19349].file = "drivers/acpi/acpica/utobject.c", ++ [19349].name = "acpi_ut_create_package_object", ++ [19349].param1 = 1, ++ [19453].file = "drivers/net/chelsio/sge.c", ++ [19453].name = "sge_rx", ++ [19453].param3 = 1, + [19504].file = "drivers/usb/serial/garmin_gps.c", + [19504].name = "pkt_add", + [19504].param3 = 1, + [19511].file = "drivers/scsi/cxgb3i/cxgb3i_ddp.c", + [19511].name = "cxgb3i_ddp_make_gl", + [19511].param1 = 1, ++ [19548].file = "drivers/scsi/qla2xxx/qla_init.c", ++ [19548].name = "qla2x00_get_ctx_sp", ++ [19548].param3 = 1, ++ [19592].file = "net/dccp/proto.c", ++ [19592].name = "dccp_setsockopt_service", ++ [19592].param4 = 1, ++ [19726].file = "kernel/trace/trace.c", ++ [19726].name = "tracing_set_trace_write", ++ [19726].param3 = 1, + [19738].file = "fs/sysfs/file.c", + [19738].name = "sysfs_write_file", + [19738].param3 = 1, -+ [19909].file = "drivers/net/wireless/libertas/debugfs.c", -+ [19909].name = "lbs_sleepparams_write", -+ [19909].param3 = 1, ++ [19920].file = "drivers/input/joydev.c", ++ [19920].name = "joydev_ioctl", ++ [19920].param2 = 1, ++ [19931].file = "drivers/usb/misc/ftdi-elan.c", ++ [19931].name = "ftdi_elan_write", ++ [19931].param3 = 1, + [19960].file = "drivers/usb/class/usblp.c", + [19960].name = "usblp_read", + [19960].param3 = 1, ++ [1996].file = "drivers/scsi/libsrp.c", ++ [1996].name = "srp_target_alloc", ++ [1996].param3 = 1, ++ [20013].file = "drivers/base/platform.c", ++ [20013].name = "platform_device_register_simple", ++ [20013].param4 = 1, + [20023].file = "drivers/media/video/gspca/gspca.c", + [20023].name = "dev_read", + [20023].param3 = 1, -+ [20113].file = "drivers/net/wireless/libertas/debugfs.c", -+ [20113].name = "lbs_rdmac_write", -+ [20113].param3 = 1, + [20123].file = "drivers/ieee1394/csr1212.h", + [20123].name = "csr1212_rom_cache_malloc", + [20123].param2 = 1, -+ [20314].file = "drivers/gpu/drm/drm_hashtab.c", -+ [20314].name = "drm_ht_create", -+ [20314].param2 = 1, ++ [20207].file = "net/core/sock.c", ++ [20207].name = "sock_alloc_send_pskb", ++ [20207].param2 = 1, ++ [20263].file = "kernel/trace/trace_events.c", ++ [20263].name = "event_filter_write", ++ [20263].param3 = 1, ++ [20320].file = "drivers/mfd/sm501.c", ++ [20320].name = "sm501_create_subdev", ++ [20320].param3 = 1, ++ [20320].param4 = 1, + [20611].file = "net/netfilter/x_tables.c", + [20611].name = "xt_alloc_table_info", + [20611].param1 = 1, ++ [20664].file = "drivers/media/video/usbvideo/usbvideo.c", ++ [20664].name = "usbvideo_rvmalloc", ++ [20664].param1 = 1, ++ [20713].file = "drivers/gpu/drm/ttm/ttm_bo_vm.c", ++ [20713].name = "ttm_bo_io", ++ [20713].param5 = 1, ++ [20835].file = "drivers/isdn/i4l/isdn_common.c", ++ [20835].name = "isdn_read", ++ [20835].param3 = 1, + [20951].file = "crypto/rng.c", + [20951].name = "rngapi_reset", + [20951].param3 = 1, -+ [21134].file = "drivers/video/via/viafbdev.c", -+ [21134].name = "viafb_dfph_proc_write", -+ [21134].param3 = 1, -+ [21277].file = "drivers/usb/storage/shuttle_usbat.c", -+ [21277].name = "usbat_flash_write_data", -+ [21277].param4 = 1, ++ [21132].file = "kernel/cgroup.c", ++ [21132].name = "cgroup_write_X64", ++ [21132].param5 = 1, ++ [21138].file = "drivers/uio/uio.c", ++ [21138].name = "uio_read", ++ [21138].param3 = 1, ++ [21193].file = "net/wireless/sme.c", ++ [21193].name = "cfg80211_disconnected", ++ [21193].param4 = 1, + [21312].file = "lib/ts_kmp.c", + [21312].name = "kmp_init", + [21312].param2 = 1, -+ [21397].file = "net/core/sock.c", -+ [21397].name = "sock_setsockopt", -+ [21397].param5 = 1, ++ [21335].file = "net/econet/af_econet.c", ++ [21335].name = "econet_sendmsg", ++ [21335].param4 = 1, + [21451].file = "net/netfilter/ipvs/ip_vs_ctl.c", + [21451].name = "do_ip_vs_set_ctl", + [21451].param4 = 1, ++ [21459].file = "security/smack/smackfs.c", ++ [21459].name = "smk_write_doi", ++ [21459].param3 = 1, ++ [21508].file = "include/linux/usb/wusb.h", ++ [21508].name = "wusb_prf_64", ++ [21508].param7 = 1, + [21538].file = "net/bluetooth/l2cap.c", + [21538].name = "l2cap_sock_setsockopt", + [21538].param5 = 1, ++ [21543].file = "drivers/media/video/gspca/gspca.c", ++ [21543].name = "frame_alloc", ++ [21543].param2 = 1, + [21608].file = "drivers/char/tpm/tpm.c", + [21608].name = "tpm_write", + [21608].param3 = 1, ++ [21784].file = "crypto/ahash.c", ++ [21784].name = "ahash_setkey_unaligned", ++ [21784].param3 = 1, + [2180].file = "drivers/char/ppdev.c", + [2180].name = "pp_write", + [2180].param3 = 1, ++ [21821].file = "drivers/net/wireless/airo.c", ++ [21821].name = "proc_write", ++ [21821].param3 = 1, ++ [21906].file = "net/atm/mpc.c", ++ [21906].name = "copy_macs", ++ [21906].param4 = 1, ++ [21923].file = "net/ipv4/netfilter/arp_tables.c", ++ [21923].name = "copy_entries_to_user", ++ [21923].param1 = 1, ++ [22052].file = "drivers/net/cxgb3/sge.c", ++ [22052].name = "get_packet_pg", ++ [22052].param4 = 1, + [22173].file = "drivers/ieee1394/highlevel.c", + [22173].name = "hpsb_create_hostinfo", + [22173].param3 = 1, @@ -107411,67 +108056,176 @@ index 0000000..5b08f5c + [22428].file = "ipc/ipc_sysctl.c", + [22428].name = "sysctl_ipc_data", + [22428].param5 = 1, ++ [22439].file = "fs/afs/rxrpc.c", ++ [22439].name = "afs_alloc_flat_call", ++ [22439].param2 = 1, ++ [22439].param3 = 1, + [2243].file = "drivers/scsi/scsi_tgt_lib.c", + [2243].name = "scsi_tgt_kspace_exec", + [2243].param8 = 1, -+ [22546].file = "drivers/char/pcmcia/cm4040_cs.c", -+ [22546].name = "cm4040_read", -+ [22546].param3 = 1, -+ [23093].file = "drivers/scsi/st.c", -+ [23093].name = "st_read", -+ [23093].param3 = 1, ++ [22440].file = "drivers/uwb/neh.c", ++ [22440].name = "uwb_rc_neh_grok_event", ++ [22440].param3 = 1, ++ [22545].file = "drivers/media/video/pwc/pwc-if.c", ++ [22545].name = "pwc_video_read", ++ [22545].param3 = 1, ++ [22614].file = "drivers/media/video/cx18/cx18-fileops.c", ++ [22614].name = "cx18_copy_buf_to_user", ++ [22614].param4 = 1, ++ [22777].file = "drivers/infiniband/ulp/srp/ib_srp.c", ++ [22777].name = "srp_alloc_iu", ++ [22777].param2 = 1, ++ [22817].file = "drivers/media/video/usbvision/usbvision-core.c", ++ [22817].name = "usbvision_rvmalloc", ++ [22817].param1 = 1, ++ [22904].file = "security/selinux/ss/services.c", ++ [22904].name = "security_context_to_sid_default", ++ [22904].param2 = 1, ++ [22932].file = "fs/compat.c", ++ [22932].name = "compat_sys_writev", ++ [22932].param3 = 1, ++ [2302].file = "drivers/media/video/stk-webcam.c", ++ [2302].name = "v4l_stk_read", ++ [2302].param3 = 1, ++ [2307].file = "drivers/pcmcia/cistpl.c", ++ [2307].name = "pcmcia_replace_cis", ++ [2307].param3 = 1, ++ [23117].file = "drivers/media/dvb/ttpci/av7110_av.c", ++ [23117].name = "dvb_audio_write", ++ [23117].param3 = 1, + [2324].file = "net/ieee802154/wpan-class.c", + [2324].name = "wpan_phy_alloc", + [2324].param1 = 1, ++ [2328].file = "kernel/trace/ftrace.c", ++ [2328].name = "ftrace_pid_write", ++ [2328].param3 = 1, ++ [23449].file = "crypto/blkcipher.c", ++ [23449].name = "blkcipher_next_slow", ++ [23449].param3 = 1, ++ [23449].param4 = 1, + [23535].file = "ipc/sem.c", + [23535].name = "sys_semtimedop", + [23535].param3 = 1, ++ [23576].file = "drivers/media/video/cafe_ccic.c", ++ [23576].name = "cafe_v4l_read", ++ [23576].param3 = 1, ++ [2357].file = "drivers/usb/serial/garmin_gps.c", ++ [2357].name = "garmin_read_process", ++ [2357].param3 = 1, ++ [23589].file = "kernel/relay.c", ++ [23589].name = "subbuf_read_actor", ++ [23589].param3 = 1, ++ [23619].file = "drivers/char/tty_buffer.c", ++ [23619].name = "tty_buffer_request_room", ++ [23619].param2 = 1, ++ [23848].file = "crypto/blkcipher.c", ++ [23848].name = "async_setkey", ++ [23848].param3 = 1, + [2386].file = "drivers/acpi/acpica/exnames.c", + [2386].name = "acpi_ex_allocate_name_string", + [2386].param2 = 1, -+ [23883].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [23883].name = "iwl_dbgfs_interrupt_write", -+ [23883].param3 = 1, ++ [2389].file = "net/core/sock.c", ++ [2389].name = "sock_rmalloc", ++ [2389].param2 = 1, + [23999].file = "sound/pci/rme9652/hdsp.c", + [23999].name = "snd_hdsp_capture_copy", + [23999].param5 = 1, -+ [24263].file = "kernel/cgroup.c", -+ [24263].name = "cgroup_file_write", -+ [24263].param3 = 1, ++ [24233].file = "drivers/pci/pcie/aer/aer_inject.c", ++ [24233].name = "aer_inject_write", ++ [24233].param3 = 1, ++ [2444].file = "drivers/acpi/fan.c", ++ [2444].name = "acpi_fan_write_state", ++ [2444].param3 = 1, + [24549].file = "drivers/infiniband/core/ucm.c", + [24549].name = "ib_ucm_alloc_data", + [24549].param3 = 1, + [24719].file = "drivers/input/evdev.c", + [24719].name = "bits_to_user", -+ [24719].param2 = 1, + [24719].param3 = 1, ++ [2472].file = "net/ipv4/netfilter/ip_tables.c", ++ [2472].name = "compat_do_ipt_set_ctl", ++ [2472].param4 = 1, ++ [24761].file = "kernel/trace/trace.c", ++ [24761].name = "tracing_mark_write", ++ [24761].param3 = 1, + [24805].file = "security/keys/user_defined.c", + [24805].name = "user_update", + [24805].param3 = 1, ++ [24980].file = "drivers/infiniband/hw/ipath/ipath_fs.c", ++ [24980].name = "flash_write", ++ [24980].param3 = 1, ++ [25036].file = "fs/pipe.c", ++ [25036].name = "pipe_iov_copy_from_user", ++ [25036].param3 = 1, ++ [25046].file = "drivers/char/tty_buffer.c", ++ [25046].name = "tty_buffer_find", ++ [25046].param2 = 1, ++ [25078].file = "drivers/net/wireless/p54/fwio.c", ++ [25078].name = "p54_download_eeprom", ++ [25078].param4 = 1, + [25127].file = "drivers/scsi/device_handler/scsi_dh_alua.c", + [25127].name = "realloc_buffer", + [25127].param2 = 1, ++ [25157].file = "security/keys/request_key_auth.c", ++ [25157].name = "request_key_auth_new", ++ [25157].param3 = 1, + [25158].file = "drivers/net/mlx4/en_rx.c", + [25158].name = "mlx4_en_create_rx_ring", + [25158].param3 = 1, ++ [25193].file = "kernel/trace/trace.c", ++ [25193].name = "trace_options_core_write", ++ [25193].param3 = 1, + [25267].file = "fs/configfs/file.c", + [25267].name = "configfs_write_file", + [25267].param3 = 1, + [25558].file = "fs/proc/task_mmu.c", + [25558].name = "clear_refs_write", + [25558].param3 = 1, ++ [25765].file = "drivers/media/dvb/b2c2/flexcop.c", ++ [25765].name = "flexcop_device_kmalloc", ++ [25765].param1 = 1, + [25884].file = "drivers/net/wireless/zd1211rw/zd_usb.c", + [25884].name = "zd_usb_ioread16v", + [25884].param4 = 1, ++ [26100].file = "sound/core/info.c", ++ [26100].name = "snd_info_entry_write", ++ [26100].param3 = 1, ++ [26143].file = "kernel/trace/trace_sysprof.c", ++ [26143].name = "sysprof_sample_write", ++ [26143].param3 = 1, + [26256].file = "fs/hpfs/name.c", + [26256].name = "hpfs_translate_name", + [26256].param3 = 1, ++ [26494].file = "kernel/signal.c", ++ [26494].name = "sys_rt_sigpending", ++ [26494].param2 = 1, ++ [26497].file = "security/keys/keyctl.c", ++ [26497].name = "sys_keyctl", ++ [26497].param4 = 1, ++ [26533].file = "drivers/block/aoe/aoechr.c", ++ [26533].name = "aoechr_write", ++ [26533].param3 = 1, + [26560].file = "crypto/algapi.c", + [26560].name = "crypto_alloc_instance2", + [26560].param3 = 1, ++ [26605].file = "security/selinux/selinuxfs.c", ++ [26605].name = "sel_write_user", ++ [26605].param3 = 1, + [26701].file = "drivers/mtd/chips/cfi_util.c", + [26701].name = "cfi_read_pri", + [26701].param3 = 1, ++ [26757].file = "fs/xattr.c", ++ [26757].name = "sys_fgetxattr", ++ [26757].param4 = 1, ++ [26834].file = "drivers/gpu/drm/drm_drv.c", ++ [26834].name = "drm_ioctl", ++ [26834].param3 = 1, ++ [26843].file = "drivers/firewire/core-cdev.c", ++ [26843].name = "fw_device_op_compat_ioctl", ++ [26843].param2 = 1, ++ [26888].file = "net/bridge/br_ioctl.c", ++ [26888].name = "get_fdb_entries", ++ [26888].param3 = 1, + [26912].file = "drivers/ieee1394/raw1394.c", + [26912].name = "arm_write", + [26912].param6 = 1, @@ -107481,12 +108235,26 @@ index 0000000..5b08f5c + [27004].file = "drivers/misc/hpilo.c", + [27004].name = "ilo_write", + [27004].param3 = 1, ++ [27025].file = "fs/ntfs/file.c", ++ [27025].name = "__ntfs_copy_from_user_iovec_inatomic", ++ [27025].param3 = 1, ++ [27025].param4 = 1, ++ [27061].file = "drivers/firewire/core-cdev.c", ++ [27061].name = "iso_callback", ++ [27061].param3 = 1, + [2711].file = "drivers/media/dvb/dvb-core/dvb_ringbuffer.c", + [2711].name = "dvb_ringbuffer_read_user", + [2711].param3 = 1, + [27129].file = "fs/lockd/mon.c", + [27129].name = "nsm_get_handle", + [27129].param4 = 1, ++ [27142].file = "fs/proc/kcore.c", ++ [27142].name = "read_kcore", ++ [27142].param3 = 1, ++ [27176].file = "drivers/mtd/devices/mtd_dataflash.c", ++ [27176].name = "otp_read", ++ [27176].param2 = 1, ++ [27176].param5 = 1, + [27280].file = "drivers/net/mlx4/en_tx.c", + [27280].name = "mlx4_en_create_tx_ring", + [27280].param3 = 1, @@ -107499,439 +108267,1031 @@ index 0000000..5b08f5c + [27347].file = "drivers/net/wireless/zd1211rw/zd_usb.c", + [27347].name = "zd_usb_rfwrite", + [27347].param3 = 1, ++ [27472].file = "security/selinux/selinuxfs.c", ++ [27472].name = "sel_write_load", ++ [27472].param3 = 1, + [27491].file = "fs/proc/base.c", + [27491].name = "proc_pid_attr_write", + [27491].param3 = 1, -+ [28092].file = "fs/select.c", -+ [28092].name = "do_sys_poll", -+ [28092].param2 = 1, ++ [27595].file = "net/core/sock.c", ++ [27595].name = "sock_alloc_send_skb", ++ [27595].param2 = 1, ++ [27927].file = "drivers/char/tty_io.c", ++ [27927].name = "redirected_tty_write", ++ [27927].param3 = 1, + [28126].file = "drivers/net/wireless/zd1211rw/zd_chip.c", + [28126].name = "zd_ioread32v_locked", + [28126].param4 = 1, ++ [28151].file = "mm/filemap_xip.c", ++ [28151].name = "do_xip_mapping_read", ++ [28151].param5 = 1, ++ [28247].file = "net/sctp/tsnmap.c", ++ [28247].name = "sctp_tsnmap_init", ++ [28247].param2 = 1, ++ [28316].file = "drivers/input/joydev.c", ++ [28316].name = "joydev_ioctl_common", ++ [28316].param2 = 1, ++ [28359].file = "drivers/spi/spidev.c", ++ [28359].name = "spidev_message", ++ [28359].param3 = 1, ++ [28360].file = "drivers/hid/usbhid/hiddev.c", ++ [28360].name = "hiddev_compat_ioctl", ++ [28360].param2 = 1, + [28370].file = "kernel/sysctl.c", + [28370].name = "sysctl_string", + [28370].param5 = 1, -+ [28462].file = "net/rfkill/core.c", -+ [28462].name = "rfkill_fop_write", -+ [28462].param3 = 1, ++ [28407].file = "drivers/net/wireless/rt2x00/rt2x00debug.c", ++ [28407].name = "rt2x00debug_write_csr", ++ [28407].param3 = 1, ++ [2847].file = "fs/ntfs/file.c", ++ [2847].name = "ntfs_copy_from_user", ++ [2847].param3 = 1, ++ [2847].param5 = 1, ++ [28584].file = "drivers/memstick/core/memstick.c", ++ [28584].name = "memstick_alloc_host", ++ [28584].param1 = 1, + [28635].file = "drivers/gpu/drm/drm_sman.c", + [28635].name = "drm_sman_init", + [28635].param2 = 1, -+ [28655].file = "drivers/infiniband/hw/mthca/mthca_allocator.c", -+ [28655].name = "mthca_alloc_init", -+ [28655].param2 = 1, ++ [28714].file = "drivers/ieee1394/ieee1394_core.c", ++ [28714].name = "hpsb_alloc_packet", ++ [28714].param1 = 1, + [28879].file = "drivers/base/map.c", + [28879].name = "kobj_map", + [28879].param2 = 1, ++ [28879].param3 = 1, + [28889].file = "drivers/char/pcmcia/cm4040_cs.c", + [28889].name = "cm4040_write", + [28889].param3 = 1, + [28892].file = "drivers/media/video/se401.c", + [28892].name = "se401_read", + [28892].param3 = 1, -+ [29366].file = "drivers/char/pcmcia/cm4000_cs.c", -+ [29366].name = "cmm_read", -+ [29366].param3 = 1, -+ [29875].file = "sound/isa/gus/gus_pcm.c", -+ [29875].name = "snd_gf1_pcm_playback_copy", -+ [29875].param5 = 1, ++ [29302].file = "drivers/acpi/proc.c", ++ [29302].name = "acpi_system_write_sleep", ++ [29302].param3 = 1, ++ [29353].file = "net/sctp/socket.c", ++ [29353].name = "sctp_setsockopt_del_key", ++ [29353].param3 = 1, ++ [29470].file = "include/linux/slab.h", ++ [29470].name = "kmalloc_node", ++ [29470].param1 = 1, ++ [29859].file = "net/rds/page.c", ++ [29859].name = "rds_page_copy_user", ++ [29859].param4 = 1, + [2995].file = "mm/page_alloc.c", + [2995].name = "alloc_large_system_hash", + [2995].param2 = 1, -+ [30438].file = "mm/filemap_xip.c", -+ [30438].name = "xip_file_read", -+ [30438].param3 = 1, -+ [30449].file = "drivers/telephony/ixj.c", -+ [30449].name = "ixj_read", -+ [30449].param3 = 1, -+ [30494].file = "fs/nilfs2/ioctl.c", -+ [30494].name = "nilfs_ioctl_wrap_copy", -+ [30494].param4 = 1, ++ [30330].file = "drivers/platform/x86/asus_acpi.c", ++ [30330].name = "proc_write_mled", ++ [30330].param3 = 1, ++ [30687].file = "drivers/uwb/uwb-debug.c", ++ [30687].name = "command_write", ++ [30687].param3 = 1, ++ [30719].file = "drivers/media/video/dabusb.c", ++ [30719].name = "dabusb_read", ++ [30719].param3 = 1, ++ [30726].file = "drivers/bluetooth/hci_vhci.c", ++ [30726].name = "vhci_get_user", ++ [30726].param3 = 1, ++ [307].file = "drivers/block/aoe/aoechr.c", ++ [307].name = "revalidate", ++ [307].param2 = 1, ++ [3119].file = "drivers/misc/ibmasm/command.c", ++ [3119].name = "ibmasm_new_command", ++ [3119].param2 = 1, ++ [31207].file = "drivers/platform/x86/asus_acpi.c", ++ [31207].name = "parse_arg", ++ [31207].param2 = 1, ++ [31287].file = "drivers/scsi/libsrp.c", ++ [31287].name = "srp_iu_pool_alloc", ++ [31287].param2 = 1, ++ [31291].file = "sound/pci/rme9652/rme9652.c", ++ [31291].name = "snd_rme9652_capture_copy", ++ [31291].param5 = 1, + [31348].file = "kernel/sched.c", + [31348].name = "sys_sched_getaffinity", + [31348].param2 = 1, -+ [31465].file = "net/rds/message.c", -+ [31465].name = "rds_message_map_pages", -+ [31465].param2 = 1, + [31492].file = "drivers/hid/hidraw.c", + [31492].name = "hidraw_read", + [31492].param3 = 1, ++ [31541].file = "drivers/ieee1394/csr1212.c", ++ [31541].name = "csr1212_append_new_cache", ++ [31541].param2 = 1, ++ [31649].file = "fs/ecryptfs/crypto.c", ++ [31649].name = "ecryptfs_decode_and_decrypt_filename", ++ [31649].param5 = 1, + [3170].file = "security/integrity/ima/ima_fs.c", + [3170].name = "ima_write_policy", + [3170].param3 = 1, -+ [31730].file = "net/dccp/proto.c", -+ [31730].name = "dccp_setsockopt", -+ [31730].param5 = 1, + [31789].file = "fs/file.c", + [31789].name = "alloc_fdmem", + [31789].param1 = 1, + [31957].file = "fs/afs/proc.c", + [31957].name = "afs_proc_cells_write", + [31957].param3 = 1, ++ [32002].file = "net/sctp/socket.c", ++ [32002].name = "sctp_setsockopt_active_key", ++ [32002].param3 = 1, ++ [32101].file = "kernel/sysctl.c", ++ [32101].name = "do_sysctl_strategy", ++ [32101].param6 = 1, ++ [32136].file = "drivers/message/fusion/mptctl.c", ++ [32136].name = "compat_mpctl_ioctl", ++ [32136].param2 = 1, ++ [32152].file = "drivers/acpi/video.c", ++ [32152].name = "acpi_video_device_write_state", ++ [32152].param3 = 1, ++ [32182].file = "net/sunrpc/cache.c", ++ [32182].name = "cache_write", ++ [32182].param3 = 1, ++ [32210].file = "kernel/trace/trace_events.c", ++ [32210].name = "system_enable_write", ++ [32210].param3 = 1, ++ [32278].file = "kernel/time/timer_stats.c", ++ [32278].name = "tstats_write", ++ [32278].param3 = 1, + [32326].file = "drivers/char/n_r3964.c", + [32326].name = "r3964_write", + [32326].param4 = 1, ++ [32405].file = "kernel/trace/trace.c", ++ [32405].name = "tracing_entries_write", ++ [32405].param3 = 1, ++ [3241].file = "drivers/usb/wusbcore/crypto.c", ++ [3241].name = "wusb_prf", ++ [3241].param7 = 1, ++ [32608].file = "security/selinux/selinuxfs.c", ++ [32608].name = "sel_write_checkreqprot", ++ [32608].param3 = 1, ++ [32812].file = "drivers/net/vxge/vxge-config.c", ++ [32812].name = "__vxge_hw_channel_allocate", ++ [32812].param3 = 1, + [32950].file = "fs/reiserfs/resize.c", + [32950].name = "reiserfs_resize", + [32950].param2 = 1, ++ [33010].file = "drivers/media/dvb/dvb-core/dvb_ringbuffer.c", ++ [33010].name = "dvb_ringbuffer_pkt_read_user", ++ [33010].param5 = 1, ++ [33040].file = "drivers/gpu/vga/vgaarb.c", ++ [33040].name = "vga_arb_read", ++ [33040].param3 = 1, ++ [33071].file = "drivers/ieee1394/iso.c", ++ [33071].name = "hpsb_iso_common_init", ++ [33071].param4 = 1, ++ [33130].file = "net/llc/llc_sap.c", ++ [33130].name = "llc_alloc_frame", ++ [33130].param4 = 1, + [33256].file = "drivers/ieee1394/raw1394.c", + [33256].name = "arm_read", + [33256].param5 = 1, -+ [33637].file = "net/9p/client.c", -+ [33637].name = "p9_client_read", -+ [33637].param5 = 1, ++ [33280].file = "fs/xfs/linux-2.6/kmem.c", ++ [33280].name = "kmem_realloc", ++ [33280].param2 = 1, ++ [33489].file = "fs/binfmt_misc.c", ++ [33489].name = "create_entry", ++ [33489].param2 = 1, + [33669].file = "fs/gfs2/glock.c", + [33669].name = "gfs2_glock_nq_m", + [33669].param1 = 1, + [3384].file = "drivers/block/paride/pg.c", + [3384].name = "pg_write", + [3384].param3 = 1, ++ [34016].file = "drivers/char/tty_buffer.c", ++ [34016].name = "tty_prepare_flip_string_flags", ++ [34016].param4 = 1, + [34105].file = "fs/libfs.c", + [34105].name = "simple_read_from_buffer", ++ [34105].param2 = 1, + [34105].param5 = 1, + [34120].file = "drivers/media/video/pvrusb2/pvrusb2-io.c", + [34120].name = "pvr2_stream_buffer_count", + [34120].param2 = 1, ++ [34432].file = "drivers/edac/edac_pci.c", ++ [34432].name = "edac_pci_alloc_ctl_info", ++ [34432].param1 = 1, ++ [34438].file = "security/tomoyo/realpath.c", ++ [34438].name = "tomoyo_alloc", ++ [34438].param1 = 1, ++ [34532].file = "drivers/virtio/virtio_ring.c", ++ [34532].name = "vring_add_indirect", ++ [34532].param3 = 1, ++ [34532].param4 = 1, ++ [34543].file = "net/sctp/tsnmap.c", ++ [34543].name = "sctp_tsnmap_grow", ++ [34543].param2 = 1, ++ [34551].file = "fs/ocfs2/stack_user.c", ++ [34551].name = "ocfs2_control_cfu", ++ [34551].param2 = 1, ++ [34666].file = "fs/cifs/cifs_debug.c", ++ [34666].name = "cifs_security_flags_proc_write", ++ [34666].param3 = 1, + [34672].file = "drivers/char/tty_io.c", + [34672].name = "tty_write", + [34672].param3 = 1, ++ [34679].file = "drivers/media/video/ivtv/ivtv-fileops.c", ++ [34679].name = "ivtv_copy_buf_to_user", ++ [34679].param4 = 1, ++ [34721].file = "drivers/usb/host/hwa-hc.c", ++ [34721].name = "__hwahc_dev_set_key", ++ [34721].param5 = 1, ++ [34749].file = "mm/bootmem.c", ++ [34749].name = "__alloc_bootmem_low_node", ++ [34749].param2 = 1, ++ [34760].file = "include/acpi/platform/aclinux.h", ++ [34760].name = "acpi_os_allocate_zeroed", ++ [34760].param1 = 1, + [34863].file = "drivers/video/fbsysfs.c", + [34863].name = "framebuffer_alloc", + [34863].param1 = 1, -+ [34988].file = "drivers/net/wireless/libertas/debugfs.c", -+ [34988].name = "lbs_rdrf_write", -+ [34988].param3 = 1, -+ [35007].file = "drivers/usb/mon/mon_bin.c", -+ [35007].name = "mon_bin_read", -+ [35007].param3 = 1, + [35050].file = "fs/ocfs2/dlm/dlmfs.c", + [35050].name = "dlmfs_file_write", + [35050].param3 = 1, -+ [35176].file = "drivers/usb/misc/ldusb.c", -+ [35176].name = "ld_usb_write", -+ [35176].param3 = 1, ++ [35119].file = "fs/xattr.c", ++ [35119].name = "sys_llistxattr", ++ [35119].param3 = 1, ++ [35159].file = "drivers/net/wimax/i2400m/usb.c", ++ [35159].name = "__i2400mu_send_barker", ++ [35159].param3 = 1, ++ [35232].file = "drivers/media/video/cx18/cx18-fileops.c", ++ [35232].name = "cx18_read", ++ [35232].param3 = 1, ++ [35234].file = "net/irda/irnet/irnet_ppp.c", ++ [35234].name = "irnet_ctrl_write", ++ [35234].param3 = 1, ++ [35256].file = "sound/core/memory.c", ++ [35256].name = "copy_from_user_toio", ++ [35256].param3 = 1, + [35268].file = "security/keys/request_key_auth.c", + [35268].name = "request_key_auth_read", + [35268].param3 = 1, ++ [3541].file = "drivers/mtd/ubi/cdev.c", ++ [3541].name = "vol_cdev_write", ++ [3541].param3 = 1, ++ [35551].file = "drivers/media/video/ivtv/ivtv-fileops.c", ++ [35551].name = "ivtv_read_pos", ++ [35551].param3 = 1, ++ [35556].file = "fs/read_write.c", ++ [35556].name = "sys_readv", ++ [35556].param3 = 1, ++ [35729].file = "include/linux/skbuff.h", ++ [35729].name = "__dev_alloc_skb", ++ [35729].param1 = 1, + [35731].file = "drivers/usb/class/cdc-wdm.c", + [35731].name = "wdm_read", + [35731].param3 = 1, ++ [35880].file = "fs/ecryptfs/crypto.c", ++ [35880].name = "ecryptfs_encrypt_and_encode_filename", ++ [35880].param6 = 1, ++ [35987].file = "drivers/pnp/pnpbios/proc.c", ++ [35987].name = "proc_write_node", ++ [35987].param3 = 1, ++ [36036].file = "fs/nfs/write.c", ++ [36036].name = "nfs_flush_one", ++ [36036].param3 = 1, ++ [36076].file = "drivers/net/sfc/tx.c", ++ [36076].name = "efx_tsoh_heap_alloc", ++ [36076].param2 = 1, ++ [36149].file = "fs/udf/inode.c", ++ [36149].name = "udf_alloc_i_data", ++ [36149].param2 = 1, ++ [36183].file = "drivers/char/vc_screen.c", ++ [36183].name = "vcs_read", ++ [36183].param3 = 1, ++ [36199].file = "net/sunrpc/auth_gss/auth_gss.c", ++ [36199].name = "gss_pipe_downcall", ++ [36199].param3 = 1, ++ [36206].file = "net/ipv4/tcp_input.c", ++ [36206].name = "tcp_collapse", ++ [36206].param5 = 1, ++ [36206].param6 = 1, ++ [36230].file = "drivers/net/wan/hdlc_ppp.c", ++ [36230].name = "ppp_cp_parse_cr", ++ [36230].param4 = 1, + [36284].file = "drivers/spi/spi.c", + [36284].name = "spi_register_board_info", + [36284].param2 = 1, -+ [3632].file = "drivers/firewire/core-cdev.c", -+ [3632].name = "fw_device_op_read", -+ [3632].param3 = 1, ++ [36515].file = "drivers/platform/x86/asus_acpi.c", ++ [36515].name = "proc_write_disp", ++ [36515].param3 = 1, ++ [36560].file = "net/sunrpc/cache.c", ++ [36560].name = "write_flush", ++ [36560].param3 = 1, + [36807].file = "drivers/usb/mon/mon_bin.c", + [36807].name = "mon_bin_get_event", + [36807].param4 = 1, + [36822].file = "kernel/sysctl.c", + [36822].name = "sysctl_data", + [36822].param5 = 1, -+ [36981].file = "drivers/video/via/viafbdev.c", -+ [36981].name = "viafb_dfpl_proc_write", -+ [36981].param3 = 1, -+ [37204].file = "drivers/isdn/hardware/eicon/divasi.c", -+ [37204].name = "um_idi_read", -+ [37204].param3 = 1, ++ [37108].file = "drivers/media/dvb/ttpci/av7110_av.c", ++ [37108].name = "dvb_video_write", ++ [37108].param3 = 1, ++ [37115].file = "drivers/char/tty_buffer.c", ++ [37115].name = "tty_prepare_flip_string", ++ [37115].param3 = 1, ++ [37163].file = "net/core/skbuff.c", ++ [37163].name = "__netdev_alloc_skb", ++ [37163].param2 = 1, + [37233].file = "fs/ocfs2/cluster/tcp.c", + [37233].name = "o2net_send_message_vec", + [37233].param4 = 1, ++ [37241].file = "net/atm/lec.c", ++ [37241].name = "lane2_associate_req", ++ [37241].param4 = 1, + [37309].file = "drivers/mtd/mtdchar.c", + [37309].name = "mtd_do_readoob", + [37309].param3 = 1, -+ [37594].file = "include/linux/poll.h", -+ [37594].name = "get_fd_set", -+ [37594].param1 = 1, -+ [37611].file = "drivers/xen/xenbus/xenbus_xs.c", -+ [37611].name = "split", -+ [37611].param2 = 1, ++ [37535].file = "kernel/trace/trace.c", ++ [37535].name = "tracing_trace_options_write", ++ [37535].param3 = 1, + [37661].file = "mm/filemap.c", + [37661].name = "file_read_actor", + [37661].param4 = 1, ++ [37798].file = "net/decnet/sysctl_net_decnet.c", ++ [37798].name = "dn_def_dev_strategy", ++ [37798].param5 = 1, ++ [3801].file = "drivers/block/paride/pt.c", ++ [3801].name = "pt_write", ++ [3801].param3 = 1, ++ [38052].file = "kernel/kexec.c", ++ [38052].name = "kimage_normal_alloc", ++ [38052].param3 = 1, ++ [38057].file = "fs/coda/psdev.c", ++ [38057].name = "coda_psdev_write", ++ [38057].param3 = 1, + [38109].file = "drivers/media/video/cafe_ccic.c", + [38109].name = "cafe_deliver_buffer", + [38109].param3 = 1, -+ [38401].file = "drivers/xen/xenfs/xenbus.c", -+ [38401].name = "queue_reply", -+ [38401].param3 = 1, ++ [38186].file = "kernel/signal.c", ++ [38186].name = "do_sigpending", ++ [38186].param2 = 1, ++ [38314].file = "fs/nfs/read.c", ++ [38314].name = "nfs_readdata_alloc", ++ [38314].param1 = 1, ++ [3841].file = "drivers/platform/x86/asus_acpi.c", ++ [3841].name = "write_led", ++ [3841].param2 = 1, + [38576].file = "drivers/i2c/i2c-dev.c", + [38576].name = "i2cdev_read", + [38576].param3 = 1, ++ [38747].file = "fs/xattr.c", ++ [38747].name = "sys_lgetxattr", ++ [38747].param4 = 1, ++ [38867].file = "drivers/scsi/scsi_transport_fc.c", ++ [38867].name = "fc_host_post_vendor_event", ++ [38867].param3 = 1, ++ [38931].file = "drivers/isdn/hardware/eicon/capimain.c", ++ [38931].name = "diva_os_alloc_message_buffer", ++ [38931].param1 = 1, ++ [38972].file = "security/smack/smackfs.c", ++ [38972].name = "smk_write_logging", ++ [38972].param3 = 1, + [39001].file = "net/xfrm/xfrm_hash.c", + [39001].name = "xfrm_hash_alloc", + [39001].param1 = 1, -+ [39147].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [39147].name = "iwl_dbgfs_rx_statistics_write", -+ [39147].param3 = 1, ++ [39052].file = "drivers/input/evdev.c", ++ [39052].name = "evdev_ioctl", ++ [39052].param2 = 1, ++ [39066].file = "drivers/media/dvb/frontends/tda10048.c", ++ [39066].name = "tda10048_writeregbulk", ++ [39066].param4 = 1, + [39231].file = "drivers/mtd/mtdconcat.c", + [39231].name = "concat_writev", + [39231].param3 = 1, + [39254].file = "drivers/char/pcmcia/cm4000_cs.c", + [39254].name = "cmm_write", + [39254].param3 = 1, ++ [39262].file = "drivers/media/video/usbvideo/vicam.c", ++ [39262].name = "vicam_read", ++ [39262].param3 = 1, ++ [39392].file = "drivers/atm/solos-pci.c", ++ [39392].name = "send_command", ++ [39392].param4 = 1, ++ [39401].file = "drivers/net/usb/dm9601.c", ++ [39401].name = "dm_write", ++ [39401].param3 = 1, ++ [39417].file = "drivers/block/DAC960.c", ++ [39417].name = "dac960_user_command_proc_write", ++ [39417].param3 = 1, ++ [39446].file = "drivers/acpi/video.c", ++ [39446].name = "acpi_video_bus_write_DOS", ++ [39446].param3 = 1, + [39479].file = "drivers/ide/ide-tape.c", + [39479].name = "idetape_chrdev_read", + [39479].param3 = 1, ++ [39638].file = "security/selinux/selinuxfs.c", ++ [39638].name = "sel_write_avc_cache_threshold", ++ [39638].param3 = 1, ++ [39645].file = "drivers/media/dvb/dvb-core/dvbdev.c", ++ [39645].name = "dvb_generic_ioctl", ++ [39645].param3 = 1, ++ [39770].file = "include/linux/mISDNif.h", ++ [39770].name = "mI_alloc_skb", ++ [39770].param1 = 1, ++ [39813].file = "fs/ocfs2/stack_user.c", ++ [39813].name = "ocfs2_control_message", ++ [39813].param3 = 1, ++ [39888].file = "net/core/skbuff.c", ++ [39888].name = "__alloc_skb", ++ [39888].param1 = 1, ++ [39990].file = "drivers/media/dvb/dvb-core/dvb_demux.c", ++ [39990].name = "dvbdmx_write", ++ [39990].param3 = 1, ++ [3999].file = "drivers/platform/x86/asus_acpi.c", ++ [3999].name = "proc_write_ledd", ++ [3999].param3 = 1, + [40049].file = "drivers/bluetooth/btmrvl_debugfs.c", + [40049].name = "btmrvl_psmode_write", + [40049].param3 = 1, + [40075].file = "drivers/media/video/c-qcam.c", + [40075].name = "qc_capture", + [40075].param3 = 1, -+ [40161].file = "net/sunrpc/xprtsock.c", -+ [40161].name = "xs_setup_xprt", -+ [40161].param2 = 1, -+ [40578].file = "sound/soc/soc-core.c", -+ [40578].name = "codec_reg_write_file", -+ [40578].param3 = 1, ++ [40163].file = "fs/ncpfs/file.c", ++ [40163].name = "ncp_file_write", ++ [40163].param3 = 1, ++ [40240].file = "drivers/char/nvram.c", ++ [40240].name = "nvram_write", ++ [40240].param3 = 1, ++ [40256].file = "drivers/char/vc_screen.c", ++ [40256].name = "vcs_write", ++ [40256].param3 = 1, ++ [40302].file = "sound/isa/gus/gus_dram.c", ++ [40302].name = "snd_gus_dram_poke", ++ [40302].param4 = 1, ++ [40373].file = "fs/cifs/cifs_spnego.c", ++ [40373].name = "cifs_spnego_key_instantiate", ++ [40373].param3 = 1, ++ [40519].file = "net/sctp/socket.c", ++ [40519].name = "sctp_setsockopt_events", ++ [40519].param3 = 1, + [40609].file = "sound/pci/rme9652/hdspm.c", + [40609].name = "snd_hdspm_playback_copy", + [40609].param5 = 1, -+ [40713].file = "net/mac80211/debugfs.c", -+ [40713].name = "noack_write", -+ [40713].param3 = 1, ++ [40731].file = "drivers/char/tty_io.c", ++ [40731].name = "do_tty_write", ++ [40731].param5 = 1, + [40786].file = "net/ipv4/netfilter/nf_nat_snmp_basic.c", + [40786].name = "asn1_octets_decode", + [40786].param2 = 1, -+ [40951].file = "drivers/xen/evtchn.c", -+ [40951].name = "evtchn_read", -+ [40951].param3 = 1, + [40952].file = "drivers/misc/sgi-xp/xpc_partition.c", + [40952].name = "xpc_kmalloc_cacheline_aligned", + [40952].param1 = 1, + [41000].file = "sound/core/pcm_native.c", + [41000].name = "snd_pcm_aio_read", + [41000].param3 = 1, -+ [41056].file = "net/sunrpc/auth_gss/auth_gss.c", -+ [41056].name = "gss_pipe_upcall", -+ [41056].param4 = 1, -+ [41230].file = "drivers/usb/storage/datafab.c", -+ [41230].name = "datafab_read_data", -+ [41230].param4 = 1, ++ [41041].file = "net/core/sock.c", ++ [41041].name = "sock_wmalloc", ++ [41041].param2 = 1, ++ [41122].file = "fs/binfmt_misc.c", ++ [41122].name = "bm_status_write", ++ [41122].param3 = 1, ++ [41176].file = "kernel/trace/trace_events.c", ++ [41176].name = "subsystem_filter_write", ++ [41176].param3 = 1, + [41249].file = "drivers/media/video/zr364xx.c", + [41249].name = "send_control_msg", + [41249].param6 = 1, -+ [41418].file = "fs/libfs.c", -+ [41418].name = "simple_attr_write", -+ [41418].param3 = 1, ++ [41287].file = "drivers/net/vxge/vxge-config.h", ++ [41287].name = "vxge_os_dma_malloc_async", ++ [41287].param3 = 1, ++ [41408].file = "mm/filemap_xip.c", ++ [41408].name = "__xip_file_write", ++ [41408].param3 = 1, + [4155].file = "kernel/kexec.c", + [4155].name = "do_kimage_alloc", + [4155].param3 = 1, -+ [41592].file = "net/sctp/ssnmap.c", -+ [41592].name = "sctp_ssnmap_new", -+ [41592].param1 = 1, -+ [41592].param2 = 1, -+ [4200].file = "fs/squashfs/id.c", -+ [4200].name = "squashfs_read_id_index_table", -+ [4200].param3 = 1, ++ [41676].file = "fs/compat.c", ++ [41676].name = "compat_sys_preadv", ++ [41676].param3 = 1, ++ [4167].file = "drivers/media/dvb/frontends/cx24116.c", ++ [4167].name = "cx24116_writeregN", ++ [4167].param4 = 1, ++ [41924].file = "security/keys/keyctl.c", ++ [41924].name = "keyctl_get_security", ++ [41924].param3 = 1, ++ [4202].file = "drivers/edac/edac_mc.c", ++ [4202].name = "edac_mc_alloc", ++ [4202].param1 = 1, ++ [42081].file = "net/econet/af_econet.c", ++ [42081].name = "aun_incoming", ++ [42081].param3 = 1, ++ [42143].file = "drivers/media/video/c-qcam.c", ++ [42143].name = "qcam_read", ++ [42143].param3 = 1, ++ [42206].file = "fs/quota/quota_tree.c", ++ [42206].name = "getdqbuf", ++ [42206].param1 = 1, ++ [42270].file = "net/wireless/scan.c", ++ [42270].name = "cfg80211_inform_bss_frame", ++ [42270].param4 = 1, ++ [42281].file = "include/linux/mISDNif.h", ++ [42281].name = "_queue_data", ++ [42281].param4 = 1, + [42420].file = "drivers/net/wireless/hostap/hostap_ioctl.c", + [42420].name = "prism2_set_genericelement", + [42420].param3 = 1, -+ [42483].file = "drivers/media/video/videobuf-dma-sg.c", -+ [42483].name = "videobuf_dma_init_user_locked", -+ [42483].param3 = 1, ++ [42472].file = "fs/compat.c", ++ [42472].name = "compat_readv", ++ [42472].param3 = 1, ++ [42473].file = "net/tipc/name_table.c", ++ [42473].name = "tipc_subseq_alloc", ++ [42473].param1 = 1, + [42666].file = "drivers/pcmcia/cistpl.c", + [42666].name = "read_cis_cache", + [42666].param4 = 1, ++ [42714].file = "drivers/scsi/scsi_tgt_lib.c", ++ [42714].name = "scsi_tgt_copy_sense", ++ [42714].param3 = 1, + [42808].file = "drivers/net/cxgb3/sge.c", + [42808].name = "alloc_ring", ++ [42808].param2 = 1, + [42808].param4 = 1, ++ [42857].file = "security/selinux/selinuxfs.c", ++ [42857].name = "sel_write_member", ++ [42857].param3 = 1, + [42882].file = "security/keys/user_defined.c", + [42882].name = "user_instantiate", + [42882].param3 = 1, -+ [43393].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [43393].name = "iwl_dbgfs_sram_write", -+ [43393].param3 = 1, -+ [43515].file = "drivers/usb/storage/jumpshot.c", -+ [43515].name = "jumpshot_read_data", -+ [43515].param4 = 1, -+ [44180].file = "drivers/video/via/viafbdev.c", -+ [44180].name = "viafb_vt1636_proc_write", -+ [44180].param3 = 1, ++ [43023].file = "drivers/usb/misc/usblcd.c", ++ [43023].name = "lcd_write", ++ [43023].param3 = 1, ++ [43104].file = "drivers/mtd/devices/mtd_dataflash.c", ++ [43104].name = "dataflash_read_user_otp", ++ [43104].param3 = 1, ++ [4324].file = "drivers/video/fbmem.c", ++ [4324].name = "fb_read", ++ [4324].param3 = 1, ++ [43510].file = "kernel/kexec.c", ++ [43510].name = "compat_sys_kexec_load", ++ [43510].param2 = 1, ++ [43540].file = "include/rdma/ib_verbs.h", ++ [43540].name = "ib_copy_to_udata", ++ [43540].param3 = 1, ++ [43590].file = "security/smack/smackfs.c", ++ [43590].name = "smk_write_onlycap", ++ [43590].param3 = 1, ++ [43596].file = "drivers/usb/core/buffer.c", ++ [43596].name = "hcd_buffer_alloc", ++ [43596].param2 = 1, ++ [43659].file = "drivers/firmware/efivars.c", ++ [43659].name = "efivar_create_sysfs_entry", ++ [43659].param1 = 1, ++ [43777].file = "drivers/acpi/acpica/utobject.c", ++ [43777].name = "acpi_ut_create_buffer_object", ++ [43777].param1 = 1, ++ [4380].file = "drivers/mtd/devices/mtd_dataflash.c", ++ [4380].name = "dataflash_read_fact_otp", ++ [4380].param3 = 1, ++ [44266].file = "kernel/cgroup.c", ++ [44266].name = "cgroup_write_string", ++ [44266].param5 = 1, + [44290].file = "drivers/net/usb/dm9601.c", + [44290].name = "dm_read", + [44290].param3 = 1, -+ [44298].file = "drivers/scsi/pmcraid.c", -+ [44298].name = "pmcraid_copy_sglist", -+ [44298].param3 = 1, ++ [44419].file = "kernel/module.c", ++ [44419].name = "module_alloc_update_bounds", ++ [44419].param1 = 1, ++ [44510].file = "drivers/net/bnx2.c", ++ [44510].name = "bnx2_nvram_write", ++ [44510].param2 = 1, ++ [44642].file = "drivers/net/wireless/iwmc3200wifi/commands.c", ++ [44642].name = "iwm_umac_set_config_var", ++ [44642].param4 = 1, + [44649].file = "mm/page_cgroup.c", + [44649].name = "swap_cgroup_swapon", + [44649].param2 = 1, ++ [44698].file = "net/sctp/socket.c", ++ [44698].name = "sctp_setsockopt_context", ++ [44698].param3 = 1, ++ [4471].file = "fs/ntfs/malloc.h", ++ [4471].name = "__ntfs_malloc", ++ [4471].param1 = 1, + [44825].file = "drivers/scsi/osd/osd_initiator.c", + [44825].name = "_osd_realloc_seg", + [44825].param3 = 1, ++ [44852].file = "net/sctp/socket.c", ++ [44852].name = "sctp_setsockopt_rtoinfo", ++ [44852].param3 = 1, ++ [44943].file = "mm/util.c", ++ [44943].name = "kmemdup", ++ [44943].param2 = 1, ++ [44946].file = "net/sctp/socket.c", ++ [44946].name = "sctp_setsockopt_auth_chunk", ++ [44946].param3 = 1, ++ [44990].file = "drivers/media/video/pvrusb2/pvrusb2-ioread.c", ++ [44990].name = "pvr2_ioread_set_sync_key", ++ [44990].param3 = 1, + [45000].file = "fs/afs/proc.c", + [45000].name = "afs_proc_rootcell_write", + [45000].param3 = 1, ++ [45086].file = "kernel/trace/trace.c", ++ [45086].name = "tracing_max_lat_write", ++ [45086].param3 = 1, ++ [45200].file = "drivers/scsi/scsi_proc.c", ++ [45200].name = "proc_scsi_write_proc", ++ [45200].param3 = 1, + [45231].file = "fs/ecryptfs/crypto.c", + [45231].name = "ecryptfs_copy_filename", + [45231].param4 = 1, -+ [45244].file = "drivers/mfd/ab3100-core.c", -+ [45244].name = "ab3100_get_set_reg", -+ [45244].param3 = 1, ++ [45233].file = "net/rds/info.c", ++ [45233].name = "rds_info_getsockopt", ++ [45233].param3 = 1, ++ [45326].file = "drivers/mtd/ubi/cdev.c", ++ [45326].name = "vol_cdev_read", ++ [45326].param3 = 1, ++ [45335].file = "fs/read_write.c", ++ [45335].name = "vfs_writev", ++ [45335].param3 = 1, ++ [45366].file = "drivers/net/cxgb3/cxgb3_offload.c", ++ [45366].name = "init_tid_tabs", ++ [45366].param2 = 1, ++ [45366].param3 = 1, ++ [45366].param4 = 1, + [45576].file = "net/netfilter/xt_recent.c", + [45576].name = "recent_mt_proc_write", + [45576].param3 = 1, + [45583].file = "fs/gfs2/dir.c", + [45583].name = "leaf_dealloc", + [45583].param3 = 1, ++ [45586].file = "drivers/net/wireless/rt2x00/rt2x00debug.c", ++ [45586].name = "rt2x00debug_write_bbp", ++ [45586].param3 = 1, ++ [45633].file = "drivers/input/evdev.c", ++ [45633].name = "evdev_do_ioctl", ++ [45633].param2 = 1, ++ [45864].file = "drivers/atm/ambassador.c", ++ [45864].name = "create_queues", ++ [45864].param2 = 1, ++ [45864].param3 = 1, + [45954].file = "drivers/usb/misc/legousbtower.c", + [45954].name = "tower_write", + [45954].param3 = 1, + [45976].file = "net/core/dev.c", + [45976].name = "alloc_netdev_mq", + [45976].param4 = 1, -+ [46138].file = "fs/btrfs/file.c", -+ [46138].name = "btrfs_file_write", -+ [46138].param3 = 1, -+ [4614].file = "sound/core/pcm_lib.c", -+ [4614].name = "snd_pcm_lib_write_transfer", -+ [4614].param5 = 1, ++ [46027].file = "drivers/platform/x86/asus_acpi.c", ++ [46027].name = "proc_write_wled", ++ [46027].param3 = 1, ++ [46140].file = "sound/core/memalloc.c", ++ [46140].name = "snd_mem_proc_write", ++ [46140].param3 = 1, ++ [4616].file = "net/sunrpc/cache.c", ++ [4616].name = "cache_do_downcall", ++ [4616].param3 = 1, + [46243].file = "fs/binfmt_misc.c", + [46243].name = "bm_register_write", + [46243].param3 = 1, ++ [46250].file = "fs/xattr.c", ++ [46250].name = "sys_getxattr", ++ [46250].param4 = 1, + [46343].file = "fs/compat.c", + [46343].name = "compat_do_readv_writev", + [46343].param4 = 1, + [4644].file = "drivers/net/usb/mcs7830.c", + [4644].name = "mcs7830_get_reg", + [4644].param3 = 1, ++ [46605].file = "sound/core/oss/pcm_oss.c", ++ [46605].name = "snd_pcm_oss_sync1", ++ [46605].param2 = 1, + [46630].file = "net/decnet/af_decnet.c", + [46630].name = "__dn_setsockopt", + [46630].param5 = 1, ++ [46655].file = "drivers/media/video/hdpvr/hdpvr-video.c", ++ [46655].name = "hdpvr_read", ++ [46655].param3 = 1, ++ [46685].file = "drivers/gpu/drm/ttm/ttm_bo_vm.c", ++ [46685].name = "ttm_bo_fbdev_io", ++ [46685].param4 = 1, ++ [46742].file = "drivers/scsi/st.c", ++ [46742].name = "sgl_map_user_pages", ++ [46742].param2 = 1, + [46881].file = "drivers/char/lp.c", + [46881].name = "lp_write", + [46881].param3 = 1, ++ [47309].file = "drivers/scsi/aic94xx/aic94xx_init.c", ++ [47309].name = "asd_store_update_bios", ++ [47309].param4 = 1, ++ [47363].file = "drivers/input/evdev.c", ++ [47363].name = "evdev_ioctl_handler", ++ [47363].param2 = 1, + [47385].file = "drivers/net/wireless/zd1211rw/zd_usb.c", + [47385].name = "zd_usb_iowrite16v", + [47385].param3 = 1, -+ [47499].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [47499].name = "iwl_dbgfs_tx_statistics_write", -+ [47499].param3 = 1, ++ [47393].file = "drivers/net/wireless/ath/main.c", ++ [47393].name = "ath_rxbuf_alloc", ++ [47393].param2 = 1, ++ [47463].file = "fs/xfs/linux-2.6/kmem.c", ++ [47463].name = "kmem_zalloc", ++ [47463].param1 = 1, ++ [47474].file = "kernel/trace/trace.c", ++ [47474].name = "tracing_buffers_read", ++ [47474].param3 = 1, ++ [47636].file = "drivers/usb/class/usblp.c", ++ [47636].name = "usblp_ioctl", ++ [47636].param2 = 1, ++ [47637].file = "drivers/block/cciss.c", ++ [47637].name = "cciss_proc_write", ++ [47637].param3 = 1, ++ [47712].file = "net/sctp/socket.c", ++ [47712].name = "sctp_setsockopt_maxburst", ++ [47712].param3 = 1, ++ [47728].file = "drivers/char/agp/isoch.c", ++ [47728].name = "agp_3_5_isochronous_node_enable", ++ [47728].param3 = 1, ++ [47793].file = "kernel/sysctl.c", ++ [47793].name = "do_sysctl", ++ [47793].param6 = 1, + [47850].file = "fs/cifs/cifssmb.c", + [47850].name = "CIFSSMBWrite", + [47850].param4 = 1, ++ [47881].file = "security/selinux/selinuxfs.c", ++ [47881].name = "sel_write_disable", ++ [47881].param3 = 1, ++ [48124].file = "drivers/net/wireless/iwmc3200wifi/main.c", ++ [48124].name = "iwm_notif_send", ++ [48124].param6 = 1, ++ [48155].file = "net/sctp/sm_make_chunk.c", ++ [48155].name = "sctp_make_abort_user", ++ [48155].param3 = 1, + [48182].file = "crypto/cryptd.c", + [48182].name = "cryptd_alloc_instance", + [48182].param2 = 1, -+ [49263].file = "drivers/net/wireless/ath/ath9k/debug.c", -+ [49263].name = "write_file_wiphy", -+ [49263].param3 = 1, -+ [49354].file = "drivers/media/video/cx18/cx18-fileops.c", -+ [49354].name = "cx18_v4l2_read", -+ [49354].param3 = 1, ++ [48182].param3 = 1, ++ [48248].file = "security/keys/keyctl.c", ++ [48248].name = "keyctl_instantiate_key", ++ [48248].param3 = 1, ++ [4829].file = "drivers/block/floppy.c", ++ [4829].name = "fd_copyout", ++ [4829].param3 = 1, ++ [48535].file = "drivers/platform/x86/asus_acpi.c", ++ [48535].name = "proc_write_brn", ++ [48535].param3 = 1, ++ [48632].file = "net/bluetooth/l2cap.c", ++ [48632].name = "l2cap_build_cmd", ++ [48632].param4 = 1, ++ [48642].file = "fs/hugetlbfs/inode.c", ++ [48642].name = "hugetlbfs_read", ++ [48642].param3 = 1, ++ [48768].file = "net/irda/irnet/irnet_ppp.c", ++ [48768].name = "dev_irnet_write", ++ [48768].param3 = 1, ++ [48818].file = "net/sunrpc/svc.c", ++ [48818].name = "svc_pool_map_alloc_arrays", ++ [48818].param2 = 1, ++ [48854].file = "drivers/md/dm-stripe.c", ++ [48854].name = "alloc_context", ++ [48854].param1 = 1, ++ [48856].file = "drivers/acpi/acpica/utalloc.c", ++ [48856].name = "acpi_ut_initialize_buffer", ++ [48856].param2 = 1, ++ [48862].file = "net/sctp/socket.c", ++ [48862].name = "sctp_setsockopt_adaptation_layer", ++ [48862].param3 = 1, ++ [48880].file = "drivers/platform/x86/asus_acpi.c", ++ [48880].name = "proc_write_tled", ++ [48880].param3 = 1, ++ [49126].file = "lib/prio_heap.c", ++ [49126].name = "heap_init", ++ [49126].param2 = 1, ++ [49143].file = "sound/core/oss/pcm_oss.c", ++ [49143].name = "snd_pcm_oss_write2", ++ [49143].param3 = 1, ++ [49216].file = "fs/read_write.c", ++ [49216].name = "do_readv_writev", ++ [49216].param4 = 1, ++ [49426].file = "net/bluetooth/l2cap.c", ++ [49426].name = "l2cap_sock_setsockopt_old", ++ [49426].param4 = 1, + [49448].file = "drivers/isdn/gigaset/common.c", + [49448].name = "gigaset_initdriver", + [49448].param2 = 1, + [49494].file = "drivers/virtio/virtio_ring.c", + [49494].name = "vring_new_virtqueue", + [49494].param1 = 1, ++ [49510].file = "net/sctp/socket.c", ++ [49510].name = "sctp_setsockopt_autoclose", ++ [49510].param3 = 1, ++ [4958].file = "drivers/net/wireless/p54/fwio.c", ++ [4958].name = "p54_alloc_skb", ++ [4958].param3 = 1, ++ [49646].file = "drivers/char/vt.c", ++ [49646].name = "vc_resize", ++ [49646].param2 = 1, ++ [49646].param3 = 1, + [49663].file = "drivers/media/video/uvc/uvc_driver.c", + [49663].name = "uvc_simplify_fraction", + [49663].param3 = 1, ++ [49746].file = "net/ipv4/netfilter/arp_tables.c", ++ [49746].name = "compat_do_arpt_set_ctl", ++ [49746].param4 = 1, + [49780].file = "net/mac80211/key.c", + [49780].name = "ieee80211_key_alloc", + [49780].param3 = 1, + [49805].file = "drivers/pci/pci.c", + [49805].name = "pci_add_cap_save_buffer", + [49805].param3 = 1, ++ [49929].file = "drivers/mtd/ubi/cdev.c", ++ [49929].name = "vol_cdev_direct_write", ++ [49929].param3 = 1, ++ [49935].file = "fs/xfs/linux-2.6/kmem.c", ++ [49935].name = "kmem_zalloc_greedy", ++ [49935].param2 = 1, ++ [49935].param3 = 1, + [49945].file = "drivers/ieee1394/hosts.c", + [49945].name = "hpsb_alloc_host", + [49945].param2 = 1, -+ [50001].file = "sound/pci/ctxfi/ctresource.c", -+ [50001].name = "rsc_mgr_init", -+ [50001].param3 = 1, -+ [50022].file = "drivers/usb/storage/shuttle_usbat.c", -+ [50022].name = "usbat_flash_read_data", -+ [50022].param4 = 1, -+ [50096].file = "drivers/net/wireless/libertas/debugfs.c", -+ [50096].name = "lbs_rdbbp_write", -+ [50096].param3 = 1, -+ [50102].file = "drivers/telephony/ixj.c", -+ [50102].name = "ixj_write", -+ [50102].param3 = 1, ++ [49].file = "net/atm/svc.c", ++ [49].name = "svc_setsockopt", ++ [49].param5 = 1, ++ [50076].file = "kernel/trace/ring_buffer.c", ++ [50076].name = "rb_simple_write", ++ [50076].param3 = 1, ++ [50269].file = "net/dccp/proto.c", ++ [50269].name = "dccp_setsockopt_ccid", ++ [50269].param4 = 1, ++ [50406].file = "drivers/platform/x86/asus_acpi.c", ++ [50406].name = "proc_write_lcd", ++ [50406].param3 = 1, + [5052].file = "drivers/char/ppdev.c", + [5052].name = "pp_read", + [5052].param3 = 1, + [50562].file = "drivers/media/video/zoran/zoran_procfs.c", + [50562].name = "zoran_write", + [50562].param3 = 1, ++ [50617].file = "fs/hugetlbfs/inode.c", ++ [50617].name = "hugetlbfs_read_actor", ++ [50617].param2 = 1, ++ [50617].param4 = 1, ++ [50617].param5 = 1, + [50692].file = "lib/ts_bm.c", + [50692].name = "bm_init", + [50692].param2 = 1, -+ [51052].file = "drivers/base/firmware_class.c", -+ [51052].name = "firmware_data_write", -+ [51052].param5 = 1, ++ [5087].file = "drivers/atm/solos-pci.c", ++ [5087].name = "console_store", ++ [5087].param4 = 1, ++ [51110].file = "drivers/ieee1394/dv1394.c", ++ [51110].name = "dv1394_read", ++ [51110].param3 = 1, ++ [51139].file = "fs/pipe.c", ++ [51139].name = "pipe_iov_copy_to_user", ++ [51139].param3 = 1, + [51177].file = "net/sunrpc/xprtrdma/transport.c", + [51177].name = "xprt_rdma_allocate", + [51177].param2 = 1, ++ [51182].file = "drivers/misc/sgi-xp/xpc_main.c", ++ [51182].name = "xpc_kzalloc_cacheline_aligned", ++ [51182].param1 = 1, + [51250].file = "fs/read_write.c", + [51250].name = "rw_copy_check_uvector", + [51250].param3 = 1, ++ [51253].file = "drivers/net/wireless/rt2x00/rt2x00debug.c", ++ [51253].name = "rt2x00debug_write_eeprom", ++ [51253].param3 = 1, + [51323].file = "sound/pci/ac97/ac97_pcm.c", + [51323].name = "snd_ac97_pcm_assign", + [51323].param2 = 1, + [51340].file = "drivers/usb/class/usblp.c", + [51340].name = "usblp_write", + [51340].param3 = 1, ++ [51367].file = "drivers/acpi/processor_thermal.c", ++ [51367].name = "acpi_processor_write_limit", ++ [51367].param3 = 1, ++ [51391].file = "drivers/usb/serial/spcp8x5.c", ++ [51391].name = "alloc_ringbuf", ++ [51391].param1 = 1, + [51464].file = "drivers/i2c/i2c-dev.c", + [51464].name = "i2cdev_write", + [51464].param3 = 1, -+ [51855].file = "net/rds/message.c", -+ [51855].name = "rds_message_copy_from_user", -+ [51855].param2 = 1, ++ [51499].file = "net/802/garp.c", ++ [51499].name = "garp_attr_create", ++ [51499].param3 = 1, ++ [51842].file = "drivers/hid/hid-core.c", ++ [51842].name = "hid_register_field", ++ [51842].param2 = 1, ++ [51842].param3 = 1, + [5197].file = "net/core/dev.c", + [5197].name = "dev_set_alias", + [5197].param3 = 1, ++ [51995].file = "drivers/ieee1394/ieee1394_core.c", ++ [51995].name = "create_reply_packet", ++ [51995].param3 = 1, ++ [5204].file = "drivers/media/video/usbvision/usbvision-video.c", ++ [5204].name = "usbvision_v4l2_read", ++ [5204].param3 = 1, ++ [5206].file = "drivers/media/dvb/ttpci/av7110_v4l.c", ++ [5206].name = "av7110_vbi_write", ++ [5206].param3 = 1, ++ [52086].file = "drivers/usb/image/mdc800.c", ++ [52086].name = "mdc800_device_read", ++ [52086].param3 = 1, + [52173].file = "drivers/misc/ibmasm/ibmasmfs.c", + [52173].name = "remote_settings_file_write", + [52173].param3 = 1, -+ [52201].file = "drivers/video/via/viafbdev.c", -+ [52201].name = "viafb_dvp0_proc_write", -+ [52201].param3 = 1, -+ [5233].file = "include/linux/poll.h", -+ [5233].name = "set_fd_set", -+ [5233].param1 = 1, -+ [52364].file = "sound/core/pcm_lib.c", -+ [52364].name = "snd_pcm_lib_readv_transfer", -+ [52364].param5 = 1, -+ [52589].file = "drivers/xen/xenfs/xenbus.c", -+ [52589].name = "xenbus_file_read", -+ [52589].param3 = 1, ++ [52237].file = "drivers/usb/serial/cypress_m8.c", ++ [52237].name = "cypress_buf_alloc", ++ [52237].param1 = 1, ++ [52292].file = "kernel/kfifo.c", ++ [52292].name = "kfifo_alloc", ++ [52292].param1 = 1, ++ [52343].file = "drivers/usb/misc/adutux.c", ++ [52343].name = "adu_read", ++ [52343].param3 = 1, + [52699].file = "lib/ts_fsm.c", + [52699].name = "fsm_init", + [52699].param2 = 1, ++ [52952].file = "drivers/usb/misc/vstusb.c", ++ [52952].name = "vstusb_read", ++ [52952].param3 = 1, ++ [53041].file = "fs/libfs.c", ++ [53041].name = "simple_transaction_get", ++ [53041].param3 = 1, + [5313].file = "fs/gfs2/quota.c", + [5313].name = "do_sync", + [5313].param1 = 1, ++ [53209].file = "drivers/usb/host/ehci-sched.c", ++ [53209].name = "iso_sched_alloc", ++ [53209].param1 = 1, ++ [53302].file = "drivers/firewire/core-cdev.c", ++ [53302].name = "dispatch_ioctl", ++ [53302].param2 = 1, ++ [53407].file = "net/wireless/sme.c", ++ [53407].name = "cfg80211_connect_result", ++ [53407].param4 = 1, ++ [53407].param6 = 1, ++ [53426].file = "fs/libfs.c", ++ [53426].name = "simple_transaction_read", ++ [53426].param3 = 1, + [5344].file = "security/selinux/ss/hashtab.c", + [5344].name = "hashtab_create", + [5344].param3 = 1, ++ [53468].file = "drivers/char/mem.c", ++ [53468].name = "write_mem", ++ [53468].param3 = 1, ++ [53575].file = "net/9p/protocol.c", ++ [53575].name = "pdu_write_u", ++ [53575].param3 = 1, + [53626].file = "drivers/block/paride/pg.c", + [53626].name = "pg_read", + [53626].param3 = 1, -+ [53644].file = "net/mac80211/rc80211_minstrel_debugfs.c", -+ [53644].name = "minstrel_stats_read", -+ [53644].param3 = 1, ++ [53631].file = "mm/util.c", ++ [53631].name = "memdup_user", ++ [53631].param2 = 1, ++ [53674].file = "drivers/media/dvb/ttpci/av7110_ca.c", ++ [53674].name = "ci_ll_write", ++ [53674].param4 = 1, + [5389].file = "drivers/infiniband/core/uverbs_cmd.c", + [5389].name = "ib_uverbs_unmarshall_recv", + [5389].param5 = 1, + [53901].file = "net/rds/message.c", + [53901].name = "rds_message_alloc", + [53901].param1 = 1, ++ [53902].file = "net/sctp/socket.c", ++ [53902].name = "sctp_setsockopt_initmsg", ++ [53902].param3 = 1, ++ [54010].file = "drivers/scsi/cxgb3i/cxgb3i_ddp.h", ++ [54010].name = "cxgb3i_alloc_big_mem", ++ [54010].param1 = 1, ++ [54063].file = "mm/bootmem.c", ++ [54063].name = "alloc_arch_preferred_bootmem", ++ [54063].param2 = 1, ++ [54094].file = "drivers/acpi/processor_throttling.c", ++ [54094].name = "acpi_processor_write_throttling", ++ [54094].param3 = 1, ++ [5410].file = "kernel/kexec.c", ++ [5410].name = "sys_kexec_load", ++ [5410].param2 = 1, ++ [54296].file = "include/linux/mISDNif.h", ++ [54296].name = "_alloc_mISDN_skb", ++ [54296].param3 = 1, + [54298].file = "drivers/usb/wusbcore/crypto.c", + [54298].name = "wusb_ccm_mac", + [54298].param7 = 1, + [54335].file = "drivers/md/dm-table.c", + [54335].name = "dm_vcalloc", ++ [54335].param1 = 1, + [54335].param2 = 1, -+ [54427].file = "drivers/usb/storage/jumpshot.c", -+ [54427].name = "jumpshot_write_data", -+ [54427].param4 = 1, ++ [54338].file = "fs/ntfs/malloc.h", ++ [54338].name = "ntfs_malloc_nofs", ++ [54338].param1 = 1, ++ [54339].file = "security/smack/smackfs.c", ++ [54339].name = "smk_write_cipso", ++ [54339].param3 = 1, ++ [5438].file = "sound/core/memory.c", ++ [5438].name = "copy_to_user_fromio", ++ [5438].param3 = 1, ++ [54401].file = "lib/dynamic_debug.c", ++ [54401].name = "ddebug_proc_write", ++ [54401].param3 = 1, + [54467].file = "net/packet/af_packet.c", + [54467].name = "packet_setsockopt", + [54467].param5 = 1, ++ [54537].file = "ipc/ipc_sysctl.c", ++ [54537].name = "sysctl_ipc_registered_data", ++ [54537].param5 = 1, ++ [54573].file = "ipc/sem.c", ++ [54573].name = "sys_semop", ++ [54573].param3 = 1, ++ [54583].file = "net/sctp/socket.c", ++ [54583].name = "sctp_setsockopt_peer_addr_params", ++ [54583].param3 = 1, + [54643].file = "drivers/isdn/hardware/eicon/divasi.c", + [54643].name = "um_idi_write", + [54643].param3 = 1, @@ -107941,6 +109301,12 @@ index 0000000..5b08f5c + [54663].file = "drivers/isdn/hardware/eicon/platform.h", + [54663].name = "diva_os_malloc", + [54663].param2 = 1, ++ [54751].file = "drivers/infiniband/core/device.c", ++ [54751].name = "ib_alloc_device", ++ [54751].param1 = 1, ++ [54771].file = "drivers/isdn/mISDN/socket.c", ++ [54771].name = "_l2_alloc_skb", ++ [54771].param1 = 1, + [54780].file = "drivers/net/wireless/zd1211rw/zd_chip.c", + [54780].name = "_zd_iowrite32v_locked", + [54780].param3 = 1, @@ -107949,6 +109315,7 @@ index 0000000..5b08f5c + [55066].param5 = 1, + [55081].file = "drivers/virtio/virtio_ring.c", + [55081].name = "vring_add_buf", ++ [55081].param3 = 1, + [55081].param4 = 1, + [55105].file = "drivers/base/devres.c", + [55105].name = "devres_alloc", @@ -107956,70 +109323,202 @@ index 0000000..5b08f5c + [55155].file = "net/bluetooth/rfcomm/sock.c", + [55155].name = "rfcomm_sock_setsockopt", + [55155].param5 = 1, ++ [55187].file = "security/keys/keyctl.c", ++ [55187].name = "keyctl_describe_key", ++ [55187].param3 = 1, ++ [55546].file = "drivers/spi/spi.c", ++ [55546].name = "spi_alloc_master", ++ [55546].param2 = 1, ++ [55580].file = "drivers/usb/mon/mon_bin.c", ++ [55580].name = "copy_from_buf", ++ [55580].param2 = 1, ++ [55584].file = "drivers/char/tty_buffer.c", ++ [55584].name = "tty_buffer_alloc", ++ [55584].param2 = 1, + [55608].file = "net/sctp/socket.c", + [55608].name = "sctp_setsockopt_auth_key", + [55608].param3 = 1, ++ [55712].file = "drivers/char/mem.c", ++ [55712].name = "read_zero", ++ [55712].param3 = 1, ++ [55727].file = "drivers/media/video/stk-webcam.c", ++ [55727].name = "stk_prepare_sio_buffers", ++ [55727].param2 = 1, ++ [55826].file = "drivers/infiniband/hw/ipath/ipath_file_ops.c", ++ [55826].name = "ipath_get_base_info", ++ [55826].param3 = 1, ++ [5586].file = "net/atm/common.c", ++ [5586].name = "alloc_tx", ++ [5586].param2 = 1, ++ [55925].file = "drivers/ieee1394/dv1394.c", ++ [55925].name = "dv1394_write", ++ [55925].param3 = 1, ++ [55978].file = "drivers/usb/misc/iowarrior.c", ++ [55978].name = "iowarrior_write", ++ [55978].param3 = 1, ++ [56170].file = "drivers/usb/wusbcore/wa-xfer.c", ++ [56170].name = "__wa_xfer_setup_segs", ++ [56170].param2 = 1, ++ [56199].file = "fs/binfmt_misc.c", ++ [56199].name = "parse_command", ++ [56199].param2 = 1, ++ [56458].file = "drivers/usb/host/hwa-hc.c", ++ [56458].name = "__hwahc_op_set_ptk", ++ [56458].param5 = 1, + [56471].file = "include/linux/slab.h", + [56471].name = "kcalloc", + [56471].param1 = 1, + [56471].param2 = 1, -+ [5661].file = "lib/dma-debug.c", -+ [5661].name = "filter_write", -+ [5661].param3 = 1, ++ [56531].file = "net/bluetooth/l2cap.c", ++ [56531].name = "l2cap_send_cmd", ++ [56531].param4 = 1, ++ [56653].file = "net/irda/af_irda.c", ++ [56653].name = "irda_setsockopt", ++ [56653].param5 = 1, ++ [56672].file = "drivers/char/agp/generic.c", ++ [56672].name = "agp_alloc_page_array", ++ [56672].param1 = 1, ++ [56843].file = "drivers/scsi/scsi_transport_iscsi.c", ++ [56843].name = "iscsi_recv_pdu", ++ [56843].param4 = 1, ++ [5699].file = "net/sctp/socket.c", ++ [5699].name = "sctp_setsockopt_default_send_param", ++ [5699].param3 = 1, ++ [57190].file = "drivers/char/agp/generic.c", ++ [57190].name = "agp_generic_alloc_user", ++ [57190].param1 = 1, ++ [57213].file = "drivers/ieee1394/iso.c", ++ [57213].name = "hpsb_iso_xmit_init", ++ [57213].param3 = 1, ++ [57252].file = "drivers/media/dvb/dvb-core/dmxdev.c", ++ [57252].name = "dvb_dmxdev_set_buffer_size", ++ [57252].param2 = 1, ++ [57392].file = "drivers/block/aoe/aoecmd.c", ++ [57392].name = "new_skb", ++ [57392].param1 = 1, + [57471].file = "drivers/media/video/sn9c102/sn9c102_core.c", + [57471].name = "sn9c102_read", + [57471].param3 = 1, ++ [57552].file = "net/sunrpc/cache.c", ++ [57552].name = "cache_slow_downcall", ++ [57552].param2 = 1, + [57670].file = "drivers/bluetooth/btmrvl_debugfs.c", + [57670].name = "btmrvl_pscmd_write", + [57670].param3 = 1, ++ [57710].file = "include/linux/usb/wusb.h", ++ [57710].name = "wusb_prf_256", ++ [57710].param7 = 1, + [57724].file = "net/bluetooth/hci_sock.c", + [57724].name = "hci_sock_setsockopt", + [57724].param5 = 1, ++ [57761].file = "kernel/kexec.c", ++ [57761].name = "kimage_crash_alloc", ++ [57761].param3 = 1, ++ [57786].file = "net/ipv6/netfilter/ip6_tables.c", ++ [57786].name = "compat_do_ip6t_set_ctl", ++ [57786].param4 = 1, ++ [57927].file = "fs/read_write.c", ++ [57927].name = "sys_preadv", ++ [57927].param3 = 1, ++ [58012].file = "include/net/bluetooth/bluetooth.h", ++ [58012].name = "bt_skb_alloc", ++ [58012].param1 = 1, ++ [58020].file = "drivers/firewire/core-cdev.c", ++ [58020].name = "fw_device_op_ioctl", ++ [58020].param2 = 1, + [58043].file = "kernel/auditfilter.c", + [58043].name = "audit_unpack_string", + [58043].param3 = 1, -+ [58107].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [58107].name = "iwl_dbgfs_sleep_level_override_write", -+ [58107].param3 = 1, ++ [58087].file = "kernel/module.c", ++ [58087].name = "module_alloc_update_bounds_rw", ++ [58087].param1 = 1, ++ [58124].file = "drivers/usb/misc/usbtest.c", ++ [58124].name = "ctrl_out", ++ [58124].param3 = 1, ++ [58217].file = "net/sctp/socket.c", ++ [58217].name = "sctp_setsockopt_peer_primary_addr", ++ [58217].param3 = 1, + [58263].file = "security/keys/keyring.c", + [58263].name = "keyring_read", + [58263].param3 = 1, -+ [58278].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [58278].name = "iwl_dbgfs_log_event_write", -+ [58278].param3 = 1, + [5827].file = "drivers/net/wireless/ray_cs.c", + [5827].name = "write_essid", + [5827].param3 = 1, ++ [58320].file = "drivers/scsi/scsi_proc.c", ++ [58320].name = "proc_scsi_write", ++ [58320].param3 = 1, ++ [58344].file = "net/sunrpc/cache.c", ++ [58344].name = "read_flush", ++ [58344].param3 = 1, ++ [58379].file = "mm/bootmem.c", ++ [58379].name = "__alloc_bootmem_node", ++ [58379].param2 = 1, ++ [58418].file = "kernel/module.c", ++ [58418].name = "sys_init_module", ++ [58418].param2 = 1, ++ [58641].file = "drivers/usb/misc/adutux.c", ++ [58641].name = "adu_write", ++ [58641].param3 = 1, ++ [58709].file = "fs/compat.c", ++ [58709].name = "compat_sys_pwritev", ++ [58709].param3 = 1, + [58769].file = "drivers/net/wireless/zd1211rw/zd_usb.c", + [58769].name = "zd_usb_read_fw", + [58769].param4 = 1, -+ [58878].file = "drivers/net/wireless/libertas/debugfs.c", -+ [58878].name = "lbs_wrbbp_write", -+ [58878].param3 = 1, ++ [5876].file = "drivers/net/ppp_generic.c", ++ [5876].name = "ppp_write", ++ [5876].param3 = 1, + [58888].file = "fs/xattr.c", + [58888].name = "listxattr", + [58888].param3 = 1, ++ [58912].file = "drivers/lguest/core.c", ++ [58912].name = "__lgwrite", ++ [58912].param4 = 1, + [58918].file = "sound/core/pcm_native.c", + [58918].name = "snd_pcm_aio_write", + [58918].param3 = 1, -+ [58919].file = "net/netlabel/netlabel_unlabeled.c", -+ [58919].name = "netlbl_unlabel_init", -+ [58919].param1 = 1, + [58942].file = "drivers/block/aoe/aoedev.c", + [58942].name = "aoedev_flush", + [58942].param2 = 1, ++ [58958].file = "fs/fuse/control.c", ++ [58958].name = "fuse_conn_limit_write", ++ [58958].param3 = 1, ++ [59013].file = "fs/xfs/linux-2.6/xfs_ioctl.c", ++ [59013].name = "xfs_handle_to_dentry", ++ [59013].param3 = 1, ++ [59034].file = "drivers/acpi/acpica/dsobject.c", ++ [59034].name = "acpi_ds_build_internal_package_obj", ++ [59034].param3 = 1, ++ [59217].file = "drivers/acpi/video.c", ++ [59217].name = "acpi_video_bus_write_POST", ++ [59217].param3 = 1, + [59270].file = "net/tipc/socket.c", + [59270].name = "recv_stream", + [59270].param4 = 1, ++ [59297].file = "drivers/media/dvb/ttpci/av7110_av.c", ++ [59297].name = "dvb_play", ++ [59297].param3 = 1, ++ [59472].file = "drivers/misc/ibmasm/ibmasmfs.c", ++ [59472].name = "command_file_write", ++ [59472].param3 = 1, ++ [59505].file = "drivers/media/video/pvrusb2/pvrusb2-ioread.c", ++ [59505].name = "pvr2_ioread_read", ++ [59505].param3 = 1, + [59639].file = "drivers/media/video/stv680.c", + [59639].name = "stv680_read", + [59639].param3 = 1, ++ [59681].file = "fs/xfs/linux-2.6/kmem.c", ++ [59681].name = "kmem_alloc", ++ [59681].param1 = 1, + [5968].file = "net/sunrpc/sched.c", + [5968].name = "rpc_malloc", + [5968].param2 = 1, -+ [59794].file = "mm/mincore.c", -+ [59794].name = "sys_mincore", -+ [59794].param2 = 1, ++ [59702].file = "drivers/hid/hidraw.c", ++ [59702].name = "hidraw_write", ++ [59702].param3 = 1, ++ [59838].file = "net/netlink/af_netlink.c", ++ [59838].name = "nl_pid_hash_zalloc", ++ [59838].param1 = 1, + [59856].file = "drivers/base/devres.c", + [59856].name = "devm_kzalloc", + [59856].param2 = 1, @@ -108029,123 +109528,299 @@ index 0000000..5b08f5c + [59991].file = "drivers/media/video/uvc/uvc_queue.c", + [59991].name = "uvc_alloc_buffers", + [59991].param2 = 1, -+ [60005].file = "fs/namei.c", -+ [60005].name = "getname", -+ [60005].param1 = 1, ++ [59991].param3 = 1, + [60045].file = "drivers/net/usb/mcs7830.c", + [60045].name = "mcs7830_set_reg", + [60045].param3 = 1, ++ [60066].file = "mm/filemap.c", ++ [60066].name = "iov_iter_copy_from_user", ++ [60066].param4 = 1, + [60198].file = "fs/nfs/nfs4proc.c", + [60198].name = "nfs4_write_cached_acl", + [60198].param3 = 1, -+ [60331].file = "fs/squashfs/fragment.c", -+ [60331].name = "squashfs_read_fragment_index_table", -+ [60331].param3 = 1, ++ [60235].file = "drivers/acpi/thermal.c", ++ [60235].name = "acpi_thermal_write_cooling_mode", ++ [60235].param3 = 1, ++ [60330].file = "drivers/media/video/w9966.c", ++ [60330].name = "w9966_v4l_read", ++ [60330].param3 = 1, + [60391].file = "drivers/ieee1394/raw1394.c", + [60391].name = "fcp_request", + [60391].param6 = 1, -+ [60651].file = "drivers/ide/ide-proc.c", -+ [60651].name = "ide_driver_proc_write", -+ [60651].param3 = 1, ++ [6041].file = "drivers/mtd/mtdchar.c", ++ [6041].name = "mtd_write", ++ [6041].param3 = 1, ++ [60543].file = "drivers/usb/class/usbtmc.c", ++ [60543].name = "usbtmc_read", ++ [60543].param3 = 1, ++ [60591].file = "drivers/ieee1394/csr1212.c", ++ [60591].name = "csr1212_new_leaf", ++ [60591].param3 = 1, + [60683].file = "sound/drivers/opl4/opl4_proc.c", + [60683].name = "snd_opl4_mem_proc_write", + [60683].param5 = 1, ++ [60683].param6 = 1, + [60693].file = "drivers/misc/hpilo.c", + [60693].name = "ilo_read", + [60693].param3 = 1, + [60744].file = "sound/pci/emu10k1/emuproc.c", + [60744].name = "snd_emu10k1_fx8010_read", + [60744].param5 = 1, -+ [60878].file = "drivers/net/wireless/rt2x00/rt2x00debug.c", -+ [60878].name = "rt2x00debug_read_queue_dump", -+ [60878].param3 = 1, -+ [61058].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [61058].name = "iwl_dbgfs_disable_ht40_write", -+ [61058].param3 = 1, ++ [60744].param6 = 1, ++ [60777].file = "fs/ntfs/malloc.h", ++ [60777].name = "ntfs_malloc_nofs_nofail", ++ [60777].param1 = 1, ++ [60833].file = "drivers/block/aoe/aoenet.c", ++ [60833].name = "set_aoe_iflist", ++ [60833].param2 = 1, ++ [60882].file = "drivers/input/joydev.c", ++ [60882].name = "joydev_compat_ioctl", ++ [60882].param2 = 1, ++ [60891].file = "kernel/sched.c", ++ [60891].name = "sys_sched_setaffinity", ++ [60891].param2 = 1, ++ [61120].file = "drivers/char/mem.c", ++ [61120].name = "read_mem", ++ [61120].param3 = 1, ++ [61122].file = "drivers/base/devres.c", ++ [61122].name = "alloc_dr", ++ [61122].param2 = 1, ++ [61206].file = "fs/nfs/idmap.c", ++ [61206].name = "idmap_pipe_downcall", ++ [61206].param3 = 1, ++ [61215].file = "drivers/ieee1394/iso.c", ++ [61215].name = "hpsb_iso_recv_init", ++ [61215].param3 = 1, ++ [61254].file = "drivers/scsi/scsi_devinfo.c", ++ [61254].name = "proc_scsi_devinfo_write", ++ [61254].param3 = 1, ++ [61389].file = "include/linux/slab.h", ++ [61389].name = "kzalloc_node", ++ [61389].param1 = 1, ++ [61441].file = "fs/ntfs/file.c", ++ [61441].name = "ntfs_copy_from_user_iovec", ++ [61441].param3 = 1, ++ [61441].param6 = 1, + [61552].file = "drivers/input/evdev.c", + [61552].name = "str_to_user", + [61552].param2 = 1, ++ [61684].file = "drivers/net/cxgb3/cxgb3_offload.c", ++ [61684].name = "cxgb3_get_cpl_reply_skb", ++ [61684].param2 = 1, ++ [6173].file = "net/netlink/af_netlink.c", ++ [6173].name = "netlink_sendmsg", ++ [6173].param4 = 1, + [61770].file = "drivers/media/video/et61x251/et61x251_core.c", + [61770].name = "et61x251_read", + [61770].param3 = 1, ++ [61932].file = "drivers/message/fusion/mptctl.c", ++ [61932].name = "__mptctl_ioctl", ++ [61932].param2 = 1, + [62081].file = "drivers/net/irda/vlsi_ir.c", + [62081].name = "vlsi_alloc_ring", + [62081].param3 = 1, -+ [62378].file = "net/ipv4/tcp.c", -+ [62378].name = "do_tcp_setsockopt", -+ [62378].param5 = 1, -+ [62525].file = "net/mac80211/debugfs.c", -+ [62525].name = "tsf_write", -+ [62525].param3 = 1, ++ [62081].param4 = 1, ++ [62116].file = "fs/libfs.c", ++ [62116].name = "simple_attr_read", ++ [62116].param3 = 1, ++ [6211].file = "drivers/net/pcnet32.c", ++ [6211].name = "pcnet32_realloc_tx_ring", ++ [6211].param3 = 1, ++ [62246].file = "drivers/ieee1394/csr1212.c", ++ [62246].name = "csr1212_new_descriptor_leaf", ++ [62246].param4 = 1, ++ [62294].file = "sound/core/info.c", ++ [62294].name = "resize_info_buffer", ++ [62294].param2 = 1, ++ [62301].file = "drivers/ieee1394/dma.c", ++ [62301].name = "dma_region_alloc", ++ [62301].param2 = 1, ++ [62495].file = "drivers/block/floppy.c", ++ [62495].name = "fallback_on_nodma_alloc", ++ [62495].param2 = 1, ++ [62498].file = "fs/xattr.c", ++ [62498].name = "sys_listxattr", ++ [62498].param3 = 1, ++ [625].file = "fs/read_write.c", ++ [625].name = "sys_pwritev", ++ [625].param3 = 1, ++ [62662].file = "drivers/message/fusion/mptctl.c", ++ [62662].name = "mptctl_getiocinfo", ++ [62662].param2 = 1, ++ [62714].file = "security/keys/keyctl.c", ++ [62714].name = "keyctl_update_key", ++ [62714].param3 = 1, + [62744].file = "drivers/char/mem.c", + [62744].name = "kmsg_write", + [62744].param3 = 1, ++ [62760].file = "drivers/media/dvb/ttpci/av7110_av.c", ++ [62760].name = "play_iframe", ++ [62760].param3 = 1, ++ [62851].file = "fs/proc/vmcore.c", ++ [62851].name = "read_vmcore", ++ [62851].param3 = 1, ++ [62870].file = "fs/udf/super.c", ++ [62870].name = "udf_sb_alloc_partition_maps", ++ [62870].param2 = 1, ++ [62925].file = "include/rdma/ib_verbs.h", ++ [62925].name = "ib_copy_from_udata", ++ [62925].param3 = 1, ++ [62934].file = "drivers/net/wireless/wl12xx/wl1251_cmd.c", ++ [62934].name = "wl1251_cmd_template_set", ++ [62934].param4 = 1, ++ [62940].file = "drivers/scsi/libsrp.c", ++ [62940].name = "srp_ring_alloc", ++ [62940].param2 = 1, + [62970].file = "net/sched/sch_api.c", + [62970].name = "qdisc_class_hash_alloc", + [62970].param1 = 1, -+ [63004].file = "drivers/usb/storage/datafab.c", -+ [63004].name = "datafab_write_data", -+ [63004].param4 = 1, ++ [62999].file = "net/core/neighbour.c", ++ [62999].name = "neigh_hash_alloc", ++ [62999].param1 = 1, + [63007].file = "fs/proc/base.c", + [63007].name = "proc_coredump_filter_write", + [63007].param3 = 1, ++ [63045].file = "crypto/shash.c", ++ [63045].name = "shash_setkey_unaligned", ++ [63045].param3 = 1, ++ [63075].file = "kernel/relay.c", ++ [63075].name = "relay_alloc_page_array", ++ [63075].param1 = 1, + [63091].file = "drivers/net/usb/pegasus.c", + [63091].name = "get_registers", + [63091].param3 = 1, -+ [63169].file = "drivers/scsi/sg.c", -+ [63169].name = "sg_read", -+ [63169].param3 = 1, ++ [6331].file = "drivers/atm/solos-pci.c", ++ [6331].name = "solos_param_store", ++ [6331].param4 = 1, + [63489].file = "drivers/bluetooth/btmrvl_debugfs.c", + [63489].name = "btmrvl_hscfgcmd_write", + [63489].param3 = 1, ++ [63490].file = "crypto/shash.c", ++ [63490].name = "shash_compat_setkey", ++ [63490].param3 = 1, + [63605].file = "mm/mempool.c", + [63605].name = "mempool_kmalloc", + [63605].param2 = 1, -+ [63765].file = "fs/seq_file.c", -+ [63765].name = "seq_read", -+ [63765].param3 = 1, ++ [63633].file = "drivers/bluetooth/btmrvl_sdio.c", ++ [63633].name = "btmrvl_sdio_host_to_card", ++ [63633].param3 = 1, ++ [63961].file = "fs/xattr.c", ++ [63961].name = "sys_flistxattr", ++ [63961].param3 = 1, ++ [63964].file = "net/sctp/socket.c", ++ [63964].name = "sctp_setsockopt_maxseg", ++ [63964].param3 = 1, ++ [63988].file = "drivers/input/evdev.c", ++ [63988].name = "evdev_ioctl_compat", ++ [63988].param2 = 1, ++ [64055].file = "drivers/media/dvb/ttpci/av7110_av.c", ++ [64055].name = "dvb_aplay", ++ [64055].param3 = 1, ++ [64078].file = "net/sctp/socket.c", ++ [64078].name = "sctp_setsockopt_hmac_ident", ++ [64078].param3 = 1, ++ [64203].file = "security/smack/smackfs.c", ++ [64203].name = "smk_write_load", ++ [64203].param3 = 1, ++ [64227].file = "mm/bootmem.c", ++ [64227].name = "__alloc_bootmem_node_nopanic", ++ [64227].param2 = 1, + [64392].file = "drivers/mmc/core/mmc_ops.c", + [64392].name = "mmc_send_cxd_data", + [64392].param5 = 1, ++ [64423].file = "kernel/sched.c", ++ [64423].name = "get_user_cpu_mask", ++ [64423].param2 = 1, ++ [64432].file = "security/selinux/selinuxfs.c", ++ [64432].name = "sel_write_create", ++ [64432].param3 = 1, + [64471].file = "drivers/bluetooth/btmrvl_debugfs.c", + [64471].name = "btmrvl_hscmd_write", + [64471].param3 = 1, ++ [64667].file = "sound/core/oss/pcm_oss.c", ++ [64667].name = "snd_pcm_oss_read", ++ [64667].param3 = 1, ++ [64689].file = "sound/isa/gus/gus_dram.c", ++ [64689].name = "snd_gus_dram_read", ++ [64689].param4 = 1, ++ [64692].file = "fs/binfmt_misc.c", ++ [64692].name = "bm_entry_write", ++ [64692].param3 = 1, + [64743].file = "fs/ocfs2/dlm/dlmfs.c", + [64743].name = "dlmfs_file_read", + [64743].param3 = 1, ++ [64906].file = "drivers/net/wireless/b43legacy/debugfs.c", ++ [64906].name = "b43legacy_debugfs_write", ++ [64906].param3 = 1, ++ [64913].file = "sound/core/oss/pcm_oss.c", ++ [64913].name = "snd_pcm_oss_write1", ++ [64913].param3 = 1, ++ [64961].file = "drivers/spi/spidev.c", ++ [64961].name = "spidev_ioctl", ++ [64961].param2 = 1, ++ [65033].file = "crypto/shash.c", ++ [65033].name = "shash_async_setkey", ++ [65033].param3 = 1, + [65087].file = "drivers/net/usb/asix.c", + [65087].name = "asix_write_cmd", + [65087].param5 = 1, -+ [65098].