+commit c881b58ba51680e30758c1ea12058cd76c578672
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Wed Jun 22 19:27:11 2016 -0400
+
+ compile fix
+
+ arch/x86/mm/init.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+commit 6f889875e9f23d3d5a4751d09cc47f6e39eb9e1b
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Wed Jun 22 17:37:53 2016 -0400
+
+ Don't bother further restricting /dev/mem when GRKERNSEC_KMEM is disabled,
+ fixes tboot use
+ Reported by Mark van Dijk
+ Previous MSR problem was also reported by Mark van Dijk
+
+ arch/x86/mm/init.c | 16 +++++-----------
+ 1 file changed, 5 insertions(+), 11 deletions(-)
+
+commit 1b99e76b8f41a8495ff085ffccab0e1bc8abed59
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Wed Jun 22 17:22:14 2016 -0400
+
+ Whitelist writes to MSR_IA32_ENERGY_PERF_BIAS
+
+ arch/x86/kernel/msr.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+commit 8c013d99d311850cade58ed5f9da05fb7f2c2873
+Merge: 33e588f 9b2decf
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Wed Jun 22 07:46:27 2016 -0400
+
+ Merge branch 'pax-test' into grsec-test
+
+commit 9b2decf0bccddae6e630a2548d53d2a9718891a3
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Wed Jun 22 07:46:03 2016 -0400
+
+ Update to pax-linux-4.5.7-test13.patch:
+ - fixed a bad function pointer cast in dma_buf_show caught by RAP, by Mathias Krause <minipli@googlemail.com>
+ - fixed a bad function type in the intel cstate sysfs code caught by RAP, reported by sth0R (https://forums.grsecurity.net/viewtopic.php?f=3&t=4497)
+ - worked around an intentional integer overflow in the PCI resource sizing code caught by the size overflow plugin, reported by kysse/Ville Vuorinen
+ - fixed an integer underflow in the ELF coredump code caught by the size overflow plugin, reported by Dwokfur (https://forums.grsecurity.net/viewtopic.php?f=3&t=4495)
+ - fixed Hyper-V's hypercall page allocation to work under !KERNEXEC as well, reported by btnet (https://forums.grsecurity.net/viewtopic.php?f=3&t=3911), based on an idea by Pablo Sole (https://bugs.alpinelinux.org/issues/1021#note-27)
+ - fixed a REFCOUNT false positive in wpan_phy_new
+
+ arch/x86/include/asm/pgtable_64.h | 2 +-
+ arch/x86/kernel/cpu/perf_event_intel_cstate.c | 6 +++---
+ arch/x86/kernel/head_64.S | 10 ++++++++--
+ arch/x86/xen/mmu.c | 10 ++++++++--
+ drivers/dma-buf/dma-buf.c | 5 ++---
+ drivers/hv/hv.c | 23 +++++++----------------
+ drivers/pci/setup-bus.c | 8 ++++++--
+ fs/exec.c | 4 ++--
+ include/linux/types.h | 2 ++
+ net/ieee802154/core.c | 6 +++---
+ 10 files changed, 42 insertions(+), 34 deletions(-)
+
+commit 33e588f130c19cac089c2b0d70c939bee84ba812
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Fri Jun 17 20:15:46 2016 -0400
+
+ Update KSTACKOVERFLOW dependency, update documentation
+
+ grsecurity/Kconfig | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+commit d877624a8034129afc61dcc0f6127d69ee7a08d5
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Wed Jun 15 06:28:18 2016 -0400
+
+ Backport fix for http://seclists.org/oss-sec/2016/q2/553
+
+ security/keys/key.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+commit 39c61be367e5f1e1e0a08592ab3b23e71779ac9f
+Merge: c63d655 66f9687
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Tue Jun 14 18:19:37 2016 -0400
+
+ Merge branch 'pax-test' into grsec-test
+
+commit 66f968756cfcc3ab040ad99deb570fb445108fb9
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Tue Jun 14 18:19:04 2016 -0400
+
+ Update to pax-linux-4.5.5-test12.patch:
+ - fixed a KERNEXEC regression when writing to /proc/sys/kernel/watchdog_cpumask, reported by shadowdaemon
+ - Emese worked around a gcc induced intentional integer overflow in jfs that triggered a size overflow report, reported by g66 (https://forums.grsecurity.net/viewtopic.php?f=3&t=4486)
+ - Emese relicensed the size overflow plugin to GPLv2 only
+ - Emese added size overflow coverage for vmnet in the hash tables, reported by Shawn <citypw@gmail.com>
+ - Emese enhanced the latent entropy in various ways (https://github.com/ephox-gcc-plugins/latent_entropy/commits/master)
+ - fixed pax_sanitize_slab=off for kmalloc and boot caches, by Mathias Krause <minipli@ld-linux.so>
+ - eliminated the memory overhead of SLUB sanitization, by Mathias Krause <minipli@ld-linux.so>
+
