Grsec/PaX: 3.1-4.0.5-20150617132220150617

2 files changed, 131 insertions, 71 deletions

diff --git a/4.0.5/0000_README b/4.0.5/0000_README
index 06efdbb..0e406e4 100644
--- a/4.0.5/0000_README
+++ b/4.0.5/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.1-4.0.5-201506082251.patch
+Patch:	4420_grsecurity-3.1-4.0.5-201506171322.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/4.0.5/4420_grsecurity-3.1-4.0.5-201506082251.patch b/4.0.5/4420_grsecurity-3.1-4.0.5-201506171322.patch
index 8498741..97c48de 100644
--- a/4.0.5/4420_grsecurity-3.1-4.0.5-201506082251.patch
+++ b/4.0.5/4420_grsecurity-3.1-4.0.5-201506171322.patch
@@ -3893,7 +3893,7 @@ index 845769e..4278fd7 100644
  		atomic64_set(&mm->context.id, asid);
  	}
 diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
-index 6333d9c..fd09b46 100644
+index 6333d9c..3bb19f2 100644
 --- a/arch/arm/mm/fault.c
 +++ b/arch/arm/mm/fault.c
 @@ -25,6 +25,7 @@
@@ -3911,10 +3911,10 @@ index 6333d9c..fd09b46 100644
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
 +	if (addr < TASK_SIZE) {
 +		if (current->signal->curr_ip)
-+			printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", &current->signal->curr_ip, current->comm, task_pid_nr(current),
++			printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", &current->signal->curr_ip, current->comm, task_pid_nr(current),
 +					from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr);
 +		else
-+			printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current),
++			printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current),
 +					from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr);
 +	}
 +#endif
@@ -3925,10 +3925,10 @@ index 6333d9c..fd09b46 100644
 +	     (MODULES_VADDR <= addr && addr < MODULES_END)))
 +	{
 +		if (current->signal->curr_ip)
-+			printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", &current->signal->curr_ip, current->comm, task_pid_nr(current),
++			printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", &current->signal->curr_ip, current->comm, task_pid_nr(current),
 +					from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
 +		else
-+			printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current),
++			printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current),
 +					from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
 +	}
 +#endif
@@ -3991,10 +3991,10 @@ index 6333d9c..fd09b46 100644
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
 +	if (addr < TASK_SIZE && is_domain_fault(fsr)) {
 +		if (current->signal->curr_ip)
-+			printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", &current->signal->curr_ip, current->comm, task_pid_nr(current),
++			printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", &current->signal->curr_ip, current->comm, task_pid_nr(current),
 +					from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr);
 +		else
-+			printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current),
++			printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current),
 +					from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr);
 +		goto die;
 +	}
@@ -4074,11 +4074,11 @@ index 6333d9c..fd09b46 100644
 +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
 +	else if (is_domain_fault(ifsr) || is_xn_fault(ifsr)) {
 +		if (current->signal->curr_ip)
-+			printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", &current->signal->curr_ip, current->comm, task_pid_nr(current),
++			printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", &current->signal->curr_ip, current->comm, task_pid_nr(current),
 +					from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()),
 +					pc >= TASK_SIZE ? "non-executable kernel" : "userland", pc);
 +		else
-+			printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", current->comm, task_pid_nr(current),
++			printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", current->comm, task_pid_nr(current),
 +					from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()),
 +					pc >= TASK_SIZE ? "non-executable kernel" : "userland", pc);
 +		goto die;
@@ -9660,10 +9660,23 @@ index 13fc097..84d375f 100644
 -	return (ret > mm->brk) ? ret : mm->brk;
 -}
 diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c
-index 179a2c2..371e85c 100644
+index 179a2c2..4ba9137 100644
 --- a/arch/s390/mm/mmap.c
 +++ b/arch/s390/mm/mmap.c
-@@ -204,9 +204,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -62,6 +62,12 @@ static inline int mmap_is_legacy(void)
+ 
+ static unsigned long mmap_rnd(void)
+ {
++
++#ifdef CONFIG_PAX_RANDMMAP
++	if (current->mm->pax_flags & MF_PAX_RANDMMAP)
++		return 0;
++#endif
++
+ 	if (!(current->flags & PF_RANDOMIZE))
+ 		return 0;
+ 	if (is_32bit_task())
+@@ -204,9 +210,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
  	 */
  	if (mmap_is_legacy()) {
  		mm->mmap_base = mmap_base_legacy();
@@ -9685,7 +9698,7 @@ index 179a2c2..371e85c 100644
  		mm->get_unmapped_area = arch_get_unmapped_area_topdown;
  	}
  }
-@@ -279,9 +291,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -279,9 +297,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
  	 */
  	if (mmap_is_legacy()) {
  		mm->mmap_base = mmap_base_legacy();
@@ -31784,7 +31797,7 @@ index 903ec1e..c4166b2 100644
  }
  
 diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
-index ede025f..380466b 100644
+index ede025f..1ef909b 100644
 --- a/arch/x86/mm/fault.c
 +++ b/arch/x86/mm/fault.c
 @@ -13,12 +13,19 @@
@@ -32005,11 +32018,11 @@ index ede025f..380466b 100644
 +#ifdef CONFIG_PAX_KERNEXEC
 +	if (init_mm.start_code <= address && address < init_mm.end_code) {
 +		if (current->signal->curr_ip)
-+			printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
++			printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
 +					&current->signal->curr_ip, current->comm, task_pid_nr(current),
 +					from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
 +		else
-+			printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current),
++			printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current),
 +					from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
 +	}
 +#endif
@@ -32175,14 +32188,14 @@ index ede025f..380466b 100644
 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
 +	if (!user_mode(regs) && address < 2 * pax_user_shadow_base) {
 +		if (!search_exception_tables(regs->ip)) {
-+			printk(KERN_ERR "PAX: please report this to pageexec@freemail.hu\n");
++			printk(KERN_EMERG "PAX: please report this to pageexec@freemail.hu\n");
 +			bad_area_nosemaphore(regs, error_code, address);
 +			return;
 +		}
 +		if (address < pax_user_shadow_base) {
-+			printk(KERN_ERR "PAX: please report this to pageexec@freemail.hu\n");
-+			printk(KERN_ERR "PAX: faulting IP: %pS\n", (void *)regs->ip);
-+			show_trace_log_lvl(NULL, NULL, (void *)regs->sp, regs->bp, KERN_ERR);
++			printk(KERN_EMERG "PAX: please report this to pageexec@freemail.hu\n");
++			printk(KERN_EMERG "PAX: faulting IP: %pS\n", (void *)regs->ip);
++			show_trace_log_lvl(NULL, NULL, (void *)regs->sp, regs->bp, KERN_EMERG);
 +		} else
 +			address -= pax_user_shadow_base;
 +	}
@@ -40507,19 +40520,6 @@ index 94a58a0..f5eba42 100644
  #define to_dmi_dev_attr(_dev_attr) \
  	container_of(_dev_attr, struct dmi_device_attribute, dev_attr)
  
-diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c
-index ccc2018..56a33c5 100644
---- a/drivers/firmware/dmi_scan.c
-+++ b/drivers/firmware/dmi_scan.c
-@@ -894,7 +894,7 @@ int dmi_walk(void (*decode)(const struct dmi_header *, void *),
- 	if (buf == NULL)
- 		return -1;
- 
--	dmi_table(buf, dmi_len, dmi_num, decode, private_data);
-+	dmi_table((char __force_kernel *)buf, dmi_len, dmi_num, decode, private_data);
- 
- 	dmi_unmap(buf);
- 	return 0;
 diff --git a/drivers/firmware/efi/cper.c b/drivers/firmware/efi/cper.c
 index 4fd9961..52d60ce 100644
 --- a/drivers/firmware/efi/cper.c
@@ -52920,6 +52920,19 @@ index 6d25879..3031a9f 100644
  	def_timeout = le16_to_cpu(ddb_entry->fw_ddb_entry.def_timeout);
  	ddb_entry->default_relogin_timeout =
  		(def_timeout > LOGIN_TOV) && (def_timeout < LOGIN_TOV * 10) ?
+diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c
+index c9c3b57..22a8e41 100644
+--- a/drivers/scsi/scsi.c
++++ b/drivers/scsi/scsi.c
+@@ -637,7 +637,7 @@ void scsi_finish_command(struct scsi_cmnd *cmd)
+ 
+ 	good_bytes = scsi_bufflen(cmd);
+         if (cmd->request->cmd_type != REQ_TYPE_BLOCK_PC) {
+-		int old_good_bytes = good_bytes;
++		unsigned int old_good_bytes = good_bytes;
+ 		drv = scsi_cmd_to_driver(cmd);
+ 		if (drv->done)
+ 			good_bytes = drv->done(cmd);
 diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
 index b1a2631..5bcd9c8 100644
 --- a/drivers/scsi/scsi_lib.c
@@ -53070,9 +53083,27 @@ index ae45bd9..c32a586 100644
  