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [65098].name = "iwl_dbgfs_traffic_log_write", -+ [65098].param3 = 1, -+ [65195].file = "fs/jffs2/xattr.c", -+ [65195].name = "do_jffs2_setxattr", -+ [65195].param5 = 1, ++ [65169].file = "net/core/skbuff.c", ++ [65169].name = "dev_alloc_skb", ++ [65169].param1 = 1, ++ [6517].file = "drivers/md/dm-table.c", ++ [6517].name = "alloc_targets", ++ [6517].param2 = 1, ++ [65205].file = "drivers/input/evdev.c", ++ [65205].name = "handle_eviocgbit", ++ [65205].param2 = 1, + [65207].file = "drivers/media/video/cpia.c", + [65207].name = "cpia_write_proc", + [65207].param3 = 1, -+ [65364].file = "sound/core/pcm_lib.c", -+ [65364].name = "snd_pcm_lib_read_transfer", -+ [65364].param5 = 1, ++ [65237].file = "kernel/profile.c", ++ [65237].name = "read_profile", ++ [65237].param3 = 1, ++ [65343].file = "kernel/trace/trace.c", ++ [65343].name = "tracing_clock_write", ++ [65343].param3 = 1, + [65409].file = "net/802/garp.c", + [65409].name = "garp_request_join", + [65409].param4 = 1, ++ [65452].file = "drivers/message/fusion/mptctl.c", ++ [65452].name = "mptctl_ioctl", ++ [65452].param2 = 1, + [65514].file = "drivers/media/video/gspca/t613.c", + [65514].name = "reg_w_ixbuf", + [65514].param4 = 1, ++ [6672].file = "drivers/net/wireless/b43/debugfs.c", ++ [6672].name = "b43_debugfs_write", ++ [6672].param3 = 1, + [6691].file = "drivers/acpi/proc.c", + [6691].name = "acpi_system_write_wakeup_device", + [6691].param3 = 1, -+ [680].file = "drivers/misc/ibmasm/ibmasmfs.c", -+ [680].name = "command_file_read", -+ [680].param3 = 1, ++ [6773].file = "mm/percpu.c", ++ [6773].name = "pcpu_mem_alloc", ++ [6773].param1 = 1, + [6867].file = "fs/coda/psdev.c", + [6867].name = "coda_psdev_read", + [6867].param3 = 1, + [6891].file = "drivers/bluetooth/btmrvl_debugfs.c", + [6891].name = "btmrvl_gpiogap_write", + [6891].param3 = 1, ++ [6944].file = "drivers/ide/ide-proc.c", ++ [6944].name = "ide_settings_proc_write", ++ [6944].param3 = 1, ++ [6950].file = "drivers/isdn/capi/capi.c", ++ [6950].name = "capi_write", ++ [6950].param3 = 1, ++ [697].file = "sound/isa/gus/gus_dram.c", ++ [697].name = "snd_gus_dram_peek", ++ [697].param4 = 1, ++ [7158].file = "kernel/trace/trace.c", ++ [7158].name = "tracing_read_pipe", ++ [7158].param3 = 1, ++ [7176].file = "drivers/net/wimax/i2400m/driver.c", ++ [7176].name = "i2400m_queue_work", ++ [7176].param5 = 1, + [720].file = "sound/pci/rme9652/hdsp.c", + [720].name = "snd_hdsp_playback_copy", + [720].param5 = 1, @@ -108155,78 +109830,138 @@ index 0000000..5b08f5c + [7664].file = "drivers/hid/hid-core.c", + [7664].name = "hid_parse_report", + [7664].param3 = 1, -+ [7810].file = "fs/squashfs/export.c", -+ [7810].name = "squashfs_read_inode_lookup_table", -+ [7810].param3 = 1, ++ [7693].file = "net/sctp/socket.c", ++ [7693].name = "sctp_setsockopt_associnfo", ++ [7693].param3 = 1, ++ [7697].file = "security/selinux/selinuxfs.c", ++ [7697].name = "sel_write_access", ++ [7697].param3 = 1, ++ [7843].file = "fs/compat.c", ++ [7843].name = "compat_sys_readv", ++ [7843].param3 = 1, ++ [7924].file = "drivers/media/video/cx18/cx18-fileops.c", ++ [7924].name = "cx18_read_pos", ++ [7924].param3 = 1, + [7958].file = "drivers/gpu/vga/vgaarb.c", + [7958].name = "vga_arb_write", + [7958].param3 = 1, + [7976].file = "drivers/usb/gadget/rndis.c", + [7976].name = "rndis_add_response", + [7976].param2 = 1, -+ [8285].file = "net/ipv4/tcp.c", -+ [8285].name = "tcp_setsockopt", -+ [8285].param5 = 1, ++ [8255].file = "drivers/media/video/stradis.c", ++ [8255].name = "saa_write", ++ [8255].param3 = 1, ++ [8282].file = "drivers/acpi/thermal.c", ++ [8282].name = "acpi_thermal_write_polling", ++ [8282].param3 = 1, ++ [8317].file = "security/smack/smackfs.c", ++ [8317].name = "smk_write_ambient", ++ [8317].param3 = 1, + [8334].file = "drivers/scsi/sg.c", + [8334].name = "sg_proc_write_adio", + [8334].param3 = 1, -+ [8481].file = "drivers/isdn/i4l/isdn_common.c", -+ [8481].name = "isdn_write", -+ [8481].param3 = 1, ++ [8335].file = "drivers/media/dvb/dvb-core/dmxdev.c", ++ [8335].name = "dvb_dvr_set_buffer_size", ++ [8335].param2 = 1, ++ [8371].file = "kernel/sysctl.c", ++ [8371].name = "parse_table", ++ [8371].param6 = 1, + [8536].file = "fs/cifs/dns_resolve.c", + [8536].name = "dns_resolve_server_name_to_ip", + [8536].param1 = 1, -+ [8699].file = "fs/nfs/idmap.c", -+ [8699].name = "idmap_pipe_upcall", -+ [8699].param4 = 1, ++ [8684].file = "fs/read_write.c", ++ [8684].name = "sys_writev", ++ [8684].param3 = 1, ++ [8699].file = "security/selinux/selinuxfs.c", ++ [8699].name = "sel_commit_bools_write", ++ [8699].param3 = 1, + [8764].file = "drivers/usb/core/devio.c", + [8764].name = "usbdev_read", + [8764].param3 = 1, -+ [8917].file = "net/ipv4/raw.c", ++ [8802].file = "fs/dlm/user.c", ++ [8802].name = "device_write", ++ [8802].param3 = 1, ++ [8821].file = "net/wireless/sme.c", ++ [8821].name = "cfg80211_roamed", ++ [8821].param4 = 1, ++ [8821].param6 = 1, ++ [8833].file = "security/selinux/ss/services.c", ++ [8833].name = "security_context_to_sid", ++ [8833].param2 = 1, ++ [8851].file = "net/key/af_key.c", ++ [8851].name = "pfkey_sendmsg", ++ [8851].param4 = 1, ++ [8880].file = "kernel/trace/trace_events.c", ++ [8880].name = "event_enable_write", ++ [8880].param3 = 1, ++ [8917].file = "net/can/raw.c", + [8917].name = "raw_setsockopt", + [8917].param5 = 1, -+ [9463].file = "drivers/infiniband/hw/ipath/ipath_verbs.c", -+ [9463].name = "ipath_verbs_send", -+ [9463].param3 = 1, -+ [9463].param5 = 1, ++ [8983].file = "include/linux/skbuff.h", ++ [8983].name = "alloc_skb", ++ [8983].param1 = 1, ++ [9226].file = "mm/migrate.c", ++ [9226].name = "sys_move_pages", ++ [9226].param2 = 1, ++ [9304].file = "kernel/auditfilter.c", ++ [9304].name = "audit_init_entry", ++ [9304].param1 = 1, ++ [9317].file = "drivers/usb/wusbcore/wa-nep.c", ++ [9317].name = "wa_nep_queue", ++ [9317].param2 = 1, ++ [9538].file = "crypto/blkcipher.c", ++ [9538].name = "blkcipher_copy_iv", ++ [9538].param3 = 1, ++ [9546].file = "drivers/video/fbmem.c", ++ [9546].name = "fb_write", ++ [9546].param3 = 1, ++ [9618].file = "security/selinux/selinuxfs.c", ++ [9618].name = "sel_write_bool", ++ [9618].param3 = 1, ++ [9667].file = "drivers/media/video/pwc/pwc-if.c", ++ [9667].name = "pwc_rvmalloc", ++ [9667].param1 = 1, + [9702].file = "drivers/pcmcia/pcmcia_ioctl.c", + [9702].name = "ds_ioctl", + [9702].param3 = 1, + [9828].file = "drivers/media/dvb/dvb-core/dmxdev.c", + [9828].name = "dvb_demux_do_ioctl", + [9828].param4 = 1, ++ [9870].file = "net/atm/addr.c", ++ [9870].name = "atm_get_addr", ++ [9870].param3 = 1, + [9962].file = "drivers/scsi/sg.c", + [9962].name = "sg_proc_write_dressz", + [9962].param3 = 1, -+ [31291].collision = 1, -+ [38314].collision = 1, ++ [16344].collision = 1, ++ [60651].collision = 1, +}; diff --git a/tools/gcc/size_overflow_hash2.h b/tools/gcc/size_overflow_hash2.h new file mode 100644 -index 0000000..7176f29 +index 0000000..89e270d --- /dev/null +++ b/tools/gcc/size_overflow_hash2.h @@ -0,0 +1,14 @@ +struct size_overflow_hash size_overflow_hash2[65536] = { -+ [39105].file = "drivers/gpu/drm/ttm/ttm_tt.c", -+ [39105].name = "ttm_tt_create", -+ [39105].param2 = 1, -+ [43208].file = "fs/nfs/read.c", -+ [43208].name = "nfs_readdata_alloc", -+ [43208].param1 = 1, -+ [46911].file = "drivers/media/video/ivtv/ivtv-fileops.c", -+ [46911].name = "ivtv_v4l2_read", -+ [46911].param3 = 1, -+ [52857].file = "sound/pci/rme9652/rme9652.c", -+ [52857].name = "snd_rme9652_capture_copy", -+ [52857].param5 = 1, ++ [22224].file = "fs/proc/vmcore.c", ++ [22224].name = "read_from_oldmem", ++ [22224].param2 = 1, ++ [30632].file = "drivers/ide/ide-proc.c", ++ [30632].name = "ide_driver_proc_write", ++ [30632].param3 = 1, ++ [39024].file = "lib/scatterlist.c", ++ [39024].name = "sg_kmalloc", ++ [39024].param1 = 1, ++ [57500].file = "drivers/spdrivers/me", ++ [57500].name = "spidev_write", ++ [57500].param3 = 1, +}; diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c new file mode 100644 -index 0000000..a9ae886 +index 0000000..255439f --- /dev/null +++ b/tools/gcc/size_overflow_plugin.c -@@ -0,0 +1,1042 @@ +@@ -0,0 +1,1110 @@ +/* + * Copyright 2011, 2012 by Emese Revfy <re.emese@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 @@ -108259,6 +109994,7 @@ index 0000000..a9ae886 +#include "gimple.h" +#include "c-common.h" +#include "diagnostic.h" ++#include "cfgloop.h" + +struct size_overflow_hash { + const char *name; @@ -108287,7 +110023,7 @@ index 0000000..a9ae886 +int plugin_is_GPL_compatible; +void debug_gimple_stmt (gimple gs); + -+static tree expand(struct pointer_set_t *visited, tree var); ++static tree expand(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var); +static tree signed_size_overflow_type; +static tree unsigned_size_overflow_type; +static tree report_size_overflow_decl; @@ -108295,7 +110031,7 @@ index 0000000..a9ae886 +static unsigned int handle_function(void); + +static struct plugin_info size_overflow_plugin_info = { -+ .version = "20120311beta", ++ .version = "20120409beta", + .help = "no-size_overflow\tturn off size overflow checking\n", +}; + @@ -108392,9 +110128,19 @@ index 0000000..a9ae886 + return &size_overflow_hash1[hash]; +} + ++static void check_arg_type(tree var) ++{ ++ tree type = TREE_TYPE(var); ++ enum tree_code code = TREE_CODE(type); ++ ++ gcc_assert(code == INTEGER_TYPE || ++ (code == POINTER_TYPE && TREE_CODE(TREE_TYPE(type)) == VOID_TYPE) || ++ (code == POINTER_TYPE && TREE_CODE(TREE_TYPE(type)) == INTEGER_TYPE)); ++} ++ +static void check_missing_attribute(tree arg) +{ -+ tree var, func = get_original_function_decl(current_function_decl); ++ tree var, type, func = get_original_function_decl(current_function_decl); + const char *curfunc = NAME(func); + unsigned int new_hash, argnum = 1; + struct size_overflow_hash *hash; @@ -108402,6 +110148,11 @@ index 0000000..a9ae886 + expanded_location xloc; + bool match = false; + ++ type = TREE_TYPE(arg); ++ // skip function pointers ++ if (TREE_CODE(type) == POINTER_TYPE && TREE_CODE(TREE_TYPE(type)) == FUNCTION_TYPE) ++ return; ++ + loc = DECL_SOURCE_LOCATION(func); + xloc = expand_location(loc); + @@ -108422,6 +110173,8 @@ index 0000000..a9ae886 + argnum++; + continue; + } ++ check_arg_type(var); ++ + match = true; + if (!TYPE_UNSIGNED(TREE_TYPE(var))) + return; @@ -108476,6 +110229,13 @@ index 0000000..a9ae886 + return false; +} + ++static tree cast_a_tree(tree type, tree var) ++{ ++ gcc_assert(fold_convertible_p(type, var)); ++ ++ return fold_convert(type, var); ++} ++ +static gimple build_cast_stmt(tree type, tree var, tree new_var, location_t loc) +{ + gimple assign; @@ -108483,24 +110243,22 @@ index 0000000..a9ae886 + if (new_var == CREATE_NEW_VAR) + new_var = create_new_var(type); + -+ assign = gimple_build_assign(new_var, fold_convert(type, var)); ++ assign = gimple_build_assign(new_var, cast_a_tree(type, var)); + gimple_set_location(assign, loc); + gimple_set_lhs(assign, make_ssa_name(new_var, assign)); + + return assign; +} + -+static tree create_assign(struct pointer_set_t *visited, gimple oldstmt, tree rhs1, bool before) ++static tree create_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt, tree rhs1, bool before) +{ + tree oldstmt_rhs1; + enum tree_code code; + gimple stmt; + gimple_stmt_iterator gsi; + -+ if (is_bool(rhs1)) { -+ pointer_set_insert(visited, oldstmt); -+ return gimple_get_lhs(oldstmt); -+ } ++ if (!*potentionally_overflowed) ++ return NULL_TREE; + + if (rhs1 == NULL_TREE) { + debug_gimple_stmt(oldstmt); @@ -108524,19 +110282,22 @@ index 0000000..a9ae886 + return gimple_get_lhs(stmt); +} + -+static tree dup_assign(struct pointer_set_t *visited, gimple oldstmt, tree rhs1, tree rhs2, tree __unused rhs3) ++static tree dup_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt, tree rhs1, tree rhs2, tree __unused rhs3) +{ + tree new_var, lhs = gimple_get_lhs(oldstmt); + gimple stmt; + gimple_stmt_iterator gsi; + ++ if (!*potentionally_overflowed) ++ return NULL_TREE; ++ + if (gimple_num_ops(oldstmt) != 4 && rhs1 == NULL_TREE) { + rhs1 = gimple_assign_rhs1(oldstmt); -+ rhs1 = create_assign(visited, oldstmt, rhs1, BEFORE_STMT); ++ rhs1 = create_assign(visited, potentionally_overflowed, oldstmt, rhs1, BEFORE_STMT); + } + if (gimple_num_ops(oldstmt) == 3 && rhs2 == NULL_TREE) { + rhs2 = gimple_assign_rhs2(oldstmt); -+ rhs2 = create_assign(visited, oldstmt, rhs2, BEFORE_STMT); ++ rhs2 = create_assign(visited, potentionally_overflowed, oldstmt, rhs2, BEFORE_STMT); + } + + stmt = gimple_copy(oldstmt); @@ -108554,7 +110315,7 @@ index 0000000..a9ae886 + + if (rhs1 != NULL_TREE) { + if (!gimple_assign_cast_p(oldstmt)) -+ rhs1 = fold_convert(signed_size_overflow_type, rhs1); ++ rhs1 = cast_a_tree(signed_size_overflow_type, rhs1); + gimple_assign_set_rhs1(stmt, rhs1); + } + @@ -108581,8 +110342,12 @@ index 0000000..a9ae886 + gimple_stmt_iterator gsi = gsi_for_stmt(oldstmt); + + bb = gsi_bb(gsi); -+ phi = make_phi_node(var, EDGE_COUNT(bb->preds)); + ++ phi = create_phi_node(var, bb); ++ gsi = gsi_last(phi_nodes(bb)); ++ gsi_remove(&gsi, false); ++ ++ gsi = gsi_for_stmt(oldstmt); + gsi_insert_after(&gsi, phi, GSI_NEW_STMT); + gimple_set_bb(phi, bb); + return phi; @@ -108592,25 +110357,27 @@ index 0000000..a9ae886 +{ + gcc_assert(is_gimple_constant(node)); + -+ if (TYPE_PRECISION(signed_size_overflow_type) == TYPE_PRECISION(TREE_TYPE(node))) -+ return build_int_cst_wide(signed_size_overflow_type, TREE_INT_CST_LOW(node), TREE_INT_CST_HIGH(node)); -+ else -+ return build_int_cst(signed_size_overflow_type, int_cst_value(node)); ++ return cast_a_tree(signed_size_overflow_type, node); +} + -+static gimple cast_old_phi_arg(gimple oldstmt, tree arg, tree new_var) ++static gimple cast_old_phi_arg(gimple oldstmt, tree arg, tree new_var, unsigned int i) +{ -+ basic_block first_bb; -+ gimple newstmt; ++ basic_block bb; ++ gimple newstmt, def_stmt; + gimple_stmt_iterator gsi; + + newstmt = build_cast_stmt(signed_size_overflow_type, arg, new_var, gimple_location(oldstmt)); ++ if (TREE_CODE(arg) == SSA_NAME) { ++ def_stmt = get_def_stmt(arg); ++ if (gimple_code(def_stmt) != GIMPLE_NOP) { ++ gsi = gsi_for_stmt(def_stmt); ++ gsi_insert_after(&gsi, newstmt, GSI_NEW_STMT); ++ return newstmt; ++ } ++ } + -+ first_bb = split_block_after_labels(ENTRY_BLOCK_PTR)->dest; -+ if (dom_info_available_p(CDI_DOMINATORS)) -+ set_immediate_dominator(CDI_DOMINATORS, first_bb, ENTRY_BLOCK_PTR); -+ gsi = gsi_start_bb(first_bb); -+ ++ bb = gimple_phi_arg_edge(oldstmt, i)->src; ++ gsi = gsi_after_labels(bb); + gsi_insert_before(&gsi, newstmt, GSI_NEW_STMT); + return newstmt; +} @@ -108639,7 +110406,7 @@ index 0000000..a9ae886 + newstmt = gimple_copy(def_newstmt); + break; + default: -+ /* unknown gimple_code (build_new_phi_arg) */ ++ /* unknown gimple_code (handle_build_new_phi_arg) */ + gcc_unreachable(); + } + @@ -108648,56 +110415,73 @@ index 0000000..a9ae886 + return newstmt; +} + -+static tree build_new_phi_arg(struct pointer_set_t *visited, gimple oldstmt, tree arg, tree new_var) ++static tree build_new_phi_arg(struct pointer_set_t *visited, bool *potentionally_overflowed, tree arg, tree new_var) +{ + gimple newstmt; + tree new_rhs; + -+ if (is_gimple_constant(arg)) -+ return signed_cast_constant(arg); ++ new_rhs = expand(visited, potentionally_overflowed, arg); + -+ pointer_set_insert(visited, oldstmt); -+ new_rhs = expand(visited, arg); -+ if (new_rhs == NULL_TREE) { -+ gcc_assert(TREE_CODE(TREE_TYPE(arg)) != VOID_TYPE); -+ newstmt = cast_old_phi_arg(oldstmt, arg, new_var); -+ } else -+ newstmt = handle_new_phi_arg(arg, new_var, new_rhs); ++ if (new_rhs == NULL_TREE) ++ return NULL_TREE; ++ ++ newstmt = handle_new_phi_arg(arg, new_var, new_rhs); + update_stmt(newstmt); + return gimple_get_lhs(newstmt); +} + -+static tree build_new_phi(struct pointer_set_t *visited, gimple oldstmt) ++static tree build_new_phi(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt) +{ + gimple phi; + tree new_var = create_new_var(signed_size_overflow_type); + unsigned int i, n = gimple_phi_num_args(oldstmt); + ++ pointer_set_insert(visited, oldstmt); + phi = overflow_create_phi_node(oldstmt, new_var); -+ + for (i = 0; i < n; i++) { + tree arg, lhs; + + arg = gimple_phi_arg_def(oldstmt, i); -+ lhs = build_new_phi_arg(visited, oldstmt, arg, new_var); ++ if (is_gimple_constant(arg)) ++ arg = signed_cast_constant(arg); ++ lhs = build_new_phi_arg(visited, potentionally_overflowed, arg, new_var); ++ if (lhs == NULL_TREE) ++ lhs = gimple_get_lhs(cast_old_phi_arg(oldstmt, arg, new_var, i)); + add_phi_arg(phi, lhs, gimple_phi_arg_edge(oldstmt, i), gimple_location(oldstmt)); + } ++ + update_stmt(phi); + return gimple_phi_result(phi); +} + -+static tree handle_unary_ops(struct pointer_set_t *visited, tree var) ++static tree handle_unary_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) +{ + gimple def_stmt = get_def_stmt(var); + tree new_rhs1, rhs1 = gimple_assign_rhs1(def_stmt); + ++ *potentionally_overflowed = true; ++ new_rhs1 = expand(visited, potentionally_overflowed, rhs1); ++ if (new_rhs1 == NULL_TREE) { ++ if (TREE_CODE(TREE_TYPE(rhs1)) == POINTER_TYPE) ++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); ++ else ++ return create_assign(visited, potentionally_overflowed, def_stmt, rhs1, AFTER_STMT); ++ } ++ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, NULL_TREE, NULL_TREE); ++} ++ ++static tree handle_unary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) ++{ ++ gimple def_stmt = get_def_stmt(var); ++ tree rhs1 = gimple_assign_rhs1(def_stmt); ++ + if (is_gimple_constant(rhs1)) -+ return dup_assign(visited, def_stmt, signed_cast_constant(rhs1), NULL_TREE, NULL_TREE); ++ return dup_assign(visited, potentionally_overflowed, def_stmt, signed_cast_constant(rhs1), NULL_TREE, NULL_TREE); + + switch (TREE_CODE(rhs1)) { + case SSA_NAME: -+ new_rhs1 = expand(visited, rhs1); -+ break; ++ return handle_unary_rhs(visited, potentionally_overflowed, var); ++ + case ARRAY_REF: + case ADDR_EXPR: + case COMPONENT_REF: @@ -108709,89 +110493,189 @@ index 0000000..a9ae886 + case PARM_DECL: + case TARGET_MEM_REF: + case VAR_DECL: -+ return create_assign(visited, def_stmt, var, AFTER_STMT); ++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); ++ + default: + debug_gimple_stmt(def_stmt); + debug_tree(rhs1); + gcc_unreachable(); + } ++} ++ ++static void insert_cond(basic_block cond_bb, tree arg, enum tree_code cond_code, tree type_value) ++{ ++ gimple cond_stmt; ++ gimple_stmt_iterator gsi = gsi_last_bb(cond_bb); + -+ if (new_rhs1 == NULL_TREE) -+ return create_assign(visited, def_stmt, rhs1, AFTER_STMT); -+ return dup_assign(visited, def_stmt, new_rhs1, NULL_TREE, NULL_TREE); ++ cond_stmt = gimple_build_cond(cond_code, arg, type_value, NULL_TREE, NULL_TREE); ++ gsi_insert_after(&gsi, cond_stmt, GSI_CONTINUE_LINKING); ++ update_stmt(cond_stmt); +} + -+static tree transform_mult_overflow(tree rhs, tree const_rhs, tree log2const_rhs, location_t loc) ++static tree create_string_param(tree string) +{ -+ tree new_def_rhs; ++ tree array_ref = build4(ARRAY_REF, TREE_TYPE(string), string, integer_zero_node, NULL, NULL); + -+ if (!is_gimple_constant(rhs)) -+ return NULL_TREE; ++ return build1(ADDR_EXPR, ptr_type_node, array_ref); ++} + -+ new_def_rhs = fold_build2_loc(loc, MULT_EXPR, TREE_TYPE(const_rhs), rhs, const_rhs); -+ new_def_rhs = signed_cast_constant(new_def_rhs); -+ if (int_cst_value(new_def_rhs) >= 0) -+ return NULL_TREE; -+ return fold_build2_loc(loc, RSHIFT_EXPR, TREE_TYPE(new_def_rhs), new_def_rhs, log2const_rhs); ++static void insert_cond_result(basic_block bb_true, gimple stmt, tree arg) ++{ ++ gimple func_stmt, def_stmt; ++ tree current_func, loc_file, loc_line; ++ expanded_location xloc; ++ gimple_stmt_iterator gsi = gsi_start_bb(bb_true); ++ ++ def_stmt = get_def_stmt(arg); ++ xloc = expand_location(gimple_location(def_stmt)); ++ ++ if (!gimple_has_location(def_stmt)) { ++ xloc = expand_location(gimple_location(stmt)); ++ if (!gimple_has_location(stmt)) ++ xloc = expand_location(DECL_SOURCE_LOCATION(current_function_decl)); ++ } ++ ++ loc_line = build_int_cstu(unsigned_type_node, xloc.line); ++ ++ loc_file = build_string(strlen(xloc.file), xloc.file); ++ TREE_TYPE(loc_file) = char_array_type_node; ++ loc_file = create_string_param(loc_file); ++ ++ current_func = build_string(IDENTIFIER_LENGTH(DECL_NAME(current_function_decl)), NAME(current_function_decl)); ++ TREE_TYPE(current_func) = char_array_type_node; ++ current_func = create_string_param(current_func); ++ ++ // void report_size_overflow(const char *file, unsigned int line, const char *func) ++ func_stmt = gimple_build_call(report_size_overflow_decl, 3, loc_file, loc_line, current_func); ++ ++ gsi_insert_after(&gsi, func_stmt, GSI_CONTINUE_LINKING); +} + -+static tree handle_intentional_mult_overflow(struct pointer_set_t *visited, tree rhs, tree const_rhs) ++static void insert_check_size_overflow(gimple stmt, enum tree_code cond_code, tree arg, tree type_value) +{ -+ gimple new_def_stmt, def_stmt; -+ tree def_rhs1, def_rhs2, new_def_rhs; -+ location_t loc; -+ tree log2const_rhs; -+ int log2 = exact_log2(TREE_INT_CST_LOW(const_rhs)); ++ basic_block cond_bb, join_bb, bb_true; ++ edge e; ++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt); ++// location_t loc = gimple_location(stmt); + -+ if (log2 == -1) { -+// warning(0, "Possibly unhandled intentional integer truncation"); -+ return NULL_TREE; ++ cond_bb = gimple_bb(stmt); ++ gsi_prev(&gsi); ++ if (gsi_end_p(gsi)) ++ e = split_block_after_labels(cond_bb); ++ else ++ e = split_block(cond_bb, gsi_stmt(gsi)); ++ cond_bb = e->src; ++ join_bb = e->dest; ++ e->flags = EDGE_FALSE_VALUE; ++ e->probability = REG_BR_PROB_BASE; ++ ++ bb_true = create_empty_bb(cond_bb); ++ make_edge(cond_bb, bb_true, EDGE_TRUE_VALUE); ++ make_edge(cond_bb, join_bb, EDGE_FALSE_VALUE); ++ make_edge(bb_true, join_bb, EDGE_FALLTHRU); ++ ++ if (dom_info_available_p(CDI_DOMINATORS)) { ++ set_immediate_dominator(CDI_DOMINATORS, bb_true, cond_bb); ++ set_immediate_dominator(CDI_DOMINATORS, join_bb, cond_bb); + } + -+ def_stmt = get_def_stmt(rhs); -+ loc = gimple_location(def_stmt); -+ def_rhs1 = gimple_assign_rhs1(def_stmt); -+ def_rhs2 = gimple_assign_rhs2(def_stmt); -+ new_def_stmt = get_def_stmt(expand(visited, rhs)); -+ log2const_rhs = build_int_cstu(TREE_TYPE(const_rhs), log2); ++ if (current_loops != NULL) { ++ gcc_assert(cond_bb->loop_father == join_bb->loop_father); ++ add_bb_to_loop(bb_true, cond_bb->loop_father); ++ } ++ ++ insert_cond(cond_bb, arg, cond_code, type_value); ++ insert_cond_result(bb_true, stmt, arg); + -+ new_def_rhs = transform_mult_overflow(def_rhs1, const_rhs, log2const_rhs, loc); -+ if (new_def_rhs != NULL_TREE) { -+ gimple_assign_set_rhs1(new_def_stmt, new_def_rhs); ++// inform(loc, "Integer size_overflow check applied here."); ++} ++ ++static tree get_type_for_check(tree rhs) ++{ ++ tree def_rhs; ++ gimple def_stmt = get_def_stmt(rhs); ++ ++ if (!gimple_assign_cast_p(def_stmt)) ++ return TREE_TYPE(rhs); ++ def_rhs = gimple_assign_rhs1(def_stmt); ++ if (TREE_CODE(TREE_TYPE(def_rhs)) == INTEGER_TYPE) ++ return TREE_TYPE(def_rhs); ++ return TREE_TYPE(rhs); ++} ++ ++static gimple cast_to_unsigned_size_overflow_type(gimple stmt, tree cast_rhs) ++{ ++ gimple ucast_stmt; ++ gimple_stmt_iterator gsi; ++ location_t loc = gimple_location(stmt); ++ ++ ucast_stmt = build_cast_stmt(unsigned_size_overflow_type, cast_rhs, CREATE_NEW_VAR, loc); ++ gsi = gsi_for_stmt(stmt); ++ gsi_insert_before(&gsi, ucast_stmt, GSI_SAME_STMT); ++ return ucast_stmt; ++} ++ ++static void check_size_overflow(gimple stmt, tree cast_rhs, tree rhs, bool *potentionally_overflowed) ++{ ++ tree type_max, type_min, rhs_type; ++ gimple ucast_stmt; ++ ++ if (!*potentionally_overflowed) ++ return; ++ ++ rhs_type = get_type_for_check(rhs); ++ ++ if (TYPE_UNSIGNED(rhs_type)) { ++ ucast_stmt = cast_to_unsigned_size_overflow_type(stmt, cast_rhs); ++ type_max = cast_a_tree(unsigned_size_overflow_type, TYPE_MAX_VALUE(rhs_type)); ++ insert_check_size_overflow(stmt, GT_EXPR, gimple_get_lhs(ucast_stmt), type_max); + } else { -+ new_def_rhs = transform_mult_overflow(def_rhs2, const_rhs, log2const_rhs, loc); -+ if (new_def_rhs != NULL_TREE) -+ gimple_assign_set_rhs2(new_def_stmt, new_def_rhs); -+ } -+ if (new_def_rhs == NULL_TREE) -+ return NULL_TREE; ++ type_max = cast_a_tree(signed_size_overflow_type, TYPE_MAX_VALUE(rhs_type)); ++ insert_check_size_overflow(stmt, GT_EXPR, cast_rhs, type_max); + -+ update_stmt(new_def_stmt); -+// warning(0, "Handle integer truncation (gcc optimization)"); -+ return gimple_get_lhs(new_def_stmt); ++ type_min = cast_a_tree(signed_size_overflow_type, TYPE_MIN_VALUE(rhs_type)); ++ insert_check_size_overflow(stmt, LT_EXPR, cast_rhs, type_min); ++ } +} + -+static bool is_mult_overflow(gimple def_stmt, tree rhs1) ++static tree change_assign_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple stmt, tree orig_rhs) +{ -+ gimple rhs1_def_stmt = get_def_stmt(rhs1); ++ gimple assign; ++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt); ++ tree new_rhs, origtype = TREE_TYPE(orig_rhs); + -+ if (gimple_assign_rhs_code(def_stmt) != MULT_EXPR) -+ return false; -+ if (gimple_code(rhs1_def_stmt) != GIMPLE_ASSIGN) -+ return false; -+ if (gimple_assign_rhs_code(rhs1_def_stmt) != PLUS_EXPR) -+ return false; -+ return true; ++ gcc_assert(gimple_code(stmt) == GIMPLE_ASSIGN); ++ ++ new_rhs = expand(visited, potentionally_overflowed, orig_rhs); ++ if (new_rhs == NULL_TREE) ++ return NULL_TREE; ++ ++ assign = build_cast_stmt(origtype, new_rhs, CREATE_NEW_VAR, gimple_location(stmt)); ++ gsi_insert_before(&gsi, assign, GSI_SAME_STMT); ++ update_stmt(assign); ++ return gimple_get_lhs(assign); +} + -+static tree handle_intentional_overflow(struct pointer_set_t *visited, gimple def_stmt, tree rhs1, tree rhs2) ++static tree handle_const_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple def_stmt, tree var, tree rhs, tree new_rhs1, tree new_rhs2, void (*gimple_assign_set_rhs)(gimple, tree)) +{ -+ if (is_mult_overflow(def_stmt, rhs1)) -+ return handle_intentional_mult_overflow(visited, rhs1, rhs2); -+ return NULL_TREE; ++ tree new_rhs, cast_rhs; ++ ++ if (gimple_assign_rhs_code(def_stmt) == MIN_EXPR) ++ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, NULL_TREE); ++ ++ new_rhs = change_assign_rhs(visited, potentionally_overflowed, def_stmt, rhs); ++ if (new_rhs != NULL_TREE) { ++ gimple_assign_set_rhs(def_stmt, new_rhs); ++ update_stmt(def_stmt); ++ ++ cast_rhs = gimple_assign_rhs1(get_def_stmt(new_rhs)); ++ ++ check_size_overflow(def_stmt, cast_rhs, rhs, potentionally_overflowed); ++ } ++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); +} + -+static tree handle_binary_ops(struct pointer_set_t *visited, tree var) ++static tree handle_binary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) +{ + tree rhs1, rhs2; + gimple def_stmt = get_def_stmt(var); @@ -108814,55 +110698,53 @@ index 0000000..a9ae886 + case ROUND_MOD_EXPR: + case EXACT_DIV_EXPR: + case POINTER_PLUS_EXPR: -+ /* logical AND cannot cause an overflow */ -+ case BIT_AND_EXPR: -+ return create_assign(visited, def_stmt, var, AFTER_STMT); ++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); + default: + break; + } + -+ if (is_gimple_constant(rhs2)) { -+ new_rhs2 = signed_cast_constant(rhs2); -+ new_rhs1 = handle_intentional_overflow(visited, def_stmt, rhs1, rhs2); -+ } ++ *potentionally_overflowed = true; + -+ if (is_gimple_constant(rhs1)) { -+ new_rhs1 = signed_cast_constant(rhs1); -+ new_rhs2 = handle_intentional_overflow(visited, def_stmt, rhs2, rhs1); -+ } ++ if (TREE_CODE(rhs1) == SSA_NAME) ++ new_rhs1 = expand(visited, potentionally_overflowed, rhs1); ++ if (TREE_CODE(rhs2) == SSA_NAME) ++ new_rhs2 = expand(visited, potentionally_overflowed, rhs2); + -+ if (new_rhs1 == NULL_TREE && TREE_CODE(rhs1) == SSA_NAME) -+ new_rhs1 = expand(visited, rhs1); -+ if (new_rhs2 == NULL_TREE && TREE_CODE(rhs2) == SSA_NAME) -+ new_rhs2 = expand(visited, rhs2); ++ if (is_gimple_constant(rhs2)) ++ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs1, new_rhs1, signed_cast_constant(rhs2), &gimple_assign_set_rhs1); + -+ return dup_assign(visited, def_stmt, new_rhs1, new_rhs2, NULL_TREE); ++ if (is_gimple_constant(rhs1)) ++ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs2, signed_cast_constant(rhs1), new_rhs2, &gimple_assign_set_rhs2); ++ ++ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, NULL_TREE); +} + +#if BUILDING_GCC_VERSION >= 4007 -+static tree get_new_rhs(struct pointer_set_t *visited, tree rhs) ++static tree get_new_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, tree rhs) +{ + if (is_gimple_constant(rhs)) + return signed_cast_constant(rhs); + if (TREE_CODE(rhs) != SSA_NAME) + return NULL_TREE; -+ return expand(visited, rhs); ++ return expand(visited, potentionally_overflowed, rhs); +} + -+static tree handle_ternary_ops(struct pointer_set_t *visited, tree var) ++static tree handle_ternary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) +{ + tree rhs1, rhs2, rhs3, new_rhs1, new_rhs2, new_rhs3; + gimple def_stmt = get_def_stmt(var); + ++ *potentionally_overflowed = true; ++ + rhs1 = gimple_assign_rhs1(def_stmt); + rhs2 = gimple_assign_rhs2(def_stmt); + rhs3 = gimple_assign_rhs3(def_stmt); -+ new_rhs1 = get_new_rhs(visited, rhs1); -+ new_rhs2 = get_new_rhs(visited, rhs2); -+ new_rhs3 = get_new_rhs(visited, rhs3); ++ new_rhs1 = get_new_rhs(visited, potentionally_overflowed, rhs1); ++ new_rhs2 = get_new_rhs(visited, potentionally_overflowed, rhs2); ++ new_rhs3 = get_new_rhs(visited, potentionally_overflowed, rhs3); + + if (new_rhs1 == NULL_TREE && new_rhs2 != NULL_TREE && new_rhs3 != NULL_TREE) -+ return dup_assign(visited, def_stmt, new_rhs1, new_rhs2, new_rhs3); ++ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, new_rhs3); + error("handle_ternary_ops: unknown rhs"); + gcc_unreachable(); +} @@ -108909,9 +110791,10 @@ index 0000000..a9ae886 + } +} + -+static tree expand(struct pointer_set_t *visited, tree var) ++static tree expand(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) +{ + gimple def_stmt; ++ enum tree_code code = TREE_CODE(TREE_TYPE(var)); + + if (is_gimple_constant(var)) + return NULL_TREE; @@ -108919,9 +110802,15 @@ index 0000000..a9ae886 + if (TREE_CODE(var) == ADDR_EXPR) + return NULL_TREE; + -+ if (SSA_NAME_IS_DEFAULT_DEF(var)) ++ gcc_assert(code == INTEGER_TYPE || code == POINTER_TYPE || code == BOOLEAN_TYPE); ++ if (code != INTEGER_TYPE) + return NULL_TREE; + ++ if (SSA_NAME_IS_DEFAULT_DEF(var)) { ++ check_missing_attribute(var); ++ return NULL_TREE; ++ } ++ + def_stmt = get_def_stmt(var); + + if (!def_stmt) @@ -108935,20 +110824,19 @@ index 0000000..a9ae886 + check_missing_attribute(var); + return NULL_TREE; + case GIMPLE_PHI: -+ return build_new_phi(visited, def_stmt); ++ return build_new_phi(visited, potentionally_overflowed, def_stmt); + case GIMPLE_CALL: + case GIMPLE_ASM: -+ gcc_assert(TREE_CODE(TREE_TYPE(var)) != VOID_TYPE); -+ return create_assign(visited, def_stmt, var, AFTER_STMT); ++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); + case GIMPLE_ASSIGN: + switch (gimple_num_ops(def_stmt)) { + case 2: -+ return handle_unary_ops(visited, var); ++ return handle_unary_ops(visited, potentionally_overflowed, var); + case 3: -+ return handle_binary_ops(visited, var); ++ return handle_binary_ops(visited, potentionally_overflowed, var); +#if BUILDING_GCC_VERSION >= 4007 + case 4: -+ return handle_ternary_ops(visited, var); ++ return handle_ternary_ops(visited, potentionally_overflowed, var); +#endif + } + default: @@ -108958,13 +110846,12 @@ index 0000000..a9ae886 + } +} + -+static void change_function_arg(gimple func_stmt, tree origarg, unsigned int argnum, tree newarg) ++static void change_function_arg(gimple stmt, tree origarg, unsigned int argnum, tree newarg) +{ -+ gimple assign, stmt; -+ gimple_stmt_iterator gsi = gsi_for_stmt(func_stmt); ++ gimple assign; ++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt); + tree origtype = TREE_TYPE(origarg); + -+ stmt = gsi_stmt(gsi); + gcc_assert(gimple_code(stmt) == GIMPLE_CALL); + + assign = build_cast_stmt(origtype, newarg, CREATE_NEW_VAR, gimple_location(stmt)); @@ -109002,90 +110889,12 @@ index 0000000..a9ae886 + return NULL_TREE; +} + -+static void insert_cond(tree arg, basic_block cond_bb) -+{ -+ gimple cond_stmt; -+ gimple_stmt_iterator gsi = gsi_last_bb(cond_bb); -+ -+ cond_stmt = gimple_build_cond(GT_EXPR, arg, build_int_cstu(signed_size_overflow_type, 0x7fffffff), NULL_TREE, NULL_TREE); -+ gsi_insert_after(&gsi, cond_stmt, GSI_CONTINUE_LINKING); -+ update_stmt(cond_stmt); -+} -+ -+static tree create_string_param(tree string) -+{ -+ tree array_ref = build4(ARRAY_REF, TREE_TYPE(string), string, integer_zero_node, NULL, NULL); -+ -+ return build1(ADDR_EXPR, ptr_type_node, array_ref); -+} -+ -+static void insert_cond_result(basic_block bb_true, gimple stmt, tree arg) -+{ -+ gimple func_stmt, def_stmt; -+ tree current_func, loc_file, loc_line; -+ expanded_location xloc; -+ gimple_stmt_iterator gsi = gsi_start_bb(bb_true); -+ -+ def_stmt = get_def_stmt(arg); -+ xloc = expand_location(gimple_location(def_stmt)); -+ -+ if (!gimple_has_location(def_stmt)) { -+ xloc = expand_location(gimple_location(stmt)); -+ gcc_assert(gimple_has_location(stmt)); -+ } -+ -+ loc_line = build_int_cstu(unsigned_type_node, xloc.line); -+ -+ loc_file = build_string(strlen(xloc.file), xloc.file); -+ TREE_TYPE(loc_file) = char_array_type_node; -+ loc_file = create_string_param(loc_file); -+ -+ current_func = build_string(IDENTIFIER_LENGTH(DECL_NAME(current_function_decl)), NAME(current_function_decl)); -+ TREE_TYPE(current_func) = char_array_type_node; -+ current_func = create_string_param(current_func); -+ -+ // void report_size_overflow(const char *file, unsigned int line, const char *func) -+ func_stmt = gimple_build_call(report_size_overflow_decl, 3, loc_file, loc_line, current_func); -+ -+ gsi_insert_after(&gsi, func_stmt, GSI_CONTINUE_LINKING); -+} -+ -+static void insert_check_size_overflow(gimple stmt, tree arg) -+{ -+ basic_block cond_bb, join_bb, bb_true; -+ edge e; -+ gimple_stmt_iterator gsi = gsi_for_stmt(stmt); -+ -+ cond_bb = gimple_bb(stmt); -+ gsi_prev(&gsi); -+ if (gsi_end_p(gsi)) -+ e = split_block_after_labels(cond_bb); -+ else -+ e = split_block(cond_bb, gsi_stmt(gsi)); -+ cond_bb = e->src; -+ join_bb = e->dest; -+ e->flags = EDGE_FALSE_VALUE; -+ e->probability = REG_BR_PROB_BASE; -+ -+ bb_true = create_empty_bb(cond_bb); -+ make_edge(cond_bb, bb_true, EDGE_TRUE_VALUE); -+ -+ if (dom_info_available_p(CDI_DOMINATORS)) { -+ set_immediate_dominator(CDI_DOMINATORS, bb_true, cond_bb); -+ set_immediate_dominator(CDI_DOMINATORS, join_bb, cond_bb); -+ } -+ -+ insert_cond(arg, cond_bb); -+ insert_cond_result(bb_true, stmt, arg); -+} -+ +static void handle_function_arg(gimple stmt, tree fndecl, unsigned int argnum) +{ + struct pointer_set_t *visited; -+ tree arg, newarg; ++ tree arg, newarg, type_max; + gimple ucast_stmt; -+ gimple_stmt_iterator gsi; -+ location_t loc = gimple_location(stmt); ++ bool potentionally_overflowed; + + arg = get_function_arg(argnum, stmt, fndecl); + if (arg == NULL_TREE) @@ -109096,22 +110905,24 @@ index 0000000..a9ae886 + if (TREE_CODE(arg) != SSA_NAME) + return; + ++ check_arg_type(arg); ++ + set_size_overflow_type(arg); ++ + visited = pointer_set_create(); -+ newarg = expand(visited, arg); ++ potentionally_overflowed = false; ++ newarg = expand(visited, &potentionally_overflowed, arg); + pointer_set_destroy(visited); + -+ if (newarg == NULL_TREE) ++ if (newarg == NULL_TREE || !potentionally_overflowed) + return; + + change_function_arg(stmt, arg, argnum, newarg); + -+ ucast_stmt = build_cast_stmt(unsigned_size_overflow_type, newarg, CREATE_NEW_VAR, loc); -+ gsi = gsi_for_stmt(stmt); -+ gsi_insert_before(&gsi, ucast_stmt, GSI_SAME_STMT); ++ ucast_stmt = cast_to_unsigned_size_overflow_type(stmt, newarg); + -+ insert_check_size_overflow(stmt, gimple_get_lhs(ucast_stmt)); -+// inform(loc, "Integer size_overflow check applied here."); ++ type_max = build_int_cstu(unsigned_size_overflow_type, 0x7fffffff); ++ insert_check_size_overflow(stmt, GT_EXPR, gimple_get_lhs(ucast_stmt), type_max); +} + +static void handle_function_by_attribute(gimple stmt, tree attr, tree fndecl) @@ -109234,16 +111045,9 @@ index 0000000..a9ae886 + + struct register_pass_info size_overflow_pass_info = { + .pass = &size_overflow_pass.pass, -+ .reference_pass_name = "mudflap2", -+ .ref_pass_instance_number = 1, -+ .pos_op = PASS_POS_INSERT_BEFORE -+ }; -+ -+ struct register_pass_info dce_pass_info = { -+ .pass = &pass_dce.pass, -+ .reference_pass_name = "mudflap2", ++ .reference_pass_name = "ssa", + .ref_pass_instance_number = 1, -+ .pos_op = PASS_POS_INSERT_BEFORE ++ .pos_op = PASS_POS_INSERT_AFTER + }; + + if (!plugin_default_version_check(version, &gcc_version)) { @@ -109263,7 +111067,6 @@ index 0000000..a9ae886 + if (enable) { + register_callback ("start_unit", PLUGIN_START_UNIT, &start_unit_callback, NULL); + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &size_overflow_pass_info); -+ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &dce_pass_info); + } + register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes, NULL); + diff --git a/3.2.14/0000_README b/3.2.14/0000_README index 3842c31..470e24e 100644 --- a/3.2.14/0000_README +++ b/3.2.14/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.9-3.2.14-201204062020.patch +Patch: 4420_grsecurity-2.9-3.2.14-201204081846.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.14/4420_grsecurity-2.9-3.2.14-201204062020.patch b/3.2.14/4420_grsecurity-2.9-3.2.14-201204081846.patch index a4dfa05..e79b84e 100644 --- a/3.2.14/4420_grsecurity-2.9-3.2.14-201204062020.patch +++ b/3.2.14/4420_grsecurity-2.9-3.2.14-201204081846.patch @@ -7932,6 +7932,19 @@ index be6d9e3..21fbbca 100644 ret +ENDPROC(aesni_ctr_enc) #endif +diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c +index 545d0ce..14841a6 100644 +--- a/arch/x86/crypto/aesni-intel_glue.c ++++ b/arch/x86/crypto/aesni-intel_glue.c +@@ -929,6 +929,8 @@ out_free_ablkcipher: + } + + static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key, ++ unsigned int key_len) __size_overflow(3); ++static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key, + unsigned int key_len) + { + int ret = 0; diff --git a/arch/x86/crypto/blowfish-x86_64-asm_64.S b/arch/x86/crypto/blowfish-x86_64-asm_64.S index 391d245..67f35c2 100644 --- a/arch/x86/crypto/blowfish-x86_64-asm_64.S @@ -17357,6 +17370,19 @@ index 69bca46..0bac999 100644 return; WARN_ONCE(regs->sp >= curbase && +diff --git a/arch/x86/kernel/kdebugfs.c b/arch/x86/kernel/kdebugfs.c +index 90fcf62..e682cdd 100644 +--- a/arch/x86/kernel/kdebugfs.c ++++ b/arch/x86/kernel/kdebugfs.c +@@ -28,6 +28,8 @@ struct setup_data_node { + }; + + static ssize_t setup_data_read(struct file *file, char __user *user_buf, ++ size_t count, loff_t *ppos) __size_overflow(3); ++static ssize_t setup_data_read(struct file *file, char __user *user_buf, + size_t count, loff_t *ppos) + { + struct setup_data_node *node = file->private_data; diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c index faba577..93b9e71 100644 --- a/arch/x86/kernel/kgdb.c @@ -17559,7 +17585,7 @@ index a9c2116..a52d4fc 100644 #endif pv_mmu_ops.flush_tlb_user = kvm_flush_tlb; diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c -index ea69726..8b497c9 100644 +index ea69726..a305f16 100644 --- a/arch/x86/kernel/ldt.c +++ b/arch/x86/kernel/ldt.c @@ -67,13 +67,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload) @@ -17620,7 +17646,15 @@ index ea69726..8b497c9 100644 static int read_ldt(void __user *ptr, unsigned long bytecount) { int err; -@@ -230,6 +249,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) +@@ -175,6 +194,7 @@ error_return: + return err; + } + ++static int read_default_ldt(void __user *ptr, unsigned long bytecount) __size_overflow(2); + static int read_default_ldt(void __user *ptr, unsigned long bytecount) + { + /* CHECKME: Can we use _one_ random number ? */ +@@ -230,6 +250,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) } } @@ -17689,14 +17723,15 @@ index 3ca42d0..79d24cd 100644 static void microcode_fini_cpu(int cpu) diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c -index 925179f..267ac7a 100644 +index 925179f..59bfaa1 100644 --- a/arch/x86/kernel/module.c +++ b/arch/x86/kernel/module.c -@@ -36,15 +36,60 @@ +@@ -36,15 +36,63 @@ #define DEBUGP(fmt...) #endif -void *module_alloc(unsigned long size) ++static inline void *__module_alloc(unsigned long size, pgprot_t prot) __size_overflow(1); +static inline void *__module_alloc(unsigned long size, pgprot_t prot) { - if (PAGE_ALIGN(size) > MODULES_LEN) @@ -17721,6 +17756,7 @@ index 925179f..267ac7a 100644 + +#ifdef CONFIG_PAX_KERNEXEC +#ifdef CONFIG_X86_32 ++void *module_alloc_exec(unsigned long size) __size_overflow(1); +void *module_alloc_exec(unsigned long size) +{ + struct vm_struct *area; @@ -17745,6 +17781,7 @@ index 925179f..267ac7a 100644 +} +EXPORT_SYMBOL(module_free_exec); + ++void *module_alloc_exec(unsigned long size) __size_overflow(1); +void *module_alloc_exec(unsigned long size) +{ + return __module_alloc(size, PAGE_KERNEL_RX); @@ -17756,7 +17793,7 @@ index 925179f..267ac7a 100644 #ifdef CONFIG_X86_32 int apply_relocate(Elf32_Shdr *sechdrs, const char *strtab, -@@ -55,14 +100,16 @@ int apply_relocate(Elf32_Shdr *sechdrs, +@@ -55,14 +103,16 @@ int apply_relocate(Elf32_Shdr *sechdrs, unsigned int i; Elf32_Rel *rel = (void *)sechdrs[relsec].sh_addr; Elf32_Sym *sym; @@ -17776,7 +17813,7 @@ index 925179f..267ac7a 100644 /* This is the symbol it is referring to. Note that all undefined symbols have been resolved. */ sym = (Elf32_Sym *)sechdrs[symindex].sh_addr -@@ -71,11 +118,15 @@ int apply_relocate(Elf32_Shdr *sechdrs, +@@ -71,11 +121,15 @@ int apply_relocate(Elf32_Shdr *sechdrs, switch (ELF32_R_TYPE(rel[i].r_info)) { case R_386_32: /* We add the value into the location given */ @@ -17794,7 +17831,7 @@ index 925179f..267ac7a 100644 break; default: printk(KERN_ERR "module %s: Unknown relocation: %u\n", -@@ -120,21 +171,30 @@ int apply_relocate_add(Elf64_Shdr *sechdrs, +@@ -120,21 +174,30 @@ int apply_relocate_add(Elf64_Shdr *sechdrs, case R_X86_64_NONE: break; case R_X86_64_64: @@ -19558,7 +19595,7 @@ index b9242ba..50c5edd 100644 * verify_cpu, returns the status of longmode and SSE in register %eax. * 0: Success 1: Failure diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c -index 04b8726..0c35b29 100644 +index 04b8726..26d355c 100644 --- a/arch/x86/kernel/vm86_32.c +++ b/arch/x86/kernel/vm86_32.c @@ -41,6 +41,7 @@ @@ -19569,7 +19606,17 @@ index 04b8726..0c35b29 100644 #include <asm/uaccess.h> #include <asm/io.h> -@@ -148,7 +149,7 @@ struct pt_regs *save_v86_state(struct kernel_vm86_regs *regs) +@@ -109,6 +110,9 @@ static int copy_vm86_regs_to_user(struct vm86_regs __user *user, + /* convert vm86_regs to kernel_vm86_regs */ + static int copy_vm86_regs_from_user(struct kernel_vm86_regs *regs, + const struct vm86_regs __user *user, ++ unsigned extra) __size_overflow(3); ++static int copy_vm86_regs_from_user(struct kernel_vm86_regs *regs, ++ const struct vm86_regs __user *user, + unsigned extra) + { + int ret = 0; +@@ -148,7 +152,7 @@ struct pt_regs *save_v86_state(struct kernel_vm86_regs *regs) do_exit(SIGSEGV); } @@ -19578,7 +19625,7 @@ index 04b8726..0c35b29 100644 current->thread.sp0 = current->thread.saved_sp0; current->thread.sysenter_cs = __KERNEL_CS; load_sp0(tss, ¤t->thread); -@@ -210,6 +211,13 @@ int sys_vm86old(struct vm86_struct __user *v86, struct pt_regs *regs) +@@ -210,6 +214,13 @@ int sys_vm86old(struct vm86_struct __user *v86, struct pt_regs *regs) struct task_struct *tsk; int tmp, ret = -EPERM; @@ -19592,7 +19639,7 @@ index 04b8726..0c35b29 100644 tsk = current; if (tsk->thread.saved_sp0) goto out; -@@ -240,6 +248,14 @@ int sys_vm86(unsigned long cmd, unsigned long arg, struct pt_regs *regs) +@@ -240,6 +251,14 @@ int sys_vm86(unsigned long cmd, unsigned long arg, struct pt_regs *regs) int tmp, ret; struct vm86plus_struct __user *v86; @@ -19607,7 +19654,7 @@ index 04b8726..0c35b29 100644 tsk = current; switch (cmd) { case VM86_REQUEST_IRQ: -@@ -326,7 +342,7 @@ static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk +@@ -326,7 +345,7 @@ static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk tsk->thread.saved_fs = info->regs32->fs; tsk->thread.saved_gs = get_user_gs(info->regs32); @@ -19616,7 +19663,7 @@ index 04b8726..0c35b29 100644 tsk->thread.sp0 = (unsigned long) &info->VM86_TSS_ESP0; if (cpu_has_sep) tsk->thread.sysenter_cs = 0; -@@ -531,7 +547,7 @@ static void do_int(struct kernel_vm86_regs *regs, int i, +@@ -531,7 +550,7 @@ static void do_int(struct kernel_vm86_regs *regs, int i, goto cannot_handle; if (i == 0x21 && is_revectored(AH(regs), &KVM86->int21_revectored)) goto cannot_handle; @@ -20028,7 +20075,7 @@ index 54abb40..a192606 100644 #define APIC_LVT_NUM 6 /* 14 is the version for Xeon and Pentium 8.4.8*/ diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c -index f1b36cf..af8a124 100644 +index f1b36cf..a1eabef 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -3555,7 +3555,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa, @@ -20049,6 +20096,15 @@ index f1b36cf..af8a124 100644 gentry = 0; kvm_mmu_free_some_pages(vcpu); ++vcpu->kvm->stat.mmu_pte_write; +@@ -3984,6 +3984,8 @@ static void *pv_mmu_read_buffer(struct kvm_pv_mmu_op_buffer *buffer, + } + + static int kvm_pv_mmu_write(struct kvm_vcpu *vcpu, ++ gpa_t addr, gpa_t value) __size_overflow(2); ++static int kvm_pv_mmu_write(struct kvm_vcpu *vcpu, + gpa_t addr, gpa_t value) + { + int bytes = 8; diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h index 9299410..ade2f9b 100644 --- a/arch/x86/kvm/paging_tmpl.h @@ -20197,7 +20253,7 @@ index 4ea7678..c715f2f 100644 vmx->exit_reason = vmcs_read32(VM_EXIT_REASON); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index e04cae1..4ab8872 100644 +index e04cae1..f11f842 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -907,6 +907,7 @@ static int do_set_msr(struct kvm_vcpu *vcpu, unsigned index, u64 *data) @@ -20208,7 +20264,12 @@ index e04cae1..4ab8872 100644 static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock) { int version; -@@ -1345,8 +1346,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) +@@ -1341,12 +1342,13 @@ static int set_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 data) + return 0; + } + ++static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) __size_overflow(2); + static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) { struct kvm *kvm = vcpu->kvm; int lm = is_long_mode(vcpu); @@ -20219,7 +20280,7 @@ index e04cae1..4ab8872 100644 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 : kvm->arch.xen_hvm_config.blob_size_32; u32 page_num = data & ~PAGE_MASK; -@@ -2165,6 +2166,8 @@ long kvm_arch_dev_ioctl(struct file *filp, +@@ -2165,6 +2167,8 @@ long kvm_arch_dev_ioctl(struct file *filp, if (n < msr_list.nmsrs) goto out; r = -EFAULT; @@ -20228,7 +20289,7 @@ index e04cae1..4ab8872 100644 if (copy_to_user(user_msr_list->indices, &msrs_to_save, num_msrs_to_save * sizeof(u32))) goto out; -@@ -2340,15 +2343,20 @@ static int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu, +@@ -2340,15 +2344,20 @@ static int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu, struct kvm_cpuid2 *cpuid, struct kvm_cpuid_entry2 __user *entries) { @@ -20252,7 +20313,7 @@ index e04cae1..4ab8872 100644 vcpu->arch.cpuid_nent = cpuid->nent; kvm_apic_set_version(vcpu); kvm_x86_ops->cpuid_update(vcpu); -@@ -2363,15 +2371,19 @@ static int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu, +@@ -2363,15 +2372,19 @@ static int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu, struct kvm_cpuid2 *cpuid, struct kvm_cpuid_entry2 __user *entries) { @@ -20275,7 +20336,7 @@ index e04cae1..4ab8872 100644 return 0; out: -@@ -2746,7 +2758,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, +@@ -2746,7 +2759,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu, struct kvm_interrupt *irq) { @@ -20284,7 +20345,7 @@ index e04cae1..4ab8872 100644 return -EINVAL; if (irqchip_in_kernel(vcpu->kvm)) return -ENXIO; -@@ -3949,6 +3961,9 @@ gpa_t kvm_mmu_gva_to_gpa_system(struct kvm_vcpu *vcpu, gva_t gva, +@@ -3949,6 +3962,9 @@ gpa_t kvm_mmu_gva_to_gpa_system(struct kvm_vcpu *vcpu, gva_t gva, static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned int bytes, struct kvm_vcpu *vcpu, u32 access, @@ -20294,7 +20355,7 @@ index e04cae1..4ab8872 100644 struct x86_exception *exception) { void *data = val; -@@ -3980,6 +3995,9 @@ out: +@@ -3980,6 +3996,9 @@ out: /* used for instruction fetching */ static int kvm_fetch_guest_virt(struct x86_emulate_ctxt *ctxt, gva_t addr, void *val, unsigned int bytes, @@ -20304,7 +20365,7 @@ index e04cae1..4ab8872 100644 struct x86_exception *exception) { struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt); -@@ -4004,6 +4022,9 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_virt); +@@ -4004,6 +4023,9 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_virt); static int kvm_read_guest_virt_system(struct x86_emulate_ctxt *ctxt, gva_t addr, void *val, unsigned int bytes, @@ -20314,7 +20375,7 @@ index e04cae1..4ab8872 100644 struct x86_exception *exception) { struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt); -@@ -4117,12 +4138,16 @@ static int read_prepare(struct kvm_vcpu *vcpu, void *val, int bytes) +@@ -4117,12 +4139,16 @@ static int read_prepare(struct kvm_vcpu *vcpu, void *val, int bytes) } static int read_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, @@ -20331,7 +20392,7 @@ index e04cae1..4ab8872 100644 void *val, int bytes) { return emulator_write_phys(vcpu, gpa, val, bytes); -@@ -4273,6 +4298,12 @@ static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt, +@@ -4273,6 +4299,12 @@ static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt, const void *old, const void *new, unsigned int bytes, @@ -20344,7 +20405,7 @@ index e04cae1..4ab8872 100644 struct x86_exception *exception) { struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt); -@@ -5185,7 +5216,7 @@ static void kvm_set_mmio_spte_mask(void) +@@ -5185,7 +5217,7 @@ static void kvm_set_mmio_spte_mask(void) kvm_mmu_set_mmio_spte_mask(mask); } @@ -25284,10 +25345,10 @@ index 9f0614d..92ae64a 100644 p += get_opcode(p, &opcode); for (i = 0; i < ARRAY_SIZE(imm_wop); i++) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c -index 8573b83..c3b1a30 100644 +index 8573b83..01e9be7 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c -@@ -84,10 +84,52 @@ static inline void pgd_list_del(pgd_t *pgd) +@@ -84,10 +84,56 @@ static inline void pgd_list_del(pgd_t *pgd) list_del(&page->lru); } @@ -25306,14 +25367,18 @@ index 8573b83..c3b1a30 100644 +#ifdef CONFIG_PAX_PER_CPU_PGD +void __clone_user_pgds(pgd_t *dst, const pgd_t *src, int count) +{ -+ while (count--) ++ while (count--) { ++ pgd_t pgd; ++ ++ pgd = __pgd(pgd_val(*src++) | _PAGE_USER); + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ *dst++ = __pgd(pgd_val(*src++) & clone_pgd_mask); -+#else -+ *dst++ = *src++; ++ pgd = __pgd(pgd_val(pgd) & clone_pgd_mask); +#endif + ++ *dst++ = pgd; ++ } ++ +} +#endif + @@ -25342,7 +25407,7 @@ index 8573b83..c3b1a30 100644 static void pgd_set_mm(pgd_t *pgd, struct mm_struct *mm) { BUILD_BUG_ON(sizeof(virt_to_page(pgd)->index) < sizeof(mm)); -@@ -128,6 +170,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -128,6 +174,7 @@ static void pgd_dtor(pgd_t *pgd) pgd_list_del(pgd); spin_unlock(&pgd_lock); } @@ -25350,7 +25415,7 @@ index 8573b83..c3b1a30 100644 /* * List of all pgd's needed for non-PAE so it can invalidate entries -@@ -140,7 +183,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -140,7 +187,7 @@ static void pgd_dtor(pgd_t *pgd) * -- wli */ @@ -25359,7 +25424,7 @@ index 8573b83..c3b1a30 100644 /* * In PAE mode, we need to do a cr3 reload (=tlb flush) when * updating the top-level pagetable entries to guarantee the -@@ -152,7 +195,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -152,7 +199,7 @@ static void pgd_dtor(pgd_t *pgd) * not shared between pagetables (!SHARED_KERNEL_PMDS), we allocate * and initialize the kernel pmds here. */ @@ -25368,7 +25433,7 @@ index 8573b83..c3b1a30 100644 void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) { -@@ -170,36 +213,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) +@@ -170,36 +217,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) */ flush_tlb_mm(mm); } @@ -25418,7 +25483,7 @@ index 8573b83..c3b1a30 100644 return -ENOMEM; } -@@ -212,51 +257,55 @@ static int preallocate_pmds(pmd_t *pmds[]) +@@ -212,51 +261,55 @@ static int preallocate_pmds(pmd_t *pmds[]) * preallocate which never got a corresponding vma will need to be * freed manually. */ @@ -25491,7 +25556,7 @@ index 8573b83..c3b1a30 100644 pgd = (pgd_t *)__get_free_page(PGALLOC_GFP); -@@ -265,11 +314,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm) +@@ -265,11 +318,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm) mm->pgd = pgd; @@ -25505,7 +25570,7 @@ index 8573b83..c3b1a30 100644 /* * Make sure that pre-populating the pmds is atomic with -@@ -279,14 +328,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm) +@@ -279,14 +332,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm) spin_lock(&pgd_lock); pgd_ctor(mm, pgd); @@ -25523,7 +25588,7 @@ index 8573b83..c3b1a30 100644 out_free_pgd: free_page((unsigned long)pgd); out: -@@ -295,7 +344,7 @@ out: +@@ -295,7 +348,7 @@ out: void pgd_free(struct mm_struct *mm, pgd_t *pgd) { @@ -34571,49 +34636,6 @@ index ac40925..483b753 100644 #include <linux/mtd/mtd.h> #include <linux/mtd/nand.h> #include <linux/mtd/nftl.h> -diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c -index 6c3fb5a..5b2eeb0 100644 ---- a/drivers/mtd/ubi/build.c -+++ b/drivers/mtd/ubi/build.c -@@ -1311,7 +1311,7 @@ module_exit(ubi_exit); - static int __init bytes_str_to_int(const char *str) - { - char *endp; -- unsigned long result; -+ unsigned long result, scale = 1; - - result = simple_strtoul(str, &endp, 0); - if (str == endp || result >= INT_MAX) { -@@ -1322,11 +1322,11 @@ static int __init bytes_str_to_int(const char *str) - - switch (*endp) { - case 'G': -- result *= 1024; -+ scale *= 1024; - case 'M': -- result *= 1024; -+ scale *= 1024; - case 'K': -- result *= 1024; -+ scale *= 1024; - if (endp[1] == 'i' && endp[2] == 'B') - endp += 2; - case '\0': -@@ -1337,7 +1337,13 @@ static int __init bytes_str_to_int(const char *str) - return -EINVAL; - } - -- return result; -+ if (result*scale >= INT_MAX) { -+ printk(KERN_ERR "UBI error: incorrect bytes count: \"%s\"\n", -+ str); -+ return -EINVAL; -+ } -+ -+ return result*scale; - } - - /** diff --git a/drivers/mtd/ubi/debug.c b/drivers/mtd/ubi/debug.c index ab80c0d..aec8580 100644 --- a/drivers/mtd/ubi/debug.c @@ -34665,6 +34687,19 @@ index 94b4bd0..73c02de 100644 #define CHIPREV_ID_5750_C2 0x4202 #define CHIPREV_ID_5752_A0_HW 0x5000 #define CHIPREV_ID_5752_A0 0x6000 +diff --git a/drivers/net/ethernet/chelsio/cxgb/sge.c b/drivers/net/ethernet/chelsio/cxgb/sge.c +index f9b6023..7196a60 100644 +--- a/drivers/net/ethernet/chelsio/cxgb/sge.c ++++ b/drivers/net/ethernet/chelsio/cxgb/sge.c +@@ -1052,6 +1052,8 @@ MODULE_PARM_DESC(copybreak, "Receive copy threshold"); + * be copied but there is no memory for the copy. + */ + static inline struct sk_buff *get_packet(struct pci_dev *pdev, ++ struct freelQ *fl, unsigned int len) __size_overflow(3); ++static inline struct sk_buff *get_packet(struct pci_dev *pdev, + struct freelQ *fl, unsigned int len) + { + struct sk_buff *skb; diff --git a/drivers/net/ethernet/chelsio/cxgb3/l2t.h b/drivers/net/ethernet/chelsio/cxgb3/l2t.h index c5f5479..2e8c260 100644 --- a/drivers/net/ethernet/chelsio/cxgb3/l2t.h @@ -38350,6 +38385,19 @@ index 2b42a01..32a2ed3 100644 #ifdef CONFIG_KGDB_SERIAL_CONSOLE /* This is only available if kgdboc is a built in for early debugging */ static int __init kgdboc_early_init(char *opt) +diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c +index 43db715..82134aa 100644 +--- a/drivers/tty/sysrq.c ++++ b/drivers/tty/sysrq.c +@@ -862,7 +862,7 @@ EXPORT_SYMBOL(unregister_sysrq_key); + static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf, + size_t count, loff_t *ppos) + { +- if (count) { ++ if (count && capable(CAP_SYS_ADMIN)) { + char c; + + if (get_user(c, buf)) diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c index 05085be..67eadb0 100644 --- a/drivers/tty/tty_io.c @@ -42181,7 +42229,7 @@ index a6395bd..f1e376a 100644 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); #ifdef __alpha__ diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 6ff96c6..d788bf7 100644 +index 6ff96c6..1d827f3 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -32,6 +32,7 @@ @@ -42815,7 +42863,7 @@ index 6ff96c6..d788bf7 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -881,11 +1339,37 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -881,11 +1339,36 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -42833,13 +42881,12 @@ index 6ff96c6..d788bf7 100644 + if (current->mm->pax_flags & MF_PAX_RANDMMAP) { + unsigned long start, size; + -+ current->mm->end_data = end_data = elf_brk; + start = ELF_PAGEALIGN(elf_brk); + size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4); -+ current->mm->start_brk = start + size; + down_write(¤t->mm->mmap_sem); + retval = -ENOMEM; + if (!find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) { ++ current->mm->brk_gap = PAGE_ALIGN(size) >> PAGE_SHIFT; + start = do_mmap(NULL, start, size, PROT_NONE, MAP_ANONYMOUS | MAP_FIXED | MAP_PRIVATE, 0); + retval = IS_ERR_VALUE(start) ? start : 0; + } @@ -42856,7 +42903,7 @@ index 6ff96c6..d788bf7 100644 if (elf_interpreter) { unsigned long uninitialized_var(interp_map_addr); -@@ -1098,7 +1582,7 @@ out: +@@ -1098,7 +1581,7 @@ out: * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -42865,7 +42912,7 @@ index 6ff96c6..d788bf7 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1132,7 +1616,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1132,7 +1615,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -42874,7 +42921,7 @@ index 6ff96c6..d788bf7 100644 goto whole; /* -@@ -1354,9 +1838,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1354,9 +1837,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -42886,7 +42933,7 @@ index 6ff96c6..d788bf7 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1862,14 +2346,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -1862,14 +2345,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -42903,7 +42950,7 @@ index 6ff96c6..d788bf7 100644 return size; } -@@ -1963,7 +2447,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1963,7 +2446,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -42912,7 +42959,7 @@ index 6ff96c6..d788bf7 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -1977,10 +2461,12 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1977,10 +2460,12 @@ static int elf_core_dump(struct coredump_params *cprm) offset = dataoff; size += sizeof(*elf); @@ -42925,7 +42972,7 @@ index 6ff96c6..d788bf7 100644 if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -1994,7 +2480,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1994,7 +2479,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -42934,7 +42981,7 @@ index 6ff96c6..d788bf7 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2005,6 +2491,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2005,6 +2490,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_align = ELF_EXEC_PAGESIZE; size += sizeof(phdr); @@ -42942,7 +42989,7 @@ index 6ff96c6..d788bf7 100644 if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2029,7 +2516,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2029,7 +2515,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -42951,7 +42998,7 @@ index 6ff96c6..d788bf7 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2038,6 +2525,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2038,6 +2524,7 @@ static int elf_core_dump(struct coredump_params *cprm) page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -42959,7 +43006,7 @@ index 6ff96c6..d788bf7 100644 stop = ((size += PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2055,6 +2543,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2055,6 +2542,7 @@ static int elf_core_dump(struct coredump_params *cprm) if (e_phnum == PN_XNUM) { size += sizeof(*shdr4extnum); @@ -42967,7 +43014,7 @@ index 6ff96c6..d788bf7 100644 if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2075,6 +2564,97 @@ out: +@@ -2075,6 +2563,97 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -43955,6 +44002,19 @@ index 9a37a9b..35792b6 100644 /* * We'll have a dentry and an inode for +diff --git a/fs/configfs/file.c b/fs/configfs/file.c +index 2b6cb23..d76e879 100644 +--- a/fs/configfs/file.c ++++ b/fs/configfs/file.c +@@ -135,6 +135,8 @@ out: + */ + + static int ++fill_write_buffer(struct configfs_buffer * buffer, const char __user * buf, size_t count) __size_overflow(3); ++static int + fill_write_buffer(struct configfs_buffer * buffer, const char __user * buf, size_t count) + { + int error; diff --git a/fs/dcache.c b/fs/dcache.c index eb723d3..d59753b 100644 --- a/fs/dcache.c @@ -50941,10 +51001,10 @@ index 0000000..1b9afa9 +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..2d9c682 +index 0000000..50b4257 --- /dev/null +++ b/grsecurity/gracl.c -@@ -0,0 +1,4172 @@ +@@ -0,0 +1,4185 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -53502,19 +53562,32 @@ index 0000000..2d9c682 + + newacl = chk_subj_label(dentry, mnt, task->role); + -+ task_lock(task); ++ /* special handling for if we did an strace -f -p <pid> from an admin role, where pid then ++ did an exec ++ */ ++ rcu_read_lock(); ++ read_lock(&tasklist_lock); ++ if (task->ptrace && task->parent && ((task->parent->role->roletype & GR_ROLE_GOD) || ++ (task->parent->acl->mode & GR_POVERRIDE))) { ++ read_unlock(&tasklist_lock); ++ rcu_read_unlock(); ++ goto skip_check; ++ } ++ read_unlock(&tasklist_lock); ++ rcu_read_unlock(); ++ + if (unsafe_flags && !(task->acl->mode & GR_POVERRIDE) && (task->acl != newacl) && + !(task->role->roletype & GR_ROLE_GOD) && + !gr_search_file(dentry, GR_PTRACERD, mnt) && + !(task->acl->mode & (GR_LEARN | GR_INHERITLEARN))) { -+ task_unlock(task); + if (unsafe_flags & LSM_UNSAFE_SHARE) + gr_log_fs_generic(GR_DONT_AUDIT, GR_UNSAFESHARE_EXEC_ACL_MSG, dentry, mnt); + else + gr_log_fs_generic(GR_DONT_AUDIT, GR_PTRACE_EXEC_ACL_MSG, dentry, mnt); + return -EACCES; + } -+ task_unlock(task); ++ ++skip_check: + + obj = chk_obj_label(dentry, mnt, task->acl); + retmode = obj->mode & (GR_INHERIT | GR_AUDIT_INHERIT); @@ -55778,10 +55851,10 @@ index 0000000..88d0e87 +} diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c new file mode 100644 -index 0000000..17050ca +index 0000000..58800a7 --- /dev/null +++ b/grsecurity/gracl_ip.c -@@ -0,0 +1,381 @@ +@@ -0,0 +1,384 @@ +#include <linux/kernel.h> +#include <asm/uaccess.h> +#include <asm/errno.h> @@ -56103,6 +56176,9 @@ index 0000000..17050ca +int +gr_search_connect(struct socket *sock, struct sockaddr_in *addr) +{ ++ /* always allow disconnection of dgram sockets with connect */ ++ if (addr->sin_family == AF_UNSPEC) ++ return 0; + return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sock->sk, addr, sock->type); +} + @@ -62665,7 +62741,7 @@ index 4baadd1..2e0b45e 100644 #endif /* __KERNEL__ */ #endif /* _LINUX_MM_H */ diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h -index 5b42f1b..759e4b4 100644 +index 5b42f1b..fdf1edb 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h @@ -253,6 +253,8 @@ struct vm_area_struct { @@ -62677,12 +62753,21 @@ index 5b42f1b..759e4b4 100644 }; struct core_thread { +@@ -327,7 +329,7 @@ struct mm_struct { + unsigned long def_flags; + unsigned long nr_ptes; /* Page table pages */ + unsigned long start_code, end_code, start_data, end_data; +- unsigned long start_brk, brk, start_stack; ++ unsigned long brk_gap, start_brk, brk, start_stack; + unsigned long arg_start, arg_end, env_start, env_end; + + unsigned long saved_auxv[AT_VECTOR_SIZE]; /* for /proc/PID/auxv */ @@ -389,6 +391,24 @@ struct mm_struct { #ifdef CONFIG_CPUMASK_OFFSTACK struct cpumask cpumask_allocation; #endif + -+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) ++#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_XATTR_PAX_FLAGS) || defined(CONFIG_PAX_HAVE_ACL_FLAGS) || defined(CONFIG_PAX_HOOK_ACL_FLAGS) + unsigned long pax_flags; +#endif + @@ -67048,6 +67133,19 @@ index bc90b87..43c7d8c 100644 head = &kprobe_table[i]; preempt_disable(); +diff --git a/kernel/ksysfs.c b/kernel/ksysfs.c +index 4e316e1..5501eef 100644 +--- a/kernel/ksysfs.c ++++ b/kernel/ksysfs.c +@@ -47,6 +47,8 @@ static ssize_t uevent_helper_store(struct kobject *kobj, + { + if (count+1 > UEVENT_HELPER_PATH_LEN) + return -ENOENT; ++ if (!capable(CAP_SYS_ADMIN)) ++ return -EPERM; + memcpy(uevent_helper, buf, count); + uevent_helper[count] = '\0'; + if (count && uevent_helper[count-1] == '\n') diff --git a/kernel/lockdep.c b/kernel/lockdep.c index b2e08c9..01d8049 100644 --- a/kernel/lockdep.c @@ -71684,7 +71782,7 @@ index 4f4f53b..9511904 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index eae90af..4370c73 100644 +index eae90af..67b94e0 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -46,6 +46,16 @@ @@ -72980,22 +73078,20 @@ index eae90af..4370c73 100644 /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2382,8 +2863,13 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) - unsigned long cur = mm->total_vm; /* pages */ - unsigned long lim; +@@ -2384,6 +2865,12 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) + + lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; +#ifdef CONFIG_PAX_RANDMMAP -+ if ((mm->pax_flags & MF_PAX_RANDMMAP) && mm->end_data) -+ cur -= (mm->start_brk - mm->end_data) >> PAGE_SHIFT; ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ cur -= mm->brk_gap; +#endif + - lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; -- + gr_learn_resource(current, RLIMIT_AS, (cur + npages) << PAGE_SHIFT, 1); if (cur + npages > lim) return 0; return 1; -@@ -2454,6 +2940,22 @@ int install_special_mapping(struct mm_struct *mm, +@@ -2454,6 +2941,22 @@ int install_special_mapping(struct mm_struct *mm, vma->vm_start = addr; vma->vm_end = addr + len; @@ -75621,6 +75717,28 @@ index ff52ad0..aff1c0f 100644 i++, cmfptr++) { int new_fd; +diff --git a/net/core/skbuff.c b/net/core/skbuff.c +index 3c30ee4..29cb392 100644 +--- a/net/core/skbuff.c ++++ b/net/core/skbuff.c +@@ -3111,6 +3111,8 @@ static void sock_rmem_free(struct sk_buff *skb) + */ + int sock_queue_err_skb(struct sock *sk, struct sk_buff *skb) + { ++ int len = skb->len; ++ + if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >= + (unsigned)sk->sk_rcvbuf) + return -ENOMEM; +@@ -3125,7 +3127,7 @@ int sock_queue_err_skb(struct sock *sk, struct sk_buff *skb) + + skb_queue_tail(&sk->sk_error_queue, skb); + if (!sock_flag(sk, SOCK_DEAD)) +- sk->sk_data_ready(sk, skb->len); ++ sk->sk_data_ready(sk, len); + return 0; + } + EXPORT_SYMBOL(sock_queue_err_skb); diff --git a/net/core/sock.c b/net/core/sock.c index b23f174..b9a0d26 100644 --- a/net/core/sock.c @@ -75972,10 +76090,20 @@ index 99ec116..c5628fe 100644 return res; } diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c -index fd7a3f6..e5be655 100644 +index fd7a3f6..a1b1013 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c -@@ -984,6 +984,11 @@ static int __do_replace(struct net *net, const char *name, +@@ -757,6 +757,9 @@ static struct xt_counters *alloc_counters(const struct xt_table *table) + + static int copy_entries_to_user(unsigned int total_size, + const struct xt_table *table, ++ void __user *userptr) __size_overflow(1); ++static int copy_entries_to_user(unsigned int total_size, ++ const struct xt_table *table, + void __user *userptr) + { + unsigned int off, num; +@@ -984,6 +987,11 @@ static int __do_replace(struct net *net, const char *name, unsigned int valid_hooks, struct xt_table_info *newinfo, unsigned int num_counters, @@ -75987,7 +76115,7 @@ index fd7a3f6..e5be655 100644 void __user *counters_ptr) { int ret; -@@ -1104,6 +1109,8 @@ static int do_replace(struct net *net, const void __user *user, +@@ -1104,6 +1112,8 @@ static int do_replace(struct net *net, const void __user *user, } static int do_add_counters(struct net *net, const void __user *user, @@ -75997,10 +76125,21 @@ index fd7a3f6..e5be655 100644 { unsigned int i, curcpu; diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c -index 24e556e..a8daf7a 100644 +index 24e556e..b073356 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c -@@ -1172,6 +1172,10 @@ get_entries(struct net *net, struct ipt_get_entries __user *uptr, +@@ -923,6 +923,10 @@ static struct xt_counters *alloc_counters(const struct xt_table *table) + static int + copy_entries_to_user(unsigned int total_size, + const struct xt_table *table, ++ void __user *userptr) __size_overflow(1); ++static int ++copy_entries_to_user(unsigned int total_size, ++ const struct xt_table *table, + void __user *userptr) + { + unsigned int off, num; +@@ -1172,6 +1176,10 @@ get_entries(struct net *net, struct ipt_get_entries __user *uptr, static int __do_replace(struct net *net, const char *name, unsigned int valid_hooks, struct xt_table_info *newinfo, unsigned int num_counters, @@ -76011,7 +76150,7 @@ index 24e556e..a8daf7a 100644 void __user *counters_ptr) { int ret; -@@ -1293,6 +1297,9 @@ do_replace(struct net *net, const void __user *user, unsigned int len) +@@ -1293,6 +1301,9 @@ do_replace(struct net *net, const void __user *user, unsigned int len) static int do_add_counters(struct net *net, const void __user *user, @@ -76486,10 +76625,21 @@ index 26cb08c..8af9877 100644 msg.msg_flags = flags; diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c -index 94874b0..dc413fa 100644 +index 94874b0..108a94d 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c -@@ -1194,6 +1194,10 @@ get_entries(struct net *net, struct ip6t_get_entries __user *uptr, +@@ -945,6 +945,10 @@ static struct xt_counters *alloc_counters(const struct xt_table *table) + static int + copy_entries_to_user(unsigned int total_size, + const struct xt_table *table, ++ void __user *userptr) __size_overflow(1); ++static int ++copy_entries_to_user(unsigned int total_size, ++ const struct xt_table *table, + void __user *userptr) + { + unsigned int off, num; +@@ -1194,6 +1198,10 @@ get_entries(struct net *net, struct ip6t_get_entries __user *uptr, static int __do_replace(struct net *net, const char *name, unsigned int valid_hooks, struct xt_table_info *newinfo, unsigned int num_counters, @@ -76500,7 +76650,7 @@ index 94874b0..dc413fa 100644 void __user *counters_ptr) { int ret; -@@ -1315,6 +1319,9 @@ do_replace(struct net *net, const void __user *user, unsigned int len) +@@ -1315,6 +1323,9 @@ do_replace(struct net *net, const void __user *user, unsigned int len) static int do_add_counters(struct net *net, const void __user *user, unsigned int len, @@ -78891,9 +79041,18 @@ index f936d1f..a66d95f 100644 sprintf(alias, "dmi*"); diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c -index 2bd594e..d43245e 100644 +index 2bd594e..faa7615 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c +@@ -849,7 +849,7 @@ static void check_section(const char *modname, struct elf_info *elf, + + #define ALL_INIT_DATA_SECTIONS \ + ".init.setup$", ".init.rodata$", \ +- ".devinit.rodata$", ".cpuinit.rodata$", ".meminit.rodata$" \ ++ ".devinit.rodata$", ".cpuinit.rodata$", ".meminit.rodata$", \ + ".init.data$", ".devinit.data$", ".cpuinit.data$", ".meminit.data$" + #define ALL_EXIT_DATA_SECTIONS \ + ".exit.data$", ".devexit.data$", ".cpuexit.data$", ".memexit.data$" @@ -919,6 +919,7 @@ enum mismatch { ANY_INIT_TO_ANY_EXIT, ANY_EXIT_TO_ANY_INIT, @@ -79036,11 +79195,24 @@ index 5c11312..72742b5 100644 logoname); write_hex_cnt = 0; for (i = 0; i < logo_clutsize; i++) { +diff --git a/scripts/tags.sh b/scripts/tags.sh +index 38f6617..e70b72b 100755 +--- a/scripts/tags.sh ++++ b/scripts/tags.sh +@@ -116,7 +116,7 @@ docscope() + + dogtags() + { +- all_sources | gtags -f - ++ all_sources | gtags -i -f - + } + + exuberant() diff --git a/security/Kconfig b/security/Kconfig -index 51bd5a0..58c5b70 100644 +index 51bd5a0..c37f5e6 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,639 @@ +@@ -4,6 +4,640 @@ menu "Security options" @@ -79662,6 +79834,7 @@ index 51bd5a0..58c5b70 100644 + +config PAX_SIZE_OVERFLOW + bool "Prevent various integer overflows in function size parameters" ++ depends on X86 + help + By saying Y here the kernel recomputes expressions of function + arguments marked by a size_overflow attribute with double integer @@ -79680,7 +79853,7 @@ index 51bd5a0..58c5b70 100644 config KEYS bool "Enable access key retention support" help -@@ -169,7 +802,7 @@ config INTEL_TXT +@@ -169,7 +803,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -81454,7 +81627,7 @@ index 0000000..a5eabce +} diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c new file mode 100644 -index 0000000..008f159 +index 0000000..d8a8da2 --- /dev/null +++ b/tools/gcc/kernexec_plugin.c @@ -0,0 +1,427 @@ @@ -81664,7 +81837,7 @@ index 0000000..008f159 + update_stmt(assign_intptr); + + // cast temporary unsigned long back to a temporary fptr variable -+ new_fptr = create_tmp_var(TREE_TYPE(old_fptr), "kernexec"); ++ new_fptr = create_tmp_var(TREE_TYPE(old_fptr), "kernexec_fptr"); + add_referenced_var(new_fptr); + mark_sym_for_renaming(new_fptr); + assign_new_fptr = gimple_build_assign(new_fptr, fold_convert(TREE_TYPE(old_fptr), intptr)); @@ -81887,10 +82060,10 @@ index 0000000..008f159 +} diff --git a/tools/gcc/size_overflow_hash1.h b/tools/gcc/size_overflow_hash1.h new file mode 100644 -index 0000000..55a1292 +index 0000000..288fb50 --- /dev/null +++ b/tools/gcc/size_overflow_hash1.h -@@ -0,0 +1,2760 @@ +@@ -0,0 +1,2940 @@ +struct size_overflow_hash size_overflow_hash1[65536] = { + [10013].file = "security/smack/smackfs.c", + [10013].name = "smk_write_direct", @@ -81904,6 +82077,9 @@ index 0000000..55a1292 + [1022].file = "sound/pci/rme9652/rme9652.c", + [1022].name = "snd_rme9652_playback_copy", + [1022].param5 = 1, ++ [10321].file = "drivers/platform/x86/thinkpad_acpi.c", ++ [10321].name = "create_attr_set", ++ [10321].param1 = 1, + [10341].file = "fs/nfsd/nfs4xdr.c", + [10341].name = "read_buf", + [10341].param2 = 1, @@ -81913,13 +82089,13 @@ index 0000000..55a1292 + [10397].file = "drivers/gpu/drm/i915/i915_debugfs.c", + [10397].name = "i915_wedged_write", + [10397].param3 = 1, ++ [10399].file = "kernel/trace/trace.c", ++ [10399].name = "trace_seq_to_user", ++ [10399].param3 = 1, + [10414].file = "drivers/tty/vt/vt.c", + [10414].name = "vc_do_resize", + [10414].param3 = 1, + [10414].param4 = 1, -+ [10496].file = "drivers/bluetooth/hci_vhci.c", -+ [10496].name = "vhci_read", -+ [10496].param3 = 1, + [10565].file = "drivers/input/touchscreen/ad7879-spi.c", + [10565].name = "ad7879_spi_multi_read", + [10565].param3 = 1, @@ -81929,30 +82105,49 @@ index 0000000..55a1292 + [10707].file = "fs/nfs/idmap.c", + [10707].name = "nfs_idmap_request_key", + [10707].param2 = 1, ++ [1073].file = "drivers/block/aoe/aoecmd.c", ++ [1073].name = "addtgt", ++ [1073].param3 = 1, ++ [10745].file = "fs/cifs/connect.c", ++ [10745].name = "get_server_iovec", ++ [10745].param2 = 1, ++ [10750].file = "drivers/net/wireless/iwmc3200wifi/rx.c", ++ [10750].name = "iwm_ntf_calib_res", ++ [10750].param3 = 1, + [10773].file = "drivers/input/mousedev.c", + [10773].name = "mousedev_read", + [10773].param3 = 1, + [10777].file = "fs/ntfs/file.c", + [10777].name = "ntfs_file_buffered_write", + [10777].param6 = 1, ++ [10893].file = "drivers/misc/sgi-gru/gruprocfs.c", ++ [10893].name = "options_write", ++ [10893].param3 = 1, + [10919].file = "net/ipv4/netfilter/arp_tables.c", + [10919].name = "do_arpt_set_ctl", + [10919].param4 = 1, -+ [11054].file = "drivers/net/wireless/libertas/debugfs.c", -+ [11054].name = "lbs_wrmac_write", -+ [11054].param3 = 1, -+ [11068].file = "drivers/net/wireless/libertas/debugfs.c", -+ [11068].name = "lbs_wrrf_write", -+ [11068].param3 = 1, ++ [1107].file = "mm/process_vm_access.c", ++ [1107].name = "process_vm_rw_single_vec", ++ [1107].param1 = 1, ++ [1107].param2 = 1, ++ [11230].file = "net/core/neighbour.c", ++ [11230].name = "neigh_hash_grow", ++ [11230].param2 = 1, + [11364].file = "fs/ext4/super.c", + [11364].name = "ext4_kvzalloc", + [11364].param1 = 1, -+ [11402].file = "drivers/net/wireless/libertas/debugfs.c", -+ [11402].name = "lbs_threshold_write", -+ [11402].param5 = 1, -+ [11494].file = "drivers/video/via/viafbdev.c", -+ [11494].name = "viafb_dvp1_proc_write", -+ [11494].param3 = 1, ++ [114].file = "security/selinux/selinuxfs.c", ++ [114].name = "sel_write_relabel", ++ [114].param3 = 1, ++ [11549].file = "drivers/media/rc/redrat3.c", ++ [11549].name = "redrat3_transmit_ir", ++ [11549].param3 = 1, ++ [11568].file = "drivers/gpu/drm/drm_scatter.c", ++ [11568].name = "drm_vmalloc_dma", ++ [11568].param1 = 1, ++ [11582].file = "drivers/scsi/lpfc/lpfc_sli.c", ++ [11582].name = "lpfc_sli4_queue_alloc", ++ [11582].param3 = 1, + [11616].file = "security/selinux/selinuxfs.c", + [11616].name = "sel_write_enforce", + [11616].param3 = 1, @@ -81968,21 +82163,24 @@ index 0000000..55a1292 + [11814].file = "drivers/staging/speakup/kobjects.c", + [11814].name = "keymap_store", + [11814].param4 = 1, -+ [11912].file = "net/sunrpc/cache.c", -+ [11912].name = "cache_write_pipefs", -+ [11912].param3 = 1, + [11919].file = "drivers/lguest/core.c", + [11919].name = "__lgread", + [11919].param4 = 1, ++ [11925].file = "drivers/media/video/cx18/cx18-fileops.c", ++ [11925].name = "cx18_copy_mdl_to_user", ++ [11925].param4 = 1, ++ [11985].file = "drivers/block/floppy.c", ++ [11985].name = "fd_copyin", ++ [11985].param3 = 1, + [11986].file = "drivers/net/usb/asix.c", + [11986].name = "asix_read_cmd", + [11986].param5 = 1, ++ [12018].file = "sound/core/oss/pcm_oss.c", ++ [12018].name = "snd_pcm_oss_read1", ++ [12018].param3 = 1, + [12059].file = "drivers/net/wireless/libertas/debugfs.c", + [12059].name = "lbs_debugfs_write", + [12059].param3 = 1, -+ [12071].file = "lib/kstrtox.c", -+ [12071].name = "kstrtou8_from_user", -+ [12071].param2 = 1, + [12151].file = "fs/compat.c", + [12151].name = "compat_rw_copy_check_uvector", + [12151].param3 = 1, @@ -81998,15 +82196,6 @@ index 0000000..55a1292 + [12395].file = "drivers/char/hw_random/core.c", + [12395].name = "rng_dev_read", + [12395].param3 = 1, -+ [1248].file = "kernel/kprobes.c", -+ [1248].name = "write_enabled_file_bool", -+ [1248].param3 = 1, -+ [12501].file = "net/mac80211/debugfs.c", -+ [12501].name = "uapsd_max_sp_len_write", -+ [12501].param3 = 1, -+ [12591].file = "sound/core/pcm_lib.c", -+ [12591].name = "snd_pcm_lib_writev_transfer", -+ [12591].param5 = 1, + [12602].file = "net/sunrpc/cache.c", + [12602].name = "cache_downcall", + [12602].param3 = 1, @@ -82022,24 +82211,21 @@ index 0000000..55a1292 + [12840].file = "net/sctp/tsnmap.c", + [12840].name = "sctp_tsnmap_mark", + [12840].param2 = 1, -+ [12896].file = "drivers/net/wireless/wl12xx/debugfs.c", -+ [12896].name = "beacon_filtering_write", -+ [12896].param3 = 1, + [12931].file = "drivers/hid/hid-roccat.c", + [12931].name = "roccat_read", + [12931].param3 = 1, + [12954].file = "fs/proc/base.c", + [12954].name = "oom_adjust_write", + [12954].param3 = 1, -+ [13013].file = "drivers/media/dvb/ttpci/av7110_ca.c", -+ [13013].name = "dvb_ca_write", -+ [13013].param3 = 1, + [13103].file = "drivers/acpi/acpica/utobject.c", + [13103].name = "acpi_ut_create_string_object", + [13103].param1 = 1, + [13121].file = "net/ipv4/ip_sockglue.c", + [13121].name = "do_ip_setsockopt", + [13121].param5 = 1, ++ [1327].file = "net/netfilter/nfnetlink_log.c", ++ [1327].name = "nfulnl_alloc_skb", ++ [1327].param2 = 1, + [13337].file = "net/core/iovec.c", + [13337].name = "csum_partial_copy_fromiovecend", + [13337].param4 = 1, @@ -82049,24 +82235,32 @@ index 0000000..55a1292 + [13342].file = "fs/jbd2/journal.c", + [13342].name = "jbd2_alloc", + [13342].param1 = 1, ++ [13384].file = "drivers/char/virtio_console.c", ++ [13384].name = "alloc_buf", ++ [13384].param1 = 1, + [13412].file = "fs/proc/base.c", + [13412].name = "oom_score_adj_write", + [13412].param3 = 1, ++ [13559].file = "drivers/media/video/ivtv/ivtv-fileops.c", ++ [13559].name = "ivtv_read", ++ [13559].param3 = 1, + [13659].file = "drivers/net/wan/hdlc.c", + [13659].name = "attach_hdlc_protocol", + [13659].param3 = 1, + [13708].file = "drivers/usb/misc/usbtest.c", + [13708].name = "simple_alloc_urb", + [13708].param3 = 1, -+ [13863].file = "drivers/net/wireless/iwlwifi/iwl-agn-rs.c", -+ [13863].name = "rs_sta_dbgfs_scale_table_write", -+ [13863].param3 = 1, ++ [13805].file = "drivers/misc/altera-stapl/altera-jtag.c", ++ [13805].name = "altera_swap_dr", ++ [13805].param2 = 1, ++ [13868].file = "fs/lockd/mon.c", ++ [13868].name = "nsm_create_handle", ++ [13868].param4 = 1, + [13924].file = "net/ipv4/netfilter/ip_tables.c", + [13924].name = "do_ipt_set_ctl", + [13924].param4 = 1, + [14019].file = "net/dns_resolver/dns_key.c", + [14019].name = "dns_resolver_instantiate", -+ [14019].param2 = 1, + [14019].param3 = 1, + [14025].file = "net/ax25/af_ax25.c", + [14025].name = "ax25_setsockopt", @@ -82074,18 +82268,12 @@ index 0000000..55a1292 + [14029].file = "drivers/spi/spidev.c", + [14029].name = "spidev_compat_ioctl", + [14029].param2 = 1, -+ [14031].file = "drivers/net/wireless/ath/ath5k/debug.c", -+ [14031].name = "write_file_beacon", -+ [14031].param3 = 1, + [14086].file = "fs/nfs/nfs4proc.c", + [14086].name = "nfs4_reset_slot_table", + [14086].param2 = 1, + [14090].file = "drivers/bluetooth/btmrvl_debugfs.c", + [14090].name = "btmrvl_hsmode_write", + [14090].param3 = 1, -+ [14125].file = "kernel/module.c", -+ [14125].name = "load_module", -+ [14125].param2 = 1, + [14149].file = "drivers/hid/hidraw.c", + [14149].name = "hidraw_ioctl", + [14149].param2 = 1, @@ -82101,50 +82289,52 @@ index 0000000..55a1292 + [14241].file = "drivers/platform/x86/asus_acpi.c", + [14241].name = "brn_proc_write", + [14241].param3 = 1, -+ [14299].file = "sound/core/oss/pcm_plugin.c", -+ [14299].name = "snd_pcm_plugin_alloc", -+ [14299].param2 = 1, + [14345].file = "fs/cachefiles/daemon.c", + [14345].name = "cachefiles_daemon_write", + [14345].param3 = 1, + [14347].file = "drivers/media/dvb/dvb-core/dvb_ca_en50221.c", + [14347].name = "dvb_ca_en50221_io_write", + [14347].param3 = 1, -+ [14462].file = "fs/namei.c", -+ [14462].name = "sys_rmdir", -+ [14462].param1 = 1, -+ [14478].file = "drivers/char/random.c", -+ [14478].name = "random_write", -+ [14478].param3 = 1, ++ [14566].file = "drivers/pci/hotplug/ibmphp_ebda.c", ++ [14566].name = "alloc_ebda_hpc", ++ [14566].param1 = 1, ++ [14566].param2 = 1, + [1458].file = "drivers/misc/lkdtm.c", + [1458].name = "direct_entry", + [1458].param3 = 1, -+ [145].file = "lib/xz/xz_dec_test.c", -+ [145].name = "xz_dec_test_write", -+ [145].param3 = 1, + [14646].file = "fs/compat.c", + [14646].name = "compat_writev", + [14646].param3 = 1, ++ [14684].file = "drivers/media/video/stk-webcam.c", ++ [14684].name = "stk_allocate_buffers", ++ [14684].param2 = 1, + [14736].file = "drivers/usb/misc/usbtest.c", + [14736].name = "unlink_queued", + [14736].param3 = 1, -+ [14842].file = "fs/namei.c", -+ [14842].name = "sys_renameat", -+ [14842].param2 = 1, -+ [14842].param4 = 1, ++ [1482].file = "drivers/scsi/scsi_netlink.c", ++ [1482].name = "scsi_nl_send_vendor_msg", ++ [1482].param5 = 1, + [15017].file = "drivers/edac/edac_device.c", + [15017].name = "edac_device_alloc_ctl_info", + [15017].param1 = 1, ++ [15044].file = "drivers/uio/uio.c", ++ [15044].name = "uio_write", ++ [15044].param3 = 1, + [15087].file = "fs/bio.c", + [15087].name = "bio_map_kern", -+ [15087].param2 = 1, + [15087].param3 = 1, + [15112].file = "drivers/xen/evtchn.c", + [15112].name = "evtchn_write", + [15112].param3 = 1, ++ [15130].file = "net/bluetooth/hci_core.c", ++ [15130].name = "hci_send_cmd", ++ [15130].param3 = 1, + [15274].file = "crypto/shash.c", + [15274].name = "crypto_shash_setkey", + [15274].param3 = 1, ++ [15354].file = "drivers/isdn/mISDN/socket.c", ++ [15354].name = "mISDN_sock_sendmsg", ++ [15354].param4 = 1, + [15361].file = "drivers/char/agp/generic.c", + [15361].name = "agp_allocate_memory", + [15361].param2 = 1, @@ -82169,12 +82359,15 @@ index 0000000..55a1292 + [15884].file = "fs/exofs/super.c", + [15884].name = "exofs_read_lookup_dev_table", + [15884].param3 = 1, -+ [1603].file = "fs/debugfs/file.c", -+ [1603].name = "write_file_bool", -+ [1603].param3 = 1, ++ [16037].file = "drivers/staging/media/easycap/easycap_sound.c", ++ [16037].name = "easycap_alsa_vmalloc", ++ [16037].param2 = 1, + [16073].file = "net/sctp/socket.c", + [16073].name = "sctp_setsockopt", + [16073].param5 = 1, ++ [16132].file = "drivers/staging/vme/devices/vme_user.c", ++ [16132].name = "buffer_from_user", ++ [16132].param3 = 1, + [16138].file = "security/selinux/ss/services.c", + [16138].name = "security_context_to_sid_force", + [16138].param2 = 1, @@ -82190,36 +82383,39 @@ index 0000000..55a1292 + [16383].file = "fs/proc/base.c", + [16383].name = "comm_write", + [16383].param3 = 1, ++ [16396].file = "drivers/misc/altera-stapl/altera-jtag.c", ++ [16396].name = "altera_irscan", ++ [16396].param2 = 1, + [16447].file = "drivers/hid/usbhid/hiddev.c", + [16447].name = "hiddev_ioctl", + [16447].param2 = 1, + [16453].file = "include/linux/slab.h", + [16453].name = "kzalloc", + [16453].param1 = 1, -+ [16535].file = "fs/proc/generic.c", -+ [16535].name = "proc_file_read", -+ [16535].param3 = 1, + [16605].file = "fs/ecryptfs/miscdev.c", + [16605].name = "ecryptfs_send_miscdev", + [16605].param2 = 1, + [16606].file = "drivers/ide/ide-tape.c", + [16606].name = "idetape_chrdev_write", + [16606].param3 = 1, -+ [16741].file = "fs/namei.c", -+ [16741].name = "sys_unlinkat", -+ [16741].param2 = 1, ++ [16637].file = "security/keys/encrypted-keys/encrypted.c", ++ [16637].name = "datablob_hmac_verify", ++ [16637].param4 = 1, ++ [16853].file = "drivers/net/ethernet/chelsio/cxgb4vf/sge.c", ++ [16853].name = "t4vf_pktgl_to_skb", ++ [16853].param2 = 1, + [16911].file = "drivers/media/dvb/ttpci/av7110_hw.c", + [16911].name = "LoadBitmap", + [16911].param2 = 1, ++ [169].file = "drivers/net/ethernet/amd/pcnet32.c", ++ [169].name = "pcnet32_realloc_rx_ring", ++ [169].param3 = 1, + [17075].file = "sound/isa/gus/gus_dram.c", + [17075].name = "snd_gus_dram_write", + [17075].param4 = 1, + [17133].file = "drivers/usb/misc/iowarrior.c", + [17133].name = "iowarrior_read", + [17133].param3 = 1, -+ [17139].file = "fs/ubifs/xattr.c", -+ [17139].name = "ubifs_setxattr", -+ [17139].param4 = 1, + [17185].file = "net/wireless/scan.c", + [17185].name = "cfg80211_inform_bss", + [17185].param8 = 1, @@ -82241,40 +82437,42 @@ index 0000000..55a1292 + [1754].file = "sound/core/oss/pcm_oss.c", + [1754].name = "snd_pcm_oss_write", + [1754].param3 = 1, -+ [17571].file = "drivers/ptp/ptp_chardev.c", -+ [17571].name = "ptp_read", -+ [17571].param4 = 1, -+ [17684].file = "fs/namei.c", -+ [17684].name = "sys_mknod", -+ [17684].param1 = 1, ++ [17604].file = "fs/proc/generic.c", ++ [17604].name = "__proc_file_read", ++ [17604].param3 = 1, + [17718].file = "net/caif/caif_socket.c", + [17718].name = "setsockopt", + [17718].param5 = 1, -+ [17875].file = "fs/namei.c", -+ [17875].name = "sys_linkat", -+ [17875].param2 = 1, -+ [17875].param4 = 1, ++ [17828].file = "kernel/sched.c", ++ [17828].name = "sched_feat_write", ++ [17828].param3 = 1, ++ [17841].file = "drivers/misc/tifm_core.c", ++ [17841].name = "tifm_alloc_adapter", ++ [17841].param1 = 1, + [17946].file = "drivers/net/wireless/libertas/if_spi.c", + [17946].name = "if_spi_host_to_card", + [17946].param4 = 1, + [1800].file = "drivers/media/dvb/dvb-core/dmxdev.c", + [1800].name = "dvb_dvr_do_ioctl", + [1800].param3 = 1, -+ [18102].file = "net/netlink/af_netlink.c", -+ [18102].name = "netlink_change_ngroups", -+ [18102].param2 = 1, -+ [18183].file = "drivers/tty/tty_buffer.c", -+ [18183].name = "tty_insert_flip_string_fixed_flag", -+ [18183].param4 = 1, ++ [18119].file = "drivers/misc/iwmc3200top/fw-download.c", ++ [18119].name = "iwmct_fw_parser_init", ++ [18119].param4 = 1, ++ [18140].file = "drivers/scsi/pm8001/pm8001_ctl.c", ++ [18140].name = "pm8001_store_update_fw", ++ [18140].param4 = 1, ++ [18191].file = "sound/pci/hda/patch_realtek.c", ++ [18191].name = "new_bind_ctl", ++ [18191].param2 = 1, + [18224].file = "drivers/xen/grant-table.c", + [18224].name = "gnttab_map", + [18224].param2 = 1, + [18232].file = "fs/nfs/write.c", + [18232].name = "nfs_writedata_alloc", + [18232].param1 = 1, -+ [18277].file = "drivers/char/virtio_console.c", -+ [18277].name = "port_fops_write", -+ [18277].param3 = 1, ++ [18247].file = "drivers/char/agp/generic.c", ++ [18247].name = "agp_create_user_memory", ++ [18247].param1 = 1, + [18303].file = "fs/xattr.c", + [18303].name = "getxattr", + [18303].param4 = 1, @@ -82299,21 +82497,25 @@ index 0000000..55a1292 + [18465].file = "drivers/net/ethernet/chelsio/cxgb3/cxgb3_offload.c", + [18465].name = "cxgb_alloc_mem", + [18465].param1 = 1, ++ [184].file = "drivers/firewire/nosy.c", ++ [184].name = "packet_buffer_init", ++ [184].param2 = 1, + [1858].file = "net/ipv6/netfilter/ip6_tables.c", + [1858].name = "do_ip6t_set_ctl", + [1858].param4 = 1, + [18659].file = "drivers/media/dvb/dvb-core/dvbdev.c", + [18659].name = "dvb_usercopy", + [18659].param2 = 1, -+ [18775].file = "drivers/net/wireless/ath/ath5k/debug.c", -+ [18775].name = "write_file_frameerrors", -+ [18775].param3 = 1, -+ [18928].file = "drivers/staging/speakup/devsynth.c", -+ [18928].name = "speakup_file_write", -+ [18928].param3 = 1, -+ [18988].file = "drivers/staging/vme/devices/vme_user.c", -+ [18988].name = "vme_user_read", -+ [18988].param3 = 1, ++ [18722].file = "security/tomoyo/condition.c", ++ [18722].name = "tomoyo_scan_bprm", ++ [18722].param2 = 1, ++ [18722].param4 = 1, ++ [18775].file = "include/linux/textsearch.h", ++ [18775].name = "alloc_ts_config", ++ [18775].param1 = 1, ++ [18940].file = "drivers/usb/host/hwa-hc.c", ++ [18940].name = "__hwahc_op_set_gtk", ++ [18940].param4 = 1, + [19012].file = "drivers/acpi/event.c", + [19012].name = "acpi_system_read_event", + [19012].param3 = 1, @@ -82323,27 +82525,27 @@ index 0000000..55a1292 + [19107].file = "security/smack/smackfs.c", + [19107].name = "smk_write_load_list", + [19107].param3 = 1, -+ [19261].file = "net/netlabel/netlabel_domainhash.c", -+ [19261].name = "netlbl_domhsh_init", -+ [19261].param1 = 1, ++ [19240].file = "net/sctp/socket.c", ++ [19240].name = "sctp_setsockopt_delayed_ack", ++ [19240].param3 = 1, + [19274].file = "net/core/pktgen.c", + [19274].name = "pktgen_if_write", + [19274].param3 = 1, + [19286].file = "drivers/base/regmap/regmap.c", + [19286].name = "_regmap_raw_write", + [19286].param4 = 1, -+ [19288].file = "net/ipv6/raw.c", -+ [19288].name = "rawv6_setsockopt", -+ [19288].param5 = 1, + [19308].file = "drivers/char/mem.c", + [19308].name = "read_oldmem", + [19308].param3 = 1, -+ [19332].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [19332].name = "iwl_dbgfs_plcp_delta_write", -+ [19332].param3 = 1, ++ [19343].file = "security/keys/encrypted-keys/encrypted.c", ++ [19343].name = "datablob_hmac_append", ++ [19343].param3 = 1, + [19349].file = "drivers/acpi/acpica/utobject.c", + [19349].name = "acpi_ut_create_package_object", + [19349].param1 = 1, ++ [19453].file = "drivers/net/ethernet/chelsio/cxgb/sge.c", ++ [19453].name = "sge_rx", ++ [19453].param3 = 1, + [19504].file = "drivers/usb/serial/garmin_gps.c", + [19504].name = "pkt_add", + [19504].param3 = 1, @@ -82353,51 +82555,64 @@ index 0000000..55a1292 + [19548].file = "drivers/scsi/qla2xxx/qla_init.c", + [19548].name = "qla2x00_get_ctx_sp", + [19548].param3 = 1, ++ [19592].file = "net/dccp/proto.c", ++ [19592].name = "dccp_setsockopt_service", ++ [19592].param4 = 1, ++ [19726].file = "kernel/trace/trace.c", ++ [19726].name = "tracing_set_trace_write", ++ [19726].param3 = 1, + [19738].file = "fs/sysfs/file.c", + [19738].name = "sysfs_write_file", + [19738].param3 = 1, + [19833].file = "drivers/xen/xenfs/privcmd.c", + [19833].name = "gather_array", + [19833].param3 = 1, -+ [19909].file = "drivers/net/wireless/libertas/debugfs.c", -+ [19909].name = "lbs_sleepparams_write", -+ [19909].param3 = 1, ++ [19910].file = "drivers/media/video/saa7164/saa7164-buffer.c", ++ [19910].name = "saa7164_buffer_alloc_user", ++ [19910].param2 = 1, + [19920].file = "drivers/input/joydev.c", + [19920].name = "joydev_ioctl", + [19920].param2 = 1, + [19931].file = "drivers/usb/misc/ftdi-elan.c", + [19931].name = "ftdi_elan_write", + [19931].param3 = 1, -+ [19943].file = "drivers/net/wireless/ath/ath9k/debug.c", -+ [19943].name = "write_file_regval", -+ [19943].param3 = 1, + [19960].file = "drivers/usb/class/usblp.c", + [19960].name = "usblp_read", + [19960].param3 = 1, ++ [1996].file = "drivers/scsi/libsrp.c", ++ [1996].name = "srp_target_alloc", ++ [1996].param3 = 1, + [20023].file = "drivers/media/video/gspca/gspca.c", + [20023].name = "dev_read", + [20023].param3 = 1, -+ [20113].file = "drivers/net/wireless/libertas/debugfs.c", -+ [20113].name = "lbs_rdmac_write", -+ [20113].param3 = 1, ++ [20207].file = "net/core/sock.c", ++ [20207].name = "sock_alloc_send_pskb", ++ [20207].param2 = 1, ++ [20263].file = "kernel/trace/trace_events.c", ++ [20263].name = "event_filter_write", ++ [20263].param3 = 1, + [20314].file = "drivers/gpu/drm/drm_hashtab.c", + [20314].name = "drm_ht_create", + [20314].param2 = 1, ++ [20320].file = "drivers/mfd/sm501.c", ++ [20320].name = "sm501_create_subdev", ++ [20320].param3 = 1, ++ [20320].param4 = 1, + [20376].file = "mm/nobootmem.c", + [20376].name = "__alloc_bootmem_nopanic", + [20376].param1 = 1, -+ [20606].file = "fs/nilfs2/mdt.c", -+ [20606].name = "nilfs_mdt_init", -+ [20606].param3 = 1, ++ [20409].file = "drivers/media/dvb/dvb-usb/opera1.c", ++ [20409].name = "opera1_usb_i2c_msgxfer", ++ [20409].param4 = 1, + [20611].file = "net/netfilter/x_tables.c", + [20611].name = "xt_alloc_table_info", + [20611].param1 = 1, ++ [20618].file = "drivers/staging/crystalhd/crystalhd_lnx.c", ++ [20618].name = "chd_dec_fetch_cdata", ++ [20618].param3 = 1, + [20713].file = "drivers/gpu/drm/ttm/ttm_bo_vm.c", + [20713].name = "ttm_bo_io", + [20713].param5 = 1, -+ [20730].file = "drivers/media/video/videobuf2-vmalloc.c", -+ [20730].name = "vb2_vmalloc_alloc", -+ [20730].param2 = 1, + [20801].file = "drivers/vhost/vhost.c", + [20801].name = "vhost_add_used_n", + [20801].param3 = 1, @@ -82407,24 +82622,24 @@ index 0000000..55a1292 + [20951].file = "crypto/rng.c", + [20951].name = "rngapi_reset", + [20951].param3 = 1, -+ [21134].file = "drivers/video/via/viafbdev.c", -+ [21134].name = "viafb_dfph_proc_write", -+ [21134].param3 = 1, ++ [21125].file = "fs/gfs2/dir.c", ++ [21125].name = "gfs2_alloc_sort_buffer", ++ [21125].param1 = 1, ++ [21132].file = "kernel/cgroup.c", ++ [21132].name = "cgroup_write_X64", ++ [21132].param5 = 1, ++ [21138].file = "drivers/uio/uio.c", ++ [21138].name = "uio_read", ++ [21138].param3 = 1, + [21193].file = "net/wireless/sme.c", + [21193].name = "cfg80211_disconnected", + [21193].param4 = 1, -+ [21277].file = "drivers/usb/storage/shuttle_usbat.c", -+ [21277].name = "usbat_flash_write_data", -+ [21277].param4 = 1, + [21312].file = "lib/ts_kmp.c", + [21312].name = "kmp_init", + [21312].param2 = 1, + [21335].file = "net/econet/af_econet.c", + [21335].name = "econet_sendmsg", + [21335].param4 = 1, -+ [21397].file = "net/core/sock.c", -+ [21397].name = "sock_setsockopt", -+ [21397].param5 = 1, + [21406].file = "fs/libfs.c", + [21406].name = "simple_write_to_buffer", + [21406].param2 = 1, @@ -82435,15 +82650,15 @@ index 0000000..55a1292 + [21459].file = "security/smack/smackfs.c", + [21459].name = "smk_write_doi", + [21459].param3 = 1, -+ [21468].file = "drivers/char/virtio_console.c", -+ [21468].name = "port_fops_read", -+ [21468].param3 = 1, ++ [21508].file = "include/linux/usb/wusb.h", ++ [21508].name = "wusb_prf_64", ++ [21508].param7 = 1, + [21511].file = "drivers/input/ff-core.c", + [21511].name = "input_ff_create", + [21511].param2 = 1, -+ [21538].file = "net/bluetooth/l2cap_sock.c", -+ [21538].name = "l2cap_sock_setsockopt", -+ [21538].param5 = 1, ++ [21543].file = "drivers/media/video/gspca/gspca.c", ++ [21543].name = "frame_alloc", ++ [21543].param4 = 1, + [21608].file = "drivers/char/tpm/tpm.c", + [21608].name = "tpm_write", + [21608].param3 = 1, @@ -82456,28 +82671,28 @@ index 0000000..55a1292 + [21679].file = "drivers/net/wireless/ath/carl9170/debug.c", + [21679].name = "carl9170_debugfs_write", + [21679].param3 = 1, -+ [21712].file = "net/rxrpc/ar-output.c", -+ [21712].name = "rxrpc_send_data", -+ [21712].param5 = 1, ++ [21784].file = "crypto/ahash.c", ++ [21784].name = "ahash_setkey_unaligned", ++ [21784].param3 = 1, + [2180].file = "drivers/char/ppdev.c", + [2180].name = "pp_write", + [2180].param3 = 1, ++ [21906].file = "net/atm/mpc.c", ++ [21906].name = "copy_macs", ++ [21906].param4 = 1, + [21946].file = "fs/nfs/idmap.c", + [21946].name = "nfs_map_name_to_uid", + [21946].param3 = 1, ++ [22052].file = "drivers/net/ethernet/chelsio/cxgb3/sge.c", ++ [22052].name = "get_packet_pg", ++ [22052].param4 = 1, + [22085].file = "drivers/staging/sep/sep_driver.c", + [22085].name = "sep_lock_user_pages", + [22085].param2 = 1, + [22085].param3 = 1, -+ [22187].file = "fs/namei.c", -+ [22187].name = "user_path_at_empty", -+ [22187].param2 = 1, + [22190].file = "drivers/char/tpm/tpm.c", + [22190].name = "tpm_read", + [22190].param3 = 1, -+ [22204].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [22204].name = "iwl_dbgfs_echo_test_write", -+ [22204].param3 = 1, + [22291].file = "net/core/pktgen.c", + [22291].name = "pgctrl_write", + [22291].param3 = 1, @@ -82488,15 +82703,27 @@ index 0000000..55a1292 + [2243].file = "drivers/scsi/scsi_tgt_lib.c", + [2243].name = "scsi_tgt_kspace_exec", + [2243].param8 = 1, -+ [22546].file = "drivers/char/pcmcia/cm4040_cs.c", -+ [22546].name = "cm4040_read", -+ [22546].param3 = 1, -+ [22742].file = "drivers/tty/tty_buffer.c", -+ [22742].name = "tty_insert_flip_string_flags", -+ [22742].param4 = 1, ++ [22440].file = "drivers/uwb/neh.c", ++ [22440].name = "uwb_rc_neh_grok_event", ++ [22440].param3 = 1, ++ [22614].file = "drivers/media/video/cx18/cx18-fileops.c", ++ [22614].name = "cx18_copy_buf_to_user", ++ [22614].param4 = 1, ++ [22667].file = "drivers/misc/altera-stapl/altera-jtag.c", ++ [22667].name = "altera_set_ir_post", ++ [22667].param2 = 1, + [22772].file = "drivers/target/iscsi/iscsi_target_erl1.c", + [22772].name = "iscsit_dump_data_payload", + [22772].param2 = 1, ++ [22777].file = "drivers/infiniband/ulp/srp/ib_srp.c", ++ [22777].name = "srp_alloc_iu", ++ [22777].param2 = 1, ++ [22817].file = "drivers/media/video/usbvision/usbvision-core.c", ++ [22817].name = "usbvision_rvmalloc", ++ [22817].param1 = 1, ++ [22864].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c", ++ [22864].name = "ath6kl_add_bss_if_needed", ++ [22864].param5 = 1, + [2286].file = "drivers/scsi/mvumi.c", + [2286].name = "mvumi_alloc_mem_resource", + [2286].param3 = 1, @@ -82509,21 +82736,31 @@ index 0000000..55a1292 + [2302].file = "drivers/media/video/stk-webcam.c", + [2302].name = "v4l_stk_read", + [2302].param3 = 1, -+ [23037].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [23037].name = "iwl_dbgfs_wd_timeout_write", -+ [23037].param3 = 1, + [2307].file = "drivers/pcmcia/cistpl.c", + [2307].name = "pcmcia_replace_cis", + [2307].param3 = 1, -+ [23093].file = "drivers/scsi/st.c", -+ [23093].name = "st_read", -+ [23093].param3 = 1, + [23117].file = "drivers/media/dvb/ttpci/av7110_av.c", + [23117].name = "dvb_audio_write", + [23117].param3 = 1, ++ [23220].file = "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c", ++ [23220].name = "do_dmabuf_dirty_sou", ++ [23220].param7 = 1, ++ [23232].file = "drivers/md/persistent-data/dm-space-map-checker.c", ++ [23232].name = "sm_checker_extend", ++ [23232].param2 = 1, + [2324].file = "net/ieee802154/wpan-class.c", + [2324].name = "wpan_phy_alloc", + [2324].param1 = 1, ++ [2328].file = "kernel/trace/ftrace.c", ++ [2328].name = "ftrace_pid_write", ++ [2328].param3 = 1, ++ [23290].file = "fs/proc/base.c", ++ [23290].name = "mem_rw", ++ [23290].param3 = 1, ++ [23449].file = "crypto/blkcipher.c", ++ [23449].name = "blkcipher_next_slow", ++ [23449].param3 = 1, ++ [23449].param4 = 1, + [23535].file = "ipc/sem.c", + [23535].name = "sys_semtimedop", + [23535].param3 = 1, @@ -82533,54 +82770,32 @@ index 0000000..55a1292 + [23589].file = "kernel/relay.c", + [23589].name = "subbuf_read_actor", + [23589].param3 = 1, -+ [23619].file = "drivers/tty/tty_buffer.c", -+ [23619].name = "tty_buffer_request_room", -+ [23619].param2 = 1, -+ [23640].file = "drivers/usb/host/ehci-dbg.c", -+ [23640].name = "debug_lpm_write", -+ [23640].param3 = 1, -+ [23684].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [23684].name = "iwl_legacy_dbgfs_clear_traffic_statistics_write", -+ [23684].param3 = 1, + [23848].file = "crypto/blkcipher.c", + [23848].name = "async_setkey", + [23848].param3 = 1, + [2386].file = "drivers/acpi/acpica/exnames.c", + [2386].name = "acpi_ex_allocate_name_string", + [2386].param2 = 1, -+ [23883].file = "drivers/net/wireless/iwlwifi/iwl-trans-pcie.c", -+ [23883].name = "iwl_dbgfs_interrupt_write", -+ [23883].param3 = 1, ++ [2389].file = "net/core/sock.c", ++ [2389].name = "sock_rmalloc", ++ [2389].param2 = 1, ++ [23994].file = "net/bluetooth/mgmt.c", ++ [23994].name = "set_powered", ++ [23994].param4 = 1, + [23999].file = "sound/pci/rme9652/hdsp.c", + [23999].name = "snd_hdsp_capture_copy", + [23999].param5 = 1, -+ [24072].file = "drivers/staging/pohmelfs/inode.c", -+ [24072].name = "pohmelfs_send_readpages", -+ [24072].param3 = 1, + [24233].file = "drivers/pci/pcie/aer/aer_inject.c", + [24233].name = "aer_inject_write", + [24233].param3 = 1, -+ [24263].file = "kernel/cgroup.c", -+ [24263].name = "cgroup_file_write", -+ [24263].param3 = 1, -+ [24313].file = "drivers/staging/frontier/tranzport.c", -+ [24313].name = "usb_tranzport_write", -+ [24313].param3 = 1, + [24359].file = "kernel/power/qos.c", + [24359].name = "pm_qos_power_write", + [24359].param3 = 1, -+ [24410].file = "drivers/net/wireless/ipw2x00/libipw_module.c", -+ [24410].name = "debug_level_proc_write", -+ [24410].param3 = 1, + [24457].file = "fs/btrfs/backref.c", + [24457].name = "init_data_container", + [24457].param1 = 1, -+ [24539].file = "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c", -+ [24539].name = "vmw_framebuffer_dmabuf_dirty", -+ [24539].param6 = 1, + [24719].file = "drivers/input/evdev.c", + [24719].name = "bits_to_user", -+ [24719].param2 = 1, + [24719].param3 = 1, + [2472].file = "net/ipv4/netfilter/ip_tables.c", + [2472].name = "compat_do_ipt_set_ctl", @@ -82594,25 +82809,24 @@ index 0000000..55a1292 + [25036].file = "fs/pipe.c", + [25036].name = "pipe_iov_copy_from_user", + [25036].param3 = 1, ++ [25078].file = "drivers/net/wireless/p54/fwio.c", ++ [25078].name = "p54_download_eeprom", ++ [25078].param4 = 1, + [25127].file = "drivers/scsi/device_handler/scsi_dh_alua.c", + [25127].name = "realloc_buffer", + [25127].param2 = 1, ++ [25145].file = "net/tipc/link.c", ++ [25145].name = "link_send_sections_long", ++ [25145].param4 = 1, + [25157].file = "security/keys/request_key_auth.c", + [25157].name = "request_key_auth_new", + [25157].param3 = 1, + [25158].file = "drivers/net/ethernet/mellanox/mlx4/en_rx.c", + [25158].name = "mlx4_en_create_rx_ring", + [25158].param3 = 1, -+ [25223].file = "drivers/platform/x86/toshiba_acpi.c", -+ [25223].name = "fan_proc_write", -+ [25223].param3 = 1, + [25267].file = "fs/configfs/file.c", + [25267].name = "configfs_write_file", + [25267].param3 = 1, -+ [25356].file = "net/core/dev.c", -+ [25356].name = "alloc_netdev_mqs", -+ [25356].param4 = 1, -+ [25356].param5 = 1, + [25495].file = "drivers/scsi/bfa/bfad_debugfs.c", + [25495].name = "bfad_debugfs_write_regwr", + [25495].param3 = 1, @@ -82622,21 +82836,18 @@ index 0000000..55a1292 + [25692].file = "drivers/net/wireless/ath/ath6kl/wmi.c", + [25692].name = "ath6kl_wmi_send_action_cmd", + [25692].param6 = 1, -+ [2609].file = "lib/kstrtox.c", -+ [2609].name = "kstrtoul_from_user", -+ [2609].param2 = 1, ++ [25765].file = "drivers/media/dvb/b2c2/flexcop.c", ++ [25765].name = "flexcop_device_kmalloc", ++ [25765].param1 = 1, + [26100].file = "sound/core/info.c", + [26100].name = "snd_info_entry_write", + [26100].param3 = 1, -+ [26215].file = "drivers/md/dm-table.c", -+ [26215].name = "dm_table_create", -+ [26215].param3 = 1, + [26256].file = "fs/hpfs/name.c", + [26256].name = "hpfs_translate_name", + [26256].param3 = 1, -+ [26404].file = "drivers/net/wireless/mwifiex/debugfs.c", -+ [26404].name = "mwifiex_rdeeprom_write", -+ [26404].param3 = 1, ++ [26394].file = "drivers/hid/hidraw.c", ++ [26394].name = "hidraw_get_report", ++ [26394].param3 = 1, + [26494].file = "kernel/signal.c", + [26494].name = "sys_rt_sigpending", + [26494].param2 = 1, @@ -82649,6 +82860,9 @@ index 0000000..55a1292 + [26560].file = "crypto/algapi.c", + [26560].name = "crypto_alloc_instance2", + [26560].param3 = 1, ++ [26605].file = "security/selinux/selinuxfs.c", ++ [26605].name = "sel_write_user", ++ [26605].param3 = 1, + [26620].file = "net/bluetooth/mgmt.c", + [26620].name = "mgmt_control", + [26620].param3 = 1, @@ -82670,6 +82884,9 @@ index 0000000..55a1292 + [26845].file = "drivers/scsi/qla2xxx/qla_bsg.c", + [26845].name = "qla2x00_get_ctx_bsg_sp", + [26845].param3 = 1, ++ [26888].file = "net/bridge/br_ioctl.c", ++ [26888].name = "get_fdb_entries", ++ [26888].param3 = 1, + [26962].file = "drivers/usb/class/usbtmc.c", + [26962].name = "usbtmc_write", + [26962].param3 = 1, @@ -82698,9 +82915,11 @@ index 0000000..55a1292 + [27164].file = "include/drm/drm_mem_util.h", + [27164].name = "drm_calloc_large", + [27164].param1 = 1, -+ [2722].file = "drivers/gpu/drm/ttm/ttm_page_alloc.c", -+ [2722].name = "ttm_alloc_new_pages", -+ [2722].param5 = 1, ++ [27164].param2 = 1, ++ [27176].file = "drivers/mtd/devices/mtd_dataflash.c", ++ [27176].name = "otp_read", ++ [27176].param2 = 1, ++ [27176].param5 = 1, + [27232].file = "security/apparmor/lib.c", + [27232].name = "kvmalloc", + [27232].param1 = 1, @@ -82716,6 +82935,12 @@ index 0000000..55a1292 + [27302].file = "fs/proc/base.c", + [27302].name = "proc_loginuid_write", + [27302].param3 = 1, ++ [2730].file = "drivers/target/iscsi/iscsi_target_parameters.c", ++ [2730].name = "iscsi_decode_text_input", ++ [2730].param4 = 1, ++ [27314].file = "net/bluetooth/mgmt.c", ++ [27314].name = "cmd_complete", ++ [27314].param5 = 1, + [27472].file = "security/selinux/selinuxfs.c", + [27472].name = "sel_write_load", + [27472].param3 = 1, @@ -82728,10 +82953,9 @@ index 0000000..55a1292 + [27582].file = "drivers/platform/x86/asus_acpi.c", + [27582].name = "ledd_proc_write", + [27582].param3 = 1, -+ [27695].file = "fs/namei.c", -+ [27695].name = "sys_link", -+ [27695].param1 = 1, -+ [27695].param2 = 1, ++ [27595].file = "net/core/sock.c", ++ [27595].name = "sock_alloc_send_skb", ++ [27595].param2 = 1, + [27697].file = "drivers/staging/mei/iorw.c", + [27697].name = "amthi_read", + [27697].param4 = 1, @@ -82742,39 +82966,40 @@ index 0000000..55a1292 + [28040].name = "__kfifo_alloc", + [28040].param2 = 1, + [28040].param3 = 1, -+ [28092].file = "fs/select.c", -+ [28092].name = "do_sys_poll", -+ [28092].param2 = 1, -+ [28170].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [28170].name = "iwl_dbgfs_ucode_tracing_write", -+ [28170].param3 = 1, ++ [28151].file = "mm/filemap_xip.c", ++ [28151].name = "do_xip_mapping_read", ++ [28151].param5 = 1, + [28247].file = "net/sctp/tsnmap.c", + [28247].name = "sctp_tsnmap_init", + [28247].param2 = 1, ++ [28253].file = "include/linux/fb.h", ++ [28253].name = "alloc_apertures", ++ [28253].param1 = 1, + [28265].file = "fs/notify/fanotify/fanotify_user.c", + [28265].name = "fanotify_write", + [28265].param3 = 1, + [28316].file = "drivers/input/joydev.c", + [28316].name = "joydev_ioctl_common", + [28316].param2 = 1, ++ [28359].file = "drivers/spi/spidev.c", ++ [28359].name = "spidev_message", ++ [28359].param3 = 1, + [28360].file = "drivers/hid/usbhid/hiddev.c", + [28360].name = "hiddev_compat_ioctl", + [28360].param2 = 1, + [28407].file = "drivers/net/wireless/rt2x00/rt2x00debug.c", + [28407].name = "rt2x00debug_write_csr", + [28407].param3 = 1, -+ [28462].file = "net/rfkill/core.c", -+ [28462].name = "rfkill_fop_write", -+ [28462].param3 = 1, ++ [2847].file = "fs/ntfs/file.c", ++ [2847].name = "ntfs_copy_from_user", ++ [2847].param3 = 1, ++ [2847].param5 = 1, ++ [28584].file = "drivers/memstick/core/memstick.c", ++ [28584].name = "memstick_alloc_host", ++ [28584].param1 = 1, + [28635].file = "drivers/gpu/drm/drm_sman.c", + [28635].name = "drm_sman_init", + [28635].param2 = 1, -+ [28655].file = "drivers/infiniband/hw/mthca/mthca_allocator.c", -+ [28655].name = "mthca_alloc_init", -+ [28655].param2 = 1, -+ [28688].file = "mm/mempolicy.c", -+ [28688].name = "compat_sys_get_mempolicy", -+ [28688].param3 = 1, + [28783].file = "drivers/gpu/drm/i915/i915_debugfs.c", + [28783].name = "i915_cache_sharing_write", + [28783].param3 = 1, @@ -82797,34 +83022,37 @@ index 0000000..55a1292 + [29092].file = "lib/lru_cache.c", + [29092].name = "lc_create", + [29092].param3 = 1, -+ [29189].file = "drivers/gpu/drm/ttm/ttm_page_alloc.c", -+ [29189].name = "ttm_put_pages", -+ [29189].param2 = 1, + [29257].file = "drivers/vhost/vhost.c", + [29257].name = "vhost_add_used_and_signal_n", + [29257].param4 = 1, -+ [29366].file = "drivers/char/pcmcia/cm4000_cs.c", -+ [29366].name = "cmm_read", -+ [29366].param3 = 1, ++ [29267].file = "net/ipv4/fib_trie.c", ++ [29267].name = "tnode_alloc", ++ [29267].param1 = 1, ++ [29353].file = "net/sctp/socket.c", ++ [29353].name = "sctp_setsockopt_del_key", ++ [29353].param3 = 1, + [29405].file = "drivers/media/dvb/dvb-usb/dw2102.c", + [29405].name = "dw210x_op_rw", + [29405].param6 = 1, -+ [29437].file = "drivers/net/wireless/iwlegacy/iwl-4965-rs.c", -+ [29437].name = "iwl4965_rs_sta_dbgfs_scale_table_write", -+ [29437].param3 = 1, -+ [29465].file = "drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c", -+ [29465].name = "mem_read", -+ [29465].param3 = 1, ++ [29542].file = "net/nfc/nci/core.c", ++ [29542].name = "nci_send_cmd", ++ [29542].param3 = 1, + [29714].file = "drivers/scsi/cxgbi/libcxgbi.c", + [29714].name = "cxgbi_device_register", + [29714].param1 = 1, + [29714].param2 = 1, ++ [2972].file = "drivers/staging/crystalhd/crystalhd_misc.c", ++ [2972].name = "crystalhd_create_dio_pool", ++ [2972].param2 = 1, ++ [29769].file = "drivers/misc/iwmc3200top/log.c", ++ [29769].name = "store_iwmct_log_level", ++ [29769].param4 = 1, ++ [29792].file = "drivers/staging/bcm/nvm.c", ++ [29792].name = "BcmCopySection", ++ [29792].param5 = 1, + [29859].file = "net/rds/page.c", + [29859].name = "rds_page_copy_user", + [29859].param4 = 1, -+ [29875].file = "sound/isa/gus/gus_pcm.c", -+ [29875].name = "snd_gf1_pcm_playback_copy", -+ [29875].param5 = 1, + [29905].file = "mm/nobootmem.c", + [29905].name = "___alloc_bootmem", + [29905].param1 = 1, @@ -82834,53 +83062,48 @@ index 0000000..55a1292 + [30242].file = "fs/cifs/cifssmb.c", + [30242].name = "cifs_readdata_alloc", + [30242].param1 = 1, -+ [30341].file = "drivers/infiniband/hw/qib/qib_verbs.c", -+ [30341].name = "qib_verbs_send", -+ [30341].param3 = 1, -+ [30341].param5 = 1, -+ [30438].file = "mm/filemap_xip.c", -+ [30438].name = "xip_file_read", -+ [30438].param3 = 1, -+ [30449].file = "drivers/telephony/ixj.c", -+ [30449].name = "ixj_read", -+ [30449].param3 = 1, -+ [30489].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [30489].name = "iwl_dbgfs_rx_handlers_write", -+ [30489].param3 = 1, -+ [30693].file = "fs/namei.c", -+ [30693].name = "sys_rename", -+ [30693].param1 = 1, -+ [30693].param2 = 1, -+ [307].file = "drivers/base/regmap/regmap-debugfs.c", -+ [307].name = "regmap_map_read_file", -+ [307].param3 = 1, -+ [30970].file = "drivers/usb/misc/ldusb.c", -+ [30970].name = "ld_usb_read", ++ [30494].file = "net/ceph/buffer.c", ++ [30494].name = "ceph_buffer_new", ++ [30494].param1 = 1, ++ [30590].file = "security/tomoyo/memory.c", ++ [30590].name = "tomoyo_commit_ok", ++ [30590].param2 = 1, ++ [30687].file = "drivers/uwb/uwb-debug.c", ++ [30687].name = "command_write", ++ [30687].param3 = 1, ++ [30726].file = "drivers/bluetooth/hci_vhci.c", ++ [30726].name = "vhci_get_user", ++ [30726].param3 = 1, ++ [30873].file = "net/packet/af_packet.c", ++ [30873].name = "alloc_one_pg_vec_page", ++ [30873].param1 = 1, ++ [30970].file = "drivers/staging/hv/storvsc_drv.c", ++ [30970].name = "create_bounce_buffer", + [30970].param3 = 1, -+ [31155].file = "drivers/staging/frontier/alphatrack.c", -+ [31155].name = "usb_alphatrack_write", -+ [31155].param3 = 1, ++ [310].file = "drivers/block/drbd/drbd_bitmap.c", ++ [310].name = "bm_realloc_pages", ++ [310].param2 = 1, ++ [3119].file = "drivers/misc/ibmasm/command.c", ++ [3119].name = "ibmasm_new_command", ++ [3119].param2 = 1, + [31207].file = "drivers/platform/x86/asus_acpi.c", + [31207].name = "parse_arg", + [31207].param2 = 1, ++ [31287].file = "drivers/scsi/libsrp.c", ++ [31287].name = "srp_iu_pool_alloc", ++ [31287].param2 = 1, ++ [31291].file = "sound/pci/rme9652/rme9652.c", ++ [31291].name = "snd_rme9652_capture_copy", ++ [31291].param5 = 1, + [31348].file = "kernel/sched.c", + [31348].name = "sys_sched_getaffinity", + [31348].param2 = 1, -+ [31465].file = "net/rds/message.c", -+ [31465].name = "rds_message_map_pages", -+ [31465].param2 = 1, + [31492].file = "drivers/hid/hidraw.c", + [31492].name = "hidraw_read", + [31492].param3 = 1, -+ [31649].file = "fs/ecryptfs/crypto.c", -+ [31649].name = "ecryptfs_decode_and_decrypt_filename", -+ [31649].param5 = 1, + [3170].file = "security/integrity/ima/ima_fs.c", + [3170].name = "ima_write_policy", + [3170].param3 = 1, -+ [31730].file = "net/dccp/proto.c", -+ [31730].name = "dccp_setsockopt", -+ [31730].param5 = 1, + [31782].file = "drivers/misc/pti.c", + [31782].name = "pti_char_write", + [31782].param3 = 1, @@ -82890,12 +83113,15 @@ index 0000000..55a1292 + [31957].file = "fs/afs/proc.c", + [31957].name = "afs_proc_cells_write", + [31957].param3 = 1, -+ [32025].file = "drivers/nfc/pn544.c", -+ [32025].name = "pn544_write", -+ [32025].param3 = 1, ++ [32002].file = "net/sctp/socket.c", ++ [32002].name = "sctp_setsockopt_active_key", ++ [32002].param3 = 1, + [32182].file = "net/sunrpc/cache.c", + [32182].name = "cache_write", + [32182].param3 = 1, ++ [32278].file = "kernel/time/timer_stats.c", ++ [32278].name = "tstats_write", ++ [32278].param3 = 1, + [32326].file = "drivers/tty/n_r3964.c", + [32326].name = "r3964_write", + [32326].param4 = 1, @@ -82908,21 +83134,34 @@ index 0000000..55a1292 + [32459].file = "drivers/media/radio/radio-wl1273.c", + [32459].name = "wl1273_fm_fops_write", + [32459].param3 = 1, ++ [32531].file = "fs/bio.c", ++ [32531].name = "__bio_map_kern", ++ [32531].param2 = 1, ++ [32531].param3 = 1, ++ [32537].file = "drivers/staging/vme/devices/vme_user.c", ++ [32537].name = "buffer_to_user", ++ [32537].param3 = 1, + [32560].file = "drivers/input/input-mt.c", + [32560].name = "input_mt_init_slots", + [32560].param2 = 1, -+ [32574].file = "mm/mempolicy.c", -+ [32574].name = "sys_get_mempolicy", -+ [32574].param3 = 1, + [32608].file = "security/selinux/selinuxfs.c", + [32608].name = "sel_write_checkreqprot", + [32608].param3 = 1, ++ [32812].file = "drivers/net/ethernet/neterion/vxge/vxge-config.c", ++ [32812].name = "__vxge_hw_channel_allocate", ++ [32812].param3 = 1, + [32950].file = "fs/reiserfs/resize.c", + [32950].name = "reiserfs_resize", + [32950].param2 = 1, + [33010].file = "drivers/media/dvb/dvb-core/dvb_ringbuffer.c", + [33010].name = "dvb_ringbuffer_pkt_read_user", + [33010].param5 = 1, ++ [33130].file = "net/llc/llc_sap.c", ++ [33130].name = "llc_alloc_frame", ++ [33130].param4 = 1, ++ [33221].file = "crypto/ablkcipher.c", ++ [33221].name = "ablkcipher_copy_iv", ++ [33221].param3 = 1, + [33268].file = "mm/maccess.c", + [33268].name = "__probe_kernel_write", + [33268].param3 = 1, @@ -82932,21 +83171,24 @@ index 0000000..55a1292 + [33375].file = "drivers/staging/rtl8712/osdep_service.h", + [33375].name = "_malloc", + [33375].param1 = 1, ++ [33489].file = "fs/binfmt_misc.c", ++ [33489].name = "create_entry", ++ [33489].param2 = 1, + [33637].file = "net/9p/client.c", + [33637].name = "p9_client_read", + [33637].param5 = 1, + [33669].file = "fs/gfs2/glock.c", + [33669].name = "gfs2_glock_nq_m", + [33669].param1 = 1, ++ [33779].file = "drivers/staging/vme/devices/vme_user.c", ++ [33779].name = "resource_from_user", ++ [33779].param3 = 1, + [33810].file = "net/mac80211/util.c", + [33810].name = "ieee80211_send_probe_req", + [33810].param6 = 1, + [3384].file = "drivers/block/paride/pg.c", + [3384].name = "pg_write", + [3384].param3 = 1, -+ [34016].file = "drivers/tty/tty_buffer.c", -+ [34016].name = "tty_prepare_flip_string_flags", -+ [34016].param4 = 1, + [34105].file = "fs/libfs.c", + [34105].name = "simple_read_from_buffer", + [34105].param2 = 1, @@ -82969,36 +83211,49 @@ index 0000000..55a1292 + [34432].file = "drivers/edac/edac_pci.c", + [34432].name = "edac_pci_alloc_ctl_info", + [34432].param1 = 1, ++ [34532].file = "drivers/virtio/virtio_ring.c", ++ [34532].name = "vring_add_indirect", ++ [34532].param3 = 1, ++ [34532].param4 = 1, ++ [34543].file = "net/sctp/tsnmap.c", ++ [34543].name = "sctp_tsnmap_grow", ++ [34543].param2 = 1, + [34551].file = "fs/ocfs2/stack_user.c", + [34551].name = "ocfs2_control_cfu", + [34551].param2 = 1, ++ [34634].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c", ++ [34634].name = "ath6kl_send_go_probe_resp", ++ [34634].param3 = 1, + [34666].file = "fs/cifs/cifs_debug.c", + [34666].name = "cifs_security_flags_proc_write", + [34666].param3 = 1, ++ [3466].file = "drivers/misc/altera-stapl/altera-jtag.c", ++ [3466].name = "altera_drscan", ++ [3466].param2 = 1, + [34672].file = "drivers/tty/tty_io.c", + [34672].name = "tty_write", + [34672].param3 = 1, ++ [34679].file = "drivers/media/video/ivtv/ivtv-fileops.c", ++ [34679].name = "ivtv_copy_buf_to_user", ++ [34679].param4 = 1, ++ [34721].file = "drivers/usb/host/hwa-hc.c", ++ [34721].name = "__hwahc_dev_set_key", ++ [34721].param5 = 1, ++ [34749].file = "mm/nobootmem.c", ++ [34749].name = "__alloc_bootmem_low_node", ++ [34749].param2 = 1, + [34760].file = "include/acpi/platform/aclinux.h", + [34760].name = "acpi_os_allocate_zeroed", + [34760].param1 = 1, + [34802].file = "drivers/scsi/cxgbi/libcxgbi.h", + [34802].name = "cxgbi_alloc_big_mem", + [34802].param1 = 1, -+ [34847].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [34847].name = "iwl_dbgfs_clear_traffic_statistics_write", -+ [34847].param3 = 1, + [34863].file = "drivers/video/fbsysfs.c", + [34863].name = "framebuffer_alloc", + [34863].param1 = 1, + [34882].file = "drivers/platform/x86/toshiba_acpi.c", + [34882].name = "video_proc_write", + [34882].param3 = 1, -+ [34988].file = "drivers/net/wireless/libertas/debugfs.c", -+ [34988].name = "lbs_rdrf_write", -+ [34988].param3 = 1, -+ [35007].file = "drivers/usb/mon/mon_bin.c", -+ [35007].name = "mon_bin_read", -+ [35007].param3 = 1, + [35050].file = "fs/ocfs2/dlmfs/dlmfs.c", + [35050].name = "dlmfs_file_write", + [35050].param3 = 1, @@ -83008,9 +83263,12 @@ index 0000000..55a1292 + [35129].file = "mm/nobootmem.c", + [35129].name = "___alloc_bootmem_nopanic", + [35129].param1 = 1, -+ [35176].file = "drivers/usb/misc/ldusb.c", -+ [35176].name = "ld_usb_write", -+ [35176].param3 = 1, ++ [35159].file = "drivers/net/wimax/i2400m/usb.c", ++ [35159].name = "__i2400mu_send_barker", ++ [35159].param3 = 1, ++ [35232].file = "drivers/media/video/cx18/cx18-fileops.c", ++ [35232].name = "cx18_read", ++ [35232].param3 = 1, + [35234].file = "net/irda/irnet/irnet_ppp.c", + [35234].name = "irnet_ctrl_write", + [35234].param3 = 1, @@ -83020,27 +83278,31 @@ index 0000000..55a1292 + [35268].file = "security/keys/request_key_auth.c", + [35268].name = "request_key_auth_read", + [35268].param3 = 1, -+ [3541].file = "drivers/mtd/ubi/cdev.c", -+ [3541].name = "vol_cdev_write", -+ [3541].param3 = 1, ++ [3538].file = "net/bluetooth/mgmt.c", ++ [3538].name = "disconnect", ++ [3538].param4 = 1, + [35443].file = "sound/core/pcm_memory.c", + [35443].name = "_snd_pcm_lib_alloc_vmalloc_buffer", + [35443].param2 = 1, -+ [35449].file = "fs/namei.c", -+ [35449].name = "sys_mkdir", -+ [35449].param1 = 1, -+ [35542].file = "drivers/tty/ipwireless/hardware.c", -+ [35542].name = "ipwireless_send_packet", -+ [35542].param4 = 1, ++ [35468].file = "drivers/xen/xenfs/xenbus.c", ++ [35468].name = "xenbus_file_write", ++ [35468].param3 = 1, ++ [35536].file = "kernel/sysctl_binary.c", ++ [35536].name = "bin_uuid", ++ [35536].param3 = 1, ++ [35551].file = "drivers/media/video/ivtv/ivtv-fileops.c", ++ [35551].name = "ivtv_read_pos", ++ [35551].param3 = 1, + [35556].file = "fs/read_write.c", + [35556].name = "sys_readv", + [35556].param3 = 1, -+ [35610].file = "net/batman-adv/translation-table.c", -+ [35610].name = "tt_save_orig_buffer", -+ [35610].param4 = 1, + [35693].file = "drivers/staging/mei/main.c", + [35693].name = "mei_read", + [35693].param3 = 1, ++ [35703].file = "crypto/ablkcipher.c", ++ [35703].name = "ablkcipher_next_slow", ++ [35703].param3 = 1, ++ [35703].param4 = 1, + [35729].file = "include/linux/skbuff.h", + [35729].name = "__dev_alloc_skb", + [35729].param1 = 1, @@ -83054,9 +83316,9 @@ index 0000000..55a1292 + [35880].file = "fs/ecryptfs/crypto.c", + [35880].name = "ecryptfs_encrypt_and_encode_filename", + [35880].param6 = 1, -+ [3604].file = "net/batman-adv/translation-table.c", -+ [3604].name = "tt_update_orig", -+ [3604].param4 = 1, ++ [36076].file = "drivers/net/ethernet/sfc/tx.c", ++ [36076].name = "efx_tsoh_heap_alloc", ++ [36076].param2 = 1, + [36080].file = "drivers/media/video/v4l2-ioctl.c", + [36080].name = "video_usercopy", + [36080].param2 = 1, @@ -83069,12 +83331,16 @@ index 0000000..55a1292 + [36199].file = "net/sunrpc/auth_gss/auth_gss.c", + [36199].name = "gss_pipe_downcall", + [36199].param3 = 1, -+ [3630].file = "drivers/video/broadsheetfb.c", -+ [3630].name = "broadsheetfb_write", -+ [3630].param3 = 1, -+ [3632].file = "drivers/firewire/core-cdev.c", -+ [3632].name = "fw_device_op_read", -+ [3632].param3 = 1, ++ [36206].file = "net/ipv4/tcp_input.c", ++ [36206].name = "tcp_collapse", ++ [36206].param5 = 1, ++ [36206].param6 = 1, ++ [36230].file = "drivers/net/wan/hdlc_ppp.c", ++ [36230].name = "ppp_cp_parse_cr", ++ [36230].param4 = 1, ++ [36284].file = "drivers/spi/spi.c", ++ [36284].name = "spi_register_board_info", ++ [36284].param2 = 1, + [36490].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c", + [36490].name = "ath6kl_cfg80211_connect_event", + [36490].param7 = 1, @@ -83084,57 +83350,48 @@ index 0000000..55a1292 + [36560].file = "net/sunrpc/cache.c", + [36560].name = "write_flush", + [36560].param3 = 1, -+ [36633].file = "drivers/net/wireless/rt2x00/rt2x00debug.c", -+ [36633].name = "rt2x00debug_read_queue_stats", -+ [36633].param3 = 1, -+ [3665].file = "drivers/media/video/ivtv/ivtvfb.c", -+ [3665].name = "ivtvfb_write", -+ [3665].param3 = 1, -+ [36981].file = "drivers/video/via/viafbdev.c", -+ [36981].name = "viafb_dfpl_proc_write", -+ [36981].param3 = 1, ++ [36807].file = "drivers/usb/mon/mon_bin.c", ++ [36807].name = "mon_bin_get_event", ++ [36807].param4 = 1, + [37034].file = "fs/cifs/cifssmb.c", + [37034].name = "cifs_writedata_alloc", + [37034].param1 = 1, + [37044].file = "sound/firewire/packets-buffer.c", + [37044].name = "iso_packets_buffer_init", + [37044].param3 = 1, -+ [37115].file = "drivers/tty/tty_buffer.c", -+ [37115].name = "tty_prepare_flip_string", -+ [37115].param3 = 1, ++ [37108].file = "drivers/media/dvb/ttpci/av7110_av.c", ++ [37108].name = "dvb_video_write", ++ [37108].param3 = 1, + [37163].file = "net/core/skbuff.c", + [37163].name = "__netdev_alloc_skb", + [37163].param2 = 1, -+ [37204].file = "drivers/isdn/hardware/eicon/divasi.c", -+ [37204].name = "um_idi_read", -+ [37204].param3 = 1, + [37233].file = "fs/ocfs2/cluster/tcp.c", + [37233].name = "o2net_send_message_vec", + [37233].param4 = 1, ++ [37241].file = "net/atm/lec.c", ++ [37241].name = "lane2_associate_req", ++ [37241].param4 = 1, + [37309].file = "drivers/mtd/mtdchar.c", + [37309].name = "mtd_do_readoob", + [37309].param4 = 1, -+ [37382].file = "drivers/staging/pohmelfs/inode.c", -+ [37382].name = "pohmelfs_readpages_trans_complete", -+ [37382].param2 = 1, + [37384].file = "drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c", + [37384].name = "vmw_fifo_reserve", + [37384].param2 = 1, + [37497].file = "net/mac80211/util.c", + [37497].name = "ieee80211_build_probe_req", + [37497].param7 = 1, -+ [37594].file = "include/linux/poll.h", -+ [37594].name = "get_fd_set", -+ [37594].param1 = 1, ++ [37535].file = "kernel/trace/trace.c", ++ [37535].name = "tracing_trace_options_write", ++ [37535].param3 = 1, + [37611].file = "drivers/xen/xenbus/xenbus_xs.c", + [37611].name = "split", + [37611].param2 = 1, + [37661].file = "mm/filemap.c", + [37661].name = "file_read_actor", + [37661].param4 = 1, -+ [37872].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [37872].name = "iwl_dbgfs_protection_mode_write", -+ [37872].param3 = 1, ++ [37921].file = "drivers/net/wireless/wl12xx/rx.c", ++ [37921].name = "wl1271_rx_handle_data", ++ [37921].param3 = 1, + [37976].file = "drivers/platform/x86/asus_acpi.c", + [37976].name = "bluetooth_proc_write", + [37976].param3 = 1, @@ -83144,12 +83401,18 @@ index 0000000..55a1292 + [3801].file = "drivers/block/paride/pt.c", + [3801].name = "pt_write", + [3801].param3 = 1, ++ [38052].file = "kernel/kexec.c", ++ [38052].name = "kimage_normal_alloc", ++ [38052].param3 = 1, + [38057].file = "fs/coda/psdev.c", + [38057].name = "coda_psdev_write", + [38057].param3 = 1, + [38186].file = "kernel/signal.c", + [38186].name = "do_sigpending", + [38186].param2 = 1, ++ [38314].file = "fs/nfs/read.c", ++ [38314].name = "nfs_readdata_alloc", ++ [38314].param1 = 1, + [38401].file = "drivers/xen/xenfs/xenbus.c", + [38401].name = "queue_reply", + [38401].param3 = 1, @@ -83162,30 +83425,40 @@ index 0000000..55a1292 + [38576].file = "drivers/i2c/i2c-dev.c", + [38576].name = "i2cdev_read", + [38576].param3 = 1, ++ [38704].file = "drivers/media/video/uvc/uvc_driver.c", ++ [38704].name = "uvc_alloc_entity", ++ [38704].param3 = 1, ++ [38704].param4 = 1, + [38747].file = "fs/xattr.c", + [38747].name = "sys_lgetxattr", + [38747].param4 = 1, ++ [38867].file = "drivers/scsi/scsi_transport_fc.c", ++ [38867].name = "fc_host_post_vendor_event", ++ [38867].param3 = 1, ++ [38931].file = "drivers/isdn/hardware/eicon/capimain.c", ++ [38931].name = "diva_os_alloc_message_buffer", ++ [38931].param1 = 1, + [38972].file = "security/smack/smackfs.c", + [38972].name = "smk_write_logging", + [38972].param3 = 1, + [39001].file = "net/xfrm/xfrm_hash.c", + [39001].name = "xfrm_hash_alloc", + [39001].param1 = 1, -+ [39044].file = "lib/kstrtox.c", -+ [39044].name = "kstrtos16_from_user", -+ [39044].param2 = 1, + [39052].file = "drivers/input/evdev.c", + [39052].name = "evdev_ioctl", + [39052].param2 = 1, -+ [39154].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [39154].name = "iwl_dbgfs_clear_ucode_statistics_write", -+ [39154].param3 = 1, -+ [39155].file = "drivers/xen/grant-table.c", -+ [39155].name = "get_free_entries", -+ [39155].param1 = 1, ++ [39066].file = "drivers/media/dvb/frontends/tda10048.c", ++ [39066].name = "tda10048_writeregbulk", ++ [39066].param4 = 1, ++ [39118].file = "drivers/misc/iwmc3200top/log.c", ++ [39118].name = "store_iwmct_log_level_fw", ++ [39118].param4 = 1, + [39254].file = "drivers/char/pcmcia/cm4000_cs.c", + [39254].name = "cmm_write", + [39254].param3 = 1, ++ [39392].file = "drivers/atm/solos-pci.c", ++ [39392].name = "send_command", ++ [39392].param4 = 1, + [39415].file = "fs/pstore/inode.c", + [39415].name = "pstore_mkfile", + [39415].param5 = 1, @@ -83195,27 +83468,27 @@ index 0000000..55a1292 + [39479].file = "drivers/ide/ide-tape.c", + [39479].name = "idetape_chrdev_read", + [39479].param3 = 1, -+ [39573].file = "drivers/hid/hid-picolcd.c", -+ [39573].name = "picolcd_debug_reset_write", -+ [39573].param3 = 1, -+ [39583].file = "drivers/net/ethernet/broadcom/cnic.c", -+ [39583].name = "cnic_init_id_tbl", -+ [39583].param2 = 1, -+ [39606].file = "drivers/bluetooth/hci_vhci.c", -+ [39606].name = "vhci_write", -+ [39606].param3 = 1, ++ [39586].file = "drivers/hv/channel.c", ++ [39586].name = "create_gpadl_header", ++ [39586].param2 = 1, + [39638].file = "security/selinux/selinuxfs.c", + [39638].name = "sel_write_avc_cache_threshold", + [39638].param3 = 1, + [39645].file = "drivers/media/dvb/dvb-core/dvbdev.c", + [39645].name = "dvb_generic_ioctl", + [39645].param2 = 1, -+ [39741].file = "drivers/video/via/viafbdev.c", -+ [39741].name = "viafb_iga2_odev_proc_write", -+ [39741].param3 = 1, ++ [39770].file = "include/linux/mISDNif.h", ++ [39770].name = "mI_alloc_skb", ++ [39770].param1 = 1, ++ [39813].file = "fs/ocfs2/stack_user.c", ++ [39813].name = "ocfs2_control_message", ++ [39813].param3 = 1, + [39888].file = "net/core/skbuff.c", + [39888].name = "__alloc_skb", + [39888].param1 = 1, ++ [39980].file = "net/bluetooth/mgmt.c", ++ [39980].name = "pair_device", ++ [39980].param4 = 1, + [40043].file = "drivers/media/video/v4l2-ioctl.c", + [40043].name = "video_ioctl2", + [40043].param2 = 1, @@ -83237,24 +83510,24 @@ index 0000000..55a1292 + [40302].file = "sound/isa/gus/gus_dram.c", + [40302].name = "snd_gus_dram_poke", + [40302].param4 = 1, ++ [40339].file = "drivers/acpi/apei/hest.c", ++ [40339].name = "hest_ghes_dev_register", ++ [40339].param1 = 1, + [40355].file = "drivers/staging/mei/main.c", + [40355].name = "mei_write", + [40355].param3 = 1, + [40373].file = "fs/cifs/cifs_spnego.c", + [40373].name = "cifs_spnego_key_instantiate", + [40373].param3 = 1, -+ [40412].file = "fs/namei.c", -+ [40412].name = "user_path_at", -+ [40412].param2 = 1, -+ [40578].file = "sound/soc/soc-core.c", -+ [40578].name = "codec_reg_write_file", -+ [40578].param3 = 1, -+ [40678].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [40678].name = "iwl_legacy_dbgfs_traffic_log_write", -+ [40678].param3 = 1, -+ [40713].file = "net/mac80211/debugfs.c", -+ [40713].name = "noack_write", -+ [40713].param3 = 1, ++ [40519].file = "net/sctp/socket.c", ++ [40519].name = "sctp_setsockopt_events", ++ [40519].param3 = 1, ++ [40694].file = "mm/page_cgroup.c", ++ [40694].name = "alloc_page_cgroup", ++ [40694].param1 = 1, ++ [40731].file = "drivers/tty/tty_io.c", ++ [40731].name = "do_tty_write", ++ [40731].param5 = 1, + [40754].file = "fs/btrfs/delayed-inode.c", + [40754].name = "btrfs_alloc_delayed_item", + [40754].param1 = 1, @@ -83264,61 +83537,57 @@ index 0000000..55a1292 + [40901].file = "drivers/block/drbd/drbd_bitmap.c", + [40901].name = "drbd_bm_resize", + [40901].param2 = 1, ++ [40951].file = "drivers/xen/evtchn.c", ++ [40951].name = "evtchn_read", ++ [40951].param3 = 1, + [40952].file = "drivers/misc/sgi-xp/xpc_partition.c", + [40952].name = "xpc_kmalloc_cacheline_aligned", + [40952].param1 = 1, + [41000].file = "sound/core/pcm_native.c", + [41000].name = "snd_pcm_aio_read", + [41000].param3 = 1, -+ [41003].file = "fs/namei.c", -+ [41003].name = "user_path_parent", -+ [41003].param2 = 1, + [41005].file = "net/bridge/netfilter/ebtables.c", + [41005].name = "copy_counters_to_user", + [41005].param5 = 1, -+ [41090].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [41090].name = "iwl_legacy_dbgfs_sram_write", -+ [41090].param3 = 1, ++ [41041].file = "net/core/sock.c", ++ [41041].name = "sock_wmalloc", ++ [41041].param2 = 1, + [41122].file = "fs/binfmt_misc.c", + [41122].name = "bm_status_write", + [41122].param3 = 1, -+ [41230].file = "drivers/usb/storage/datafab.c", -+ [41230].name = "datafab_read_data", -+ [41230].param4 = 1, ++ [41176].file = "kernel/trace/trace_events.c", ++ [41176].name = "subsystem_filter_write", ++ [41176].param3 = 1, + [41249].file = "drivers/media/video/zr364xx.c", + [41249].name = "send_control_msg", + [41249].param6 = 1, ++ [41287].file = "drivers/net/ethernet/neterion/vxge/vxge-config.c", ++ [41287].name = "vxge_os_dma_malloc_async", ++ [41287].param3 = 1, + [41302].file = "net/dns_resolver/dns_query.c", + [41302].name = "dns_query", + [41302].param3 = 1, -+ [41418].file = "fs/libfs.c", -+ [41418].name = "simple_attr_write", -+ [41418].param3 = 1, ++ [41408].file = "mm/filemap_xip.c", ++ [41408].name = "__xip_file_write", ++ [41408].param3 = 1, + [4155].file = "kernel/kexec.c", + [4155].name = "do_kimage_alloc", + [4155].param3 = 1, -+ [41592].file = "net/sctp/ssnmap.c", -+ [41592].name = "sctp_ssnmap_new", -+ [41592].param1 = 1, -+ [41592].param2 = 1, -+ [41616].file = "net/core/filter.c", -+ [41616].name = "sk_chk_filter", -+ [41616].param2 = 1, + [41676].file = "fs/compat.c", + [41676].name = "compat_sys_preadv", + [41676].param3 = 1, -+ [41727].file = "drivers/media/video/meye.c", -+ [41727].name = "rvmalloc", -+ [41727].param1 = 1, -+ [41884].file = "sound/core/oss/pcm_plugin.c", -+ [41884].name = "snd_pcm_plug_alloc", -+ [41884].param2 = 1, ++ [4167].file = "drivers/media/dvb/frontends/cx24116.c", ++ [4167].name = "cx24116_writeregN", ++ [4167].param4 = 1, + [41924].file = "security/keys/keyctl.c", + [41924].name = "keyctl_get_security", + [41924].param3 = 1, + [4202].file = "drivers/edac/edac_mc.c", + [4202].name = "edac_mc_alloc", + [4202].param1 = 1, ++ [42081].file = "net/econet/af_econet.c", ++ [42081].name = "aun_incoming", ++ [42081].param3 = 1, + [42143].file = "drivers/media/video/c-qcam.c", + [42143].name = "qcam_read", + [42143].param3 = 1, @@ -83328,58 +83597,58 @@ index 0000000..55a1292 + [42270].file = "net/wireless/scan.c", + [42270].name = "cfg80211_inform_bss_frame", + [42270].param4 = 1, -+ [4233].file = "fs/select.c", -+ [4233].name = "sys_poll", -+ [4233].param2 = 1, -+ [42378].file = "drivers/net/wireless/ath/ath6kl/debug.c", -+ [42378].name = "ath6kl_regread_write", -+ [42378].param3 = 1, ++ [42281].file = "include/linux/mISDNif.h", ++ [42281].name = "_queue_data", ++ [42281].param4 = 1, + [42420].file = "drivers/net/wireless/hostap/hostap_ioctl.c", + [42420].name = "prism2_set_genericelement", + [42420].param3 = 1, -+ [42466].file = "drivers/scsi/lpfc/lpfc_debugfs.c", -+ [42466].name = "lpfc_idiag_cmd_get", -+ [42466].param2 = 1, + [42472].file = "fs/compat.c", + [42472].name = "compat_readv", + [42472].param3 = 1, -+ [42483].file = "drivers/media/video/videobuf-dma-sg.c", -+ [42483].name = "videobuf_dma_init_user_locked", -+ [42483].param3 = 1, -+ [42483].param4 = 1, ++ [42473].file = "net/tipc/name_table.c", ++ [42473].name = "tipc_subseq_alloc", ++ [42473].param1 = 1, + [42562].file = "kernel/kfifo.c", + [42562].name = "__kfifo_to_user_r", + [42562].param3 = 1, + [42666].file = "drivers/pcmcia/cistpl.c", + [42666].name = "read_cis_cache", + [42666].param4 = 1, ++ [42714].file = "drivers/scsi/scsi_tgt_lib.c", ++ [42714].name = "scsi_tgt_copy_sense", ++ [42714].param3 = 1, ++ [42833].file = "kernel/trace/blktrace.c", ++ [42833].name = "blk_msg_write", ++ [42833].param3 = 1, ++ [42857].file = "security/selinux/selinuxfs.c", ++ [42857].name = "sel_write_member", ++ [42857].param3 = 1, + [42882].file = "security/keys/user_defined.c", + [42882].name = "user_instantiate", + [42882].param3 = 1, -+ [42964].file = "drivers/video/fb_sys_fops.c", -+ [42964].name = "fb_sys_read", -+ [42964].param3 = 1, ++ [42930].file = "net/caif/cfpkt_skbuff.c", ++ [42930].name = "cfpkt_create_pfx", ++ [42930].param1 = 1, ++ [42930].param2 = 1, + [43023].file = "drivers/usb/misc/usblcd.c", + [43023].name = "lcd_write", + [43023].param3 = 1, ++ [43104].file = "drivers/mtd/devices/mtd_dataflash.c", ++ [43104].name = "dataflash_read_user_otp", ++ [43104].param3 = 1, + [4324].file = "drivers/video/fbmem.c", + [4324].name = "fb_read", + [4324].param3 = 1, ++ [43266].file = "fs/afs/cell.c", ++ [43266].name = "afs_cell_alloc", ++ [43266].param2 = 1, + [43380].file = "drivers/scsi/bfa/bfad_debugfs.c", + [43380].name = "bfad_debugfs_write_regrd", + [43380].param3 = 1, -+ [43393].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [43393].name = "iwl_dbgfs_sram_write", -+ [43393].param3 = 1, -+ [4344].file = "fs/namei.c", -+ [4344].name = "sys_mkdirat", -+ [4344].param2 = 1, + [43510].file = "kernel/kexec.c", + [43510].name = "compat_sys_kexec_load", + [43510].param2 = 1, -+ [43515].file = "drivers/usb/storage/jumpshot.c", -+ [43515].name = "jumpshot_read_data", -+ [43515].param4 = 1, + [43540].file = "include/rdma/ib_verbs.h", + [43540].name = "ib_copy_to_udata", + [43540].param3 = 1, @@ -83395,51 +83664,73 @@ index 0000000..55a1292 + [43632].file = "drivers/media/video/videobuf2-core.c", + [43632].name = "vb2_read", + [43632].param3 = 1, ++ [43659].file = "drivers/firmware/efivars.c", ++ [43659].name = "efivar_create_sysfs_entry", ++ [43659].param2 = 1, + [43731].file = "drivers/hid/hid-picolcd.c", + [43731].name = "picolcd_debug_eeprom_read", + [43731].param3 = 1, + [43777].file = "drivers/acpi/acpica/utobject.c", + [43777].name = "acpi_ut_create_buffer_object", + [43777].param1 = 1, ++ [43798].file = "net/bluetooth/mgmt.c", ++ [43798].name = "set_local_name", ++ [43798].param4 = 1, ++ [4380].file = "drivers/mtd/devices/mtd_dataflash.c", ++ [4380].name = "dataflash_read_fact_otp", ++ [4380].param3 = 1, + [43834].file = "security/apparmor/apparmorfs.c", + [43834].name = "profile_replace", + [43834].param3 = 1, ++ [43895].file = "drivers/media/dvb/ddbridge/ddbridge-core.c", ++ [43895].name = "ddb_output_write", ++ [43895].param3 = 1, + [43899].file = "drivers/media/rc/imon.c", + [43899].name = "vfd_write", + [43899].param3 = 1, -+ [43982].file = "drivers/platform/x86/toshiba_acpi.c", -+ [43982].name = "keys_proc_write", -+ [43982].param3 = 1, -+ [44039].file = "drivers/video/via/viafbdev.c", -+ [44039].name = "odev_update", -+ [44039].param2 = 1, ++ [43900].file = "drivers/scsi/cxgbi/libcxgbi.c", ++ [43900].name = "cxgbi_device_portmap_create", ++ [43900].param3 = 1, ++ [43922].file = "drivers/mmc/card/mmc_test.c", ++ [43922].name = "mmc_test_alloc_mem", ++ [43922].param3 = 1, ++ [43946].file = "drivers/net/wireless/ath/ath6kl/txrx.c", ++ [43946].name = "aggr_recv_addba_req_evt", ++ [43946].param4 = 1, ++ [44006].file = "mm/process_vm_access.c", ++ [44006].name = "process_vm_rw_pages", ++ [44006].param5 = 1, ++ [44006].param6 = 1, + [44050].file = "fs/nfs/idmap.c", + [44050].name = "nfs_map_group_to_gid", + [44050].param3 = 1, + [44125].file = "fs/ext4/super.c", + [44125].name = "ext4_kvmalloc", + [44125].param1 = 1, -+ [44180].file = "drivers/video/via/viafbdev.c", -+ [44180].name = "viafb_vt1636_proc_write", -+ [44180].param3 = 1, ++ [44266].file = "kernel/cgroup.c", ++ [44266].name = "cgroup_write_string", ++ [44266].param5 = 1, + [44290].file = "drivers/net/usb/dm9601.c", + [44290].name = "dm_read", + [44290].param3 = 1, -+ [44298].file = "drivers/scsi/pmcraid.c", -+ [44298].name = "pmcraid_copy_sglist", -+ [44298].param3 = 1, -+ [44365].file = "fs/namei.c", -+ [44365].name = "do_rmdir", -+ [44365].param2 = 1, -+ [44640].file = "fs/select.c", -+ [44640].name = "sys_ppoll", -+ [44640].param2 = 1, -+ [44649].file = "mm/page_cgroup.c", -+ [44649].name = "swap_cgroup_swapon", -+ [44649].param2 = 1, -+ [44656].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [44656].name = "iwl_legacy_dbgfs_wd_timeout_write", -+ [44656].param3 = 1, ++ [44308].file = "crypto/af_alg.c", ++ [44308].name = "alg_setkey", ++ [44308].param3 = 1, ++ [44419].file = "kernel/module.c", ++ [44419].name = "module_alloc_update_bounds", ++ [44419].param1 = 1, ++ [44510].file = "drivers/net/ethernet/broadcom/bnx2.c", ++ [44510].name = "bnx2_nvram_write", ++ [44510].param2 = 1, ++ [44625].file = "net/bluetooth/mgmt.c", ++ [44625].name = "set_connectable", ++ [44625].param4 = 1, ++ [44642].file = "drivers/net/wireless/iwmc3200wifi/commands.c", ++ [44642].name = "iwm_umac_set_config_var", ++ [44642].param4 = 1, ++ [44698].file = "net/sctp/socket.c", ++ [44698].name = "sctp_setsockopt_context", ++ [44698].param3 = 1, + [4471].file = "fs/ntfs/malloc.h", + [4471].name = "__ntfs_malloc", + [4471].param1 = 1, @@ -83449,54 +83740,56 @@ index 0000000..55a1292 + [44825].file = "drivers/scsi/osd/osd_initiator.c", + [44825].name = "_osd_realloc_seg", + [44825].param3 = 1, ++ [44852].file = "net/sctp/socket.c", ++ [44852].name = "sctp_setsockopt_rtoinfo", ++ [44852].param3 = 1, ++ [44936].file = "drivers/md/dm-raid.c", ++ [44936].name = "context_alloc", ++ [44936].param3 = 1, + [44943].file = "mm/util.c", + [44943].name = "kmemdup", + [44943].param2 = 1, ++ [44946].file = "net/sctp/socket.c", ++ [44946].name = "sctp_setsockopt_auth_chunk", ++ [44946].param3 = 1, + [44990].file = "drivers/media/video/pvrusb2/pvrusb2-ioread.c", + [44990].name = "pvr2_ioread_set_sync_key", + [44990].param3 = 1, + [45000].file = "fs/afs/proc.c", + [45000].name = "afs_proc_rootcell_write", + [45000].param3 = 1, -+ [45119].file = "drivers/usb/misc/yurex.c", -+ [45119].name = "yurex_write", -+ [45119].param3 = 1, -+ [45169].file = "drivers/video/metronomefb.c", -+ [45169].name = "metronomefb_write", -+ [45169].param3 = 1, ++ [45117].file = "drivers/staging/winbond/wb35reg.c", ++ [45117].name = "Wb35Reg_BurstWrite", ++ [45117].param4 = 1, + [45200].file = "drivers/scsi/scsi_proc.c", + [45200].name = "proc_scsi_write_proc", + [45200].param3 = 1, + [45217].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", + [45217].name = "iwl_dbgfs_debug_level_write", + [45217].param3 = 1, -+ [45231].file = "fs/ecryptfs/crypto.c", -+ [45231].name = "ecryptfs_copy_filename", -+ [45231].param4 = 1, + [45233].file = "net/rds/info.c", + [45233].name = "rds_info_getsockopt", + [45233].param3 = 1, -+ [45244].file = "drivers/mfd/ab3100-core.c", -+ [45244].name = "ab3100_get_set_reg", -+ [45244].param3 = 1, -+ [45264].file = "drivers/net/wireless/ath/ath5k/debug.c", -+ [45264].name = "write_file_ani", -+ [45264].param3 = 1, + [45326].file = "drivers/mtd/ubi/cdev.c", + [45326].name = "vol_cdev_read", + [45326].param3 = 1, + [45335].file = "fs/read_write.c", + [45335].name = "vfs_writev", + [45335].param3 = 1, -+ [45421].file = "drivers/message/fusion/mptctl.c", -+ [45421].name = "mptctl_do_mpt_command", -+ [45421].param3 = 1, ++ [45366].file = "drivers/net/ethernet/chelsio/cxgb3/cxgb3_offload.c", ++ [45366].name = "init_tid_tabs", ++ [45366].param2 = 1, ++ [45366].param3 = 1, ++ [45366].param4 = 1, + [45534].file = "drivers/net/wireless/ath/carl9170/cmd.c", + [45534].name = "carl9170_cmd_buf", + [45534].param3 = 1, + [45576].file = "net/netfilter/xt_recent.c", + [45576].name = "recent_mt_proc_write", + [45576].param3 = 1, ++ [45583].file = "fs/gfs2/dir.c", ++ [45583].name = "leaf_dealloc", ++ [45583].param3 = 1, + [45586].file = "drivers/net/wireless/rt2x00/rt2x00debug.c", + [45586].name = "rt2x00debug_write_bbp", + [45586].param3 = 1, @@ -83506,30 +83799,22 @@ index 0000000..55a1292 + [45633].file = "drivers/input/evdev.c", + [45633].name = "evdev_do_ioctl", + [45633].param2 = 1, -+ [45740].file = "drivers/net/wireless/ath/ath6kl/debug.c", -+ [45740].name = "ath6kl_lrssi_roam_write", -+ [45740].param3 = 1, -+ [45747].file = "net/netlink/af_netlink.c", -+ [45747].name = "__netlink_change_ngroups", -+ [45747].param2 = 1, ++ [45743].file = "drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c", ++ [45743].name = "qlcnic_alloc_msix_entries", ++ [45743].param2 = 1, ++ [45864].file = "drivers/atm/ambassador.c", ++ [45864].name = "create_queues", ++ [45864].param2 = 1, ++ [45864].param3 = 1, + [45930].file = "security/apparmor/apparmorfs.c", + [45930].name = "profile_remove", + [45930].param3 = 1, + [45954].file = "drivers/usb/misc/legousbtower.c", + [45954].name = "tower_write", + [45954].param3 = 1, -+ [45995].file = "fs/namei.c", -+ [45995].name = "sys_mknodat", -+ [45995].param2 = 1, -+ [46072].file = "drivers/video/arcfb.c", -+ [46072].name = "arcfb_write", -+ [46072].param3 = 1, + [46140].file = "sound/core/memalloc.c", + [46140].name = "snd_mem_proc_write", + [46140].param3 = 1, -+ [4614].file = "sound/core/pcm_lib.c", -+ [4614].name = "snd_pcm_lib_write_transfer", -+ [4614].param5 = 1, + [4616].file = "net/sunrpc/cache.c", + [4616].name = "cache_do_downcall", + [4616].param3 = 1, @@ -83542,6 +83827,11 @@ index 0000000..55a1292 + [46343].file = "fs/compat.c", + [46343].name = "compat_do_readv_writev", + [46343].param4 = 1, ++ [46400].file = "drivers/staging/sep/sep_driver.c", ++ [46400].name = "sep_prepare_input_output_dma_table", ++ [46400].param2 = 1, ++ [46400].param3 = 1, ++ [46400].param4 = 1, + [4644].file = "drivers/net/usb/mcs7830.c", + [4644].name = "mcs7830_get_reg", + [4644].param3 = 1, @@ -83557,9 +83847,9 @@ index 0000000..55a1292 + [46685].file = "drivers/gpu/drm/ttm/ttm_bo_vm.c", + [46685].name = "ttm_bo_fbdev_io", + [46685].param4 = 1, -+ [46752].file = "drivers/staging/pohmelfs/dir.c", -+ [46752].name = "pohmelfs_name_alloc", -+ [46752].param1 = 1, ++ [46742].file = "drivers/scsi/st.c", ++ [46742].name = "sgl_map_user_pages", ++ [46742].param2 = 1, + [46881].file = "drivers/char/lp.c", + [46881].name = "lp_write", + [46881].param3 = 1, @@ -83570,6 +83860,9 @@ index 0000000..55a1292 + [47265].name = "bnx2fc_cmd_mgr_alloc", + [47265].param2 = 1, + [47265].param3 = 1, ++ [47309].file = "drivers/scsi/aic94xx/aic94xx_init.c", ++ [47309].name = "asd_store_update_bios", ++ [47309].param4 = 1, + [47342].file = "fs/proc/base.c", + [47342].name = "sched_autogroup_write", + [47342].param3 = 1, @@ -83579,36 +83872,52 @@ index 0000000..55a1292 + [47385].file = "drivers/net/wireless/zd1211rw/zd_usb.c", + [47385].name = "zd_usb_iowrite16v", + [47385].param3 = 1, ++ [4738].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c", ++ [4738].name = "ath6kl_set_ap_probe_resp_ies", ++ [4738].param3 = 1, ++ [47393].file = "drivers/net/wireless/ath/main.c", ++ [47393].name = "ath_rxbuf_alloc", ++ [47393].param2 = 1, + [47463].file = "fs/xfs/kmem.c", + [47463].name = "kmem_zalloc", + [47463].param1 = 1, ++ [47474].file = "kernel/trace/trace.c", ++ [47474].name = "tracing_buffers_read", ++ [47474].param3 = 1, + [47636].file = "drivers/usb/class/usblp.c", + [47636].name = "usblp_ioctl", + [47636].param2 = 1, + [47637].file = "drivers/block/cciss.c", + [47637].name = "cciss_proc_write", + [47637].param3 = 1, -+ [47652].file = "lib/kstrtox.c", -+ [47652].name = "kstrtoll_from_user", -+ [47652].param2 = 1, ++ [47712].file = "net/sctp/socket.c", ++ [47712].name = "sctp_setsockopt_maxburst", ++ [47712].param3 = 1, ++ [47728].file = "drivers/char/agp/isoch.c", ++ [47728].name = "agp_3_5_isochronous_node_enable", ++ [47728].param3 = 1, ++ [4779].file = "fs/pipe.c", ++ [4779].name = "pipe_set_size", ++ [4779].param2 = 1, + [47881].file = "security/selinux/selinuxfs.c", + [47881].name = "sel_write_disable", + [47881].param3 = 1, -+ [48010].file = "drivers/net/wireless/ath/ath9k/debug.c", -+ [48010].name = "write_file_rx_chainmask", -+ [48010].param3 = 1, ++ [48124].file = "drivers/net/wireless/iwmc3200wifi/main.c", ++ [48124].name = "iwm_notif_send", ++ [48124].param6 = 1, + [48155].file = "net/sctp/sm_make_chunk.c", + [48155].name = "sctp_make_abort_user", + [48155].param3 = 1, + [48182].file = "crypto/cryptd.c", + [48182].name = "cryptd_alloc_instance", + [48182].param2 = 1, ++ [48182].param3 = 1, + [48248].file = "security/keys/keyctl.c", + [48248].name = "keyctl_instantiate_key", + [48248].param3 = 1, -+ [48461].file = "drivers/gpu/drm/drm_memory.c", -+ [48461].name = "agp_remap", -+ [48461].param2 = 1, ++ [4829].file = "drivers/block/floppy.c", ++ [4829].name = "fd_copyout", ++ [4829].param3 = 1, + [48642].file = "fs/hugetlbfs/inode.c", + [48642].name = "hugetlbfs_read", + [48642].param3 = 1, @@ -83618,13 +83927,18 @@ index 0000000..55a1292 + [48768].file = "net/irda/irnet/irnet_ppp.c", + [48768].name = "dev_irnet_write", + [48768].param3 = 1, ++ [48818].file = "net/sunrpc/svc.c", ++ [48818].name = "svc_pool_map_alloc_arrays", ++ [48818].param2 = 1, ++ [48854].file = "drivers/md/dm-stripe.c", ++ [48854].name = "alloc_context", ++ [48854].param1 = 1, + [48856].file = "drivers/acpi/acpica/utalloc.c", + [48856].name = "acpi_ut_initialize_buffer", + [48856].param2 = 1, -+ [48941].file = "drivers/gpu/drm/nouveau/nouveau_vm.c", -+ [48941].name = "nouveau_vm_new", -+ [48941].param2 = 1, -+ [48941].param3 = 1, ++ [48862].file = "net/sctp/socket.c", ++ [48862].name = "sctp_setsockopt_adaptation_layer", ++ [48862].param3 = 1, + [49126].file = "lib/prio_heap.c", + [49126].name = "heap_init", + [49126].param2 = 1, @@ -83634,18 +83948,18 @@ index 0000000..55a1292 + [49216].file = "fs/read_write.c", + [49216].name = "do_readv_writev", + [49216].param4 = 1, -+ [49354].file = "drivers/media/video/cx18/cx18-fileops.c", -+ [49354].name = "cx18_v4l2_read", -+ [49354].param3 = 1, + [49448].file = "drivers/isdn/gigaset/common.c", + [49448].name = "gigaset_initdriver", + [49448].param2 = 1, + [49494].file = "drivers/virtio/virtio_ring.c", + [49494].name = "vring_new_virtqueue", + [49494].param1 = 1, -+ [49507].file = "fs/namei.c", -+ [49507].name = "sys_symlink", -+ [49507].param1 = 1, ++ [49510].file = "net/sctp/socket.c", ++ [49510].name = "sctp_setsockopt_autoclose", ++ [49510].param3 = 1, ++ [4958].file = "drivers/net/wireless/p54/fwio.c", ++ [4958].name = "p54_alloc_skb", ++ [4958].param3 = 1, + [49604].file = "crypto/af_alg.c", + [49604].name = "alg_setsockopt", + [49604].param5 = 1, @@ -83659,43 +83973,28 @@ index 0000000..55a1292 + [49718].file = "drivers/hid/hid-roccat-common.c", + [49718].name = "roccat_common_send", + [49718].param4 = 1, -+ [4972].file = "drivers/video/fb_sys_fops.c", -+ [4972].name = "fb_sys_write", -+ [4972].param3 = 1, + [49746].file = "net/ipv4/netfilter/arp_tables.c", + [49746].name = "compat_do_arpt_set_ctl", + [49746].param4 = 1, + [49780].file = "net/mac80211/key.c", + [49780].name = "ieee80211_key_alloc", + [49780].param3 = 1, ++ [49805].file = "drivers/pci/pci.c", ++ [49805].name = "pci_add_cap_save_buffer", ++ [49805].param3 = 1, + [49845].file = "mm/vmalloc.c", + [49845].name = "__vmalloc_node", + [49845].param1 = 1, ++ [49929].file = "drivers/mtd/ubi/cdev.c", ++ [49929].name = "vol_cdev_direct_write", ++ [49929].param3 = 1, + [49935].file = "fs/xfs/kmem.c", + [49935].name = "kmem_zalloc_greedy", + [49935].param2 = 1, + [49935].param3 = 1, -+ [50001].file = "sound/pci/ctxfi/ctresource.c", -+ [50001].name = "rsc_mgr_init", -+ [50001].param3 = 1, -+ [50022].file = "drivers/usb/storage/shuttle_usbat.c", -+ [50022].name = "usbat_flash_read_data", -+ [50022].param4 = 1, -+ [50096].file = "drivers/net/wireless/libertas/debugfs.c", -+ [50096].name = "lbs_rdbbp_write", -+ [50096].param3 = 1, -+ [50102].file = "drivers/telephony/ixj.c", -+ [50102].name = "ixj_write", -+ [50102].param3 = 1, -+ [50238].