+ kernel/smpboot.c | 3 +
+ mm/slab.c | 2 +
+ mm/slab.h | 15 +
+ mm/slab_common.c | 7 -
+ mm/slob.c | 2 +
+ mm/slub.c | 8 +-
+ scripts/gcc-plugins/latent_entropy_plugin.c | 361 +++++++++++++++------
+ .../disable_size_overflow_hash.data | 1 +
+ .../insert_size_overflow_asm.c | 2 +-
+ .../size_overflow_plugin/intentional_overflow.c | 2 +-
+ .../size_overflow_plugin/remove_unnecessary_dup.c | 2 +-
+ .../size_overflow_plugin/size_overflow_debug.c | 2 +-
+ .../size_overflow_plugin/size_overflow_hash.data | 1 -
+ .../size_overflow_hash_aux.data | 5 +
+ .../size_overflow_plugin/size_overflow_ipa.c | 2 +-
+ .../size_overflow_plugin/size_overflow_misc.c | 2 +-
+ .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
+ .../size_overflow_plugin_hash.c | 2 +-
+ .../size_overflow_plugin/size_overflow_transform.c | 2 +-
+ .../size_overflow_transform_core.c | 2 +-
+ 20 files changed, 310 insertions(+), 115 deletions(-)
+
+commit c63d655907910533ed9d50671e98774b4b797578
+Author: Tejun Heo <tj@kernel.org>
+Date: Wed May 25 11:48:25 2016 -0400
+
+ percpu: fix synchronization between synchronous map extension and chunk destruction
+
+ For non-atomic allocations, pcpu_alloc() can try to extend the area
+ map synchronously after dropping pcpu_lock; however, the extension
+ wasn't synchronized against chunk destruction and the chunk might get
+ freed while extension is in progress.
+
+ This patch fixes the bug by putting most of non-atomic allocations
+ under pcpu_alloc_mutex to synchronize against pcpu_balance_work which
+ is responsible for async chunk management including destruction.
+
+ Signed-off-by: Tejun Heo <tj@kernel.org>
+ Reported-and-tested-by: Alexei Starovoitov <alexei.starovoitov@gmail.com>
+ Reported-by: Vlastimil Babka <vbabka@suse.cz>
+ Reported-by: Sasha Levin <sasha.levin@oracle.com>
+ Cc: stable@vger.kernel.org # v3.18+
+ Fixes: 1a4d76076cda ("percpu: implement asynchronous chunk population")
+
+ mm/percpu.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+commit 63442a31da7b33c5d6ab80254a2af78616b91aa8
+Author: Tejun Heo <tj@kernel.org>
+Date: Wed May 25 11:48:25 2016 -0400
+
+ percpu: fix synchronization between chunk->map_extend_work and chunk destruction
+
+ Atomic allocations can trigger async map extensions which is serviced
+ by chunk->map_extend_work. pcpu_balance_work which is responsible for
+ destroying idle chunks wasn't synchronizing properly against
+ chunk->map_extend_work and may end up freeing the chunk while the work
+ item is still in flight.
+
+ This patch fixes the bug by rolling async map extension operations
+ into pcpu_balance_work.
+
+ Signed-off-by: Tejun Heo <tj@kernel.org>
+ Reported-and-tested-by: Alexei Starovoitov <alexei.starovoitov@gmail.com>
+ Reported-by: Vlastimil Babka <vbabka@suse.cz>
+ Reported-by: Sasha Levin <sasha.levin@oracle.com>
+ Cc: stable@vger.kernel.org # v3.18+
+ Fixes: 9c824b6a172c ("percpu: make sure chunk->map array has available space")
+
+ mm/percpu.c | 57 ++++++++++++++++++++++++++++++++++++---------------------
+ 1 file changed, 36 insertions(+), 21 deletions(-)
+
+commit 7187611ba0d834ec7db27904c0cdf07bc9bc7d8f
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sat Jun 11 19:54:40 2016 -0400
+
+ Only bother establishing the PTEs for the vmap'd stack on creation
+
+ fs/exec.c | 1 -
+ include/linux/sched.h | 9 ++++-----
+ kernel/fork.c | 3 ++-
+ kernel/sched/core.c | 2 --
+ 4 files changed, 6 insertions(+), 9 deletions(-)
+
+commit a6e150dfb383fcb4c8d5294c59f2d21425ff9f72
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sat Jun 11 13:18:33 2016 -0400
+
+ Work around upstream's use of probe_kernel_address in alignment handling
+ which uses KERNEL_DS but wants to access userland memory directly --
+ not allowed by PaX. Reported by jotik
+
+ arch/arm/mm/alignment.c | 24 ++++++++++++++++++++----
+ 1 file changed, 20 insertions(+), 4 deletions(-)
+
+commit 1646af929d2465bc7a21a3c180de677e0b0b7950
+Author: Dave Chinner <dchinner@redhat.com>
+Date: Wed May 18 14:09:12 2016 +1000
+
+ xfs: mark reclaimed inodes invalid earlier
+
+ The last thing we do before using call_rcu() on an xfs_inode to be
+ freed is mark it as invalid. This means there is a window between
+ when we know for certain that the inode is going to be freed and
+ when we do actually mark it as "freed".