  	transport_setup_device(&rport->dev);
 diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index a661d33..1b693d4 100644
+index a661d33..1b233fa 100644
 --- a/drivers/scsi/sd.c
 +++ b/drivers/scsi/sd.c
+@@ -111,7 +111,7 @@ static int sd_resume(struct device *);
+ static void sd_rescan(struct device *);
+ static int sd_init_command(struct scsi_cmnd *SCpnt);
+ static void sd_uninit_command(struct scsi_cmnd *SCpnt);
+-static int sd_done(struct scsi_cmnd *);
++static unsigned int sd_done(struct scsi_cmnd *);
+ static int sd_eh_action(struct scsi_cmnd *, int);
+ static void sd_read_capacity(struct scsi_disk *sdkp, unsigned char *buffer);
+ static void scsi_disk_release(struct device *cdev);
+@@ -1670,7 +1670,7 @@ static unsigned int sd_completed_bytes(struct scsi_cmnd *scmd)
+  *
+  *	Note: potentially run from within an ISR. Must not block.
+  **/
+-static int sd_done(struct scsi_cmnd *SCpnt)
++static unsigned int sd_done(struct scsi_cmnd *SCpnt)
+ {
+ 	int result = SCpnt->result;
+ 	unsigned int good_bytes = result ? 0 : scsi_bufflen(SCpnt);
 @@ -2997,7 +2997,7 @@ static int sd_probe(struct device *dev)
  	sdkp->disk = gd;
  	sdkp->index = index;
@@ -66223,7 +66254,7 @@ index 4c55668..eeae150 100644
  				fd_offset + ex.a_text);
  		if (error != N_DATADDR(ex))
 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 8081aba..bd60d68 100644
+index 8081aba..90a7bdd 100644
 --- a/fs/binfmt_elf.c
 +++ b/fs/binfmt_elf.c
 @@ -34,6 +34,7 @@
@@ -66844,10 +66875,12 @@ index 8081aba..bd60d68 100644
  	if (elf_read_implies_exec(loc->elf_ex, executable_stack))
  		current->personality |= READ_IMPLIES_EXEC;
  
-@@ -925,6 +1364,20 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -925,8 +1364,21 @@ static int load_elf_binary(struct linux_binprm *bprm)
  #else
  			load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
  #endif
+-			total_size = total_mapping_size(elf_phdata,
+-							loc->elf_ex.e_phnum);
 +
 +#ifdef CONFIG_PAX_RANDMMAP
 +			/* PaX: randomize base address at the default exe base if requested */
@@ -66862,10 +66895,11 @@ index 8081aba..bd60d68 100644
 +			}
 +#endif
 +
- 			total_size = total_mapping_size(elf_phdata,
- 							loc->elf_ex.e_phnum);
++			total_size = total_mapping_size(elf_phdata, loc->elf_ex.e_phnum);
  			if (!total_size) {
-@@ -962,9 +1415,9 @@ static int load_elf_binary(struct linux_binprm *bprm)
+ 				retval = -EINVAL;
+ 				goto out_free_dentry;
+@@ -962,9 +1414,9 @@ static int load_elf_binary(struct linux_binprm *bprm)
  		 * allowed task size. Note that p_filesz must always be
  		 * <= p_memsz so it is only necessary to check p_memsz.
  		 */
@@ -66878,7 +66912,7 @@ index 8081aba..bd60d68 100644
  			/* set_brk can never work. Avoid overflows. */
  			retval = -EINVAL;
  			goto out_free_dentry;
-@@ -1000,16 +1453,43 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -1000,16 +1452,43 @@ static int load_elf_binary(struct linux_binprm *bprm)
  	if (retval)
  		goto out_free_dentry;
  	if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
@@ -66927,7 +66961,7 @@ index 8081aba..bd60d68 100644
  					    load_bias, interp_elf_phdata);
  		if (!IS_ERR((void *)elf_entry)) {
  			/*
-@@ -1237,7 +1717,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
+@@ -1237,7 +1716,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
   * Decide what to dump of a segment, part, all or none.
   */
  static unsigned long vma_dump_size(struct vm_area_struct *vma,
@@ -66936,7 +66970,7 @@ index 8081aba..bd60d68 100644
  {
  #define FILTER(type)	(mm_flags & (1UL << MMF_DUMP_##type))
  