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [50238].name = "iwl_legacy_dbgfs_clear_ucode_statistics_write", -+ [50238].param3 = 1, -+ [50267].file = "drivers/net/wireless/rt2x00/rt2x00debug.c", -+ [50267].name = "rt2x00debug_read_crypto_stats", -+ [50267].param3 = 1, -+ [50398].file = "fs/proc/base.c", -+ [50398].name = "mem_write", -+ [50398].param3 = 1, ++ [49].file = "net/atm/svc.c", ++ [49].name = "svc_setsockopt", ++ [49].param5 = 1, + [50518].file = "drivers/gpu/drm/nouveau/nouveau_gem.c", + [50518].name = "u_memcpya", + [50518].param2 = 1, @@ -83706,9 +84005,11 @@ index 0000000..55a1292 + [50562].file = "drivers/media/video/zoran/zoran_procfs.c", + [50562].name = "zoran_write", + [50562].param3 = 1, -+ [50653].file = "net/sunrpc/cache.c", -+ [50653].name = "cache_write_procfs", -+ [50653].param3 = 1, ++ [50617].file = "fs/hugetlbfs/inode.c", ++ [50617].name = "hugetlbfs_read_actor", ++ [50617].param2 = 1, ++ [50617].param4 = 1, ++ [50617].param5 = 1, + [50692].file = "lib/ts_bm.c", + [50692].name = "bm_init", + [50692].param2 = 1, @@ -83722,9 +84023,12 @@ index 0000000..55a1292 + [5102].name = "usbtest_alloc_urb", + [5102].param3 = 1, + [5102].param5 = 1, -+ [51052].file = "drivers/base/firmware_class.c", -+ [51052].name = "firmware_data_write", -+ [51052].param6 = 1, ++ [51061].file = "net/bluetooth/mgmt.c", ++ [51061].name = "pin_code_reply", ++ [51061].param4 = 1, ++ [51139].file = "fs/pipe.c", ++ [51139].name = "pipe_iov_copy_to_user", ++ [51139].param3 = 1, + [51177].file = "net/sunrpc/xprtrdma/transport.c", + [51177].name = "xprt_rdma_allocate", + [51177].param2 = 1, @@ -83737,30 +84041,34 @@ index 0000000..55a1292 + [51253].file = "drivers/net/wireless/rt2x00/rt2x00debug.c", + [51253].name = "rt2x00debug_write_eeprom", + [51253].param3 = 1, -+ [51284].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [51284].name = "iwl_legacy_dbgfs_interrupt_write", -+ [51284].param3 = 1, + [51323].file = "sound/pci/ac97/ac97_pcm.c", + [51323].name = "snd_ac97_pcm_assign", + [51323].param2 = 1, + [51340].file = "drivers/usb/class/usblp.c", + [51340].name = "usblp_write", + [51340].param3 = 1, -+ [51471].file = "drivers/block/floppy.c", -+ [51471].name = "fd_locked_ioctl", -+ [51471].param3 = 1, ++ [51499].file = "net/802/garp.c", ++ [51499].name = "garp_attr_create", ++ [51499].param3 = 1, ++ [51842].file = "drivers/hid/hid-core.c", ++ [51842].name = "hid_register_field", ++ [51842].param2 = 1, ++ [51842].param3 = 1, + [5197].file = "net/core/dev.c", + [5197].name = "dev_set_alias", + [5197].param3 = 1, -+ [51998].file = "drivers/net/macvtap.c", -+ [51998].name = "macvtap_get_user", -+ [51998].param4 = 1, + [5204].file = "drivers/media/video/usbvision/usbvision-video.c", + [5204].name = "usbvision_v4l2_read", + [5204].param3 = 1, ++ [5206].file = "drivers/media/dvb/ttpci/av7110_v4l.c", ++ [5206].name = "av7110_vbi_write", ++ [5206].param3 = 1, + [52086].file = "drivers/usb/image/mdc800.c", + [52086].name = "mdc800_device_read", + [52086].param3 = 1, ++ [52099].file = "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c", ++ [52099].name = "do_surface_dirty_sou", ++ [52099].param7 = 1, + [52172].file = "drivers/pcmcia/cistpl.c", + [52172].name = "pccard_store_cis", + [52172].param6 = 1, @@ -83770,18 +84078,9 @@ index 0000000..55a1292 + [52199].file = "mm/nobootmem.c", + [52199].name = "__alloc_bootmem", + [52199].param1 = 1, -+ [52201].file = "drivers/video/via/viafbdev.c", -+ [52201].name = "viafb_dvp0_proc_write", -+ [52201].param3 = 1, -+ [5233].file = "include/linux/poll.h", -+ [5233].name = "set_fd_set", -+ [5233].param1 = 1, + [52343].file = "drivers/usb/misc/adutux.c", + [52343].name = "adu_read", + [52343].param3 = 1, -+ [52364].file = "sound/core/pcm_lib.c", -+ [52364].name = "snd_pcm_lib_readv_transfer", -+ [52364].param5 = 1, + [52401].file = "drivers/staging/rtl8712/rtl871x_ioctl_linux.c", + [52401].name = "r871x_set_wpa_ie", + [52401].param3 = 1, @@ -83791,6 +84090,12 @@ index 0000000..55a1292 + [52721].file = "security/keys/encrypted-keys/encrypted.c", + [52721].name = "encrypted_instantiate", + [52721].param3 = 1, ++ [52902].file = "fs/xfs/kmem.h", ++ [52902].name = "kmem_zalloc_large", ++ [52902].param1 = 1, ++ [52950].file = "net/bluetooth/mgmt.c", ++ [52950].name = "set_discoverable", ++ [52950].param4 = 1, + [53041].file = "fs/libfs.c", + [53041].name = "simple_transaction_get", + [53041].param3 = 1, @@ -83819,54 +84124,42 @@ index 0000000..55a1292 + [5344].file = "security/selinux/ss/hashtab.c", + [5344].name = "hashtab_create", + [5344].param3 = 1, -+ [53468].file = "drivers/char/mem.c", -+ [53468].name = "write_mem", -+ [53468].param3 = 1, + [53513].file = "drivers/mmc/core/mmc_ops.c", + [53513].name = "mmc_send_bus_test", + [53513].param4 = 1, -+ [53539].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [53539].name = "iwl_dbgfs_txfifo_flush_write", -+ [53539].param3 = 1, + [53626].file = "drivers/block/paride/pg.c", + [53626].name = "pg_read", + [53626].param3 = 1, + [53631].file = "mm/util.c", + [53631].name = "memdup_user", + [53631].param2 = 1, -+ [53680].file = "lib/kstrtox.c", -+ [53680].name = "kstrtol_from_user", -+ [53680].param2 = 1, ++ [53674].file = "drivers/media/dvb/ttpci/av7110_ca.c", ++ [53674].name = "ci_ll_write", ++ [53674].param4 = 1, + [5389].file = "drivers/infiniband/core/uverbs_cmd.c", + [5389].name = "ib_uverbs_unmarshall_recv", + [5389].param5 = 1, + [53901].file = "net/rds/message.c", + [53901].name = "rds_message_alloc", + [53901].param1 = 1, -+ [53904].file = "fs/namei.c", -+ [53904].name = "sys_unlink", -+ [53904].param1 = 1, ++ [53902].file = "net/sctp/socket.c", ++ [53902].name = "sctp_setsockopt_initmsg", ++ [53902].param3 = 1, + [5410].file = "kernel/kexec.c", + [5410].name = "sys_kexec_load", + [5410].param2 = 1, + [54182].file = "drivers/block/rbd.c", + [54182].name = "rbd_snap_add", + [54182].param4 = 1, -+ [5419].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [5419].name = "iwl_legacy_dbgfs_disable_ht40_write", -+ [5419].param3 = 1, + [54201].file = "drivers/platform/x86/asus_acpi.c", + [54201].name = "mled_proc_write", + [54201].param3 = 1, -+ [5422].file = "fs/namei.c", -+ [5422].name = "do_unlinkat", -+ [5422].param2 = 1, -+ [54252].file = "drivers/scsi/st.c", -+ [54252].name = "st_write", -+ [54252].param3 = 1, + [54263].file = "security/keys/trusted.c", + [54263].name = "trusted_instantiate", + [54263].param3 = 1, ++ [54296].file = "include/linux/mISDNif.h", ++ [54296].name = "_alloc_mISDN_skb", ++ [54296].param3 = 1, + [54298].file = "drivers/usb/wusbcore/crypto.c", + [54298].name = "wusb_ccm_mac", + [54298].param7 = 1, @@ -83878,24 +84171,30 @@ index 0000000..55a1292 + [54335].name = "dm_vcalloc", + [54335].param1 = 1, + [54335].param2 = 1, ++ [54338].file = "fs/ntfs/malloc.h", ++ [54338].name = "ntfs_malloc_nofs", ++ [54338].param1 = 1, + [54339].file = "security/smack/smackfs.c", + [54339].name = "smk_write_cipso", + [54339].param3 = 1, ++ [54369].file = "drivers/usb/storage/realtek_cr.c", ++ [54369].name = "rts51x_read_mem", ++ [54369].param4 = 1, + [5438].file = "sound/core/memory.c", + [5438].name = "copy_to_user_fromio", + [5438].param3 = 1, + [54401].file = "lib/dynamic_debug.c", + [54401].name = "ddebug_proc_write", + [54401].param3 = 1, -+ [54427].file = "drivers/usb/storage/jumpshot.c", -+ [54427].name = "jumpshot_write_data", -+ [54427].param4 = 1, + [54467].file = "net/packet/af_packet.c", + [54467].name = "packet_setsockopt", + [54467].param5 = 1, + [54573].file = "ipc/sem.c", + [54573].name = "sys_semop", + [54573].param3 = 1, ++ [54583].file = "net/sctp/socket.c", ++ [54583].name = "sctp_setsockopt_peer_addr_params", ++ [54583].param3 = 1, + [54643].file = "drivers/isdn/hardware/eicon/divasi.c", + [54643].name = "um_idi_write", + [54643].param3 = 1, @@ -83905,9 +84204,15 @@ index 0000000..55a1292 + [54663].file = "drivers/isdn/hardware/eicon/platform.h", + [54663].name = "diva_os_malloc", + [54663].param2 = 1, ++ [54701].file = "drivers/misc/altera-stapl/altera-jtag.c", ++ [54701].name = "altera_swap_ir", ++ [54701].param2 = 1, + [54751].file = "drivers/infiniband/core/device.c", + [54751].name = "ib_alloc_device", + [54751].param1 = 1, ++ [54771].file = "drivers/isdn/mISDN/socket.c", ++ [54771].name = "_l2_alloc_skb", ++ [54771].param1 = 1, + [54806].file = "drivers/scsi/lpfc/lpfc_debugfs.c", + [54806].name = "lpfc_debugfs_dif_err_write", + [54806].param3 = 1, @@ -83923,55 +84228,72 @@ index 0000000..55a1292 + [55115].file = "net/sctp/probe.c", + [55115].name = "sctpprobe_read", + [55115].param3 = 1, -+ [55155].file = "net/bluetooth/rfcomm/sock.c", -+ [55155].name = "rfcomm_sock_setsockopt", -+ [55155].param5 = 1, + [55187].file = "security/keys/keyctl.c", + [55187].name = "keyctl_describe_key", + [55187].param3 = 1, -+ [5524].file = "lib/kstrtox.c", -+ [5524].name = "kstrtos8_from_user", -+ [5524].param2 = 1, + [55253].file = "drivers/net/wireless/ray_cs.c", + [55253].name = "ray_cs_essid_proc_write", + [55253].param3 = 1, ++ [55341].file = "drivers/staging/sep/sep_driver.c", ++ [55341].name = "sep_prepare_input_output_dma_table_in_dcb", ++ [55341].param4 = 1, ++ [55341].param5 = 1, ++ [55417].file = "drivers/hv/channel.c", ++ [55417].name = "vmbus_open", ++ [55417].param2 = 1, ++ [55417].param3 = 1, + [5548].file = "drivers/media/media-entity.c", + [5548].name = "media_entity_init", + [5548].param2 = 1, + [5548].param4 = 1, ++ [55546].file = "drivers/spi/spi.c", ++ [55546].name = "spi_alloc_master", ++ [55546].param2 = 1, + [55580].file = "drivers/usb/mon/mon_bin.c", + [55580].name = "copy_from_buf", + [55580].param2 = 1, -+ [55682].file = "drivers/net/wireless/libertas/debugfs.c", -+ [55682].name = "lbs_host_sleep_write", -+ [55682].param3 = 1, ++ [55584].file = "drivers/tty/tty_buffer.c", ++ [55584].name = "tty_buffer_alloc", ++ [55584].param2 = 1, + [55712].file = "drivers/char/mem.c", + [55712].name = "read_zero", + [55712].param3 = 1, -+ [55857].file = "drivers/net/wireless/ath/ath9k/debug.c", -+ [55857].name = "write_file_tx_chainmask", -+ [55857].param3 = 1, ++ [55727].file = "drivers/media/video/stk-webcam.c", ++ [55727].name = "stk_prepare_sio_buffers", ++ [55727].param2 = 1, ++ [55816].file = "drivers/misc/altera-stapl/altera-jtag.c", ++ [55816].name = "altera_set_ir_pre", ++ [55816].param2 = 1, ++ [55826].file = "drivers/infiniband/hw/ipath/ipath_file_ops.c", ++ [55826].name = "ipath_get_base_info", ++ [55826].param3 = 1, ++ [5586].file = "net/atm/common.c", ++ [5586].name = "alloc_tx", ++ [5586].param2 = 1, + [55978].file = "drivers/usb/misc/iowarrior.c", + [55978].name = "iowarrior_write", + [55978].param3 = 1, -+ [5599].file = "drivers/char/random.c", -+ [5599].name = "write_pool", -+ [5599].param3 = 1, -+ [56090].file = "drivers/media/video/videobuf-dma-sg.c", -+ [56090].name = "__videobuf_alloc_vb", -+ [56090].param1 = 1, ++ [56170].file = "drivers/usb/wusbcore/wa-xfer.c", ++ [56170].name = "__wa_xfer_setup_segs", ++ [56170].param2 = 1, + [56199].file = "fs/binfmt_misc.c", + [56199].name = "parse_command", + [56199].param2 = 1, + [56218].file = "drivers/mmc/card/mmc_test.c", + [56218].name = "mtf_test_write", + [56218].param3 = 1, ++ [56239].file = "fs/sysfs/file.c", ++ [56239].name = "fill_write_buffer", ++ [56239].param3 = 1, ++ [5624].file = "drivers/net/wireless/ath/ath9k/wmi.c", ++ [5624].name = "ath9k_wmi_cmd", ++ [5624].param4 = 1, + [56416].file = "drivers/misc/lkdtm.c", + [56416].name = "do_register_entry", + [56416].param4 = 1, -+ [56432].file = "drivers/mfd/aat2870-core.c", -+ [56432].name = "aat2870_reg_write_file", -+ [56432].param3 = 1, ++ [56458].file = "drivers/usb/host/hwa-hc.c", ++ [56458].name = "__hwahc_op_set_ptk", ++ [56458].param5 = 1, + [56471].file = "include/linux/slab.h", + [56471].name = "kcalloc", + [56471].param1 = 1, @@ -83982,42 +84304,60 @@ index 0000000..55a1292 + [56544].file = "drivers/block/drbd/drbd_receiver.c", + [56544].name = "receive_DataRequest", + [56544].param3 = 1, -+ [5661].file = "lib/dma-debug.c", -+ [5661].name = "filter_write", -+ [5661].param3 = 1, ++ [56652].file = "drivers/misc/altera-stapl/altera-jtag.c", ++ [56652].name = "altera_set_dr_post", ++ [56652].param2 = 1, ++ [56653].file = "net/irda/af_irda.c", ++ [56653].name = "irda_setsockopt", ++ [56653].param5 = 1, + [56672].file = "drivers/char/agp/generic.c", + [56672].name = "agp_alloc_page_array", + [56672].param1 = 1, ++ [56798].file = "fs/bio.c", ++ [56798].name = "bio_alloc_map_data", ++ [56798].param2 = 1, + [56843].file = "drivers/scsi/scsi_transport_iscsi.c", + [56843].name = "iscsi_recv_pdu", + [56843].param4 = 1, -+ [57120].file = "lib/kstrtox.c", -+ [57120].name = "kstrtouint_from_user", -+ [57120].param2 = 1, ++ [5699].file = "net/sctp/socket.c", ++ [5699].name = "sctp_setsockopt_default_send_param", ++ [5699].param3 = 1, ++ [5704].file = "drivers/mtd/mtdswap.c", ++ [5704].name = "mtdswap_init", ++ [5704].param2 = 1, + [57128].file = "drivers/pnp/pnpbios/proc.c", + [57128].name = "pnpbios_proc_write", + [57128].param3 = 1, + [57190].file = "drivers/char/agp/generic.c", + [57190].name = "agp_generic_alloc_user", + [57190].param1 = 1, ++ [57252].file = "drivers/media/dvb/dvb-core/dmxdev.c", ++ [57252].name = "dvb_dmxdev_set_buffer_size", ++ [57252].param2 = 1, ++ [57392].file = "drivers/block/aoe/aoecmd.c", ++ [57392].name = "new_skb", ++ [57392].param1 = 1, + [57471].file = "drivers/media/video/sn9c102/sn9c102_core.c", + [57471].name = "sn9c102_read", + [57471].param3 = 1, -+ [57605].file = "net/netlink/af_netlink.c", -+ [57605].name = "netlink_kernel_create", -+ [57605].param3 = 1, ++ [57547].file = "security/keys/encrypted-keys/encrypted.c", ++ [57547].name = "get_derived_key", ++ [57547].param4 = 1, ++ [57552].file = "net/sunrpc/cache.c", ++ [57552].name = "cache_slow_downcall", ++ [57552].param2 = 1, + [57670].file = "drivers/bluetooth/btmrvl_debugfs.c", + [57670].name = "btmrvl_pscmd_write", + [57670].param3 = 1, -+ [57675].file = "drivers/net/wireless/ath/ath9k/debug.c", -+ [57675].name = "write_file_regidx", -+ [57675].param3 = 1, ++ [57710].file = "include/linux/usb/wusb.h", ++ [57710].name = "wusb_prf_256", ++ [57710].param7 = 1, + [57724].file = "net/bluetooth/hci_sock.c", + [57724].name = "hci_sock_setsockopt", + [57724].param5 = 1, -+ [57748].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [57748].name = "iwl_dbgfs_missed_beacon_write", -+ [57748].param3 = 1, ++ [57761].file = "kernel/kexec.c", ++ [57761].name = "kimage_crash_alloc", ++ [57761].param3 = 1, + [57786].file = "net/ipv6/netfilter/ip6_tables.c", + [57786].name = "compat_do_ip6t_set_ctl", + [57786].param4 = 1, @@ -84027,49 +84367,37 @@ index 0000000..55a1292 + [57927].file = "fs/read_write.c", + [57927].name = "sys_preadv", + [57927].param3 = 1, ++ [58012].file = "include/net/bluetooth/bluetooth.h", ++ [58012].name = "bt_skb_alloc", ++ [58012].param1 = 1, + [58020].file = "drivers/firewire/core-cdev.c", + [58020].name = "fw_device_op_ioctl", + [58020].param2 = 1, + [58043].file = "kernel/auditfilter.c", + [58043].name = "audit_unpack_string", + [58043].param3 = 1, -+ [5805].file = "drivers/xen/grant-table.c", -+ [5805].name = "gnttab_alloc_grant_references", -+ [5805].param1 = 1, + [58087].file = "kernel/module.c", + [58087].name = "module_alloc_update_bounds_rw", + [58087].param1 = 1, -+ [58107].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [58107].name = "iwl_dbgfs_sleep_level_override_write", -+ [58107].param3 = 1, + [58124].file = "drivers/usb/misc/usbtest.c", + [58124].name = "ctrl_out", + [58124].param3 = 1, + [58124].param5 = 1, ++ [58217].file = "net/sctp/socket.c", ++ [58217].name = "sctp_setsockopt_peer_primary_addr", ++ [58217].param3 = 1, + [58263].file = "security/keys/keyring.c", + [58263].name = "keyring_read", + [58263].param3 = 1, -+ [58278].file = "drivers/net/wireless/iwlwifi/iwl-trans-pcie.c", -+ [58278].name = "iwl_dbgfs_log_event_write", -+ [58278].param3 = 1, + [5830].file = "drivers/gpu/vga/vga_switcheroo.c", + [5830].name = "vga_switcheroo_debugfs_write", + [5830].param3 = 1, -+ [58320].file = "drivers/scsi/scsi_proc.c", -+ [58320].name = "proc_scsi_write", -+ [58320].param3 = 1, + [58344].file = "net/sunrpc/cache.c", + [58344].name = "read_flush", + [58344].param3 = 1, -+ [58392].file = "fs/namei.c", -+ [58392].name = "getname_flags", -+ [58392].param1 = 1, -+ [58418].file = "kernel/module.c", -+ [58418].name = "sys_init_module", -+ [58418].param2 = 1, -+ [58502].file = "sound/core/sgbuf.c", -+ [58502].name = "snd_malloc_sgbuf_pages", -+ [58502].param2 = 1, ++ [58379].file = "mm/nobootmem.c", ++ [58379].name = "__alloc_bootmem_node", ++ [58379].param2 = 1, + [58597].file = "kernel/kfifo.c", + [58597].name = "__kfifo_to_user", + [58597].param3 = 1, @@ -84088,48 +84416,55 @@ index 0000000..55a1292 + [58826].file = "net/sunrpc/xprt.c", + [58826].name = "xprt_alloc", + [58826].param2 = 1, ++ [58865].file = "mm/slub.c", ++ [58865].name = "kmalloc_order_trace", ++ [58865].param1 = 1, + [58867].file = "drivers/platform/x86/asus_acpi.c", + [58867].name = "wled_proc_write", + [58867].param3 = 1, -+ [58878].file = "drivers/net/wireless/libertas/debugfs.c", -+ [58878].name = "lbs_wrbbp_write", -+ [58878].param3 = 1, + [58888].file = "fs/xattr.c", + [58888].name = "listxattr", + [58888].param3 = 1, ++ [58889].file = "kernel/trace/trace_kprobe.c", ++ [58889].name = "probes_write", ++ [58889].param3 = 1, + [58912].file = "drivers/lguest/core.c", + [58912].name = "__lgwrite", + [58912].param4 = 1, + [58918].file = "sound/core/pcm_native.c", + [58918].name = "snd_pcm_aio_write", + [58918].param3 = 1, -+ [58919].file = "net/netlabel/netlabel_unlabeled.c", -+ [58919].name = "netlbl_unlabel_init", -+ [58919].param1 = 1, + [58942].file = "drivers/block/aoe/aoedev.c", + [58942].name = "aoedev_flush", + [58942].param2 = 1, + [58958].file = "fs/fuse/control.c", + [58958].name = "fuse_conn_limit_write", + [58958].param3 = 1, -+ [58].file = "lib/kstrtox.c", -+ [58].name = "kstrtoull_from_user", -+ [58].param2 = 1, ++ [59005].file = "drivers/staging/sep/sep_driver.c", ++ [59005].name = "sep_prepare_input_dma_table", ++ [59005].param2 = 1, ++ [59005].param3 = 1, ++ [59013].file = "fs/xfs/xfs_ioctl.c", ++ [59013].name = "xfs_handle_to_dentry", ++ [59013].param3 = 1, + [59034].file = "drivers/acpi/acpica/dsobject.c", + [59034].name = "acpi_ds_build_internal_package_obj", + [59034].param3 = 1, + [59073].file = "drivers/staging/speakup/i18n.c", + [59073].name = "msg_set", + [59073].param3 = 1, -+ [59108].file = "drivers/net/wireless/ath/ath5k/debug.c", -+ [59108].name = "write_file_queue", -+ [59108].param3 = 1, ++ [59074].file = "drivers/scsi/cxgbi/libcxgbi.c", ++ [59074].name = "ddp_make_gl", ++ [59074].param1 = 1, + [59297].file = "drivers/media/dvb/ttpci/av7110_av.c", + [59297].name = "dvb_play", + [59297].param3 = 1, + [59472].file = "drivers/misc/ibmasm/ibmasmfs.c", + [59472].name = "command_file_write", + [59472].param3 = 1, ++ [59504].file = "fs/exofs/super.c", ++ [59504].name = "__alloc_dev_table", ++ [59504].param2 = 1, + [59505].file = "drivers/media/video/pvrusb2/pvrusb2-ioread.c", + [59505].name = "pvr2_ioread_read", + [59505].param3 = 1, @@ -84139,26 +84474,28 @@ index 0000000..55a1292 + [5968].file = "net/sunrpc/sched.c", + [5968].name = "rpc_malloc", + [5968].param2 = 1, -+ [59794].file = "mm/mincore.c", -+ [59794].name = "sys_mincore", -+ [59794].param1 = 1, -+ [59794].param2 = 1, ++ [59695].file = "net/ipv4/netfilter/ipt_ULOG.c", ++ [59695].name = "ulog_alloc_skb", ++ [59695].param1 = 1, + [59838].file = "net/netlink/af_netlink.c", + [59838].name = "nl_pid_hash_zalloc", + [59838].param1 = 1, + [59856].file = "drivers/base/devres.c", + [59856].name = "devm_kzalloc", + [59856].param2 = 1, ++ [59894].file = "net/bluetooth/mgmt.c", ++ [59894].name = "user_confirm_reply", ++ [59894].param4 = 1, + [59991].file = "drivers/media/video/uvc/uvc_queue.c", + [59991].name = "uvc_alloc_buffers", + [59991].param2 = 1, + [59991].param3 = 1, -+ [60005].file = "fs/namei.c", -+ [60005].name = "getname", -+ [60005].param1 = 1, + [60066].file = "mm/filemap.c", + [60066].name = "iov_iter_copy_from_user", + [60066].param4 = 1, ++ [60185].file = "kernel/params.c", ++ [60185].name = "kmalloc_parameter", ++ [60185].param1 = 1, + [60198].file = "fs/nfs/nfs4proc.c", + [60198].name = "nfs4_write_cached_acl", + [60198].param3 = 1, @@ -84168,12 +84505,6 @@ index 0000000..55a1292 + [6041].file = "drivers/mtd/mtdchar.c", + [6041].name = "mtd_write", + [6041].param3 = 1, -+ [60436].file = "drivers/net/macvtap.c", -+ [60436].name = "macvtap_sendmsg", -+ [60436].param4 = 1, -+ [60483].file = "drivers/char/virtio_console.c", -+ [60483].name = "fill_readbuf", -+ [60483].param3 = 1, + [604].file = "drivers/staging/rtl8712/usb_ops_linux.c", + [604].name = "r8712_usbctrl_vendorreq", + [604].param6 = 1, @@ -84189,33 +84520,27 @@ index 0000000..55a1292 + [60744].file = "sound/pci/emu10k1/emuproc.c", + [60744].name = "snd_emu10k1_fx8010_read", + [60744].param5 = 1, ++ [60777].file = "fs/ntfs/malloc.h", ++ [60777].name = "ntfs_malloc_nofs_nofail", ++ [60777].param1 = 1, + [60833].file = "drivers/block/aoe/aoenet.c", + [60833].name = "set_aoe_iflist", + [60833].param2 = 1, -+ [60878].file = "drivers/net/wireless/rt2x00/rt2x00debug.c", -+ [60878].name = "rt2x00debug_read_queue_dump", -+ [60878].param3 = 1, + [60882].file = "drivers/input/joydev.c", + [60882].name = "joydev_compat_ioctl", + [60882].param2 = 1, + [60891].file = "kernel/sched.c", + [60891].name = "sys_sched_setaffinity", + [60891].param2 = 1, -+ [60927].file = "drivers/net/wireless/ath/ath9k/debug.c", -+ [60927].name = "write_file_disable_ani", -+ [60927].param3 = 1, ++ [60920].file = "drivers/infiniband/hw/qib/qib_file_ops.c", ++ [60920].name = "qib_get_base_info", ++ [60920].param3 = 1, + [60928].file = "drivers/staging/bcm/Bcmchar.c", + [60928].name = "bcm_char_read", + [60928].param3 = 1, -+ [61058].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [61058].name = "iwl_dbgfs_disable_ht40_write", -+ [61058].param3 = 1, -+ [61120].file = "drivers/char/mem.c", -+ [61120].name = "read_mem", -+ [61120].param3 = 1, -+ [61222].file = "net/sunrpc/rpc_pipe.c", -+ [61222].name = "rpc_pipe_generic_upcall", -+ [61222].param4 = 1, ++ [61122].file = "drivers/base/devres.c", ++ [61122].name = "alloc_dr", ++ [61122].param2 = 1, + [61254].file = "drivers/scsi/scsi_devinfo.c", + [61254].name = "proc_scsi_devinfo_write", + [61254].param3 = 1, @@ -84228,79 +84553,98 @@ index 0000000..55a1292 + [61389].file = "include/linux/slab.h", + [61389].name = "kzalloc_node", + [61389].param1 = 1, -+ [61546].file = "mm/filemap.c", -+ [61546].name = "__iovec_copy_from_user_inatomic", -+ [61546].param3 = 1, -+ [61546].param4 = 1, ++ [61441].file = "fs/ntfs/file.c", ++ [61441].name = "ntfs_copy_from_user_iovec", ++ [61441].param3 = 1, ++ [61441].param6 = 1, + [61552].file = "drivers/input/evdev.c", + [61552].name = "str_to_user", + [61552].param2 = 1, + [61673].file = "security/keys/trusted.c", + [61673].name = "trusted_update", + [61673].param3 = 1, -+ [61676].file = "kernel/module.c", -+ [61676].name = "module_alloc_update_bounds_rx", -+ [61676].param1 = 1, ++ [61684].file = "drivers/net/ethernet/chelsio/cxgb3/cxgb3_offload.c", ++ [61684].name = "cxgb3_get_cpl_reply_skb", ++ [61684].param2 = 1, ++ [6173].file = "net/netlink/af_netlink.c", ++ [6173].name = "netlink_sendmsg", ++ [6173].param4 = 1, + [61770].file = "drivers/media/video/et61x251/et61x251_core.c", + [61770].name = "et61x251_read", + [61770].param3 = 1, -+ [6186].file = "drivers/char/mem.c", -+ [6186].name = "read_kmem", -+ [6186].param3 = 1, ++ [61772].file = "fs/exofs/ore_raid.c", ++ [61772].name = "_sp2d_alloc", ++ [61772].param1 = 1, ++ [61772].param2 = 1, ++ [61772].param3 = 1, ++ [61926].file = "drivers/media/dvb/ddbridge/ddbridge-core.c", ++ [61926].name = "ddb_input_read", ++ [61926].param3 = 1, + [61932].file = "drivers/message/fusion/mptctl.c", + [61932].name = "__mptctl_ioctl", + [61932].param2 = 1, + [62081].file = "drivers/net/irda/vlsi_ir.c", + [62081].name = "vlsi_alloc_ring", + [62081].param3 = 1, ++ [62081].param4 = 1, + [62116].file = "fs/libfs.c", + [62116].name = "simple_attr_read", + [62116].param3 = 1, -+ [6225].file = "drivers/block/floppy.c", -+ [6225].name = "fd_ioctl", -+ [6225].param3 = 1, ++ [6211].file = "drivers/net/ethernet/amd/pcnet32.c", ++ [6211].name = "pcnet32_realloc_tx_ring", ++ [6211].param3 = 1, + [62294].file = "sound/core/info.c", + [62294].name = "resize_info_buffer", + [62294].param2 = 1, -+ [62378].file = "net/ipv4/tcp.c", -+ [62378].name = "do_tcp_setsockopt", -+ [62378].param5 = 1, + [62387].file = "fs/nfs/idmap.c", + [62387].name = "nfs_idmap_lookup_id", + [62387].param2 = 1, -+ [62453].file = "fs/namei.c", -+ [62453].name = "user_path_create", -+ [62453].param2 = 1, ++ [62465].file = "drivers/misc/altera-stapl/altera-jtag.c", ++ [62465].name = "altera_set_dr_pre", ++ [62465].param2 = 1, + [62495].file = "drivers/block/floppy.c", + [62495].name = "fallback_on_nodma_alloc", + [62495].param2 = 1, + [62498].file = "fs/xattr.c", + [62498].name = "sys_listxattr", + [62498].param3 = 1, -+ [62583].file = "drivers/net/wireless/mwifiex/debugfs.c", -+ [62583].name = "mwifiex_regrdwr_write", -+ [62583].param3 = 1, + [625].file = "fs/read_write.c", + [625].name = "sys_pwritev", + [625].param3 = 1, ++ [62662].file = "drivers/message/fusion/mptctl.c", ++ [62662].name = "mptctl_getiocinfo", ++ [62662].param2 = 1, + [62669].file = "drivers/platform/x86/asus_acpi.c", + [62669].name = "tled_proc_write", + [62669].param3 = 1, + [62714].file = "security/keys/keyctl.c", + [62714].name = "keyctl_update_key", + [62714].param3 = 1, -+ [62799].file = "fs/proc/task_mmu.c", -+ [62799].name = "pagemap_read", -+ [62799].param3 = 1, -+ [62811].file = "drivers/usb/misc/legousbtower.c", -+ [62811].name = "tower_read", -+ [62811].param3 = 1, ++ [62760].file = "drivers/media/dvb/ttpci/av7110_av.c", ++ [62760].name = "play_iframe", ++ [62760].param3 = 1, + [62851].file = "fs/proc/vmcore.c", + [62851].name = "read_vmcore", + [62851].param3 = 1, ++ [62870].file = "fs/nfs/idmap.c", ++ [62870].name = "nfs_idmap_get_desc", ++ [62870].param2 = 1, ++ [62870].param4 = 1, ++ [62905].file = "net/caif/cfpkt_skbuff.c", ++ [62905].name = "cfpkt_create", ++ [62905].param1 = 1, ++ [62920].file = "drivers/net/wireless/b43/phy_n.c", ++ [62920].name = "b43_nphy_load_samples", ++ [62920].param3 = 1, + [62925].file = "include/rdma/ib_verbs.h", + [62925].name = "ib_copy_from_udata", + [62925].param3 = 1, ++ [62934].file = "drivers/net/wireless/wl1251/cmd.c", ++ [62934].name = "wl1251_cmd_template_set", ++ [62934].param4 = 1, ++ [62940].file = "drivers/scsi/libsrp.c", ++ [62940].name = "srp_ring_alloc", ++ [62940].param2 = 1, + [62967].file = "security/keys/encrypted-keys/encrypted.c", + [62967].name = "encrypted_update", + [62967].param3 = 1, @@ -84310,55 +84654,45 @@ index 0000000..55a1292 + [62999].file = "net/core/neighbour.c", + [62999].name = "neigh_hash_alloc", + [62999].param1 = 1, -+ [63004].file = "drivers/usb/storage/datafab.c", -+ [63004].name = "datafab_write_data", -+ [63004].param4 = 1, + [63007].file = "fs/proc/base.c", + [63007].name = "proc_coredump_filter_write", + [63007].param3 = 1, + [63010].file = "drivers/gpu/drm/ttm/ttm_page_alloc.c", + [63010].name = "ttm_page_pool_free", + [63010].param2 = 1, ++ [63045].file = "crypto/shash.c", ++ [63045].name = "shash_setkey_unaligned", ++ [63045].param3 = 1, ++ [63075].file = "kernel/relay.c", ++ [63075].name = "relay_alloc_page_array", ++ [63075].param1 = 1, + [63076].file = "fs/cifs/xattr.c", + [63076].name = "cifs_setxattr", + [63076].param4 = 1, + [63091].file = "drivers/net/usb/pegasus.c", + [63091].name = "get_registers", + [63091].param3 = 1, -+ [63169].file = "drivers/scsi/sg.c", -+ [63169].name = "sg_read", -+ [63169].param3 = 1, ++ [63246].file = "drivers/usb/storage/realtek_cr.c", ++ [63246].name = "rts51x_write_mem", ++ [63246].param4 = 1, + [6331].file = "drivers/atm/solos-pci.c", + [6331].name = "solos_param_store", + [6331].param4 = 1, + [63367].file = "net/netfilter/ipset/ip_set_core.c", + [63367].name = "ip_set_alloc", + [63367].param1 = 1, -+ [63473].file = "drivers/staging/pohmelfs/trans.c", -+ [63473].name = "netfs_trans_alloc", -+ [63473].param2 = 1, -+ [63473].param4 = 1, + [63489].file = "drivers/bluetooth/btmrvl_debugfs.c", + [63489].name = "btmrvl_hscfgcmd_write", + [63489].param3 = 1, + [63490].file = "crypto/shash.c", + [63490].name = "shash_compat_setkey", + [63490].param3 = 1, -+ [63583].file = "drivers/char/mem.c", -+ [63583].name = "write_kmem", -+ [63583].param3 = 1, + [63605].file = "mm/mempool.c", + [63605].name = "mempool_kmalloc", + [63605].param2 = 1, -+ [63717].file = "drivers/net/wireless/iwlwifi/iwl-trans-pcie.c", -+ [63717].name = "iwl_dbgfs_csr_write", -+ [63717].param3 = 1, -+ [63748].file = "drivers/staging/crystalhd/crystalhd_misc.c", -+ [63748].name = "crystalhd_map_dio", -+ [63748].param3 = 1, -+ [63765].file = "fs/seq_file.c", -+ [63765].name = "seq_read", -+ [63765].param3 = 1, ++ [63633].file = "drivers/bluetooth/btmrvl_sdio.c", ++ [63633].name = "btmrvl_sdio_host_to_card", ++ [63633].param3 = 1, + [63777].file = "drivers/virtio/virtio_ring.c", + [63777].name = "virtqueue_add_buf_gfp", + [63777].param3 = 1, @@ -84366,27 +84700,33 @@ index 0000000..55a1292 + [63961].file = "fs/xattr.c", + [63961].name = "sys_flistxattr", + [63961].param3 = 1, ++ [63964].file = "net/sctp/socket.c", ++ [63964].name = "sctp_setsockopt_maxseg", ++ [63964].param3 = 1, + [63988].file = "drivers/input/evdev.c", + [63988].name = "evdev_ioctl_compat", + [63988].param2 = 1, -+ [64118].file = "fs/namei.c", -+ [64118].name = "sys_symlinkat", -+ [64118].param1 = 1, -+ [64156].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c", -+ [64156].name = "ath6kl_mgmt_tx", -+ [64156].param9 = 1, ++ [64055].file = "drivers/media/dvb/ttpci/av7110_av.c", ++ [64055].name = "dvb_aplay", ++ [64055].param3 = 1, ++ [64226].file = "drivers/md/persistent-data/dm-space-map-checker.c", ++ [64226].name = "ca_extend", ++ [64226].param2 = 1, + [64227].file = "mm/nobootmem.c", + [64227].name = "__alloc_bootmem_node_nopanic", + [64227].param2 = 1, -+ [64312].file = "drivers/video/hecubafb.c", -+ [64312].name = "hecubafb_write", -+ [64312].param3 = 1, + [64351].file = "kernel/kfifo.c", + [64351].name = "kfifo_copy_from_user", + [64351].param3 = 1, + [64392].file = "drivers/mmc/core/mmc_ops.c", + [64392].name = "mmc_send_cxd_data", + [64392].param5 = 1, ++ [64423].file = "kernel/sched.c", ++ [64423].name = "get_user_cpu_mask", ++ [64423].param2 = 1, ++ [64432].file = "security/selinux/selinuxfs.c", ++ [64432].name = "sel_write_create", ++ [64432].param3 = 1, + [64471].file = "drivers/bluetooth/btmrvl_debugfs.c", + [64471].name = "btmrvl_hscmd_write", + [64471].param3 = 1, @@ -84405,16 +84745,18 @@ index 0000000..55a1292 + [64743].file = "fs/ocfs2/dlmfs/dlmfs.c", + [64743].name = "dlmfs_file_read", + [64743].param3 = 1, ++ [64771].file = "security/keys/encrypted-keys/encrypted.c", ++ [64771].name = "datablob_format", ++ [64771].param2 = 1, + [6477].file = "net/bluetooth/mgmt.c", + [6477].name = "mgmt_pending_add", + [6477].param5 = 1, -+ [64898].file = "drivers/media/video/videobuf-dma-sg.c", -+ [64898].name = "videobuf_dma_init_user", -+ [64898].param3 = 1, -+ [64898].param4 = 1, + [64906].file = "drivers/net/wireless/b43legacy/debugfs.c", + [64906].name = "b43legacy_debugfs_write", + [64906].param3 = 1, ++ [64913].file = "sound/core/oss/pcm_oss.c", ++ [64913].name = "snd_pcm_oss_write1", ++ [64913].param3 = 1, + [64961].file = "drivers/spi/spidev.c", + [64961].name = "spidev_ioctl", + [64961].param2 = 1, @@ -84424,9 +84766,6 @@ index 0000000..55a1292 + [65093].file = "security/integrity/evm/evm_secfs.c", + [65093].name = "evm_write_key", + [65093].param3 = 1, -+ [65098].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [65098].name = "iwl_dbgfs_traffic_log_write", -+ [65098].param3 = 1, + [6514].file = "mm/nobootmem.c", + [6514].name = "__alloc_bootmem_low", + [6514].param1 = 1, @@ -84436,27 +84775,24 @@ index 0000000..55a1292 + [6517].file = "drivers/md/dm-table.c", + [6517].name = "alloc_targets", + [6517].param2 = 1, -+ [65195].file = "fs/jffs2/xattr.c", -+ [65195].name = "do_jffs2_setxattr", -+ [65195].param5 = 1, ++ [65205].file = "drivers/input/evdev.c", ++ [65205].name = "handle_eviocgbit", ++ [65205].param3 = 1, + [65237].file = "kernel/profile.c", + [65237].name = "read_profile", + [65237].param3 = 1, ++ [65343].file = "kernel/trace/trace.c", ++ [65343].name = "tracing_clock_write", ++ [65343].param3 = 1, + [65345].file = "lib/xz/xz_dec_lzma2.c", + [65345].name = "xz_dec_lzma2_create", + [65345].param2 = 1, -+ [65364].file = "sound/core/pcm_lib.c", -+ [65364].name = "snd_pcm_lib_read_transfer", -+ [65364].param5 = 1, + [65409].file = "net/802/garp.c", + [65409].name = "garp_request_join", + [65409].param4 = 1, + [65432].file = "drivers/hid/hid-roccat-kone.c", + [65432].name = "kone_receive", + [65432].param4 = 1, -+ [65452].file = "drivers/message/fusion/mptctl.c", -+ [65452].name = "mptctl_ioctl", -+ [65452].param2 = 1, + [65514].file = "drivers/media/video/gspca/t613.c", + [65514].name = "reg_w_ixbuf", + [65514].param4 = 1, @@ -84475,21 +84811,6 @@ index 0000000..55a1292 + [6691].file = "drivers/acpi/proc.c", + [6691].name = "acpi_system_write_wakeup_device", + [6691].param3 = 1, -+ [6772].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [6772].name = "iwl_dbgfs_force_reset_write", -+ [6772].param3 = 1, -+ [6780].file = "sound/core/info.c", -+ [6780].name = "snd_info_entry_read", -+ [6780].param3 = 1, -+ [6800].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [6800].name = "iwl_legacy_dbgfs_missed_beacon_write", -+ [6800].param3 = 1, -+ [680].file = "drivers/misc/ibmasm/ibmasmfs.c", -+ [680].name = "command_file_read", -+ [680].param3 = 1, -+ [6865].file = "drivers/staging/iio/ring_sw.c", -+ [6865].name = "iio_read_first_n_sw_rb", -+ [6865].param2 = 1, + [6867].file = "fs/coda/psdev.c", + [6867].name = "coda_psdev_read", + [6867].param3 = 1, @@ -84508,64 +84829,86 @@ index 0000000..55a1292 + [7066].file = "security/keys/keyctl.c", + [7066].name = "keyctl_instantiate_key_common", + [7066].param4 = 1, ++ [7125].file = "include/net/nfc/nci_core.h", ++ [7125].name = "nci_skb_alloc", ++ [7125].param2 = 1, + [7129].file = "mm/maccess.c", + [7129].name = "__probe_kernel_read", + [7129].param3 = 1, ++ [7158].file = "kernel/trace/trace.c", ++ [7158].name = "tracing_read_pipe", ++ [7158].param3 = 1, + [720].file = "sound/pci/rme9652/hdsp.c", + [720].name = "snd_hdsp_playback_copy", + [720].param5 = 1, + [7411].file = "drivers/vhost/vhost.c", + [7411].name = "__vhost_add_used_n", + [7411].param3 = 1, ++ [7432].file = "net/bluetooth/mgmt.c", ++ [7432].name = "mgmt_event", ++ [7432].param4 = 1, + [7488].file = "security/keys/user_defined.c", + [7488].name = "user_read", + [7488].param3 = 1, + [7551].file = "drivers/input/touchscreen/ad7879-spi.c", + [7551].name = "ad7879_spi_xfer", + [7551].param3 = 1, ++ [7671].file = "mm/nobootmem.c", ++ [7671].name = "__alloc_bootmem_node_high", ++ [7671].param2 = 1, + [7676].file = "drivers/acpi/custom_method.c", + [7676].name = "cm_write", + [7676].param3 = 1, -+ [7832].file = "drivers/net/wireless/ath/ath5k/debug.c", -+ [7832].name = "write_file_antenna", -+ [7832].param3 = 1, ++ [7693].file = "net/sctp/socket.c", ++ [7693].name = "sctp_setsockopt_associnfo", ++ [7693].param3 = 1, ++ [7697].file = "security/selinux/selinuxfs.c", ++ [7697].name = "sel_write_access", ++ [7697].param3 = 1, + [7843].file = "fs/compat.c", + [7843].name = "compat_sys_readv", + [7843].param3 = 1, ++ [7924].file = "drivers/media/video/cx18/cx18-fileops.c", ++ [7924].name = "cx18_read_pos", ++ [7924].param3 = 1, + [7958].file = "drivers/gpu/vga/vgaarb.c", + [7958].name = "vga_arb_write", + [7958].param3 = 1, + [7976].file = "drivers/usb/gadget/rndis.c", + [7976].name = "rndis_add_response", + [7976].param2 = 1, ++ [7985].file = "net/mac80211/cfg.c", ++ [7985].name = "ieee80211_mgmt_tx", ++ [7985].param9 = 1, + [8014].file = "net/netfilter/ipset/ip_set_list_set.c", + [8014].name = "init_list_set", + [8014].param2 = 1, + [8014].param3 = 1, -+ [8087].file = "drivers/video/via/viafbdev.c", -+ [8087].name = "viafb_iga1_odev_proc_write", -+ [8087].param3 = 1, + [8126].file = "sound/soc/soc-core.c", + [8126].name = "codec_reg_read_file", + [8126].param3 = 1, -+ [8185].file = "drivers/net/wireless/ath/ath6kl/debug.c", -+ [8185].name = "ath6kl_regwrite_write", -+ [8185].param3 = 1, + [8317].file = "security/smack/smackfs.c", + [8317].name = "smk_write_ambient", + [8317].param3 = 1, + [8334].file = "drivers/scsi/sg.c", + [8334].name = "sg_proc_write_adio", + [8334].param3 = 1, -+ [8481].file = "drivers/isdn/i4l/isdn_common.c", -+ [8481].name = "isdn_write", -+ [8481].param3 = 1, -+ [8536].file = "fs/cifs/dns_resolve.c", -+ [8536].name = "dns_resolve_server_name_to_ip", -+ [8536].param1 = 1, ++ [8335].file = "drivers/media/dvb/dvb-core/dmxdev.c", ++ [8335].name = "dvb_dvr_set_buffer_size", ++ [8335].param2 = 1, ++ [8383].file = "kernel/module.c", ++ [8383].name = "copy_and_check", ++ [8383].param3 = 1, ++ [8411].file = "net/caif/cfpkt_skbuff.c", ++ [8411].name = "cfpkt_append", ++ [8411].param3 = 1, + [8650].file = "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c", + [8650].name = "vmw_kms_present", + [8650].param9 = 1, ++ [8654].file = "drivers/net/wireless/mwifiex/sdio.c", ++ [8654].name = "mwifiex_alloc_sdio_mpa_buffers", ++ [8654].param2 = 1, ++ [8654].param3 = 1, + [865].file = "drivers/base/regmap/regmap-debugfs.c", + [865].name = "regmap_access_read_file", + [865].param3 = 1, @@ -84578,9 +84921,6 @@ index 0000000..55a1292 + [8699].file = "security/selinux/selinuxfs.c", + [8699].name = "sel_commit_bools_write", + [8699].param3 = 1, -+ [8714].file = "lib/kstrtox.c", -+ [8714].name = "kstrtou16_from_user", -+ [8714].param2 = 1, + [8764].file = "drivers/usb/core/devio.c", + [8764].name = "usbdev_read", + [8764].param3 = 1, @@ -84603,22 +84943,35 @@ index 0000000..55a1292 + [8851].file = "net/key/af_key.c", + [8851].name = "pfkey_sendmsg", + [8851].param4 = 1, -+ [8917].file = "net/ipv4/raw.c", ++ [8917].file = "net/can/raw.c", + [8917].name = "raw_setsockopt", + [8917].param5 = 1, + [8983].file = "include/linux/skbuff.h", + [8983].name = "alloc_skb", + [8983].param1 = 1, ++ [9117].file = "drivers/base/regmap/regcache-rbtree.c", ++ [9117].name = "regcache_rbtree_insert_to_block", ++ [9117].param5 = 1, + [9226].file = "mm/migrate.c", + [9226].name = "sys_move_pages", + [9226].param2 = 1, ++ [9304].file = "kernel/auditfilter.c", ++ [9304].name = "audit_init_entry", ++ [9304].param1 = 1, ++ [9317].file = "drivers/usb/wusbcore/wa-nep.c", ++ [9317].name = "wa_nep_queue", ++ [9317].param2 = 1, + [9341].file = "drivers/acpi/apei/erst-dbg.c", + [9341].name = "erst_dbg_write", + [9341].param3 = 1, -+ [9463].file = "drivers/infiniband/hw/ipath/ipath_verbs.c", -+ [9463].name = "ipath_verbs_send", -+ [9463].param3 = 1, -+ [9463].param5 = 1, ++ [9386].file = "fs/exofs/ore.c", ++ [9386].name = "_ore_get_io_state", ++ [9386].param3 = 1, ++ [9386].param4 = 1, ++ [9386].param5 = 1, ++ [9538].file = "crypto/blkcipher.c", ++ [9538].name = "blkcipher_copy_iv", ++ [9538].param3 = 1, + [9546].file = "drivers/video/fbmem.c", + [9546].name = "fb_write", + [9546].param3 = 1, @@ -84644,69 +84997,66 @@ index 0000000..55a1292 + [9977].name = "zd_usb_iowrite16v_async", + [9977].param3 = 1, + [16344].collision = 1, -+ [30494].collision = 1, -+ [31291].collision = 1, ++ [307].collision = 1, ++ [31649].collision = 1, + [33040].collision = 1, -+ [38314].collision = 1, -+ [54338].collision = 1, ++ [45231].collision = 1, ++ [58320].collision = 1, + [60651].collision = 1, +}; diff --git a/tools/gcc/size_overflow_hash2.h b/tools/gcc/size_overflow_hash2.h new file mode 100644 -index 0000000..8ed7d96 +index 0000000..0450c62 --- /dev/null +++ b/tools/gcc/size_overflow_hash2.h -@@ -0,0 +1,44 @@ +@@ -0,0 +1,41 @@ +struct size_overflow_hash size_overflow_hash2[65536] = { -+ [2118].file = "fs/ntfs/malloc.h", -+ [2118].name = "ntfs_malloc_nofs", -+ [2118].param1 = 1, ++ [16721].file = "drivers/scsi/scsi_proc.c", ++ [16721].name = "proc_scsi_write", ++ [16721].param3 = 1, + [22224].file = "fs/proc/vmcore.c", + [22224].name = "read_from_oldmem", + [22224].param2 = 1, ++ [2344].file = "fs/ecryptfs/crypto.c", ++ [2344].name = "ecryptfs_decode_and_decrypt_filename", ++ [2344].param5 = 1, ++ [2515].file = "fs/ecryptfs/crypto.c", ++ [2515].name = "ecryptfs_copy_filename", ++ [2515].param4 = 1, + [26518].file = "drivers/gpu/vga/vgaarb.c", + [26518].name = "vga_arb_read", + [26518].param3 = 1, -+ [26569].file = "lib/kstrtox.c", -+ [26569].name = "kstrtoint_from_user", -+ [26569].param2 = 1, + [30632].file = "drivers/ide/ide-proc.c", + [30632].name = "ide_driver_proc_write", + [30632].param3 = 1, -+ [36150].file = "net/ceph/buffer.c", -+ [36150].name = "ceph_buffer_new", -+ [36150].param1 = 1, + [39024].file = "lib/scatterlist.c", + [39024].name = "sg_kmalloc", + [39024].param1 = 1, -+ [39105].file = "drivers/gpu/drm/ttm/ttm_tt.c", -+ [39105].name = "ttm_tt_create", -+ [39105].param2 = 1, -+ [43208].file = "fs/nfs/read.c", -+ [43208].name = "nfs_readdata_alloc", -+ [43208].param1 = 1, -+ [46911].file = "drivers/media/video/ivtv/ivtv-fileops.c", -+ [46911].name = "ivtv_v4l2_read", -+ [46911].param3 = 1, ++ [39392].file = "net/nfc/core.c", ++ [39392].name = "nfc_alloc_skb", ++ [39392].param1 = 1, + [50359].file = "kernel/sched.c", + [50359].name = "alloc_sched_domains", + [50359].param1 = 1, -+ [52857].file = "sound/pci/rme9652/rme9652.c", -+ [52857].name = "snd_rme9652_capture_copy", -+ [52857].param5 = 1, ++ [53262].file = "drivers/block/aoe/aoechr.c", ++ [53262].name = "revalidate", ++ [53262].param2 = 1, ++ [56432].file = "drivers/base/regmap/regmap-debugfs.c", ++ [56432].name = "regmap_map_read_file", ++ [56432].param3 = 1, + [57500].file = "drivers/spi/spidev.c", + [57500].name = "spidev_write", + [57500].param3 = 1, -+ [65149].file = "fs/nilfs2/ioctl.c", -+ [65149].name = "nilfs_ioctl_wrap_copy", -+ [65149].param4 = 1, ++ [8155].file = "drivers/hv/channel.c", ++ [8155].name = "vmbus_establish_gpadl", ++ [8155].param3 = 1, +}; diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c new file mode 100644 -index 0000000..a9ae886 +index 0000000..255439f --- /dev/null +++ b/tools/gcc/size_overflow_plugin.c -@@ -0,0 +1,1042 @@ +@@ -0,0 +1,1110 @@ +/* + * Copyright 2011, 2012 by Emese Revfy <re.emese@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 @@ -84739,6 +85089,7 @@ index 0000000..a9ae886 +#include "gimple.h" +#include "c-common.h" +#include "diagnostic.h" ++#include "cfgloop.h" + +struct size_overflow_hash { + const char *name; @@ -84767,7 +85118,7 @@ index 0000000..a9ae886 +int plugin_is_GPL_compatible; +void debug_gimple_stmt (gimple gs); + -+static tree expand(struct pointer_set_t *visited, tree var); ++static tree expand(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var); +static tree signed_size_overflow_type; +static tree unsigned_size_overflow_type; +static tree report_size_overflow_decl; @@ -84775,7 +85126,7 @@ index 0000000..a9ae886 +static unsigned int handle_function(void); + +static struct plugin_info size_overflow_plugin_info = { -+ .version = "20120311beta", ++ .version = "20120409beta", + .help = "no-size_overflow\tturn off size overflow checking\n", +}; + @@ -84872,9 +85223,19 @@ index 0000000..a9ae886 + return &size_overflow_hash1[hash]; +} + ++static void check_arg_type(tree var) ++{ ++ tree type = TREE_TYPE(var); ++ enum tree_code code = TREE_CODE(type); ++ ++ gcc_assert(code == INTEGER_TYPE || ++ (code == POINTER_TYPE && TREE_CODE(TREE_TYPE(type)) == VOID_TYPE) || ++ (code == POINTER_TYPE && TREE_CODE(TREE_TYPE(type)) == INTEGER_TYPE)); ++} ++ +static void check_missing_attribute(tree arg) +{ -+ tree var, func = get_original_function_decl(current_function_decl); ++ tree var, type, func = get_original_function_decl(current_function_decl); + const char *curfunc = NAME(func); + unsigned int new_hash, argnum = 1; + struct size_overflow_hash *hash; @@ -84882,6 +85243,11 @@ index 0000000..a9ae886 + expanded_location xloc; + bool match = false; + ++ type = TREE_TYPE(arg); ++ // skip function pointers ++ if (TREE_CODE(type) == POINTER_TYPE && TREE_CODE(TREE_TYPE(type)) == FUNCTION_TYPE) ++ return; ++ + loc = DECL_SOURCE_LOCATION(func); + xloc = expand_location(loc); + @@ -84902,6 +85268,8 @@ index 0000000..a9ae886 + argnum++; + continue; + } ++ check_arg_type(var); ++ + match = true; + if (!TYPE_UNSIGNED(TREE_TYPE(var))) + return; @@ -84956,6 +85324,13 @@ index 0000000..a9ae886 + return false; +} + ++static tree cast_a_tree(tree type, tree var) ++{ ++ gcc_assert(fold_convertible_p(type, var)); ++ ++ return fold_convert(type, var); ++} ++ +static gimple build_cast_stmt(tree type, tree var, tree new_var, location_t loc) +{ + gimple assign; @@ -84963,24 +85338,22 @@ index 0000000..a9ae886 + if (new_var == CREATE_NEW_VAR) + new_var = create_new_var(type); + -+ assign = gimple_build_assign(new_var, fold_convert(type, var)); ++ assign = gimple_build_assign(new_var, cast_a_tree(type, var)); + gimple_set_location(assign, loc); + gimple_set_lhs(assign, make_ssa_name(new_var, assign)); + + return assign; +} + -+static tree create_assign(struct pointer_set_t *visited, gimple oldstmt, tree rhs1, bool before) ++static tree create_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt, tree rhs1, bool before) +{ + tree oldstmt_rhs1; + enum tree_code code; + gimple stmt; + gimple_stmt_iterator gsi; + -+ if (is_bool(rhs1)) { -+ pointer_set_insert(visited, oldstmt); -+ return gimple_get_lhs(oldstmt); -+ } ++ if (!*potentionally_overflowed) ++ return NULL_TREE; + + if (rhs1 == NULL_TREE) { + debug_gimple_stmt(oldstmt); @@ -85004,19 +85377,22 @@ index 0000000..a9ae886 + return gimple_get_lhs(stmt); +} + -+static tree dup_assign(struct pointer_set_t *visited, gimple oldstmt, tree rhs1, tree rhs2, tree __unused rhs3) ++static tree dup_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt, tree rhs1, tree rhs2, tree __unused rhs3) +{ + tree new_var, lhs = gimple_get_lhs(oldstmt); + gimple stmt; + gimple_stmt_iterator gsi; + ++ if (!*potentionally_overflowed) ++ return NULL_TREE; ++ + if (gimple_num_ops(oldstmt) != 4 && rhs1 == NULL_TREE) { + rhs1 = gimple_assign_rhs1(oldstmt); -+ rhs1 = create_assign(visited, oldstmt, rhs1, BEFORE_STMT); ++ rhs1 = create_assign(visited, potentionally_overflowed, oldstmt, rhs1, BEFORE_STMT); + } + if (gimple_num_ops(oldstmt) == 3 && rhs2 == NULL_TREE) { + rhs2 = gimple_assign_rhs2(oldstmt); -+ rhs2 = create_assign(visited, oldstmt, rhs2, BEFORE_STMT); ++ rhs2 = create_assign(visited, potentionally_overflowed, oldstmt, rhs2, BEFORE_STMT); + } + + stmt = gimple_copy(oldstmt); @@ -85034,7 +85410,7 @@ index 0000000..a9ae886 + + if (rhs1 != NULL_TREE) { + if (!gimple_assign_cast_p(oldstmt)) -+ rhs1 = fold_convert(signed_size_overflow_type, rhs1); ++ rhs1 = cast_a_tree(signed_size_overflow_type, rhs1); + gimple_assign_set_rhs1(stmt, rhs1); + } + @@ -85061,8 +85437,12 @@ index 0000000..a9ae886 + gimple_stmt_iterator gsi = gsi_for_stmt(oldstmt); + + bb = gsi_bb(gsi); -+ phi = make_phi_node(var, EDGE_COUNT(bb->preds)); + ++ phi = create_phi_node(var, bb); ++ gsi = gsi_last(phi_nodes(bb)); ++ gsi_remove(&gsi, false); ++ ++ gsi = gsi_for_stmt(oldstmt); + gsi_insert_after(&gsi, phi, GSI_NEW_STMT); + gimple_set_bb(phi, bb); + return phi; @@ -85072,25 +85452,27 @@ index 0000000..a9ae886 +{ + gcc_assert(is_gimple_constant(node)); + -+ if (TYPE_PRECISION(signed_size_overflow_type) == TYPE_PRECISION(TREE_TYPE(node))) -+ return build_int_cst_wide(signed_size_overflow_type, TREE_INT_CST_LOW(node), TREE_INT_CST_HIGH(node)); -+ else -+ return build_int_cst(signed_size_overflow_type, int_cst_value(node)); ++ return cast_a_tree(signed_size_overflow_type, node); +} + -+static gimple cast_old_phi_arg(gimple oldstmt, tree arg, tree new_var) ++static gimple cast_old_phi_arg(gimple oldstmt, tree arg, tree new_var, unsigned int i) +{ -+ basic_block first_bb; -+ gimple newstmt; ++ basic_block bb; ++ gimple newstmt, def_stmt; + gimple_stmt_iterator gsi; + + newstmt = build_cast_stmt(signed_size_overflow_type, arg, new_var, gimple_location(oldstmt)); ++ if (TREE_CODE(arg) == SSA_NAME) { ++ def_stmt = get_def_stmt(arg); ++ if (gimple_code(def_stmt) != GIMPLE_NOP) { ++ gsi = gsi_for_stmt(def_stmt); ++ gsi_insert_after(&gsi, newstmt, GSI_NEW_STMT); ++ return newstmt; ++ } ++ } + -+ first_bb = split_block_after_labels(ENTRY_BLOCK_PTR)->dest; -+ if (dom_info_available_p(CDI_DOMINATORS)) -+ set_immediate_dominator(CDI_DOMINATORS, first_bb, ENTRY_BLOCK_PTR); -+ gsi = gsi_start_bb(first_bb); -+ ++ bb = gimple_phi_arg_edge(oldstmt, i)->src; ++ gsi = gsi_after_labels(bb); + gsi_insert_before(&gsi, newstmt, GSI_NEW_STMT); + return newstmt; +} @@ -85119,7 +85501,7 @@ index 0000000..a9ae886 + newstmt = gimple_copy(def_newstmt); + break; + default: -+ /* unknown gimple_code (build_new_phi_arg) */ ++ /* unknown gimple_code (handle_build_new_phi_arg) */ + gcc_unreachable(); + } + @@ -85128,56 +85510,73 @@ index 0000000..a9ae886 + return newstmt; +} + -+static tree build_new_phi_arg(struct pointer_set_t *visited, gimple oldstmt, tree arg, tree new_var) ++static tree build_new_phi_arg(struct pointer_set_t *visited, bool *potentionally_overflowed, tree arg, tree new_var) +{ + gimple newstmt; + tree new_rhs; + -+ if (is_gimple_constant(arg)) -+ return signed_cast_constant(arg); ++ new_rhs = expand(visited, potentionally_overflowed, arg); + -+ pointer_set_insert(visited, oldstmt); -+ new_rhs = expand(visited, arg); -+ if (new_rhs == NULL_TREE) { -+ gcc_assert(TREE_CODE(TREE_TYPE(arg)) != VOID_TYPE); -+ newstmt = cast_old_phi_arg(oldstmt, arg, new_var); -+ } else -+ newstmt = handle_new_phi_arg(arg, new_var, new_rhs); ++ if (new_rhs == NULL_TREE) ++ return NULL_TREE; ++ ++ newstmt = handle_new_phi_arg(arg, new_var, new_rhs); + update_stmt(newstmt); + return gimple_get_lhs(newstmt); +} + -+static tree build_new_phi(struct pointer_set_t *visited, gimple oldstmt) ++static tree build_new_phi(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt) +{ + gimple phi; + tree new_var = create_new_var(signed_size_overflow_type); + unsigned int i, n = gimple_phi_num_args(oldstmt); + ++ pointer_set_insert(visited, oldstmt); + phi = overflow_create_phi_node(oldstmt, new_var); -+ + for (i = 0; i < n; i++) { + tree arg, lhs; + + arg = gimple_phi_arg_def(oldstmt, i); -+ lhs = build_new_phi_arg(visited, oldstmt, arg, new_var); ++ if (is_gimple_constant(arg)) ++ arg = signed_cast_constant(arg); ++ lhs = build_new_phi_arg(visited, potentionally_overflowed, arg, new_var); ++ if (lhs == NULL_TREE) ++ lhs = gimple_get_lhs(cast_old_phi_arg(oldstmt, arg, new_var, i)); + add_phi_arg(phi, lhs, gimple_phi_arg_edge(oldstmt, i), gimple_location(oldstmt)); + } ++ + update_stmt(phi); + return gimple_phi_result(phi); +} + -+static tree handle_unary_ops(struct pointer_set_t *visited, tree var) ++static tree handle_unary_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) +{ + gimple def_stmt = get_def_stmt(var); + tree new_rhs1, rhs1 = gimple_assign_rhs1(def_stmt); + ++ *potentionally_overflowed = true; ++ new_rhs1 = expand(visited, potentionally_overflowed, rhs1); ++ if (new_rhs1 == NULL_TREE) { ++ if (TREE_CODE(TREE_TYPE(rhs1)) == POINTER_TYPE) ++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); ++ else ++ return create_assign(visited, potentionally_overflowed, def_stmt, rhs1, AFTER_STMT); ++ } ++ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, NULL_TREE, NULL_TREE); ++} ++ ++static tree handle_unary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) ++{ ++ gimple def_stmt = get_def_stmt(var); ++ tree rhs1 = gimple_assign_rhs1(def_stmt); ++ + if (is_gimple_constant(rhs1)) -+ return dup_assign(visited, def_stmt, signed_cast_constant(rhs1), NULL_TREE, NULL_TREE); ++ return dup_assign(visited, potentionally_overflowed, def_stmt, signed_cast_constant(rhs1), NULL_TREE, NULL_TREE); + + switch (TREE_CODE(rhs1)) { + case SSA_NAME: -+ new_rhs1 = expand(visited, rhs1); -+ break; ++ return handle_unary_rhs(visited, potentionally_overflowed, var); ++ + case ARRAY_REF: + case ADDR_EXPR: + case COMPONENT_REF: @@ -85189,89 +85588,189 @@ index 0000000..a9ae886 + case PARM_DECL: + case TARGET_MEM_REF: + case VAR_DECL: -+ return create_assign(visited, def_stmt, var, AFTER_STMT); ++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); ++ + default: + debug_gimple_stmt(def_stmt); + debug_tree(rhs1); + gcc_unreachable(); + } ++} + -+ if (new_rhs1 == NULL_TREE) -+ return create_assign(visited, def_stmt, rhs1, AFTER_STMT); -+ return dup_assign(visited, def_stmt, new_rhs1, NULL_TREE, NULL_TREE); ++static void insert_cond(basic_block cond_bb, tree arg, enum tree_code cond_code, tree type_value) ++{ ++ gimple cond_stmt; ++ gimple_stmt_iterator gsi = gsi_last_bb(cond_bb); ++ ++ cond_stmt = gimple_build_cond(cond_code, arg, type_value, NULL_TREE, NULL_TREE); ++ gsi_insert_after(&gsi, cond_stmt, GSI_CONTINUE_LINKING); ++ update_stmt(cond_stmt); +} + -+static tree transform_mult_overflow(tree rhs, tree const_rhs, tree log2const_rhs, location_t loc) ++static tree create_string_param(tree string) +{ -+ tree new_def_rhs; ++ tree array_ref = build4(ARRAY_REF, TREE_TYPE(string), string, integer_zero_node, NULL, NULL); + -+ if (!is_gimple_constant(rhs)) -+ return NULL_TREE; ++ return build1(ADDR_EXPR, ptr_type_node, array_ref); ++} + -+ new_def_rhs = fold_build2_loc(loc, MULT_EXPR, TREE_TYPE(const_rhs), rhs, const_rhs); -+ new_def_rhs = signed_cast_constant(new_def_rhs); -+ if (int_cst_value(new_def_rhs) >= 0) -+ return NULL_TREE; -+ return fold_build2_loc(loc, RSHIFT_EXPR, TREE_TYPE(new_def_rhs), new_def_rhs, log2const_rhs); ++static void insert_cond_result(basic_block bb_true, gimple stmt, tree arg) ++{ ++ gimple func_stmt, def_stmt; ++ tree current_func, loc_file, loc_line; ++ expanded_location xloc; ++ gimple_stmt_iterator gsi = gsi_start_bb(bb_true); ++ ++ def_stmt = get_def_stmt(arg); ++ xloc = expand_location(gimple_location(def_stmt)); ++ ++ if (!gimple_has_location(def_stmt)) { ++ xloc = expand_location(gimple_location(stmt)); ++ if (!gimple_has_location(stmt)) ++ xloc = expand_location(DECL_SOURCE_LOCATION(current_function_decl)); ++ } ++ ++ loc_line = build_int_cstu(unsigned_type_node, xloc.line); ++ ++ loc_file = build_string(strlen(xloc.file), xloc.file); ++ TREE_TYPE(loc_file) = char_array_type_node; ++ loc_file = create_string_param(loc_file); ++ ++ current_func = build_string(IDENTIFIER_LENGTH(DECL_NAME(current_function_decl)), NAME(current_function_decl)); ++ TREE_TYPE(current_func) = char_array_type_node; ++ current_func = create_string_param(current_func); ++ ++ // void report_size_overflow(const char *file, unsigned int line, const char *func) ++ func_stmt = gimple_build_call(report_size_overflow_decl, 3, loc_file, loc_line, current_func); ++ ++ gsi_insert_after(&gsi, func_stmt, GSI_CONTINUE_LINKING); +} + -+static tree handle_intentional_mult_overflow(struct pointer_set_t *visited, tree rhs, tree const_rhs) ++static void insert_check_size_overflow(gimple stmt, enum tree_code cond_code, tree arg, tree type_value) +{ -+ gimple new_def_stmt, def_stmt; -+ tree def_rhs1, def_rhs2, new_def_rhs; -+ location_t loc; -+ tree log2const_rhs; -+ int log2 = exact_log2(TREE_INT_CST_LOW(const_rhs)); ++ basic_block cond_bb, join_bb, bb_true; ++ edge e; ++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt); ++// location_t loc = gimple_location(stmt); + -+ if (log2 == -1) { -+// warning(0, "Possibly unhandled intentional integer truncation"); -+ return NULL_TREE; ++ cond_bb = gimple_bb(stmt); ++ gsi_prev(&gsi); ++ if (gsi_end_p(gsi)) ++ e = split_block_after_labels(cond_bb); ++ else ++ e = split_block(cond_bb, gsi_stmt(gsi)); ++ cond_bb = e->src; ++ join_bb = e->dest; ++ e->flags = EDGE_FALSE_VALUE; ++ e->probability = REG_BR_PROB_BASE; ++ ++ bb_true = create_empty_bb(cond_bb); ++ make_edge(cond_bb, bb_true, EDGE_TRUE_VALUE); ++ make_edge(cond_bb, join_bb, EDGE_FALSE_VALUE); ++ make_edge(bb_true, join_bb, EDGE_FALLTHRU); ++ ++ if (dom_info_available_p(CDI_DOMINATORS)) { ++ set_immediate_dominator(CDI_DOMINATORS, bb_true, cond_bb); ++ set_immediate_dominator(CDI_DOMINATORS, join_bb, cond_bb); + } + -+ def_stmt = get_def_stmt(rhs); -+ loc = gimple_location(def_stmt); -+ def_rhs1 = gimple_assign_rhs1(def_stmt); -+ def_rhs2 = gimple_assign_rhs2(def_stmt); -+ new_def_stmt = get_def_stmt(expand(visited, rhs)); -+ log2const_rhs = build_int_cstu(TREE_TYPE(const_rhs), log2); ++ if (current_loops != NULL) { ++ gcc_assert(cond_bb->loop_father == join_bb->loop_father); ++ add_bb_to_loop(bb_true, cond_bb->loop_father); ++ } ++ ++ insert_cond(cond_bb, arg, cond_code, type_value); ++ insert_cond_result(bb_true, stmt, arg); ++ ++// inform(loc, "Integer size_overflow check applied here."); ++} ++ ++static tree get_type_for_check(tree rhs) ++{ ++ tree def_rhs; ++ gimple def_stmt = get_def_stmt(rhs); ++ ++ if (!gimple_assign_cast_p(def_stmt)) ++ return TREE_TYPE(rhs); ++ def_rhs = gimple_assign_rhs1(def_stmt); ++ if (TREE_CODE(TREE_TYPE(def_rhs)) == INTEGER_TYPE) ++ return TREE_TYPE(def_rhs); ++ return TREE_TYPE(rhs); ++} ++ ++static gimple cast_to_unsigned_size_overflow_type(gimple stmt, tree cast_rhs) ++{ ++ gimple ucast_stmt; ++ gimple_stmt_iterator gsi; ++ location_t loc = gimple_location(stmt); ++ ++ ucast_stmt = build_cast_stmt(unsigned_size_overflow_type, cast_rhs, CREATE_NEW_VAR, loc); ++ gsi = gsi_for_stmt(stmt); ++ gsi_insert_before(&gsi, ucast_stmt, GSI_SAME_STMT); ++ return ucast_stmt; ++} + -+ new_def_rhs = transform_mult_overflow(def_rhs1, const_rhs, log2const_rhs, loc); -+ if (new_def_rhs != NULL_TREE) { -+ gimple_assign_set_rhs1(new_def_stmt, new_def_rhs); ++static void check_size_overflow(gimple stmt, tree cast_rhs, tree rhs, bool *potentionally_overflowed) ++{ ++ tree type_max, type_min, rhs_type; ++ gimple ucast_stmt; ++ ++ if (!*potentionally_overflowed) ++ return; ++ ++ rhs_type = get_type_for_check(rhs); ++ ++ if (TYPE_UNSIGNED(rhs_type)) { ++ ucast_stmt = cast_to_unsigned_size_overflow_type(stmt, cast_rhs); ++ type_max = cast_a_tree(unsigned_size_overflow_type, TYPE_MAX_VALUE(rhs_type)); ++ insert_check_size_overflow(stmt, GT_EXPR, gimple_get_lhs(ucast_stmt), type_max); + } else { -+ new_def_rhs = transform_mult_overflow(def_rhs2, const_rhs, log2const_rhs, loc); -+ if (new_def_rhs != NULL_TREE) -+ gimple_assign_set_rhs2(new_def_stmt, new_def_rhs); -+ } -+ if (new_def_rhs == NULL_TREE) -+ return NULL_TREE; ++ type_max = cast_a_tree(signed_size_overflow_type, TYPE_MAX_VALUE(rhs_type)); ++ insert_check_size_overflow(stmt, GT_EXPR, cast_rhs, type_max); + -+ update_stmt(new_def_stmt); -+// warning(0, "Handle integer truncation (gcc optimization)"); -+ return gimple_get_lhs(new_def_stmt); ++ type_min = cast_a_tree(signed_size_overflow_type, TYPE_MIN_VALUE(rhs_type)); ++ insert_check_size_overflow(stmt, LT_EXPR, cast_rhs, type_min); ++ } +} + -+static bool is_mult_overflow(gimple def_stmt, tree rhs1) ++static tree change_assign_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple stmt, tree orig_rhs) +{ -+ gimple rhs1_def_stmt = get_def_stmt(rhs1); ++ gimple assign; ++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt); ++ tree new_rhs, origtype = TREE_TYPE(orig_rhs); + -+ if (gimple_assign_rhs_code(def_stmt) != MULT_EXPR) -+ return false; -+ if (gimple_code(rhs1_def_stmt) != GIMPLE_ASSIGN) -+ return false; -+ if (gimple_assign_rhs_code(rhs1_def_stmt) != PLUS_EXPR) -+ return false; -+ return true; ++ gcc_assert(gimple_code(stmt) == GIMPLE_ASSIGN); ++ ++ new_rhs = expand(visited, potentionally_overflowed, orig_rhs); ++ if (new_rhs == NULL_TREE) ++ return NULL_TREE; ++ ++ assign = build_cast_stmt(origtype, new_rhs, CREATE_NEW_VAR, gimple_location(stmt)); ++ gsi_insert_before(&gsi, assign, GSI_SAME_STMT); ++ update_stmt(assign); ++ return gimple_get_lhs(assign); +} + -+static tree handle_intentional_overflow(struct pointer_set_t *visited, gimple def_stmt, tree rhs1, tree rhs2) ++static tree handle_const_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple def_stmt, tree var, tree rhs, tree new_rhs1, tree new_rhs2, void (*gimple_assign_set_rhs)(gimple, tree)) +{ -+ if (is_mult_overflow(def_stmt, rhs1)) -+ return handle_intentional_mult_overflow(visited, rhs1, rhs2); -+ return NULL_TREE; ++ tree new_rhs, cast_rhs; ++ ++ if (gimple_assign_rhs_code(def_stmt) == MIN_EXPR) ++ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, NULL_TREE); ++ ++ new_rhs = change_assign_rhs(visited, potentionally_overflowed, def_stmt, rhs); ++ if (new_rhs != NULL_TREE) { ++ gimple_assign_set_rhs(def_stmt, new_rhs); ++ update_stmt(def_stmt); ++ ++ cast_rhs = gimple_assign_rhs1(get_def_stmt(new_rhs)); ++ ++ check_size_overflow(def_stmt, cast_rhs, rhs, potentionally_overflowed); ++ } ++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); +} + -+static tree handle_binary_ops(struct pointer_set_t *visited, tree var) ++static tree handle_binary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) +{ + tree rhs1, rhs2; + gimple def_stmt = get_def_stmt(var); @@ -85294,55 +85793,53 @@ index 0000000..a9ae886 + case ROUND_MOD_EXPR: + case EXACT_DIV_EXPR: + case POINTER_PLUS_EXPR: -+ /* logical AND cannot cause an overflow */ -+ case BIT_AND_EXPR: -+ return create_assign(visited, def_stmt, var, AFTER_STMT); ++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); + default: + break; + } + -+ if (is_gimple_constant(rhs2)) { -+ new_rhs2 = signed_cast_constant(rhs2); -+ new_rhs1 = handle_intentional_overflow(visited, def_stmt, rhs1, rhs2); -+ } ++ *potentionally_overflowed = true; + -+ if (is_gimple_constant(rhs1)) { -+ new_rhs1 = signed_cast_constant(rhs1); -+ new_rhs2 = handle_intentional_overflow(visited, def_stmt, rhs2, rhs1); -+ } ++ if (TREE_CODE(rhs1) == SSA_NAME) ++ new_rhs1 = expand(visited, potentionally_overflowed, rhs1); ++ if (TREE_CODE(rhs2) == SSA_NAME) ++ new_rhs2 = expand(visited, potentionally_overflowed, rhs2); + -+ if (new_rhs1 == NULL_TREE && TREE_CODE(rhs1) == SSA_NAME) -+ new_rhs1 = expand(visited, rhs1); -+ if (new_rhs2 == NULL_TREE && TREE_CODE(rhs2) == SSA_NAME) -+ new_rhs2 = expand(visited, rhs2); ++ if (is_gimple_constant(rhs2)) ++ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs1, new_rhs1, signed_cast_constant(rhs2), &gimple_assign_set_rhs1); + -+ return dup_assign(visited, def_stmt, new_rhs1, new_rhs2, NULL_TREE); ++ if (is_gimple_constant(rhs1)) ++ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs2, signed_cast_constant(rhs1), new_rhs2, &gimple_assign_set_rhs2); ++ ++ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, NULL_TREE); +} + +#if BUILDING_GCC_VERSION >= 4007 -+static tree get_new_rhs(struct pointer_set_t *visited, tree rhs) ++static tree get_new_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, tree rhs) +{ + if (is_gimple_constant(rhs)) + return signed_cast_constant(rhs); + if (TREE_CODE(rhs) != SSA_NAME) + return NULL_TREE; -+ return expand(visited, rhs); ++ return expand(visited, potentionally_overflowed, rhs); +} + -+static tree handle_ternary_ops(struct pointer_set_t *visited, tree var) ++static tree handle_ternary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) +{ + tree rhs1, rhs2, rhs3, new_rhs1, new_rhs2, new_rhs3; + gimple def_stmt = get_def_stmt(var); + ++ *potentionally_overflowed = true; ++ + rhs1 = gimple_assign_rhs1(def_stmt); + rhs2 = gimple_assign_rhs2(def_stmt); + rhs3 = gimple_assign_rhs3(def_stmt); -+ new_rhs1 = get_new_rhs(visited, rhs1); -+ new_rhs2 = get_new_rhs(visited, rhs2); -+ new_rhs3 = get_new_rhs(visited, rhs3); ++ new_rhs1 = get_new_rhs(visited, potentionally_overflowed, rhs1); ++ new_rhs2 = get_new_rhs(visited, potentionally_overflowed, rhs2); ++ new_rhs3 = get_new_rhs(visited, potentionally_overflowed, rhs3); + + if (new_rhs1 == NULL_TREE && new_rhs2 != NULL_TREE && new_rhs3 != NULL_TREE) -+ return dup_assign(visited, def_stmt, new_rhs1, new_rhs2, new_rhs3); ++ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, new_rhs3); + error("handle_ternary_ops: unknown rhs"); + gcc_unreachable(); +} @@ -85389,9 +85886,10 @@ index 0000000..a9ae886 + } +} + -+static tree expand(struct pointer_set_t *visited, tree var) ++static tree expand(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) +{ + gimple def_stmt; ++ enum tree_code code = TREE_CODE(TREE_TYPE(var)); + + if (is_gimple_constant(var)) + return NULL_TREE; @@ -85399,8 +85897,14 @@ index 0000000..a9ae886 + if (TREE_CODE(var) == ADDR_EXPR) + return NULL_TREE; + -+ if (SSA_NAME_IS_DEFAULT_DEF(var)) ++ gcc_assert(code == INTEGER_TYPE || code == POINTER_TYPE || code == BOOLEAN_TYPE); ++ if (code != INTEGER_TYPE) ++ return NULL_TREE; ++ ++ if (SSA_NAME_IS_DEFAULT_DEF(var)) { ++ check_missing_attribute(var); + return NULL_TREE; ++ } + + def_stmt = get_def_stmt(var); + @@ -85415,20 +85919,19 @@ index 0000000..a9ae886 + check_missing_attribute(var); + return NULL_TREE; + case GIMPLE_PHI: -+ return build_new_phi(visited, def_stmt); ++ return build_new_phi(visited, potentionally_overflowed, def_stmt); + case GIMPLE_CALL: + case GIMPLE_ASM: -+ gcc_assert(TREE_CODE(TREE_TYPE(var)) != VOID_TYPE); -+ return create_assign(visited, def_stmt, var, AFTER_STMT); ++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); + case GIMPLE_ASSIGN: + switch (gimple_num_ops(def_stmt)) { + case 2: -+ return handle_unary_ops(visited, var); ++ return handle_unary_ops(visited, potentionally_overflowed, var); + case 3: -+ return handle_binary_ops(visited, var); ++ return handle_binary_ops(visited, potentionally_overflowed, var); +#if BUILDING_GCC_VERSION >= 4007 + case 4: -+ return handle_ternary_ops(visited, var); ++ return handle_ternary_ops(visited, potentionally_overflowed, var); +#endif + } + default: @@ -85438,13 +85941,12 @@ index 0000000..a9ae886 + } +} + -+static void change_function_arg(gimple func_stmt, tree origarg, unsigned int argnum, tree newarg) ++static void change_function_arg(gimple stmt, tree origarg, unsigned int argnum, tree newarg) +{ -+ gimple assign, stmt; -+ gimple_stmt_iterator gsi = gsi_for_stmt(func_stmt); ++ gimple assign; ++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt); + tree origtype = TREE_TYPE(origarg); + -+ stmt = gsi_stmt(gsi); + gcc_assert(gimple_code(stmt) == GIMPLE_CALL); + + assign = build_cast_stmt(origtype, newarg, CREATE_NEW_VAR, gimple_location(stmt)); @@ -85482,90 +85984,12 @@ index 0000000..a9ae886 + return NULL_TREE; +} + -+static void insert_cond(tree arg, basic_block cond_bb) -+{ -+ gimple cond_stmt; -+ gimple_stmt_iterator gsi = gsi_last_bb(cond_bb); -+ -+ cond_stmt = gimple_build_cond(GT_EXPR, arg, build_int_cstu(signed_size_overflow_type, 0x7fffffff), NULL_TREE, NULL_TREE); -+ gsi_insert_after(&gsi, cond_stmt, GSI_CONTINUE_LINKING); -+ update_stmt(cond_stmt); -+} -+ -+static tree create_string_param(tree string) -+{ -+ tree array_ref = build4(ARRAY_REF, TREE_TYPE(string), string, integer_zero_node, NULL, NULL); -+ -+ return build1(ADDR_EXPR, ptr_type_node, array_ref); -+} -+ -+static void insert_cond_result(basic_block bb_true, gimple stmt, tree arg) -+{ -+ gimple func_stmt, def_stmt; -+ tree current_func, loc_file, loc_line; -+ expanded_location xloc; -+ gimple_stmt_iterator gsi = gsi_start_bb(bb_true); -+ -+ def_stmt = get_def_stmt(arg); -+ xloc = expand_location(gimple_location(def_stmt)); -+ -+ if (!gimple_has_location(def_stmt)) { -+ xloc = expand_location(gimple_location(stmt)); -+ gcc_assert(gimple_has_location(stmt)); -+ } -+ -+ loc_line = build_int_cstu(unsigned_type_node, xloc.line); -+ -+ loc_file = build_string(strlen(xloc.file), xloc.file); -+ TREE_TYPE(loc_file) = char_array_type_node; -+ loc_file = create_string_param(loc_file); -+ -+ current_func = build_string(IDENTIFIER_LENGTH(DECL_NAME(current_function_decl)), NAME(current_function_decl)); -+ TREE_TYPE(current_func) = char_array_type_node; -+ current_func = create_string_param(current_func); -+ -+ // void report_size_overflow(const char *file, unsigned int line, const char *func) -+ func_stmt = gimple_build_call(report_size_overflow_decl, 3, loc_file, loc_line, current_func); -+ -+ gsi_insert_after(&gsi, func_stmt, GSI_CONTINUE_LINKING); -+} -+ -+static void insert_check_size_overflow(gimple stmt, tree arg) -+{ -+ basic_block cond_bb, join_bb, bb_true; -+ edge e; -+ gimple_stmt_iterator gsi = gsi_for_stmt(stmt); -+ -+ cond_bb = gimple_bb(stmt); -+ gsi_prev(&gsi); -+ if (gsi_end_p(gsi)) -+ e = split_block_after_labels(cond_bb); -+ else -+ e = split_block(cond_bb, gsi_stmt(gsi)); -+ cond_bb = e->src; -+ join_bb = e->dest; -+ e->flags = EDGE_FALSE_VALUE; -+ e->probability = REG_BR_PROB_BASE; -+ -+ bb_true = create_empty_bb(cond_bb); -+ make_edge(cond_bb, bb_true, EDGE_TRUE_VALUE); -+ -+ if (dom_info_available_p(CDI_DOMINATORS)) { -+ set_immediate_dominator(CDI_DOMINATORS, bb_true, cond_bb); -+ set_immediate_dominator(CDI_DOMINATORS, join_bb, cond_bb); -+ } -+ -+ insert_cond(arg, cond_bb); -+ insert_cond_result(bb_true, stmt, arg); -+} -+ +static void handle_function_arg(gimple stmt, tree fndecl, unsigned int argnum) +{ + struct pointer_set_t *visited; -+ tree arg, newarg; ++ tree arg, newarg, type_max; + gimple ucast_stmt; -+ gimple_stmt_iterator gsi; -+ location_t loc = gimple_location(stmt); ++ bool potentionally_overflowed; + + arg = get_function_arg(argnum, stmt, fndecl); + if (arg == NULL_TREE) @@ -85576,22 +86000,24 @@ index 0000000..a9ae886 + if (TREE_CODE(arg) != SSA_NAME) + return; + ++ check_arg_type(arg); ++ + set_size_overflow_type(arg); ++ + visited = pointer_set_create(); -+ newarg = expand(visited, arg); ++ potentionally_overflowed = false; ++ newarg = expand(visited, &potentionally_overflowed, arg); + pointer_set_destroy(visited); + -+ if (newarg == NULL_TREE) ++ if (newarg == NULL_TREE || !potentionally_overflowed) + return; + + change_function_arg(stmt, arg, argnum, newarg); + -+ ucast_stmt = build_cast_stmt(unsigned_size_overflow_type, newarg, CREATE_NEW_VAR, loc); -+ gsi = gsi_for_stmt(stmt); -+ gsi_insert_before(&gsi, ucast_stmt, GSI_SAME_STMT); ++ ucast_stmt = cast_to_unsigned_size_overflow_type(stmt, newarg); + -+ insert_check_size_overflow(stmt, gimple_get_lhs(ucast_stmt)); -+// inform(loc, "Integer size_overflow check applied here."); ++ type_max = build_int_cstu(unsigned_size_overflow_type, 0x7fffffff); ++ insert_check_size_overflow(stmt, GT_EXPR, gimple_get_lhs(ucast_stmt), type_max); +} + +static void handle_function_by_attribute(gimple stmt, tree attr, tree fndecl) @@ -85714,16 +86140,9 @@ index 0000000..a9ae886 + + struct register_pass_info size_overflow_pass_info = { + .pass = &size_overflow_pass.pass, -+ .reference_pass_name = "mudflap2", -+ .ref_pass_instance_number = 1, -+ .pos_op = PASS_POS_INSERT_BEFORE -+ }; -+ -+ struct register_pass_info dce_pass_info = { -+ .pass = &pass_dce.pass, -+ .reference_pass_name = "mudflap2", ++ .reference_pass_name = "ssa", + .ref_pass_instance_number = 1, -+ .pos_op = PASS_POS_INSERT_BEFORE ++ .pos_op = PASS_POS_INSERT_AFTER + }; + + if (!plugin_default_version_check(version, &gcc_version)) { @@ -85743,7 +86162,6 @@ index 0000000..a9ae886 + if (enable) { + register_callback ("start_unit", PLUGIN_START_UNIT, &start_unit_callback, NULL); + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &size_overflow_pass_info); -+ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &dce_pass_info); + } + register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes, NULL); + diff --git a/3.3.1/0000_README b/3.3.1/0000_README index 945f66f..40d542b 100644 --- a/3.3.1/0000_README +++ b/3.3.1/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.9-3.3.1-201204062021.patch +Patch: 4420_grsecurity-2.9-3.3.1-201204081847.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.3.1/4420_grsecurity-2.9-3.3.1-201204062021.patch b/3.3.1/4420_grsecurity-2.9-3.3.1-201204081847.patch index 2fad352..bcf0191 100644 --- a/3.3.1/4420_grsecurity-2.9-3.3.1-201204062021.patch +++ b/3.3.1/4420_grsecurity-2.9-3.3.1-201204081847.patch @@ -1,8 +1,12 @@ diff --git a/Documentation/dontdiff b/Documentation/dontdiff -index 0c083c5..9c2512a 100644 +index 0c083c5..bf13011 100644 --- a/Documentation/dontdiff +++ b/Documentation/dontdiff -@@ -5,6 +5,7 @@ +@@ -2,9 +2,11 @@ + *.aux + *.bin + *.bz2 ++*.c.[012]*.* *.cis *.cpio *.csp @@ -10,7 +14,7 @@ index 0c083c5..9c2512a 100644 *.dsp *.dvi *.elf -@@ -14,6 +15,7 @@ +@@ -14,6 +16,7 @@ *.gcov *.gen.S *.gif @@ -18,7 +22,7 @@ index 0c083c5..9c2512a 100644 *.grep *.grp *.gz -@@ -48,9 +50,11 @@ +@@ -48,9 +51,11 @@ *.tab.h *.tex *.ver @@ -30,7 +34,7 @@ index 0c083c5..9c2512a 100644 *_vga16.c *~ \#*# -@@ -69,6 +73,7 @@ Image +@@ -69,6 +74,7 @@ Image Module.markers Module.symvers PENDING @@ -38,7 +42,7 @@ index 0c083c5..9c2512a 100644 SCCS System.map* TAGS -@@ -92,19 +97,24 @@ bounds.h +@@ -92,19 +98,24 @@ bounds.h bsetup btfixupprep build @@ -63,7 +67,7 @@ index 0c083c5..9c2512a 100644 conmakehash consolemap_deftbl.c* cpustr.h -@@ -115,9 +125,11 @@ devlist.h* +@@ -115,9 +126,11 @@ devlist.h* dnotify_test docproc dslm @@ -75,7 +79,7 @@ index 0c083c5..9c2512a 100644 fixdep flask.h fore200e_mkfirm -@@ -125,12 +137,15 @@ fore200e_pca_fw.c* +@@ -125,12 +138,15 @@ fore200e_pca_fw.c* gconf gconf.glade.h gen-devlist @@ -91,7 +95,7 @@ index 0c083c5..9c2512a 100644 hpet_example hugepage-mmap hugepage-shm -@@ -145,7 +160,7 @@ int32.c +@@ -145,7 +161,7 @@ int32.c int4.c int8.c kallsyms @@ -100,7 +104,7 @@ index 0c083c5..9c2512a 100644 keywords.c ksym.c* ksym.h* -@@ -153,7 +168,7 @@ kxgettext +@@ -153,7 +169,7 @@ kxgettext lkc_defs.h lex.c lex.*.c @@ -109,7 +113,7 @@ index 0c083c5..9c2512a 100644 logo_*.c logo_*_clut224.c logo_*_mono.c -@@ -165,14 +180,15 @@ machtypes.h +@@ -165,14 +181,15 @@ machtypes.h map map_hugetlb maui_boot.h @@ -126,7 +130,7 @@ index 0c083c5..9c2512a 100644 mkprep mkregtable mktables -@@ -208,6 +224,7 @@ r300_reg_safe.h +@@ -208,6 +225,7 @@ r300_reg_safe.h r420_reg_safe.h r600_reg_safe.h recordmcount @@ -134,7 +138,7 @@ index 0c083c5..9c2512a 100644 relocs rlim_names.h rn50_reg_safe.h -@@ -218,6 +235,7 @@ setup +@@ -218,6 +236,7 @@ setup setup.bin setup.elf sImage @@ -142,7 +146,7 @@ index 0c083c5..9c2512a 100644 sm_tbl* split-include syscalltab.h -@@ -228,6 +246,7 @@ tftpboot.img +@@ -228,6 +247,7 @@ tftpboot.img timeconst.h times.h* trix_boot.h @@ -150,7 +154,7 @@ index 0c083c5..9c2512a 100644 utsrelease.h* vdso-syms.lds vdso.lds -@@ -245,7 +264,9 @@ vmlinux +@@ -245,7 +265,9 @@ vmlinux vmlinux-* vmlinux.aout vmlinux.bin.all @@ -160,7 +164,7 @@ index 0c083c5..9c2512a 100644 vmlinuz voffset.h vsyscall.lds -@@ -253,9 +274,11 @@ vsyscall_32.lds +@@ -253,9 +275,11 @@ vsyscall_32.lds wanxlfw.inc uImage unifdef @@ -191,7 +195,7 @@ index d99fd9c..8689fef 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 026a227..22ef9bc 100644 +index 026a227..990f035 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -217,7 +221,7 @@ index 026a227..22ef9bc 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -564,6 +565,50 @@ else +@@ -564,6 +565,53 @@ else KBUILD_CFLAGS += -O2 endif @@ -244,10 +248,13 @@ index 026a227..22ef9bc 100644 +endif +endif +COLORIZE_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/colorize_plugin.so ++ifdef CONFIG_PAX_SIZE_OVERFLOW ++SIZE_OVERFLOW_PLUGIN := -fplugin=$(objtree)/tools/gcc/size_overflow_plugin.so -DSIZE_OVERFLOW_PLUGIN ++endif +GCC_PLUGINS_CFLAGS := $(CONSTIFY_PLUGIN_CFLAGS) $(STACKLEAK_PLUGIN_CFLAGS) $(KALLOCSTAT_PLUGIN_CFLAGS) -+GCC_PLUGINS_CFLAGS += $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) $(COLORIZE_PLUGIN_CFLAGS) ++GCC_PLUGINS_CFLAGS += $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) $(COLORIZE_PLUGIN_CFLAGS) $(SIZE_OVERFLOW_PLUGIN) +GCC_PLUGINS_AFLAGS := $(KERNEXEC_PLUGIN_AFLAGS) -+export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN ++export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN SIZE_OVERFLOW_PLUGIN +ifeq ($(KBUILD_EXTMOD),) +gcc-plugins: + $(Q)$(MAKE) $(build)=tools/gcc @@ -268,7 +275,7 @@ index 026a227..22ef9bc 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifneq ($(CONFIG_FRAME_WARN),0) -@@ -708,7 +753,7 @@ export mod_strip_cmd +@@ -708,7 +756,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -277,7 +284,7 @@ index 026a227..22ef9bc 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -932,6 +977,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE +@@ -932,6 +980,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -286,7 +293,7 @@ index 026a227..22ef9bc 100644 $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -941,7 +988,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; +@@ -941,7 +991,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -295,7 +302,7 @@ index 026a227..22ef9bc 100644 $(Q)$(MAKE) $(build)=$@ # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -985,6 +1032,7 @@ prepare0: archprepare FORCE +@@ -985,6 +1035,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. # All the preparing.. @@ -303,7 +310,7 @@ index 026a227..22ef9bc 100644 prepare: prepare0 # Generate some files -@@ -1089,6 +1137,8 @@ all: modules +@@ -1089,6 +1140,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -312,7 +319,7 @@ index 026a227..22ef9bc 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1104,7 +1154,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -1104,7 +1157,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -321,7 +328,7 @@ index 026a227..22ef9bc 100644 # Target to install modules PHONY += modules_install -@@ -1201,6 +1251,7 @@ distclean: mrproper +@@ -1201,6 +1254,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -o -name '.