+
+ This is important in the context of RCU lookups - we can look up the
+ inode, find that it is valid, and then use it as such not realising
+ that it is in the final stages of being freed.
+
+ As such, mark the inode as being invalid the moment we know it is
+ going to be reclaimed. This can be done while we still hold the
+ XFS_ILOCK_EXCL and the flush lock in xfs_inode_reclaim, meaning that
+ it occurs well before we remove it from the radix tree, and that
+ the i_flags_lock, the XFS_ILOCK and the inode flush lock all act as
+ synchronisation points for detecting that an inode is about to go
+ away.
+
+ For defensive purposes, this allows us to add a further check to
+ xfs_iflush_cluster to ensure we skip inodes that are being freed
+ after we grab the XFS_ILOCK_SHARED and the flush lock - we know that
+ if the inode number if valid while we have these locks held we know
+ that it has not progressed through reclaim to the point where it is
+ clean and is about to be freed.
+
+ [bfoster: fixed __xfs_inode_clear_reclaim() using ip->i_ino after it
+ had already been zeroed.]
+
+ Signed-off-by: Dave Chinner <dchinner@redhat.com>
+ Reviewed-by: Brian Foster <bfoster@redhat.com>
+ Signed-off-by: Dave Chinner <david@fromorbit.com>
+
+ fs/xfs/xfs_icache.c | 46 ++++++++++++++++++++++++++++++++++------------
+ fs/xfs/xfs_inode.c | 13 +++++++++++++
+ 2 files changed, 47 insertions(+), 12 deletions(-)
+
+commit 096f3d24e77f4cd8fe50008623b26c89cb00ccda
+Author: Dave Chinner <dchinner@redhat.com>
+Date: Wed May 18 14:01:53 2016 +1000
+
+ xfs: xfs_inode_free() isn't RCU safe
+
+ The xfs_inode freed in xfs_inode_free() has multiple allocated
+ structures attached to it. We free these in xfs_inode_free() before
+ we mark the inode as invalid, and before we run call_rcu() to queue
+ the structure for freeing.
+
+ Unfortunately, this freeing can race with other accesses that are in
+ the RCU current grace period that have found the inode in the radix
+ tree with a valid state. This includes xfs_iflush_cluster(), which
+ calls xfs_inode_clean(), and that accesses the inode log item on the
+ xfs_inode.
+
+ The log item structure is freed in xfs_inode_free(), so there is the
+ possibility we can be accessing freed memory in xfs_iflush_cluster()
+ after validating the xfs_inode structure as being valid for this RCU
+ context. Hence we can get spuriously incorrect clean state returned
+ from such checks. This can lead to use thinking the inode is dirty
+ when it is, in fact, clean, and so incorrectly attaching it to the
+ buffer for IO and completion processing.
+
+ This then leads to use-after-free situations on the xfs_inode itself
+ if the IO completes after the current RCU grace period expires. The
+ buffer callbacks will access the xfs_inode and try to do all sorts
+ of things it shouldn't with freed memory.
+
+ IOWs, xfs_iflush_cluster() only works correctly when racing with
+ inode reclaim if the inode log item is present and correctly stating
+ the inode is clean. If the inode is being freed, then reclaim has
+ already made sure the inode is clean, and hence xfs_iflush_cluster
+ can skip it. However, we are accessing the inode inode under RCU
+ read lock protection and so also must ensure that all dynamically
+ allocated memory we reference in this context is not freed until the
+ RCU grace period expires.
+
+ To fix this, move all the potential memory freeing into
+ xfs_inode_free_callback() so that we are guarantee RCU protected
+ lookup code will always have the memory structures it needs
+ available during the RCU grace period that lookup races can occur
+ in.
+
+ Discovered-by: Brain Foster <bfoster@redhat.com>
+ Signed-off-by: Dave Chinner <dchinner@redhat.com>
+ Reviewed-by: Christoph Hellwig <hch@lst.de>
+ Signed-off-by: Dave Chinner <david@fromorbit.com>
+
+ fs/xfs/xfs_icache.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+commit eaec09dbc18fe0ae7905b33b4c819a467a0e801d
+Author: Jann Horn <jannh@google.com>
+Date: Wed Jun 1 11:55:07 2016 +0200
+
+ sched: panic on corrupted stack end
+
+ Until now, hitting this BUG_ON caused a recursive oops (because oops
+ handling involves do_exit(), which calls into the scheduler, which in
+ turn raises an oops), which caused stuff below the stack to be
+ overwritten until a panic happened (e.g. via an oops in interrupt
+ context, caused by the overwritten CPU index in the thread_info).
