Commit 2a8ec5c8 authored by Natanael Copa's avatar Natanael Copa
Browse files

main/linux-grsec: upgrade to grsecurity-3.0-3.14.15-201408032014

fixes #3277
parent 046b557c
......@@ -7,7 +7,7 @@ case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
pkgrel=0
pkgrel=1
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
......@@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
grsecurity-3.0-3.14.15-201407312005.patch
grsecurity-3.0-3.14.15-201408032014.patch
fix-memory-map-for-PIE-applications.patch
imx6q-no-unclocked-sleep.patch
......@@ -166,7 +166,7 @@ dev() {
md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz
497579393986bb76e08abc355e59550c patch-3.14.15.xz
2a44c70e3bd3efcdbca973f65d81c9c5 grsecurity-3.0-3.14.15-201407312005.patch
d1d5b12a0a0f0f8dd8588d42bd3b2375 grsecurity-3.0-3.14.15-201408032014.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch
69688dbc1669bfd04dec7bb316e58b8d kernelconfig.x86
......@@ -174,7 +174,7 @@ e0b3a0898935183bf42078350d2e31f1 kernelconfig.x86_64
0d71b1663f7cbfffc6e403deca4bbe86 kernelconfig.armhf"
sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz
fd0fff77dd5274fd53bce431275cf203357d1a96a6c6129f0562b07232399ed2 patch-3.14.15.xz
a3b1ce09f002037274f1ace901353b5c13bebfcb95f6533753f3a6062060aedd grsecurity-3.0-3.14.15-201407312005.patch
c52e543a680cf82721aa378251fd66f223a03a294343ae9500bc6d1d59771f8f grsecurity-3.0-3.14.15-201408032014.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch
61c9344b8643ab81b0d7230f77fa003c8e2ce46bf4ea18315708e77ccef5de83 kernelconfig.x86
......@@ -182,7 +182,7 @@ a3b1ce09f002037274f1ace901353b5c13bebfcb95f6533753f3a6062060aedd grsecurity-3.0
3cddaac02211dd0f5eb4531aecc3a1427f29dcec7b31d9fe0042192d591bcdc8 kernelconfig.armhf"
sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz
9a9d99a5e6f724f3c7063212ce7187e1bf15a1931aacc0e56fcb46b5f1f8266c47dd61ca0dafdfeb27a7348817629fa2d26df0f0d6f36d7ceab6295b39a5e5d9 patch-3.14.15.xz
e865427b195329e5e690231a6ec4b84a74f714acdd4740571d964ff5ee6ec1af5c9bce62515861d58ef9d866451f2c091ba1ea455424cbaa179a5d2a91a48731 grsecurity-3.0-3.14.15-201407312005.patch
2edef8d733b2fbfeb65de833e85d2f2693967263e8b8faf7838192af763b6868ad41daaf71d26327566ab5a8184a87be159388a1ceb48bea88ece1fbc0adaf19 grsecurity-3.0-3.14.15-201408032014.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch
0889c17d6509b8078aa2fd1ba2977a8fa88260bd080e780aeefd7eb6a8805b3bb9a3132991fc1050e6b7bce0ca118ce7f2c57c0f33459812f69c4dee75ff96cf kernelconfig.x86
......
......@@ -19763,7 +19763,7 @@ index 04905bf..49203ca 100644
}
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
index 0d592e0..7437fcc 100644
index 0d592e0..526f797 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -7,6 +7,7 @@
......@@ -20180,7 +20180,7 @@ index 0d592e0..7437fcc 100644
+ copy_from_user_overflow();
+ else
+ __copy_from_user_overflow(sz, n);
+ } if (access_ok(VERIFY_READ, from, n))
+ } else if (access_ok(VERIFY_READ, from, n))
+ n = __copy_from_user(to, from, n);
+ else if ((long)n > 0)
+ memset(to, 0, n);
......@@ -24623,7 +24623,7 @@ index 85126cc..1bbce17 100644
init_level4_pgt[511] = early_level4_pgt[511];
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
index f36bd42..56ee1534 100644
index f36bd42..0ab4474 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -26,6 +26,12 @@
......@@ -25035,7 +25035,7 @@ index f36bd42..56ee1534 100644
+ .quad 0x00009b000000ffff /* 0xc0 APM CS 16 code (16 bit) */
+ .quad 0x004093000000ffff /* 0xc8 APM DS data */
+
+ .quad 0x00c0930000000000 /* 0xd0 - ESPFIX SS */
+ .quad 0x00c093000000ffff /* 0xd0 - ESPFIX SS */
+ .quad 0x0040930000000000 /* 0xd8 - PERCPU */
+ .quad 0x0040910000000017 /* 0xe0 - STACK_CANARY */
+ .quad 0x0000000000000000 /* 0xe8 - PCIBIOS_CS */
......@@ -27368,7 +27368,7 @@ index 5cdff03..80fa283 100644
* Up to this point, the boot CPU has been using .init.data
* area. Reload any changed state for the boot CPU.