-@@ -1275,7 +1755,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
+@@ -1275,7 +1754,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
  	if (vma->vm_file == NULL)
  		return 0;
  
@@ -66945,7 +66979,7 @@ index 8081aba..bd60d68 100644
  		goto whole;
  
  	/*
-@@ -1482,9 +1962,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
+@@ -1482,9 +1961,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
  {
  	elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
  	int i = 0;
@@ -66957,7 +66991,7 @@ index 8081aba..bd60d68 100644
  	fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
  }
  
-@@ -1493,7 +1973,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
+@@ -1493,7 +1972,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
  {
  	mm_segment_t old_fs = get_fs();
  	set_fs(KERNEL_DS);
@@ -66966,7 +67000,7 @@ index 8081aba..bd60d68 100644
  	set_fs(old_fs);
  	fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
  }
-@@ -2213,7 +2693,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2213,7 +2692,7 @@ static int elf_core_dump(struct coredump_params *cprm)
  			vma = next_vma(vma, gate_vma)) {
  		unsigned long dump_size;
  
@@ -66975,7 +67009,7 @@ index 8081aba..bd60d68 100644
  		vma_filesz[i++] = dump_size;
  		vma_data_size += dump_size;
  	}
-@@ -2321,6 +2801,167 @@ out:
+@@ -2321,6 +2800,167 @@ out:
  