+
+ Just panic directly.
+
+ Signed-off-by: Jann Horn <jannh@google.com>
+ Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+
+ kernel/sched/core.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+commit 96894afd3cbd735ed9230f058a32865dec270da2
+Author: Jann Horn <jannh@google.com>
+Date: Wed Jun 1 11:55:06 2016 +0200
+
+ ecryptfs: forbid opening files without mmap handler
+
+ This prevents users from triggering a stack overflow through a recursive
+ invocation of pagefault handling that involves mapping procfs files into
+ virtual memory.
+
+ Signed-off-by: Jann Horn <jannh@google.com>
+ Acked-by: Tyler Hicks <tyhicks@canonical.com>
+ Cc: stable@vger.kernel.org
+ Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+
+ fs/ecryptfs/kthread.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+commit 06608cb36ab8329c7cf03fdabc86fb7f64a2656d
+Author: Jann Horn <jannh@google.com>
+Date: Wed Jun 1 11:55:05 2016 +0200
+
+ proc: prevent stacking filesystems on top
+
+ This prevents stacking filesystems (ecryptfs and overlayfs) from using
+ procfs as lower filesystem. There is too much magic going on inside
+ procfs, and there is no good reason to stack stuff on top of procfs.
+
+ (For example, procfs does access checks in VFS open handlers, and
+ ecryptfs by design calls open handlers from a kernel thread that doesn't
+ drop privileges or so.)
+
+ Signed-off-by: Jann Horn <jannh@google.com>
+ Cc: stable@vger.kernel.org
+ Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+
+ fs/proc/root.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+commit 7cff8ffababda8d77e7e3a3f2621b26269279b9a
+Author: Al Viro <viro@zeniv.linux.org.uk>
+Date: Wed May 4 14:04:13 2016 -0400
+
+ ecryptfs: fix handling of directory opening
+
+ First of all, trying to open them r/w is idiocy; it's guaranteed to fail.
+ Moreover, assigning ->f_pos and assuming that everything will work is
+ blatantly broken - try that with e.g. tmpfs as underlying layer and watch
+ the fireworks. There may be a non-trivial amount of state associated with
+ current IO position, well beyond the numeric offset. Using the single
+ struct file associated with underlying inode is really not a good idea;
+ we ought to open one for each ecryptfs directory struct file.
+
+ Additionally, file_operations both for directories and non-directories are
+ full of pointless methods; non-directories should *not* have ->iterate(),
+ directories should not have ->flush(), ->fasync() and ->splice_read().
+
+ Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+
+ fs/ecryptfs/file.c | 71 ++++++++++++++++++++++++++++++++++++++++++------------
+ 1 file changed, 55 insertions(+), 16 deletions(-)
+
+commit b690dcd62ad1433e69d391a267ce01534c19d20a
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Wed Jun 8 20:59:28 2016 -0400
+
+ fix compiler warnings
+
+ fs/exec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+commit 5d43ec1fb9c94f0c2644e0d09a8257442134a0ce
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Wed Jun 8 20:52:00 2016 -0400
+
+ Avoid some UB
+
+ fs/exec.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+commit d34347de1cae1f7bd8ea4223d5baca5da8ea4529
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Wed Jun 8 20:23:27 2016 -0400
+
+ compile fix
+
+ kernel/smpboot.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+commit 4dfdd6b803d58fec94306a4ff437d500a9c80908
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Wed Jun 8 20:13:34 2016 -0400
+
+ Add open/close around cpumask modification, reported by shadowdaemon
+ Triggered by writing to /proc/sys/kernel/watchdog_cpumask
+
+ kernel/smpboot.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+commit 1ee24693e22a535dbede927beba7b90cd8559eb4