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
index 9e5de68..16c53cb 100644
index 9e5de68..147c254 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -190,7 +190,7 @@ static unsigned long align_sigframe(unsigned long sp)
......@@ -27385,7 +27385,7 @@ index 9e5de68..16c53cb 100644
if (current->mm->context.vdso)
- restorer = VDSO32_SYMBOL(current->mm->context.vdso, sigreturn);
+ restorer = (__force void __user *)VDSO32_SYMBOL(current->mm->context.vdso, sigreturn);
+ restorer = (void __force_user *)VDSO32_SYMBOL(current->mm->context.vdso, sigreturn);
else
- restorer = &frame->retcode;
+ restorer = (void __user *)&frame->retcode;
......@@ -27407,9 +27407,9 @@ index 9e5de68..16c53cb 100644
/* Set up to return from userspace. */
- restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
+ if (current->mm->context.vdso)
+ restorer = (__force void __user *)VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
+ restorer = (void __force_user *)VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
+ else
+ restorer = (void __user *)&frame->retcode;
+ restorer = (void __user *)&frame->retcode;
if (ksig->ka.sa.sa_flags & SA_RESTORER)
restorer = ksig->ka.sa.sa_restorer;
put_user_ex(restorer, &frame->pretcode);
......@@ -71990,7 +71990,7 @@ index 0000000..25f54ef
+};
diff --git a/grsecurity/gracl_policy.c b/grsecurity/gracl_policy.c
new file mode 100644
index 0000000..361a099
index 0000000..3f8ade0
--- /dev/null
+++ b/grsecurity/gracl_policy.c
@@ -0,0 +1,1782 @@
......@@ -72049,9 +72049,9 @@ index 0000000..361a099
+extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum);
+extern void gr_clear_learn_entries(void);
+
+static struct gr_arg gr_usermode;
+static unsigned char gr_system_salt[GR_SALT_LEN];
+static unsigned char gr_system_sum[GR_SHA_LEN];
+struct gr_arg *gr_usermode __read_only;
+unsigned char *gr_system_salt __read_only;
+unsigned char *gr_system_sum __read_only;
+
+static unsigned int gr_auth_attempts = 0;
+static unsigned long gr_auth_expires = 0UL;
......@@ -73293,8 +73293,8 @@ index 0000000..361a099
+{
+ int error = 0;
+
+ memcpy(&gr_system_salt, args->salt, sizeof(gr_system_salt));
+ memcpy(&gr_system_sum, args->sum, sizeof(gr_system_sum));
+ memcpy(gr_system_salt, args->salt, GR_SALT_LEN);
+ memcpy(gr_system_sum, args->sum, GR_SHA_LEN);
+
+ if (init_variables(args, false)) {
+ gr_log_str(GR_DONT_AUDIT_GOOD, GR_INITF_ACL_MSG, GR_VERSION);
......@@ -73521,11 +73521,11 @@ index 0000000..361a099
+ if (error)
+ goto out;
+
+ error = copy_gr_arg(uwrap.arg, &gr_usermode);
+ error = copy_gr_arg(uwrap.arg, gr_usermode);
+ if (error)
+ goto out;
+
+ if (gr_usermode.mode != GR_SPROLE && gr_usermode.mode != GR_SPROLEPAM &&
+ if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_SPROLEPAM &&
+ gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
+ time_after(gr_auth_expires, get_seconds())) {
+ error = -EBUSY;
......@@ -73537,8 +73537,8 @@ index 0000000..361a099
+ locking
+ */
+
+ if (gr_usermode.mode != GR_SPROLE && gr_usermode.mode != GR_STATUS &&
+ gr_usermode.mode != GR_UNSPROLE && gr_usermode.mode != GR_SPROLEPAM &&
+ if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_STATUS &&
+ gr_usermode->mode != GR_UNSPROLE && gr_usermode->mode != GR_SPROLEPAM &&
+ gr_is_global_nonroot(current_uid())) {
+ error = -EPERM;
+ goto out;
......@@ -73546,15 +73546,15 @@ index 0000000..361a099
+
+ /* ensure pw and special role name are null terminated */
+
+ gr_usermode.pw[GR_PW_LEN - 1] = '\0';
+ gr_usermode.sp_role[GR_SPROLE_LEN - 1] = '\0';
+ gr_usermode->pw[GR_PW_LEN - 1] = '\0';
+ gr_usermode->sp_role[GR_SPROLE_LEN - 1] = '\0';
+
+ /* Okay.