  #endif		/* CONFIG_ELF_CORE */
  
@@ -68591,7 +68625,7 @@ index e4141f2..d8263e8 100644
  		i += packet_length_size;
  		if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
 diff --git a/fs/exec.c b/fs/exec.c
-index 1202445..3065053 100644
+index 1202445..7a6fde9 100644
 --- a/fs/exec.c
 +++ b/fs/exec.c
 @@ -56,8 +56,20 @@
@@ -69243,13 +69277,13 @@ index 1202445..3065053 100644
 +void pax_report_refcount_overflow(struct pt_regs *regs)
 +{
 +	if (current->signal->curr_ip)
-+		printk(KERN_ERR "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
++		printk(KERN_EMERG "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
 +				&current->signal->curr_ip, current->comm, task_pid_nr(current),
 +				from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
 +	else
-+		printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current),
++		printk(KERN_EMERG "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current),
 +				from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
-+	print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
++	print_symbol(KERN_EMERG "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
 +	preempt_disable();
 +	show_regs(regs);
 +	preempt_enable();
@@ -69308,10 +69342,10 @@ index 1202445..3065053 100644
 +static __noreturn void pax_report_usercopy(const void *ptr, unsigned long len, bool to_user, const char *type)
 +{
 +	if (current->signal->curr_ip)
-+		printk(KERN_ERR "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
++		printk(KERN_EMERG "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
 +			&current->signal->curr_ip, to_user ? "leak" : "overwrite", to_user ? "from" : "to", ptr, type ? : "unknown", len);
 +	else
-+		printk(KERN_ERR "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
++		printk(KERN_EMERG "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
 +			to_user ? "leak" : "overwrite", to_user ? "from" : "to", ptr, type ? : "unknown", len);
 +	dump_stack();
 +	gr_handle_kernel_exploit();
@@ -69410,7 +69444,7 @@ index 1202445..3065053 100644
 +#ifdef CONFIG_PAX_SIZE_OVERFLOW
 +void __nocapture(1, 3, 4) report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name)
 +{
-+	printk(KERN_ERR "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name);
++	printk(KERN_EMERG "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name);
 +	dump_stack();
 +	do_group_exit(SIGKILL);
 +}
@@ -120255,7 +120289,7 @@ index 0000000..da184c5
 +}
 diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
 new file mode 100644
-index 0000000..77f8462
+index 0000000..1d20e32
 --- /dev/null
 +++ b/tools/gcc/gcc-common.h
 @@ -0,0 +1,689 @@
@@ -120419,7 +120453,7 @@ index 0000000..77f8462
 +#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE)
 +
 +#if BUILDING_GCC_VERSION == 4005
-+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I)
++#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls, (I) = 0; vars && ((D) = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), (I)++)
 +#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE)))
 +#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I))
 +#define TODO_rebuild_cgraph_edges 0
@@ -120659,6 +120693,7 @@ index 0000000..77f8462
 +}
 +
 +#define ipa_remove_stmt_references(cnode, stmt)
++
 +typedef union gimple_statement_d gasm;
 +typedef union gimple_statement_d gassign;
 +typedef union gimple_statement_d gcall;
@@ -120680,7 +120715,6 @@ index 0000000..77f8462
 +#define create_var_ann(var)
 +#define TODO_dump_func 0
 +#define TODO_dump_cgraph 0
-+
 +#endif
 +
 +#if BUILDING_GCC_VERSION <= 4009
@@ -120964,10 +120998,10 @@ index 0000000..7514850
 +fi
 diff --git a/tools/gcc/initify_plugin.c b/tools/gcc/initify_plugin.c
 new file mode 100644
-index 0000000..125442a
+index 0000000..294ac43
 --- /dev/null
 +++ b/tools/gcc/initify_plugin.c
-@@ -0,0 +1,427 @@
+@@ -0,0 +1,450 @@
 +/*
 + * Copyright 2011-2015 by Emese Revfy <re.emese@gmail.com>
 + * Licensed under the GPL v2, or (at your option) v3
@@ -120987,6 +121021,8 @@ index 0000000..125442a
 +
 +int plugin_is_GPL_compatible;
 +
++static bool verbose = false;
++
 +static struct plugin_info initify_plugin_info = {
 +	.version	= "20150524a",
 +	.help		= "initify_plugin\n",
@@ -121140,8 +121176,8 @@ index 0000000..125442a
 +		str = get_string_cst(init_val);
 +		gcc_assert(str);
 +
-+		if (set_init_exit_section(var, initexit))
-+			;//inform(DECL_SOURCE_LOCATION(var), "initified local var: %s: %s", DECL_NAME_POINTER(current_function_decl), TREE_STRING_POINTER(str));
++		if (set_init_exit_section(var, initexit) && verbose)
++			inform(DECL_SOURCE_LOCATION(var), "initified local var: %s: %s", DECL_NAME_POINTER(current_function_decl), TREE_STRING_POINTER(str));