+Merge: 11150b9 dec4686
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Wed Jun 8 07:39:26 2016 -0400
+
+ Merge branch 'pax-test' into grsec-test
+
+commit dec468678ead461fc786adfbb2505b6ef66a371a
+Merge: 85a5882 8c596d1
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Wed Jun 8 07:39:18 2016 -0400
+
+ Merge branch 'linux-4.5.y' into pax-test
+
+commit 11150b92c4cd78ec6a22ad0ff682faf2354b4445
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sun Jun 5 14:18:34 2016 -0400
+
+ compile fix
+
+ grsecurity/grsec_tpe.c | 4 ++--
+ include/linux/uidgid.h | 1 +
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+commit 6e548aad3425733ed443e4a3232205935f0d4939
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sun Jun 5 08:19:09 2016 -0400
+
+ Workaround some Debian bike-shedding so that group-writable /bin dirs
+ (with group ownership of root) don't trigger TPE violations
+ Reported by jvoisin
+
+ grsecurity/grsec_tpe.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+commit 735ea2028ce017246358d22ec81dc6db73499770
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sun Jun 5 04:23:15 2016 -0400
+
+ move another instance of is_privileged_binary outside of atomic
+
+ grsecurity/gracl_segv.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+commit e08a7bcc7b7a1e423b5346bcef85d9a92185f65f
+Merge: d094457 85a5882
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sun Jun 5 04:09:29 2016 -0400
+
+ Merge branch 'pax-test' into grsec-test
+
+commit 85a588299f41d6a116b8d07d902de986968a84b0
+Merge: 89f00c3 ec2a755
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sun Jun 5 04:08:42 2016 -0400
+
+ Merge branch 'linux-4.5.y' into pax-test
+
+commit d094457eb90a693f7007b7f4b26c2132137c7ed2
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Mon May 30 10:15:11 2016 -0400
+
+ move privilege/xattr check outside of locks to prevent warning, reported by shadowdaemon
+
+ grsecurity/grsec_sig.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+commit 2fad2bb3392409d98498b3af53cf39f2475e4b70
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sun May 29 10:11:27 2016 -0400
+
+ Fix another harmless warning
+
+ fs/proc/proc_sysctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+commit d62f996e40c87e46b20f45e16819f92d49f3e926
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sun May 29 09:56:32 2016 -0400
+
+ Fix more harmless compiler warnings
+
+ grsecurity/gracl_policy.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+commit 558b784a2b87e337d12bae07d60f435c2f06d849
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sun May 29 09:47:50 2016 -0400
+
+ Fix more harmless warnings
+
+ grsecurity/gracl.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+commit 32ec63339ab130758e6941d7f1d8993e41956980
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sun May 29 09:41:23 2016 -0400
+
+ Fix another warning
+
+ include/linux/sched.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+commit 789369de0dbde1fedd2d5cb0ee3474e160af187c
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sun May 29 09:22:05 2016 -0400
+
+ Fix some harmless compiler warnings
+
+ grsecurity/grsum.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+commit ed18543a205c206d0aa8ee6b04c606579823b7b3
+Merge: b0b4143 89f00c3
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sun May 29 08:34:18 2016 -0400
+
+ Merge branch 'pax-test' into grsec-test
+
+commit 89f00c3b596a62ae5bcfe4920e9d05b9a94be7fa
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sun May 29 08:26:37 2016 -0400
+
+ Update to pax-linux-4.5.5-test11.patch:
+ - fixed arm kuser helper emulation for thumb mode userland, reported by Wizzup(https://forums.grsecurity.net/viewtopic.php?f=3&t=4479)
+ - fixed incorrect function pointer casts in bcache caught by RAP, reported by torsten (https://forums.grsecurity.net/viewtopic.php?f=3&t=4482)
+ - worked around a few intentional integer underflows in the xhci driver caught by the size overflow plugin, reported by Dennis Wassenberg <dennis.wassenberg@secunet.com>
+ - moved gcc plugins from tools/gcc to scripts/gcc-plugins and simplified the plugin build system, by Emese
+ - changed the constify and latent entropy plugins to use a consistent command line switch for compile-time disabling
+ - cleaned up a few unusued macros, whitespace, inline asm constraints, etc
+ - hid the lvalue casts needed for constify behind the const_cast macro, by Mathias Krause <minipli@ld-linux.so>
+
+ Makefile | 50 +-
+ arch/Kconfig | 14 +
+ arch/arm/Kconfig | 1 +
+ arch/arm/boot/compressed/Makefile | 2 +
+ arch/arm/mach-exynos/suspend.c | 4 +-
+ arch/arm/mach-omap2/powerdomains43xx_data.c | 2 +-
+ arch/arm/mach-shmobile/platsmp-apmu.c | 2 +-
+ arch/arm/mm/fault.c | 14 +
+ arch/arm64/Kconfig | 1 +
+ arch/mips/Kconfig | 1 +
+ arch/powerpc/Kconfig | 1 +
+ arch/powerpc/include/asm/atomic.h | 7 +-
+ arch/powerpc/kernel/Makefile | 8 +-
+ arch/sparc/Kconfig | 1 +
+ arch/um/Makefile | 4 +-
+ arch/x86/Kconfig | 1 +
+ arch/x86/boot/Makefile | 3 -
+ arch/x86/boot/compressed/Makefile | 3 -
+ arch/x86/entry/common.c | 2 +-
+ arch/x86/include/asm/thread_info.h | 27 -
+ arch/x86/kernel/cpu/perf_event_intel_cqm.c | 2 +-
+ arch/x86/kernel/cpu/perf_event_intel_pt.c | 10 +-
+ arch/x86/kernel/i8259.c | 4 +-
+ arch/x86/kernel/paravirt-spinlocks.c | 2 +-
+ arch/x86/oprofile/nmi_int.c | 2 +-
+ arch/x86/oprofile/op_model_amd.c | 6 +-
+ arch/x86/oprofile/op_model_ppro.c | 4 +-
+ arch/x86/pci/vmd.c | 2 +-
+ arch/x86/realmode/rm/Makefile | 3 -
+ drivers/acpi/bgrt.c | 4 +-
+ drivers/ata/libata-core.c | 2 +-
+ drivers/ata/pata_arasan_cf.c | 2 +-
+ drivers/base/platform-msi.c | 14 +-
+ drivers/base/power/domain.c | 4 +-
+ drivers/bus/arm-cci.c | 6 +-
+ drivers/cdrom/cdrom.c | 2 +-
+ drivers/clk/socfpga/clk-gate.c | 4 +-
+ drivers/clk/socfpga/clk-pll.c | 4 +-
+ drivers/clk/ti/clk.c | 4 +-
+ drivers/cpufreq/acpi-cpufreq.c | 8 +-
+ drivers/cpufreq/cpufreq-dt.c | 2 +-
+ drivers/cpufreq/cpufreq.c | 8 +-
+ drivers/cpufreq/cpufreq_ondemand.c | 4 +-
+ drivers/cpufreq/p4-clockmod.c | 6 +-
+ drivers/cpufreq/speedstep-centrino.c | 2 +-
+ drivers/firmware/dmi_scan.c | 8 +-
+ drivers/firmware/efi/efi.c | 10 +-
+ drivers/firmware/google/memconsole.c | 2 +-
+ drivers/gpio/gpiolib.c | 8 +-
+ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 +-
+ drivers/gpu/drm/i810/i810_drv.c | 2 +-
+ drivers/gpu/drm/i915/i915_irq.c | 86 +-
+ drivers/gpu/drm/i915/intel_display.c | 6 +-
+ drivers/gpu/drm/mga/mga_drv.c | 2 +-
+ drivers/gpu/drm/omapdrm/dss/display.c | 6 +-
+ drivers/gpu/drm/qxl/qxl_drv.c | 2 +-
+ drivers/gpu/drm/qxl/qxl_ttm.c | 4 +-
+ drivers/gpu/drm/r128/r128_drv.c | 2 +-
+ drivers/gpu/drm/radeon/radeon_drv.c | 2 +-
+ drivers/gpu/drm/savage/savage_drv.c | 2 +-
+ drivers/gpu/drm/sis/sis_drv.c | 2 +-
+ drivers/gpu/drm/tegra/dc.c | 2 +-
+ drivers/gpu/drm/tegra/sor.c | 2 +-
+ drivers/gpu/drm/via/via_drv.c | 2 +-
+ drivers/idle/intel_idle.c | 4 +-
+ drivers/infiniband/hw/qib/qib.h | 1 -
+ drivers/iommu/arm-smmu.c | 4 +-
+ drivers/isdn/hardware/eicon/mntfunc.c | 2 +-
+ drivers/md/bcache/btree.c | 11 +-
+ drivers/md/bcache/closure.c | 4 +-
+ drivers/md/bcache/closure.h | 8 +-
+ drivers/md/bcache/journal.c | 16 +-
+ drivers/md/bcache/movinggc.c | 12 +-
+ drivers/md/bcache/request.c | 54 +-
+ drivers/md/bcache/request.h | 2 +-