+ * We have our enough of the argument structure..(we have yet
+ * to copy_from_user the tables themselves) . Copy the tables
+ * only if we need them, i.e. for loading operations. */
+
+ switch (gr_usermode.mode) {
+ switch (gr_usermode->mode) {
+ case GR_STATUS:
+ if (gr_acl_is_enabled()) {
+ error = 1;
......@@ -73564,12 +73564,12 @@ index 0000000..361a099
+ error = 2;
+ goto out;
+ case GR_SHUTDOWN:
+ if (gr_acl_is_enabled() && !(chkpw(&gr_usermode, (unsigned char *)&gr_system_salt, (unsigned char *)&gr_system_sum))) {
+ if (gr_acl_is_enabled() && !(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
+ stop_machine(gr_rbac_disable, NULL, NULL);
+ free_variables(false);
+ memset(&gr_usermode, 0, sizeof(gr_usermode));
+ memset(&gr_system_salt, 0, sizeof(gr_system_salt));
+ memset(&gr_system_sum, 0, sizeof(gr_system_sum));
+ memset(gr_usermode, 0, sizeof(struct gr_arg));
+ memset(gr_system_salt, 0, GR_SALT_LEN);
+ memset(gr_system_sum, 0, GR_SHA_LEN);
+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTS_ACL_MSG);
+ } else if (gr_acl_is_enabled()) {
+ gr_log_noargs(GR_DONT_AUDIT, GR_SHUTF_ACL_MSG);
......@@ -73580,7 +73580,7 @@ index 0000000..361a099
+ }
+ break;
+ case GR_ENABLE:
+ if (!gr_acl_is_enabled() && !(error2 = gracl_init(&gr_usermode)))
+ if (!gr_acl_is_enabled() && !(error2 = gracl_init(gr_usermode)))
+ gr_log_str(GR_DONT_AUDIT_GOOD, GR_ENABLE_ACL_MSG, GR_VERSION);
+ else {
+ if (gr_acl_is_enabled())
......@@ -73596,8 +73596,8 @@ index 0000000..361a099
+ if (!gr_acl_is_enabled()) {
+ gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOADI_ACL_MSG, GR_VERSION);
+ error = -EAGAIN;
+ } else if (!(chkpw(&gr_usermode, (unsigned char *)&gr_system_salt, (unsigned char *)&gr_system_sum))) {
+ error2 = gracl_reload(&gr_usermode, oldmode);
+ } else if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
+ error2 = gracl_reload(gr_usermode, oldmode);
+ if (!error2)
+ gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOAD_ACL_MSG, GR_VERSION);
+ else {
......@@ -73616,20 +73616,20 @@ index 0000000..361a099
+ break;
+ }
+
+ if (!(chkpw(&gr_usermode, (unsigned char *)&gr_system_salt, (unsigned char *)&gr_system_sum))) {
+ if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
+ gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODS_ACL_MSG);
+ if (gr_usermode.segv_device && gr_usermode.segv_inode) {
+ if (gr_usermode->segv_device && gr_usermode->segv_inode) {
+ struct acl_subject_label *segvacl;
+ segvacl =
+ lookup_acl_subj_label(gr_usermode.segv_inode,
+ gr_usermode.segv_device,
+ lookup_acl_subj_label(gr_usermode->segv_inode,
+ gr_usermode->segv_device,
+ current->role);
+ if (segvacl) {
+ segvacl->crashes = 0;
+ segvacl->expires = 0;
+ }
+ } else if (gr_find_uid(gr_usermode.segv_uid) >= 0) {
+ gr_remove_uid(gr_usermode.segv_uid);
+ } else if (gr_find_uid(gr_usermode->segv_uid) >= 0) {
+ gr_remove_uid(gr_usermode->segv_uid);
+ }
+ } else {
+ gr_log_noargs(GR_DONT_AUDIT, GR_SEGVMODF_ACL_MSG);
......@@ -73656,11 +73656,11 @@ index 0000000..361a099
+ }
+
+ if (lookup_special_role_auth
+ (gr_usermode.mode, gr_usermode.sp_role, &sprole_salt, &sprole_sum)
+ (gr_usermode->mode, gr_usermode->sp_role, &sprole_salt, &sprole_sum)
+ && ((!sprole_salt && !sprole_sum)