 +	}
 +}
 +
@@ -121153,6 +121189,7 @@ index 0000000..125442a
 +	decl = build_decl(DECL_SOURCE_LOCATION(current_function_decl), VAR_DECL, create_tmp_var_name("cicus"), TREE_TYPE(str));
 +
 +	type = TREE_TYPE(TREE_TYPE(decl));
++	type = build_qualified_type(type, TYPE_QUALS(type) | TYPE_QUAL_CONST);
 +	TYPE_READONLY(type) = 1;
 +	TREE_PUBLIC(type) = 0;
 +
@@ -121174,13 +121211,27 @@ index 0000000..125442a
 +	DECL_CHAIN(decl) = BLOCK_VARS(DECL_INITIAL(current_function_decl));
 +	BLOCK_VARS(DECL_INITIAL (current_function_decl)) = decl;
 +
-+	decl = build_unary_op(DECL_SOURCE_LOCATION(current_function_decl), ADDR_EXPR, decl, 0);
++	decl = build_fold_addr_expr_loc(DECL_SOURCE_LOCATION(current_function_decl), decl);
 +	gimple_call_set_arg(stmt, num, decl);
 +	update_stmt(stmt);
 +
 +	return TREE_OPERAND(decl, 0);
 +}
 +
++static bool is_syscall(const_tree fn)
++{
++	if (!strncmp(DECL_NAME_POINTER(fn), "sys_", 4))
++		return true;
++
++	if (!strncmp(DECL_NAME_POINTER(fn), "sys32_", 6))
++		return true;
++
++	if (!strncmp(DECL_NAME_POINTER(fn), "compat_sys_", 11))
++		return true;
++
++	return false;
++}
++
 +static bool is_vararg(const_tree fn)
 +{
 +	tree arg_list;
@@ -121204,7 +121255,7 @@ index 0000000..125442a
 +	return true;
 +}
 +
-+static bool is_in_nocapture_attr_value(const_gimple stmt, unsigned int num)
++static bool is_nocapture_param(const_gimple stmt, unsigned int num)
 +{
 +	unsigned int attr_arg_val = 0;
 +	tree attr_val;
@@ -121213,6 +121264,9 @@ index 0000000..125442a
 +
 +	gcc_assert(DECL_ABSTRACT_ORIGIN(fndecl) == NULL_TREE);
 +
++	if (is_syscall(fndecl))
++		return true;
++
 +	attr = lookup_attribute("nocapture", DECL_ATTRIBUTES(fndecl));
 +	for (attr_val = TREE_VALUE(attr); attr_val; attr_val = TREE_CHAIN(attr_val)) {
 +		attr_arg_val = (unsigned int)tree_to_uhwi(TREE_VALUE(attr_val));
@@ -121239,22 +121293,25 @@ index 0000000..125442a
 +		if (str == NULL_TREE)
 +			continue;
 +
-+		if (!is_in_nocapture_attr_value(stmt, num))
++		if (!is_nocapture_param(stmt, num))
 +			continue;
 +
 +		var = create_tmp_assign(stmt, num);
-+		if (set_init_exit_section(var, initexit))
-+			;//inform(gimple_location(stmt), "initified function arg: %s: [%s]", DECL_NAME_POINTER(current_function_decl), TREE_STRING_POINTER(str));
++		if (set_init_exit_section(var, initexit) && verbose)
++			inform(gimple_location(stmt), "initified function arg: %s: [%s]", DECL_NAME_POINTER(current_function_decl), TREE_STRING_POINTER(str));
 +	}
 +}
 +
-+static bool has_nocapture_attr(const gcall *stmt)
++static bool has_nocapture_param(const gcall *stmt)
 +{
 +	const_tree attr, fndecl = gimple_call_fndecl(stmt);
 +
 +	if (fndecl == NULL_TREE)
 +		return false;
 +
++	if (is_syscall(fndecl))
++		return true;
++
 +	attr = lookup_attribute("nocapture", DECL_ATTRIBUTES(fndecl));
 +	return attr != NULL_TREE;
 +}
@@ -121274,7 +121331,7 @@ index 0000000..125442a
 +				continue;
 +
 +			call_stmt = as_a_gcall(stmt);
-+			if (has_nocapture_attr(call_stmt))
++			if (has_nocapture_param(call_stmt))
 +				search_str_param(call_stmt, initexit);
 +		}
 +	}
@@ -124106,10 +124163,10 @@ index 0000000..0b508b1
 +#endif
 diff --git a/tools/gcc/size_overflow_plugin/intentional_overflow.c b/tools/gcc/size_overflow_plugin/intentional_overflow.c
 new file mode 100644
-index 0000000..d96cef2
+index 0000000..2af88a3
 --- /dev/null
 +++ b/tools/gcc/size_overflow_plugin/intentional_overflow.c
-@@ -0,0 +1,955 @@
+@@ -0,0 +1,958 @@
 +/*
 + * Copyright 2011-2015 by Emese Revfy <re.emese@gmail.com>
 + * Licensed under the GPL v2, or (at your option) v3
@@ -124979,6 +125036,9 @@ index 0000000..d96cef2
 +	my_stmt = as_a_gassign(gsi_stmt(gsi));
 +
 +	gcc_assert(pointer_set_contains(visited->my_stmts, my_stmt));
++	if (gimple_assign_cast_p(stmt) && gimple_assign_cast_p(my_stmt))
++		return my_stmt;
++
 +	if (gimple_assign_rhs_code(stmt) != gimple_assign_rhs_code(my_stmt)) {
 +		fprintf(stderr, "%s != %s\n", get_tree_code_name(gimple_assign_rhs_code(stmt)), get_tree_code_name(gimple_assign_rhs_code(my_stmt)));
 +		debug_gimple_stmt(stmt);
@@ -155118,7 +155178,7 @@ index 0000000..9846ab0
 +#endif
 diff --git a/tools/gcc/size_overflow_plugin/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
 new file mode 100644
-index 0000000..6d103b8
+index 0000000..d7f4062
 --- /dev/null
 +++ b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
 @@ -0,0 +1,256 @@
@@ -155153,7 +155213,7 @@ index 0000000..6d103b8
 +tree size_overflow_type_TI;
 +
 +static struct plugin_info size_overflow_plugin_info = {
-+	.version	= "20150512",
++	.version	= "20150614",
 +	.help		= "no-size-overflow\tturn off size overflow checking\n",
 +};
 +