+ drivers/md/bcache/super.c | 30 +-
+ drivers/md/bcache/writeback.c | 12 +-
+ drivers/media/platform/am437x/am437x-vpfe.c | 2 +-
+ drivers/mfd/twl4030-irq.c | 4 +-
+ drivers/misc/c2port/core.c | 2 +-
+ drivers/misc/mic/scif/scif_api.c | 8 +-
+ drivers/mmc/host/mmci.c | 2 +-
+ drivers/mmc/host/omap_hsmmc.c | 2 +-
+ drivers/mmc/host/sdhci-esdhc-imx.c | 2 +-
+ drivers/mmc/host/sdhci-s3c.c | 6 +-
+ drivers/net/ethernet/cavium/liquidio/lio_main.c | 2 +-
+ drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c | 4 +-
+ .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c | 2 +-
+ .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c | 6 +-
+ drivers/net/macvlan.c | 14 +-
+ drivers/net/wireless/ath/ath9k/main.c | 20 +-
+ drivers/net/wireless/intel/iwlegacy/3945-mac.c | 2 +-
+ drivers/net/wireless/mac80211_hwsim.c | 22 +-
+ drivers/net/wireless/ti/wl1251/sdio.c | 8 +-
+ drivers/net/wireless/ti/wl12xx/main.c | 4 +-
+ drivers/net/wireless/ti/wl18xx/main.c | 4 +-
+ drivers/of/fdt.c | 2 +-
+ drivers/pci/hotplug/acpiphp_ibm.c | 2 +-
+ drivers/pci/hotplug/cpcihp_zt5550.c | 6 +-
+ drivers/pci/hotplug/pci_hotplug_core.c | 4 +-
+ drivers/pci/msi.c | 12 +-
+ drivers/pinctrl/pinctrl-at91.c | 2 +-
+ drivers/platform/x86/msi-laptop.c | 12 +-
+ drivers/power/reset/at91-reset.c | 2 +-
+ drivers/powercap/powercap_sys.c | 6 +-
+ drivers/regulator/max8660.c | 4 +-
+ drivers/regulator/max8973-regulator.c | 12 +-
+ drivers/regulator/mc13892-regulator.c | 4 +-
+ drivers/rtc/rtc-armada38x.c | 4 +-
+ drivers/rtc/rtc-cmos.c | 2 +-
+ drivers/rtc/rtc-m48t59.c | 2 +-
+ drivers/rtc/rtc-rx8010.c | 6 +-
+ drivers/rtc/rtc-test.c | 4 +-
+ drivers/scsi/aacraid/aachba.c | 4 +-
+ drivers/scsi/lpfc/lpfc_init.c | 4 +-
+ drivers/scsi/qla2xxx/qla_os.c | 4 +-
+ drivers/staging/sm750fb/sm750.c | 8 +-
+ drivers/thermal/cpu_cooling.c | 6 +-
+ drivers/thermal/int340x_thermal/int3400_thermal.c | 4 +-
+ drivers/thermal/of-thermal.c | 12 +-
+ drivers/tty/pty.c | 2 +-
+ drivers/tty/serial/8250/8250_core.c | 6 +-
+ drivers/tty/serial/kgdb_nmi.c | 2 +-
+ drivers/usb/host/xhci-ring.c | 52 +-
+ drivers/video/fbdev/aty/atyfb_base.c | 4 +-
+ drivers/video/fbdev/aty/mach64_cursor.c | 2 +-
+ drivers/video/fbdev/core/fb_defio.c | 6 +-
+ drivers/video/fbdev/mb862xx/mb862xxfb_accel.c | 12 +-
+ drivers/video/fbdev/nvidia/nvidia.c | 18 +-
+ drivers/video/fbdev/omap2/omapfb/dss/display.c | 6 +-
+ drivers/video/fbdev/s1d13xxxfb.c | 4 +-
+ drivers/video/fbdev/smscufx.c | 2 +-
+ drivers/video/fbdev/udlfb.c | 2 +-
+ drivers/video/fbdev/uvesafb.c | 4 +-
+ drivers/video/fbdev/vesafb.c | 2 +-
+ fs/fuse/cuse.c | 6 +-
+ fs/jffs2/file.c | 2 +-
+ fs/nls/nls_base.c | 4 +-
+ fs/nls/nls_euc-jp.c | 4 +-
+ fs/nls/nls_koi8-ru.c | 4 +-
+ fs/proc/proc_sysctl.c | 4 +-
+ fs/tracefs/inode.c | 4 +-
+ include/linux/compiler-gcc.h | 1 +
+ include/linux/compiler.h | 4 +
+ include/linux/seq_buf.h | 2 +-
+ include/linux/sysfs.h | 2 +-
+ kernel/cgroup.c | 14 +-
+ kernel/irq/msi.c | 12 +-
+ kernel/notifier.c | 4 +-
+ kernel/pid.c | 2 +-
+ kernel/trace/trace_output.c | 8 +-
+ net/core/rtnetlink.c | 2 +-
+ net/xfrm/xfrm_state.c | 2 +-
+ scripts/Makefile | 1 +
+ scripts/Makefile.gcc-plugins | 138 +-
+ scripts/Makefile.host | 6 +-
+ scripts/gcc-plugin.sh | 4 +-
+ scripts/gcc-plugins/Makefile | 45 +
+ scripts/gcc-plugins/checker_plugin.c | 496 +
+ scripts/gcc-plugins/colorize_plugin.c | 162 +
+ scripts/gcc-plugins/constify_plugin.c | 521 +
+ scripts/gcc-plugins/gcc-common.h | 879 +
+ scripts/gcc-plugins/gcc-generate-gimple-pass.h | 175 +
+ scripts/gcc-plugins/gcc-generate-ipa-pass.h | 289 +
+ scripts/gcc-plugins/gcc-generate-rtl-pass.h | 175 +
+ scripts/gcc-plugins/gcc-generate-simple_ipa-pass.h | 175 +