*.rej' \ @@ -329,7 +336,7 @@ index 026a227..22ef9bc 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1361,6 +1412,8 @@ PHONY += $(module-dirs) modules +@@ -1361,6 +1415,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -338,7 +345,7 @@ index 026a227..22ef9bc 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1487,17 +1540,21 @@ else +@@ -1487,17 +1543,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -364,7 +371,7 @@ index 026a227..22ef9bc 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1507,11 +1564,15 @@ endif +@@ -1507,11 +1567,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -7888,6 +7895,19 @@ index be6d9e3..21fbbca 100644 ret +ENDPROC(aesni_ctr_enc) #endif +diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c +index 545d0ce..14841a6 100644 +--- a/arch/x86/crypto/aesni-intel_glue.c ++++ b/arch/x86/crypto/aesni-intel_glue.c +@@ -929,6 +929,8 @@ out_free_ablkcipher: + } + + static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key, ++ unsigned int key_len) __size_overflow(3); ++static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key, + unsigned int key_len) + { + int ret = 0; diff --git a/arch/x86/crypto/blowfish-x86_64-asm_64.S b/arch/x86/crypto/blowfish-x86_64-asm_64.S index 391d245..67f35c2 100644 --- a/arch/x86/crypto/blowfish-x86_64-asm_64.S @@ -10000,6 +10020,18 @@ index cc70c1c..d96d011 100644 +extern void machine_emergency_restart(void) __noreturn; #endif /* _ASM_X86_EMERGENCY_RESTART_H */ +diff --git a/arch/x86/include/asm/floppy.h b/arch/x86/include/asm/floppy.h +index dbe82a5..c6d8a00 100644 +--- a/arch/x86/include/asm/floppy.h ++++ b/arch/x86/include/asm/floppy.h +@@ -157,6 +157,7 @@ static unsigned long dma_mem_alloc(unsigned long size) + } + + ++static unsigned long vdma_mem_alloc(unsigned long size) __size_overflow(1); + static unsigned long vdma_mem_alloc(unsigned long size) + { + return (unsigned long)vmalloc(size); diff --git a/arch/x86/include/asm/futex.h b/arch/x86/include/asm/futex.h index d09bb03..4ea4194 100644 --- a/arch/x86/include/asm/futex.h @@ -10182,7 +10214,7 @@ index 5478825..839e88c 100644 #define flush_insn_slot(p) do { } while (0) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h -index 52d6640..a013b87 100644 +index 52d6640..3d2c938 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -663,7 +663,7 @@ struct kvm_x86_ops { @@ -10194,6 +10226,33 @@ index 52d6640..a013b87 100644 struct kvm_arch_async_pf { u32 token; +@@ -694,7 +694,7 @@ void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned int kvm_nr_mmu_pages); + int load_pdptrs(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, unsigned long cr3); + + int emulator_write_phys(struct kvm_vcpu *vcpu, gpa_t gpa, +- const void *val, int bytes); ++ const void *val, int bytes) __size_overflow(2); + u8 kvm_get_guest_memory_type(struct kvm_vcpu *vcpu, gfn_t gfn); + + extern bool tdp_enabled; +@@ -756,7 +756,7 @@ void kvm_get_cs_db_l_bits(struct kvm_vcpu *vcpu, int *db, int *l); + int kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr); + + int kvm_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata); +-int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data); ++int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data) __size_overflow(3); + + unsigned long kvm_get_rflags(struct kvm_vcpu *vcpu); + void kvm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags); +@@ -781,7 +781,7 @@ int fx_init(struct kvm_vcpu *vcpu); + + void kvm_mmu_flush_tlb(struct kvm_vcpu *vcpu); + void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa, +- const u8 *new, int bytes); ++ const u8 *new, int bytes) __size_overflow(2); + int kvm_mmu_unprotect_page(struct kvm *kvm, gfn_t gfn); + int kvm_mmu_unprotect_page_virt(struct kvm_vcpu *vcpu, gva_t gva); + void __kvm_mmu_free_some_pages(struct kvm_vcpu *vcpu); diff --git a/arch/x86/include/asm/local.h b/arch/x86/include/asm/local.h index 9cdae5d..300d20f 100644 --- a/arch/x86/include/asm/local.h @@ -11794,6 +11853,19 @@ index cb23852..2dde194 100644 asmlinkage long sys32_sysfs(int, u32, u32); asmlinkage long sys32_sched_rr_get_interval(compat_pid_t, +diff --git a/arch/x86/include/asm/syscalls.h b/arch/x86/include/asm/syscalls.h +index f1d8b44..a4de8b7 100644 +--- a/arch/x86/include/asm/syscalls.h ++++ b/arch/x86/include/asm/syscalls.h +@@ -30,7 +30,7 @@ long sys_clone(unsigned long, unsigned long, void __user *, + void __user *, struct pt_regs *); + + /* kernel/ldt.c */ +-asmlinkage int sys_modify_ldt(int, void __user *, unsigned long); ++asmlinkage int sys_modify_ldt(int, void __user *, unsigned long) __size_overflow(3); + + /* kernel/signal.c */ + long sys_rt_sigreturn(struct pt_regs *); diff --git a/arch/x86/include/asm/system.h b/arch/x86/include/asm/system.h index 2d2f01c..f985723 100644 --- a/arch/x86/include/asm/system.h @@ -12234,11 +12306,36 @@ index 8be5f54..7ae826d 100644 #ifdef CONFIG_X86_WP_WORKS_OK diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h -index 566e803..b9521e9 100644 +index 566e803..7183d0b 100644 --- a/arch/x86/include/asm/uaccess_32.h +++ b/arch/x86/include/asm/uaccess_32.h -@@ -43,6 +43,9 @@ unsigned long __must_check __copy_from_user_ll_nocache_nozero +@@ -11,15 +11,15 @@ + #include <asm/page.h> + + unsigned long __must_check __copy_to_user_ll +- (void __user *to, const void *from, unsigned long n); ++ (void __user *to, const void *from, unsigned long n) __size_overflow(3); + unsigned long __must_check __copy_from_user_ll +- (void *to, const void __user *from, unsigned long n); ++ (void *to, const void __user *from, unsigned long n) __size_overflow(3); + unsigned long __must_check __copy_from_user_ll_nozero +- (void *to, const void __user *from, unsigned long n); ++ (void *to, const void __user *from, unsigned long n) __size_overflow(3); + unsigned long __must_check __copy_from_user_ll_nocache +- (void *to, const void __user *from, unsigned long n); ++ (void *to, const void __user *from, unsigned long n) __size_overflow(3); + unsigned long __must_check __copy_from_user_ll_nocache_nozero +- (void *to, const void __user *from, unsigned long n); ++ (void *to, const void __user *from, unsigned long n) __size_overflow(3); + + /** + * __copy_to_user_inatomic: - Copy a block of data into user space, with less checking. +@@ -41,8 +41,13 @@ unsigned long __must_check __copy_from_user_ll_nocache_nozero + */ + static __always_inline unsigned long __must_check ++__copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) __size_overflow(3); ++static __always_inline unsigned long __must_check __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) { + if ((long)n < 0) @@ -12247,7 +12344,7 @@ index 566e803..b9521e9 100644 if (__builtin_constant_p(n)) { unsigned long ret; -@@ -61,6 +64,8 @@ __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) +@@ -61,6 +66,8 @@ __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) return ret; } } @@ -12256,7 +12353,12 @@ index 566e803..b9521e9 100644 return __copy_to_user_ll(to, from, n); } -@@ -82,12 +87,16 @@ static __always_inline unsigned long __must_check +@@ -79,15 +86,23 @@ __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) + * On success, this will be zero. + */ + static __always_inline unsigned long __must_check ++__copy_to_user(void __user *to, const void *from, unsigned long n) __size_overflow(3); ++static __always_inline unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n) { might_fault(); @@ -12265,6 +12367,8 @@ index 566e803..b9521e9 100644 } static __always_inline unsigned long ++__copy_from_user_inatomic(void *to, const void __user *from, unsigned long n) __size_overflow(3); ++static __always_inline unsigned long __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n) { + if ((long)n < 0) @@ -12273,7 +12377,12 @@ index 566e803..b9521e9 100644 /* Avoid zeroing the tail if the copy fails.. * If 'n' is constant and 1, 2, or 4, we do still zero on a failure, * but as the zeroing behaviour is only significant when n is not -@@ -137,6 +146,10 @@ static __always_inline unsigned long +@@ -134,9 +149,15 @@ __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n) + * for explanation of why this is needed. + */ + static __always_inline unsigned long ++__copy_from_user(void *to, const void __user *from, unsigned long n) __size_overflow(3); ++static __always_inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long n) { might_fault(); @@ -12284,7 +12393,7 @@ index 566e803..b9521e9 100644 if (__builtin_constant_p(n)) { unsigned long ret; -@@ -152,6 +165,8 @@ __copy_from_user(void *to, const void __user *from, unsigned long n) +@@ -152,13 +173,21 @@ __copy_from_user(void *to, const void __user *from, unsigned long n) return ret; } } @@ -12293,7 +12402,9 @@ index 566e803..b9521e9 100644 return __copy_from_user_ll(to, from, n); } -@@ -159,6 +174,10 @@ static __always_inline unsigned long __copy_from_user_nocache(void *to, + static __always_inline unsigned long __copy_from_user_nocache(void *to, ++ const void __user *from, unsigned long n) __size_overflow(3); ++static __always_inline unsigned long __copy_from_user_nocache(void *to, const void __user *from, unsigned long n) { might_fault(); @@ -12304,8 +12415,13 @@ index 566e803..b9521e9 100644 if (__builtin_constant_p(n)) { unsigned long ret; -@@ -181,15 +200,19 @@ static __always_inline unsigned long +@@ -179,17 +208,24 @@ static __always_inline unsigned long __copy_from_user_nocache(void *to, + + static __always_inline unsigned long __copy_from_user_inatomic_nocache(void *to, const void __user *from, ++ unsigned long n) __size_overflow(3); ++static __always_inline unsigned long ++__copy_from_user_inatomic_nocache(void *to, const void __user *from, unsigned long n) { - return __copy_from_user_ll_nocache_nozero(to, from, n); @@ -12331,7 +12447,7 @@ index 566e803..b9521e9 100644 extern void copy_from_user_overflow(void) #ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS -@@ -199,17 +222,61 @@ extern void copy_from_user_overflow(void) +@@ -199,17 +235,65 @@ extern void copy_from_user_overflow(void) #endif ; @@ -12352,6 +12468,8 @@ index 566e803..b9521e9 100644 + * On success, this will be zero. + */ +static inline unsigned long __must_check ++copy_to_user(void __user *to, const void *from, unsigned long n) __size_overflow(3); ++static inline unsigned long __must_check +copy_to_user(void __user *to, const void *from, unsigned long n) +{ + int sz = __compiletime_object_size(from); @@ -12380,6 +12498,8 @@ index 566e803..b9521e9 100644 + * data to the requested size using zero bytes. + */ +static inline unsigned long __must_check ++copy_from_user(void *to, const void __user *from, unsigned long n) __size_overflow(3); ++static inline unsigned long __must_check +copy_from_user(void *to, const void __user *from, unsigned long n) { int sz = __compiletime_object_size(to); @@ -12400,8 +12520,18 @@ index 566e803..b9521e9 100644 return n; } +@@ -235,7 +319,7 @@ long __must_check __strncpy_from_user(char *dst, + #define strlen_user(str) strnlen_user(str, LONG_MAX) + + long strnlen_user(const char __user *str, long n); +-unsigned long __must_check clear_user(void __user *mem, unsigned long len); +-unsigned long __must_check __clear_user(void __user *mem, unsigned long len); ++unsigned long __must_check clear_user(void __user *mem, unsigned long len) __size_overflow(2); ++unsigned long __must_check __clear_user(void __user *mem, unsigned long len) __size_overflow(2); + + #endif /* _ASM_X86_UACCESS_32_H */ diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h -index 1c66d30..e66922c 100644 +index 1c66d30..e294b5f 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -10,6 +10,9 @@ @@ -12414,23 +12544,25 @@ index 1c66d30..e66922c 100644 /* * Copy To/From Userspace -@@ -17,12 +20,12 @@ +@@ -17,12 +20,14 @@ /* Handles exceptions in both to and from, but doesn't do access_ok */ __must_check unsigned long -copy_user_generic_string(void *to, const void *from, unsigned len); -+copy_user_generic_string(void *to, const void *from, unsigned long len); ++copy_user_generic_string(void *to, const void *from, unsigned long len) __size_overflow(3); __must_check unsigned long -copy_user_generic_unrolled(void *to, const void *from, unsigned len); -+copy_user_generic_unrolled(void *to, const void *from, unsigned long len); ++copy_user_generic_unrolled(void *to, const void *from, unsigned long len) __size_overflow(3); static __always_inline __must_check unsigned long -copy_user_generic(void *to, const void *from, unsigned len) ++copy_user_generic(void *to, const void *from, unsigned long len) __size_overflow(3); ++static __always_inline __must_check unsigned long +copy_user_generic(void *to, const void *from, unsigned long len) { unsigned ret; -@@ -32,142 +35,226 @@ copy_user_generic(void *to, const void *from, unsigned len) +@@ -32,142 +37,237 @@ copy_user_generic(void *to, const void *from, unsigned len) ASM_OUTPUT2("=a" (ret), "=D" (to), "=S" (from), "=d" (len)), "1" (to), "2" (from), "3" (len) @@ -12440,19 +12572,22 @@ index 1c66d30..e66922c 100644 } +static __always_inline __must_check unsigned long -+__copy_to_user(void __user *to, const void *from, unsigned long len); ++__copy_to_user(void __user *to, const void *from, unsigned long len) __size_overflow(3); +static __always_inline __must_check unsigned long -+__copy_from_user(void *to, const void __user *from, unsigned long len); ++__copy_from_user(void *to, const void __user *from, unsigned long len) __size_overflow(3); __must_check unsigned long -_copy_to_user(void __user *to, const void *from, unsigned len); -__must_check unsigned long -_copy_from_user(void *to, const void __user *from, unsigned len); -__must_check unsigned long -copy_in_user(void __user *to, const void __user *from, unsigned len); -+copy_in_user(void __user *to, const void __user *from, unsigned long len); ++copy_in_user(void __user *to, const void __user *from, unsigned long len) __size_overflow(3); static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, ++ unsigned long n) __size_overflow(3); ++static inline unsigned long __must_check copy_from_user(void *to, ++ const void __user *from, unsigned long n) { - int sz = __compiletime_object_size(to); @@ -12477,6 +12612,8 @@ index 1c66d30..e66922c 100644 static __always_inline __must_check -int copy_to_user(void __user *dst, const void *src, unsigned size) ++int copy_to_user(void __user *dst, const void *src, unsigned long size) __size_overflow(3); ++static __always_inline __must_check +int copy_to_user(void __user *dst, const void *src, unsigned long size) { might_fault(); @@ -12489,6 +12626,8 @@ index 1c66d30..e66922c 100644 static __always_inline __must_check -int __copy_from_user(void *dst, const void __user *src, unsigned size) ++unsigned long __copy_from_user(void *dst, const void __user *src, unsigned long size) __size_overflow(3); ++static __always_inline __must_check +unsigned long __copy_from_user(void *dst, const void __user *src, unsigned long size) { - int ret = 0; @@ -12577,6 +12716,8 @@ index 1c66d30..e66922c 100644 static __always_inline __must_check -int __copy_to_user(void __user *dst, const void *src, unsigned size) ++unsigned long __copy_to_user(void __user *dst, const void *src, unsigned long size) __size_overflow(3); ++static __always_inline __must_check +unsigned long __copy_to_user(void __user *dst, const void *src, unsigned long size) { - int ret = 0; @@ -12665,6 +12806,8 @@ index 1c66d30..e66922c 100644 static __always_inline __must_check -int __copy_in_user(void __user *dst, const void __user *src, unsigned size) ++unsigned long __copy_in_user(void __user *dst, const void __user *src, unsigned long size) __size_overflow(3); ++static __always_inline __must_check +unsigned long __copy_in_user(void __user *dst, const void __user *src, unsigned long size) { - int ret = 0; @@ -12705,7 +12848,7 @@ index 1c66d30..e66922c 100644 ret, "b", "b", "=q", 1); if (likely(!ret)) __put_user_asm(tmp, (u8 __user *)dst, -@@ -176,7 +263,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -176,7 +276,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) } case 2: { u16 tmp; @@ -12714,7 +12857,7 @@ index 1c66d30..e66922c 100644 ret, "w", "w", "=r", 2); if (likely(!ret)) __put_user_asm(tmp, (u16 __user *)dst, -@@ -186,7 +273,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -186,7 +286,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) case 4: { u32 tmp; @@ -12723,7 +12866,7 @@ index 1c66d30..e66922c 100644 ret, "l", "k", "=r", 4); if (likely(!ret)) __put_user_asm(tmp, (u32 __user *)dst, -@@ -195,7 +282,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -195,7 +295,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) } case 8: { u64 tmp; @@ -12732,7 +12875,7 @@ index 1c66d30..e66922c 100644 ret, "q", "", "=r", 8); if (likely(!ret)) __put_user_asm(tmp, (u64 __user *)dst, -@@ -203,8 +290,16 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -203,8 +303,16 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) return ret; } default: @@ -12751,11 +12894,19 @@ index 1c66d30..e66922c 100644 } } -@@ -219,35 +314,72 @@ __must_check unsigned long clear_user(void __user *mem, unsigned long len); - __must_check unsigned long __clear_user(void __user *mem, unsigned long len); +@@ -215,39 +323,83 @@ __strncpy_from_user(char *dst, const char __user *src, long count); + __must_check long strnlen_user(const char __user *str, long n); + __must_check long __strnlen_user(const char __user *str, long n); + __must_check long strlen_user(const char __user *str); +-__must_check unsigned long clear_user(void __user *mem, unsigned long len); +-__must_check unsigned long __clear_user(void __user *mem, unsigned long len); ++__must_check unsigned long clear_user(void __user *mem, unsigned long len) __size_overflow(2); ++__must_check unsigned long __clear_user(void __user *mem, unsigned long len) __size_overflow(2); static __must_check __always_inline int -__copy_from_user_inatomic(void *dst, const void __user *src, unsigned size) ++__copy_from_user_inatomic(void *dst, const void __user *src, unsigned long size) __size_overflow(3); ++static __must_check __always_inline int +__copy_from_user_inatomic(void *dst, const void __user *src, unsigned long size) { - return copy_user_generic(dst, (__force const void *)src, size); @@ -12776,6 +12927,8 @@ index 1c66d30..e66922c 100644 -static __must_check __always_inline int -__copy_to_user_inatomic(void __user *dst, const void *src, unsigned size) +static __must_check __always_inline unsigned long ++__copy_to_user_inatomic(void __user *dst, const void *src, unsigned long size) __size_overflow(3); ++static __must_check __always_inline unsigned long +__copy_to_user_inatomic(void __user *dst, const void *src, unsigned long size) { - return copy_user_generic((__force void *)dst, src, size); @@ -12796,10 +12949,11 @@ index 1c66d30..e66922c 100644 -extern long __copy_user_nocache(void *dst, const void __user *src, - unsigned size, int zerorest); +extern unsigned long __copy_user_nocache(void *dst, const void __user *src, -+ unsigned long size, int zerorest); ++ unsigned long size, int zerorest) __size_overflow(3); -static inline int -__copy_from_user_nocache(void *dst, const void __user *src, unsigned size) ++static inline unsigned long __copy_from_user_nocache(void *dst, const void __user *src, unsigned long size) __size_overflow(3); +static inline unsigned long __copy_from_user_nocache(void *dst, const void __user *src, unsigned long size) { might_sleep(); @@ -12819,6 +12973,8 @@ index 1c66d30..e66922c 100644 -__copy_from_user_inatomic_nocache(void *dst, const void __user *src, - unsigned size) +static inline unsigned long __copy_from_user_inatomic_nocache(void *dst, const void __user *src, ++ unsigned long size) __size_overflow(3); ++static inline unsigned long __copy_from_user_inatomic_nocache(void *dst, const void __user *src, + unsigned long size) { + if (size > INT_MAX) @@ -12835,7 +12991,7 @@ index 1c66d30..e66922c 100644 -unsigned long -copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest); +extern unsigned long -+copy_user_handle_tail(char __user *to, char __user *from, unsigned long len, unsigned zerorest); ++copy_user_handle_tail(char __user *to, char __user *from, unsigned long len, unsigned zerorest) __size_overflow(3); #endif /* _ASM_X86_UACCESS_64_H */ diff --git a/arch/x86/include/asm/vdso.h b/arch/x86/include/asm/vdso.h @@ -13598,6 +13754,19 @@ index 3e6ff6c..54b4992 100644 load_idt(&idt_descr); } #endif +diff --git a/arch/x86/kernel/cpu/mcheck/mce-inject.c b/arch/x86/kernel/cpu/mcheck/mce-inject.c +index fc4beb3..f20a5a7 100644 +--- a/arch/x86/kernel/cpu/mcheck/mce-inject.c ++++ b/arch/x86/kernel/cpu/mcheck/mce-inject.c +@@ -199,6 +199,8 @@ static void raise_mce(struct mce *m) + + /* Error injection interface */ + static ssize_t mce_write(struct file *filp, const char __user *ubuf, ++ size_t usize, loff_t *off) __size_overflow(3); ++static ssize_t mce_write(struct file *filp, const char __user *ubuf, + size_t usize, loff_t *off) + { + struct mce m; diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c index 5a11ae2..a1a1c8a 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c @@ -13767,6 +13936,19 @@ index 54060f5..c1a7577 100644 /* Make sure the vector pointer is visible before we enable MCEs: */ wmb(); +diff --git a/arch/x86/kernel/cpu/mtrr/if.c b/arch/x86/kernel/cpu/mtrr/if.c +index 7928963..1b16001 100644 +--- a/arch/x86/kernel/cpu/mtrr/if.c ++++ b/arch/x86/kernel/cpu/mtrr/if.c +@@ -91,6 +91,8 @@ mtrr_file_del(unsigned long base, unsigned long size, + * "base=%Lx size=%Lx type=%s" or "disable=%d" + */ + static ssize_t ++mtrr_write(struct file *file, const char __user *buf, size_t len, loff_t * ppos) __size_overflow(3); ++static ssize_t + mtrr_write(struct file *file, const char __user *buf, size_t len, loff_t * ppos) + { + int i, err; diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c index 6b96110..0da73eb 100644 --- a/arch/x86/kernel/cpu/mtrr/main.c @@ -16823,6 +17005,79 @@ index 9c3bd4a..e1d9b35 100644 +#ifdef CONFIG_PAX_KERNEXEC +EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR); +#endif +diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c +index 739d859..d1d6be7 100644 +--- a/arch/x86/kernel/i387.c ++++ b/arch/x86/kernel/i387.c +@@ -188,6 +188,9 @@ int xfpregs_active(struct task_struct *target, const struct user_regset *regset) + + int xfpregs_get(struct task_struct *target, const struct user_regset *regset, + unsigned int pos, unsigned int count, ++ void *kbuf, void __user *ubuf) __size_overflow(4); ++int xfpregs_get(struct task_struct *target, const struct user_regset *regset, ++ unsigned int pos, unsigned int count, + void *kbuf, void __user *ubuf) + { + int ret; +@@ -207,6 +210,9 @@ int xfpregs_get(struct task_struct *target, const struct user_regset *regset, + + int xfpregs_set(struct task_struct *target, const struct user_regset *regset, + unsigned int pos, unsigned int count, ++ const void *kbuf, const void __user *ubuf) __size_overflow(4); ++int xfpregs_set(struct task_struct *target, const struct user_regset *regset, ++ unsigned int pos, unsigned int count, + const void *kbuf, const void __user *ubuf) + { + int ret; +@@ -240,6 +246,9 @@ int xfpregs_set(struct task_struct *target, const struct user_regset *regset, + + int xstateregs_get(struct task_struct *target, const struct user_regset *regset, + unsigned int pos, unsigned int count, ++ void *kbuf, void __user *ubuf) __size_overflow(4); ++int xstateregs_get(struct task_struct *target, const struct user_regset *regset, ++ unsigned int pos, unsigned int count, + void *kbuf, void __user *ubuf) + { + int ret; +@@ -269,6 +278,9 @@ int xstateregs_get(struct task_struct *target, const struct user_regset *regset, + + int xstateregs_set(struct task_struct *target, const struct user_regset *regset, + unsigned int pos, unsigned int count, ++ const void *kbuf, const void __user *ubuf) __size_overflow(4); ++int xstateregs_set(struct task_struct *target, const struct user_regset *regset, ++ unsigned int pos, unsigned int count, + const void *kbuf, const void __user *ubuf) + { + int ret; +@@ -439,6 +451,9 @@ static void convert_to_fxsr(struct task_struct *tsk, + + int fpregs_get(struct task_struct *target, const struct user_regset *regset, + unsigned int pos, unsigned int count, ++ void *kbuf, void __user *ubuf) __size_overflow(3,4); ++int fpregs_get(struct task_struct *target, const struct user_regset *regset, ++ unsigned int pos, unsigned int count, + void *kbuf, void __user *ubuf) + { + struct user_i387_ia32_struct env; +@@ -471,6 +486,9 @@ int fpregs_get(struct task_struct *target, const struct user_regset *regset, + + int fpregs_set(struct task_struct *target, const struct user_regset *regset, + unsigned int pos, unsigned int count, ++ const void *kbuf, const void __user *ubuf) __size_overflow(3,4); ++int fpregs_set(struct task_struct *target, const struct user_regset *regset, ++ unsigned int pos, unsigned int count, + const void *kbuf, const void __user *ubuf) + { + struct user_i387_ia32_struct env; +@@ -619,6 +637,8 @@ static inline int restore_i387_fsave(struct _fpstate_ia32 __user *buf) + } + + static int restore_i387_fxsave(struct _fpstate_ia32 __user *buf, ++ unsigned int size) __size_overflow(2); ++static int restore_i387_fxsave(struct _fpstate_ia32 __user *buf, + unsigned int size) + { + struct task_struct *tsk = current; diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c index 6104852..6114160 100644 --- a/arch/x86/kernel/i8259.c @@ -17289,7 +17544,7 @@ index 7da647d..56fe348 100644 insn_buf[0] = RELATIVEJUMP_OPCODE; diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c -index ea69726..604d066 100644 +index ea69726..a305f16 100644 --- a/arch/x86/kernel/ldt.c +++ b/arch/x86/kernel/ldt.c @@ -67,13 +67,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload) @@ -17342,7 +17597,23 @@ index ea69726..604d066 100644 return retval; } -@@ -230,6 +248,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) +@@ -141,6 +159,7 @@ void destroy_context(struct mm_struct *mm) + } + } + ++static int read_ldt(void __user *ptr, unsigned long bytecount) __size_overflow(2); + static int read_ldt(void __user *ptr, unsigned long bytecount) + { + int err; +@@ -175,6 +194,7 @@ error_return: + return err; + } + ++static int read_default_ldt(void __user *ptr, unsigned long bytecount) __size_overflow(2); + static int read_default_ldt(void __user *ptr, unsigned long bytecount) + { + /* CHECKME: Can we use _one_ random number ? */ +@@ -230,6 +250,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) } } @@ -17388,11 +17659,14 @@ index a3fa43b..8966f4c 100644 relocate_kernel_ptr = control_page; page_list[PA_CONTROL_PAGE] = __pa(control_page); diff --git a/arch/x86/kernel/microcode_intel.c b/arch/x86/kernel/microcode_intel.c -index 3ca42d0..7cff8cc 100644 +index 3ca42d0..79d24cd 100644 --- a/arch/x86/kernel/microcode_intel.c +++ b/arch/x86/kernel/microcode_intel.c -@@ -436,13 +436,13 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device) +@@ -434,15 +434,16 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device) + return ret; + } ++static int get_ucode_user(void *to, const void *from, size_t n) __size_overflow(3); static int get_ucode_user(void *to, const void *from, size_t n) { - return copy_from_user(to, from, n); @@ -17408,14 +17682,15 @@ index 3ca42d0..7cff8cc 100644 static void microcode_fini_cpu(int cpu) diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c -index 925179f..267ac7a 100644 +index 925179f..1f0d561 100644 --- a/arch/x86/kernel/module.c +++ b/arch/x86/kernel/module.c -@@ -36,15 +36,60 @@ +@@ -36,15 +36,61 @@ #define DEBUGP(fmt...) #endif -void *module_alloc(unsigned long size) ++static inline void *__module_alloc(unsigned long size, pgprot_t prot) __size_overflow(1); +static inline void *__module_alloc(unsigned long size, pgprot_t prot) { - if (PAGE_ALIGN(size) > MODULES_LEN) @@ -17475,7 +17750,7 @@ index 925179f..267ac7a 100644 #ifdef CONFIG_X86_32 int apply_relocate(Elf32_Shdr *sechdrs, const char *strtab, -@@ -55,14 +100,16 @@ int apply_relocate(Elf32_Shdr *sechdrs, +@@ -55,14 +101,16 @@ int apply_relocate(Elf32_Shdr *sechdrs, unsigned int i; Elf32_Rel *rel = (void *)sechdrs[relsec].sh_addr; Elf32_Sym *sym; @@ -17495,7 +17770,7 @@ index 925179f..267ac7a 100644 /* This is the symbol it is referring to. Note that all undefined symbols have been resolved. */ sym = (Elf32_Sym *)sechdrs[symindex].sh_addr -@@ -71,11 +118,15 @@ int apply_relocate(Elf32_Shdr *sechdrs, +@@ -71,11 +119,15 @@ int apply_relocate(Elf32_Shdr *sechdrs, switch (ELF32_R_TYPE(rel[i].r_info)) { case R_386_32: /* We add the value into the location given */ @@ -17513,7 +17788,7 @@ index 925179f..267ac7a 100644 break; default: printk(KERN_ERR "module %s: Unknown relocation: %u\n", -@@ -120,21 +171,30 @@ int apply_relocate_add(Elf64_Shdr *sechdrs, +@@ -120,21 +172,30 @@ int apply_relocate_add(Elf64_Shdr *sechdrs, case R_X86_64_NONE: break; case R_X86_64_64: @@ -18027,10 +18302,21 @@ index cfa5c90..4facd28 100644 ip = *(u64 *)(fp+8); if (!in_sched_functions(ip)) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c -index 5026738..9e6d6dc 100644 +index 5026738..e1b5aa8 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c -@@ -823,7 +823,7 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -792,6 +792,10 @@ static int ioperm_active(struct task_struct *target, + static int ioperm_get(struct task_struct *target, + const struct user_regset *regset, + unsigned int pos, unsigned int count, ++ void *kbuf, void __user *ubuf) __size_overflow(3,4); ++static int ioperm_get(struct task_struct *target, ++ const struct user_regset *regset, ++ unsigned int pos, unsigned int count, + void *kbuf, void __user *ubuf) + { + if (!target->thread.io_bitmap_ptr) +@@ -823,7 +827,7 @@ long arch_ptrace(struct task_struct *child, long request, unsigned long addr, unsigned long data) { int ret; @@ -18039,7 +18325,7 @@ index 5026738..9e6d6dc 100644 switch (request) { /* read the word at location addr in the USER area. */ -@@ -908,14 +908,14 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -908,14 +912,14 @@ long arch_ptrace(struct task_struct *child, long request, if ((int) addr < 0) return -EIO; ret = do_get_thread_area(child, addr, @@ -18056,7 +18342,7 @@ index 5026738..9e6d6dc 100644 break; #endif -@@ -1332,7 +1332,7 @@ static void fill_sigtrap_info(struct task_struct *tsk, +@@ -1332,7 +1336,7 @@ static void fill_sigtrap_info(struct task_struct *tsk, memset(info, 0, sizeof(*info)); info->si_signo = SIGTRAP; info->si_code = si_code; @@ -18303,7 +18589,7 @@ index d7d5099..28555d0 100644 bss_resource.start = virt_to_phys(&__bss_start); bss_resource.end = virt_to_phys(&__bss_stop)-1; diff --git a/arch/x86/kernel/setup_percpu.c b/arch/x86/kernel/setup_percpu.c -index 71f4727..16dc9f7 100644 +index 71f4727..217419b 100644 --- a/arch/x86/kernel/setup_percpu.c +++ b/arch/x86/kernel/setup_percpu.c @@ -21,19 +21,17 @@ @@ -18330,7 +18616,25 @@ index 71f4727..16dc9f7 100644 [0 ... NR_CPUS-1] = BOOT_PERCPU_OFFSET, }; EXPORT_SYMBOL(__per_cpu_offset); -@@ -155,10 +153,10 @@ static inline void setup_percpu_segment(int cpu) +@@ -96,6 +94,8 @@ static bool __init pcpu_need_numa(void) + * Pointer to the allocated area on success, NULL on failure. + */ + static void * __init pcpu_alloc_bootmem(unsigned int cpu, unsigned long size, ++ unsigned long align) __size_overflow(2); ++static void * __init pcpu_alloc_bootmem(unsigned int cpu, unsigned long size, + unsigned long align) + { + const unsigned long goal = __pa(MAX_DMA_ADDRESS); +@@ -124,6 +124,8 @@ static void * __init pcpu_alloc_bootmem(unsigned int cpu, unsigned long size, + /* + * Helpers for first chunk memory allocation + */ ++static void * __init pcpu_fc_alloc(unsigned int cpu, size_t size, size_t align) __size_overflow(2); ++ + static void * __init pcpu_fc_alloc(unsigned int cpu, size_t size, size_t align) + { + return pcpu_alloc_bootmem(cpu, size, align); +@@ -155,10 +157,10 @@ static inline void setup_percpu_segment(int cpu) { #ifdef CONFIG_X86_32 struct desc_struct gdt; @@ -18344,7 +18648,7 @@ index 71f4727..16dc9f7 100644 write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_PERCPU, &gdt, DESCTYPE_S); #endif -@@ -207,6 +205,11 @@ void __init setup_per_cpu_areas(void) +@@ -207,6 +209,11 @@ void __init setup_per_cpu_areas(void) /* alrighty, percpu areas up and running */ delta = (unsigned long)pcpu_base_addr - (unsigned long)__per_cpu_start; for_each_possible_cpu(cpu) { @@ -18356,7 +18660,7 @@ index 71f4727..16dc9f7 100644 per_cpu_offset(cpu) = delta + pcpu_unit_offsets[cpu]; per_cpu(this_cpu_off, cpu) = per_cpu_offset(cpu); per_cpu(cpu_number, cpu) = cpu; -@@ -247,6 +250,12 @@ void __init setup_per_cpu_areas(void) +@@ -247,6 +254,12 @@ void __init setup_per_cpu_areas(void) */ set_cpu_numa_node(cpu, early_cpu_to_node(cpu)); #endif @@ -19009,6 +19313,18 @@ index bcfec2d..8f88b4a 100644 set_tls_desc(p, idx, &info, 1); return 0; +diff --git a/arch/x86/kernel/tls.h b/arch/x86/kernel/tls.h +index 2f083a2..7d3fecc 100644 +--- a/arch/x86/kernel/tls.h ++++ b/arch/x86/kernel/tls.h +@@ -16,6 +16,6 @@ + + extern user_regset_active_fn regset_tls_active; + extern user_regset_get_fn regset_tls_get; +-extern user_regset_set_fn regset_tls_set; ++extern user_regset_set_fn regset_tls_set __size_overflow(4); + + #endif /* _ARCH_X86_KERNEL_TLS_H */ diff --git a/arch/x86/kernel/trampoline_32.S b/arch/x86/kernel/trampoline_32.S index 451c0a7..e57f551 100644 --- a/arch/x86/kernel/trampoline_32.S @@ -19216,7 +19532,7 @@ index b9242ba..50c5edd 100644 * verify_cpu, returns the status of longmode and SSE in register %eax. * 0: Success 1: Failure diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c -index 328cb37..56556b4 100644 +index 328cb37..f37fee1 100644 --- a/arch/x86/kernel/vm86_32.c +++ b/arch/x86/kernel/vm86_32.c @@ -41,6 +41,7 @@ @@ -19227,7 +19543,17 @@ index 328cb37..56556b4 100644 #include <asm/uaccess.h> #include <asm/io.h> -@@ -148,7 +149,7 @@ struct pt_regs *save_v86_state(struct kernel_vm86_regs *regs) +@@ -109,6 +110,9 @@ static int copy_vm86_regs_to_user(struct vm86_regs __user *user, + /* convert vm86_regs to kernel_vm86_regs */ + static int copy_vm86_regs_from_user(struct kernel_vm86_regs *regs, + const struct vm86_regs __user *user, ++ unsigned extra) __size_overflow(3); ++static int copy_vm86_regs_from_user(struct kernel_vm86_regs *regs, ++ const struct vm86_regs __user *user, + unsigned extra) + { + int ret = 0; +@@ -148,7 +152,7 @@ struct pt_regs *save_v86_state(struct kernel_vm86_regs *regs) do_exit(SIGSEGV); } @@ -19236,7 +19562,7 @@ index 328cb37..56556b4 100644 current->thread.sp0 = current->thread.saved_sp0; current->thread.sysenter_cs = __KERNEL_CS; load_sp0(tss, ¤t->thread); -@@ -210,6 +211,13 @@ int sys_vm86old(struct vm86_struct __user *v86, struct pt_regs *regs) +@@ -210,6 +214,13 @@ int sys_vm86old(struct vm86_struct __user *v86, struct pt_regs *regs) struct task_struct *tsk; int tmp, ret = -EPERM; @@ -19250,7 +19576,7 @@ index 328cb37..56556b4 100644 tsk = current; if (tsk->thread.saved_sp0) goto out; -@@ -240,6 +248,14 @@ int sys_vm86(unsigned long cmd, unsigned long arg, struct pt_regs *regs) +@@ -240,6 +251,14 @@ int sys_vm86(unsigned long cmd, unsigned long arg, struct pt_regs *regs) int tmp, ret; struct vm86plus_struct __user *v86; @@ -19265,7 +19591,7 @@ index 328cb37..56556b4 100644 tsk = current; switch (cmd) { case VM86_REQUEST_IRQ: -@@ -326,7 +342,7 @@ static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk +@@ -326,7 +345,7 @@ static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk tsk->thread.saved_fs = info->regs32->fs; tsk->thread.saved_gs = get_user_gs(info->regs32); @@ -19274,7 +19600,7 @@ index 328cb37..56556b4 100644 tsk->thread.sp0 = (unsigned long) &info->VM86_TSS_ESP0; if (cpu_has_sep) tsk->thread.sysenter_cs = 0; -@@ -533,7 +549,7 @@ static void do_int(struct kernel_vm86_regs *regs, int i, +@@ -533,7 +552,7 @@ static void do_int(struct kernel_vm86_regs *regs, int i, goto cannot_handle; if (i == 0x21 && is_revectored(AH(regs), &KVM86->int21_revectored)) goto cannot_handle; @@ -19750,10 +20076,18 @@ index 1561028..0ed7f14 100644 goto error; diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index e385214..f8df033 100644 +index e385214..029e9dd 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c -@@ -3420,7 +3420,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) +@@ -3051,6 +3051,7 @@ static int svm_set_vm_cr(struct kvm_vcpu *vcpu, u64 data) + return 0; + } + ++static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data) __size_overflow(3); + static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data) + { + struct vcpu_svm *svm = to_svm(vcpu); +@@ -3420,7 +3421,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) int cpu = raw_smp_processor_id(); struct svm_cpu_data *sd = per_cpu(svm_data, cpu); @@ -19765,7 +20099,7 @@ index e385214..f8df033 100644 load_TR_desc(); } -@@ -3798,6 +3802,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) +@@ -3798,6 +3803,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) #endif #endif @@ -19777,7 +20111,7 @@ index e385214..f8df033 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 3b4c8d8..f457b63 100644 +index 3b4c8d8..4ae0af6 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1306,7 +1306,11 @@ static void reload_tss(void) @@ -19792,7 +20126,15 @@ index 3b4c8d8..f457b63 100644 load_TR_desc(); } -@@ -2631,8 +2635,11 @@ static __init int hardware_setup(void) +@@ -2162,6 +2166,7 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata) + * Returns 0 on success, non-0 otherwise. + * Assumes vcpu_load() was already called. + */ ++static int vmx_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data) __size_overflow(3); + static int vmx_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data) + { + struct vcpu_vmx *vmx = to_vmx(vcpu); +@@ -2631,8 +2636,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; @@ -19806,7 +20148,7 @@ index 3b4c8d8..f457b63 100644 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -3648,7 +3655,7 @@ static void vmx_set_constant_host_state(void) +@@ -3648,7 +3656,7 @@ static void vmx_set_constant_host_state(void) vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ asm("mov $.Lkvm_vmx_return, %0" : "=r"(tmpl)); @@ -19815,7 +20157,7 @@ index 3b4c8d8..f457b63 100644 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -6184,6 +6191,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6184,6 +6192,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp .Lkvm_vmx_return \n\t" ".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t" ".Lkvm_vmx_return: " @@ -19828,7 +20170,7 @@ index 3b4c8d8..f457b63 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%"R"sp) \n\t" "pop %0 \n\t" -@@ -6232,6 +6245,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6232,6 +6246,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -19840,7 +20182,7 @@ index 3b4c8d8..f457b63 100644 : "cc", "memory" , R"ax", R"bx", R"di", R"si" #ifdef CONFIG_X86_64 -@@ -6260,7 +6278,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6260,7 +6279,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) } } @@ -19859,10 +20201,23 @@ index 3b4c8d8..f457b63 100644 vmx->exit_reason = vmcs_read32(VM_EXIT_REASON); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 9cbfc06..7ddc9fa 100644 +index 9cbfc06..943ffa6 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c -@@ -1311,8 +1311,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) +@@ -873,6 +873,7 @@ static int do_set_msr(struct kvm_vcpu *vcpu, unsigned index, u64 *data) + return kvm_set_msr(vcpu, index, *data); + } + ++static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock) __size_overflow(2); + static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock) + { + int version; +@@ -1307,12 +1308,13 @@ static int set_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 data) + return 0; + } + ++static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) __size_overflow(2); + static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) { struct kvm *kvm = vcpu->kvm; int lm = is_long_mode(vcpu); @@ -19873,7 +20228,7 @@ index 9cbfc06..7ddc9fa 100644 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 : kvm->arch.xen_hvm_config.blob_size_32; u32 page_num = data & ~PAGE_MASK; -@@ -2145,6 +2145,8 @@ long kvm_arch_dev_ioctl(struct file *filp, +@@ -2145,6 +2147,8 @@ long kvm_arch_dev_ioctl(struct file *filp, if (n < msr_list.nmsrs) goto out; r = -EFAULT; @@ -19882,7 +20237,7 @@ index 9cbfc06..7ddc9fa 100644 if (copy_to_user(user_msr_list->indices, &msrs_to_save, num_msrs_to_save * sizeof(u32))) goto out; -@@ -2266,7 +2268,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, +@@ -2266,7 +2270,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu, struct kvm_interrupt *irq) { @@ -19891,7 +20246,67 @@ index 9cbfc06..7ddc9fa 100644 return -EINVAL; if (irqchip_in_kernel(vcpu->kvm)) return -ENXIO; -@@ -4780,7 +4782,7 @@ static void kvm_set_mmio_spte_mask(void) +@@ -3497,6 +3501,9 @@ gpa_t kvm_mmu_gva_to_gpa_system(struct kvm_vcpu *vcpu, gva_t gva, + + static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned int bytes, + struct kvm_vcpu *vcpu, u32 access, ++ struct x86_exception *exception) __size_overflow(1,3); ++static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned int bytes, ++ struct kvm_vcpu *vcpu, u32 access, + struct x86_exception *exception) + { + void *data = val; +@@ -3528,6 +3535,9 @@ out: + /* used for instruction fetching */ + static int kvm_fetch_guest_virt(struct x86_emulate_ctxt *ctxt, + gva_t addr, void *val, unsigned int bytes, ++ struct x86_exception *exception) __size_overflow(2,4); ++static int kvm_fetch_guest_virt(struct x86_emulate_ctxt *ctxt, ++ gva_t addr, void *val, unsigned int bytes, + struct x86_exception *exception) + { + struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt); +@@ -3552,6 +3562,9 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_virt); + + static int kvm_read_guest_virt_system(struct x86_emulate_ctxt *ctxt, + gva_t addr, void *val, unsigned int bytes, ++ struct x86_exception *exception) __size_overflow(2,4); ++static int kvm_read_guest_virt_system(struct x86_emulate_ctxt *ctxt, ++ gva_t addr, void *val, unsigned int bytes, + struct x86_exception *exception) + { + struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt); +@@ -3665,12 +3678,16 @@ static int read_prepare(struct kvm_vcpu *vcpu, void *val, int bytes) + } + + static int read_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, ++ void *val, int bytes) __size_overflow(2); ++static int read_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, + void *val, int bytes) + { + return !kvm_read_guest(vcpu->kvm, gpa, val, bytes); + } + + static int write_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, ++ void *val, int bytes) __size_overflow(2); ++static int write_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, + void *val, int bytes) + { + return emulator_write_phys(vcpu, gpa, val, bytes); +@@ -3821,6 +3838,12 @@ static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt, + const void *old, + const void *new, + unsigned int bytes, ++ struct x86_exception *exception) __size_overflow(5); ++static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt, ++ unsigned long addr, ++ const void *old, ++ const void *new, ++ unsigned int bytes, + struct x86_exception *exception) + { + struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt); +@@ -4780,7 +4803,7 @@ static void kvm_set_mmio_spte_mask(void) kvm_mmu_set_mmio_spte_mask(mask); } @@ -19900,6 +20315,24 @@ index 9cbfc06..7ddc9fa 100644 { int r; struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque; +diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h +index cb80c29..aeee86c 100644 +--- a/arch/x86/kvm/x86.h ++++ b/arch/x86/kvm/x86.h +@@ -116,11 +116,11 @@ void kvm_write_tsc(struct kvm_vcpu *vcpu, u64 data); + + int kvm_read_guest_virt(struct x86_emulate_ctxt *ctxt, + gva_t addr, void *val, unsigned int bytes, +- struct x86_exception *exception); ++ struct x86_exception *exception) __size_overflow(2,4); + + int kvm_write_guest_virt_system(struct x86_emulate_ctxt *ctxt, + gva_t addr, void *val, unsigned int bytes, +- struct x86_exception *exception); ++ struct x86_exception *exception) __size_overflow(2,4); + + extern u64 host_xcr0; + diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c index 642d880..44e0f3f 100644 --- a/arch/x86/lguest/boot.c @@ -22173,7 +22606,7 @@ index a63efd6..ccecad8 100644 ret CFI_ENDPROC diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c -index e218d5d..35679b4 100644 +index e218d5d..a99a1eb 100644 --- a/arch/x86/lib/usercopy_32.c +++ b/arch/x86/lib/usercopy_32.c @@ -43,7 +43,7 @@ do { \ @@ -22276,7 +22709,7 @@ index e218d5d..35679b4 100644 " addl $-64, %0\n" " addl $64, %4\n" " addl $64, %3\n" -@@ -278,10 +282,119 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) +@@ -278,10 +282,12 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -22286,58 +22719,13 @@ index e218d5d..35679b4 100644 "37: rep; movsb\n" "100:\n" + __COPYUSER_RESTORE_ES -+ ".section .fixup,\"ax\"\n" -+ "101: lea 0(%%eax,%0,4),%0\n" -+ " jmp 100b\n" -+ ".previous\n" -+ ".section __ex_table,\"a\"\n" -+ " .align 4\n" -+ " .long 1b,100b\n" -+ " .long 2b,100b\n" -+ " .long 3b,100b\n" -+ " .long 4b,100b\n" -+ " .long 5b,100b\n" -+ " .long 6b,100b\n" -+ " .long 7b,100b\n" -+ " .long 8b,100b\n" -+ " .long 9b,100b\n" -+ " .long 10b,100b\n" -+ " .long 11b,100b\n" -+ " .long 12b,100b\n" -+ " .long 13b,100b\n" -+ " .long 14b,100b\n" -+ " .long 15b,100b\n" -+ " .long 16b,100b\n" -+ " .long 17b,100b\n" -+ " .long 18b,100b\n" -+ " .long 19b,100b\n" -+ " .long 20b,100b\n" -+ " .long 21b,100b\n" -+ " .long 22b,100b\n" -+ " .long 23b,100b\n" -+ " .long 24b,100b\n" -+ " .long 25b,100b\n" -+ " .long 26b,100b\n" -+ " .long 27b,100b\n" -+ " .long 28b,100b\n" -+ " .long 29b,100b\n" -+ " .long 30b,100b\n" -+ " .long 31b,100b\n" -+ " .long 32b,100b\n" -+ " .long 33b,100b\n" -+ " .long 34b,100b\n" -+ " .long 35b,100b\n" -+ " .long 36b,100b\n" -+ " .long 37b,100b\n" -+ " .long 99b,101b\n" -+ ".previous" -+ : "=&c"(size), "=&D" (d0), "=&S" (d1) -+ : "1"(to), "2"(from), "0"(size) -+ : "eax", "edx", "memory"); -+ return size; -+} -+ -+static unsigned long + ".section .fixup,\"ax\"\n" + "101: lea 0(%%eax,%0,4),%0\n" + " jmp 100b\n" +@@ -334,46 +340,155 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) + } + + static unsigned long +__generic_copy_from_user_intel(void *to, const void __user *from, unsigned long size) +{ + int d0, d1; @@ -22393,10 +22781,62 @@ index e218d5d..35679b4 100644 + "36: movl %%eax, %0\n" + "37: rep; "__copyuser_seg" movsb\n" + "100:\n" - ".section .fixup,\"ax\"\n" - "101: lea 0(%%eax,%0,4),%0\n" - " jmp 100b\n" -@@ -339,41 +452,41 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) ++ ".section .fixup,\"ax\"\n" ++ "101: lea 0(%%eax,%0,4),%0\n" ++ " jmp 100b\n" ++ ".previous\n" ++ ".section __ex_table,\"a\"\n" ++ " .align 4\n" ++ " .long 1b,100b\n" ++ " .long 2b,100b\n" ++ " .long 3b,100b\n" ++ " .long 4b,100b\n" ++ " .long 5b,100b\n" ++ " .long 6b,100b\n" ++ " .long 7b,100b\n" ++ " .long 8b,100b\n" ++ " .long 9b,100b\n" ++ " .long 10b,100b\n" ++ " .long 11b,100b\n" ++ " .long 12b,100b\n" ++ " .long 13b,100b\n" ++ " .long 14b,100b\n" ++ " .long 15b,100b\n" ++ " .long 16b,100b\n" ++ " .long 17b,100b\n" ++ " .long 18b,100b\n" ++ " .long 19b,100b\n" ++ " .long 20b,100b\n" ++ " .long 21b,100b\n" ++ " .long 22b,100b\n" ++ " .long 23b,100b\n" ++ " .long 24b,100b\n" ++ " .long 25b,100b\n" ++ " .long 26b,100b\n" ++ " .long 27b,100b\n" ++ " .long 28b,100b\n" ++ " .long 29b,100b\n" ++ " .long 30b,100b\n" ++ " .long 31b,100b\n" ++ " .long 32b,100b\n" ++ " .long 33b,100b\n" ++ " .long 34b,100b\n" ++ " .long 35b,100b\n" ++ " .long 36b,100b\n" ++ " .long 37b,100b\n" ++ " .long 99b,101b\n" ++ ".previous" ++ : "=&c"(size), "=&D" (d0), "=&S" (d1) ++ : "1"(to), "2"(from), "0"(size) ++ : "eax", "edx", "memory"); ++ return size; ++} ++ ++static unsigned long ++__copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) __size_overflow(3); ++static unsigned long + __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) + { int d0, d1; __asm__ __volatile__( " .align 2,0x90\n" @@ -22456,7 +22896,7 @@ index e218d5d..35679b4 100644 " movl %%eax, 56(%3)\n" " movl %%edx, 60(%3)\n" " addl $-64, %0\n" -@@ -385,9 +498,9 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) +@@ -385,9 +500,9 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -22468,7 +22908,15 @@ index e218d5d..35679b4 100644 "8:\n" ".section .fixup,\"ax\"\n" "9: lea 0(%%eax,%0,4),%0\n" -@@ -440,41 +553,41 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, +@@ -434,47 +549,49 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) + */ + + static unsigned long __copy_user_zeroing_intel_nocache(void *to, ++ const void __user *from, unsigned long size) __size_overflow(3); ++static unsigned long __copy_user_zeroing_intel_nocache(void *to, + const void __user *from, unsigned long size) + { + int d0, d1; __asm__ __volatile__( " .align 2,0x90\n" @@ -22528,7 +22976,7 @@ index e218d5d..35679b4 100644 " movnti %%eax, 56(%3)\n" " movnti %%edx, 60(%3)\n" " addl $-64, %0\n" -@@ -487,9 +600,9 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, +@@ -487,9 +604,9 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -22540,7 +22988,15 @@ index e218d5d..35679b4 100644 "8:\n" ".section .fixup,\"ax\"\n" "9: lea 0(%%eax,%0,4),%0\n" -@@ -537,41 +650,41 @@ static unsigned long __copy_user_intel_nocache(void *to, +@@ -531,47 +648,49 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, + } + + static unsigned long __copy_user_intel_nocache(void *to, ++ const void __user *from, unsigned long size) __size_overflow(3); ++static unsigned long __copy_user_intel_nocache(void *to, + const void __user *from, unsigned long size) + { + int d0, d1; __asm__ __volatile__( " .align 2,0x90\n" @@ -22600,7 +23056,7 @@ index e218d5d..35679b4 100644 " movnti %%eax, 56(%3)\n" " movnti %%edx, 60(%3)\n" " addl $-64, %0\n" -@@ -584,9 +697,9 @@ static unsigned long __copy_user_intel_nocache(void *to, +@@ -584,9 +703,9 @@ static unsigned long __copy_user_intel_nocache(void *to, " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -22612,7 +23068,7 @@ index e218d5d..35679b4 100644 "8:\n" ".section .fixup,\"ax\"\n" "9: lea 0(%%eax,%0,4),%0\n" -@@ -629,32 +742,36 @@ static unsigned long __copy_user_intel_nocache(void *to, +@@ -629,32 +748,36 @@ static unsigned long __copy_user_intel_nocache(void *to, */ unsigned long __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size); @@ -22654,7 +23110,7 @@ index e218d5d..35679b4 100644 ".section .fixup,\"ax\"\n" \ "5: addl %3,%0\n" \ " jmp 2b\n" \ -@@ -682,14 +799,14 @@ do { \ +@@ -682,14 +805,14 @@ do { \ " negl %0\n" \ " andl $7,%0\n" \ " subl %0,%3\n" \ @@ -22672,7 +23128,7 @@ index e218d5d..35679b4 100644 "2:\n" \ ".section .fixup,\"ax\"\n" \ "5: addl %3,%0\n" \ -@@ -775,9 +892,9 @@ survive: +@@ -775,9 +898,9 @@ survive: } #endif if (movsl_is_ok(to, from, n)) @@ -22684,7 +23140,7 @@ index e218d5d..35679b4 100644 return n; } EXPORT_SYMBOL(__copy_to_user_ll); -@@ -797,10 +914,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from, +@@ -797,10 +920,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from, unsigned long n) { if (movsl_is_ok(to, from, n)) @@ -22697,7 +23153,7 @@ index e218d5d..35679b4 100644 return n; } EXPORT_SYMBOL(__copy_from_user_ll_nozero); -@@ -827,65 +943,50 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr +@@ -827,65 +949,50 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr if (n > 64 && cpu_has_xmm2) n = __copy_user_intel_nocache(to, from, n); else @@ -24793,10 +25249,10 @@ index 9f0614d..92ae64a 100644 p += get_opcode(p, &opcode); for (i = 0; i < ARRAY_SIZE(imm_wop); i++) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c -index 8573b83..c3b1a30 100644 +index 8573b83..01e9be7 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c -@@ -84,10 +84,52 @@ static inline void pgd_list_del(pgd_t *pgd) +@@ -84,10 +84,56 @@ static inline void pgd_list_del(pgd_t *pgd) list_del(&page->lru); } @@ -24815,14 +25271,18 @@ index 8573b83..c3b1a30 100644 +#ifdef CONFIG_PAX_PER_CPU_PGD +void __clone_user_pgds(pgd_t *dst, const pgd_t *src, int count) +{ -+ while (count--) ++ while (count--) { ++ pgd_t pgd; ++ ++ pgd = __pgd(pgd_val(*src++) | _PAGE_USER); + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ *dst++ = __pgd(pgd_val(*src++) & clone_pgd_mask); -+#else -+ *dst++ = *src++; ++ pgd = __pgd(pgd_val(pgd) & clone_pgd_mask); +#endif + ++ *dst++ = pgd; ++ } ++ +} +#endif + @@ -24851,7 +25311,7 @@ index 8573b83..c3b1a30 100644 static void pgd_set_mm(pgd_t *pgd, struct mm_struct *mm) { BUILD_BUG_ON(sizeof(virt_to_page(pgd)->index) < sizeof(mm)); -@@ -128,6 +170,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -128,6 +174,7 @@ static void pgd_dtor(pgd_t *pgd) pgd_list_del(pgd); spin_unlock(&pgd_lock); } @@ -24859,7 +25319,7 @@ index 8573b83..c3b1a30 100644 /* * List of all pgd's needed for non-PAE so it can invalidate entries -@@ -140,7 +183,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -140,7 +187,7 @@ static void pgd_dtor(pgd_t *pgd) * -- wli */ @@ -24868,7 +25328,7 @@ index 8573b83..c3b1a30 100644 /* * In PAE mode, we need to do a cr3 reload (=tlb flush) when * updating the top-level pagetable entries to guarantee the -@@ -152,7 +195,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -152,7 +199,7 @@ static void pgd_dtor(pgd_t *pgd) * not shared between pagetables (!SHARED_KERNEL_PMDS), we allocate * and initialize the kernel pmds here. */ @@ -24877,7 +25337,7 @@ index 8573b83..c3b1a30 100644 void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) { -@@ -170,36 +213,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) +@@ -170,36 +217,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) */ flush_tlb_mm(mm); } @@ -24927,7 +25387,7 @@ index 8573b83..c3b1a30 100644 return -ENOMEM; } -@@ -212,51 +257,55 @@ static int preallocate_pmds(pmd_t *pmds[]) +@@ -212,51 +261,55 @@ static int preallocate_pmds(pmd_t *pmds[]) * preallocate which never got a corresponding vma will need to be * freed manually. */ @@ -25000,7 +25460,7 @@ index 8573b83..c3b1a30 100644 pgd = (pgd_t *)__get_free_page(PGALLOC_GFP); -@@ -265,11 +314,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm) +@@ -265,11 +318,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm) mm->pgd = pgd; @@ -25014,7 +25474,7 @@ index 8573b83..c3b1a30 100644 /* * Make sure that pre-populating the pmds is atomic with -@@ -279,14 +328,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm) +@@ -279,14 +332,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm) spin_lock(&pgd_lock); pgd_ctor(mm, pgd); @@ -25032,7 +25492,7 @@ index 8573b83..c3b1a30 100644 out_free_pgd: free_page((unsigned long)pgd); out: -@@ -295,7 +344,7 @@ out: +@@ -295,7 +348,7 @@ out: void pgd_free(struct mm_struct *mm, pgd_t *pgd) { @@ -25913,6 +26373,28 @@ index 475e2cd..1b8e708 100644 } /* parse all the mtimer info to a static mtimer array */ +diff --git a/arch/x86/platform/uv/tlb_uv.c b/arch/x86/platform/uv/tlb_uv.c +index 3ae0e61..4202d86 100644 +--- a/arch/x86/platform/uv/tlb_uv.c ++++ b/arch/x86/platform/uv/tlb_uv.c +@@ -1424,6 +1424,8 @@ static ssize_t tunables_read(struct file *file, char __user *userbuf, + * 0: display meaning of the statistics + */ + static ssize_t ptc_proc_write(struct file *file, const char __user *user, ++ size_t count, loff_t *data) __size_overflow(3); ++static ssize_t ptc_proc_write(struct file *file, const char __user *user, + size_t count, loff_t *data) + { + int cpu; +@@ -1539,6 +1541,8 @@ static int parse_tunables_write(struct bau_control *bcp, char *instr, + * Handle a write to debugfs. (/sys/kernel/debug/sgi_uv/bau_tunables) + */ + static ssize_t tunables_write(struct file *file, const char __user *user, ++ size_t count, loff_t *data) __size_overflow(3); ++static ssize_t tunables_write(struct file *file, const char __user *user, + size_t count, loff_t *data) + { + int cpu; diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c index f10c0af..3ec1f95 100644 --- a/arch/x86/power/cpu.c @@ -26566,6 +27048,91 @@ index 260fa80..e8f3caf 100644 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; +diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c +index a0f768c..1da9c73 100644 +--- a/crypto/ablkcipher.c ++++ b/crypto/ablkcipher.c +@@ -307,6 +307,8 @@ int ablkcipher_walk_phys(struct ablkcipher_request *req, + EXPORT_SYMBOL_GPL(ablkcipher_walk_phys); + + static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key, ++ unsigned int keylen) __size_overflow(3); ++static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key, + unsigned int keylen) + { + struct ablkcipher_alg *cipher = crypto_ablkcipher_alg(tfm); +@@ -329,6 +331,8 @@ static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key, + } + + static int setkey(struct crypto_ablkcipher *tfm, const u8 *key, ++ unsigned int keylen) __size_overflow(3); ++static int setkey(struct crypto_ablkcipher *tfm, const u8 *key, + unsigned int keylen) + { + struct ablkcipher_alg *cipher = crypto_ablkcipher_alg(tfm); +diff --git a/crypto/aead.c b/crypto/aead.c +index 04add3dc..983032f 100644 +--- a/crypto/aead.c ++++ b/crypto/aead.c +@@ -27,6 +27,8 @@ + #include "internal.h" + + static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, ++ unsigned int keylen) __size_overflow(3); ++static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, + unsigned int keylen) + { + struct aead_alg *aead = crypto_aead_alg(tfm); +@@ -48,6 +50,7 @@ static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, + return ret; + } + ++static int setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen) __size_overflow(3); + static int setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen) + { + struct aead_alg *aead = crypto_aead_alg(tfm); +diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c +index 1e61d1a..cf06b86 100644 +--- a/crypto/blkcipher.c ++++ b/crypto/blkcipher.c +@@ -359,6 +359,8 @@ int blkcipher_walk_virt_block(struct blkcipher_desc *desc, + EXPORT_SYMBOL_GPL(blkcipher_walk_virt_block); + + static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, ++ unsigned int keylen) __size_overflow(3); ++static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, + unsigned int keylen) + { + struct blkcipher_alg *cipher = &tfm->__crt_alg->cra_blkcipher; +@@ -380,6 +382,7 @@ static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, + return ret; + } + ++static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) __size_overflow(3); + static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) + { + struct blkcipher_alg *cipher = &tfm->__crt_alg->cra_blkcipher; +diff --git a/crypto/cipher.c b/crypto/cipher.c +index 39541e0..802d956 100644 +--- a/crypto/cipher.c ++++ b/crypto/cipher.c +@@ -21,6 +21,8 @@ + #include "internal.h" + + static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, ++ unsigned int keylen) __size_overflow(3); ++static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, + unsigned int keylen) + { + struct cipher_alg *cia = &tfm->__crt_alg->cra_cipher; +@@ -43,6 +45,7 @@ static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, + + } + ++static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) __size_overflow(3); + static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) + { + struct cipher_alg *cia = &tfm->__crt_alg->cra_cipher; diff --git a/crypto/cryptd.c b/crypto/cryptd.c index 671d4d6..5f24030 100644 --- a/crypto/cryptd.c @@ -26609,6 +27176,20 @@ index 5d41894..22021e4 100644 } EXPORT_SYMBOL_GPL(cper_next_record_id); +diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c +index 86933ca..5cb1a69 100644 +--- a/drivers/acpi/battery.c ++++ b/drivers/acpi/battery.c +@@ -787,6 +787,9 @@ static int acpi_battery_print_alarm(struct seq_file *seq, int result) + + static ssize_t acpi_battery_write_alarm(struct file *file, + const char __user * buffer, ++ size_t count, loff_t * ppos) __size_overflow(3); ++static ssize_t acpi_battery_write_alarm(struct file *file, ++ const char __user * buffer, + size_t count, loff_t * ppos) + { + int result = 0; diff --git a/drivers/acpi/ec_sys.c b/drivers/acpi/ec_sys.c index b258cab..3fb7da7 100644 --- a/drivers/acpi/ec_sys.c @@ -26713,6 +27294,20 @@ index 8ae05ce..7dbbed9 100644 /* * Buggy BIOS check +diff --git a/drivers/acpi/sbs.c b/drivers/acpi/sbs.c +index 6e36d0c..f319944 100644 +--- a/drivers/acpi/sbs.c ++++ b/drivers/acpi/sbs.c +@@ -655,6 +655,9 @@ static int acpi_battery_read_alarm(struct seq_file *seq, void *offset) + + static ssize_t + acpi_battery_write_alarm(struct file *file, const char __user * buffer, ++ size_t count, loff_t * ppos) __size_overflow(3); ++static ssize_t ++acpi_battery_write_alarm(struct file *file, const char __user * buffer, + size_t count, loff_t * ppos) + { + struct seq_file *seq = file->private_data; diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c index c06e0ec..a2c06ba 100644 --- a/drivers/ata/libata-core.c @@ -31426,6 +32021,28 @@ index 40c8353..946b0e4 100644 } PDBG("%s stag_state 0x%0x type 0x%0x pdid 0x%0x, stag_idx 0x%x\n", __func__, stag_state, type, pdid, stag_idx); +diff --git a/drivers/infiniband/hw/ipath/ipath_fs.c b/drivers/infiniband/hw/ipath/ipath_fs.c +index a4de9d5..5fa20c3 100644 +--- a/drivers/infiniband/hw/ipath/ipath_fs.c ++++ b/drivers/infiniband/hw/ipath/ipath_fs.c +@@ -126,6 +126,8 @@ static const struct file_operations atomic_counters_ops = { + }; + + static ssize_t flash_read(struct file *file, char __user *buf, ++ size_t count, loff_t *ppos) __size_overflow(3); ++static ssize_t flash_read(struct file *file, char __user *buf, + size_t count, loff_t *ppos) + { + struct ipath_devdata *dd; +@@ -177,6 +179,8 @@ bail: + } + + static ssize_t flash_write(struct file *file, const char __user *buf, ++ size_t count, loff_t *ppos) __size_overflow(3); ++static ssize_t flash_write(struct file *file, const char __user *buf, + size_t count, loff_t *ppos) + { + struct ipath_devdata *dd; diff --git a/drivers/infiniband/hw/ipath/ipath_rc.c b/drivers/infiniband/hw/ipath/ipath_rc.c index 79b3dbc..96e5fcc 100644 --- a/drivers/infiniband/hw/ipath/ipath_rc.c @@ -31905,6 +32522,28 @@ index b881bdc..c2e360c 100644 #include "qib_common.h" #include "qib_verbs.h" +diff --git a/drivers/infiniband/hw/qib/qib_fs.c b/drivers/infiniband/hw/qib/qib_fs.c +index 05e0f17..0275789 100644 +--- a/drivers/infiniband/hw/qib/qib_fs.c ++++ b/drivers/infiniband/hw/qib/qib_fs.c +@@ -267,6 +267,8 @@ static const struct file_operations qsfp_ops[] = { + }; + + static ssize_t flash_read(struct file *file, char __user *buf, ++ size_t count, loff_t *ppos) __size_overflow(3); ++static ssize_t flash_read(struct file *file, char __user *buf, + size_t count, loff_t *ppos) + { + struct qib_devdata *dd; +@@ -318,6 +320,8 @@ bail: + } + + static ssize_t flash_write(struct file *file, const char __user *buf, ++ size_t count, loff_t *ppos) __size_overflow(3); ++static ssize_t flash_write(struct file *file, const char __user *buf, + size_t count, loff_t *ppos) + { + struct qib_devdata *dd; diff --git a/drivers/input/gameport/gameport.c b/drivers/input/gameport/gameport.c index c351aa4..e6967c2 100644 --- a/drivers/input/gameport/gameport.c @@ -32275,6 +32914,18 @@ index b5fdcb7..5b6c59f 100644 end_switcher_text - start_switcher_text); printk(KERN_INFO "lguest: mapped switcher at %p\n", +diff --git a/drivers/lguest/lguest_user.c b/drivers/lguest/lguest_user.c +index ff4a0bc..f5fdd9c 100644 +--- a/drivers/lguest/lguest_user.c ++++ b/drivers/lguest/lguest_user.c +@@ -198,6 +198,7 @@ static int user_send_irq(struct lg_cpu *cpu, const unsigned long __user *input) + * Once our Guest is initialized, the Launcher makes it run by reading + * from /dev/lguest. + */ ++static ssize_t read(struct file *file, char __user *user, size_t size,loff_t*o) __size_overflow(3); + static ssize_t read(struct file *file, char __user *user, size_t size,loff_t*o) + { + struct lguest *lg = file->private_data; diff --git a/drivers/lguest/x86/core.c b/drivers/lguest/x86/core.c index 3980903..ce25c5e 100644 --- a/drivers/lguest/x86/core.c @@ -32409,7 +33060,7 @@ index 1ce84ed..0fdd40a 100644 DMWARN("name not supplied when creating device"); return -EINVAL; diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c -index 9bfd057..01180bc 100644 +index 9bfd057..5373ff3 100644 --- a/drivers/md/dm-raid1.c +++ b/drivers/md/dm-raid1.c @@ -40,7 +40,7 @@ enum dm_raid1_error { @@ -32466,7 +33117,18 @@ index 9bfd057..01180bc 100644 m = NULL; if (likely(m)) -@@ -937,7 +937,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti, +@@ -848,6 +848,10 @@ static void do_mirror(struct work_struct *work) + static struct mirror_set *alloc_context(unsigned int nr_mirrors, + uint32_t region_size, + struct dm_target *ti, ++ struct dm_dirty_log *dl) __size_overflow(1); ++static struct mirror_set *alloc_context(unsigned int nr_mirrors, ++ uint32_t region_size, ++ struct dm_target *ti, + struct dm_dirty_log *dl) + { + size_t len; +@@ -937,7 +941,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti, } ms->mirror[mirror].ms = ms; @@ -32475,7 +33137,7 @@ index 9bfd057..01180bc 100644 ms->mirror[mirror].error_type = 0; ms->mirror[mirror].offset = offset; -@@ -1347,7 +1347,7 @@ static void mirror_resume(struct dm_target *ti) +@@ -1347,7 +1351,7 @@ static void mirror_resume(struct dm_target *ti) */ static char device_status_char(struct mirror *m) { @@ -32485,7 +33147,7 @@ index 9bfd057..01180bc 100644 return (test_bit(DM_RAID1_FLUSH_ERROR, &(m->error_type))) ? 'F' : diff --git a/drivers/md/dm-stripe.c b/drivers/md/dm-stripe.c -index 3d80cf0..b77cc47 100644 +index 3d80cf0..7d98e1a 100644 --- a/drivers/md/dm-stripe.c +++ b/drivers/md/dm-stripe.c @@ -20,7 +20,7 @@ struct stripe { @@ -32497,7 +33159,15 @@ index 3d80cf0..b77cc47 100644 }; struct stripe_c { -@@ -192,7 +192,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv) +@@ -55,6 +55,7 @@ static void trigger_event(struct work_struct *work) + dm_table_event(sc->ti->table); + } + ++static inline struct stripe_c *alloc_context(unsigned int stripes) __size_overflow(1); + static inline struct stripe_c *alloc_context(unsigned int stripes) + { + size_t len; +@@ -192,7 +193,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv) kfree(sc); return r; } @@ -32506,7 +33176,7 @@ index 3d80cf0..b77cc47 100644 } ti->private = sc; -@@ -314,7 +314,7 @@ static int stripe_status(struct dm_target *ti, +@@ -314,7 +315,7 @@ static int stripe_status(struct dm_target *ti, DMEMIT("%d ", sc->stripes); for (i = 0; i < sc->stripes; i++) { DMEMIT("%s ", sc->stripe[i].dev->name); @@ -32515,7 +33185,7 @@ index 3d80cf0..b77cc47 100644 'D' : 'A'; } buffer[i] = '\0'; -@@ -361,8 +361,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio, +@@ -361,8 +362,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio, */ for (i = 0; i < sc->stripes; i++) if (!strcmp(sc->stripe[i].dev->name, major_minor)) { @@ -33055,6 +33725,44 @@ index 9cde353..8c6a1c3 100644 struct i2c_client i2c_client; u32 i2c_rc; +diff --git a/drivers/media/video/cpia2/cpia2_core.c b/drivers/media/video/cpia2/cpia2_core.c +index ee91e295..04ad048 100644 +--- a/drivers/media/video/cpia2/cpia2_core.c ++++ b/drivers/media/video/cpia2/cpia2_core.c +@@ -86,6 +86,7 @@ static inline unsigned long kvirt_to_pa(unsigned long adr) + return ret; + } + ++static void *rvmalloc(unsigned long size) __size_overflow(1); + static void *rvmalloc(unsigned long size) + { + void *mem; +diff --git a/drivers/media/video/cx18/cx18-alsa-pcm.c b/drivers/media/video/cx18/cx18-alsa-pcm.c +index 82d195b..181103c 100644 +--- a/drivers/media/video/cx18/cx18-alsa-pcm.c ++++ b/drivers/media/video/cx18/cx18-alsa-pcm.c +@@ -229,6 +229,8 @@ static int snd_cx18_pcm_ioctl(struct snd_pcm_substream *substream, + + + static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, ++ size_t size) __size_overflow(2); ++static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, + size_t size) + { + struct snd_pcm_runtime *runtime = subs->runtime; +diff --git a/drivers/media/video/cx231xx/cx231xx-audio.c b/drivers/media/video/cx231xx/cx231xx-audio.c +index a2c2b7d..8f1bec7 100644 +--- a/drivers/media/video/cx231xx/cx231xx-audio.c ++++ b/drivers/media/video/cx231xx/cx231xx-audio.c +@@ -389,6 +389,8 @@ static int cx231xx_init_audio_bulk(struct cx231xx *dev) + } + + static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, ++ size_t size) __size_overflow(2); ++static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, + size_t size) + { + struct snd_pcm_runtime *runtime = subs->runtime; diff --git a/drivers/media/video/cx88/cx88-alsa.c b/drivers/media/video/cx88/cx88-alsa.c index 04bf662..e0ac026 100644 --- a/drivers/media/video/cx88/cx88-alsa.c @@ -33068,6 +33776,31 @@ index 04bf662..e0ac026 100644 {0x14f1,0x8801,PCI_ANY_ID,PCI_ANY_ID,0,0,0}, {0x14f1,0x8811,PCI_ANY_ID,PCI_ANY_ID,0,0,0}, {0, } +diff --git a/drivers/media/video/em28xx/em28xx-audio.c b/drivers/media/video/em28xx/em28xx-audio.c +index e2a7b77..753d0ee 100644 +--- a/drivers/media/video/em28xx/em28xx-audio.c ++++ b/drivers/media/video/em28xx/em28xx-audio.c +@@ -225,6 +225,8 @@ static int em28xx_init_audio_isoc(struct em28xx *dev) + } + + static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, ++ size_t size) __size_overflow(2); ++static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, + size_t size) + { + struct snd_pcm_runtime *runtime = subs->runtime; +diff --git a/drivers/media/video/meye.c b/drivers/media/video/meye.c +index b09a3c8..6dcba0a 100644 +--- a/drivers/media/video/meye.c ++++ b/drivers/media/video/meye.c +@@ -72,6 +72,7 @@ static struct meye meye; + /****************************************************************************/ + /* Memory allocation routines (stolen from bttv-driver.c) */ + /****************************************************************************/ ++static void *rvmalloc(unsigned long size) __size_overflow(1); + static void *rvmalloc(unsigned long size) + { + void *mem; diff --git a/drivers/media/video/omap/omap_vout.c b/drivers/media/video/omap/omap_vout.c index 1fb7d5b..3901e77 100644 --- a/drivers/media/video/omap/omap_vout.c @@ -33117,6 +33850,32 @@ index 305e6aa..0143317 100644 pvr2_i2c_func i2c_func[PVR2_I2C_FUNC_CNT]; int i2c_cx25840_hack_state; int i2c_linked; +diff --git a/drivers/media/video/saa7164/saa7164-encoder.c b/drivers/media/video/saa7164/saa7164-encoder.c +index 2fd38a0..ddec3c4 100644 +--- a/drivers/media/video/saa7164/saa7164-encoder.c ++++ b/drivers/media/video/saa7164/saa7164-encoder.c +@@ -1136,6 +1136,8 @@ struct saa7164_user_buffer *saa7164_enc_next_buf(struct saa7164_port *port) + } + + static ssize_t fops_read(struct file *file, char __user *buffer, ++ size_t count, loff_t *pos) __size_overflow(3); ++static ssize_t fops_read(struct file *file, char __user *buffer, + size_t count, loff_t *pos) + { + struct saa7164_encoder_fh *fh = file->private_data; +diff --git a/drivers/media/video/saa7164/saa7164-vbi.c b/drivers/media/video/saa7164/saa7164-vbi.c +index e2e0341..b80056c 100644 +--- a/drivers/media/video/saa7164/saa7164-vbi.c ++++ b/drivers/media/video/saa7164/saa7164-vbi.c +@@ -1081,6 +1081,8 @@ struct saa7164_user_buffer *saa7164_vbi_next_buf(struct saa7164_port *port) + } + + static ssize_t fops_read(struct file *file, char __user *buffer, ++ size_t count, loff_t *pos) __size_overflow(3); ++static ssize_t fops_read(struct file *file, char __user *buffer, + size_t count, loff_t *pos) + { + struct saa7164_vbi_fh *fh = file->private_data; diff --git a/drivers/media/video/timblogiw.c b/drivers/media/video/timblogiw.c index 4ed1c7c2..8f15e13 100644 --- a/drivers/media/video/timblogiw.c @@ -33139,6 +33898,42 @@ index 4ed1c7c2..8f15e13 100644 .owner = THIS_MODULE, .open = timblogiw_open, .release = timblogiw_close, +diff --git a/drivers/media/video/videobuf-dma-contig.c b/drivers/media/video/videobuf-dma-contig.c +index c969111..a7910f4 100644 +--- a/drivers/media/video/videobuf-dma-contig.c ++++ b/drivers/media/video/videobuf-dma-contig.c +@@ -184,6 +184,7 @@ static int videobuf_dma_contig_user_get(struct videobuf_dma_contig_memory *mem, + return ret; + } + ++static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) __size_overflow(1); + static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) + { + struct videobuf_dma_contig_memory *mem; +diff --git a/drivers/media/video/videobuf-dma-sg.c b/drivers/media/video/videobuf-dma-sg.c +index f300dea..5fc9c4a 100644 +--- a/drivers/media/video/videobuf-dma-sg.c ++++ b/drivers/media/video/videobuf-dma-sg.c +@@ -419,6 +419,7 @@ static const struct vm_operations_struct videobuf_vm_ops = { + struct videobuf_dma_sg_memory + */ + ++static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) __size_overflow(1); + static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) + { + struct videobuf_dma_sg_memory *mem; +diff --git a/drivers/media/video/videobuf-vmalloc.c b/drivers/media/video/videobuf-vmalloc.c +index df14258..12cc7a3 100644 +--- a/drivers/media/video/videobuf-vmalloc.c ++++ b/drivers/media/video/videobuf-vmalloc.c +@@ -135,6 +135,7 @@ static const struct vm_operations_struct videobuf_vm_ops = { + struct videobuf_dma_sg_memory + */ + ++static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) __size_overflow(1); + static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) + { + struct videobuf_vmalloc_memory *mem; diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c index a7dc467..a55c423 100644 --- a/drivers/message/fusion/mptbase.c @@ -33766,49 +34561,19 @@ index 51b9d6a..52af9a7 100644 #include <linux/mtd/mtd.h> #include <linux/mtd/nand.h> #include <linux/mtd/nftl.h> -diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c -index 115749f..3021f01 100644 ---- a/drivers/mtd/ubi/build.c -+++ b/drivers/mtd/ubi/build.c -@@ -1311,7 +1311,7 @@ module_exit(ubi_exit); - static int __init bytes_str_to_int(const char *str) - { - char *endp; -- unsigned long result; -+ unsigned long result, scale = 1; - - result = simple_strtoul(str, &endp, 0); - if (str == endp || result >= INT_MAX) { -@@ -1322,11 +1322,11 @@ static int __init bytes_str_to_int(const char *str) - - switch (*endp) { - case 'G': -- result *= 1024; -+ scale *= 1024; - case 'M': -- result *= 1024; -+ scale *= 1024; - case 'K': -- result *= 1024; -+ scale *= 1024; - if (endp[1] == 'i' && endp[2] == 'B') - endp += 2; - case '\0': -@@ -1337,7 +1337,13 @@ static int __init bytes_str_to_int(const char *str) - return -EINVAL; - } - -- return result; -+ if ((intoverflow_t)result*scale >= INT_MAX) { -+ printk(KERN_ERR "UBI error: incorrect bytes count: \"%s\"\n", -+ str); -+ return -EINVAL; -+ } -+ -+ return result*scale; - } - - /** +diff --git a/drivers/mtd/ubi/debug.c b/drivers/mtd/ubi/debug.c +index e2cdebf..d48183a 100644 +--- a/drivers/mtd/ubi/debug.c ++++ b/drivers/mtd/ubi/debug.c +@@ -338,6 +338,8 @@ out: + + /* Write an UBI debugfs file */ + static ssize_t dfs_file_write(struct file *file, const char __user *user_buf, ++ size_t count, loff_t *ppos) __size_overflow(3); ++static ssize_t dfs_file_write(struct file *file, const char __user *user_buf, + size_t count, loff_t *ppos) + { + unsigned long ubi_num = (unsigned long)file->private_data; diff --git a/drivers/net/ethernet/atheros/atlx/atl2.c b/drivers/net/ethernet/atheros/atlx/atl2.c index 071f4c8..440862e 100644 --- a/drivers/net/ethernet/atheros/atlx/atl2.c @@ -33847,6 +34612,19 @@ index aea8f72..fcebf75 100644 #define CHIPREV_ID_5750_C2 0x4202 #define CHIPREV_ID_5752_A0_HW 0x5000 #define CHIPREV_ID_5752_A0 0x6000 +diff --git a/drivers/net/ethernet/chelsio/cxgb/sge.c b/drivers/net/ethernet/chelsio/cxgb/sge.c +index 47a8435..248e4b3 100644 +--- a/drivers/net/ethernet/chelsio/cxgb/sge.c ++++ b/drivers/net/ethernet/chelsio/cxgb/sge.c +@@ -1052,6 +1052,8 @@ MODULE_PARM_DESC(copybreak, "Receive copy threshold"); + * be copied but there is no memory for the copy. + */ + static inline struct sk_buff *get_packet(struct pci_dev *pdev, ++ struct freelQ *fl, unsigned int len) __size_overflow(3); ++static inline struct sk_buff *get_packet(struct pci_dev *pdev, + struct freelQ *fl, unsigned int len) + { + struct sk_buff *skb; diff --git a/drivers/net/ethernet/chelsio/cxgb3/l2t.h b/drivers/net/ethernet/chelsio/cxgb3/l2t.h index c4e8643..0979484 100644 --- a/drivers/net/ethernet/chelsio/cxgb3/l2t.h @@ -33860,6 +34638,56 @@ index c4e8643..0979484 100644 #define L2T_SKB_CB(skb) ((struct l2t_skb_cb *)(skb)->cb) +diff --git a/drivers/net/ethernet/chelsio/cxgb3/sge.c b/drivers/net/ethernet/chelsio/cxgb3/sge.c +index cfb60e1..94af340 100644 +--- a/drivers/net/ethernet/chelsio/cxgb3/sge.c ++++ b/drivers/net/ethernet/chelsio/cxgb3/sge.c +@@ -611,6 +611,8 @@ static void recycle_rx_buf(struct adapter *adap, struct sge_fl *q, + * of the SW ring. + */ + static void *alloc_ring(struct pci_dev *pdev, size_t nelem, size_t elem_size, ++ size_t sw_size, dma_addr_t * phys, void *metadata) __size_overflow(2,4); ++static void *alloc_ring(struct pci_dev *pdev, size_t nelem, size_t elem_size, + size_t sw_size, dma_addr_t * phys, void *metadata) + { + size_t len = nelem * elem_size; +@@ -777,6 +779,8 @@ static inline unsigned int flits_to_desc(unsigned int n) + * be copied but there is no memory for the copy. + */ + static struct sk_buff *get_packet(struct adapter *adap, struct sge_fl *fl, ++ unsigned int len, unsigned int drop_thres) __size_overflow(3); ++static struct sk_buff *get_packet(struct adapter *adap, struct sge_fl *fl, + unsigned int len, unsigned int drop_thres) + { + struct sk_buff *skb = NULL; +diff --git a/drivers/net/ethernet/chelsio/cxgb4/sge.c b/drivers/net/ethernet/chelsio/cxgb4/sge.c +index 2dae795..73037d2 100644 +--- a/drivers/net/ethernet/chelsio/cxgb4/sge.c ++++ b/drivers/net/ethernet/chelsio/cxgb4/sge.c +@@ -593,6 +593,9 @@ static inline void __refill_fl(struct adapter *adap, struct sge_fl *fl) + */ + static void *alloc_ring(struct device *dev, size_t nelem, size_t elem_size, + size_t sw_size, dma_addr_t *phys, void *metadata, ++ size_t stat_size, int node) __size_overflow(2,4); ++static void *alloc_ring(struct device *dev, size_t nelem, size_t elem_size, ++ size_t sw_size, dma_addr_t *phys, void *metadata, + size_t stat_size, int node) + { + size_t len = nelem * elem_size + stat_size; +diff --git a/drivers/net/ethernet/chelsio/cxgb4vf/sge.c b/drivers/net/ethernet/chelsio/cxgb4vf/sge.c +index 0bd585b..d954ca5 100644 +--- a/drivers/net/ethernet/chelsio/cxgb4vf/sge.c ++++ b/drivers/net/ethernet/chelsio/cxgb4vf/sge.c +@@ -729,6 +729,9 @@ static inline void __refill_fl(struct adapter *adapter, struct sge_fl *fl) + */ + static void *alloc_ring(struct device *dev, size_t nelem, size_t hwsize, + size_t swsize, dma_addr_t *busaddrp, void *swringp, ++ size_t stat_size) __size_overflow(2,4); ++static void *alloc_ring(struct device *dev, size_t nelem, size_t hwsize, ++ size_t swsize, dma_addr_t *busaddrp, void *swringp, + size_t stat_size) + { + /* diff --git a/drivers/net/ethernet/dec/tulip/de4x5.c b/drivers/net/ethernet/dec/tulip/de4x5.c index 4d71f5a..8004440 100644 --- a/drivers/net/ethernet/dec/tulip/de4x5.c @@ -34596,6 +35424,20 @@ index efc0111..79c8f5b 100644 struct ath_common; struct ath_bus_ops; +diff --git a/drivers/net/wireless/ath/ath5k/debug.c b/drivers/net/wireless/ath/ath5k/debug.c +index 8c5ce8b..abf101b 100644 +--- a/drivers/net/wireless/ath/ath5k/debug.c ++++ b/drivers/net/wireless/ath/ath5k/debug.c +@@ -343,6 +343,9 @@ static ssize_t read_file_debug(struct file *file, char __user *user_buf, + + static ssize_t write_file_debug(struct file *file, + const char __user *userbuf, ++ size_t count, loff_t *ppos) __size_overflow(3); ++static ssize_t write_file_debug(struct file *file, ++ const char __user *userbuf, + size_t count, loff_t *ppos) + { + struct ath5k_hw *ah = file->private_data; diff --git a/drivers/net/wireless/ath/ath9k/ar9002_mac.c b/drivers/net/wireless/ath/ath9k/ar9002_mac.c index 7b6417b..ab5db98 100644 --- a/drivers/net/wireless/ath/ath9k/ar9002_mac.c @@ -34801,6 +35643,32 @@ index 09b8c9d..905339e 100644 } static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads) +diff --git a/drivers/net/wireless/ath/ath9k/debug.c b/drivers/net/wireless/ath/ath9k/debug.c +index 68d972b..1d9205b 100644 +--- a/drivers/net/wireless/ath/ath9k/debug.c ++++ b/drivers/net/wireless/ath/ath9k/debug.c +@@ -60,6 +60,8 @@ static ssize_t read_file_debug(struct file *file, char __user *user_buf, + } + + static ssize_t write_file_debug(struct file *file, const char __user *user_buf, ++ size_t count, loff_t *ppos) __size_overflow(3); ++static ssize_t write_file_debug(struct file *file, const char __user *user_buf, + size_t count, loff_t *ppos) + { + struct ath_softc *sc = file->private_data; +diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_debug.c b/drivers/net/wireless/ath/ath9k/htc_drv_debug.c +index d3ff33c..c98bcda 100644 +--- a/drivers/net/wireless/ath/ath9k/htc_drv_debug.c ++++ b/drivers/net/wireless/ath/ath9k/htc_drv_debug.c +@@ -464,6 +464,8 @@ static ssize_t read_file_debug(struct file *file, char __user *user_buf, + } + + static ssize_t write_file_debug(struct file *file, const char __user *user_buf, ++ size_t count, loff_t *ppos) __size_overflow(3); ++static ssize_t write_file_debug(struct file *file, const char __user *user_buf, + size_t count, loff_t *ppos) + { + struct ath9k_htc_priv *priv = file->private_data; diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h index c8261d4..8d88929 100644 --- a/drivers/net/wireless/ath/ath9k/hw.h @@ -34998,6 +35866,42 @@ index ed2c3ec..deda85a 100644 start_switch_worker(); } +diff --git a/drivers/oprofile/oprofile_files.c b/drivers/oprofile/oprofile_files.c +index 84a208d..f07d177 100644 +--- a/drivers/oprofile/oprofile_files.c ++++ b/drivers/oprofile/oprofile_files.c +@@ -36,6 +36,8 @@ static ssize_t timeout_read(struct file *file, char __user *buf, + + + static ssize_t timeout_write(struct file *file, char const __user *buf, ++ size_t count, loff_t *offset) __size_overflow(3); ++static ssize_t timeout_write(struct file *file, char const __user *buf, + size_t count, loff_t *offset) + { + unsigned long val; +@@ -72,6 +74,7 @@ static ssize_t depth_read(struct file *file, char __user *buf, size_t count, lof + } + + ++static ssize_t depth_write(struct file *file, char const __user *buf, size_t count, loff_t *offset) __size_overflow(3); + static ssize_t depth_write(struct file *file, char const __user *buf, size_t count, loff_t *offset) + { + unsigned long val; +@@ -126,12 +129,14 @@ static const struct file_operations cpu_type_fops = { + }; + + ++static ssize_t enable_read(struct file *file, char __user *buf, size_t count, loff_t *offset) __size_overflow(3); + static ssize_t enable_read(struct file *file, char __user *buf, size_t count, loff_t *offset) + { + return oprofilefs_ulong_to_user(oprofile_started, buf, count, offset); + } + + ++static ssize_t enable_write(struct file *file, char const __user *buf, size_t count, loff_t *offset) __size_overflow(3); + static ssize_t enable_write(struct file *file, char const __user *buf, size_t count, loff_t *offset) + { + unsigned long val; diff --git a/drivers/oprofile/oprofile_stats.c b/drivers/oprofile/oprofile_stats.c index 917d28e..d62d981 100644 --- a/drivers/oprofile/oprofile_stats.c @@ -35041,10 +35945,18 @@ index 38b6fc0..b5cbfce 100644 extern struct oprofile_stat_struct oprofile_stats; diff --git a/drivers/oprofile/oprofilefs.c b/drivers/oprofile/oprofilefs.c -index 2f0aa0f..90fab02 100644 +index 2f0aa0f..d5246c3 100644 --- a/drivers/oprofile/oprofilefs.c +++ b/drivers/oprofile/oprofilefs.c -@@ -193,7 +193,7 @@ static const struct file_operations atomic_ro_fops = { +@@ -97,6 +97,7 @@ static ssize_t ulong_read_file(struct file *file, char __user *buf, size_t count + } + + ++static ssize_t ulong_write_file(struct file *file, char const __user *buf, size_t count, loff_t *offset) __size_overflow(3); + static ssize_t ulong_write_file(struct file *file, char const __user *buf, size_t count, loff_t *offset) + { + unsigned long value; +@@ -193,7 +194,7 @@ static const struct file_operations atomic_ro_fops = { int oprofilefs_create_ro_atomic(struct super_block *sb, struct dentry *root, @@ -35157,6 +36069,19 @@ index 27911b5..5b6db88 100644 proc_create("devices", 0, proc_bus_pci_dir, &proc_bus_pci_dev_operations); proc_initialized = 1; +diff --git a/drivers/platform/x86/asus_acpi.c b/drivers/platform/x86/asus_acpi.c +index 6f966d6..68e18ed 100644 +--- a/drivers/platform/x86/asus_acpi.c ++++ b/drivers/platform/x86/asus_acpi.c +@@ -887,6 +887,8 @@ static int lcd_proc_open(struct inode *inode, struct file *file) + } + + static ssize_t lcd_proc_write(struct file *file, const char __user *buffer, ++ size_t count, loff_t *pos) __size_overflow(3); ++static ssize_t lcd_proc_write(struct file *file, const char __user *buffer, + size_t count, loff_t *pos) + { + int rv, value; diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c index ea0c607..58c4628 100644 --- a/drivers/platform/x86/thinkpad_acpi.c @@ -35289,6 +36214,19 @@ index ea0c607..58c4628 100644 /* * Polling driver +diff --git a/drivers/platform/x86/toshiba_acpi.c b/drivers/platform/x86/toshiba_acpi.c +index dcdc1f4..85cee16 100644 +--- a/drivers/platform/x86/toshiba_acpi.c ++++ b/drivers/platform/x86/toshiba_acpi.c +@@ -517,6 +517,8 @@ static int set_lcd_status(struct backlight_device *bd) + } + + static ssize_t lcd_proc_write(struct file *file, const char __user *buf, ++ size_t count, loff_t *pos) __size_overflow(3); ++static ssize_t lcd_proc_write(struct file *file, const char __user *buf, + size_t count, loff_t *pos) + { + struct toshiba_acpi_dev *dev = PDE(file->f_path.dentry->d_inode)->data; diff --git a/drivers/pnp/pnpbios/bioscalls.c b/drivers/pnp/pnpbios/bioscalls.c index b859d16..5cc6b1a 100644 --- a/drivers/pnp/pnpbios/bioscalls.c @@ -36495,6 +37433,32 @@ index 9112cd8..92f8d51 100644 #endif } +diff --git a/drivers/staging/rtl8192e/rtllib_module.c b/drivers/staging/rtl8192e/rtllib_module.c +index f9dae95..ff48901 100644 +--- a/drivers/staging/rtl8192e/rtllib_module.c ++++ b/drivers/staging/rtl8192e/rtllib_module.c +@@ -215,6 +215,8 @@ static int show_debug_level(char *page, char **start, off_t offset, + } + + static int store_debug_level(struct file *file, const char __user *buffer, ++ unsigned long count, void *data) __size_overflow(3); ++static int store_debug_level(struct file *file, const char __user *buffer, + unsigned long count, void *data) + { + char buf[] = "0x00000000"; +diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c b/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c +index e3d47bc..85f4d0d 100644 +--- a/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c ++++ b/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c +@@ -250,6 +250,8 @@ static int show_debug_level(char *page, char **start, off_t offset, + } + + static int store_debug_level(struct file *file, const char *buffer, ++ unsigned long count, void *data) __size_overflow(3); ++static int store_debug_level(struct file *file, const char *buffer, + unsigned long count, void *data) + { + char buf[] = "0x00000000"; diff --git a/drivers/staging/rtl8712/rtl871x_io.h b/drivers/staging/rtl8712/rtl871x_io.h index 86308a0..feaa925 100644 --- a/drivers/staging/rtl8712/rtl871x_io.h @@ -37213,6 +38177,19 @@ index 2b42a01..32a2ed3 100644 #ifdef CONFIG_KGDB_SERIAL_CONSOLE /* This is only available if kgdboc is a built in for early debugging */ static int __init kgdboc_early_init(char *opt) +diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c +index 7867b7c..b3c119d 100644 +--- a/drivers/tty/sysrq.c ++++ b/drivers/tty/sysrq.c +@@ -862,7 +862,7 @@ EXPORT_SYMBOL(unregister_sysrq_key); + static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf, + size_t count, loff_t *ppos) + { +- if (count) { ++ if (count && capable(CAP_SYS_ADMIN)) { + char c; + + if (get_user(c, buf)) diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c index e41b9bb..84002fb 100644 --- a/drivers/tty/tty_io.c @@ -37562,21 +38539,6 @@ index d956965..4179a77 100644 if (file->f_version != event_count) { file->f_version = event_count; return POLLIN | POLLRDNORM; -diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c -index b3bdfed..a9460e0 100644 ---- a/drivers/usb/core/message.c -+++ b/drivers/usb/core/message.c -@@ -869,8 +869,8 @@ char *usb_cache_string(struct usb_device *udev, int index) - buf = kmalloc(MAX_USB_STRING_SIZE, GFP_NOIO); - if (buf) { - len = usb_string(udev, index, buf, MAX_USB_STRING_SIZE); -- if (len > 0) { -- smallbuf = kmalloc(++len, GFP_NOIO); -+ if (len++ > 0) { -+ smallbuf = kmalloc(len, GFP_NOIO); - if (!smallbuf) - return buf; - memcpy(smallbuf, buf, len); diff --git a/drivers/usb/early/ehci-dbgp.c b/drivers/usb/early/ehci-dbgp.c index 1fc8f12..20647c1 100644 --- a/drivers/usb/early/ehci-dbgp.c @@ -41022,7 +41984,7 @@ index 1ff9405..f1e376a 100644 fd_offset + ex.a_text); up_write(¤t->mm->mmap_sem); diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 07d096c..1f08d39 100644 +index 07d096c..851a18b 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -32,6 +32,7 @@ @@ -41656,7 +42618,7 @@ index 07d096c..1f08d39 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -881,11 +1339,37 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -881,11 +1339,36 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -41674,13 +42636,12 @@ index 07d096c..1f08d39 100644 + if (current->mm->pax_flags & MF_PAX_RANDMMAP) { + unsigned long start, size; + -+ current->mm->end_data = end_data = elf_brk; + start = ELF_PAGEALIGN(elf_brk); + size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4); -+ current->mm->start_brk = start + size; + down_write(¤t->mm->mmap_sem); + retval = -ENOMEM; + if (!find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) { ++ current->mm->brk_gap = PAGE_ALIGN(size) >> PAGE_SHIFT; + start = do_mmap(NULL, start, size, PROT_NONE, MAP_ANONYMOUS | MAP_FIXED | MAP_PRIVATE, 0); + retval = IS_ERR_VALUE(start) ? start : 0; + } @@ -41697,7 +42658,7 @@ index 07d096c..1f08d39 100644 if (elf_interpreter) { unsigned long uninitialized_var(interp_map_addr); -@@ -1098,7 +1582,7 @@ out: +@@ -1098,7 +1581,7 @@ out: * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -41706,7 +42667,7 @@ index 07d096c..1f08d39 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1132,7 +1616,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1132,7 +1615,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -41715,7 +42676,7 @@ index 07d096c..1f08d39 100644 goto whole; /* -@@ -1354,9 +1838,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1354,9 +1837,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -41727,7 +42688,7 @@ index 07d096c..1f08d39 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1862,14 +2346,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -1862,14 +2345,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -41744,7 +42705,7 @@ index 07d096c..1f08d39 100644 return size; } -@@ -1963,7 +2447,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1963,7 +2446,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -41753,7 +42714,7 @@ index 07d096c..1f08d39 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -1977,10 +2461,12 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1977,10 +2460,12 @@ static int elf_core_dump(struct coredump_params *cprm) offset = dataoff; size += sizeof(*elf); @@ -41766,7 +42727,7 @@ index 07d096c..1f08d39 100644 if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -1994,7 +2480,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1994,7 +2479,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -41775,7 +42736,7 @@ index 07d096c..1f08d39 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2005,6 +2491,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2005,6 +2490,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_align = ELF_EXEC_PAGESIZE; size += sizeof(phdr); @@ -41783,7 +42744,7 @@ index 07d096c..1f08d39 100644 if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2029,7 +2516,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2029,7 +2515,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -41792,7 +42753,7 @@ index 07d096c..1f08d39 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2038,6 +2525,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2038,6 +2524,7 @@ static int elf_core_dump(struct coredump_params *cprm) page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -41800,7 +42761,7 @@ index 07d096c..1f08d39 100644 stop = ((size += PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2055,6 +2543,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2055,6 +2542,7 @@ static int elf_core_dump(struct coredump_params *cprm) if (e_phnum == PN_XNUM) { size += sizeof(*shdr4extnum); @@ -41808,7 +42769,7 @@ index 07d096c..1f08d39 100644 if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2075,6 +2564,97 @@ out: +@@ -2075,6 +2563,97 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -42261,6 +43222,20 @@ index 3e8094b..cb3ff3d 100644 return ceph_lookup_open(dir, dentry, nd, mode, 1); } +diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c +index cfd1ce3..6b13a74 100644 +--- a/fs/cifs/asn1.c ++++ b/fs/cifs/asn1.c +@@ -416,6 +416,9 @@ asn1_subid_decode(struct asn1_ctx *ctx, unsigned long *subid) + + static int + asn1_oid_decode(struct asn1_ctx *ctx, ++ unsigned char *eoc, unsigned long **oid, unsigned int *len) __size_overflow(2); ++static int ++asn1_oid_decode(struct asn1_ctx *ctx, + unsigned char *eoc, unsigned long **oid, unsigned int *len) + { + unsigned long subid; diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c index 24b3dfc..3cd5454 100644 --- a/fs/cifs/cifs_debug.c @@ -42784,6 +43759,19 @@ index 5ddd7eb..c18bf04 100644 /* * We'll have a dentry and an inode for +diff --git a/fs/configfs/file.c b/fs/configfs/file.c +index 2b6cb23..d76e879 100644 +--- a/fs/configfs/file.c ++++ b/fs/configfs/file.c +@@ -135,6 +135,8 @@ out: + */ + + static int ++fill_write_buffer(struct configfs_buffer * buffer, const char __user * buf, size_t count) __size_overflow(3); ++static int + fill_write_buffer(struct configfs_buffer * buffer, const char __user * buf, size_t count) + { + int error; diff --git a/fs/dcache.c b/fs/dcache.c index 2576d14..0cec38d 100644 --- a/fs/dcache.c @@ -42894,7 +43882,7 @@ index b2a34a1..162fa69 100644 return rc; } diff --git a/fs/exec.c b/fs/exec.c -index 153dee1..8ee97ba 100644 +index 153dee1..ab4ebe9 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -55,6 +55,13 @@ @@ -43340,7 +44328,7 @@ index 153dee1..8ee97ba 100644 cn->corename = kmalloc(cn->size, GFP_KERNEL); cn->used = 0; -@@ -1817,6 +1942,218 @@ out: +@@ -1817,6 +1942,228 @@ out: return ispipe; } @@ -43556,10 +44544,20 @@ index 153dee1..8ee97ba 100644 +EXPORT_SYMBOL(pax_track_stack); +#endif + ++#ifdef CONFIG_PAX_SIZE_OVERFLOW ++void report_size_overflow(const char *file, unsigned int line, const char *func) ++{ ++ printk(KERN_ERR "PAX: size overflow detected in function %s %s:%u\n", func, file, line); ++ dump_stack(); ++ do_group_exit(SIGKILL); ++} ++EXPORT_SYMBOL(report_size_overflow); ++#endif ++ static int zap_process(struct task_struct *start, int exit_code) { struct task_struct *t; -@@ -2014,17 +2351,17 @@ static void wait_for_dump_helpers(struct file *file) +@@ -2014,17 +2361,17 @@ static void wait_for_dump_helpers(struct file *file) pipe = file->f_path.dentry->d_inode->i_pipe; pipe_lock(pipe); @@ -43582,7 +44580,7 @@ index 153dee1..8ee97ba 100644 pipe_unlock(pipe); } -@@ -2085,7 +2422,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2085,7 +2432,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) int retval = 0; int flag = 0; int ispipe; @@ -43591,7 +44589,7 @@ index 153dee1..8ee97ba 100644 struct coredump_params cprm = { .signr = signr, .regs = regs, -@@ -2100,6 +2437,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2100,6 +2447,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) audit_core_dumps(signr); @@ -43601,7 +44599,7 @@ index 153dee1..8ee97ba 100644 binfmt = mm->binfmt; if (!binfmt || !binfmt->core_dump) goto fail; -@@ -2167,7 +2507,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2167,7 +2517,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) } cprm.limit = RLIM_INFINITY; @@ -43610,7 +44608,7 @@ index 153dee1..8ee97ba 100644 if (core_pipe_limit && (core_pipe_limit < dump_count)) { printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", task_tgid_vnr(current), current->comm); -@@ -2194,6 +2534,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2194,6 +2544,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) } else { struct inode *inode; @@ -43619,7 +44617,7 @@ index 153dee1..8ee97ba 100644 if (cprm.limit < binfmt->min_coredump) goto fail_unlock; -@@ -2237,7 +2579,7 @@ close_fail: +@@ -2237,7 +2589,7 @@ close_fail: filp_close(cprm.file, NULL); fail_dropcount: if (ispipe) @@ -43628,7 +44626,7 @@ index 153dee1..8ee97ba 100644 fail_unlock: kfree(cn.corename); fail_corename: -@@ -2256,7 +2598,7 @@ fail: +@@ -2256,7 +2608,7 @@ fail: */ int dump_write(struct file *file, const void *addr, int nr) { @@ -46142,6 +47140,28 @@ index e608199..9609cb9 100644 get_fs_root(current->fs, &root); error = lock_mount(&old); if (error) +diff --git a/fs/ncpfs/ncplib_kernel.h b/fs/ncpfs/ncplib_kernel.h +index 32c0658..b1c2045e 100644 +--- a/fs/ncpfs/ncplib_kernel.h ++++ b/fs/ncpfs/ncplib_kernel.h +@@ -130,7 +130,7 @@ static inline int ncp_is_nfs_extras(struct ncp_server* server, unsigned int voln + int ncp__io2vol(struct ncp_server *, unsigned char *, unsigned int *, + const unsigned char *, unsigned int, int); + int ncp__vol2io(struct ncp_server *, unsigned char *, unsigned int *, +- const unsigned char *, unsigned int, int); ++ const unsigned char *, unsigned int, int) __size_overflow(5); + + #define NCP_ESC ':' + #define NCP_IO_TABLE(sb) (NCP_SBP(sb)->nls_io) +@@ -146,7 +146,7 @@ int ncp__vol2io(struct ncp_server *, unsigned char *, unsigned int *, + int ncp__io2vol(unsigned char *, unsigned int *, + const unsigned char *, unsigned int, int); + int ncp__vol2io(unsigned char *, unsigned int *, +- const unsigned char *, unsigned int, int); ++ const unsigned char *, unsigned int, int) __size_overflow(5); + + #define NCP_IO_TABLE(sb) NULL + #define ncp_tolower(t, c) tolower(c) diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c index f649fba..236bf92 100644 --- a/fs/nfs/inode.c @@ -47938,7 +48958,7 @@ index e782258..3b4b44c 100644 return -EINVAL; diff --git a/fs/seq_file.c b/fs/seq_file.c -index 4023d6b..53b39c5 100644 +index 4023d6b..ab46c6a 100644 --- a/fs/seq_file.c +++ b/fs/seq_file.c @@ -9,6 +9,7 @@ @@ -47959,47 +48979,7 @@ index 4023d6b..53b39c5 100644 /* * Wrappers around seq_open(e.g. swaps_open) need to be -@@ -76,7 +80,8 @@ static int traverse(struct seq_file *m, loff_t offset) - return 0; - } - if (!m->buf) { -- m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL); -+ m->size = PAGE_SIZE; -+ m->buf = kmalloc(PAGE_SIZE, GFP_KERNEL); - if (!m->buf) - return -ENOMEM; - } -@@ -116,7 +121,8 @@ static int traverse(struct seq_file *m, loff_t offset) - Eoverflow: - m->op->stop(m, p); - kfree(m->buf); -- m->buf = kmalloc(m->size <<= 1, GFP_KERNEL); -+ m->size <<= 1; -+ m->buf = kmalloc(m->size, GFP_KERNEL); - return !m->buf ? -ENOMEM : -EAGAIN; - } - -@@ -169,7 +175,8 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos) - m->version = file->f_version; - /* grab buffer if we didn't have one */ - if (!m->buf) { -- m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL); -+ m->size = PAGE_SIZE; -+ m->buf = kmalloc(PAGE_SIZE, GFP_KERNEL); - if (!m->buf) - goto Enomem; - } -@@ -210,7 +217,8 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos) - goto Fill; - m->op->stop(m, p); - kfree(m->buf); -- m->buf = kmalloc(m->size <<= 1, GFP_KERNEL); -+ m->size <<= 1; -+ m->buf = kmalloc(m->size, GFP_KERNEL); - if (!m->buf) - goto Enomem; - m->count = 0; -@@ -549,7 +557,7 @@ static void single_stop(struct seq_file *p, void *v) +@@ -549,7 +553,7 @@ static void single_stop(struct seq_file *p, void *v) int single_open(struct file *file, int (*show)(struct seq_file *, void *), void *data) { @@ -48150,6 +49130,19 @@ index 1ec0493..d6ab5c2 100644 ret = -EAGAIN; pipe_unlock(ipipe); +diff --git a/fs/sysfs/bin.c b/fs/sysfs/bin.c +index a475983..9c6a1f0 100644 +--- a/fs/sysfs/bin.c ++++ b/fs/sysfs/bin.c +@@ -67,6 +67,8 @@ fill_read(struct file *file, char *buffer, loff_t off, size_t count) + } + + static ssize_t ++read(struct file *file, char __user *userbuf, size_t bytes, loff_t *off) __size_overflow(3); ++static ssize_t + read(struct file *file, char __user *userbuf, size_t bytes, loff_t *off) + { + struct bin_buffer *bb = file->private_data; diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c index 7fdf6a7..e6cd8ad 100644 --- a/fs/sysfs/dir.c @@ -48235,6 +49228,27 @@ index a7ac78f..02158e1 100644 if (!IS_ERR(page)) free_page((unsigned long)page); } +diff --git a/fs/ubifs/debug.c b/fs/ubifs/debug.c +index f922cba..062fb02 100644 +--- a/fs/ubifs/debug.c ++++ b/fs/ubifs/debug.c +@@ -2819,6 +2819,7 @@ static ssize_t dfs_file_read(struct file *file, char __user *u, size_t count, + * debugfs file. Returns %0 or %1 in case of success and a negative error code + * in case of failure. + */ ++static int interpret_user_input(const char __user *u, size_t count) __size_overflow(2); + static int interpret_user_input(const char __user *u, size_t count) + { + size_t buf_size; +@@ -2837,6 +2838,8 @@ static int interpret_user_input(const char __user *u, size_t count) + } + + static ssize_t dfs_file_write(struct file *file, const char __user *u, ++ size_t count, loff_t *ppos) __size_overflow(3); ++static ssize_t dfs_file_write(struct file *file, const char __user *u, + size_t count, loff_t *ppos) + { + struct ubifs_info *c = file->private_data; diff --git a/fs/udf/misc.c b/fs/udf/misc.c index c175b4d..8f36a16 100644 --- a/fs/udf/misc.c @@ -49544,10 +50558,10 @@ index 0000000..1b9afa9 +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..e8c5d41 +index 0000000..42813ac --- /dev/null +++ b/grsecurity/gracl.c -@@ -0,0 +1,4179 @@ +@@ -0,0 +1,4192 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -52112,19 +53126,32 @@ index 0000000..e8c5d41 + + newacl = chk_subj_label(dentry, mnt, task->role); + -+ task_lock(task); ++ /* special handling for if we did an strace -f -p <pid> from an admin role, where pid then ++ did an exec ++ */ ++ rcu_read_lock(); ++ read_lock(&tasklist_lock); ++ if (task->ptrace && task->parent && ((task->parent->role->roletype & GR_ROLE_GOD) || ++ (task->parent->acl->mode & GR_POVERRIDE))) { ++ read_unlock(&tasklist_lock); ++ rcu_read_unlock(); ++ goto skip_check; ++ } ++ read_unlock(&tasklist_lock); ++ rcu_read_unlock(); ++ + if (unsafe_flags && !(task->acl->mode & GR_POVERRIDE) && (task->acl != newacl) && + !(task->role->roletype & GR_ROLE_GOD) && + !gr_search_file(dentry, GR_PTRACERD, mnt) && + !(task->acl->mode & (GR_LEARN | GR_INHERITLEARN))) { -+ task_unlock(task); + if (unsafe_flags & LSM_UNSAFE_SHARE) + gr_log_fs_generic(GR_DONT_AUDIT, GR_UNSAFESHARE_EXEC_ACL_MSG, dentry, mnt); + else + gr_log_fs_generic(GR_DONT_AUDIT, GR_PTRACE_EXEC_ACL_MSG, dentry, mnt); + return -EACCES; + } -+ task_unlock(task); ++ ++skip_check: + + obj = chk_obj_label(dentry, mnt, task->acl); + retmode = obj->mode & (GR_INHERIT | GR_AUDIT_INHERIT); @@ -54397,10 +55424,10 @@ index 0000000..88d0e87 +} diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c new file mode 100644 -index 0000000..17050ca +index 0000000..58800a7 --- /dev/null +++ b/grsecurity/gracl_ip.c -@@ -0,0 +1,381 @@ +@@ -0,0 +1,384 @@ +#include <linux/kernel.h> +#include <asm/uaccess.h> +#include <asm/errno.h> @@ -54722,6 +55749,9 @@ index 0000000..17050ca +int +gr_search_connect(struct socket *sock, struct sockaddr_in *addr) +{ ++ /* always allow disconnection of dgram sockets with connect */ ++ if (addr->sin_family == AF_UNSPEC) ++ return 0; + return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sock->sk, addr, sock->type); +} + @@ -58813,32 +59843,6 @@ index 0d68a1e..b74a761 100644 { machine_restart(NULL); } -diff --git a/include/asm-generic/int-l64.h b/include/asm-generic/int-l64.h -index 1ca3efc..e3dc852 100644 ---- a/include/asm-generic/int-l64.h -+++ b/include/asm-generic/int-l64.h -@@ -46,6 +46,8 @@ typedef unsigned int u32; - typedef signed long s64; - typedef unsigned long u64; - -+typedef unsigned int intoverflow_t __attribute__ ((mode(TI))); -+ - #define S8_C(x) x - #define U8_C(x) x ## U - #define S16_C(x) x -diff --git a/include/asm-generic/int-ll64.h b/include/asm-generic/int-ll64.h -index f394147..b6152b9 100644 ---- a/include/asm-generic/int-ll64.h -+++ b/include/asm-generic/int-ll64.h -@@ -51,6 +51,8 @@ typedef unsigned int u32; - typedef signed long long s64; - typedef unsigned long long u64; - -+typedef unsigned long long intoverflow_t; -+ - #define S8_C(x) x - #define U8_C(x) x ## U - #define S16_C(x) x diff --git a/include/asm-generic/kmap_types.h b/include/asm-generic/kmap_types.h index 0232ccb..13d9165 100644 --- a/include/asm-generic/kmap_types.h @@ -58961,6 +59965,70 @@ index a03c098..9624b83 100644 #endif /* !__ASSEMBLY__ */ #endif /* _ASM_GENERIC_PGTABLE_H */ +diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h +index 9788568..510dece 100644 +--- a/include/asm-generic/uaccess.h ++++ b/include/asm-generic/uaccess.h +@@ -76,6 +76,8 @@ extern unsigned long search_exception_table(unsigned long); + */ + #ifndef __copy_from_user + static inline __must_check long __copy_from_user(void *to, ++ const void __user * from, unsigned long n) __size_overflow(3); ++static inline __must_check long __copy_from_user(void *to, + const void __user * from, unsigned long n) + { + if (__builtin_constant_p(n)) { +@@ -106,6 +108,8 @@ static inline __must_check long __copy_from_user(void *to, + + #ifndef __copy_to_user + static inline __must_check long __copy_to_user(void __user *to, ++ const void *from, unsigned long n) __size_overflow(3); ++static inline __must_check long __copy_to_user(void __user *to, + const void *from, unsigned long n) + { + if (__builtin_constant_p(n)) { +@@ -224,6 +228,7 @@ extern int __put_user_bad(void) __attribute__((noreturn)); + -EFAULT; \ + }) + ++static inline int __get_user_fn(size_t size, const void __user *ptr, void *x) __size_overflow(1); + static inline int __get_user_fn(size_t size, const void __user *ptr, void *x) + { + size = __copy_from_user(x, ptr, size); +@@ -240,6 +245,7 @@ extern int __get_user_bad(void) __attribute__((noreturn)); + #define __copy_to_user_inatomic __copy_to_user + #endif + ++static inline long copy_from_user(void *to, const void __user * from, unsigned long n) __size_overflow(3); + static inline long copy_from_user(void *to, + const void __user * from, unsigned long n) + { +@@ -250,6 +256,7 @@ static inline long copy_from_user(void *to, + return n; + } + ++static inline long copy_to_user(void __user *to, const void *from, unsigned long n) __size_overflow(3); + static inline long copy_to_user(void __user *to, + const void *from, unsigned long n) + { +@@ -314,6 +321,8 @@ static inline long strlen_user(const char __user *src) + */ + #ifndef __clear_user + static inline __must_check unsigned long ++__clear_user(void __user *to, unsigned long n) __size_overflow(2); ++static inline __must_check unsigned long + __clear_user(void __user *to, unsigned long n) + { + memset((void __force *)to, 0, n); +@@ -322,6 +331,8 @@ __clear_user(void __user *to, unsigned long n) + #endif + + static inline __must_check unsigned long ++clear_user(void __user *to, unsigned long n) __size_overflow(2); ++static inline __must_check unsigned long + clear_user(void __user *to, unsigned long n) + { + might_sleep(); diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index b5e2e4c..6a5373e 100644 --- a/include/asm-generic/vmlinux.lds.h @@ -59241,10 +60309,10 @@ index 04ffb2e..6799180 100644 extern struct cleancache_ops cleancache_register_ops(struct cleancache_ops *ops); diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h -index 2f40791..89a56fd 100644 +index 2f40791..567b215 100644 --- a/include/linux/compiler-gcc4.h +++ b/include/linux/compiler-gcc4.h -@@ -32,6 +32,12 @@ +@@ -32,6 +32,15 @@ #define __linktime_error(message) __attribute__((__error__(message))) #if __GNUC_MINOR__ >= 5 @@ -59254,10 +60322,13 @@ index 2f40791..89a56fd 100644 +#define __do_const __attribute__((do_const)) +#endif + ++#ifdef SIZE_OVERFLOW_PLUGIN ++#define __size_overflow(...) __attribute__((size_overflow(__VA_ARGS__))) ++#endif /* * Mark a position in code as unreachable. This can be used to * suppress control flow warnings after asm blocks that transfer -@@ -47,6 +53,11 @@ +@@ -47,6 +56,11 @@ #define __noclone __attribute__((__noclone__)) #endif @@ -59270,7 +60341,7 @@ index 2f40791..89a56fd 100644 #if __GNUC_MINOR__ > 0 diff --git a/include/linux/compiler.h b/include/linux/compiler.h -index 4a24354..9570c1b 100644 +index 4a24354..ecaff7a 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -5,31 +5,62 @@ @@ -59346,7 +60417,7 @@ index 4a24354..9570c1b 100644 #endif #ifdef __KERNEL__ -@@ -264,6 +297,14 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); +@@ -264,6 +297,17 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); # define __attribute_const__ /* unimplemented */ #endif @@ -59358,10 +60429,13 @@ index 4a24354..9570c1b 100644 +# define __do_const +#endif + ++#ifndef __size_overflow ++# define __size_overflow(...) ++#endif /* * Tell gcc if a function is cold. The compiler will assume any path * directly leading to the call is unlikely. -@@ -273,6 +314,22 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); +@@ -273,6 +317,22 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); #define __cold #endif @@ -59384,7 +60458,7 @@ index 4a24354..9570c1b 100644 /* Simple shorthand for a section definition */ #ifndef __section # define __section(S) __attribute__ ((__section__(#S))) -@@ -308,6 +365,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); +@@ -308,6 +368,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); * use is to mediate communication between process-level code and irq/NMI * handlers, all running on the same CPU. */ @@ -59406,6 +60480,19 @@ index e9eaec5..bfeb9bb 100644 } static inline void set_mems_allowed(nodemask_t nodemask) +diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h +index b936763..48685ee 100644 +--- a/include/linux/crash_dump.h ++++ b/include/linux/crash_dump.h +@@ -14,7 +14,7 @@ extern unsigned long long elfcorehdr_addr; + extern unsigned long long elfcorehdr_size; + + extern ssize_t copy_oldmem_page(unsigned long, char *, size_t, +- unsigned long, int); ++ unsigned long, int) __size_overflow(3); + + /* Architecture code defines this if there are other possible ELF + * machine types, e.g. on bi-arch capable hardware. */ diff --git a/include/linux/cred.h b/include/linux/cred.h index adadf71..6af5560 100644 --- a/include/linux/cred.h @@ -61056,7 +62143,7 @@ index 9c07dce..a92fa71 100644 if (atomic_sub_and_test((int) count, &kref->refcount)) { release(kref); diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h -index 900c763..43260cf 100644 +index 900c763..3287a0b 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -326,7 +326,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu); @@ -61068,6 +62155,33 @@ index 900c763..43260cf 100644 struct module *module); void kvm_exit(void); +@@ -416,20 +416,20 @@ void kvm_get_pfn(pfn_t pfn); + int kvm_read_guest_page(struct kvm *kvm, gfn_t gfn, void *data, int offset, + int len); + int kvm_read_guest_atomic(struct kvm *kvm, gpa_t gpa, void *data, +- unsigned long len); +-int kvm_read_guest(struct kvm *kvm, gpa_t gpa, void *data, unsigned long len); ++ unsigned long len) __size_overflow(4); ++int kvm_read_guest(struct kvm *kvm, gpa_t gpa, void *data, unsigned long len) __size_overflow(2,4); + int kvm_read_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc, +- void *data, unsigned long len); ++ void *data, unsigned long len) __size_overflow(4); + int kvm_write_guest_page(struct kvm *kvm, gfn_t gfn, const void *data, + int offset, int len); + int kvm_write_guest(struct kvm *kvm, gpa_t gpa, const void *data, +- unsigned long len); ++ unsigned long len) __size_overflow(2,4); + int kvm_write_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc, +- void *data, unsigned long len); ++ void *data, unsigned long len) __size_overflow(4); + int kvm_gfn_to_hva_cache_init(struct kvm *kvm, struct gfn_to_hva_cache *ghc, + gpa_t gpa); + int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len); +-int kvm_clear_guest(struct kvm *kvm, gpa_t gpa, unsigned long len); ++int kvm_clear_guest(struct kvm *kvm, gpa_t gpa, unsigned long len) __size_overflow(2,3); + struct kvm_memory_slot *gfn_to_memslot(struct kvm *kvm, gfn_t gfn); + int kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn); + unsigned long kvm_host_page_size(struct kvm *kvm, gfn_t gfn); @@ -485,7 +485,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg); int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run); @@ -61077,6 +62191,15 @@ index 900c763..43260cf 100644 void kvm_arch_exit(void); int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu); +@@ -721,7 +721,7 @@ int kvm_setup_default_irq_routing(struct kvm *kvm); + int kvm_set_irq_routing(struct kvm *kvm, + const struct kvm_irq_routing_entry *entries, + unsigned nr, +- unsigned flags); ++ unsigned flags) __size_overflow(3); + void kvm_free_irq_routing(struct kvm *kvm); + + #else diff --git a/include/linux/libata.h b/include/linux/libata.h index cafc09a..d7e7829 100644 --- a/include/linux/libata.h @@ -61255,7 +62378,7 @@ index 17b27cd..467ba2f 100644 #endif /* __KERNEL__ */ #endif /* _LINUX_MM_H */ diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h -index 3cc3062..8947a82 100644 +index 3cc3062..efeaeb7 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h @@ -252,6 +252,8 @@ struct vm_area_struct { @@ -61267,12 +62390,21 @@ index 3cc3062..8947a82 100644 }; struct core_thread { +@@ -326,7 +328,7 @@ struct mm_struct { + unsigned long def_flags; + unsigned long nr_ptes; /* Page table pages */ + unsigned long start_code, end_code, start_data, end_data; +- unsigned long start_brk, brk, start_stack; ++ unsigned long brk_gap, start_brk, brk, start_stack; + unsigned long arg_start, arg_end, env_start, env_end; + + unsigned long saved_auxv[AT_VECTOR_SIZE]; /* for /proc/PID/auxv */ @@ -388,6 +390,24 @@ struct mm_struct { #ifdef CONFIG_CPUMASK_OFFSTACK struct cpumask cpumask_allocation; #endif + -+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) ++#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_XATTR_PAX_FLAGS) || defined(CONFIG_PAX_HAVE_ACL_FLAGS) || defined(CONFIG_PAX_HOOK_ACL_FLAGS) + unsigned long pax_flags; +#endif + @@ -61446,19 +62578,22 @@ index 4598bf0..e069d7f 100644 /* Search for module by name: must hold module_mutex. */ diff --git a/include/linux/moduleloader.h b/include/linux/moduleloader.h -index b2be02e..6a9fdb1 100644 +index b2be02e..72d2f78 100644 --- a/include/linux/moduleloader.h +++ b/include/linux/moduleloader.h -@@ -25,9 +25,21 @@ unsigned int arch_mod_section_prepend(struct module *mod, unsigned int section); - sections. Returns NULL on failure. */ - void *module_alloc(unsigned long size); +@@ -23,11 +23,23 @@ unsigned int arch_mod_section_prepend(struct module *mod, unsigned int section); + /* Allocator used for allocating struct module, core sections and init + sections. Returns NULL on failure. */ +-void *module_alloc(unsigned long size); ++void *module_alloc(unsigned long size) __size_overflow(1); ++ +#ifdef CONFIG_PAX_KERNEXEC -+void *module_alloc_exec(unsigned long size); ++void *module_alloc_exec(unsigned long size) __size_overflow(1); +#else +#define module_alloc_exec(x) module_alloc(x) +#endif -+ + /* Free memory returned from module_alloc. */ void module_free(struct module *mod, void *module_region); @@ -61571,7 +62706,7 @@ index c65a18a..0c05f3a 100644 extern void *prom_early_alloc(unsigned long size); diff --git a/include/linux/oprofile.h b/include/linux/oprofile.h -index a4c5624..79d6d88 100644 +index a4c5624..2dabfb7 100644 --- a/include/linux/oprofile.h +++ b/include/linux/oprofile.h @@ -139,9 +139,9 @@ int oprofilefs_create_ulong(struct super_block * sb, struct dentry * root, @@ -61586,6 +62721,15 @@ index a4c5624..79d6d88 100644 /** create a directory */ struct dentry * oprofilefs_mkdir(struct super_block * sb, struct dentry * root, +@@ -163,7 +163,7 @@ ssize_t oprofilefs_ulong_to_user(unsigned long val, char __user * buf, size_t co + * Read an ASCII string for a number from a userspace buffer and fill *val on success. + * Returns 0 on success, < 0 on error. + */ +-int oprofilefs_ulong_from_user(unsigned long * val, char const __user * buf, size_t count); ++int oprofilefs_ulong_from_user(unsigned long * val, char const __user * buf, size_t count) __size_overflow(3); + + /** lock for read/write safety */ + extern raw_spinlock_t oprofilefs_lock; diff --git a/include/linux/padata.h b/include/linux/padata.h index 4633b2f..988bc08 100644 --- a/include/linux/padata.h @@ -62227,7 +63371,7 @@ index ae86ade..2b51468 100644 extern int ___pskb_trim(struct sk_buff *skb, unsigned int len); diff --git a/include/linux/slab.h b/include/linux/slab.h -index 573c809..e84c132 100644 +index 573c809..07e1f43 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -11,12 +11,20 @@ @@ -62268,7 +63412,14 @@ index 573c809..e84c132 100644 /* * struct kmem_cache related prototypes -@@ -161,6 +172,7 @@ void * __must_check krealloc(const void *, size_t, gfp_t); +@@ -156,11 +167,12 @@ unsigned int kmem_cache_size(struct kmem_cache *); + /* + * Common kmalloc functions provided by all allocators + */ +-void * __must_check __krealloc(const void *, size_t, gfp_t); +-void * __must_check krealloc(const void *, size_t, gfp_t); ++void * __must_check __krealloc(const void *, size_t, gfp_t) __size_overflow(2); ++void * __must_check krealloc(const void *, size_t, gfp_t) __size_overflow(2); void kfree(const void *); void kzfree(const void *); size_t ksize(const void *); @@ -62276,68 +63427,26 @@ index 573c809..e84c132 100644 /* * Allocator specific definitions. These are mainly used to establish optimized -@@ -353,4 +365,59 @@ static inline void *kzalloc_node(size_t size, gfp_t flags, int node) - - void __init kmem_cache_init_late(void); - -+#define kmalloc(x, y) \ -+({ \ -+ void *___retval; \ -+ intoverflow_t ___x = (intoverflow_t)x; \ -+ if (WARN(___x > ULONG_MAX, "kmalloc size overflow\n")) \ -+ ___retval = NULL; \ -+ else \ -+ ___retval = kmalloc((size_t)___x, (y)); \ -+ ___retval; \ -+}) -+ -+#define kmalloc_node(x, y, z) \ -+({ \ -+ void *___retval; \ -+ intoverflow_t ___x = (intoverflow_t)x; \ -+ if (WARN(___x > ULONG_MAX, "kmalloc_node size overflow\n"))\ -+ ___retval = NULL; \ -+ else \ -+ ___retval = kmalloc_node((size_t)___x, (y), (z));\ -+ ___retval; \ -+}) -+ -+#define kzalloc(x, y) \ -+({ \ -+ void *___retval; \ -+ intoverflow_t ___x = (intoverflow_t)x; \ -+ if (WARN(___x > ULONG_MAX, "kzalloc size overflow\n")) \ -+ ___retval = NULL; \ -+ else \ -+ ___retval = kzalloc((size_t)___x, (y)); \ -+ ___retval; \ -+}) -+ -+#define __krealloc(x, y, z) \ -+({ \ -+ void *___retval; \ -+ intoverflow_t ___y = (intoverflow_t)y; \ -+ if (WARN(___y > ULONG_MAX, "__krealloc size overflow\n"))\ -+ ___retval = NULL; \ -+ else \ -+ ___retval = __krealloc((x), (size_t)___y, (z)); \ -+ ___retval; \ -+}) -+ -+#define krealloc(x, y, z) \ -+({ \ -+ void *___retval; \ -+ intoverflow_t ___y = (intoverflow_t)y; \ -+ if (WARN(___y > ULONG_MAX, "krealloc size overflow\n")) \ -+ ___retval = NULL; \ -+ else \ -+ ___retval = krealloc((x), (size_t)___y, (z)); \ -+ ___retval; \ -+}) -+ - #endif /* _LINUX_SLAB_H */ +@@ -287,7 +299,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, + */ + #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ + (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) +-extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); ++extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long) __size_overflow(1); + #define kmalloc_track_caller(size, flags) \ + __kmalloc_track_caller(size, flags, _RET_IP_) + #else +@@ -306,7 +318,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); + */ + #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ + (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) +-extern void *__kmalloc_node_track_caller(size_t, gfp_t, int, unsigned long); ++extern void *__kmalloc_node_track_caller(size_t, gfp_t, int, unsigned long) __size_overflow(1); + #define kmalloc_node_track_caller(size, flags, node) \ + __kmalloc_node_track_caller(size, flags, node, \ + _RET_IP_) diff --git a/include/linux/slab_def.h b/include/linux/slab_def.h -index fbd1117..1e5e46c 100644 +index fbd1117..c0bd874 100644 --- a/include/linux/slab_def.h +++ b/include/linux/slab_def.h @@ -66,10 +66,10 @@ struct kmem_cache { @@ -62355,8 +63464,71 @@ index fbd1117..1e5e46c 100644 /* * If debugging is enabled, then the allocator can add additional +@@ -107,7 +107,7 @@ struct cache_sizes { + extern struct cache_sizes malloc_sizes[]; + + void *kmem_cache_alloc(struct kmem_cache *, gfp_t); +-void *__kmalloc(size_t size, gfp_t flags); ++void *__kmalloc(size_t size, gfp_t flags) __size_overflow(1); + + #ifdef CONFIG_TRACING + extern void *kmem_cache_alloc_trace(size_t size, +@@ -125,6 +125,7 @@ static inline size_t slab_buffer_size(struct kmem_cache *cachep) + } + #endif + ++static __always_inline void *kmalloc(size_t size, gfp_t flags) __size_overflow(1); + static __always_inline void *kmalloc(size_t size, gfp_t flags) + { + struct kmem_cache *cachep; +@@ -160,7 +161,7 @@ found: + } + + #ifdef CONFIG_NUMA +-extern void *__kmalloc_node(size_t size, gfp_t flags, int node); ++extern void *__kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1); + extern void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node); + + #ifdef CONFIG_TRACING +@@ -179,6 +180,7 @@ kmem_cache_alloc_node_trace(size_t size, + } + #endif + ++static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1); + static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) + { + struct kmem_cache *cachep; +diff --git a/include/linux/slob_def.h b/include/linux/slob_def.h +index 0ec00b3..65e7e0e 100644 +--- a/include/linux/slob_def.h ++++ b/include/linux/slob_def.h +@@ -9,8 +9,9 @@ static __always_inline void *kmem_cache_alloc(struct kmem_cache *cachep, + return kmem_cache_alloc_node(cachep, flags, -1); + } + +-void *__kmalloc_node(size_t size, gfp_t flags, int node); ++void *__kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1); + ++static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1); + static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) + { + return __kmalloc_node(size, flags, node); +@@ -24,11 +25,13 @@ static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) + * kmalloc is the normal method of allocating memory + * in the kernel. + */ ++static __always_inline void *kmalloc(size_t size, gfp_t flags) __size_overflow(1); + static __always_inline void *kmalloc(size_t size, gfp_t flags) + { + return __kmalloc_node(size, flags, -1); + } + ++static __always_inline void *__kmalloc(size_t size, gfp_t flags) __size_overflow(1); + static __always_inline void *__kmalloc(size_t size, gfp_t flags) + { + return kmalloc(size, flags); diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h -index a32bcfd..53b71f4 100644 +index a32bcfd..d26bd6e 100644 --- a/include/linux/slub_def.h +++ b/include/linux/slub_def.h @@ -89,7 +89,7 @@ struct kmem_cache { @@ -62368,15 +63540,59 @@ index a32bcfd..53b71f4 100644 void (*ctor)(void *); int inuse; /* Offset to metadata */ int align; /* Alignment */ -@@ -215,7 +215,7 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size) +@@ -204,6 +204,7 @@ static __always_inline int kmalloc_index(size_t size) + * This ought to end up with a global pointer to the right cache + * in kmalloc_caches. + */ ++static __always_inline struct kmem_cache *kmalloc_slab(size_t size) __size_overflow(1); + static __always_inline struct kmem_cache *kmalloc_slab(size_t size) + { + int index = kmalloc_index(size); +@@ -215,9 +216,11 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size) } void *kmem_cache_alloc(struct kmem_cache *, gfp_t); -void *__kmalloc(size_t size, gfp_t flags); -+void *__kmalloc(size_t size, gfp_t flags) __alloc_size(1); ++void *__kmalloc(size_t size, gfp_t flags) __alloc_size(1) __size_overflow(1); static __always_inline void * ++kmalloc_order(size_t size, gfp_t flags, unsigned int order) __size_overflow(1); ++static __always_inline void * kmalloc_order(size_t size, gfp_t flags, unsigned int order) + { + void *ret = (void *) __get_free_pages(flags | __GFP_COMP, order); +@@ -256,12 +259,14 @@ kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order) + } + #endif + ++static __always_inline void *kmalloc_large(size_t size, gfp_t flags) __size_overflow(1); + static __always_inline void *kmalloc_large(size_t size, gfp_t flags) + { + unsigned int order = get_order(size); + return kmalloc_order_trace(size, flags, order); + } + ++static __always_inline void *kmalloc(size_t size, gfp_t flags) __size_overflow(1); + static __always_inline void *kmalloc(size_t size, gfp_t flags) + { + if (__builtin_constant_p(size)) { +@@ -281,7 +286,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) + } + + #ifdef CONFIG_NUMA +-void *__kmalloc_node(size_t size, gfp_t flags, int node); ++void *__kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1); + void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node); + + #ifdef CONFIG_TRACING +@@ -298,6 +303,7 @@ kmem_cache_alloc_node_trace(struct kmem_cache *s, + } + #endif + ++static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1); + static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) + { + if (__builtin_constant_p(size) && diff --git a/include/linux/sonet.h b/include/linux/sonet.h index de8832d..0147b46 100644 --- a/include/linux/sonet.h @@ -62574,7 +63790,7 @@ index e5fa503..df6e8a4 100644 struct list_head { diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h -index 5ca0951..ab496a5 100644 +index 5ca0951..53a2fff 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -76,11 +76,11 @@ static inline unsigned long __copy_from_user_nocache(void *to, @@ -62592,6 +63808,15 @@ index 5ca0951..ab496a5 100644 ret; \ }) +@@ -105,7 +105,7 @@ extern long __probe_kernel_read(void *dst, const void *src, size_t size); + * Safely write to address @dst from the buffer at @src. If a kernel fault + * happens, handle that and return -EFAULT. + */ +-extern long notrace probe_kernel_write(void *dst, const void *src, size_t size); ++extern long notrace probe_kernel_write(void *dst, const void *src, size_t size) __size_overflow(3); + extern long notrace __probe_kernel_write(void *dst, const void *src, size_t size); + + #endif /* __LINUX_UACCESS_H__ */ diff --git a/include/linux/unaligned/access_ok.h b/include/linux/unaligned/access_ok.h index 99c1b4d..bb94261 100644 --- a/include/linux/unaligned/access_ok.h @@ -62699,7 +63924,7 @@ index 6f8fbcf..8259001 100644 + MODULE_GRSEC diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h -index dcdfc2b..f937197 100644 +index dcdfc2b..cce598d 100644 --- a/include/linux/vmalloc.h +++ b/include/linux/vmalloc.h @@ -14,6 +14,11 @@ struct vm_area_struct; /* vma defining user mapping in mm_types.h */ @@ -62714,110 +63939,46 @@ index dcdfc2b..f937197 100644 /* bits [20..32] reserved for arch specific ioremap internals */ /* -@@ -157,4 +162,103 @@ pcpu_free_vm_areas(struct vm_struct **vms, int nr_vms) - # endif +@@ -51,18 +56,18 @@ static inline void vmalloc_init(void) + } #endif -+#define vmalloc(x) \ -+({ \ -+ void *___retval; \ -+ intoverflow_t ___x = (intoverflow_t)x; \ -+ if (WARN(___x > ULONG_MAX, "vmalloc size overflow\n")) \ -+ ___retval = NULL; \ -+ else \ -+ ___retval = vmalloc((unsigned long)___x); \ -+ ___retval; \ -+}) -+ -+#define vzalloc(x) \ -+({ \ -+ void *___retval; \ -+ intoverflow_t ___x = (intoverflow_t)x; \ -+ if (WARN(___x > ULONG_MAX, "vzalloc size overflow\n")) \ -+ ___retval = NULL; \ -+ else \ -+ ___retval = vzalloc((unsigned long)___x); \ -+ ___retval; \ -+}) -+ -+#define __vmalloc(x, y, z) \ -+({ \ -+ void *___retval; \ -+ intoverflow_t ___x = (intoverflow_t)x; \ -+ if (WARN(___x > ULONG_MAX, "__vmalloc size overflow\n"))\ -+ ___retval = NULL; \ -+ else \ -+ ___retval = __vmalloc((unsigned long)___x, (y), (z));\ -+ ___retval; \ -+}) -+ -+#define vmalloc_user(x) \ -+({ \ -+ void *___retval; \ -+ intoverflow_t ___x = (intoverflow_t)x; \ -+ if (WARN(___x > ULONG_MAX, "vmalloc_user size overflow\n"))\ -+ ___retval = NULL; \ -+ else \ -+ ___retval = vmalloc_user((unsigned long)___x); \ -+ ___retval; \ -+}) -+ -+#define vmalloc_exec(x) \ -+({ \ -+ void *___retval; \ -+ intoverflow_t ___x = (intoverflow_t)x; \ -+ if (WARN(___x > ULONG_MAX, "vmalloc_exec size overflow\n"))\ -+ ___retval = NULL; \ -+ else \ -+ ___retval = vmalloc_exec((unsigned long)___x); \ -+ ___retval; \ -+}) -+ -+#define vmalloc_node(x, y) \ -+({ \ -+ void *___retval; \ -+ intoverflow_t ___x = (intoverflow_t)x; \ -+ if (WARN(___x > ULONG_MAX, "vmalloc_node size overflow\n"))\ -+ ___retval = NULL; \ -+ else \ -+ ___retval = vmalloc_node((unsigned long)___x, (y));\ -+ ___retval; \ -+}) -+ -+#define vzalloc_node(x, y) \ -+({ \ -+ void *___retval; \ -+ intoverflow_t ___x = (intoverflow_t)x; \ -+ if (WARN(___x > ULONG_MAX, "vzalloc_node size overflow\n"))\ -+ ___retval = NULL; \ -+ else \ -+ ___retval = vzalloc_node((unsigned long)___x, (y));\ -+ ___retval; \ -+}) -+ -+#define vmalloc_32(x) \ -+({ \ -+ void *___retval; \ -+ intoverflow_t ___x = (intoverflow_t)x; \ -+ if (WARN(___x > ULONG_MAX, "vmalloc_32 size overflow\n"))\ -+ ___retval = NULL; \ -+ else \ -+ ___retval = vmalloc_32((unsigned long)___x); \ -+ ___retval; \ -+}) -+ -+#define vmalloc_32_user(x) \ -+({ \ -+void *___retval; \ -+ intoverflow_t ___x = (intoverflow_t)x; \ -+ if (WARN(___x > ULONG_MAX, "vmalloc_32_user size overflow\n"))\ -+ ___retval = NULL; \ -+ else \ -+ ___retval = vmalloc_32_user((unsigned long)___x);\ -+ ___retval; \ -+}) -+ - #endif /* _LINUX_VMALLOC_H */ +-extern void *vmalloc(unsigned long size); +-extern void *vzalloc(unsigned long size); +-extern void *vmalloc_user(unsigned long size); +-extern void *vmalloc_node(unsigned long size, int node); +-extern void *vzalloc_node(unsigned long size, int node); +-extern void *vmalloc_exec(unsigned long size); +-extern void *vmalloc_32(unsigned long size); +-extern void *vmalloc_32_user(unsigned long size); +-extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot); ++extern void *vmalloc(unsigned long size) __size_overflow(1); ++extern void *vzalloc(unsigned long size) __size_overflow(1); ++extern void *vmalloc_user(unsigned long size) __size_overflow(1); ++extern void *vmalloc_node(unsigned long size, int node) __size_overflow(1); ++extern void *vzalloc_node(unsigned long size, int node) __size_overflow(1); ++extern void *vmalloc_exec(unsigned long size) __size_overflow(1); ++extern void *vmalloc_32(unsigned long size) __size_overflow(1); ++extern void *vmalloc_32_user(unsigned long size) __size_overflow(1); ++extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot) __size_overflow(1); + extern void *__vmalloc_node_range(unsigned long size, unsigned long align, + unsigned long start, unsigned long end, gfp_t gfp_mask, +- pgprot_t prot, int node, void *caller); ++ pgprot_t prot, int node, void *caller) __size_overflow(1); + extern void vfree(const void *addr); + + extern void *vmap(struct page **pages, unsigned int count, +@@ -123,8 +128,8 @@ extern struct vm_struct *alloc_vm_area(size_t size, pte_t **ptes); + extern void free_vm_area(struct vm_struct *area); + + /* for /dev/kmem */ +-extern long vread(char *buf, char *addr, unsigned long count); +-extern long vwrite(char *buf, char *addr, unsigned long count); ++extern long vread(char *buf, char *addr, unsigned long count) __size_overflow(3); ++extern long vwrite(char *buf, char *addr, unsigned long count) __size_overflow(3); + + /* + * Internals. Dont't use.. diff --git a/include/linux/vmstat.h b/include/linux/vmstat.h index 65efb92..137adbb 100644 --- a/include/linux/vmstat.h @@ -65564,6 +66725,19 @@ index c62b854..cb67968 100644 head = &kprobe_table[i]; preempt_disable(); +diff --git a/kernel/ksysfs.c b/kernel/ksysfs.c +index 4e316e1..5501eef 100644 +--- a/kernel/ksysfs.c ++++ b/kernel/ksysfs.c +@@ -47,6 +47,8 @@ static ssize_t uevent_helper_store(struct kobject *kobj, + { + if (count+1 > UEVENT_HELPER_PATH_LEN) + return -ENOENT; ++ if (!capable(CAP_SYS_ADMIN)) ++ return -EPERM; + memcpy(uevent_helper, buf, count); + uevent_helper[count] = '\0'; + if (count && uevent_helper[count-1] == '\n') diff --git a/kernel/lockdep.c b/kernel/lockdep.c index 8889f7d..95319b7 100644 --- a/kernel/lockdep.c @@ -70122,7 +71296,7 @@ index ef726e8..13e0901 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index da15a79..333850b 100644 +index da15a79..314aef3 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -46,6 +46,16 @@ @@ -71351,22 +72525,20 @@ index da15a79..333850b 100644 /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2391,8 +2881,13 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) - unsigned long cur = mm->total_vm; /* pages */ - unsigned long lim; +@@ -2393,6 +2883,12 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) + + lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; +#ifdef CONFIG_PAX_RANDMMAP -+ if ((mm->pax_flags & MF_PAX_RANDMMAP) && mm->end_data) -+ cur -= (mm->start_brk - mm->end_data) >> PAGE_SHIFT; ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ cur -= mm->brk_gap; +#endif + - lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; -- + gr_learn_resource(current, RLIMIT_AS, (cur + npages) << PAGE_SHIFT, 1); if (cur + npages > lim) return 0; return 1; -@@ -2463,6 +2958,22 @@ int install_special_mapping(struct mm_struct *mm, +@@ -2463,6 +2959,22 @@ int install_special_mapping(struct mm_struct *mm, vma->vm_start = addr; vma->vm_end = addr + len; @@ -72845,26 +74017,10 @@ index f31b29d..8bdcae2 100644 if (S_ISREG(inode->i_mode)) diff --git a/mm/util.c b/mm/util.c -index 136ac4f..5117eef 100644 +index 136ac4f..f917fa9 100644 --- a/mm/util.c +++ b/mm/util.c -@@ -114,6 +114,7 @@ EXPORT_SYMBOL(memdup_user); - * allocated buffer. Use this if you don't want to free the buffer immediately - * like, for example, with RCU. - */ -+#undef __krealloc - void *__krealloc(const void *p, size_t new_size, gfp_t flags) - { - void *ret; -@@ -147,6 +148,7 @@ EXPORT_SYMBOL(__krealloc); - * behaves exactly like kmalloc(). If @size is 0 and @p is not a - * %NULL pointer, the object pointed to is freed. - */ -+#undef krealloc - void *krealloc(const void *p, size_t new_size, gfp_t flags) - { - void *ret; -@@ -243,6 +245,12 @@ void __vma_link_list(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -243,6 +243,12 @@ void __vma_link_list(struct mm_struct *mm, struct vm_area_struct *vma, void arch_pick_mmap_layout(struct mm_struct *mm) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -72878,7 +74034,7 @@ index 136ac4f..5117eef 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 86ce9a5..0fa4d89 100644 +index 86ce9a5..bc498f3 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) @@ -73027,60 +74183,11 @@ index 86ce9a5..0fa4d89 100644 area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST, start, end, node, gfp_mask, caller); if (!area) -@@ -1704,6 +1766,7 @@ static void *__vmalloc_node(unsigned long size, unsigned long align, - gfp_mask, prot, node, caller); - } - -+#undef __vmalloc - void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot) - { - return __vmalloc_node(size, 1, gfp_mask, prot, -1, -@@ -1727,6 +1790,7 @@ static inline void *__vmalloc_node_flags(unsigned long size, - * For tight control over page level allocator and protection flags - * use __vmalloc() instead. - */ -+#undef vmalloc - void *vmalloc(unsigned long size) - { - return __vmalloc_node_flags(size, -1, GFP_KERNEL | __GFP_HIGHMEM); -@@ -1743,6 +1807,7 @@ EXPORT_SYMBOL(vmalloc); - * For tight control over page level allocator and protection flags - * use __vmalloc() instead. - */ -+#undef vzalloc - void *vzalloc(unsigned long size) - { - return __vmalloc_node_flags(size, -1, -@@ -1757,6 +1822,7 @@ EXPORT_SYMBOL(vzalloc); - * The resulting memory area is zeroed so it can be mapped to userspace - * without leaking data. - */ -+#undef vmalloc_user - void *vmalloc_user(unsigned long size) - { - struct vm_struct *area; -@@ -1784,6 +1850,7 @@ EXPORT_SYMBOL(vmalloc_user); - * For tight control over page level allocator and protection flags - * use __vmalloc() instead. - */ -+#undef vmalloc_node - void *vmalloc_node(unsigned long size, int node) - { - return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL, -@@ -1803,6 +1870,7 @@ EXPORT_SYMBOL(vmalloc_node); - * For tight control over page level allocator and protection flags - * use __vmalloc_node() instead. - */ -+#undef vzalloc_node - void *vzalloc_node(unsigned long size, int node) - { - return __vmalloc_node_flags(size, node, -@@ -1825,10 +1893,10 @@ EXPORT_SYMBOL(vzalloc_node); +@@ -1825,10 +1887,9 @@ EXPORT_SYMBOL(vzalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ - -+#undef vmalloc_exec void *vmalloc_exec(unsigned long size) { - return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL_EXEC, @@ -73088,23 +74195,7 @@ index 86ce9a5..0fa4d89 100644 -1, __builtin_return_address(0)); } -@@ -1847,6 +1915,7 @@ void *vmalloc_exec(unsigned long size) - * Allocate enough 32bit PA addressable pages to cover @size from the - * page level allocator and map them into contiguous kernel virtual space. - */ -+#undef vmalloc_32 - void *vmalloc_32(unsigned long size) - { - return __vmalloc_node(size, 1, GFP_VMALLOC32, PAGE_KERNEL, -@@ -1861,6 +1930,7 @@ EXPORT_SYMBOL(vmalloc_32); - * The resulting memory area is 32bit addressable and zeroed so it can be - * mapped to userspace without leaking data. - */ -+#undef vmalloc_32_user - void *vmalloc_32_user(unsigned long size) - { - struct vm_struct *area; -@@ -2123,6 +2193,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, +@@ -2123,6 +2184,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, unsigned long uaddr = vma->vm_start; unsigned long usize = vma->vm_end - vma->vm_start; @@ -73449,6 +74540,18 @@ index 32d338c..d24bcdb 100644 goto done; } } +diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c +index 5449294..7da9a5f 100644 +--- a/net/bridge/netfilter/ebt_ulog.c ++++ b/net/bridge/netfilter/ebt_ulog.c +@@ -96,6 +96,7 @@ static void ulog_timer(unsigned long data) + spin_unlock_bh(&ulog_buffers[data].lock); + } + ++static struct sk_buff *ulog_alloc_skb(unsigned int size) __size_overflow(1); + static struct sk_buff *ulog_alloc_skb(unsigned int size) + { + struct sk_buff *skb; diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 5fe2ff3..10968b5 100644 --- a/net/bridge/netfilter/ebtables.c @@ -74001,6 +75104,28 @@ index ff52ad0..aff1c0f 100644 i++, cmfptr++) { int new_fd; +diff --git a/net/core/skbuff.c b/net/core/skbuff.c +index da0c97f..8253632 100644 +--- a/net/core/skbuff.c ++++ b/net/core/skbuff.c +@@ -3160,6 +3160,8 @@ static void sock_rmem_free(struct sk_buff *skb) + */ + int sock_queue_err_skb(struct sock *sk, struct sk_buff *skb) + { ++ int len = skb->len; ++ + if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >= + (unsigned)sk->sk_rcvbuf) + return -ENOMEM; +@@ -3174,7 +3176,7 @@ int sock_queue_err_skb(struct sock *sk, struct sk_buff *skb) + + skb_queue_tail(&sk->sk_error_queue, skb); + if (!sock_flag(sk, SOCK_DEAD)) +- sk->sk_data_ready(sk, skb->len); ++ sk->sk_data_ready(sk, len); + return 0; + } + EXPORT_SYMBOL(sock_queue_err_skb); diff --git a/net/core/sock.c b/net/core/sock.c index 02f8dfe..86dfd4a 100644 --- a/net/core/sock.c @@ -74153,6 +75278,19 @@ index 39a2d29..f39c0fe 100644 ---help--- Econet is a fairly old and slow networking protocol mainly used by Acorn computers to access file and print servers. It uses native +diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c +index 36d1440..44ff28b 100644 +--- a/net/ipv4/ah4.c ++++ b/net/ipv4/ah4.c +@@ -19,6 +19,8 @@ struct ah_skb_cb { + #define AH_SKB_CB(__skb) ((struct ah_skb_cb *)&((__skb)->cb[0])) + + static void *ah_alloc_tmp(struct crypto_ahash *ahash, int nfrags, ++ unsigned int size) __size_overflow(3); ++static void *ah_alloc_tmp(struct crypto_ahash *ahash, int nfrags, + unsigned int size) + { + unsigned int len; diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index 92fc5f6..b790d91 100644 --- a/net/ipv4/fib_frontend.c @@ -74305,19 +75443,104 @@ index 6e412a6..6640538 100644 set_fs(oldfs); return res; } -diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c -index 2133c30..5c4b40b 100644 ---- a/net/ipv4/netfilter/nf_nat_snmp_basic.c -+++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c -@@ -399,7 +399,7 @@ static unsigned char asn1_octets_decode(struct asn1_ctx *ctx, +diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c +index fd7a3f6..a1b1013 100644 +--- a/net/ipv4/netfilter/arp_tables.c ++++ b/net/ipv4/netfilter/arp_tables.c +@@ -757,6 +757,9 @@ static struct xt_counters *alloc_counters(const struct xt_table *table) + + static int copy_entries_to_user(unsigned int total_size, + const struct xt_table *table, ++ void __user *userptr) __size_overflow(1); ++static int copy_entries_to_user(unsigned int total_size, ++ const struct xt_table *table, + void __user *userptr) + { + unsigned int off, num; +@@ -984,6 +987,11 @@ static int __do_replace(struct net *net, const char *name, + unsigned int valid_hooks, + struct xt_table_info *newinfo, + unsigned int num_counters, ++ void __user *counters_ptr) __size_overflow(5); ++static int __do_replace(struct net *net, const char *name, ++ unsigned int valid_hooks, ++ struct xt_table_info *newinfo, ++ unsigned int num_counters, + void __user *counters_ptr) + { + int ret; +@@ -1104,6 +1112,8 @@ static int do_replace(struct net *net, const void __user *user, + } - *len = 0; + static int do_add_counters(struct net *net, const void __user *user, ++ unsigned int len, int compat) __size_overflow(3); ++static int do_add_counters(struct net *net, const void __user *user, + unsigned int len, int compat) + { + unsigned int i, curcpu; +diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c +index 24e556e..b073356 100644 +--- a/net/ipv4/netfilter/ip_tables.c ++++ b/net/ipv4/netfilter/ip_tables.c +@@ -923,6 +923,10 @@ static struct xt_counters *alloc_counters(const struct xt_table *table) + static int + copy_entries_to_user(unsigned int total_size, + const struct xt_table *table, ++ void __user *userptr) __size_overflow(1); ++static int ++copy_entries_to_user(unsigned int total_size, ++ const struct xt_table *table, + void __user *userptr) + { + unsigned int off, num; +@@ -1172,6 +1176,10 @@ get_entries(struct net *net, struct ipt_get_entries __user *uptr, + static int + __do_replace(struct net *net, const char *name, unsigned int valid_hooks, + struct xt_table_info *newinfo, unsigned int num_counters, ++ void __user *counters_ptr) __size_overflow(5); ++static int ++__do_replace(struct net *net, const char *name, unsigned int valid_hooks, ++ struct xt_table_info *newinfo, unsigned int num_counters, + void __user *counters_ptr) + { + int ret; +@@ -1293,6 +1301,9 @@ do_replace(struct net *net, const void __user *user, unsigned int len) -- *octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC); -+ *octets = kmalloc((eoc - ctx->pointer), GFP_ATOMIC); - if (*octets == NULL) - return 0; + static int + do_add_counters(struct net *net, const void __user *user, ++ unsigned int len, int compat) __size_overflow(3); ++static int ++do_add_counters(struct net *net, const void __user *user, + unsigned int len, int compat) + { + unsigned int i, curcpu; +diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c +index ba5756d..8d34d74 100644 +--- a/net/ipv4/netfilter/ipt_ULOG.c ++++ b/net/ipv4/netfilter/ipt_ULOG.c +@@ -125,6 +125,7 @@ static void ulog_timer(unsigned long data) + spin_unlock_bh(&ulog_lock); + } ++static struct sk_buff *ulog_alloc_skb(unsigned int size) __size_overflow(1); + static struct sk_buff *ulog_alloc_skb(unsigned int size) + { + struct sk_buff *skb; +diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c +index 2133c30..0e8047e 100644 +--- a/net/ipv4/netfilter/nf_nat_snmp_basic.c ++++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c +@@ -435,6 +435,10 @@ static unsigned char asn1_subid_decode(struct asn1_ctx *ctx, + static unsigned char asn1_oid_decode(struct asn1_ctx *ctx, + unsigned char *eoc, + unsigned long **oid, ++ unsigned int *len) __size_overflow(2); ++static unsigned char asn1_oid_decode(struct asn1_ctx *ctx, ++ unsigned char *eoc, ++ unsigned long **oid, + unsigned int *len) + { + unsigned long subid; diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c index b072386..abdebcf 100644 --- a/net/ipv4/ping.c @@ -74719,6 +75942,19 @@ index 6b8ebc5..1d624f4 100644 if (ops->ndo_do_ioctl) { mm_segment_t oldfs = get_fs(); +diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c +index 2ae79db..8f101bf 100644 +--- a/net/ipv6/ah6.c ++++ b/net/ipv6/ah6.c +@@ -56,6 +56,8 @@ struct ah_skb_cb { + #define AH_SKB_CB(__skb) ((struct ah_skb_cb *)&((__skb)->cb[0])) + + static void *ah_alloc_tmp(struct crypto_ahash *ahash, int nfrags, ++ unsigned int size) __size_overflow(3); ++static void *ah_alloc_tmp(struct crypto_ahash *ahash, int nfrags, + unsigned int size) + { + unsigned int len; diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c index 02dd203..e03fcc9 100644 --- a/net/ipv6/inet6_connection_sock.c @@ -74754,6 +75990,42 @@ index 18a2719..779f36a 100644 msg.msg_controllen = len; msg.msg_flags = flags; +diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c +index 94874b0..108a94d 100644 +--- a/net/ipv6/netfilter/ip6_tables.c ++++ b/net/ipv6/netfilter/ip6_tables.c +@@ -945,6 +945,10 @@ static struct xt_counters *alloc_counters(const struct xt_table *table) + static int + copy_entries_to_user(unsigned int total_size, + const struct xt_table *table, ++ void __user *userptr) __size_overflow(1); ++static int ++copy_entries_to_user(unsigned int total_size, ++ const struct xt_table *table, + void __user *userptr) + { + unsigned int off, num; +@@ -1194,6 +1198,10 @@ get_entries(struct net *net, struct ip6t_get_entries __user *uptr, + static int + __do_replace(struct net *net, const char *name, unsigned int valid_hooks, + struct xt_table_info *newinfo, unsigned int num_counters, ++ void __user *counters_ptr) __size_overflow(5); ++static int ++__do_replace(struct net *net, const char *name, unsigned int valid_hooks, ++ struct xt_table_info *newinfo, unsigned int num_counters, + void __user *counters_ptr) + { + int ret; +@@ -1315,6 +1323,9 @@ do_replace(struct net *net, const void __user *user, unsigned int len) + + static int + do_add_counters(struct net *net, const void __user *user, unsigned int len, ++ int compat) __size_overflow(3); ++static int ++do_add_counters(struct net *net, const void __user *user, unsigned int len, + int compat) + { + unsigned int i, curcpu; diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c index d02f7e4..2d2a0f1 100644 --- a/net/ipv6/raw.c @@ -75630,7 +76902,7 @@ index 4fe4fb4..87a89e5 100644 return 0; } diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c -index 629b061..21cd04c 100644 +index 629b061..8f415cc 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -741,7 +741,7 @@ static void netlink_overrun(struct sock *sk) @@ -75642,7 +76914,64 @@ index 629b061..21cd04c 100644 } static struct sock *netlink_getsockbypid(struct sock *ssk, u32 pid) -@@ -1995,7 +1995,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) +@@ -829,12 +829,19 @@ int netlink_attachskb(struct sock *sk, struct sk_buff *skb, + return 0; + } + +-int netlink_sendskb(struct sock *sk, struct sk_buff *skb) ++static int __netlink_sendskb(struct sock *sk, struct sk_buff *skb) + { + int len = skb->len; + + skb_queue_tail(&sk->sk_receive_queue, skb); + sk->sk_data_ready(sk, len); ++ return len; ++} ++ ++int netlink_sendskb(struct sock *sk, struct sk_buff *skb) ++{ ++ int len = __netlink_sendskb(sk, skb); ++ + sock_put(sk); + return len; + } +@@ -957,8 +964,7 @@ static int netlink_broadcast_deliver(struct sock *sk, struct sk_buff *skb) + if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf && + !test_bit(0, &nlk->state)) { + skb_set_owner_r(skb, sk); +- skb_queue_tail(&sk->sk_receive_queue, skb); +- sk->sk_data_ready(sk, skb->len); ++ __netlink_sendskb(sk, skb); + return atomic_read(&sk->sk_rmem_alloc) > (sk->sk_rcvbuf >> 1); + } + return -1; +@@ -1680,10 +1686,8 @@ static int netlink_dump(struct sock *sk) + + if (sk_filter(sk, skb)) + kfree_skb(skb); +- else { +- skb_queue_tail(&sk->sk_receive_queue, skb); +- sk->sk_data_ready(sk, skb->len); +- } ++ else ++ __netlink_sendskb(sk, skb); + return 0; + } + +@@ -1697,10 +1701,8 @@ static int netlink_dump(struct sock *sk) + + if (sk_filter(sk, skb)) + kfree_skb(skb); +- else { +- skb_queue_tail(&sk->sk_receive_queue, skb); +- sk->sk_data_ready(sk, skb->len); +- } ++ else ++ __netlink_sendskb(sk, skb); + + if (cb->done) + cb->done(cb); +@@ -1995,7 +1997,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) sk_wmem_alloc_get(s), nlk->cb, atomic_read(&s->sk_refcnt), @@ -77135,9 +78464,18 @@ index b89efe6..2c30808 100644 sprintf(alias, "dmi*"); diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c -index 9adb667..c6ac044 100644 +index 9adb667..dda7076 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c +@@ -849,7 +849,7 @@ static void check_section(const char *modname, struct elf_info *elf, + + #define ALL_INIT_DATA_SECTIONS \ + ".init.setup$", ".init.rodata$", \ +- ".devinit.rodata$", ".cpuinit.rodata$", ".meminit.rodata$" \ ++ ".devinit.rodata$", ".cpuinit.rodata$", ".meminit.rodata$", \ + ".init.data$", ".devinit.data$", ".cpuinit.data$", ".meminit.data$" + #define ALL_EXIT_DATA_SECTIONS \ + ".exit.data$", ".devexit.data$", ".cpuexit.data$", ".memexit.data$" @@ -919,6 +919,7 @@ enum mismatch { ANY_INIT_TO_ANY_EXIT, ANY_EXIT_TO_ANY_INIT, @@ -77280,11 +78618,24 @@ index 5c11312..72742b5 100644 logoname); write_hex_cnt = 0; for (i = 0; i < logo_clutsize; i++) { +diff --git a/scripts/tags.sh b/scripts/tags.sh +index 833813a..0bc8588 100755 +--- a/scripts/tags.sh ++++ b/scripts/tags.sh +@@ -116,7 +116,7 @@ docscope() + + dogtags() + { +- all_sources | gtags -f - ++ all_sources | gtags -i -f - + } + + exuberant() diff --git a/security/Kconfig b/security/Kconfig -index 51bd5a0..3a4ebd0 100644 +index 51bd5a0..c37f5e6 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,627 @@ +@@ -4,6 +4,640 @@ menu "Security options" @@ -77376,7 +78727,6 @@ index 51bd5a0..3a4ebd0 100644 + +config PAX_XATTR_PAX_FLAGS + bool 'Use filesystem extended attributes marking' -+ depends on EXPERT + select CIFS_XATTR if CIFS + select EXT2_FS_XATTR if EXT2_FS + select EXT3_FS_XATTR if EXT3_FS @@ -77905,6 +79255,20 @@ index 51bd5a0..3a4ebd0 100644 + Since this has a negligible performance impact, you should enable + this feature. + ++config PAX_SIZE_OVERFLOW ++ bool "Prevent various integer overflows in function size parameters" ++ depends on X86 ++ help ++ By saying Y here the kernel recomputes expressions of function ++ arguments marked by a size_overflow attribute with double integer ++ precision (DImode/TImode for 32/64 bit integer types). ++ ++ The recomputed argument is checked against INT_MAX and an event ++ is logged on overflow and the triggering process is killed. ++ ++ Homepage: ++ http://www.grsecurity.net/~ephox/overflow_plugin/ ++ +endmenu + +endmenu @@ -77912,7 +79276,7 @@ index 51bd5a0..3a4ebd0 100644 config KEYS bool "Enable access key retention support" help -@@ -169,7 +790,7 @@ config INTEL_TXT +@@ -169,7 +803,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -78766,10 +80130,10 @@ index da5fa1a..113cd02 100644 }; diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile new file mode 100644 -index 0000000..894c8bf +index 0000000..ca64170 --- /dev/null +++ b/tools/gcc/Makefile -@@ -0,0 +1,23 @@ +@@ -0,0 +1,26 @@ +#CC := gcc +#PLUGIN_SOURCE_FILES := pax_plugin.c +#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES)) @@ -78777,6 +80141,7 @@ index 0000000..894c8bf +#CFLAGS += -I$(GCCPLUGINS_DIR)/include -fPIC -O2 -Wall -W -std=gnu99 + +HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(GCCPLUGINS_DIR)/include/c-family -std=gnu99 -ggdb ++CFLAGS_size_overflow_plugin.o := -Wno-missing-initializer + +hostlibs-y := constify_plugin.so +hostlibs-$(CONFIG_PAX_MEMORY_STACKLEAK) += stackleak_plugin.so @@ -78784,6 +80149,7 @@ index 0000000..894c8bf +hostlibs-$(CONFIG_PAX_KERNEXEC_PLUGIN) += kernexec_plugin.so +hostlibs-$(CONFIG_CHECKER_PLUGIN) += checker_plugin.so +hostlibs-y += colorize_plugin.so ++hostlibs-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin.so + +always := $(hostlibs-y) + @@ -78793,6 +80159,7 @@ index 0000000..894c8bf +kernexec_plugin-objs := kernexec_plugin.o +checker_plugin-objs := checker_plugin.o +colorize_plugin-objs := colorize_plugin.o ++size_overflow_plugin-objs := size_overflow_plugin.o diff --git a/tools/gcc/checker_plugin.c b/tools/gcc/checker_plugin.c new file mode 100644 index 0000000..d41b5af @@ -79607,7 +80974,7 @@ index 0000000..a5eabce +} diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c new file mode 100644 -index 0000000..008f159 +index 0000000..d8a8da2 --- /dev/null +++ b/tools/gcc/kernexec_plugin.c @@ -0,0 +1,427 @@ @@ -79817,7 +81184,7 @@ index 0000000..008f159 + update_stmt(assign_intptr); + + // cast temporary unsigned long back to a temporary fptr variable -+ new_fptr = create_tmp_var(TREE_TYPE(old_fptr), "kernexec"); ++ new_fptr = create_tmp_var(TREE_TYPE(old_fptr), "kernexec_fptr"); + add_referenced_var(new_fptr); + mark_sym_for_renaming(new_fptr); + assign_new_fptr = gimple_build_assign(new_fptr, fold_convert(TREE_TYPE(old_fptr), intptr)); @@ -80038,6 +81405,4216 @@ index 0000000..008f159 + + return 0; +} +diff --git a/tools/gcc/size_overflow_hash1.h b/tools/gcc/size_overflow_hash1.h +new file mode 100644 +index 0000000..16ccac1 +--- /dev/null ++++ b/tools/gcc/size_overflow_hash1.h +@@ -0,0 +1,3047 @@ ++struct size_overflow_hash size_overflow_hash1[65536] = { ++ [10013].file = "security/smack/smackfs.c", ++ [10013].name = "smk_write_direct", ++ [10013].param3 = 1, ++ [10167].file = "sound/core/oss/pcm_plugin.c", ++ [10167].name = "snd_pcm_plugin_build", ++ [10167].param5 = 1, ++ [1020].file = "drivers/usb/misc/usbtest.c", ++ [1020].name = "test_unaligned_bulk", ++ [1020].param3 = 1, ++ [1022].file = "sound/pci/rme9652/rme9652.c", ++ [1022].name = "snd_rme9652_playback_copy", ++ [1022].param5 = 1, ++ [10321].file = "drivers/platform/x86/thinkpad_acpi.c", ++ [10321].name = "create_attr_set", ++ [10321].param1 = 1, ++ [10341].file = "fs/nfsd/nfs4xdr.c", ++ [10341].name = "read_buf", ++ [10341].param2 = 1, ++ [10357].file = "net/sunrpc/cache.c", ++ [10357].name = "cache_read", ++ [10357].param3 = 1, ++ [10397].file = "drivers/gpu/drm/i915/i915_debugfs.c", ++ [10397].name = "i915_wedged_write", ++ [10397].param3 = 1, ++ [10399].file = "kernel/trace/trace.c", ++ [10399].name = "trace_seq_to_user", ++ [10399].param3 = 1, ++ [10414].file = "drivers/tty/vt/vt.c", ++ [10414].name = "vc_do_resize", ++ [10414].param3 = 1, ++ [10414].param4 = 1, ++ [10565].file = "drivers/input/touchscreen/ad7879-spi.c", ++ [10565].name = "ad7879_spi_multi_read", ++ [10565].param3 = 1, ++ [10623].file = "drivers/infiniband/core/user_mad.c", ++ [10623].name = "ib_umad_write", ++ [10623].param3 = 1, ++ [10707].file = "fs/nfs/idmap.c", ++ [10707].name = "nfs_idmap_request_key", ++ [10707].param2 = 1, ++ [1073].file = "drivers/block/aoe/aoecmd.c", ++ [1073].name = "addtgt", ++ [1073].param3 = 1, ++ [10745].file = "fs/cifs/connect.c", ++ [10745].name = "get_server_iovec", ++ [10745].param2 = 1, ++ [10750].file = "drivers/net/wireless/iwmc3200wifi/rx.c", ++ [10750].name = "iwm_ntf_calib_res", ++ [10750].param3 = 1, ++ [10773].file = "drivers/input/mousedev.c", ++ [10773].name = "mousedev_read", ++ [10773].param3 = 1, ++ [10777].file = "fs/ntfs/file.c", ++ [10777].name = "ntfs_file_buffered_write", ++ [10777].param6 = 1, ++ [10893].file = "drivers/misc/sgi-gru/gruprocfs.c", ++ [10893].name = "options_write", ++ [10893].param3 = 1, ++ [10919].file = "net/ipv4/netfilter/arp_tables.c", ++ [10919].name = "do_arpt_set_ctl", ++ [10919].param4 = 1, ++ [1107].file = "mm/process_vm_access.c", ++ [1107].name = "process_vm_rw_single_vec", ++ [1107].param1 = 1, ++ [1107].param2 = 1, ++ [11230].file = "net/core/neighbour.c", ++ [11230].name = "neigh_hash_grow", ++ [11230].param2 = 1, ++ [11364].file = "fs/ext4/super.c", ++ [11364].name = "ext4_kvzalloc", ++ [11364].param1 = 1, ++ [114].file = "security/selinux/selinuxfs.c", ++ [114].name = "sel_write_relabel", ++ [114].param3 = 1, ++ [11549].file = "drivers/media/rc/redrat3.c", ++ [11549].name = "redrat3_transmit_ir", ++ [11549].param3 = 1, ++ [11568].file = "drivers/gpu/drm/drm_scatter.c", ++ [11568].name = "drm_vmalloc_dma", ++ [11568].param1 = 1, ++ [11582].file = "drivers/scsi/lpfc/lpfc_sli.c", ++ [11582].name = "lpfc_sli4_queue_alloc", ++ [11582].param3 = 1, ++ [11616].file = "security/selinux/selinuxfs.c", ++ [11616].name = "sel_write_enforce", ++ [11616].param3 = 1, ++ [11699].file = "drivers/net/ethernet/neterion/vxge/vxge-config.h", ++ [11699].name = "vxge_os_dma_malloc", ++ [11699].param2 = 1, ++ [11766].file = "drivers/block/paride/pt.c", ++ [11766].name = "pt_read", ++ [11766].param3 = 1, ++ [11784].file = "fs/bio.c", ++ [11784].name = "bio_kmalloc", ++ [11784].param2 = 1, ++ [11919].file = "drivers/lguest/core.c", ++ [11919].name = "__lgread", ++ [11919].param4 = 1, ++ [11925].file = "drivers/media/video/cx18/cx18-fileops.c", ++ [11925].name = "cx18_copy_mdl_to_user", ++ [11925].param4 = 1, ++ [11985].file = "drivers/block/floppy.c", ++ [11985].name = "fd_copyin", ++ [11985].param3 = 1, ++ [11986].file = "drivers/net/usb/asix.c", ++ [11986].name = "asix_read_cmd", ++ [11986].param5 = 1, ++ [12018].file = "sound/core/oss/pcm_oss.c", ++ [12018].name = "snd_pcm_oss_read1", ++ [12018].param3 = 1, ++ [12059].file = "drivers/net/wireless/libertas/debugfs.c", ++ [12059].name = "lbs_debugfs_write", ++ [12059].param3 = 1, ++ [12151].file = "fs/compat.c", ++ [12151].name = "compat_rw_copy_check_uvector", ++ [12151].param3 = 1, ++ [12205].file = "fs/reiserfs/journal.c", ++ [12205].name = "reiserfs_allocate_list_bitmaps", ++ [12205].param3 = 1, ++ [12234].file = "include/acpi/platform/aclinux.h", ++ [12234].name = "acpi_os_allocate", ++ [12234].param1 = 1, ++ [1227].file = "lib/cpu_rmap.c", ++ [1227].name = "alloc_cpu_rmap", ++ [1227].param1 = 1, ++ [12395].file = "drivers/char/hw_random/core.c", ++ [12395].name = "rng_dev_read", ++ [12395].param3 = 1, ++ [12602].file = "net/sunrpc/cache.c", ++ [12602].name = "cache_downcall", ++ [12602].param3 = 1, ++ [12712].file = "drivers/net/wimax/i2400m/fw.c", ++ [12712].name = "i2400m_zrealloc_2x", ++ [12712].param3 = 1, ++ [12755].file = "sound/drivers/opl4/opl4_proc.c", ++ [12755].name = "snd_opl4_mem_proc_read", ++ [12755].param5 = 1, ++ [12833].file = "net/sctp/auth.c", ++ [12833].name = "sctp_auth_create_key", ++ [12833].param1 = 1, ++ [12840].file = "net/sctp/tsnmap.c", ++ [12840].name = "sctp_tsnmap_mark", ++ [12840].param2 = 1, ++ [12931].file = "drivers/hid/hid-roccat.c", ++ [12931].name = "roccat_read", ++ [12931].param3 = 1, ++ [12954].file = "fs/proc/base.c", ++ [12954].name = "oom_adjust_write", ++ [12954].param3 = 1, ++ [13103].file = "drivers/acpi/acpica/utobject.c", ++ [13103].name = "acpi_ut_create_string_object", ++ [13103].param1 = 1, ++ [13121].file = "net/ipv4/ip_sockglue.c", ++ [13121].name = "do_ip_setsockopt", ++ [13121].param5 = 1, ++ [1327].file = "net/netfilter/nfnetlink_log.c", ++ [1327].name = "nfulnl_alloc_skb", ++ [1327].param2 = 1, ++ [13337].file = "net/core/iovec.c", ++ [13337].name = "csum_partial_copy_fromiovecend", ++ [13337].param4 = 1, ++ [13339].file = "security/smack/smackfs.c", ++ [13339].name = "smk_write_netlbladdr", ++ [13339].param3 = 1, ++ [13342].file = "fs/jbd2/journal.c", ++ [13342].name = "jbd2_alloc", ++ [13342].param1 = 1, ++ [13384].file = "drivers/char/virtio_console.c", ++ [13384].name = "alloc_buf", ++ [13384].param1 = 1, ++ [13412].file = "fs/proc/base.c", ++ [13412].name = "oom_score_adj_write", ++ [13412].param3 = 1, ++ [13559].file = "drivers/media/video/ivtv/ivtv-fileops.c", ++ [13559].name = "ivtv_read", ++ [13559].param3 = 1, ++ [13618].file = "drivers/net/team/team.c", ++ [13618].name = "team_options_register", ++ [13618].param3 = 1, ++ [13659].file = "drivers/net/wan/hdlc.c", ++ [13659].name = "attach_hdlc_protocol", ++ [13659].param3 = 1, ++ [13708].file = "drivers/usb/misc/usbtest.c", ++ [13708].name = "simple_alloc_urb", ++ [13708].param3 = 1, ++ [13805].file = "drivers/misc/altera-stapl/altera-jtag.c", ++ [13805].name = "altera_swap_dr", ++ [13805].param2 = 1, ++ [13868].file = "fs/lockd/mon.c", ++ [13868].name = "nsm_create_handle", ++ [13868].param4 = 1, ++ [13924].file = "net/ipv4/netfilter/ip_tables.c", ++ [13924].name = "do_ipt_set_ctl", ++ [13924].param4 = 1, ++ [14019].file = "net/dns_resolver/dns_key.c", ++ [14019].name = "dns_resolver_instantiate", ++ [14019].param2 = 1, ++ [14019].param3 = 1, ++ [14025].file = "net/ax25/af_ax25.c", ++ [14025].name = "ax25_setsockopt", ++ [14025].param5 = 1, ++ [14029].file = "drivers/spi/spidev.c", ++ [14029].name = "spidev_compat_ioctl", ++ [14029].param2 = 1, ++ [14090].file = "drivers/bluetooth/btmrvl_debugfs.c", ++ [14090].name = "btmrvl_hsmode_write", ++ [14090].param3 = 1, ++ [14149].file = "drivers/hid/hidraw.c", ++ [14149].name = "hidraw_ioctl", ++ [14149].param2 = 1, ++ [14153].file = "drivers/staging/bcm/led_control.c", ++ [14153].name = "ValidateDSDParamsChecksum", ++ [14153].param3 = 1, ++ [14174].file = "sound/pci/es1938.c", ++ [14174].name = "snd_es1938_capture_copy", ++ [14174].param5 = 1, ++ [14207].file = "drivers/media/video/v4l2-event.c", ++ [14207].name = "v4l2_event_subscribe", ++ [14207].param3 = 1, ++ [14241].file = "drivers/platform/x86/asus_acpi.c", ++ [14241].name = "brn_proc_write", ++ [14241].param3 = 1, ++ [14345].file = "fs/cachefiles/daemon.c", ++ [14345].name = "cachefiles_daemon_write", ++ [14345].param3 = 1, ++ [14347].file = "drivers/media/dvb/dvb-core/dvb_ca_en50221.c", ++ [14347].name = "dvb_ca_en50221_io_write", ++ [14347].param3 = 1, ++ [14566].file = "drivers/pci/hotplug/ibmphp_ebda.c", ++ [14566].name = "alloc_ebda_hpc", ++ [14566].param1 = 1, ++ [14566].param2 = 1, ++ [1458].file = "drivers/misc/lkdtm.c", ++ [1458].name = "direct_entry", ++ [1458].param3 = 1, ++ [14646].file = "fs/compat.c", ++ [14646].name = "compat_writev", ++ [14646].param3 = 1, ++ [14684].file = "drivers/media/video/stk-webcam.c", ++ [14684].name = "stk_allocate_buffers", ++ [14684].param2 = 1, ++ [14736].file = "drivers/usb/misc/usbtest.c", ++ [14736].name = "unlink_queued", ++ [14736].param3 = 1, ++ [1482].file = "drivers/scsi/scsi_netlink.c", ++ [1482].name = "scsi_nl_send_vendor_msg", ++ [1482].param5 = 1, ++ [15017].file = "drivers/edac/edac_device.c", ++ [15017].name = "edac_device_alloc_ctl_info", ++ [15017].param1 = 1, ++ [15044].file = "drivers/uio/uio.c", ++ [15044].name = "uio_write", ++ [15044].param3 = 1, ++ [15087].file = "fs/bio.c", ++ [15087].name = "bio_map_kern", ++ [15087].param2 = 1, ++ [15087].param3 = 1, ++ [15112].file = "drivers/xen/evtchn.c", ++ [15112].name = "evtchn_write", ++ [15112].param3 = 1, ++ [15130].file = "net/bluetooth/hci_core.c", ++ [15130].name = "hci_send_cmd", ++ [15130].param3 = 1, ++ [15202].file = "net/bluetooth/rfcomm/tty.c", ++ [15202].name = "rfcomm_wmalloc", ++ [15202].param2 = 1, ++ [15274].file = "crypto/shash.c", ++ [15274].name = "crypto_shash_setkey", ++ [15274].param3 = 1, ++ [15354].file = "drivers/isdn/mISDN/socket.c", ++ [15354].name = "mISDN_sock_sendmsg", ++ [15354].param4 = 1, ++ [15361].file = "drivers/char/agp/generic.c", ++ [15361].name = "agp_allocate_memory", ++ [15361].param2 = 1, ++ [15497].file = "drivers/media/dvb/ddbridge/ddbridge-core.c", ++ [15497].name = "ts_read", ++ [15497].param3 = 1, ++ [15551].file = "net/ipv4/netfilter/ipt_CLUSTERIP.c", ++ [15551].name = "clusterip_proc_write", ++ [15551].param3 = 1, ++ [15701].file = "drivers/hid/hid-roccat-common.c", ++ [15701].name = "roccat_common_receive", ++ [15701].param4 = 1, ++ [1572].file = "net/ceph/pagevec.c", ++ [1572].name = "ceph_copy_page_vector_to_user", ++ [1572].param4 = 1, ++ [15814].file = "net/mac80211/debugfs_netdev.c", ++ [15814].name = "ieee80211_if_write", ++ [15814].param3 = 1, ++ [15883].file = "security/keys/keyctl.c", ++ [15883].name = "sys_add_key", ++ [15883].param4 = 1, ++ [15884].file = "fs/exofs/super.c", ++ [15884].name = "exofs_read_lookup_dev_table", ++ [15884].param3 = 1, ++ [16037].file = "drivers/staging/media/easycap/easycap_sound.c", ++ [16037].name = "easycap_alsa_vmalloc", ++ [16037].param2 = 1, ++ [16073].file = "net/sctp/socket.c", ++ [16073].name = "sctp_setsockopt", ++ [16073].param5 = 1, ++ [16132].file = "drivers/staging/vme/devices/vme_user.c", ++ [16132].name = "buffer_from_user", ++ [16132].param3 = 1, ++ [16138].file = "security/selinux/ss/services.c", ++ [16138].name = "security_context_to_sid_force", ++ [16138].param2 = 1, ++ [16166].file = "drivers/platform/x86/thinkpad_acpi.c", ++ [16166].name = "dispatch_proc_write", ++ [16166].param3 = 1, ++ [16229].file = "drivers/scsi/scsi_transport_iscsi.c", ++ [16229].name = "iscsi_offload_mesg", ++ [16229].param5 = 1, ++ [16353].file = "drivers/base/regmap/regmap.c", ++ [16353].name = "regmap_raw_write", ++ [16353].param4 = 1, ++ [16383].file = "fs/proc/base.c", ++ [16383].name = "comm_write", ++ [16383].param3 = 1, ++ [16396].file = "drivers/misc/altera-stapl/altera-jtag.c", ++ [16396].name = "altera_irscan", ++ [16396].param2 = 1, ++ [16447].file = "drivers/hid/usbhid/hiddev.c", ++ [16447].name = "hiddev_ioctl", ++ [16447].param2 = 1, ++ [16453].file = "include/linux/slab.h", ++ [16453].name = "kzalloc", ++ [16453].param1 = 1, ++ [16605].file = "fs/ecryptfs/miscdev.c", ++ [16605].name = "ecryptfs_send_miscdev", ++ [16605].param2 = 1, ++ [16606].file = "drivers/ide/ide-tape.c", ++ [16606].name = "idetape_chrdev_write", ++ [16606].param3 = 1, ++ [16637].file = "security/keys/encrypted-keys/encrypted.c", ++ [16637].name = "datablob_hmac_verify", ++ [16637].param4 = 1, ++ [16828].file = "net/batman-adv/hash.c", ++ [16828].name = "hash_new", ++ [16828].param1 = 1, ++ [16853].file = "drivers/net/ethernet/chelsio/cxgb4vf/sge.c", ++ [16853].name = "t4vf_pktgl_to_skb", ++ [16853].param2 = 1, ++ [16911].file = "drivers/media/dvb/ttpci/av7110_hw.c", ++ [16911].name = "LoadBitmap", ++ [16911].param2 = 1, ++ [169].file = "drivers/net/ethernet/amd/pcnet32.c", ++ [169].name = "pcnet32_realloc_rx_ring", ++ [169].param3 = 1, ++ [17075].file = "sound/isa/gus/gus_dram.c", ++ [17075].name = "snd_gus_dram_write", ++ [17075].param4 = 1, ++ [17133].file = "drivers/usb/misc/iowarrior.c", ++ [17133].name = "iowarrior_read", ++ [17133].param3 = 1, ++ [17185].file = "net/wireless/scan.c", ++ [17185].name = "cfg80211_inform_bss", ++ [17185].param8 = 1, ++ [17349].file = "net/tipc/link.c", ++ [17349].name = "tipc_link_send_sections_fast", ++ [17349].param4 = 1, ++ [17377].file = "drivers/usb/class/cdc-wdm.c", ++ [17377].name = "wdm_write", ++ [17377].param3 = 1, ++ [17459].file = "drivers/usb/misc/rio500.c", ++ [17459].name = "write_rio", ++ [17459].param3 = 1, ++ [17460].file = "fs/nfsd/nfscache.c", ++ [17460].name = "nfsd_cache_update", ++ [17460].param3 = 1, ++ [17492].file = "net/dccp/proto.c", ++ [17492].name = "do_dccp_setsockopt", ++ [17492].param5 = 1, ++ [1754].file = "sound/core/oss/pcm_oss.c", ++ [1754].name = "snd_pcm_oss_write", ++ [1754].param3 = 1, ++ [17604].file = "fs/proc/generic.c", ++ [17604].name = "__proc_file_read", ++ [17604].param3 = 1, ++ [17718].file = "net/caif/caif_socket.c", ++ [17718].name = "setsockopt", ++ [17718].param5 = 1, ++ [17828].file = "kernel/sched/core.c", ++ [17828].name = "sched_feat_write", ++ [17828].param3 = 1, ++ [17841].file = "drivers/misc/tifm_core.c", ++ [17841].name = "tifm_alloc_adapter", ++ [17841].param1 = 1, ++ [17946].file = "drivers/net/wireless/libertas/if_spi.c", ++ [17946].name = "if_spi_host_to_card", ++ [17946].param4 = 1, ++ [1800].file = "drivers/media/dvb/dvb-core/dmxdev.c", ++ [1800].name = "dvb_dvr_do_ioctl", ++ [1800].param3 = 1, ++ [18119].file = "drivers/misc/iwmc3200top/fw-download.c", ++ [18119].name = "iwmct_fw_parser_init", ++ [18119].param4 = 1, ++ [18140].file = "drivers/scsi/pm8001/pm8001_ctl.c", ++ [18140].name = "pm8001_store_update_fw", ++ [18140].param4 = 1, ++ [18191].file = "sound/pci/hda/patch_realtek.c", ++ [18191].name = "new_bind_ctl", ++ [18191].param2 = 1, ++ [18224].file = "drivers/xen/grant-table.c", ++ [18224].name = "gnttab_map", ++ [18224].param2 = 1, ++ [18232].file = "fs/nfs/write.c", ++ [18232].name = "nfs_writedata_alloc", ++ [18232].param1 = 1, ++ [18247].file = "drivers/char/agp/generic.c", ++ [18247].name = "agp_create_user_memory", ++ [18247].param1 = 1, ++ [18303].file = "fs/xattr.c", ++ [18303].name = "getxattr", ++ [18303].param4 = 1, ++ [18353].file = "net/rfkill/core.c", ++ [18353].name = "rfkill_fop_read", ++ [18353].param3 = 1, ++ [18386].file = "fs/read_write.c", ++ [18386].name = "vfs_readv", ++ [18386].param3 = 1, ++ [18391].file = "fs/ocfs2/stack_user.c", ++ [18391].name = "ocfs2_control_write", ++ [18391].param3 = 1, ++ [183].file = "crypto/ahash.c", ++ [183].name = "crypto_ahash_setkey", ++ [183].param3 = 1, ++ [18406].file = "drivers/media/video/tm6000/tm6000-core.c", ++ [18406].name = "tm6000_read_write_usb", ++ [18406].param7 = 1, ++ [1845].file = "drivers/net/wireless/rt2x00/rt2x00debug.c", ++ [1845].name = "rt2x00debug_write_rf", ++ [1845].param3 = 1, ++ [18465].file = "drivers/net/ethernet/chelsio/cxgb3/cxgb3_offload.c", ++ [18465].name = "cxgb_alloc_mem", ++ [18465].param1 = 1, ++ [184].file = "drivers/firewire/nosy.c", ++ [184].name = "packet_buffer_init", ++ [184].param2 = 1, ++ [1858].file = "net/ipv6/netfilter/ip6_tables.c", ++ [1858].name = "do_ip6t_set_ctl", ++ [1858].param4 = 1, ++ [18659].file = "drivers/media/dvb/dvb-core/dvbdev.c", ++ [18659].name = "dvb_usercopy", ++ [18659].param2 = 1, ++ [18722].file = "security/tomoyo/condition.c", ++ [18722].name = "tomoyo_scan_bprm", ++ [18722].param2 = 1, ++ [18722].param4 = 1, ++ [18775].file = "include/linux/textsearch.h", ++ [18775].name = "alloc_ts_config", ++ [18775].param1 = 1, ++ [18940].file = "drivers/usb/host/hwa-hc.c", ++ [18940].name = "__hwahc_op_set_gtk", ++ [18940].param4 = 1, ++ [19012].file = "drivers/acpi/event.c", ++ [19012].name = "acpi_system_read_event", ++ [19012].param3 = 1, ++ [19028].file = "mm/filemap.c", ++ [19028].name = "iov_iter_copy_from_user_atomic", ++ [19028].param4 = 1, ++ [19107].file = "security/smack/smackfs.c", ++ [19107].name = "smk_write_load_list", ++ [19107].param3 = 1, ++ [19240].file = "net/sctp/socket.c", ++ [19240].name = "sctp_setsockopt_delayed_ack", ++ [19240].param3 = 1, ++ [19274].file = "net/core/pktgen.c", ++ [19274].name = "pktgen_if_write", ++ [19274].param3 = 1, ++ [19286].file = "drivers/base/regmap/regmap.c", ++ [19286].name = "_regmap_raw_write", ++ [19286].param4 = 1, ++ [19308].file = "drivers/char/mem.c", ++ [19308].name = "read_oldmem", ++ [19308].param3 = 1, ++ [19343].file = "security/keys/encrypted-keys/encrypted.c", ++ [19343].name = "datablob_hmac_append", ++ [19343].param3 = 1, ++ [19349].file = "drivers/acpi/acpica/utobject.c", ++ [19349].name = "acpi_ut_create_package_object", ++ [19349].param1 = 1, ++ [19453].file = "drivers/net/ethernet/chelsio/cxgb/sge.c", ++ [19453].name = "sge_rx", ++ [19453].param3 = 1, ++ [19504].file = "drivers/usb/serial/garmin_gps.c", ++ [19504].name = "pkt_add", ++ [19504].param3 = 1, ++ [19522].file = "mm/percpu.c", ++ [19522].name = "pcpu_mem_zalloc", ++ [19522].param1 = 1, ++ [19548].file = "drivers/scsi/qla2xxx/qla_init.c", ++ [19548].name = "qla2x00_get_ctx_sp", ++ [19548].param3 = 1, ++ [19592].file = "net/dccp/proto.c", ++ [19592].name = "dccp_setsockopt_service", ++ [19592].param4 = 1, ++ [19726].file = "kernel/trace/trace.c", ++ [19726].name = "tracing_set_trace_write", ++ [19726].param3 = 1, ++ [19738].file = "fs/sysfs/file.c", ++ [19738].name = "sysfs_write_file", ++ [19738].param3 = 1, ++ [19833].file = "drivers/xen/privcmd.c", ++ [19833].name = "gather_array", ++ [19833].param3 = 1, ++ [19910].file = "drivers/media/video/saa7164/saa7164-buffer.c", ++ [19910].name = "saa7164_buffer_alloc_user", ++ [19910].param2 = 1, ++ [19920].file = "drivers/input/joydev.c", ++ [19920].name = "joydev_ioctl", ++ [19920].param2 = 1, ++ [19931].file = "drivers/usb/misc/ftdi-elan.c", ++ [19931].name = "ftdi_elan_write", ++ [19931].param3 = 1, ++ [19960].file = "drivers/usb/class/usblp.c", ++ [19960].name = "usblp_read", ++ [19960].param3 = 1, ++ [1996].file = "drivers/scsi/libsrp.c", ++ [1996].name = "srp_target_alloc", ++ [1996].param3 = 1, ++ [20023].file = "drivers/media/video/gspca/gspca.c", ++ [20023].name = "dev_read", ++ [20023].param3 = 1, ++ [20207].file = "net/core/sock.c", ++ [20207].name = "sock_alloc_send_pskb", ++ [20207].param2 = 1, ++ [20263].file = "kernel/trace/trace_events.c", ++ [20263].name = "event_filter_write", ++ [20263].param3 = 1, ++ [20314].file = "drivers/gpu/drm/drm_hashtab.c", ++ [20314].name = "drm_ht_create", ++ [20314].param2 = 1, ++ [20320].file = "drivers/mfd/sm501.c", ++ [20320].name = "sm501_create_subdev", ++ [20320].param3 = 1, ++ [20320].param4 = 1, ++ [20376].file = "mm/nobootmem.c", ++ [20376].name = "__alloc_bootmem_nopanic", ++ [20376].param1 = 1, ++ [20409].file = "drivers/media/dvb/dvb-usb/opera1.c", ++ [20409].name = "opera1_usb_i2c_msgxfer", ++ [20409].param4 = 1, ++ [20473].file = "drivers/mtd/mtdchar.c", ++ [20473].name = "mtdchar_write", ++ [20473].param3 = 1, ++ [20611].file = "net/netfilter/x_tables.c", ++ [20611].name = "xt_alloc_table_info", ++ [20611].param1 = 1, ++ [20618].file = "drivers/staging/crystalhd/crystalhd_lnx.c", ++ [20618].name = "chd_dec_fetch_cdata", ++ [20618].param3 = 1, ++ [20713].file = "drivers/gpu/drm/ttm/ttm_bo_vm.c", ++ [20713].name = "ttm_bo_io", ++ [20713].param5 = 1, ++ [20801].file = "drivers/vhost/vhost.c", ++ [20801].name = "vhost_add_used_n", ++ [20801].param3 = 1, ++ [20835].file = "drivers/isdn/i4l/isdn_common.c", ++ [20835].name = "isdn_read", ++ [20835].param3 = 1, ++ [20951].file = "crypto/rng.c", ++ [20951].name = "rngapi_reset", ++ [20951].param3 = 1, ++ [21125].file = "fs/gfs2/dir.c", ++ [21125].name = "gfs2_alloc_sort_buffer", ++ [21125].param1 = 1, ++ [21132].file = "kernel/cgroup.c", ++ [21132].name = "cgroup_write_X64", ++ [21132].param5 = 1, ++ [21138].file = "drivers/uio/uio.c", ++ [21138].name = "uio_read", ++ [21138].param3 = 1, ++ [21193].file = "net/wireless/sme.c", ++ [21193].name = "cfg80211_disconnected", ++ [21193].param4 = 1, ++ [21312].file = "lib/ts_kmp.c", ++ [21312].name = "kmp_init", ++ [21312].param2 = 1, ++ [21335].file = "net/econet/af_econet.c", ++ [21335].name = "econet_sendmsg", ++ [21335].param4 = 1, ++ [21406].file = "fs/libfs.c", ++ [21406].name = "simple_write_to_buffer", ++ [21406].param2 = 1, ++ [21406].param5 = 1, ++ [21451].file = "net/netfilter/ipvs/ip_vs_ctl.c", ++ [21451].name = "do_ip_vs_set_ctl", ++ [21451].param4 = 1, ++ [21459].file = "security/smack/smackfs.c", ++ [21459].name = "smk_write_doi", ++ [21459].param3 = 1, ++ [21508].file = "include/linux/usb/wusb.h", ++ [21508].name = "wusb_prf_64", ++ [21508].param7 = 1, ++ [21511].file = "drivers/input/ff-core.c", ++ [21511].name = "input_ff_create", ++ [21511].param2 = 1, ++ [21538].file = "net/bluetooth/l2cap_sock.c", ++ [21538].name = "l2cap_sock_setsockopt", ++ [21538].param5 = 1, ++ [21543].file = "drivers/media/video/gspca/gspca.c", ++ [21543].name = "frame_alloc", ++ [21543].param4 = 1, ++ [21608].file = "drivers/char/tpm/tpm.c", ++ [21608].name = "tpm_write", ++ [21608].param3 = 1, ++ [2160].file = "drivers/net/wireless/ray_cs.c", ++ [2160].name = "int_proc_write", ++ [2160].param3 = 1, ++ [21632].file = "fs/afs/cell.c", ++ [21632].name = "afs_cell_create", ++ [21632].param2 = 1, ++ [21679].file = "drivers/net/wireless/ath/carl9170/debug.c", ++ [21679].name = "carl9170_debugfs_write", ++ [21679].param3 = 1, ++ [21784].file = "crypto/ahash.c", ++ [21784].name = "ahash_setkey_unaligned", ++ [21784].param3 = 1, ++ [2180].file = "drivers/char/ppdev.c", ++ [2180].name = "pp_write", ++ [2180].param3 = 1, ++ [21810].file = "net/core/netprio_cgroup.c", ++ [21810].name = "extend_netdev_table", ++ [21810].param2 = 1, ++ [21906].file = "net/atm/mpc.c", ++ [21906].name = "copy_macs", ++ [21906].param4 = 1, ++ [21946].file = "fs/nfs/idmap.c", ++ [21946].name = "nfs_map_name_to_uid", ++ [21946].param3 = 1, ++ [22052].file = "drivers/net/ethernet/chelsio/cxgb3/sge.c", ++ [22052].name = "get_packet_pg", ++ [22052].param4 = 1, ++ [22085].file = "drivers/staging/sep/sep_driver.c", ++ [22085].name = "sep_lock_user_pages", ++ [22085].param2 = 1, ++ [22085].param3 = 1, ++ [22190].file = "drivers/char/tpm/tpm.c", ++ [22190].name = "tpm_read", ++ [22190].param3 = 1, ++ [22291].file = "net/core/pktgen.c", ++ [22291].name = "pgctrl_write", ++ [22291].param3 = 1, ++ [22439].file = "fs/afs/rxrpc.c", ++ [22439].name = "afs_alloc_flat_call", ++ [22439].param2 = 1, ++ [22439].param3 = 1, ++ [2243].file = "drivers/scsi/scsi_tgt_lib.c", ++ [2243].name = "scsi_tgt_kspace_exec", ++ [2243].param8 = 1, ++ [22440].file = "drivers/uwb/neh.c", ++ [22440].name = "uwb_rc_neh_grok_event", ++ [22440].param3 = 1, ++ [22611].file = "drivers/staging/android/logger.c", ++ [22611].name = "do_write_log_from_user", ++ [22611].param3 = 1, ++ [22614].file = "drivers/media/video/cx18/cx18-fileops.c", ++ [22614].name = "cx18_copy_buf_to_user", ++ [22614].param4 = 1, ++ [22667].file = "drivers/misc/altera-stapl/altera-jtag.c", ++ [22667].name = "altera_set_ir_post", ++ [22667].param2 = 1, ++ [22772].file = "drivers/target/iscsi/iscsi_target_erl1.c", ++ [22772].name = "iscsit_dump_data_payload", ++ [22772].param2 = 1, ++ [22777].file = "drivers/infiniband/ulp/srp/ib_srp.c", ++ [22777].name = "srp_alloc_iu", ++ [22777].param2 = 1, ++ [22811].file = "drivers/usb/dwc3/debugfs.c", ++ [22811].name = "dwc3_mode_write", ++ [22811].param3 = 1, ++ [22817].file = "drivers/media/video/usbvision/usbvision-core.c", ++ [22817].name = "usbvision_rvmalloc", ++ [22817].param1 = 1, ++ [22864].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c", ++ [22864].name = "ath6kl_add_bss_if_needed", ++ [22864].param6 = 1, ++ [2286].file = "drivers/scsi/mvumi.c", ++ [2286].name = "mvumi_alloc_mem_resource", ++ [2286].param3 = 1, ++ [22904].file = "security/selinux/ss/services.c", ++ [22904].name = "security_context_to_sid_default", ++ [22904].param2 = 1, ++ [22932].file = "fs/compat.c", ++ [22932].name = "compat_sys_writev", ++ [22932].param3 = 1, ++ [2302].file = "drivers/media/video/stk-webcam.c", ++ [2302].name = "v4l_stk_read", ++ [2302].param3 = 1, ++ [2307].file = "drivers/pcmcia/cistpl.c", ++ [2307].name = "pcmcia_replace_cis", ++ [2307].param3 = 1, ++ [23117].file = "drivers/media/dvb/ttpci/av7110_av.c", ++ [23117].name = "dvb_audio_write", ++ [23117].param3 = 1, ++ [23220].file = "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c", ++ [23220].name = "do_dmabuf_dirty_sou", ++ [23220].param7 = 1, ++ [23232].file = "drivers/md/persistent-data/dm-space-map-checker.c", ++ [23232].name = "sm_checker_extend", ++ [23232].param2 = 1, ++ [2324].file = "net/ieee802154/wpan-class.c", ++ [2324].name = "wpan_phy_alloc", ++ [2324].param1 = 1, ++ [2328].file = "kernel/trace/ftrace.c", ++ [2328].name = "ftrace_pid_write", ++ [2328].param3 = 1, ++ [23290].file = "fs/proc/base.c", ++ [23290].name = "mem_rw", ++ [23290].param3 = 1, ++ [23449].file = "crypto/blkcipher.c", ++ [23449].name = "blkcipher_next_slow", ++ [23449].param3 = 1, ++ [23449].param4 = 1, ++ [23535].file = "ipc/sem.c", ++ [23535].name = "sys_semtimedop", ++ [23535].param3 = 1, ++ [2357].file = "drivers/usb/serial/garmin_gps.c", ++ [2357].name = "garmin_read_process", ++ [2357].param3 = 1, ++ [23589].file = "kernel/relay.c", ++ [23589].name = "subbuf_read_actor", ++ [23589].param3 = 1, ++ [23848].file = "crypto/blkcipher.c", ++ [23848].name = "async_setkey", ++ [23848].param3 = 1, ++ [2386].file = "drivers/acpi/acpica/exnames.c", ++ [2386].name = "acpi_ex_allocate_name_string", ++ [2386].param2 = 1, ++ [2389].file = "net/core/sock.c", ++ [2389].name = "sock_rmalloc", ++ [2389].param2 = 1, ++ [23994].file = "net/bluetooth/mgmt.c", ++ [23994].name = "set_powered", ++ [23994].param4 = 1, ++ [23999].file = "sound/pci/rme9652/hdsp.c", ++ [23999].name = "snd_hdsp_capture_copy", ++ [23999].param5 = 1, ++ [24233].file = "drivers/pci/pcie/aer/aer_inject.c", ++ [24233].name = "aer_inject_write", ++ [24233].param3 = 1, ++ [24359].file = "kernel/power/qos.c", ++ [24359].name = "pm_qos_power_write", ++ [24359].param3 = 1, ++ [24457].file = "fs/btrfs/backref.c", ++ [24457].name = "init_data_container", ++ [24457].param1 = 1, ++ [24719].file = "drivers/input/evdev.c", ++ [24719].name = "bits_to_user", ++ [24719].param3 = 1, ++ [2472].file = "net/ipv4/netfilter/ip_tables.c", ++ [2472].name = "compat_do_ipt_set_ctl", ++ [2472].param4 = 1, ++ [24755].file = "drivers/infiniband/hw/qib/qib_diag.c", ++ [24755].name = "qib_diag_write", ++ [24755].param3 = 1, ++ [24805].file = "security/keys/user_defined.c", ++ [24805].name = "user_update", ++ [24805].param3 = 1, ++ [25036].file = "fs/pipe.c", ++ [25036].name = "pipe_iov_copy_from_user", ++ [25036].param3 = 1, ++ [25078].file = "drivers/net/wireless/p54/fwio.c", ++ [25078].name = "p54_download_eeprom", ++ [25078].param4 = 1, ++ [25127].file = "drivers/scsi/device_handler/scsi_dh_alua.c", ++ [25127].name = "realloc_buffer", ++ [25127].param2 = 1, ++ [25145].file = "net/tipc/link.c", ++ [25145].name = "link_send_sections_long", ++ [25145].param4 = 1, ++ [25157].file = "security/keys/request_key_auth.c", ++ [25157].name = "request_key_auth_new", ++ [25157].param3 = 1, ++ [25158].file = "drivers/net/ethernet/mellanox/mlx4/en_rx.c", ++ [25158].name = "mlx4_en_create_rx_ring", ++ [25158].param3 = 1, ++ [25267].file = "fs/configfs/file.c", ++ [25267].name = "configfs_write_file", ++ [25267].param3 = 1, ++ [25495].file = "drivers/scsi/bfa/bfad_debugfs.c", ++ [25495].name = "bfad_debugfs_write_regwr", ++ [25495].param3 = 1, ++ [25558].file = "fs/proc/task_mmu.c", ++ [25558].name = "clear_refs_write", ++ [25558].param3 = 1, ++ [25692].file = "drivers/net/wireless/ath/ath6kl/wmi.c", ++ [25692].name = "ath6kl_wmi_send_action_cmd", ++ [25692].param7 = 1, ++ [25765].file = "drivers/media/dvb/b2c2/flexcop.c", ++ [25765].name = "flexcop_device_kmalloc", ++ [25765].param1 = 1, ++ [26100].file = "sound/core/info.c", ++ [26100].name = "snd_info_entry_write", ++ [26100].param3 = 1, ++ [26256].file = "fs/hpfs/name.c", ++ [26256].name = "hpfs_translate_name", ++ [26256].param3 = 1, ++ [26394].file = "drivers/hid/hidraw.c", ++ [26394].name = "hidraw_get_report", ++ [26394].param3 = 1, ++ [26494].file = "kernel/signal.c", ++ [26494].name = "sys_rt_sigpending", ++ [26494].param2 = 1, ++ [26497].file = "security/keys/keyctl.c", ++ [26497].name = "sys_keyctl", ++ [26497].param4 = 1, ++ [26533].file = "drivers/block/aoe/aoechr.c", ++ [26533].name = "aoechr_write", ++ [26533].param3 = 1, ++ [26560].file = "crypto/algapi.c", ++ [26560].name = "crypto_alloc_instance2", ++ [26560].param3 = 1, ++ [26605].file = "security/selinux/selinuxfs.c", ++ [26605].name = "sel_write_user", ++ [26605].param3 = 1, ++ [26620].file = "net/bluetooth/mgmt.c", ++ [26620].name = "mgmt_control", ++ [26620].param3 = 1, ++ [26701].file = "drivers/mtd/chips/cfi_util.c", ++ [26701].name = "cfi_read_pri", ++ [26701].param3 = 1, ++ [26757].file = "fs/xattr.c", ++ [26757].name = "sys_fgetxattr", ++ [26757].param4 = 1, ++ [2678].file = "drivers/platform/x86/asus_acpi.c", ++ [2678].name = "disp_proc_write", ++ [2678].param3 = 1, ++ [26834].file = "drivers/gpu/drm/drm_drv.c", ++ [26834].name = "drm_ioctl", ++ [26834].param2 = 1, ++ [26843].file = "drivers/firewire/core-cdev.c", ++ [26843].name = "fw_device_op_compat_ioctl", ++ [26843].param2 = 1, ++ [26845].file = "drivers/scsi/qla2xxx/qla_bsg.c", ++ [26845].name = "qla2x00_get_ctx_bsg_sp", ++ [26845].param3 = 1, ++ [26888].file = "net/bridge/br_ioctl.c", ++ [26888].name = "get_fdb_entries", ++ [26888].param3 = 1, ++ [26962].file = "drivers/usb/class/usbtmc.c", ++ [26962].name = "usbtmc_write", ++ [26962].param3 = 1, ++ [26966].file = "drivers/media/dvb/ddbridge/ddbridge-core.c", ++ [26966].name = "ts_write", ++ [26966].param3 = 1, ++ [27004].file = "drivers/misc/hpilo.c", ++ [27004].name = "ilo_write", ++ [27004].param3 = 1, ++ [27025].file = "fs/ntfs/file.c", ++ [27025].name = "__ntfs_copy_from_user_iovec_inatomic", ++ [27025].param3 = 1, ++ [27025].param4 = 1, ++ [27061].file = "drivers/firewire/core-cdev.c", ++ [27061].name = "iso_callback", ++ [27061].param3 = 1, ++ [2711].file = "drivers/media/dvb/dvb-core/dvb_ringbuffer.c", ++ [2711].name = "dvb_ringbuffer_read_user", ++ [2711].param3 = 1, ++ [27129].file = "fs/lockd/mon.c", ++ [27129].name = "nsm_get_handle", ++ [27129].param4 = 1, ++ [27142].file = "fs/proc/kcore.c", ++ [27142].name = "read_kcore", ++ [27142].param3 = 1, ++ [27164].file = "include/drm/drm_mem_util.h", ++ [27164].name = "drm_calloc_large", ++ [27164].param1 = 1, ++ [27164].param2 = 1, ++ [27176].file = "drivers/mtd/devices/mtd_dataflash.c", ++ [27176].name = "otp_read", ++ [27176].param2 = 1, ++ [27176].param5 = 1, ++ [27232].file = "security/apparmor/lib.c", ++ [27232].name = "kvmalloc", ++ [27232].param1 = 1, ++ [27275].file = "drivers/scsi/cxgbi/libcxgbi.c", ++ [27275].name = "cxgbi_ddp_reserve", ++ [27275].param4 = 1, ++ [27280].file = "drivers/net/ethernet/mellanox/mlx4/en_tx.c", ++ [27280].name = "mlx4_en_create_tx_ring", ++ [27280].param4 = 1, ++ [27290].file = "security/selinux/ss/services.c", ++ [27290].name = "security_context_to_sid_core", ++ [27290].param2 = 1, ++ [27302].file = "fs/proc/base.c", ++ [27302].name = "proc_loginuid_write", ++ [27302].param3 = 1, ++ [2730].file = "drivers/target/iscsi/iscsi_target_parameters.c", ++ [2730].name = "iscsi_decode_text_input", ++ [2730].param4 = 1, ++ [27314].file = "net/bluetooth/mgmt.c", ++ [27314].name = "cmd_complete", ++ [27314].param5 = 1, ++ [27472].file = "security/selinux/selinuxfs.c", ++ [27472].name = "sel_write_load", ++ [27472].param3 = 1, ++ [27491].file = "fs/proc/base.c", ++ [27491].name = "proc_pid_attr_write", ++ [27491].param3 = 1, ++ [27568].file = "drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c", ++ [27568].name = "t4_alloc_mem", ++ [27568].param1 = 1, ++ [27582].file = "drivers/platform/x86/asus_acpi.c", ++ [27582].name = "ledd_proc_write", ++ [27582].param3 = 1, ++ [27595].file = "net/core/sock.c", ++ [27595].name = "sock_alloc_send_skb", ++ [27595].param2 = 1, ++ [27648].file = "net/bluetooth/l2cap_core.c", ++ [27648].name = "l2cap_bredr_sig_cmd", ++ [27648].param3 = 1, ++ [27697].file = "drivers/staging/mei/iorw.c", ++ [27697].name = "amthi_read", ++ [27697].param4 = 1, ++ [27911].file = "fs/ext4/resize.c", ++ [27911].name = "alloc_flex_gd", ++ [27911].param1 = 1, ++ [27927].file = "drivers/tty/tty_io.c", ++ [27927].name = "redirected_tty_write", ++ [27927].param3 = 1, ++ [28040].file = "kernel/kfifo.c", ++ [28040].name = "__kfifo_alloc", ++ [28040].param2 = 1, ++ [28040].param3 = 1, ++ [28151].file = "mm/filemap_xip.c", ++ [28151].name = "do_xip_mapping_read", ++ [28151].param5 = 1, ++ [28247].file = "net/sctp/tsnmap.c", ++ [28247].name = "sctp_tsnmap_init", ++ [28247].param2 = 1, ++ [28253].file = "include/linux/fb.h", ++ [28253].name = "alloc_apertures", ++ [28253].param1 = 1, ++ [28265].file = "fs/notify/fanotify/fanotify_user.c", ++ [28265].name = "fanotify_write", ++ [28265].param3 = 1, ++ [28316].file = "drivers/input/joydev.c", ++ [28316].name = "joydev_ioctl_common", ++ [28316].param2 = 1, ++ [28359].file = "drivers/spi/spidev.c", ++ [28359].name = "spidev_message", ++ [28359].param3 = 1, ++ [28360].file = "drivers/hid/usbhid/hiddev.c", ++ [28360].name = "hiddev_compat_ioctl", ++ [28360].param2 = 1, ++ [28407].file = "drivers/net/wireless/rt2x00/rt2x00debug.c", ++ [28407].name = "rt2x00debug_write_csr", ++ [28407].param3 = 1, ++ [2847].file = "fs/ntfs/file.c", ++ [2847].name = "ntfs_copy_from_user", ++ [2847].param3 = 1, ++ [2847].param5 = 1, ++ [28584].file = "drivers/memstick/core/memstick.c", ++ [28584].name = "memstick_alloc_host", ++ [28584].param1 = 1, ++ [28783].file = "drivers/gpu/drm/i915/i915_debugfs.c", ++ [28783].name = "i915_cache_sharing_write", ++ [28783].param3 = 1, ++ [28787].file = "drivers/media/video/videobuf2-core.c", ++ [28787].name = "vb2_write", ++ [28787].param3 = 1, ++ [28879].file = "drivers/base/map.c", ++ [28879].name = "kobj_map", ++ [28879].param2 = 1, ++ [28879].param3 = 1, ++ [28889].file = "drivers/char/pcmcia/cm4040_cs.c", ++ [28889].name = "cm4040_write", ++ [28889].param3 = 1, ++ [29073].file = "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c", ++ [29073].name = "vmw_kms_readback", ++ [29073].param6 = 1, ++ [29085].file = "security/apparmor/apparmorfs.c", ++ [29085].name = "profile_load", ++ [29085].param3 = 1, ++ [29092].file = "lib/lru_cache.c", ++ [29092].name = "lc_create", ++ [29092].param3 = 1, ++ [29257].file = "drivers/vhost/vhost.c", ++ [29257].name = "vhost_add_used_and_signal_n", ++ [29257].param4 = 1, ++ [29267].file = "net/ipv4/fib_trie.c", ++ [29267].name = "tnode_alloc", ++ [29267].param1 = 1, ++ [29338].file = "drivers/net/ethernet/brocade/bna/bnad_debugfs.c", ++ [29338].name = "bnad_debugfs_write_regwr", ++ [29338].param3 = 1, ++ [29353].file = "net/sctp/socket.c", ++ [29353].name = "sctp_setsockopt_del_key", ++ [29353].param3 = 1, ++ [29405].file = "drivers/media/dvb/dvb-usb/dw2102.c", ++ [29405].name = "dw210x_op_rw", ++ [29405].param6 = 1, ++ [29542].file = "net/nfc/nci/core.c", ++ [29542].name = "nci_send_cmd", ++ [29542].param3 = 1, ++ [29714].file = "drivers/scsi/cxgbi/libcxgbi.c", ++ [29714].name = "cxgbi_device_register", ++ [29714].param1 = 1, ++ [29714].param2 = 1, ++ [2972].file = "drivers/staging/crystalhd/crystalhd_misc.c", ++ [2972].name = "crystalhd_create_dio_pool", ++ [2972].param2 = 1, ++ [29769].file = "drivers/misc/iwmc3200top/log.c", ++ [29769].name = "store_iwmct_log_level", ++ [29769].param4 = 1, ++ [29792].file = "drivers/staging/bcm/nvm.c", ++ [29792].name = "BcmCopySection", ++ [29792].param5 = 1, ++ [29859].file = "net/rds/page.c", ++ [29859].name = "rds_page_copy_user", ++ [29859].param4 = 1, ++ [29905].file = "mm/nobootmem.c", ++ [29905].name = "___alloc_bootmem", ++ [29905].param1 = 1, ++ [2995].file = "mm/page_alloc.c", ++ [2995].name = "alloc_large_system_hash", ++ [2995].param2 = 1, ++ [30000].file = "drivers/net/wireless/brcm80211/brcmsmac/phy/phy_n.c", ++ [30000].name = "wlc_phy_loadsampletable_nphy", ++ [30000].param3 = 1, ++ [30242].file = "fs/cifs/cifssmb.c", ++ [30242].name = "cifs_readdata_alloc", ++ [30242].param1 = 1, ++ [30494].file = "net/ceph/buffer.c", ++ [30494].name = "ceph_buffer_new", ++ [30494].param1 = 1, ++ [30590].file = "security/tomoyo/memory.c", ++ [30590].name = "tomoyo_commit_ok", ++ [30590].param2 = 1, ++ [3060].file = "lib/mpi/mpiutil.c", ++ [3060].name = "mpi_alloc_limb_space", ++ [3060].param1 = 1, ++ [30687].file = "drivers/uwb/uwb-debug.c", ++ [30687].name = "command_write", ++ [30687].param3 = 1, ++ [30726].file = "drivers/bluetooth/hci_vhci.c", ++ [30726].name = "vhci_get_user", ++ [30726].param3 = 1, ++ [30873].file = "net/packet/af_packet.c", ++ [30873].name = "alloc_one_pg_vec_page", ++ [30873].param1 = 1, ++ [30970].file = "drivers/staging/hv/storvsc_drv.c", ++ [30970].name = "create_bounce_buffer", ++ [30970].param3 = 1, ++ [310].file = "drivers/block/drbd/drbd_bitmap.c", ++ [310].name = "bm_realloc_pages", ++ [310].param2 = 1, ++ [3119].file = "drivers/misc/ibmasm/command.c", ++ [3119].name = "ibmasm_new_command", ++ [3119].param2 = 1, ++ [31207].file = "drivers/platform/x86/asus_acpi.c", ++ [31207].name = "parse_arg", ++ [31207].param2 = 1, ++ [31287].file = "drivers/scsi/libsrp.c", ++ [31287].name = "srp_iu_pool_alloc", ++ [31287].param2 = 1, ++ [31291].file = "sound/pci/rme9652/rme9652.c", ++ [31291].name = "snd_rme9652_capture_copy", ++ [31291].param5 = 1, ++ [31348].file = "kernel/sched/core.c", ++ [31348].name = "sys_sched_getaffinity", ++ [31348].param2 = 1, ++ [31492].file = "drivers/hid/hidraw.c", ++ [31492].name = "hidraw_read", ++ [31492].param3 = 1, ++ [3170].file = "security/integrity/ima/ima_fs.c", ++ [3170].name = "ima_write_policy", ++ [3170].param3 = 1, ++ [31782].file = "drivers/misc/pti.c", ++ [31782].name = "pti_char_write", ++ [31782].param3 = 1, ++ [31789].file = "fs/file.c", ++ [31789].name = "alloc_fdmem", ++ [31789].param1 = 1, ++ [31957].file = "fs/afs/proc.c", ++ [31957].name = "afs_proc_cells_write", ++ [31957].param3 = 1, ++ [32002].file = "net/sctp/socket.c", ++ [32002].name = "sctp_setsockopt_active_key", ++ [32002].param3 = 1, ++ [32182].file = "net/sunrpc/cache.c", ++ [32182].name = "cache_write", ++ [32182].param3 = 1, ++ [32278].file = "kernel/time/timer_stats.c", ++ [32278].name = "tstats_write", ++ [32278].param3 = 1, ++ [32326].file = "drivers/tty/n_r3964.c", ++ [32326].name = "r3964_write", ++ [32326].param4 = 1, ++ [32399].file = "drivers/net/phy/mdio_bus.c", ++ [32399].name = "mdiobus_alloc_size", ++ [32399].param1 = 1, ++ [32402].file = "net/ceph/pagevec.c", ++ [32402].name = "ceph_copy_user_to_page_vector", ++ [32402].param4 = 1, ++ [3241].file = "drivers/usb/wusbcore/crypto.c", ++ [3241].name = "wusb_prf", ++ [3241].param7 = 1, ++ [32459].file = "drivers/media/radio/radio-wl1273.c", ++ [32459].name = "wl1273_fm_fops_write", ++ [32459].param3 = 1, ++ [32531].file = "fs/bio.c", ++ [32531].name = "__bio_map_kern", ++ [32531].param2 = 1, ++ [32531].param3 = 1, ++ [32537].file = "drivers/staging/vme/devices/vme_user.c", ++ [32537].name = "buffer_to_user", ++ [32537].param3 = 1, ++ [32560].file = "drivers/input/input-mt.c", ++ [32560].name = "input_mt_init_slots", ++ [32560].param2 = 1, ++ [32600].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c", ++ [32600].name = "ath6kl_set_assoc_req_ies", ++ [32600].param3 = 1, ++ [32608].file = "security/selinux/selinuxfs.c", ++ [32608].name = "sel_write_checkreqprot", ++ [32608].param3 = 1, ++ [32812].file = "drivers/net/ethernet/neterion/vxge/vxge-config.c", ++ [32812].name = "__vxge_hw_channel_allocate", ++ [32812].param3 = 1, ++ [32950].file = "fs/reiserfs/resize.c", ++ [32950].name = "reiserfs_resize", ++ [32950].param2 = 1, ++ [33010].file = "drivers/media/dvb/dvb-core/dvb_ringbuffer.c", ++ [33010].name = "dvb_ringbuffer_pkt_read_user", ++ [33010].param5 = 1, ++ [33130].file = "net/llc/llc_sap.c", ++ [33130].name = "llc_alloc_frame", ++ [33130].param4 = 1, ++ [33221].file = "crypto/ablkcipher.c", ++ [33221].name = "ablkcipher_copy_iv", ++ [33221].param3 = 1, ++ [33268].file = "mm/maccess.c", ++ [33268].name = "__probe_kernel_write", ++ [33268].param3 = 1, ++ [33280].file = "fs/xfs/kmem.c", ++ [33280].name = "kmem_realloc", ++ [33280].param2 = 1, ++ [33375].file = "drivers/staging/rtl8712/osdep_service.h", ++ [33375].name = "_malloc", ++ [33375].param1 = 1, ++ [33420].file = "drivers/net/team/team.c", ++ [33420].name = "__team_options_register", ++ [33420].param3 = 1, ++ [33489].file = "fs/binfmt_misc.c", ++ [33489].name = "create_entry", ++ [33489].param2 = 1, ++ [33637].file = "net/9p/client.c", ++ [33637].name = "p9_client_read", ++ [33637].param5 = 1, ++ [33669].file = "fs/gfs2/glock.c", ++ [33669].name = "gfs2_glock_nq_m", ++ [33669].param1 = 1, ++ [33704].file = "drivers/gpu/drm/ttm/ttm_page_alloc_dma.c", ++ [33704].name = "ttm_dma_page_pool_free", ++ [33704].param2 = 1, ++ [33779].file = "drivers/staging/vme/devices/vme_user.c", ++ [33779].name = "resource_from_user", ++ [33779].param3 = 1, ++ [33810].file = "net/mac80211/util.c", ++ [33810].name = "ieee80211_send_probe_req", ++ [33810].param6 = 1, ++ [3384].file = "drivers/block/paride/pg.c", ++ [3384].name = "pg_write", ++ [3384].param3 = 1, ++ [34105].file = "fs/libfs.c", ++ [34105].name = "simple_read_from_buffer", ++ [34105].param2 = 1, ++ [34105].param5 = 1, ++ [34120].file = "drivers/media/video/pvrusb2/pvrusb2-io.c", ++ [34120].name = "pvr2_stream_buffer_count", ++ [34120].param2 = 1, ++ [34226].file = "mm/shmem.c", ++ [34226].name = "shmem_xattr_set", ++ [34226].param4 = 1, ++ [34251].file = "drivers/staging/cxt1e1/sbecom_inline_linux.h", ++ [34251].name = "OS_kmalloc", ++ [34251].param1 = 1, ++ [34276].file = "drivers/media/video/videobuf2-core.c", ++ [34276].name = "__vb2_perform_fileio", ++ [34276].param3 = 1, ++ [34278].file = "fs/ubifs/debug.c", ++ [34278].name = "dfs_global_file_write", ++ [34278].param3 = 1, ++ [34432].file = "drivers/edac/edac_pci.c", ++ [34432].name = "edac_pci_alloc_ctl_info", ++ [34432].param1 = 1, ++ [34532].file = "drivers/virtio/virtio_ring.c", ++ [34532].name = "vring_add_indirect", ++ [34532].param3 = 1, ++ [34532].param4 = 1, ++ [34543].file = "net/sctp/tsnmap.c", ++ [34543].name = "sctp_tsnmap_grow", ++ [34543].param2 = 1, ++ [34551].file = "fs/ocfs2/stack_user.c", ++ [34551].name = "ocfs2_control_cfu", ++ [34551].param2 = 1, ++ [34634].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c", ++ [34634].name = "ath6kl_send_go_probe_resp", ++ [34634].param3 = 1, ++ [34666].file = "fs/cifs/cifs_debug.c", ++ [34666].name = "cifs_security_flags_proc_write", ++ [34666].param3 = 1, ++ [3466].file = "drivers/misc/altera-stapl/altera-jtag.c", ++ [3466].name = "altera_drscan", ++ [3466].param2 = 1, ++ [34672].file = "drivers/tty/tty_io.c", ++ [34672].name = "tty_write", ++ [34672].param3 = 1, ++ [34679].file = "drivers/media/video/ivtv/ivtv-fileops.c", ++ [34679].name = "ivtv_copy_buf_to_user", ++ [34679].param4 = 1, ++ [34721].file = "drivers/usb/host/hwa-hc.c", ++ [34721].name = "__hwahc_dev_set_key", ++ [34721].param5 = 1, ++ [34749].file = "mm/nobootmem.c", ++ [34749].name = "__alloc_bootmem_low_node", ++ [34749].param2 = 1, ++ [34760].file = "include/acpi/platform/aclinux.h", ++ [34760].name = "acpi_os_allocate_zeroed", ++ [34760].param1 = 1, ++ [34802].file = "drivers/scsi/cxgbi/libcxgbi.h", ++ [34802].name = "cxgbi_alloc_big_mem", ++ [34802].param1 = 1, ++ [34863].file = "drivers/video/fbsysfs.c", ++ [34863].name = "framebuffer_alloc", ++ [34863].param1 = 1, ++ [34868].file = "drivers/net/ethernet/brocade/bna/bnad_debugfs.c", ++ [34868].name = "bnad_debugfs_write_regrd", ++ [34868].param3 = 1, ++ [34882].file = "drivers/platform/x86/toshiba_acpi.c", ++ [34882].name = "video_proc_write", ++ [34882].param3 = 1, ++ [35050].file = "fs/ocfs2/dlmfs/dlmfs.c", ++ [35050].name = "dlmfs_file_write", ++ [35050].param3 = 1, ++ [35119].file = "fs/xattr.c", ++ [35119].name = "sys_llistxattr", ++ [35119].param3 = 1, ++ [35129].file = "mm/nobootmem.c", ++ [35129].name = "___alloc_bootmem_nopanic", ++ [35129].param1 = 1, ++ [35159].file = "drivers/net/wimax/i2400m/usb.c", ++ [35159].name = "__i2400mu_send_barker", ++ [35159].param3 = 1, ++ [35232].file = "drivers/media/video/cx18/cx18-fileops.c", ++ [35232].name = "cx18_read", ++ [35232].param3 = 1, ++ [35234].file = "net/irda/irnet/irnet_ppp.c", ++ [35234].name = "irnet_ctrl_write", ++ [35234].param3 = 1, ++ [35256].file = "sound/core/memory.c", ++ [35256].name = "copy_from_user_toio", ++ [35256].param3 = 1, ++ [35268].file = "security/keys/request_key_auth.c", ++ [35268].name = "request_key_auth_read", ++ [35268].param3 = 1, ++ [3538].file = "net/bluetooth/mgmt.c", ++ [3538].name = "disconnect", ++ [3538].param4 = 1, ++ [35443].file = "sound/core/pcm_memory.c", ++ [35443].name = "_snd_pcm_lib_alloc_vmalloc_buffer", ++ [35443].param2 = 1, ++ [35468].file = "drivers/xen/xenbus/xenbus_dev_frontend.c", ++ [35468].name = "xenbus_file_write", ++ [35468].param3 = 1, ++ [35536].file = "kernel/sysctl_binary.c", ++ [35536].name = "bin_uuid", ++ [35536].param3 = 1, ++ [35551].file = "drivers/media/video/ivtv/ivtv-fileops.c", ++ [35551].name = "ivtv_read_pos", ++ [35551].param3 = 1, ++ [35556].file = "fs/read_write.c", ++ [35556].name = "sys_readv", ++ [35556].param3 = 1, ++ [35693].file = "drivers/staging/mei/main.c", ++ [35693].name = "mei_read", ++ [35693].param3 = 1, ++ [35703].file = "crypto/ablkcipher.c", ++ [35703].name = "ablkcipher_next_slow", ++ [35703].param3 = 1, ++ [35703].param4 = 1, ++ [35729].file = "include/linux/skbuff.h", ++ [35729].name = "__dev_alloc_skb", ++ [35729].param1 = 1, ++ [35731].file = "drivers/usb/class/cdc-wdm.c", ++ [35731].name = "wdm_read", ++ [35731].param3 = 1, ++ [35796].file = "drivers/mtd/nand/nand_bch.c", ++ [35796].name = "nand_bch_init", ++ [35796].param2 = 1, ++ [35796].param3 = 1, ++ [35880].file = "fs/ecryptfs/crypto.c", ++ [35880].name = "ecryptfs_encrypt_and_encode_filename", ++ [35880].param6 = 1, ++ [36076].file = "drivers/net/ethernet/sfc/tx.c", ++ [36076].name = "efx_tsoh_heap_alloc", ++ [36076].param2 = 1, ++ [36080].file = "drivers/media/video/v4l2-ioctl.c", ++ [36080].name = "video_usercopy", ++ [36080].param2 = 1, ++ [36149].file = "fs/udf/inode.c", ++ [36149].name = "udf_alloc_i_data", ++ [36149].param2 = 1, ++ [36183].file = "drivers/tty/vt/vc_screen.c", ++ [36183].name = "vcs_read", ++ [36183].param3 = 1, ++ [36199].file = "net/sunrpc/auth_gss/auth_gss.c", ++ [36199].name = "gss_pipe_downcall", ++ [36199].param3 = 1, ++ [36206].file = "net/ipv4/tcp_input.c", ++ [36206].name = "tcp_collapse", ++ [36206].param5 = 1, ++ [36206].param6 = 1, ++ [36230].file = "drivers/net/wan/hdlc_ppp.c", ++ [36230].name = "ppp_cp_parse_cr", ++ [36230].param4 = 1, ++ [36284].file = "drivers/spi/spi.c", ++ [36284].name = "spi_register_board_info", ++ [36284].param2 = 1, ++ [36490].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c", ++ [36490].name = "ath6kl_cfg80211_connect_event", ++ [36490].param7 = 1, ++ [36522].file = "drivers/hid/hidraw.c", ++ [36522].name = "hidraw_send_report", ++ [36522].param3 = 1, ++ [36560].file = "net/sunrpc/cache.c", ++ [36560].name = "write_flush", ++ [36560].param3 = 1, ++ [36807].file = "drivers/usb/mon/mon_bin.c", ++ [36807].name = "mon_bin_get_event", ++ [36807].param4 = 1, ++ [37034].file = "fs/cifs/cifssmb.c", ++ [37034].name = "cifs_writedata_alloc", ++ [37034].param1 = 1, ++ [37044].file = "sound/firewire/packets-buffer.c", ++ [37044].name = "iso_packets_buffer_init", ++ [37044].param3 = 1, ++ [37108].file = "drivers/media/dvb/ttpci/av7110_av.c", ++ [37108].name = "dvb_video_write", ++ [37108].param3 = 1, ++ [37154].file = "net/nfc/llcp/commands.c", ++ [37154].name = "nfc_llcp_build_tlv", ++ [37154].param3 = 1, ++ [37163].file = "net/core/skbuff.c", ++ [37163].name = "__netdev_alloc_skb", ++ [37163].param2 = 1, ++ [37233].file = "fs/ocfs2/cluster/tcp.c", ++ [37233].name = "o2net_send_message_vec", ++ [37233].param4 = 1, ++ [37241].file = "net/atm/lec.c", ++ [37241].name = "lane2_associate_req", ++ [37241].param4 = 1, ++ [37384].file = "drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c", ++ [37384].name = "vmw_fifo_reserve", ++ [37384].param2 = 1, ++ [37497].file = "net/mac80211/util.c", ++ [37497].name = "ieee80211_build_probe_req", ++ [37497].param7 = 1, ++ [37535].file = "kernel/trace/trace.c", ++ [37535].name = "tracing_trace_options_write", ++ [37535].param3 = 1, ++ [37611].file = "drivers/xen/xenbus/xenbus_xs.c", ++ [37611].name = "split", ++ [37611].param2 = 1, ++ [37661].file = "mm/filemap.c", ++ [37661].name = "file_read_actor", ++ [37661].param4 = 1, ++ [37852].file = "drivers/staging/android/logger.c", ++ [37852].name = "do_read_log_to_user", ++ [37852].param4 = 1, ++ [37921].file = "drivers/net/wireless/wl12xx/rx.c", ++ [37921].name = "wl1271_rx_handle_data", ++ [37921].param3 = 1, ++ [37976].file = "drivers/platform/x86/asus_acpi.c", ++ [37976].name = "bluetooth_proc_write", ++ [37976].param3 = 1, ++ [3797].file = "sound/pci/asihpi/hpicmn.c", ++ [3797].name = "hpi_alloc_control_cache", ++ [3797].param1 = 1, ++ [3801].file = "drivers/block/paride/pt.c", ++ [3801].name = "pt_write", ++ [3801].param3 = 1, ++ [38052].file = "kernel/kexec.c", ++ [38052].name = "kimage_normal_alloc", ++ [38052].param3 = 1, ++ [38057].file = "fs/coda/psdev.c", ++ [38057].name = "coda_psdev_write", ++ [38057].param3 = 1, ++ [38186].file = "kernel/signal.c", ++ [38186].name = "do_sigpending", ++ [38186].param2 = 1, ++ [38314].file = "fs/nfs/read.c", ++ [38314].name = "nfs_readdata_alloc", ++ [38314].param1 = 1, ++ [38401].file = "drivers/xen/xenbus/xenbus_dev_frontend.c", ++ [38401].name = "queue_reply", ++ [38401].param3 = 1, ++ [3841].file = "drivers/platform/x86/asus_acpi.c", ++ [3841].name = "write_led", ++ [3841].param2 = 1, ++ [38532].file = "fs/afs/cell.c", ++ [38532].name = "afs_cell_lookup", ++ [38532].param2 = 1, ++ [38564].file = "fs/nfs/nfs4proc.c", ++ [38564].name = "nfs4_realloc_slot_table", ++ [38564].param2 = 1, ++ [38576].file = "drivers/i2c/i2c-dev.c", ++ [38576].name = "i2cdev_read", ++ [38576].param3 = 1, ++ [38704].file = "drivers/media/video/uvc/uvc_driver.c", ++ [38704].name = "uvc_alloc_entity", ++ [38704].param3 = 1, ++ [38704].param4 = 1, ++ [38747].file = "fs/xattr.c", ++ [38747].name = "sys_lgetxattr", ++ [38747].param4 = 1, ++ [38867].file = "drivers/scsi/scsi_transport_fc.c", ++ [38867].name = "fc_host_post_vendor_event", ++ [38867].param3 = 1, ++ [38931].file = "drivers/isdn/hardware/eicon/capimain.c", ++ [38931].name = "diva_os_alloc_message_buffer", ++ [38931].param1 = 1, ++ [38972].file = "security/smack/smackfs.c", ++ [38972].name = "smk_write_logging", ++ [38972].param3 = 1, ++ [39001].file = "net/xfrm/xfrm_hash.c", ++ [39001].name = "xfrm_hash_alloc", ++ [39001].param1 = 1, ++ [39052].file = "drivers/input/evdev.c", ++ [39052].name = "evdev_ioctl", ++ [39052].param2 = 1, ++ [39066].file = "drivers/media/dvb/frontends/tda10048.c", ++ [39066].name = "tda10048_writeregbulk", ++ [39066].param4 = 1, ++ [39118].file = "drivers/misc/iwmc3200top/log.c", ++ [39118].name = "store_iwmct_log_level_fw", ++ [39118].param4 = 1, ++ [39254].file = "drivers/char/pcmcia/cm4000_cs.c", ++ [39254].name = "cmm_write", ++ [39254].param3 = 1, ++ [39392].file = "drivers/atm/solos-pci.c", ++ [39392].name = "send_command", ++ [39392].param4 = 1, ++ [39415].file = "fs/pstore/inode.c", ++ [39415].name = "pstore_mkfile", ++ [39415].param5 = 1, ++ [39417].file = "drivers/block/DAC960.c", ++ [39417].name = "dac960_user_command_proc_write", ++ [39417].param3 = 1, ++ [39460].file = "fs/btrfs/volumes.c", ++ [39460].name = "btrfs_map_block", ++ [39460].param3 = 1, ++ [39479].file = "drivers/ide/ide-tape.c", ++ [39479].name = "idetape_chrdev_read", ++ [39479].param3 = 1, ++ [39586].file = "drivers/hv/channel.c", ++ [39586].name = "create_gpadl_header", ++ [39586].param2 = 1, ++ [39638].file = "security/selinux/selinuxfs.c", ++ [39638].name = "sel_write_avc_cache_threshold", ++ [39638].param3 = 1, ++ [39645].file = "drivers/media/dvb/dvb-core/dvbdev.c", ++ [39645].name = "dvb_generic_ioctl", ++ [39645].param2 = 1, ++ [39770].file = "include/linux/mISDNif.h", ++ [39770].name = "mI_alloc_skb", ++ [39770].param1 = 1, ++ [39813].file = "fs/ocfs2/stack_user.c", ++ [39813].name = "ocfs2_control_message", ++ [39813].param3 = 1, ++ [39888].file = "net/core/skbuff.c", ++ [39888].name = "__alloc_skb", ++ [39888].param1 = 1, ++ [39980].file = "net/bluetooth/mgmt.c", ++ [39980].name = "pair_device", ++ [39980].param4 = 1, ++ [40043].file = "drivers/media/video/v4l2-ioctl.c", ++ [40043].name = "video_ioctl2", ++ [40043].param2 = 1, ++ [40049].file = "drivers/bluetooth/btmrvl_debugfs.c", ++ [40049].name = "btmrvl_psmode_write", ++ [40049].param3 = 1, ++ [40075].file = "drivers/media/video/c-qcam.c", ++ [40075].name = "qc_capture", ++ [40075].param3 = 1, ++ [40163].file = "fs/ncpfs/file.c", ++ [40163].name = "ncp_file_write", ++ [40163].param3 = 1, ++ [40240].file = "drivers/char/nvram.c", ++ [40240].name = "nvram_write", ++ [40240].param3 = 1, ++ [40256].file = "drivers/tty/vt/vc_screen.c", ++ [40256].name = "vcs_write", ++ [40256].param3 = 1, ++ [40302].file = "sound/isa/gus/gus_dram.c", ++ [40302].name = "snd_gus_dram_poke", ++ [40302].param4 = 1, ++ [40339].file = "drivers/acpi/apei/hest.c", ++ [40339].name = "hest_ghes_dev_register", ++ [40339].param1 = 1, ++ [40355].file = "drivers/staging/mei/main.c", ++ [40355].name = "mei_write", ++ [40355].param3 = 1, ++ [40373].file = "fs/cifs/cifs_spnego.c", ++ [40373].name = "cifs_spnego_key_instantiate", ++ [40373].param3 = 1, ++ [40519].file = "net/sctp/socket.c", ++ [40519].name = "sctp_setsockopt_events", ++ [40519].param3 = 1, ++ [40694].file = "mm/page_cgroup.c", ++ [40694].name = "alloc_page_cgroup", ++ [40694].param1 = 1, ++ [40731].file = "drivers/tty/tty_io.c", ++ [40731].name = "do_tty_write", ++ [40731].param5 = 1, ++ [40754].file = "fs/btrfs/delayed-inode.c", ++ [40754].name = "btrfs_alloc_delayed_item", ++ [40754].param1 = 1, ++ [40786].file = "net/ipv4/netfilter/nf_nat_snmp_basic.c", ++ [40786].name = "asn1_octets_decode", ++ [40786].param2 = 1, ++ [40901].file = "drivers/block/drbd/drbd_bitmap.c", ++ [40901].name = "drbd_bm_resize", ++ [40901].param2 = 1, ++ [40951].file = "drivers/xen/evtchn.c", ++ [40951].name = "evtchn_read", ++ [40951].param3 = 1, ++ [40952].file = "drivers/misc/sgi-xp/xpc_partition.c", ++ [40952].name = "xpc_kmalloc_cacheline_aligned", ++ [40952].param1 = 1, ++ [41000].file = "sound/core/pcm_native.c", ++ [41000].name = "snd_pcm_aio_read", ++ [41000].param3 = 1, ++ [41005].file = "net/bridge/netfilter/ebtables.c", ++ [41005].name = "copy_counters_to_user", ++ [41005].param5 = 1, ++ [41041].file = "net/core/sock.c", ++ [41041].name = "sock_wmalloc", ++ [41041].param2 = 1, ++ [41122].file = "fs/binfmt_misc.c", ++ [41122].name = "bm_status_write", ++ [41122].param3 = 1, ++ [41176].file = "kernel/trace/trace_events.c", ++ [41176].name = "subsystem_filter_write", ++ [41176].param3 = 1, ++ [41249].file = "drivers/media/video/zr364xx.c", ++ [41249].name = "send_control_msg", ++ [41249].param6 = 1, ++ [41287].file = "drivers/net/ethernet/neterion/vxge/vxge-config.c", ++ [41287].name = "vxge_os_dma_malloc_async", ++ [41287].param3 = 1, ++ [41302].file = "net/dns_resolver/dns_query.c", ++ [41302].name = "dns_query", ++ [41302].param3 = 1, ++ [41408].file = "mm/filemap_xip.c", ++ [41408].name = "__xip_file_write", ++ [41408].param3 = 1, ++ [41547].file = "net/bluetooth/smp.c", ++ [41547].name = "smp_build_cmd", ++ [41547].param3 = 1, ++ [4155].file = "kernel/kexec.c", ++ [4155].name = "do_kimage_alloc", ++ [4155].param3 = 1, ++ [41676].file = "fs/compat.c", ++ [41676].name = "compat_sys_preadv", ++ [41676].param3 = 1, ++ [4167].file = "drivers/media/dvb/frontends/cx24116.c", ++ [4167].name = "cx24116_writeregN", ++ [4167].param4 = 1, ++ [41793].file = "drivers/net/wireless/ath/ath6kl/wmi.c", ++ [41793].name = "ath6kl_wmi_send_mgmt_cmd", ++ [41793].param7 = 1, ++ [41924].file = "security/keys/keyctl.c", ++ [41924].name = "keyctl_get_security", ++ [41924].param3 = 1, ++ [41968].file = "fs/btrfs/volumes.c", ++ [41968].name = "__btrfs_map_block", ++ [41968].param3 = 1, ++ [4202].file = "drivers/edac/edac_mc.c", ++ [4202].name = "edac_mc_alloc", ++ [4202].param1 = 1, ++ [42081].file = "net/econet/af_econet.c", ++ [42081].name = "aun_incoming", ++ [42081].param3 = 1, ++ [42143].file = "drivers/media/video/c-qcam.c", ++ [42143].name = "qcam_read", ++ [42143].param3 = 1, ++ [42206].file = "fs/quota/quota_tree.c", ++ [42206].name = "getdqbuf", ++ [42206].param1 = 1, ++ [42270].file = "net/wireless/scan.c", ++ [42270].name = "cfg80211_inform_bss_frame", ++ [42270].param4 = 1, ++ [42281].file = "include/linux/mISDNif.h", ++ [42281].name = "_queue_data", ++ [42281].param4 = 1, ++ [42420].file = "drivers/net/wireless/hostap/hostap_ioctl.c", ++ [42420].name = "prism2_set_genericelement", ++ [42420].param3 = 1, ++ [42472].file = "fs/compat.c", ++ [42472].name = "compat_readv", ++ [42472].param3 = 1, ++ [42473].file = "net/tipc/name_table.c", ++ [42473].name = "tipc_subseq_alloc", ++ [42473].param1 = 1, ++ [42562].file = "kernel/kfifo.c", ++ [42562].name = "__kfifo_to_user_r", ++ [42562].param3 = 1, ++ [42666].file = "drivers/pcmcia/cistpl.c", ++ [42666].name = "read_cis_cache", ++ [42666].param4 = 1, ++ [42714].file = "drivers/scsi/scsi_tgt_lib.c", ++ [42714].name = "scsi_tgt_copy_sense", ++ [42714].param3 = 1, ++ [42833].file = "kernel/trace/blktrace.c", ++ [42833].name = "blk_msg_write", ++ [42833].param3 = 1, ++ [42857].file = "security/selinux/selinuxfs.c", ++ [42857].name = "sel_write_member", ++ [42857].param3 = 1, ++ [42882].file = "security/keys/user_defined.c", ++ [42882].name = "user_instantiate", ++ [42882].param3 = 1, ++ [42930].file = "net/caif/cfpkt_skbuff.c", ++ [42930].name = "cfpkt_create_pfx", ++ [42930].param1 = 1, ++ [42930].param2 = 1, ++ [43023].file = "drivers/usb/misc/usblcd.c", ++ [43023].name = "lcd_write", ++ [43023].param3 = 1, ++ [43104].file = "drivers/mtd/devices/mtd_dataflash.c", ++ [43104].name = "dataflash_read_user_otp", ++ [43104].param3 = 1, ++ [43133].file = "lib/mpi/mpiutil.c", ++ [43133].name = "mpi_resize", ++ [43133].param2 = 1, ++ [4324].file = "drivers/video/fbmem.c", ++ [4324].name = "fb_read", ++ [4324].param3 = 1, ++ [43266].file = "fs/afs/cell.c", ++ [43266].name = "afs_cell_alloc", ++ [43266].param2 = 1, ++ [4328].file = "drivers/usb/musb/musb_debugfs.c", ++ [4328].name = "musb_test_mode_write", ++ [4328].param3 = 1, ++ [43380].file = "drivers/scsi/bfa/bfad_debugfs.c", ++ [43380].name = "bfad_debugfs_write_regrd", ++ [43380].param3 = 1, ++ [43510].file = "kernel/kexec.c", ++ [43510].name = "compat_sys_kexec_load", ++ [43510].param2 = 1, ++ [43540].file = "include/rdma/ib_verbs.h", ++ [43540].name = "ib_copy_to_udata", ++ [43540].param3 = 1, ++ [4357].file = "security/tomoyo/securityfs_if.c", ++ [4357].name = "tomoyo_read_self", ++ [4357].param3 = 1, ++ [43590].file = "security/smack/smackfs.c", ++ [43590].name = "smk_write_onlycap", ++ [43590].param3 = 1, ++ [43596].file = "drivers/usb/core/buffer.c", ++ [43596].name = "hcd_buffer_alloc", ++ [43596].param2 = 1, ++ [43632].file = "drivers/media/video/videobuf2-core.c", ++ [43632].name = "vb2_read", ++ [43632].param3 = 1, ++ [43659].file = "drivers/firmware/efivars.c", ++ [43659].name = "efivar_create_sysfs_entry", ++ [43659].param2 = 1, ++ [43731].file = "drivers/hid/hid-picolcd.c", ++ [43731].name = "picolcd_debug_eeprom_read", ++ [43731].param3 = 1, ++ [43777].file = "drivers/acpi/acpica/utobject.c", ++ [43777].name = "acpi_ut_create_buffer_object", ++ [43777].param1 = 1, ++ [43798].file = "net/bluetooth/mgmt.c", ++ [43798].name = "set_local_name", ++ [43798].param4 = 1, ++ [4380].file = "drivers/mtd/devices/mtd_dataflash.c", ++ [4380].name = "dataflash_read_fact_otp", ++ [4380].param3 = 1, ++ [43834].file = "security/apparmor/apparmorfs.c", ++ [43834].name = "profile_replace", ++ [43834].param3 = 1, ++ [43895].file = "drivers/media/dvb/ddbridge/ddbridge-core.c", ++ [43895].name = "ddb_output_write", ++ [43895].param3 = 1, ++ [43899].file = "drivers/media/rc/imon.c", ++ [43899].name = "vfd_write", ++ [43899].param3 = 1, ++ [43900].file = "drivers/scsi/cxgbi/libcxgbi.c", ++ [43900].name = "cxgbi_device_portmap_create", ++ [43900].param3 = 1, ++ [43922].file = "drivers/mmc/card/mmc_test.c", ++ [43922].name = "mmc_test_alloc_mem", ++ [43922].param3 = 1, ++ [43946].file = "drivers/net/wireless/ath/ath6kl/txrx.c", ++ [43946].name = "aggr_recv_addba_req_evt", ++ [43946].param4 = 1, ++ [44006].file = "mm/process_vm_access.c", ++ [44006].name = "process_vm_rw_pages", ++ [44006].param5 = 1, ++ [44006].param6 = 1, ++ [44050].file = "fs/nfs/idmap.c", ++ [44050].name = "nfs_map_group_to_gid", ++ [44050].param3 = 1, ++ [44125].file = "fs/ext4/super.c", ++ [44125].name = "ext4_kvmalloc", ++ [44125].param1 = 1, ++ [44266].file = "kernel/cgroup.c", ++ [44266].name = "cgroup_write_string", ++ [44266].param5 = 1, ++ [44290].file = "drivers/net/usb/dm9601.c", ++ [44290].name = "dm_read", ++ [44290].param3 = 1, ++ [44308].file = "crypto/af_alg.c", ++ [44308].name = "alg_setkey", ++ [44308].param3 = 1, ++ [44510].file = "drivers/net/ethernet/broadcom/bnx2.c", ++ [44510].name = "bnx2_nvram_write", ++ [44510].param2 = 1, ++ [44625].file = "net/bluetooth/mgmt.c", ++ [44625].name = "set_connectable", ++ [44625].param4 = 1, ++ [44642].file = "drivers/net/wireless/iwmc3200wifi/commands.c", ++ [44642].name = "iwm_umac_set_config_var", ++ [44642].param4 = 1, ++ [44698].file = "net/sctp/socket.c", ++ [44698].name = "sctp_setsockopt_context", ++ [44698].param3 = 1, ++ [4471].file = "fs/ntfs/malloc.h", ++ [4471].name = "__ntfs_malloc", ++ [4471].param1 = 1, ++ [44773].file = "drivers/staging/vme/devices/vme_user.c", ++ [44773].name = "vme_user_write", ++ [44773].param3 = 1, ++ [44825].file = "drivers/scsi/osd/osd_initiator.c", ++ [44825].name = "_osd_realloc_seg", ++ [44825].param3 = 1, ++ [44852].file = "net/sctp/socket.c", ++ [44852].name = "sctp_setsockopt_rtoinfo", ++ [44852].param3 = 1, ++ [44936].file = "drivers/md/dm-raid.c", ++ [44936].name = "context_alloc", ++ [44936].param3 = 1, ++ [44943].file = "mm/util.c", ++ [44943].name = "kmemdup", ++ [44943].param2 = 1, ++ [44946].file = "net/sctp/socket.c", ++ [44946].name = "sctp_setsockopt_auth_chunk", ++ [44946].param3 = 1, ++ [44990].file = "drivers/media/video/pvrusb2/pvrusb2-ioread.c", ++ [44990].name = "pvr2_ioread_set_sync_key", ++ [44990].param3 = 1, ++ [45000].file = "fs/afs/proc.c", ++ [45000].name = "afs_proc_rootcell_write", ++ [45000].param3 = 1, ++ [45117].file = "drivers/staging/winbond/wb35reg.c", ++ [45117].name = "Wb35Reg_BurstWrite", ++ [45117].param4 = 1, ++ [45200].file = "drivers/scsi/scsi_proc.c", ++ [45200].name = "proc_scsi_write_proc", ++ [45200].param3 = 1, ++ [45217].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", ++ [45217].name = "iwl_dbgfs_debug_level_write", ++ [45217].param3 = 1, ++ [45233].file = "net/rds/info.c", ++ [45233].name = "rds_info_getsockopt", ++ [45233].param3 = 1, ++ [45326].file = "drivers/mtd/ubi/cdev.c", ++ [45326].name = "vol_cdev_read", ++ [45326].param3 = 1, ++ [45335].file = "fs/read_write.c", ++ [45335].name = "vfs_writev", ++ [45335].param3 = 1, ++ [45366].file = "drivers/net/ethernet/chelsio/cxgb3/cxgb3_offload.c", ++ [45366].name = "init_tid_tabs", ++ [45366].param2 = 1, ++ [45366].param3 = 1, ++ [45366].param4 = 1, ++ [45534].file = "drivers/net/wireless/ath/carl9170/cmd.c", ++ [45534].name = "carl9170_cmd_buf", ++ [45534].param3 = 1, ++ [45576].file = "net/netfilter/xt_recent.c", ++ [45576].name = "recent_mt_proc_write", ++ [45576].param3 = 1, ++ [45583].file = "fs/gfs2/dir.c", ++ [45583].name = "leaf_dealloc", ++ [45583].param3 = 1, ++ [45586].file = "drivers/net/wireless/rt2x00/rt2x00debug.c", ++ [45586].name = "rt2x00debug_write_bbp", ++ [45586].param3 = 1, ++ [45629].file = "lib/bch.c", ++ [45629].name = "bch_alloc", ++ [45629].param1 = 1, ++ [45633].file = "drivers/input/evdev.c", ++ [45633].name = "evdev_do_ioctl", ++ [45633].param2 = 1, ++ [45743].file = "drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c", ++ [45743].name = "qlcnic_alloc_msix_entries", ++ [45743].param2 = 1, ++ [45864].file = "drivers/atm/ambassador.c", ++ [45864].name = "create_queues", ++ [45864].param2 = 1, ++ [45864].param3 = 1, ++ [45930].file = "security/apparmor/apparmorfs.c", ++ [45930].name = "profile_remove", ++ [45930].param3 = 1, ++ [45954].file = "drivers/usb/misc/legousbtower.c", ++ [45954].name = "tower_write", ++ [45954].param3 = 1, ++ [46140].file = "sound/core/memalloc.c", ++ [46140].name = "snd_mem_proc_write", ++ [46140].param3 = 1, ++ [4616].file = "net/sunrpc/cache.c", ++ [4616].name = "cache_do_downcall", ++ [4616].param3 = 1, ++ [46243].file = "fs/binfmt_misc.c", ++ [46243].name = "bm_register_write", ++ [46243].param3 = 1, ++ [46250].file = "fs/xattr.c", ++ [46250].name = "sys_getxattr", ++ [46250].param4 = 1, ++ [46343].file = "fs/compat.c", ++ [46343].name = "compat_do_readv_writev", ++ [46343].param4 = 1, ++ [46400].file = "drivers/staging/sep/sep_driver.c", ++ [46400].name = "sep_prepare_input_output_dma_table", ++ [46400].param2 = 1, ++ [46400].param3 = 1, ++ [46400].param4 = 1, ++ [4644].file = "drivers/net/usb/mcs7830.c", ++ [4644].name = "mcs7830_get_reg", ++ [4644].param3 = 1, ++ [46605].file = "sound/core/oss/pcm_oss.c", ++ [46605].name = "snd_pcm_oss_sync1", ++ [46605].param2 = 1, ++ [46630].file = "net/decnet/af_decnet.c", ++ [46630].name = "__dn_setsockopt", ++ [46630].param5 = 1, ++ [46655].file = "drivers/media/video/hdpvr/hdpvr-video.c", ++ [46655].name = "hdpvr_read", ++ [46655].param3 = 1, ++ [46685].file = "drivers/gpu/drm/ttm/ttm_bo_vm.c", ++ [46685].name = "ttm_bo_fbdev_io", ++ [46685].param4 = 1, ++ [46742].file = "drivers/scsi/st.c", ++ [46742].name = "sgl_map_user_pages", ++ [46742].param2 = 1, ++ [46881].file = "drivers/char/lp.c", ++ [46881].name = "lp_write", ++ [46881].param3 = 1, ++ [47130].file = "kernel/kfifo.c", ++ [47130].name = "kfifo_copy_to_user", ++ [47130].param3 = 1, ++ [47265].file = "drivers/scsi/bnx2fc/bnx2fc_io.c", ++ [47265].name = "bnx2fc_cmd_mgr_alloc", ++ [47265].param2 = 1, ++ [47265].param3 = 1, ++ [47309].file = "drivers/scsi/aic94xx/aic94xx_init.c", ++ [47309].name = "asd_store_update_bios", ++ [47309].param4 = 1, ++ [47342].file = "fs/proc/base.c", ++ [47342].name = "sched_autogroup_write", ++ [47342].param3 = 1, ++ [47363].file = "drivers/input/evdev.c", ++ [47363].name = "evdev_ioctl_handler", ++ [47363].param2 = 1, ++ [47385].file = "drivers/net/wireless/zd1211rw/zd_usb.c", ++ [47385].name = "zd_usb_iowrite16v", ++ [47385].param3 = 1, ++ [4738].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c", ++ [4738].name = "ath6kl_set_ap_probe_resp_ies", ++ [4738].param3 = 1, ++ [47393].file = "drivers/net/wireless/ath/main.c", ++ [47393].name = "ath_rxbuf_alloc", ++ [47393].param2 = 1, ++ [47463].file = "fs/xfs/kmem.c", ++ [47463].name = "kmem_zalloc", ++ [47463].param1 = 1, ++ [47474].file = "kernel/trace/trace.c", ++ [47474].name = "tracing_buffers_read", ++ [47474].param3 = 1, ++ [47636].file = "drivers/usb/class/usblp.c", ++ [47636].name = "usblp_ioctl", ++ [47636].param2 = 1, ++ [47637].file = "drivers/block/cciss.c", ++ [47637].name = "cciss_proc_write", ++ [47637].param3 = 1, ++ [47712].file = "net/sctp/socket.c", ++ [47712].name = "sctp_setsockopt_maxburst", ++ [47712].param3 = 1, ++ [47728].file = "drivers/char/agp/isoch.c", ++ [47728].name = "agp_3_5_isochronous_node_enable", ++ [47728].param3 = 1, ++ [4779].file = "fs/pipe.c", ++ [4779].name = "pipe_set_size", ++ [4779].param2 = 1, ++ [47881].file = "security/selinux/selinuxfs.c", ++ [47881].name = "sel_write_disable", ++ [47881].param3 = 1, ++ [48111].file = "net/wireless/sme.c", ++ [48111].name = "cfg80211_roamed_bss", ++ [48111].param4 = 1, ++ [48111].param6 = 1, ++ [48124].file = "drivers/net/wireless/iwmc3200wifi/main.c", ++ [48124].name = "iwm_notif_send", ++ [48124].param6 = 1, ++ [48155].file = "net/sctp/sm_make_chunk.c", ++ [48155].name = "sctp_make_abort_user", ++ [48155].param3 = 1, ++ [48182].file = "crypto/cryptd.c", ++ [48182].name = "cryptd_alloc_instance", ++ [48182].param2 = 1, ++ [48182].param3 = 1, ++ [48248].file = "security/keys/keyctl.c", ++ [48248].name = "keyctl_instantiate_key", ++ [48248].param3 = 1, ++ [4829].file = "drivers/block/floppy.c", ++ [4829].name = "fd_copyout", ++ [4829].param3 = 1, ++ [48632].file = "net/bluetooth/l2cap_core.c", ++ [48632].name = "l2cap_build_cmd", ++ [48632].param4 = 1, ++ [48642].file = "fs/hugetlbfs/inode.c", ++ [48642].name = "hugetlbfs_read", ++ [48642].param3 = 1, ++ [48720].file = "drivers/gpu/drm/i915/i915_debugfs.c", ++ [48720].name = "i915_max_freq_write", ++ [48720].param3 = 1, ++ [48768].file = "net/irda/irnet/irnet_ppp.c", ++ [48768].name = "dev_irnet_write", ++ [48768].param3 = 1, ++ [48818].file = "net/sunrpc/svc.c", ++ [48818].name = "svc_pool_map_alloc_arrays", ++ [48818].param2 = 1, ++ [48856].file = "drivers/acpi/acpica/utalloc.c", ++ [48856].name = "acpi_ut_initialize_buffer", ++ [48856].param2 = 1, ++ [48862].file = "net/sctp/socket.c", ++ [48862].name = "sctp_setsockopt_adaptation_layer", ++ [48862].param3 = 1, ++ [49126].file = "lib/prio_heap.c", ++ [49126].name = "heap_init", ++ [49126].param2 = 1, ++ [49143].file = "sound/core/oss/pcm_oss.c", ++ [49143].name = "snd_pcm_oss_write2", ++ [49143].param3 = 1, ++ [49216].file = "fs/read_write.c", ++ [49216].name = "do_readv_writev", ++ [49216].param4 = 1, ++ [49426].file = "net/bluetooth/l2cap_sock.c", ++ [49426].name = "l2cap_sock_setsockopt_old", ++ [49426].param4 = 1, ++ [49448].file = "drivers/isdn/gigaset/common.c", ++ [49448].name = "gigaset_initdriver", ++ [49448].param2 = 1, ++ [49494].file = "drivers/virtio/virtio_ring.c", ++ [49494].name = "vring_new_virtqueue", ++ [49494].param1 = 1, ++ [49499].file = "drivers/block/nvme.c", ++ [49499].name = "nvme_alloc_iod", ++ [49499].param1 = 1, ++ [49510].file = "net/sctp/socket.c", ++ [49510].name = "sctp_setsockopt_autoclose", ++ [49510].param3 = 1, ++ [4958].file = "drivers/net/wireless/p54/fwio.c", ++ [4958].name = "p54_alloc_skb", ++ [4958].param3 = 1, ++ [49604].file = "crypto/af_alg.c", ++ [49604].name = "alg_setsockopt", ++ [49604].param5 = 1, ++ [49646].file = "drivers/tty/vt/vt.c", ++ [49646].name = "vc_resize", ++ [49646].param2 = 1, ++ [49646].param3 = 1, ++ [49658].file = "drivers/net/wireless/brcm80211/brcmsmac/dma.c", ++ [49658].name = "dma_attach", ++ [49658].param6 = 1, ++ [49658].param7 = 1, ++ [49663].file = "drivers/media/video/uvc/uvc_driver.c", ++ [49663].name = "uvc_simplify_fraction", ++ [49663].param3 = 1, ++ [49746].file = "net/ipv4/netfilter/arp_tables.c", ++ [49746].name = "compat_do_arpt_set_ctl", ++ [49746].param4 = 1, ++ [49780].file = "net/mac80211/key.c", ++ [49780].name = "ieee80211_key_alloc", ++ [49780].param3 = 1, ++ [49805].file = "drivers/pci/pci.c", ++ [49805].name = "pci_add_cap_save_buffer", ++ [49805].param3 = 1, ++ [49845].file = "mm/vmalloc.c", ++ [49845].name = "__vmalloc_node", ++ [49845].param1 = 1, ++ [49929].file = "drivers/mtd/ubi/cdev.c", ++ [49929].name = "vol_cdev_direct_write", ++ [49929].param3 = 1, ++ [49935].file = "fs/xfs/kmem.c", ++ [49935].name = "kmem_zalloc_greedy", ++ [49935].param2 = 1, ++ [49935].param3 = 1, ++ [49].file = "net/atm/svc.c", ++ [49].name = "svc_setsockopt", ++ [49].param5 = 1, ++ [50518].file = "drivers/gpu/drm/nouveau/nouveau_gem.c", ++ [50518].name = "u_memcpya", ++ [50518].param2 = 1, ++ [50518].param3 = 1, ++ [5052].file = "drivers/char/ppdev.c", ++ [5052].name = "pp_read", ++ [5052].param3 = 1, ++ [50562].file = "drivers/media/video/zoran/zoran_procfs.c", ++ [50562].name = "zoran_write", ++ [50562].param3 = 1, ++ [50617].file = "fs/hugetlbfs/inode.c", ++ [50617].name = "hugetlbfs_read_actor", ++ [50617].param2 = 1, ++ [50617].param4 = 1, ++ [50617].param5 = 1, ++ [50692].file = "lib/ts_bm.c", ++ [50692].name = "bm_init", ++ [50692].param2 = 1, ++ [50813].file = "mm/vmalloc.c", ++ [50813].name = "__vmalloc_node_flags", ++ [50813].param1 = 1, ++ [5087].file = "drivers/atm/solos-pci.c", ++ [5087].name = "console_store", ++ [5087].param4 = 1, ++ [5102].file = "drivers/usb/misc/usbtest.c", ++ [5102].name = "usbtest_alloc_urb", ++ [5102].param3 = 1, ++ [5102].param5 = 1, ++ [51061].file = "net/bluetooth/mgmt.c", ++ [51061].name = "pin_code_reply", ++ [51061].param4 = 1, ++ [51139].file = "fs/pipe.c", ++ [51139].name = "pipe_iov_copy_to_user", ++ [51139].param3 = 1, ++ [51177].file = "net/sunrpc/xprtrdma/transport.c", ++ [51177].name = "xprt_rdma_allocate", ++ [51177].param2 = 1, ++ [51182].file = "drivers/misc/sgi-xp/xpc_main.c", ++ [51182].name = "xpc_kzalloc_cacheline_aligned", ++ [51182].param1 = 1, ++ [51250].file = "fs/read_write.c", ++ [51250].name = "rw_copy_check_uvector", ++ [51250].param3 = 1, ++ [51253].file = "drivers/net/wireless/rt2x00/rt2x00debug.c", ++ [51253].name = "rt2x00debug_write_eeprom", ++ [51253].param3 = 1, ++ [51323].file = "sound/pci/ac97/ac97_pcm.c", ++ [51323].name = "snd_ac97_pcm_assign", ++ [51323].param2 = 1, ++ [51340].file = "drivers/usb/class/usblp.c", ++ [51340].name = "usblp_write", ++ [51340].param3 = 1, ++ [51499].file = "net/802/garp.c", ++ [51499].name = "garp_attr_create", ++ [51499].param3 = 1, ++ [51842].file = "drivers/hid/hid-core.c", ++ [51842].name = "hid_register_field", ++ [51842].param2 = 1, ++ [51842].param3 = 1, ++ [5197].file = "net/core/dev.c", ++ [5197].name = "dev_set_alias", ++ [5197].param3 = 1, ++ [5204].file = "drivers/media/video/usbvision/usbvision-video.c", ++ [5204].name = "usbvision_v4l2_read", ++ [5204].param3 = 1, ++ [5206].file = "drivers/media/dvb/ttpci/av7110_v4l.c", ++ [5206].name = "av7110_vbi_write", ++ [5206].param3 = 1, ++ [52086].file = "drivers/usb/image/mdc800.c", ++ [52086].name = "mdc800_device_read", ++ [52086].param3 = 1, ++ [52099].file = "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c", ++ [52099].name = "do_surface_dirty_sou", ++ [52099].param7 = 1, ++ [52172].file = "drivers/pcmcia/cistpl.c", ++ [52172].name = "pccard_store_cis", ++ [52172].param6 = 1, ++ [52173].file = "drivers/misc/ibmasm/ibmasmfs.c", ++ [52173].name = "remote_settings_file_write", ++ [52173].param3 = 1, ++ [52199].file = "mm/nobootmem.c", ++ [52199].name = "__alloc_bootmem", ++ [52199].param1 = 1, ++ [52343].file = "drivers/usb/misc/adutux.c", ++ [52343].name = "adu_read", ++ [52343].param3 = 1, ++ [52401].file = "drivers/staging/rtl8712/rtl871x_ioctl_linux.c", ++ [52401].name = "r871x_set_wpa_ie", ++ [52401].param3 = 1, ++ [52699].file = "lib/ts_fsm.c", ++ [52699].name = "fsm_init", ++ [52699].param2 = 1, ++ [52721].file = "security/keys/encrypted-keys/encrypted.c", ++ [52721].name = "encrypted_instantiate", ++ [52721].param3 = 1, ++ [52902].file = "fs/xfs/kmem.h", ++ [52902].name = "kmem_zalloc_large", ++ [52902].param1 = 1, ++ [52950].file = "net/bluetooth/mgmt.c", ++ [52950].name = "set_discoverable", ++ [52950].param4 = 1, ++ [53041].file = "fs/libfs.c", ++ [53041].name = "simple_transaction_get", ++ [53041].param3 = 1, ++ [5313].file = "fs/gfs2/quota.c", ++ [5313].name = "do_sync", ++ [5313].param1 = 1, ++ [53209].file = "drivers/usb/host/ehci-sched.c", ++ [53209].name = "iso_sched_alloc", ++ [53209].param1 = 1, ++ [53302].file = "drivers/firewire/core-cdev.c", ++ [53302].name = "dispatch_ioctl", ++ [53302].param2 = 1, ++ [53355].file = "fs/ceph/dir.c", ++ [53355].name = "ceph_read_dir", ++ [53355].param3 = 1, ++ [53405].file = "drivers/media/video/videobuf-core.c", ++ [53405].name = "__videobuf_copy_to_user", ++ [53405].param4 = 1, ++ [53407].file = "net/wireless/sme.c", ++ [53407].name = "cfg80211_connect_result", ++ [53407].param4 = 1, ++ [53407].param6 = 1, ++ [53426].file = "fs/libfs.c", ++ [53426].name = "simple_transaction_read", ++ [53426].param3 = 1, ++ [5344].file = "security/selinux/ss/hashtab.c", ++ [5344].name = "hashtab_create", ++ [5344].param3 = 1, ++ [53513].file = "drivers/mmc/core/mmc_ops.c", ++ [53513].name = "mmc_send_bus_test", ++ [53513].param4 = 1, ++ [53626].file = "drivers/block/paride/pg.c", ++ [53626].name = "pg_read", ++ [53626].param3 = 1, ++ [53631].file = "mm/util.c", ++ [53631].name = "memdup_user", ++ [53631].param2 = 1, ++ [53674].file = "drivers/media/dvb/ttpci/av7110_ca.c", ++ [53674].name = "ci_ll_write", ++ [53674].param4 = 1, ++ [5389].file = "drivers/infiniband/core/uverbs_cmd.c", ++ [5389].name = "ib_uverbs_unmarshall_recv", ++ [5389].param5 = 1, ++ [53901].file = "net/rds/message.c", ++ [53901].name = "rds_message_alloc", ++ [53901].param1 = 1, ++ [53902].file = "net/sctp/socket.c", ++ [53902].name = "sctp_setsockopt_initmsg", ++ [53902].param3 = 1, ++ [5410].file = "kernel/kexec.c", ++ [5410].name = "sys_kexec_load", ++ [5410].param2 = 1, ++ [54172].file = "net/nfc/core.c", ++ [54172].name = "nfc_alloc_recv_skb", ++ [54172].param1 = 1, ++ [54182].file = "drivers/block/rbd.c", ++ [54182].name = "rbd_snap_add", ++ [54182].param4 = 1, ++ [54201].file = "drivers/platform/x86/asus_acpi.c", ++ [54201].name = "mled_proc_write", ++ [54201].param3 = 1, ++ [54263].file = "security/keys/trusted.c", ++ [54263].name = "trusted_instantiate", ++ [54263].param3 = 1, ++ [54296].file = "include/linux/mISDNif.h", ++ [54296].name = "_alloc_mISDN_skb", ++ [54296].param3 = 1, ++ [54298].file = "drivers/usb/wusbcore/crypto.c", ++ [54298].name = "wusb_ccm_mac", ++ [54298].param7 = 1, ++ [54318].file = "include/drm/drm_mem_util.h", ++ [54318].name = "drm_malloc_ab", ++ [54318].param1 = 1, ++ [54318].param2 = 1, ++ [54335].file = "drivers/md/dm-table.c", ++ [54335].name = "dm_vcalloc", ++ [54335].param1 = 1, ++ [54335].param2 = 1, ++ [54338].file = "fs/ntfs/malloc.h", ++ [54338].name = "ntfs_malloc_nofs", ++ [54338].param1 = 1, ++ [54339].file = "security/smack/smackfs.c", ++ [54339].name = "smk_write_cipso", ++ [54339].param3 = 1, ++ [54369].file = "drivers/usb/storage/realtek_cr.c", ++ [54369].name = "rts51x_read_mem", ++ [54369].param4 = 1, ++ [5438].file = "sound/core/memory.c", ++ [5438].name = "copy_to_user_fromio", ++ [5438].param3 = 1, ++ [54401].file = "lib/dynamic_debug.c", ++ [54401].name = "ddebug_proc_write", ++ [54401].param3 = 1, ++ [54467].file = "net/packet/af_packet.c", ++ [54467].name = "packet_setsockopt", ++ [54467].param5 = 1, ++ [54573].file = "ipc/sem.c", ++ [54573].name = "sys_semop", ++ [54573].param3 = 1, ++ [54583].file = "net/sctp/socket.c", ++ [54583].name = "sctp_setsockopt_peer_addr_params", ++ [54583].param3 = 1, ++ [54643].file = "drivers/isdn/hardware/eicon/divasi.c", ++ [54643].name = "um_idi_write", ++ [54643].param3 = 1, ++ [54657].file = "mm/migrate.c", ++ [54657].name = "do_pages_stat", ++ [54657].param2 = 1, ++ [54663].file = "drivers/isdn/hardware/eicon/platform.h", ++ [54663].name = "diva_os_malloc", ++ [54663].param2 = 1, ++ [54701].file = "drivers/misc/altera-stapl/altera-jtag.c", ++ [54701].name = "altera_swap_ir", ++ [54701].param2 = 1, ++ [54751].file = "drivers/infiniband/core/device.c", ++ [54751].name = "ib_alloc_device", ++ [54751].param1 = 1, ++ [54771].file = "drivers/isdn/mISDN/socket.c", ++ [54771].name = "_l2_alloc_skb", ++ [54771].param1 = 1, ++ [54777].file = "drivers/net/wireless/ath/ath6kl/debug.c", ++ [54777].name = "ath6kl_debug_roam_tbl_event", ++ [54777].param3 = 1, ++ [54806].file = "drivers/scsi/lpfc/lpfc_debugfs.c", ++ [54806].name = "lpfc_debugfs_dif_err_write", ++ [54806].param3 = 1, ++ [5494].file = "fs/cifs/cifsacl.c", ++ [5494].name = "cifs_idmap_key_instantiate", ++ [5494].param3 = 1, ++ [55066].file = "net/ipv6/ipv6_sockglue.c", ++ [55066].name = "do_ipv6_setsockopt", ++ [55066].param5 = 1, ++ [55105].file = "drivers/base/devres.c", ++ [55105].name = "devres_alloc", ++ [55105].param2 = 1, ++ [55115].file = "net/sctp/probe.c", ++ [55115].name = "sctpprobe_read", ++ [55115].param3 = 1, ++ [55155].file = "net/bluetooth/rfcomm/sock.c", ++ [55155].name = "rfcomm_sock_setsockopt", ++ [55155].param5 = 1, ++ [55187].file = "security/keys/keyctl.c", ++ [55187].name = "keyctl_describe_key", ++ [55187].param3 = 1, ++ [55253].file = "drivers/net/wireless/ray_cs.c", ++ [55253].name = "ray_cs_essid_proc_write", ++ [55253].param3 = 1, ++ [55341].file = "drivers/staging/sep/sep_driver.c", ++ [55341].name = "sep_prepare_input_output_dma_table_in_dcb", ++ [55341].param4 = 1, ++ [55341].param5 = 1, ++ [55417].file = "drivers/hv/channel.c", ++ [55417].name = "vmbus_open", ++ [55417].param2 = 1, ++ [55417].param3 = 1, ++ [5548].file = "drivers/media/media-entity.c", ++ [5548].name = "media_entity_init", ++ [5548].param2 = 1, ++ [5548].param4 = 1, ++ [55546].file = "drivers/spi/spi.c", ++ [55546].name = "spi_alloc_master", ++ [55546].param2 = 1, ++ [55580].file = "drivers/usb/mon/mon_bin.c", ++ [55580].name = "copy_from_buf", ++ [55580].param2 = 1, ++ [55584].file = "drivers/tty/tty_buffer.c", ++ [55584].name = "tty_buffer_alloc", ++ [55584].param2 = 1, ++ [55712].file = "drivers/char/mem.c", ++ [55712].name = "read_zero", ++ [55712].param3 = 1, ++ [55727].file = "drivers/media/video/stk-webcam.c", ++ [55727].name = "stk_prepare_sio_buffers", ++ [55727].param2 = 1, ++ [55816].file = "drivers/misc/altera-stapl/altera-jtag.c", ++ [55816].name = "altera_set_ir_pre", ++ [55816].param2 = 1, ++ [55826].file = "drivers/infiniband/hw/ipath/ipath_file_ops.c", ++ [55826].name = "ipath_get_base_info", ++ [55826].param3 = 1, ++ [5586].file = "net/atm/common.c", ++ [5586].name = "alloc_tx", ++ [5586].param2 = 1, ++ [55978].file = "drivers/usb/misc/iowarrior.c", ++ [55978].name = "iowarrior_write", ++ [55978].param3 = 1, ++ [56170].file = "drivers/usb/wusbcore/wa-xfer.c", ++ [56170].name = "__wa_xfer_setup_segs", ++ [56170].param2 = 1, ++ [56199].file = "fs/binfmt_misc.c", ++ [56199].name = "parse_command", ++ [56199].param2 = 1, ++ [56218].file = "drivers/mmc/card/mmc_test.c", ++ [56218].name = "mtf_test_write", ++ [56218].param3 = 1, ++ [56239].file = "fs/sysfs/file.c", ++ [56239].name = "fill_write_buffer", ++ [56239].param3 = 1, ++ [5624].file = "drivers/net/wireless/ath/ath9k/wmi.c", ++ [5624].name = "ath9k_wmi_cmd", ++ [5624].param4 = 1, ++ [56416].file = "drivers/misc/lkdtm.c", ++ [56416].name = "do_register_entry", ++ [56416].param4 = 1, ++ [56458].file = "drivers/usb/host/hwa-hc.c", ++ [56458].name = "__hwahc_op_set_ptk", ++ [56458].param5 = 1, ++ [56471].file = "include/linux/slab.h", ++ [56471].name = "kcalloc", ++ [56471].param1 = 1, ++ [56471].param2 = 1, ++ [56513].file = "fs/cifs/connect.c", ++ [56513].name = "cifs_readv_from_socket", ++ [56513].param3 = 1, ++ [56531].file = "net/bluetooth/l2cap_core.c", ++ [56531].name = "l2cap_send_cmd", ++ [56531].param4 = 1, ++ [56544].file = "drivers/block/drbd/drbd_receiver.c", ++ [56544].name = "receive_DataRequest", ++ [56544].param3 = 1, ++ [56609].file = "lib/mpi/mpi-internal.h", ++ [56609].name = "RESIZE_IF_NEEDED", ++ [56609].param2 = 1, ++ [56652].file = "drivers/misc/altera-stapl/altera-jtag.c", ++ [56652].name = "altera_set_dr_post", ++ [56652].param2 = 1, ++ [56653].file = "net/irda/af_irda.c", ++ [56653].name = "irda_setsockopt", ++ [56653].param5 = 1, ++ [56672].file = "drivers/char/agp/generic.c", ++ [56672].name = "agp_alloc_page_array", ++ [56672].param1 = 1, ++ [56798].file = "fs/bio.c", ++ [56798].name = "bio_alloc_map_data", ++ [56798].param2 = 1, ++ [56843].file = "drivers/scsi/scsi_transport_iscsi.c", ++ [56843].name = "iscsi_recv_pdu", ++ [56843].param4 = 1, ++ [56903].file = "drivers/mtd/mtdchar.c", ++ [56903].name = "mtdchar_readoob", ++ [56903].param4 = 1, ++ [5699].file = "net/sctp/socket.c", ++ [5699].name = "sctp_setsockopt_default_send_param", ++ [5699].param3 = 1, ++ [5704].file = "drivers/mtd/mtdswap.c", ++ [5704].name = "mtdswap_init", ++ [5704].param2 = 1, ++ [57128].file = "drivers/pnp/pnpbios/proc.c", ++ [57128].name = "pnpbios_proc_write", ++ [57128].param3 = 1, ++ [57190].file = "drivers/char/agp/generic.c", ++ [57190].name = "agp_generic_alloc_user", ++ [57190].param1 = 1, ++ [57252].file = "drivers/media/dvb/dvb-core/dmxdev.c", ++ [57252].name = "dvb_dmxdev_set_buffer_size", ++ [57252].param2 = 1, ++ [57392].file = "drivers/block/aoe/aoecmd.c", ++ [57392].name = "new_skb", ++ [57392].param1 = 1, ++ [57471].file = "drivers/media/video/sn9c102/sn9c102_core.c", ++ [57471].name = "sn9c102_read", ++ [57471].param3 = 1, ++ [57547].file = "security/keys/encrypted-keys/encrypted.c", ++ [57547].name = "get_derived_key", ++ [57547].param4 = 1, ++ [57552].file = "net/sunrpc/cache.c", ++ [57552].name = "cache_slow_downcall", ++ [57552].param2 = 1, ++ [57670].file = "drivers/bluetooth/btmrvl_debugfs.c", ++ [57670].name = "btmrvl_pscmd_write", ++ [57670].param3 = 1, ++ [57710].file = "include/linux/usb/wusb.h", ++ [57710].name = "wusb_prf_256", ++ [57710].param7 = 1, ++ [57724].file = "net/bluetooth/hci_sock.c", ++ [57724].name = "hci_sock_setsockopt", ++ [57724].param5 = 1, ++ [57761].file = "kernel/kexec.c", ++ [57761].name = "kimage_crash_alloc", ++ [57761].param3 = 1, ++ [57786].file = "net/ipv6/netfilter/ip6_tables.c", ++ [57786].name = "compat_do_ip6t_set_ctl", ++ [57786].param4 = 1, ++ [57872].file = "fs/ceph/xattr.c", ++ [57872].name = "ceph_setxattr", ++ [57872].param4 = 1, ++ [57927].file = "fs/read_write.c", ++ [57927].name = "sys_preadv", ++ [57927].param3 = 1, ++ [58012].file = "include/net/bluetooth/bluetooth.h", ++ [58012].name = "bt_skb_alloc", ++ [58012].param1 = 1, ++ [58020].file = "drivers/firewire/core-cdev.c", ++ [58020].name = "fw_device_op_ioctl", ++ [58020].param2 = 1, ++ [58043].file = "kernel/auditfilter.c", ++ [58043].name = "audit_unpack_string", ++ [58043].param3 = 1, ++ [58087].file = "kernel/module.c", ++ [58087].name = "module_alloc_update_bounds_rw", ++ [58087].param1 = 1, ++ [58124].file = "drivers/usb/misc/usbtest.c", ++ [58124].name = "ctrl_out", ++ [58124].param3 = 1, ++ [58124].param5 = 1, ++ [58217].file = "net/sctp/socket.c", ++ [58217].name = "sctp_setsockopt_peer_primary_addr", ++ [58217].param3 = 1, ++ [58263].file = "security/keys/keyring.c", ++ [58263].name = "keyring_read", ++ [58263].param3 = 1, ++ [5830].file = "drivers/gpu/vga/vga_switcheroo.c", ++ [5830].name = "vga_switcheroo_debugfs_write", ++ [5830].param3 = 1, ++ [58320].file = "drivers/scsi/scsi_proc.c", ++ [58320].name = "proc_scsi_write", ++ [58320].param3 = 1, ++ [58344].file = "net/sunrpc/cache.c", ++ [58344].name = "read_flush", ++ [58344].param3 = 1, ++ [58379].file = "mm/nobootmem.c", ++ [58379].name = "__alloc_bootmem_node", ++ [58379].param2 = 1, ++ [58597].file = "kernel/kfifo.c", ++ [58597].name = "__kfifo_to_user", ++ [58597].param3 = 1, ++ [58641].file = "drivers/usb/misc/adutux.c", ++ [58641].name = "adu_write", ++ [58641].param3 = 1, ++ [58709].file = "fs/compat.c", ++ [58709].name = "compat_sys_pwritev", ++ [58709].param3 = 1, ++ [58769].file = "drivers/net/wireless/zd1211rw/zd_usb.c", ++ [58769].name = "zd_usb_read_fw", ++ [58769].param4 = 1, ++ [5876].file = "drivers/net/ppp/ppp_generic.c", ++ [5876].name = "ppp_write", ++ [5876].param3 = 1, ++ [58826].file = "net/sunrpc/xprt.c", ++ [58826].name = "xprt_alloc", ++ [58826].param2 = 1, ++ [58865].file = "include/linux/slub_def.h", ++ [58865].name = "kmalloc_order_trace", ++ [58865].param1 = 1, ++ [58867].file = "drivers/platform/x86/asus_acpi.c", ++ [58867].name = "wled_proc_write", ++ [58867].param3 = 1, ++ [58888].file = "fs/xattr.c", ++ [58888].name = "listxattr", ++ [58888].param3 = 1, ++ [58889].file = "kernel/trace/trace_kprobe.c", ++ [58889].name = "probes_write", ++ [58889].param3 = 1, ++ [58912].file = "drivers/lguest/core.c", ++ [58912].name = "__lgwrite", ++ [58912].param4 = 1, ++ [58918].file = "sound/core/pcm_native.c", ++ [58918].name = "snd_pcm_aio_write", ++ [58918].param3 = 1, ++ [58942].file = "drivers/block/aoe/aoedev.c", ++ [58942].name = "aoedev_flush", ++ [58942].param2 = 1, ++ [58958].file = "fs/fuse/control.c", ++ [58958].name = "fuse_conn_limit_write", ++ [58958].param3 = 1, ++ [59005].file = "drivers/staging/sep/sep_driver.c", ++ [59005].name = "sep_prepare_input_dma_table", ++ [59005].param2 = 1, ++ [59005].param3 = 1, ++ [59013].file = "fs/xfs/xfs_ioctl.c", ++ [59013].name = "xfs_handle_to_dentry", ++ [59013].param3 = 1, ++ [59034].file = "drivers/acpi/acpica/dsobject.c", ++ [59034].name = "acpi_ds_build_internal_package_obj", ++ [59034].param3 = 1, ++ [59073].file = "drivers/staging/speakup/i18n.c", ++ [59073].name = "msg_set", ++ [59073].param3 = 1, ++ [59074].file = "drivers/scsi/cxgbi/libcxgbi.c", ++ [59074].name = "ddp_make_gl", ++ [59074].param1 = 1, ++ [59297].file = "drivers/media/dvb/ttpci/av7110_av.c", ++ [59297].name = "dvb_play", ++ [59297].param3 = 1, ++ [59472].file = "drivers/misc/ibmasm/ibmasmfs.c", ++ [59472].name = "command_file_write", ++ [59472].param3 = 1, ++ [59504].file = "fs/exofs/super.c", ++ [59504].name = "__alloc_dev_table", ++ [59504].param2 = 1, ++ [59505].file = "drivers/media/video/pvrusb2/pvrusb2-ioread.c", ++ [59505].name = "pvr2_ioread_read", ++ [59505].param3 = 1, ++ [59681].file = "fs/xfs/kmem.c", ++ [59681].name = "kmem_alloc", ++ [59681].param1 = 1, ++ [5968].file = "net/sunrpc/sched.c", ++ [5968].name = "rpc_malloc", ++ [5968].param2 = 1, ++ [59695].file = "net/ipv4/netfilter/ipt_ULOG.c", ++ [59695].name = "ulog_alloc_skb", ++ [59695].param1 = 1, ++ [59838].file = "net/netlink/af_netlink.c", ++ [59838].name = "nl_pid_hash_zalloc", ++ [59838].param1 = 1, ++ [59856].file = "drivers/base/devres.c", ++ [59856].name = "devm_kzalloc", ++ [59856].param2 = 1, ++ [60066].file = "mm/filemap.c", ++ [60066].name = "iov_iter_copy_from_user", ++ [60066].param4 = 1, ++ [60185].file = "kernel/params.c", ++ [60185].name = "kmalloc_parameter", ++ [60185].param1 = 1, ++ [60198].file = "fs/nfs/nfs4proc.c", ++ [60198].name = "nfs4_write_cached_acl", ++ [60198].param3 = 1, ++ [60330].file = "drivers/media/video/w9966.c", ++ [60330].name = "w9966_v4l_read", ++ [60330].param3 = 1, ++ [604].file = "drivers/staging/rtl8712/usb_ops_linux.c", ++ [604].name = "r8712_usbctrl_vendorreq", ++ [604].param6 = 1, ++ [60543].file = "drivers/usb/class/usbtmc.c", ++ [60543].name = "usbtmc_read", ++ [60543].param3 = 1, ++ [60683].file = "sound/drivers/opl4/opl4_proc.c", ++ [60683].name = "snd_opl4_mem_proc_write", ++ [60683].param5 = 1, ++ [60693].file = "drivers/misc/hpilo.c", ++ [60693].name = "ilo_read", ++ [60693].param3 = 1, ++ [60744].file = "sound/pci/emu10k1/emuproc.c", ++ [60744].name = "snd_emu10k1_fx8010_read", ++ [60744].param5 = 1, ++ [60777].file = "fs/ntfs/malloc.h", ++ [60777].name = "ntfs_malloc_nofs_nofail", ++ [60777].param1 = 1, ++ [60833].file = "drivers/block/aoe/aoenet.c", ++ [60833].name = "set_aoe_iflist", ++ [60833].param2 = 1, ++ [60882].file = "drivers/input/joydev.c", ++ [60882].name = "joydev_compat_ioctl", ++ [60882].param2 = 1, ++ [60891].file = "kernel/sched/core.c", ++ [60891].name = "sys_sched_setaffinity", ++ [60891].param2 = 1, ++ [60920].file = "drivers/infiniband/hw/qib/qib_file_ops.c", ++ [60920].name = "qib_get_base_info", ++ [60920].param3 = 1, ++ [60928].file = "drivers/staging/bcm/Bcmchar.c", ++ [60928].name = "bcm_char_read", ++ [60928].param3 = 1, ++ [61122].file = "drivers/base/devres.c", ++ [61122].name = "alloc_dr", ++ [61122].param2 = 1, ++ [61254].file = "drivers/scsi/scsi_devinfo.c", ++ [61254].name = "proc_scsi_devinfo_write", ++ [61254].param3 = 1, ++ [61283].file = "drivers/net/wireless/ath/ath6kl/debug.c", ++ [61283].name = "ath6kl_fwlog_read", ++ [61283].param3 = 1, ++ [61289].file = "security/apparmor/apparmorfs.c", ++ [61289].name = "aa_simple_write_to_buffer", ++ [61289].param4 = 1, ++ [61389].file = "include/linux/slab.h", ++ [61389].name = "kzalloc_node", ++ [61389].param1 = 1, ++ [61441].file = "fs/ntfs/file.c", ++ [61441].name = "ntfs_copy_from_user_iovec", ++ [61441].param3 = 1, ++ [61441].param6 = 1, ++ [61552].file = "drivers/input/evdev.c", ++ [61552].name = "str_to_user", ++ [61552].param2 = 1, ++ [61673].file = "security/keys/trusted.c", ++ [61673].name = "trusted_update", ++ [61673].param3 = 1, ++ [61676].file = "kernel/module.c", ++ [61676].name = "module_alloc_update_bounds_rx", ++ [61676].param1 = 1, ++ [61684].file = "drivers/net/ethernet/chelsio/cxgb3/cxgb3_offload.c", ++ [61684].name = "cxgb3_get_cpl_reply_skb", ++ [61684].param2 = 1, ++ [6173].file = "net/netlink/af_netlink.c", ++ [6173].name = "netlink_sendmsg", ++ [6173].param4 = 1, ++ [61770].file = "drivers/media/video/et61x251/et61x251_core.c", ++ [61770].name = "et61x251_read", ++ [61770].param3 = 1, ++ [61772].file = "fs/exofs/ore_raid.c", ++ [61772].name = "_sp2d_alloc", ++ [61772].param1 = 1, ++ [61772].param2 = 1, ++ [61772].param3 = 1, ++ [61926].file = "drivers/media/dvb/ddbridge/ddbridge-core.c", ++ [61926].name = "ddb_input_read", ++ [61926].param3 = 1, ++ [61932].file = "drivers/message/fusion/mptctl.c", ++ [61932].name = "__mptctl_ioctl", ++ [61932].param2 = 1, ++ [61966].file = "fs/nfs/nfs4proc.c", ++ [61966].name = "nfs4_alloc_slots", ++ [61966].param1 = 1, ++ [62081].file = "drivers/net/irda/vlsi_ir.c", ++ [62081].name = "vlsi_alloc_ring", ++ [62081].param3 = 1, ++ [62081].param4 = 1, ++ [62116].file = "fs/libfs.c", ++ [62116].name = "simple_attr_read", ++ [62116].param3 = 1, ++ [6211].file = "drivers/net/ethernet/amd/pcnet32.c", ++ [6211].name = "pcnet32_realloc_tx_ring", ++ [6211].param3 = 1, ++ [62294].file = "sound/core/info.c", ++ [62294].name = "resize_info_buffer", ++ [62294].param2 = 1, ++ [62387].file = "fs/nfs/idmap.c", ++ [62387].name = "nfs_idmap_lookup_id", ++ [62387].param2 = 1, ++ [62465].file = "drivers/misc/altera-stapl/altera-jtag.c", ++ [62465].name = "altera_set_dr_pre", ++ [62465].param2 = 1, ++ [62466].file = "lib/mpi/mpiutil.c", ++ [62466].name = "mpi_alloc", ++ [62466].param1 = 1, ++ [62495].file = "drivers/block/floppy.c", ++ [62495].name = "fallback_on_nodma_alloc", ++ [62495].param2 = 1, ++ [62498].file = "fs/xattr.c", ++ [62498].name = "sys_listxattr", ++ [62498].param3 = 1, ++ [625].file = "fs/read_write.c", ++ [625].name = "sys_pwritev", ++ [625].param3 = 1, ++ [62662].file = "drivers/message/fusion/mptctl.c", ++ [62662].name = "mptctl_getiocinfo", ++ [62662].param2 = 1, ++ [62669].file = "drivers/platform/x86/asus_acpi.c", ++ [62669].name = "tled_proc_write", ++ [62669].param3 = 1, ++ [62714].file = "security/keys/keyctl.c", ++ [62714].name = "keyctl_update_key", ++ [62714].param3 = 1, ++ [62760].file = "drivers/media/dvb/ttpci/av7110_av.c", ++ [62760].name = "play_iframe", ++ [62760].param3 = 1, ++ [62851].file = "fs/proc/vmcore.c", ++ [62851].name = "read_vmcore", ++ [62851].param3 = 1, ++ [62870].file = "fs/nfs/idmap.c", ++ [62870].name = "nfs_idmap_get_desc", ++ [62870].param2 = 1, ++ [62870].param4 = 1, ++ [62905].file = "net/caif/cfpkt_skbuff.c", ++ [62905].name = "cfpkt_create", ++ [62905].param1 = 1, ++ [62920].file = "drivers/net/wireless/b43/phy_n.c", ++ [62920].name = "b43_nphy_load_samples", ++ [62920].param3 = 1, ++ [62925].file = "include/rdma/ib_verbs.h", ++ [62925].name = "ib_copy_from_udata", ++ [62925].param3 = 1, ++ [62934].file = "drivers/net/wireless/wl1251/cmd.c", ++ [62934].name = "wl1251_cmd_template_set", ++ [62934].param4 = 1, ++ [62940].file = "drivers/scsi/libsrp.c", ++ [62940].name = "srp_ring_alloc", ++ [62940].param2 = 1, ++ [62967].file = "security/keys/encrypted-keys/encrypted.c", ++ [62967].name = "encrypted_update", ++ [62967].param3 = 1, ++ [62970].file = "net/sched/sch_api.c", ++ [62970].name = "qdisc_class_hash_alloc", ++ [62970].param1 = 1, ++ [62999].file = "net/core/neighbour.c", ++ [62999].name = "neigh_hash_alloc", ++ [62999].param1 = 1, ++ [63007].file = "fs/proc/base.c", ++ [63007].name = "proc_coredump_filter_write", ++ [63007].param3 = 1, ++ [63010].file = "drivers/gpu/drm/ttm/ttm_page_alloc.c", ++ [63010].name = "ttm_page_pool_free", ++ [63010].param2 = 1, ++ [63045].file = "crypto/shash.c", ++ [63045].name = "shash_setkey_unaligned", ++ [63045].param3 = 1, ++ [63075].file = "kernel/relay.c", ++ [63075].name = "relay_alloc_page_array", ++ [63075].param1 = 1, ++ [63076].file = "fs/cifs/xattr.c", ++ [63076].name = "cifs_setxattr", ++ [63076].param4 = 1, ++ [63091].file = "drivers/net/usb/pegasus.c", ++ [63091].name = "get_registers", ++ [63091].param3 = 1, ++ [6331].file = "drivers/atm/solos-pci.c", ++ [6331].name = "solos_param_store", ++ [6331].param4 = 1, ++ [63367].file = "net/netfilter/ipset/ip_set_core.c", ++ [63367].name = "ip_set_alloc", ++ [63367].param1 = 1, ++ [63489].file = "drivers/bluetooth/btmrvl_debugfs.c", ++ [63489].name = "btmrvl_hscfgcmd_write", ++ [63489].param3 = 1, ++ [63490].file = "crypto/shash.c", ++ [63490].name = "shash_compat_setkey", ++ [63490].param3 = 1, ++ [63605].file = "mm/mempool.c", ++ [63605].name = "mempool_kmalloc", ++ [63605].param2 = 1, ++ [63633].file = "drivers/bluetooth/btmrvl_sdio.c", ++ [63633].name = "btmrvl_sdio_host_to_card", ++ [63633].param3 = 1, ++ [63961].file = "fs/xattr.c", ++ [63961].name = "sys_flistxattr", ++ [63961].param3 = 1, ++ [63964].file = "net/sctp/socket.c", ++ [63964].name = "sctp_setsockopt_maxseg", ++ [63964].param3 = 1, ++ [63988].file = "drivers/input/evdev.c", ++ [63988].name = "evdev_ioctl_compat", ++ [63988].param2 = 1, ++ [64055].file = "drivers/media/dvb/ttpci/av7110_av.c", ++ [64055].name = "dvb_aplay", ++ [64055].param3 = 1, ++ [64156].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c", ++ [64156].name = "ath6kl_mgmt_tx", ++ [64156].param9 = 1, ++ [64226].file = "drivers/md/persistent-data/dm-space-map-checker.c", ++ [64226].name = "ca_extend", ++ [64226].param2 = 1, ++ [64227].file = "mm/nobootmem.c", ++ [64227].name = "__alloc_bootmem_node_nopanic", ++ [64227].param2 = 1, ++ [64351].file = "kernel/kfifo.c", ++ [64351].name = "kfifo_copy_from_user", ++ [64351].param3 = 1, ++ [64392].file = "drivers/mmc/core/mmc_ops.c", ++ [64392].name = "mmc_send_cxd_data", ++ [64392].param5 = 1, ++ [64423].file = "kernel/sched/core.c", ++ [64423].name = "get_user_cpu_mask", ++ [64423].param2 = 1, ++ [64432].file = "security/selinux/selinuxfs.c", ++ [64432].name = "sel_write_create", ++ [64432].param3 = 1, ++ [64471].file = "drivers/bluetooth/btmrvl_debugfs.c", ++ [64471].name = "btmrvl_hscmd_write", ++ [64471].param3 = 1, ++ [64667].file = "sound/core/oss/pcm_oss.c", ++ [64667].name = "snd_pcm_oss_read", ++ [64667].param3 = 1, ++ [64689].file = "sound/isa/gus/gus_dram.c", ++ [64689].name = "snd_gus_dram_read", ++ [64689].param4 = 1, ++ [64692].file = "fs/binfmt_misc.c", ++ [64692].name = "bm_entry_write", ++ [64692].param3 = 1, ++ [64705].file = "drivers/staging/iio/accel/sca3000_ring.c", ++ [64705].name = "sca3000_read_first_n_hw_rb", ++ [64705].param2 = 1, ++ [64713].file = "fs/cifs/connect.c", ++ [64713].name = "extract_hostname", ++ [64713].param1 = 1, ++ [64743].file = "fs/ocfs2/dlmfs/dlmfs.c", ++ [64743].name = "dlmfs_file_read", ++ [64743].param3 = 1, ++ [64771].file = "security/keys/encrypted-keys/encrypted.c", ++ [64771].name = "datablob_format", ++ [64771].param2 = 1, ++ [6477].file = "net/bluetooth/mgmt.c", ++ [6477].name = "mgmt_pending_add", ++ [6477].param5 = 1, ++ [64906].file = "drivers/net/wireless/b43legacy/debugfs.c", ++ [64906].name = "b43legacy_debugfs_write", ++ [64906].param3 = 1, ++ [64913].file = "sound/core/oss/pcm_oss.c", ++ [64913].name = "snd_pcm_oss_write1", ++ [64913].param3 = 1, ++ [64961].file = "drivers/spi/spidev.c", ++ [64961].name = "spidev_ioctl", ++ [64961].param2 = 1, ++ [65033].file = "crypto/shash.c", ++ [65033].name = "shash_async_setkey", ++ [65033].param3 = 1, ++ [65093].file = "security/integrity/evm/evm_secfs.c", ++ [65093].name = "evm_write_key", ++ [65093].param3 = 1, ++ [6514].file = "mm/nobootmem.c", ++ [6514].name = "__alloc_bootmem_low", ++ [6514].param1 = 1, ++ [65169].file = "net/core/skbuff.c", ++ [65169].name = "dev_alloc_skb", ++ [65169].param1 = 1, ++ [6517].file = "drivers/md/dm-table.c", ++ [6517].name = "alloc_targets", ++ [6517].param2 = 1, ++ [65205].file = "drivers/input/evdev.c", ++ [65205].name = "handle_eviocgbit", ++ [65205].param3 = 1, ++ [65237].file = "kernel/profile.c", ++ [65237].name = "read_profile", ++ [65237].param3 = 1, ++ [65343].file = "kernel/trace/trace.c", ++ [65343].name = "tracing_clock_write", ++ [65343].param3 = 1, ++ [65345].file = "lib/xz/xz_dec_lzma2.c", ++ [65345].name = "xz_dec_lzma2_create", ++ [65345].param2 = 1, ++ [65409].file = "net/802/garp.c", ++ [65409].name = "garp_request_join", ++ [65409].param4 = 1, ++ [65432].file = "drivers/hid/hid-roccat-kone.c", ++ [65432].name = "kone_receive", ++ [65432].param4 = 1, ++ [65514].file = "drivers/media/video/gspca/t613.c", ++ [65514].name = "reg_w_ixbuf", ++ [65514].param4 = 1, ++ [6551].file = "drivers/usb/host/xhci-mem.c", ++ [6551].name = "xhci_alloc_stream_info", ++ [6551].param3 = 1, ++ [65535].file = "drivers/media/dvb/dvb-usb/opera1.c", ++ [65535].name = "opera1_xilinx_rw", ++ [65535].param5 = 1, ++ [6672].file = "drivers/net/wireless/b43/debugfs.c", ++ [6672].name = "b43_debugfs_write", ++ [6672].param3 = 1, ++ [6691].file = "drivers/acpi/proc.c", ++ [6691].name = "acpi_system_write_wakeup_device", ++ [6691].param3 = 1, ++ [6865].file = "drivers/staging/iio/ring_sw.c", ++ [6865].name = "iio_read_first_n_sw_rb", ++ [6865].param2 = 1, ++ [6867].file = "fs/coda/psdev.c", ++ [6867].name = "coda_psdev_read", ++ [6867].param3 = 1, ++ [6891].file = "drivers/bluetooth/btmrvl_debugfs.c", ++ [6891].name = "btmrvl_gpiogap_write", ++ [6891].param3 = 1, ++ [6944].file = "drivers/ide/ide-proc.c", ++ [6944].name = "ide_settings_proc_write", ++ [6944].param3 = 1, ++ [6950].file = "drivers/isdn/capi/capi.c", ++ [6950].name = "capi_write", ++ [6950].param3 = 1, ++ [697].file = "sound/isa/gus/gus_dram.c", ++ [697].name = "snd_gus_dram_peek", ++ [697].param4 = 1, ++ [7066].file = "security/keys/keyctl.c", ++ [7066].name = "keyctl_instantiate_key_common", ++ [7066].param4 = 1, ++ [7125].file = "include/net/nfc/nci_core.h", ++ [7125].name = "nci_skb_alloc", ++ [7125].param2 = 1, ++ [7129].file = "mm/maccess.c", ++ [7129].name = "__probe_kernel_read", ++ [7129].param3 = 1, ++ [7158].file = "kernel/trace/trace.c", ++ [7158].name = "tracing_read_pipe", ++ [7158].param3 = 1, ++ [720].file = "sound/pci/rme9652/hdsp.c", ++ [720].name = "snd_hdsp_playback_copy", ++ [720].param5 = 1, ++ [7236].file = "drivers/gpu/drm/drm_crtc.c", ++ [7236].name = "drm_plane_init", ++ [7236].param6 = 1, ++ [7411].file = "drivers/vhost/vhost.c", ++ [7411].name = "__vhost_add_used_n", ++ [7411].param3 = 1, ++ [7432].file = "net/bluetooth/mgmt.c", ++ [7432].name = "mgmt_event", ++ [7432].param4 = 1, ++ [7488].file = "security/keys/user_defined.c", ++ [7488].name = "user_read", ++ [7488].param3 = 1, ++ [7551].file = "drivers/input/touchscreen/ad7879-spi.c", ++ [7551].name = "ad7879_spi_xfer", ++ [7551].param3 = 1, ++ [7671].file = "mm/nobootmem.c", ++ [7671].name = "__alloc_bootmem_node_high", ++ [7671].param2 = 1, ++ [7676].file = "drivers/acpi/custom_method.c", ++ [7676].name = "cm_write", ++ [7676].param3 = 1, ++ [7693].file = "net/sctp/socket.c", ++ [7693].name = "sctp_setsockopt_associnfo", ++ [7693].param3 = 1, ++ [7697].file = "security/selinux/selinuxfs.c", ++ [7697].name = "sel_write_access", ++ [7697].param3 = 1, ++ [7843].file = "fs/compat.c", ++ [7843].name = "compat_sys_readv", ++ [7843].param3 = 1, ++ [7883].file = "net/sched/sch_sfq.c", ++ [7883].name = "sfq_alloc", ++ [7883].param1 = 1, ++ [7924].file = "drivers/media/video/cx18/cx18-fileops.c", ++ [7924].name = "cx18_read_pos", ++ [7924].param3 = 1, ++ [7958].file = "drivers/gpu/vga/vgaarb.c", ++ [7958].name = "vga_arb_write", ++ [7958].param3 = 1, ++ [7976].file = "drivers/usb/gadget/rndis.c", ++ [7976].name = "rndis_add_response", ++ [7976].param2 = 1, ++ [7985].file = "net/mac80211/cfg.c", ++ [7985].name = "ieee80211_mgmt_tx", ++ [7985].param9 = 1, ++ [8014].file = "net/netfilter/ipset/ip_set_list_set.c", ++ [8014].name = "init_list_set", ++ [8014].param2 = 1, ++ [8014].param3 = 1, ++ [8126].file = "sound/soc/soc-core.c", ++ [8126].name = "codec_reg_read_file", ++ [8126].param3 = 1, ++ [8317].file = "security/smack/smackfs.c", ++ [8317].name = "smk_write_ambient", ++ [8317].param3 = 1, ++ [8335].file = "drivers/media/dvb/dvb-core/dmxdev.c", ++ [8335].name = "dvb_dvr_set_buffer_size", ++ [8335].param2 = 1, ++ [8383].file = "kernel/module.c", ++ [8383].name = "copy_and_check", ++ [8383].param3 = 1, ++ [8411].file = "net/caif/cfpkt_skbuff.c", ++ [8411].name = "cfpkt_append", ++ [8411].param3 = 1, ++ [8536].file = "fs/cifs/dns_resolve.c", ++ [8536].name = "dns_resolve_server_name_to_ip", ++ [8536].param1 = 1, ++ [857].file = "drivers/virtio/virtio_ring.c", ++ [857].name = "virtqueue_add_buf", ++ [857].param3 = 1, ++ [857].param4 = 1, ++ [8650].file = "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c", ++ [8650].name = "vmw_kms_present", ++ [8650].param9 = 1, ++ [8654].file = "drivers/net/wireless/mwifiex/sdio.c", ++ [8654].name = "mwifiex_alloc_sdio_mpa_buffers", ++ [8654].param2 = 1, ++ [8654].param3 = 1, ++ [865].file = "drivers/base/regmap/regmap-debugfs.c", ++ [865].name = "regmap_access_read_file", ++ [865].param3 = 1, ++ [8663].file = "net/bridge/netfilter/ebtables.c", ++ [8663].name = "do_update_counters", ++ [8663].param4 = 1, ++ [8684].file = "fs/read_write.c", ++ [8684].name = "sys_writev", ++ [8684].param3 = 1, ++ [8699].file = "security/selinux/selinuxfs.c", ++ [8699].name = "sel_commit_bools_write", ++ [8699].param3 = 1, ++ [8764].file = "drivers/usb/core/devio.c", ++ [8764].name = "usbdev_read", ++ [8764].param3 = 1, ++ [8802].file = "fs/dlm/user.c", ++ [8802].name = "device_write", ++ [8802].param3 = 1, ++ [8810].file = "net/mac80211/debugfs_sta.c", ++ [8810].name = "sta_agg_status_write", ++ [8810].param3 = 1, ++ [8815].file = "security/tomoyo/securityfs_if.c", ++ [8815].name = "tomoyo_write_self", ++ [8815].param3 = 1, ++ [8821].file = "net/wireless/sme.c", ++ [8821].name = "cfg80211_roamed", ++ [8821].param5 = 1, ++ [8821].param7 = 1, ++ [8833].file = "security/selinux/ss/services.c", ++ [8833].name = "security_context_to_sid", ++ [8833].param2 = 1, ++ [8838].file = "lib/mpi/mpi-bit.c", ++ [8838].name = "mpi_lshift_limbs", ++ [8838].param2 = 1, ++ [8851].file = "net/key/af_key.c", ++ [8851].name = "pfkey_sendmsg", ++ [8851].param4 = 1, ++ [8917].file = "net/can/raw.c", ++ [8917].name = "raw_setsockopt", ++ [8917].param5 = 1, ++ [8983].file = "include/linux/skbuff.h", ++ [8983].name = "alloc_skb", ++ [8983].param1 = 1, ++ [9117].file = "drivers/base/regmap/regcache-rbtree.c", ++ [9117].name = "regcache_rbtree_insert_to_block", ++ [9117].param5 = 1, ++ [9226].file = "mm/migrate.c", ++ [9226].name = "sys_move_pages", ++ [9226].param2 = 1, ++ [9304].file = "kernel/auditfilter.c", ++ [9304].name = "audit_init_entry", ++ [9304].param1 = 1, ++ [9317].file = "drivers/usb/wusbcore/wa-nep.c", ++ [9317].name = "wa_nep_queue", ++ [9317].param2 = 1, ++ [9341].file = "drivers/acpi/apei/erst-dbg.c", ++ [9341].name = "erst_dbg_write", ++ [9341].param3 = 1, ++ [9386].file = "fs/exofs/ore.c", ++ [9386].name = "_ore_get_io_state", ++ [9386].param3 = 1, ++ [9386].param4 = 1, ++ [9386].param5 = 1, ++ [9538].file = "crypto/blkcipher.c", ++ [9538].name = "blkcipher_copy_iv", ++ [9538].param3 = 1, ++ [9546].file = "drivers/video/fbmem.c", ++ [9546].name = "fb_write", ++ [9546].param3 = 1, ++ [9601].file = "kernel/kfifo.c", ++ [9601].name = "__kfifo_from_user", ++ [9601].param3 = 1, ++ [9618].file = "security/selinux/selinuxfs.c", ++ [9618].name = "sel_write_bool", ++ [9618].param3 = 1, ++ [9768].file = "drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c", ++ [9768].name = "vmw_execbuf_process", ++ [9768].param5 = 1, ++ [9828].file = "drivers/media/dvb/dvb-core/dmxdev.c", ++ [9828].name = "dvb_demux_do_ioctl", ++ [9828].param3 = 1, ++ [9870].file = "net/atm/addr.c", ++ [9870].name = "atm_get_addr", ++ [9870].param3 = 1, ++ [9977].file = "drivers/net/wireless/zd1211rw/zd_usb.c", ++ [9977].name = "zd_usb_iowrite16v_async", ++ [9977].param3 = 1, ++ [16344].collision = 1, ++ [307].collision = 1, ++ [31649].collision = 1, ++ [33040].collision = 1, ++ [45231].collision = 1, ++ [60651].collision = 1, ++}; +diff --git a/tools/gcc/size_overflow_hash2.h b/tools/gcc/size_overflow_hash2.h +new file mode 100644 +index 0000000..9ec45ae +--- /dev/null ++++ b/tools/gcc/size_overflow_hash2.h +@@ -0,0 +1,35 @@ ++struct size_overflow_hash size_overflow_hash2[65536] = { ++ [22224].file = "fs/proc/vmcore.c", ++ [22224].name = "read_from_oldmem", ++ [22224].param2 = 1, ++ [2344].file = "fs/ecryptfs/crypto.c", ++ [2344].name = "ecryptfs_decode_and_decrypt_filename", ++ [2344].param5 = 1, ++ [2515].file = "fs/ecryptfs/crypto.c", ++ [2515].name = "ecryptfs_copy_filename", ++ [2515].param4 = 1, ++ [26518].file = "drivers/gpu/vga/vgaarb.c", ++ [26518].name = "vga_arb_read", ++ [26518].param3 = 1, ++ [30632].file = "drivers/ide/ide-proc.c", ++ [30632].name = "ide_driver_proc_write", ++ [30632].param3 = 1, ++ [39024].file = "lib/scatterlist.c", ++ [39024].name = "sg_kmalloc", ++ [39024].param1 = 1, ++ [50359].file = "kernel/sched/core.c", ++ [50359].name = "alloc_sched_domains", ++ [50359].param1 = 1, ++ [53262].file = "drivers/block/aoe/aoechr.c", ++ [53262].name = "revalidate", ++ [53262].param2 = 1, ++ [56432].file = "drivers/base/regmap/regmap-debugfs.c", ++ [56432].name = "regmap_map_read_file", ++ [56432].param3 = 1, ++ [57500].file = "drivers/spi/spidev.c", ++ [57500].name = "spidev_write", ++ [57500].param3 = 1, ++ [8155].file = "drivers/hv/channel.c", ++ [8155].name = "vmbus_establish_gpadl", ++ [8155].param3 = 1, ++}; +diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c +new file mode 100644 +index 0000000..255439f +--- /dev/null ++++ b/tools/gcc/size_overflow_plugin.c +@@ -0,0 +1,1110 @@ ++/* ++ * Copyright 2011, 2012 by Emese Revfy <re.emese@gmail.com> ++ * Licensed under the GPL v2, or (at your option) v3 ++ * ++ * Homepage: ++ * http://www.grsecurity.net/~ephox/overflow_plugin/ ++ * ++ * This plugin recomputes expressions of function arguments marked by a size_overflow attribute ++ * with double integer precision (DImode/TImode for 32/64 bit integer types). ++ * The recomputed argument is checked against INT_MAX and an event is logged on overflow and the triggering process is killed. ++ * ++ * Usage: ++ * $ gcc -I`gcc -print-file-name=plugin`/include -fPIC -shared -O2 -o size_overflow_plugin.so size_overflow_plugin.c ++ * $ gcc -fplugin=size_overflow_plugin.so test.c -O2 ++ */ ++ ++#include "gcc-plugin.h" ++#include "config.h" ++#include "system.h" ++#include "coretypes.h" ++#include "tree.h" ++#include "tree-pass.h" ++#include "intl.h" ++#include "plugin-version.h" ++#include "tm.h" ++#include "toplev.h" ++#include "function.h" ++#include "tree-flow.h" ++#include "plugin.h" ++#include "gimple.h" ++#include "c-common.h" ++#include "diagnostic.h" ++#include "cfgloop.h" ++ ++struct size_overflow_hash { ++ const char *name; ++ const char *file; ++ unsigned short collision:1; ++ unsigned short param1:1; ++ unsigned short param2:1; ++ unsigned short param3:1; ++ unsigned short param4:1; ++ unsigned short param5:1; ++ unsigned short param6:1; ++ unsigned short param7:1; ++ unsigned short param8:1; ++ unsigned short param9:1; ++}; ++ ++#include "size_overflow_hash1.h" ++#include "size_overflow_hash2.h" ++ ++#define __unused __attribute__((__unused__)) ++#define NAME(node) IDENTIFIER_POINTER(DECL_NAME(node)) ++#define BEFORE_STMT true ++#define AFTER_STMT false ++#define CREATE_NEW_VAR NULL_TREE ++ ++int plugin_is_GPL_compatible; ++void debug_gimple_stmt (gimple gs); ++ ++static tree expand(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var); ++static tree signed_size_overflow_type; ++static tree unsigned_size_overflow_type; ++static tree report_size_overflow_decl; ++static tree const_char_ptr_type_node; ++static unsigned int handle_function(void); ++ ++static struct plugin_info size_overflow_plugin_info = { ++ .version = "20120409beta", ++ .help = "no-size_overflow\tturn off size overflow checking\n", ++}; ++ ++static tree handle_size_overflow_attribute(tree *node, tree __unused name, tree args, int __unused flags, bool *no_add_attrs) ++{ ++ unsigned int arg_count = type_num_arguments(*node); ++ ++ for (; args; args = TREE_CHAIN(args)) { ++ tree position = TREE_VALUE(args); ++ if (TREE_CODE(position) != INTEGER_CST || TREE_INT_CST_HIGH(position) || TREE_INT_CST_LOW(position) < 1 || TREE_INT_CST_LOW(position) > arg_count ) { ++ error("handle_size_overflow_attribute: overflow parameter outside range."); ++ *no_add_attrs = true; ++ } ++ } ++ return NULL_TREE; ++} ++ ++static struct attribute_spec no_size_overflow_attr = { ++ .name = "size_overflow", ++ .min_length = 1, ++ .max_length = -1, ++ .decl_required = false, ++ .type_required = true, ++ .function_type_required = true, ++ .handler = handle_size_overflow_attribute ++}; ++ ++static void register_attributes(void __unused *event_data, void __unused *data) ++{ ++ register_attribute(&no_size_overflow_attr); ++} ++ ++// http://www.team5150.com/~andrew/noncryptohashzoo2~/CrapWow.html ++static unsigned int CrapWow(const char *key, unsigned int len, unsigned int seed) ++{ ++#define cwfold( a, b, lo, hi ) { p = (unsigned int)(a) * (unsigned long long)(b); lo ^= (unsigned int)p; hi ^= (unsigned int)(p >> 32); } ++#define cwmixa( in ) { cwfold( in, m, k, h ); } ++#define cwmixb( in ) { cwfold( in, n, h, k ); } ++ ++ const unsigned int m = 0x57559429; ++ const unsigned int n = 0x5052acdb; ++ const unsigned int *key4 = (const unsigned int *)key; ++ unsigned int h = len; ++ unsigned int k = len + seed + n; ++ unsigned long long p; ++ ++ while (len >= 8) { ++ cwmixb(key4[0]) cwmixa(key4[1]) key4 += 2; ++ len -= 8; ++ } ++ if (len >= 4) { ++ cwmixb(key4[0]) key4 += 1; ++ len -= 4; ++ } ++ if (len) ++ cwmixa(key4[0] & ((1 << (len * 8)) - 1 )); ++ cwmixb(h ^ (k + n)); ++ return k ^ h; ++ ++#undef cwfold ++#undef cwmixa ++#undef cwmixb ++} ++ ++static inline unsigned int size_overflow_hash(const char *fndecl, unsigned int seed) ++{ ++ return CrapWow(fndecl, strlen(fndecl), seed) & 0xffff; ++} ++ ++static inline tree get_original_function_decl(tree fndecl) ++{ ++ if (DECL_ABSTRACT_ORIGIN(fndecl)) ++ return DECL_ABSTRACT_ORIGIN(fndecl); ++ return fndecl; ++} ++ ++static inline gimple get_def_stmt(tree node) ++{ ++ gcc_assert(TREE_CODE(node) == SSA_NAME); ++ return SSA_NAME_DEF_STMT(node); ++} ++ ++static struct size_overflow_hash *get_function_hash(tree fndecl) ++{ ++ unsigned int hash; ++ const char *func = NAME(fndecl); ++ ++ hash = size_overflow_hash(func, 0); ++ ++ if (size_overflow_hash1[hash].collision) { ++ hash = size_overflow_hash(func, 23432); ++ return &size_overflow_hash2[hash]; ++ } ++ return &size_overflow_hash1[hash]; ++} ++ ++static void check_arg_type(tree var) ++{ ++ tree type = TREE_TYPE(var); ++ enum tree_code code = TREE_CODE(type); ++ ++ gcc_assert(code == INTEGER_TYPE || ++ (code == POINTER_TYPE && TREE_CODE(TREE_TYPE(type)) == VOID_TYPE) || ++ (code == POINTER_TYPE && TREE_CODE(TREE_TYPE(type)) == INTEGER_TYPE)); ++} ++ ++static void check_missing_attribute(tree arg) ++{ ++ tree var, type, func = get_original_function_decl(current_function_decl); ++ const char *curfunc = NAME(func); ++ unsigned int new_hash, argnum = 1; ++ struct size_overflow_hash *hash; ++ location_t loc; ++ expanded_location xloc; ++ bool match = false; ++ ++ type = TREE_TYPE(arg); ++ // skip function pointers ++ if (TREE_CODE(type) == POINTER_TYPE && TREE_CODE(TREE_TYPE(type)) == FUNCTION_TYPE) ++ return; ++ ++ loc = DECL_SOURCE_LOCATION(func); ++ xloc = expand_location(loc); ++ ++ if (lookup_attribute("size_overflow", TYPE_ATTRIBUTES(TREE_TYPE(func)))) ++ return; ++ ++ hash = get_function_hash(func); ++ if (hash->name && !strcmp(hash->name, NAME(func)) && !strcmp(hash->file, xloc.file)) ++ return; ++ ++ gcc_assert(TREE_CODE(arg) != COMPONENT_REF); ++ ++ if (TREE_CODE(arg) == SSA_NAME) ++ arg = SSA_NAME_VAR(arg); ++ ++ for (var = DECL_ARGUMENTS(func); var; var = TREE_CHAIN(var)) { ++ if (strcmp(NAME(arg), NAME(var))) { ++ argnum++; ++ continue; ++ } ++ check_arg_type(var); ++ ++ match = true; ++ if (!TYPE_UNSIGNED(TREE_TYPE(var))) ++ return; ++ break; ++ } ++ if (!match) { ++ warning(0, "check_missing_attribute: cannot find the %s argument in %s", NAME(arg), NAME(func)); ++ return; ++ } ++ ++#define check_param(num) \ ++ if (num == argnum && hash->param##num) \ ++ return; ++ check_param(1); ++ check_param(2); ++ check_param(3); ++ check_param(4); ++ check_param(5); ++ check_param(6); ++ check_param(7); ++ check_param(8); ++ check_param(9); ++#undef check_param ++ ++ new_hash = size_overflow_hash(curfunc, 0); ++ inform(loc, "Function %s is missing from the size_overflow hash table +%s+%d+%u+%s", curfunc, curfunc, argnum, new_hash, xloc.file); ++} ++ ++static tree create_new_var(tree type) ++{ ++ tree new_var = create_tmp_var(type, "cicus"); ++ ++ add_referenced_var(new_var); ++ mark_sym_for_renaming(new_var); ++ return new_var; ++} ++ ++static bool is_bool(tree node) ++{ ++ tree type; ++ ++ if (node == NULL_TREE) ++ return false; ++ ++ type = TREE_TYPE(node); ++ if (!INTEGRAL_TYPE_P(type)) ++ return false; ++ if (TREE_CODE(type) == BOOLEAN_TYPE) ++ return true; ++ if (TYPE_PRECISION(type) == 1) ++ return true; ++ return false; ++} ++ ++static tree cast_a_tree(tree type, tree var) ++{ ++ gcc_assert(fold_convertible_p(type, var)); ++ ++ return fold_convert(type, var); ++} ++ ++static gimple build_cast_stmt(tree type, tree var, tree new_var, location_t loc) ++{ ++ gimple assign; ++ ++ if (new_var == CREATE_NEW_VAR) ++ new_var = create_new_var(type); ++ ++ assign = gimple_build_assign(new_var, cast_a_tree(type, var)); ++ gimple_set_location(assign, loc); ++ gimple_set_lhs(assign, make_ssa_name(new_var, assign)); ++ ++ return assign; ++} ++ ++static tree create_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt, tree rhs1, bool before) ++{ ++ tree oldstmt_rhs1; ++ enum tree_code code; ++ gimple stmt; ++ gimple_stmt_iterator gsi; ++ ++ if (!*potentionally_overflowed) ++ return NULL_TREE; ++ ++ if (rhs1 == NULL_TREE) { ++ debug_gimple_stmt(oldstmt); ++ error("create_assign: rhs1 is NULL_TREE"); ++ gcc_unreachable(); ++ } ++ ++ oldstmt_rhs1 = gimple_assign_rhs1(oldstmt); ++ code = TREE_CODE(oldstmt_rhs1); ++ if (code == PARM_DECL || (code == SSA_NAME && gimple_code(get_def_stmt(oldstmt_rhs1)) == GIMPLE_NOP)) ++ check_missing_attribute(oldstmt_rhs1); ++ ++ stmt = build_cast_stmt(signed_size_overflow_type, rhs1, CREATE_NEW_VAR, gimple_location(oldstmt)); ++ gsi = gsi_for_stmt(oldstmt); ++ if (before) ++ gsi_insert_before(&gsi, stmt, GSI_NEW_STMT); ++ else ++ gsi_insert_after(&gsi, stmt, GSI_NEW_STMT); ++ update_stmt(stmt); ++ pointer_set_insert(visited, oldstmt); ++ return gimple_get_lhs(stmt); ++} ++ ++static tree dup_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt, tree rhs1, tree rhs2, tree __unused rhs3) ++{ ++ tree new_var, lhs = gimple_get_lhs(oldstmt); ++ gimple stmt; ++ gimple_stmt_iterator gsi; ++ ++ if (!*potentionally_overflowed) ++ return NULL_TREE; ++ ++ if (gimple_num_ops(oldstmt) != 4 && rhs1 == NULL_TREE) { ++ rhs1 = gimple_assign_rhs1(oldstmt); ++ rhs1 = create_assign(visited, potentionally_overflowed, oldstmt, rhs1, BEFORE_STMT); ++ } ++ if (gimple_num_ops(oldstmt) == 3 && rhs2 == NULL_TREE) { ++ rhs2 = gimple_assign_rhs2(oldstmt); ++ rhs2 = create_assign(visited, potentionally_overflowed, oldstmt, rhs2, BEFORE_STMT); ++ } ++ ++ stmt = gimple_copy(oldstmt); ++ gimple_set_location(stmt, gimple_location(oldstmt)); ++ ++ if (gimple_assign_rhs_code(oldstmt) == WIDEN_MULT_EXPR) ++ gimple_assign_set_rhs_code(stmt, MULT_EXPR); ++ ++ if (is_bool(lhs)) ++ new_var = SSA_NAME_VAR(lhs); ++ else ++ new_var = create_new_var(signed_size_overflow_type); ++ new_var = make_ssa_name(new_var, stmt); ++ gimple_set_lhs(stmt, new_var); ++ ++ if (rhs1 != NULL_TREE) { ++ if (!gimple_assign_cast_p(oldstmt)) ++ rhs1 = cast_a_tree(signed_size_overflow_type, rhs1); ++ gimple_assign_set_rhs1(stmt, rhs1); ++ } ++ ++ if (rhs2 != NULL_TREE) ++ gimple_assign_set_rhs2(stmt, rhs2); ++#if BUILDING_GCC_VERSION >= 4007 ++ if (rhs3 != NULL_TREE) ++ gimple_assign_set_rhs3(stmt, rhs3); ++#endif ++ gimple_set_vuse(stmt, gimple_vuse(oldstmt)); ++ gimple_set_vdef(stmt, gimple_vdef(oldstmt)); ++ ++ gsi = gsi_for_stmt(oldstmt); ++ gsi_insert_after(&gsi, stmt, GSI_SAME_STMT); ++ update_stmt(stmt); ++ pointer_set_insert(visited, oldstmt); ++ return gimple_get_lhs(stmt); ++} ++ ++static gimple overflow_create_phi_node(gimple oldstmt, tree var) ++{ ++ basic_block bb; ++ gimple phi; ++ gimple_stmt_iterator gsi = gsi_for_stmt(oldstmt); ++ ++ bb = gsi_bb(gsi); ++ ++ phi = create_phi_node(var, bb); ++ gsi = gsi_last(phi_nodes(bb)); ++ gsi_remove(&gsi, false); ++ ++ gsi = gsi_for_stmt(oldstmt); ++ gsi_insert_after(&gsi, phi, GSI_NEW_STMT); ++ gimple_set_bb(phi, bb); ++ return phi; ++} ++ ++static tree signed_cast_constant(tree node) ++{ ++ gcc_assert(is_gimple_constant(node)); ++ ++ return cast_a_tree(signed_size_overflow_type, node); ++} ++ ++static gimple cast_old_phi_arg(gimple oldstmt, tree arg, tree new_var, unsigned int i) ++{ ++ basic_block bb; ++ gimple newstmt, def_stmt; ++ gimple_stmt_iterator gsi; ++ ++ newstmt = build_cast_stmt(signed_size_overflow_type, arg, new_var, gimple_location(oldstmt)); ++ if (TREE_CODE(arg) == SSA_NAME) { ++ def_stmt = get_def_stmt(arg); ++ if (gimple_code(def_stmt) != GIMPLE_NOP) { ++ gsi = gsi_for_stmt(def_stmt); ++ gsi_insert_after(&gsi, newstmt, GSI_NEW_STMT); ++ return newstmt; ++ } ++ } ++ ++ bb = gimple_phi_arg_edge(oldstmt, i)->src; ++ gsi = gsi_after_labels(bb); ++ gsi_insert_before(&gsi, newstmt, GSI_NEW_STMT); ++ return newstmt; ++} ++ ++static gimple handle_new_phi_arg(tree arg, tree new_var, tree new_rhs) ++{ ++ gimple newstmt; ++ gimple_stmt_iterator gsi; ++ void (*gsi_insert)(gimple_stmt_iterator *, gimple, enum gsi_iterator_update); ++ gimple def_newstmt = get_def_stmt(new_rhs); ++ ++ gsi_insert = gsi_insert_after; ++ gsi = gsi_for_stmt(def_newstmt); ++ ++ switch (gimple_code(get_def_stmt(arg))) { ++ case GIMPLE_PHI: ++ newstmt = gimple_build_assign(new_var, new_rhs); ++ gsi = gsi_after_labels(gimple_bb(def_newstmt)); ++ gsi_insert = gsi_insert_before; ++ break; ++ case GIMPLE_ASM: ++ case GIMPLE_CALL: ++ newstmt = gimple_build_assign(new_var, new_rhs); ++ break; ++ case GIMPLE_ASSIGN: ++ newstmt = gimple_copy(def_newstmt); ++ break; ++ default: ++ /* unknown gimple_code (handle_build_new_phi_arg) */ ++ gcc_unreachable(); ++ } ++ ++ gimple_set_lhs(newstmt, make_ssa_name(new_var, newstmt)); ++ gsi_insert(&gsi, newstmt, GSI_NEW_STMT); ++ return newstmt; ++} ++ ++static tree build_new_phi_arg(struct pointer_set_t *visited, bool *potentionally_overflowed, tree arg, tree new_var) ++{ ++ gimple newstmt; ++ tree new_rhs; ++ ++ new_rhs = expand(visited, potentionally_overflowed, arg); ++ ++ if (new_rhs == NULL_TREE) ++ return NULL_TREE; ++ ++ newstmt = handle_new_phi_arg(arg, new_var, new_rhs); ++ update_stmt(newstmt); ++ return gimple_get_lhs(newstmt); ++} ++ ++static tree build_new_phi(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt) ++{ ++ gimple phi; ++ tree new_var = create_new_var(signed_size_overflow_type); ++ unsigned int i, n = gimple_phi_num_args(oldstmt); ++ ++ pointer_set_insert(visited, oldstmt); ++ phi = overflow_create_phi_node(oldstmt, new_var); ++ for (i = 0; i < n; i++) { ++ tree arg, lhs; ++ ++ arg = gimple_phi_arg_def(oldstmt, i); ++ if (is_gimple_constant(arg)) ++ arg = signed_cast_constant(arg); ++ lhs = build_new_phi_arg(visited, potentionally_overflowed, arg, new_var); ++ if (lhs == NULL_TREE) ++ lhs = gimple_get_lhs(cast_old_phi_arg(oldstmt, arg, new_var, i)); ++ add_phi_arg(phi, lhs, gimple_phi_arg_edge(oldstmt, i), gimple_location(oldstmt)); ++ } ++ ++ update_stmt(phi); ++ return gimple_phi_result(phi); ++} ++ ++static tree handle_unary_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) ++{ ++ gimple def_stmt = get_def_stmt(var); ++ tree new_rhs1, rhs1 = gimple_assign_rhs1(def_stmt); ++ ++ *potentionally_overflowed = true; ++ new_rhs1 = expand(visited, potentionally_overflowed, rhs1); ++ if (new_rhs1 == NULL_TREE) { ++ if (TREE_CODE(TREE_TYPE(rhs1)) == POINTER_TYPE) ++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); ++ else ++ return create_assign(visited, potentionally_overflowed, def_stmt, rhs1, AFTER_STMT); ++ } ++ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, NULL_TREE, NULL_TREE); ++} ++ ++static tree handle_unary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) ++{ ++ gimple def_stmt = get_def_stmt(var); ++ tree rhs1 = gimple_assign_rhs1(def_stmt); ++ ++ if (is_gimple_constant(rhs1)) ++ return dup_assign(visited, potentionally_overflowed, def_stmt, signed_cast_constant(rhs1), NULL_TREE, NULL_TREE); ++ ++ switch (TREE_CODE(rhs1)) { ++ case SSA_NAME: ++ return handle_unary_rhs(visited, potentionally_overflowed, var); ++ ++ case ARRAY_REF: ++ case ADDR_EXPR: ++ case COMPONENT_REF: ++ case COND_EXPR: ++ case INDIRECT_REF: ++#if BUILDING_GCC_VERSION >= 4006 ++ case MEM_REF: ++#endif ++ case PARM_DECL: ++ case TARGET_MEM_REF: ++ case VAR_DECL: ++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); ++ ++ default: ++ debug_gimple_stmt(def_stmt); ++ debug_tree(rhs1); ++ gcc_unreachable(); ++ } ++} ++ ++static void insert_cond(basic_block cond_bb, tree arg, enum tree_code cond_code, tree type_value) ++{ ++ gimple cond_stmt; ++ gimple_stmt_iterator gsi = gsi_last_bb(cond_bb); ++ ++ cond_stmt = gimple_build_cond(cond_code, arg, type_value, NULL_TREE, NULL_TREE); ++ gsi_insert_after(&gsi, cond_stmt, GSI_CONTINUE_LINKING); ++ update_stmt(cond_stmt); ++} ++ ++static tree create_string_param(tree string) ++{ ++ tree array_ref = build4(ARRAY_REF, TREE_TYPE(string), string, integer_zero_node, NULL, NULL); ++ ++ return build1(ADDR_EXPR, ptr_type_node, array_ref); ++} ++ ++static void insert_cond_result(basic_block bb_true, gimple stmt, tree arg) ++{ ++ gimple func_stmt, def_stmt; ++ tree current_func, loc_file, loc_line; ++ expanded_location xloc; ++ gimple_stmt_iterator gsi = gsi_start_bb(bb_true); ++ ++ def_stmt = get_def_stmt(arg); ++ xloc = expand_location(gimple_location(def_stmt)); ++ ++ if (!gimple_has_location(def_stmt)) { ++ xloc = expand_location(gimple_location(stmt)); ++ if (!gimple_has_location(stmt)) ++ xloc = expand_location(DECL_SOURCE_LOCATION(current_function_decl)); ++ } ++ ++ loc_line = build_int_cstu(unsigned_type_node, xloc.line); ++ ++ loc_file = build_string(strlen(xloc.file), xloc.file); ++ TREE_TYPE(loc_file) = char_array_type_node; ++ loc_file = create_string_param(loc_file); ++ ++ current_func = build_string(IDENTIFIER_LENGTH(DECL_NAME(current_function_decl)), NAME(current_function_decl)); ++ TREE_TYPE(current_func) = char_array_type_node; ++ current_func = create_string_param(current_func); ++ ++ // void report_size_overflow(const char *file, unsigned int line, const char *func) ++ func_stmt = gimple_build_call(report_size_overflow_decl, 3, loc_file, loc_line, current_func); ++ ++ gsi_insert_after(&gsi, func_stmt, GSI_CONTINUE_LINKING); ++} ++ ++static void insert_check_size_overflow(gimple stmt, enum tree_code cond_code, tree arg, tree type_value) ++{ ++ basic_block cond_bb, join_bb, bb_true; ++ edge e; ++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt); ++// location_t loc = gimple_location(stmt); ++ ++ cond_bb = gimple_bb(stmt); ++ gsi_prev(&gsi); ++ if (gsi_end_p(gsi)) ++ e = split_block_after_labels(cond_bb); ++ else ++ e = split_block(cond_bb, gsi_stmt(gsi)); ++ cond_bb = e->src; ++ join_bb = e->dest; ++ e->flags = EDGE_FALSE_VALUE; ++ e->probability = REG_BR_PROB_BASE; ++ ++ bb_true = create_empty_bb(cond_bb); ++ make_edge(cond_bb, bb_true, EDGE_TRUE_VALUE); ++ make_edge(cond_bb, join_bb, EDGE_FALSE_VALUE); ++ make_edge(bb_true, join_bb, EDGE_FALLTHRU); ++ ++ if (dom_info_available_p(CDI_DOMINATORS)) { ++ set_immediate_dominator(CDI_DOMINATORS, bb_true, cond_bb); ++ set_immediate_dominator(CDI_DOMINATORS, join_bb, cond_bb); ++ } ++ ++ if (current_loops != NULL) { ++ gcc_assert(cond_bb->loop_father == join_bb->loop_father); ++ add_bb_to_loop(bb_true, cond_bb->loop_father); ++ } ++ ++ insert_cond(cond_bb, arg, cond_code, type_value); ++ insert_cond_result(bb_true, stmt, arg); ++ ++// inform(loc, "Integer size_overflow check applied here."); ++} ++ ++static tree get_type_for_check(tree rhs) ++{ ++ tree def_rhs; ++ gimple def_stmt = get_def_stmt(rhs); ++ ++ if (!gimple_assign_cast_p(def_stmt)) ++ return TREE_TYPE(rhs); ++ def_rhs = gimple_assign_rhs1(def_stmt); ++ if (TREE_CODE(TREE_TYPE(def_rhs)) == INTEGER_TYPE) ++ return TREE_TYPE(def_rhs); ++ return TREE_TYPE(rhs); ++} ++ ++static gimple cast_to_unsigned_size_overflow_type(gimple stmt, tree cast_rhs) ++{ ++ gimple ucast_stmt; ++ gimple_stmt_iterator gsi; ++ location_t loc = gimple_location(stmt); ++ ++ ucast_stmt = build_cast_stmt(unsigned_size_overflow_type, cast_rhs, CREATE_NEW_VAR, loc); ++ gsi = gsi_for_stmt(stmt); ++ gsi_insert_before(&gsi, ucast_stmt, GSI_SAME_STMT); ++ return ucast_stmt; ++} ++ ++static void check_size_overflow(gimple stmt, tree cast_rhs, tree rhs, bool *potentionally_overflowed) ++{ ++ tree type_max, type_min, rhs_type; ++ gimple ucast_stmt; ++ ++ if (!*potentionally_overflowed) ++ return; ++ ++ rhs_type = get_type_for_check(rhs); ++ ++ if (TYPE_UNSIGNED(rhs_type)) { ++ ucast_stmt = cast_to_unsigned_size_overflow_type(stmt, cast_rhs); ++ type_max = cast_a_tree(unsigned_size_overflow_type, TYPE_MAX_VALUE(rhs_type)); ++ insert_check_size_overflow(stmt, GT_EXPR, gimple_get_lhs(ucast_stmt), type_max); ++ } else { ++ type_max = cast_a_tree(signed_size_overflow_type, TYPE_MAX_VALUE(rhs_type)); ++ insert_check_size_overflow(stmt, GT_EXPR, cast_rhs, type_max); ++ ++ type_min = cast_a_tree(signed_size_overflow_type, TYPE_MIN_VALUE(rhs_type)); ++ insert_check_size_overflow(stmt, LT_EXPR, cast_rhs, type_min); ++ } ++} ++ ++static tree change_assign_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple stmt, tree orig_rhs) ++{ ++ gimple assign; ++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt); ++ tree new_rhs, origtype = TREE_TYPE(orig_rhs); ++ ++ gcc_assert(gimple_code(stmt) == GIMPLE_ASSIGN); ++ ++ new_rhs = expand(visited, potentionally_overflowed, orig_rhs); ++ if (new_rhs == NULL_TREE) ++ return NULL_TREE; ++ ++ assign = build_cast_stmt(origtype, new_rhs, CREATE_NEW_VAR, gimple_location(stmt)); ++ gsi_insert_before(&gsi, assign, GSI_SAME_STMT); ++ update_stmt(assign); ++ return gimple_get_lhs(assign); ++} ++ ++static tree handle_const_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple def_stmt, tree var, tree rhs, tree new_rhs1, tree new_rhs2, void (*gimple_assign_set_rhs)(gimple, tree)) ++{ ++ tree new_rhs, cast_rhs; ++ ++ if (gimple_assign_rhs_code(def_stmt) == MIN_EXPR) ++ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, NULL_TREE); ++ ++ new_rhs = change_assign_rhs(visited, potentionally_overflowed, def_stmt, rhs); ++ if (new_rhs != NULL_TREE) { ++ gimple_assign_set_rhs(def_stmt, new_rhs); ++ update_stmt(def_stmt); ++ ++ cast_rhs = gimple_assign_rhs1(get_def_stmt(new_rhs)); ++ ++ check_size_overflow(def_stmt, cast_rhs, rhs, potentionally_overflowed); ++ } ++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); ++} ++ ++static tree handle_binary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) ++{ ++ tree rhs1, rhs2; ++ gimple def_stmt = get_def_stmt(var); ++ tree new_rhs1 = NULL_TREE; ++ tree new_rhs2 = NULL_TREE; ++ ++ rhs1 = gimple_assign_rhs1(def_stmt); ++ rhs2 = gimple_assign_rhs2(def_stmt); ++ ++ /* no DImode/TImode division in the 32/64 bit kernel */ ++ switch (gimple_assign_rhs_code(def_stmt)) { ++ case RDIV_EXPR: ++ case TRUNC_DIV_EXPR: ++ case CEIL_DIV_EXPR: ++ case FLOOR_DIV_EXPR: ++ case ROUND_DIV_EXPR: ++ case TRUNC_MOD_EXPR: ++ case CEIL_MOD_EXPR: ++ case FLOOR_MOD_EXPR: ++ case ROUND_MOD_EXPR: ++ case EXACT_DIV_EXPR: ++ case POINTER_PLUS_EXPR: ++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); ++ default: ++ break; ++ } ++ ++ *potentionally_overflowed = true; ++ ++ if (TREE_CODE(rhs1) == SSA_NAME) ++ new_rhs1 = expand(visited, potentionally_overflowed, rhs1); ++ if (TREE_CODE(rhs2) == SSA_NAME) ++ new_rhs2 = expand(visited, potentionally_overflowed, rhs2); ++ ++ if (is_gimple_constant(rhs2)) ++ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs1, new_rhs1, signed_cast_constant(rhs2), &gimple_assign_set_rhs1); ++ ++ if (is_gimple_constant(rhs1)) ++ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs2, signed_cast_constant(rhs1), new_rhs2, &gimple_assign_set_rhs2); ++ ++ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, NULL_TREE); ++} ++ ++#if BUILDING_GCC_VERSION >= 4007 ++static tree get_new_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, tree rhs) ++{ ++ if (is_gimple_constant(rhs)) ++ return signed_cast_constant(rhs); ++ if (TREE_CODE(rhs) != SSA_NAME) ++ return NULL_TREE; ++ return expand(visited, potentionally_overflowed, rhs); ++} ++ ++static tree handle_ternary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) ++{ ++ tree rhs1, rhs2, rhs3, new_rhs1, new_rhs2, new_rhs3; ++ gimple def_stmt = get_def_stmt(var); ++ ++ *potentionally_overflowed = true; ++ ++ rhs1 = gimple_assign_rhs1(def_stmt); ++ rhs2 = gimple_assign_rhs2(def_stmt); ++ rhs3 = gimple_assign_rhs3(def_stmt); ++ new_rhs1 = get_new_rhs(visited, potentionally_overflowed, rhs1); ++ new_rhs2 = get_new_rhs(visited, potentionally_overflowed, rhs2); ++ new_rhs3 = get_new_rhs(visited, potentionally_overflowed, rhs3); ++ ++ if (new_rhs1 == NULL_TREE && new_rhs2 != NULL_TREE && new_rhs3 != NULL_TREE) ++ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, new_rhs3); ++ error("handle_ternary_ops: unknown rhs"); ++ gcc_unreachable(); ++} ++#endif ++ ++static void set_size_overflow_type(tree node) ++{ ++ switch (TYPE_MODE(TREE_TYPE(node))) { ++ case SImode: ++ signed_size_overflow_type = intDI_type_node; ++ unsigned_size_overflow_type = unsigned_intDI_type_node; ++ break; ++ case DImode: ++ if (LONG_TYPE_SIZE == GET_MODE_BITSIZE(SImode)) { ++ signed_size_overflow_type = intDI_type_node; ++ unsigned_size_overflow_type = unsigned_intDI_type_node; ++ } else { ++ signed_size_overflow_type = intTI_type_node; ++ unsigned_size_overflow_type = unsigned_intTI_type_node; ++ } ++ break; ++ default: ++ error("set_size_overflow_type: unsupported gcc configuration."); ++ gcc_unreachable(); ++ } ++} ++ ++static tree expand_visited(gimple def_stmt) ++{ ++ gimple tmp; ++ gimple_stmt_iterator gsi = gsi_for_stmt(def_stmt); ++ ++ gsi_next(&gsi); ++ tmp = gsi_stmt(gsi); ++ switch (gimple_code(tmp)) { ++ case GIMPLE_ASSIGN: ++ return gimple_get_lhs(tmp); ++ case GIMPLE_PHI: ++ return gimple_phi_result(tmp); ++ case GIMPLE_CALL: ++ return gimple_call_lhs(tmp); ++ default: ++ return NULL_TREE; ++ } ++} ++ ++static tree expand(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) ++{ ++ gimple def_stmt; ++ enum tree_code code = TREE_CODE(TREE_TYPE(var)); ++ ++ if (is_gimple_constant(var)) ++ return NULL_TREE; ++ ++ if (TREE_CODE(var) == ADDR_EXPR) ++ return NULL_TREE; ++ ++ gcc_assert(code == INTEGER_TYPE || code == POINTER_TYPE || code == BOOLEAN_TYPE); ++ if (code != INTEGER_TYPE) ++ return NULL_TREE; ++ ++ if (SSA_NAME_IS_DEFAULT_DEF(var)) { ++ check_missing_attribute(var); ++ return NULL_TREE; ++ } ++ ++ def_stmt = get_def_stmt(var); ++ ++ if (!def_stmt) ++ return NULL_TREE; ++ ++ if (pointer_set_contains(visited, def_stmt)) ++ return expand_visited(def_stmt); ++ ++ switch (gimple_code(def_stmt)) { ++ case GIMPLE_NOP: ++ check_missing_attribute(var); ++ return NULL_TREE; ++ case GIMPLE_PHI: ++ return build_new_phi(visited, potentionally_overflowed, def_stmt); ++ case GIMPLE_CALL: ++ case GIMPLE_ASM: ++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); ++ case GIMPLE_ASSIGN: ++ switch (gimple_num_ops(def_stmt)) { ++ case 2: ++ return handle_unary_ops(visited, potentionally_overflowed, var); ++ case 3: ++ return handle_binary_ops(visited, potentionally_overflowed, var); ++#if BUILDING_GCC_VERSION >= 4007 ++ case 4: ++ return handle_ternary_ops(visited, potentionally_overflowed, var); ++#endif ++ } ++ default: ++ debug_gimple_stmt(def_stmt); ++ error("expand: unknown gimple code"); ++ gcc_unreachable(); ++ } ++} ++ ++static void change_function_arg(gimple stmt, tree origarg, unsigned int argnum, tree newarg) ++{ ++ gimple assign; ++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt); ++ tree origtype = TREE_TYPE(origarg); ++ ++ gcc_assert(gimple_code(stmt) == GIMPLE_CALL); ++ ++ assign = build_cast_stmt(origtype, newarg, CREATE_NEW_VAR, gimple_location(stmt)); ++ gsi_insert_before(&gsi, assign, GSI_SAME_STMT); ++ update_stmt(assign); ++ ++ gimple_call_set_arg(stmt, argnum, gimple_get_lhs(assign)); ++ update_stmt(stmt); ++} ++ ++static tree get_function_arg(unsigned int argnum, gimple stmt, tree fndecl) ++{ ++ const char *origid; ++ tree arg, origarg; ++ ++ if (!DECL_ABSTRACT_ORIGIN(fndecl)) { ++ gcc_assert(gimple_call_num_args(stmt) > argnum); ++ return gimple_call_arg(stmt, argnum); ++ } ++ ++ origarg = DECL_ARGUMENTS(DECL_ABSTRACT_ORIGIN(fndecl)); ++ while (origarg && argnum) { ++ argnum--; ++ origarg = TREE_CHAIN(origarg); ++ } ++ ++ gcc_assert(argnum == 0); ++ ++ gcc_assert(origarg != NULL_TREE); ++ origid = NAME(origarg); ++ for (arg = DECL_ARGUMENTS(fndecl); arg; arg = TREE_CHAIN(arg)) { ++ if (!strcmp(origid, NAME(arg))) ++ return arg; ++ } ++ return NULL_TREE; ++} ++ ++static void handle_function_arg(gimple stmt, tree fndecl, unsigned int argnum) ++{ ++ struct pointer_set_t *visited; ++ tree arg, newarg, type_max; ++ gimple ucast_stmt; ++ bool potentionally_overflowed; ++ ++ arg = get_function_arg(argnum, stmt, fndecl); ++ if (arg == NULL_TREE) ++ return; ++ ++ if (is_gimple_constant(arg)) ++ return; ++ if (TREE_CODE(arg) != SSA_NAME) ++ return; ++ ++ check_arg_type(arg); ++ ++ set_size_overflow_type(arg); ++ ++ visited = pointer_set_create(); ++ potentionally_overflowed = false; ++ newarg = expand(visited, &potentionally_overflowed, arg); ++ pointer_set_destroy(visited); ++ ++ if (newarg == NULL_TREE || !potentionally_overflowed) ++ return; ++ ++ change_function_arg(stmt, arg, argnum, newarg); ++ ++ ucast_stmt = cast_to_unsigned_size_overflow_type(stmt, newarg); ++ ++ type_max = build_int_cstu(unsigned_size_overflow_type, 0x7fffffff); ++ insert_check_size_overflow(stmt, GT_EXPR, gimple_get_lhs(ucast_stmt), type_max); ++} ++ ++static void handle_function_by_attribute(gimple stmt, tree attr, tree fndecl) ++{ ++ tree p = TREE_VALUE(attr); ++ do { ++ handle_function_arg(stmt, fndecl, TREE_INT_CST_LOW(TREE_VALUE(p))-1); ++ p = TREE_CHAIN(p); ++ } while (p); ++} ++ ++static void handle_function_by_hash(gimple stmt, tree fndecl) ++{ ++ struct size_overflow_hash *hash; ++ expanded_location xloc; ++ ++ hash = get_function_hash(fndecl); ++ xloc = expand_location(DECL_SOURCE_LOCATION(fndecl)); ++ ++ fndecl = get_original_function_decl(fndecl); ++ if (!hash->name || !hash->file) ++ return; ++ if (strcmp(hash->name, NAME(fndecl)) || strcmp(hash->file, xloc.file)) ++ return; ++ ++#define search_param(argnum) \ ++ if (hash->param##argnum) \ ++ handle_function_arg(stmt, fndecl, argnum - 1); ++ ++ search_param(1); ++ search_param(2); ++ search_param(3); ++ search_param(4); ++ search_param(5); ++ search_param(6); ++ search_param(7); ++ search_param(8); ++ search_param(9); ++#undef search_param ++} ++ ++static unsigned int handle_function(void) ++{ ++ basic_block bb = ENTRY_BLOCK_PTR->next_bb; ++ int saved_last_basic_block = last_basic_block; ++ ++ do { ++ gimple_stmt_iterator gsi; ++ basic_block next = bb->next_bb; ++ ++ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { ++ tree fndecl, attr; ++ gimple stmt = gsi_stmt(gsi); ++ ++ if (!(is_gimple_call(stmt))) ++ continue; ++ fndecl = gimple_call_fndecl(stmt); ++ if (fndecl == NULL_TREE) ++ continue; ++ if (gimple_call_num_args(stmt) == 0) ++ continue; ++ attr = lookup_attribute("size_overflow", TYPE_ATTRIBUTES(TREE_TYPE(fndecl))); ++ if (!attr || !TREE_VALUE(attr)) ++ handle_function_by_hash(stmt, fndecl); ++ else ++ handle_function_by_attribute(stmt, attr, fndecl); ++ gsi = gsi_for_stmt(stmt); ++ } ++ bb = next; ++ } while (bb && bb->index <= saved_last_basic_block); ++ return 0; ++} ++ ++static struct gimple_opt_pass size_overflow_pass = { ++ .pass = { ++ .type = GIMPLE_PASS, ++ .name = "size_overflow", ++ .gate = NULL, ++ .execute = handle_function, ++ .sub = NULL, ++ .next = NULL, ++ .static_pass_number = 0, ++ .tv_id = TV_NONE, ++ .properties_required = PROP_cfg | PROP_referenced_vars, ++ .properties_provided = 0, ++ .properties_destroyed = 0, ++ .todo_flags_start = 0, ++ .todo_flags_finish = TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_remove_unused_locals | TODO_update_ssa_no_phi | TODO_cleanup_cfg | TODO_ggc_collect | TODO_verify_flow ++ } ++}; ++ ++static void start_unit_callback(void __unused *gcc_data, void __unused *user_data) ++{ ++ tree fntype; ++ ++ const_char_ptr_type_node = build_pointer_type(build_type_variant(char_type_node, 1, 0)); ++ ++ // void report_size_overflow(const char *loc_file, unsigned int loc_line, const char *current_func) ++ fntype = build_function_type_list(void_type_node, ++ const_char_ptr_type_node, ++ unsigned_type_node, ++ const_char_ptr_type_node, ++ NULL_TREE); ++ report_size_overflow_decl = build_fn_decl("report_size_overflow", fntype); ++ ++ TREE_PUBLIC(report_size_overflow_decl) = 1; ++ DECL_EXTERNAL(report_size_overflow_decl) = 1; ++ DECL_ARTIFICIAL(report_size_overflow_decl) = 1; ++} ++ ++extern struct gimple_opt_pass pass_dce; ++ ++int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version) ++{ ++ int i; ++ const char * const plugin_name = plugin_info->base_name; ++ const int argc = plugin_info->argc; ++ const struct plugin_argument * const argv = plugin_info->argv; ++ bool enable = true; ++ ++ struct register_pass_info size_overflow_pass_info = { ++ .pass = &size_overflow_pass.pass, ++ .reference_pass_name = "ssa", ++ .ref_pass_instance_number = 1, ++ .pos_op = PASS_POS_INSERT_AFTER ++ }; ++ ++ if (!plugin_default_version_check(version, &gcc_version)) { ++ error(G_("incompatible gcc/plugin versions")); ++ return 1; ++ } ++ ++ for (i = 0; i < argc; ++i) { ++ if (!(strcmp(argv[i].key, "no-size_overflow"))) { ++ enable = false; ++ continue; ++ } ++ error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); ++ } ++ ++ register_callback(plugin_name, PLUGIN_INFO, NULL, &size_overflow_plugin_info); ++ if (enable) { ++ register_callback ("start_unit", PLUGIN_START_UNIT, &start_unit_callback, NULL); ++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &size_overflow_pass_info); ++ } ++ register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes, NULL); ++ ++ return 0; ++} diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c new file mode 100644 index 0000000..b87ec9d |