+ || !(chkpw(&gr_usermode, sprole_salt, sprole_sum)))) {
+ || !(chkpw(gr_usermode, sprole_salt, sprole_sum)))) {
+ char *p = "";
+ assign_special_role(gr_usermode.sp_role);
+ assign_special_role(gr_usermode->sp_role);
+ read_lock(&tasklist_lock);
+ if (current->real_parent)
+ p = current->real_parent->role->rolename;
......@@ -73668,7 +73668,7 @@ index 0000000..361a099
+ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLES_ACL_MSG,
+ p, acl_sp_role_value);
+ } else {
+ gr_log_str(GR_DONT_AUDIT, GR_SPROLEF_ACL_MSG, gr_usermode.sp_role);
+ gr_log_str(GR_DONT_AUDIT, GR_SPROLEF_ACL_MSG, gr_usermode->sp_role);
+ error = -EPERM;
+ if(!(current->role->auth_attempts++))
+ current->role->expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT;
......@@ -73702,7 +73702,7 @@ index 0000000..361a099
+ }
+ break;
+ default:
+ gr_log_int(GR_DONT_AUDIT, GR_INVMODE_ACL_MSG, gr_usermode.mode);
+ gr_log_int(GR_DONT_AUDIT, GR_INVMODE_ACL_MSG, gr_usermode->mode);
+ error = -EINVAL;
+ break;
+ }
......@@ -75326,10 +75326,10 @@ index 0000000..8ca18bf
+}
diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c
new file mode 100644
index 0000000..ae6c028
index 0000000..b7cb191
--- /dev/null
+++ b/grsecurity/grsec_init.c
@@ -0,0 +1,272 @@
@@ -0,0 +1,286 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/mm.h>
......@@ -75409,6 +75409,10 @@ index 0000000..ae6c028
+char *gr_alert_log_buf;
+char *gr_audit_log_buf;
+
+extern struct gr_arg *gr_usermode;
+extern unsigned char *gr_system_salt;
+extern unsigned char *gr_system_sum;
+
+void __init
+grsecurity_init(void)
+{
......@@ -75449,6 +75453,16 @@ index 0000000..ae6c028
+ return;
+ }
+
+ /* allocate memory for authentication structure */
+ gr_usermode = kmalloc(sizeof(struct gr_arg), GFP_KERNEL);
+ gr_system_salt = kmalloc(GR_SALT_LEN, GFP_KERNEL);
+ gr_system_sum = kmalloc(GR_SHA_LEN, GFP_KERNEL);
+
+ if (!gr_usermode || !gr_system_salt || !gr_system_sum) {
+ panic("Unable to allocate grsecurity authentication structure");
+ return;
+ }
+
+#ifdef CONFIG_GRKERNSEC_IO
+#if !defined(CONFIG_GRKERNSEC_SYSCTL_DISTRO)
+ grsec_disable_privio = 1;
......@@ -77406,10 +77420,10 @@ index 0000000..ae02d8e
+EXPORT_SYMBOL_GPL(gr_handle_new_usb);
diff --git a/grsecurity/grsum.c b/grsecurity/grsum.c
new file mode 100644
index 0000000..9f7b1ac
index 0000000..158b330
--- /dev/null
+++ b/grsecurity/grsum.c
@@ -0,0 +1,61 @@
@@ -0,0 +1,64 @@
+#include <linux/err.h>
+#include <linux/kernel.h>
+#include <linux/sched.h>
......@@ -77426,47 +77440,50 @@ index 0000000..9f7b1ac
+int
+chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum)
+{
+ char *p;
+ struct crypto_hash *tfm;
+ struct hash_desc desc;
+ struct scatterlist sg;
+ unsigned char temp_sum[GR_SHA_LEN];
+ volatile int retval = 0;
+ struct scatterlist sg[2];
+ unsigned char temp_sum[GR_SHA_LEN] __attribute__((aligned(__alignof__(unsigned long))));
+ unsigned long *tmpsumptr = (unsigned long *)temp_sum;
+ unsigned long *sumptr = (unsigned long *)sum;
+ int cryptres;
+ int retval = 1;
+ volatile int mismatched = 0;
+ volatile int dummy = 0;
+ unsigned int i;
+
+ sg_init_table(&sg, 1);
+
+ tfm = crypto_alloc_hash("sha256", 0, CRYPTO_ALG_ASYNC);
+ if (IS_ERR(tfm)) {
+ /* should never happen, since sha256 should be built in */