+ scripts/gcc-plugins/initify_plugin.c | 536 +
+ scripts/gcc-plugins/kallocstat_plugin.c | 135 +
+ scripts/gcc-plugins/kernexec_plugin.c | 407 +
+ scripts/gcc-plugins/latent_entropy_plugin.c | 438 +
+ scripts/gcc-plugins/rap_plugin/Makefile | 4 +
+ scripts/gcc-plugins/rap_plugin/rap.h | 36 +
+ scripts/gcc-plugins/rap_plugin/rap_fptr_pass.c | 220 +
+ scripts/gcc-plugins/rap_plugin/rap_hash.c | 382 +
+ scripts/gcc-plugins/rap_plugin/rap_plugin.c | 511 +
+ scripts/gcc-plugins/rap_plugin/sip.c | 96 +
+ .../gcc-plugins/size_overflow_plugin/.gitignore | 3 +
+ scripts/gcc-plugins/size_overflow_plugin/Makefile | 28 +
+ .../disable_size_overflow_hash.data | 12444 +++++++++++
+ .../generate_size_overflow_hash.sh | 103 +
+ .../insert_size_overflow_asm.c | 369 +
+ .../size_overflow_plugin/intentional_overflow.c | 1166 +
+ .../size_overflow_plugin/remove_unnecessary_dup.c | 137 +
+ .../size_overflow_plugin/size_overflow.h | 331 +
+ .../size_overflow_plugin/size_overflow_debug.c | 194 +
+ .../size_overflow_plugin/size_overflow_hash.data | 21504 +++++++++++++++++++
+ .../size_overflow_hash_aux.data | 92 +
+ .../size_overflow_plugin/size_overflow_ipa.c | 1163 +
+ .../size_overflow_plugin/size_overflow_misc.c | 505 +
+ .../size_overflow_plugin/size_overflow_plugin.c | 290 +
+ .../size_overflow_plugin_hash.c | 352 +
+ .../size_overflow_plugin/size_overflow_transform.c | 743 +
+ .../size_overflow_transform_core.c | 1025 +
+ scripts/gcc-plugins/stackleak_plugin.c | 350 +
+ scripts/gcc-plugins/structleak_plugin.c | 239 +
+ scripts/package/builddeb | 2 +-
+ security/Kconfig | 8 +-
+ sound/soc/codecs/sti-sas.c | 8 +-
+ sound/soc/soc-ac97.c | 4 +-
+ tools/gcc/Makefile | 46 -
+ tools/gcc/checker_plugin.c | 496 -
+ tools/gcc/colorize_plugin.c | 162 -
+ tools/gcc/constify_plugin.c | 521 -
+ tools/gcc/gcc-common.h | 879 -
+ tools/gcc/gcc-generate-gimple-pass.h | 175 -
+ tools/gcc/gcc-generate-ipa-pass.h | 289 -
+ tools/gcc/gcc-generate-rtl-pass.h | 175 -
+ tools/gcc/gcc-generate-simple_ipa-pass.h | 175 -
+ tools/gcc/initify_plugin.c | 536 -
+ tools/gcc/kallocstat_plugin.c | 135 -
+ tools/gcc/kernexec_plugin.c | 407 -
+ tools/gcc/latent_entropy_plugin.c | 422 -
+ tools/gcc/rap_plugin/Makefile | 4 -
+ tools/gcc/rap_plugin/rap.h | 36 -
+ tools/gcc/rap_plugin/rap_fptr_pass.c | 220 -
+ tools/gcc/rap_plugin/rap_hash.c | 382 -
+ tools/gcc/rap_plugin/rap_plugin.c | 511 -
+ tools/gcc/rap_plugin/sip.c | 96 -
+ tools/gcc/size_overflow_plugin/.gitignore | 3 -
+ tools/gcc/size_overflow_plugin/Makefile | 28 -
+ .../disable_size_overflow_hash.data | 12444 -----------
+ .../generate_size_overflow_hash.sh | 103 -
+ .../insert_size_overflow_asm.c | 369 -
+ .../size_overflow_plugin/intentional_overflow.c | 1166 -
+ .../size_overflow_plugin/remove_unnecessary_dup.c | 137 -
+ tools/gcc/size_overflow_plugin/size_overflow.h | 331 -
+ .../gcc/size_overflow_plugin/size_overflow_debug.c | 194 -
+ .../size_overflow_plugin/size_overflow_hash.data | 21504 -------------------
+ .../size_overflow_hash_aux.data | 92 -
+ tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 1163 -
+ .../gcc/size_overflow_plugin/size_overflow_misc.c | 505 -
+ .../size_overflow_plugin/size_overflow_plugin.c | 290 -
+ .../size_overflow_plugin_hash.c | 352 -
+ .../size_overflow_plugin/size_overflow_transform.c | 743 -
+ .../size_overflow_transform_core.c | 1025 -
+ tools/gcc/stackleak_plugin.c | 350 -
+ tools/gcc/structleak_plugin.c | 239 -
+ 237 files changed, 47340 insertions(+), 47276 deletions(-)
+
commit b0b41430a8c9e6e5067c896c07d361e527e298e8
Author: Brad Spengler <spender@grsecurity.net>
Date: Sat May 21 13:59:19 2016 -0400
projects / thirdparty / grsecurity-scrape.git / blobdiff