+ memset(entry->pw, 0, GR_PW_LEN);
+ return 1;
+ }
+
+ sg_init_table(sg, 2);
+ sg_set_buf(&sg[0], salt, GR_SALT_LEN);
+ sg_set_buf(&sg[1], entry->pw, strlen(entry->pw));
+
+ desc.tfm = tfm;
+ desc.flags = 0;
+
+ crypto_hash_init(&desc);
+
+ p = salt;
+ sg_set_buf(&sg, p, GR_SALT_LEN);
+ crypto_hash_update(&desc, &sg, sg.length);
+
+ p = entry->pw;
+ sg_set_buf(&sg, p, strlen(p));
+
+ crypto_hash_update(&desc, &sg, sg.length);
+
+ crypto_hash_final(&desc, temp_sum);
+ cryptres = crypto_hash_digest(&desc, sg, GR_SALT_LEN + strlen(entry->pw),
+ temp_sum);
+
+ memset(entry->pw, 0, GR_PW_LEN);
+
+ for (i = 0; i < GR_SHA_LEN; i++)
+ if (sum[i] != temp_sum[i])
+ retval = 1;
+ if (cryptres)
+ goto out;
+
+ for (i = 0; i < GR_SHA_LEN/sizeof(tmpsumptr[0]); i++)
+ if (sumptr[i] != tmpsumptr[i])
+ mismatched = 1;
+ else
+ dummy = 1; // waste a cycle
+
+ if (!mismatched)
+ retval = dummy - 1;
+
+out:
+ crypto_free_hash(tfm);
+
+ return retval;
......@@ -100500,7 +100517,7 @@ index c04518f..d67116b 100644
static int raw_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 031553f..af4a0c2 100644
index 031553f..1f6f4e2 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -89,6 +89,7 @@
......@@ -100550,7 +100567,7 @@ index 031553f..af4a0c2 100644
- * But broken packet identifier may be better than no packet at all.
+#define IP_IDENTS_SZ 2048u
+struct ip_ident_bucket {
+ atomic_t id;
+ atomic_unchecked_t id;
+ u32 stamp32;
+};
+
......@@ -100579,7 +100596,7 @@ index 031553f..af4a0c2 100644
+ if (old != now && cmpxchg(&bucket->stamp32, old, now) == old)
+ delta = prandom_u32_max(now - old);
+
+ return atomic_add_return(segs + delta, &bucket->id) - segs;
+ return atomic_add_return_unchecked(segs + delta, &bucket->id) - segs;
}
+EXPORT_SYMBOL(ip_idents_reserve);
......@@ -122133,10 +122150,10 @@ index 0000000..0888f6c
+
diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c
new file mode 100644
index 0000000..dd94983
index 0000000..924652b
--- /dev/null
+++ b/tools/gcc/stackleak_plugin.c
@@ -0,0 +1,376 @@
@@ -0,0 +1,395 @@
+/*
+ * Copyright 2011-2014 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
......@@ -122168,7 +122185,7 @@ index 0000000..dd94983
+static bool init_locals;
+
+static struct plugin_info stackleak_plugin_info = {
+ .version = "201402131920",
+ .version = "201408011900",
+ .help = "track-lowest-sp=nn\ttrack sp in functions whose frame size is at least nn bytes\n"
+// "initialize-locals\t\tforcibly initialize all stack frames\n"
+};
......@@ -122314,6 +122331,25 @@ index 0000000..dd94983
+
+static bool gate_stackleak_track_stack(void)
+{
+ tree section;
+
+ if (ix86_cmodel != CM_KERNEL)
+ return false;
+
+ section = lookup_attribute("section", DECL_ATTRIBUTES(current_function_decl));
+ if (section && TREE_VALUE(section)) {
+ section = TREE_VALUE(TREE_VALUE(section));
+
+ if (!strncmp(TREE_STRING_POINTER(section), ".init.text", 10))
+ return false;
+ if (!strncmp(TREE_STRING_POINTER(section), ".devinit.text", 13))
+ return false;
+ if (!strncmp(TREE_STRING_POINTER(section), ".cpuinit.text", 13))
+ return false;
+ if (!strncmp(TREE_STRING_POINTER(section), ".meminit.text", 13))
+ return false;
+ }
+
+ return track_frame_size >= 0;
+}
+
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment