]> git.ipfire.org Git - thirdparty/grsecurity-scrape.git/blame - test/changelog-test.txt
projects / thirdparty / grsecurity-scrape.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
grsec-scrape autocommit. 1 new patch(es).
[thirdparty/grsecurity-scrape.git] / test / changelog-test.txt
CommitLineData
d474a772
PK		 1commit bcd180c4f5093462b587f920a56a9632dc5550d8
2Author: Brad Spengler <spender@grsecurity.net>
3Date: Tue Jul 24 20:34:13 2012 -0400
4
5 use min_t instead of min
6
7 fs/proc/base.c | 2 +-
8 1 files changed, 1 insertions(+), 1 deletions(-)
9
10commit 3ecf176228e1036f01cfafbc4f41d2a4579fcd9a
11Author: Brad Spengler <spender@grsecurity.net>
12Date: Tue Jul 24 20:31:08 2012 -0400
13
14 Move procpidmem task checks to __mem_open
15
16 fs/proc/base.c | 13 +++++++++++--
17 1 files changed, 11 insertions(+), 2 deletions(-)
18
19commit 8850936950ed223f7abe5fdbe2d5d960213d368d
20Author: Cong Wang <xiyou.wangcong@gmail.com>
21Date: Thu May 31 16:26:18 2012 -0700
22
23 proc: use mm_access() instead of ptrace_may_access()
24
25 mm_access() handles this much better, and avoids some race conditions.
26
27 Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
28 Cc: Oleg Nesterov <oleg@redhat.com>
29 Cc: Alexey Dobriyan <adobriyan@gmail.com>
30 Cc: Hugh Dickins <hughd@google.com>
31 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
32 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
33
34 fs/proc/base.c | 7 ++-----
35 1 files changed, 2 insertions(+), 5 deletions(-)
36
37commit 1e4e4836668796ec756c91bdb7c8c8f63c5f9118
38Author: Cong Wang <xiyou.wangcong@gmail.com>
39Date: Thu May 31 16:26:17 2012 -0700
40
41 proc: remove mm_for_maps()
42
43 mm_for_maps() is a simple wrapper for mm_access(), and the name is
44 misleading, so just remove it and use mm_access() directly.
45
46 Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
47 Cc: Oleg Nesterov <oleg@redhat.com>
48 Cc: Alexey Dobriyan <adobriyan@gmail.com>
49 Acked-by: Hugh Dickins <hughd@google.com>
50 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
51 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
52
53 fs/proc/base.c | 7 +------
54 fs/proc/internal.h | 2 --
55 fs/proc/task_mmu.c | 4 ++--
56 fs/proc/task_nommu.c | 2 +-
57 4 files changed, 4 insertions(+), 11 deletions(-)
58
59commit d796a7d7dde60eaaeaf85a1f02f8b7c855edcfe7
60Author: Cong Wang <xiyou.wangcong@gmail.com>
61Date: Thu May 31 16:26:17 2012 -0700
62
63 (don't introduce a vuln through use of the poorly-named FMODE_UNSIGNED_OFFSET, as
64 fixed in:
65 proc-do-not-allow-negative-offsets-on-proc-pid-environ.patch
66 )
67
68 proc: clean up /proc/<pid>/environ handling
69
70 Similar to e268337dfe26 ("proc: clean up and fix /proc/<pid>/mem
71 handling"), move the check of permission to open(), this will simplify
72 read() code.
73
74 [akpm@linux-foundation.org: checkpatch fixes]
75 Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
76 Cc: Oleg Nesterov <oleg@redhat.com>
77 Cc: Alexey Dobriyan <adobriyan@gmail.com>
78 Cc: Hugh Dickins <hughd@google.com>
79 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
80 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
81
82 Conflicts:
83
84 fs/proc/base.c
85
86 fs/proc/base.c | 55 +++++++++++++++++++++++++++++++------------------------
87 1 files changed, 31 insertions(+), 24 deletions(-)
88
89commit d1aad32c82bb85e159bc1da68eaabb55b7b18ca2
90Author: Brad Spengler <spender@grsecurity.net>
91Date: Mon Jul 23 21:33:46 2012 -0400
92
93 simplify seq_file enhancement based on new config option
94
95 fs/seq_file.c | 16 ----------------
96 1 files changed, 0 insertions(+), 16 deletions(-)
97
8988712e
PK		 98commit 5d4fd8660a7bbdc2afeb611e596f3056e66dc75e
99Merge: d8299a1 a535e9f
100Author: Brad Spengler <spender@grsecurity.net>
101Date: Mon Jul 23 20:52:26 2012 -0400
102
103 Merge branch 'pax-test' into grsec-test
104
105commit a535e9fd22c26f61cbe55b3a9e95e50d0c57b8f6
106Author: Brad Spengler <spender@grsecurity.net>
107Date: Mon Jul 23 20:51:39 2012 -0400
108
109 Update to pax-linux-3.4.6-test22.patch:
110
111 - fix up the last changes as pointed out by spender
112
113 fs/exec.c | 15 ++++++---------
114 mm/slob.c | 11 +----------
115 2 files changed, 7 insertions(+), 19 deletions(-)
116
117commit d8299a159394ba3a6082e97c3e4cfe13502b10cb
118Merge: 0f185df 7174965
119Author: Brad Spengler <spender@grsecurity.net>
120Date: Mon Jul 23 20:02:26 2012 -0400
121
122 Use new CONFIG_PAX_USERCOPY_SLABS
123
124 Merge branch 'pax-test' into grsec-test
125
126 Conflicts:
127 include/linux/slab.h
128 mm/slab.c
129 mm/slob.c
130 mm/slub.c
131 security/Kconfig
132
133commit 7174965f91fbc8922abcf4da01cced2a6158639e
134Author: Brad Spengler <spender@grsecurity.net>
135Date: Mon Jul 23 19:49:59 2012 -0400
136
137 Update to pax-linux-3.4.6-test21.patch, introduces CONFIG_PAX_USERCOPY_SLABS, so HIDESYM
138 can make use of USERCOPY cache markings without requiring that USERCOPY be enabled
139
140 drivers/char/mem.c | 4 +-
141 fs/exec.c | 29 +++++++++++++++++++++-
142 include/linux/gfp.h | 2 +-
143 include/linux/sched.h | 6 +----
144 include/linux/slab.h | 5 ++-
145 include/linux/slab_def.h | 6 ++--
146 mm/slab.c | 56 ++++++++++++++++++++++++-------------------
147 mm/slob.c | 54 +++++++++++++++++++++---------------------
148 mm/slub.c | 58 +++++++++++++++++++++++++--------------------
149 security/Kconfig | 4 +++
150 10 files changed, 131 insertions(+), 93 deletions(-)
151
152commit 0f185df763ce1c5674b69c4b63a5735d16941cb3
153Author: Brad Spengler <spender@grsecurity.net>
154Date: Mon Jul 23 18:59:53 2012 -0400
155
156 Fix up range checks on environ_read, reported at:
157 http://permalink.gmane.org/gmane.linux.kernel.hardened.devel/472
158
159 fs/proc/base.c | 13 +++++++------
160 1 files changed, 7 insertions(+), 6 deletions(-)
161
162commit d5dc3e6e59ef6d5935dbeb4ba41628f22ab07a4a
163Author: J. Bruce Fields <bfields@fieldses.org>
164Date: Mon Jul 23 15:17:17 2012 -0400
165
166 locks: fix checking of fcntl_setlease argument
167
168 The only checks of the long argument passed to fcntl(fd,F_SETLEASE,.)
169 are done after converting the long to an int. Thus some illegal values
170 may be let through and cause problems in later code.
171
172 [ They actually *don't* cause problems in mainline, as of Dave Jones's
173 commit 8d657eb3b438 "Remove easily user-triggerable BUG from
174 generic_setlease", but we should fix this anyway. And this patch will
175 be necessary to fix real bugs on earlier kernels. ]
176
177 Cc: stable@vger.kernel.org
178 Signed-off-by: J. Bruce Fields <bfields@redhat.com>
179 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
180
181 fs/locks.c | 6 +++---
182 1 files changed, 3 insertions(+), 3 deletions(-)
183
8ef4a791
PK		 184commit 10bc6c214a60792e6e01b719c9204985e545c79d
185Author: Brad Spengler <spender@grsecurity.net>
186Date: Sat Jul 21 14:36:42 2012 -0400
187
188 print zeroes for our NULLs instead of (nil)
189
190 lib/vsprintf.c | 8 +++++---
191 1 files changed, 5 insertions(+), 3 deletions(-)
192
193commit 93d5cf5e877843a6b38de9bae2dddc03fadfbbd4
194Author: Brad Spengler <spender@grsecurity.net>
195Date: Sat Jul 21 14:18:33 2012 -0400
196
197 Add %pP format string for kernel pointers that are approved to be copied to userland,
198 like with /proc/kallsyms as we make the entire file appear empty for non-root users
199
200 kernel/kallsyms.c | 11 +++++++++++
201 lib/vsprintf.c | 8 +++++++-
202 2 files changed, 18 insertions(+), 1 deletions(-)
203
204commit 3e8a9f37454662132ba533dcda9082bccaae83d6
205Author: Brad Spengler <spender@grsecurity.net>
206Date: Sat Jul 21 13:53:20 2012 -0400
207
208 HIDESYM advance:
209 Use new generic usercopy slabs as markings for buffers intended to be copied into userland
210 Change seq_file buffer allocation to use usercopy slabs
211 Check for usercopy slab markings in handling of %p in *printf
212 If pointer to be printed is a pointer to kernelspace, and we're printing into a buffer
213 to be copied to userland, NULL it
214
215 fs/seq_file.c | 16 ++++++++++++++++
216 include/linux/slab.h | 1 +
217 lib/vsprintf.c | 8 ++++++++
218 mm/slab.c | 28 ++++++++++++++++++++++++++++
219 mm/slob.c | 5 +++++
220 mm/slub.c | 27 +++++++++++++++++++++++++++
221 6 files changed, 85 insertions(+), 0 deletions(-)
222
223commit d9f7bf7f312079ac946e6534439ce48e71c0a7fc
224Merge: b48e7c9 42fa242
225Author: Brad Spengler <spender@grsecurity.net>
226Date: Sat Jul 21 12:43:34 2012 -0400
227
228 Merge branch 'pax-test' into grsec-test
229
230commit 42fa242b6a04d8163e0a03ac75555ad3e286b7f9
231Author: Brad Spengler <spender@grsecurity.net>
232Date: Sat Jul 21 12:43:14 2012 -0400
233
234 Add new files from PaX, including latent entropy plugin
235
236 tools/gcc/.gitignore | 1 +
237 tools/gcc/latent_entropy_plugin.c | 291 +++++++++++++++++++++++++++++++++++++
238 2 files changed, 292 insertions(+), 0 deletions(-)
239
240commit b48e7c9f468c25dfd1b31378998e81847b3f2451
241Merge: 0fde9f6 de9b577
242Author: Brad Spengler <spender@grsecurity.net>
243Date: Sat Jul 21 12:41:23 2012 -0400
244
245 Merge branch 'pax-test' into grsec-test
246
247 Conflicts:
248 arch/x86/Kconfig.debug
249
250commit de9b57773e9d4dd465c0e1f7c17c6dd8efa9a4ad
251Author: Brad Spengler <spender@grsecurity.net>
252Date: Sat Jul 21 12:38:07 2012 -0400
253
254 Update to pax-linux-3.4.4-test19.patch (with fixed usercopy kmem cache allocation,
255 to be included in next 3.4.6 PaX patch)
256
257 Documentation/dontdiff | 3 +-
258 Makefile | 10 +++-
259 arch/x86/Kconfig.debug | 2 +-
260 arch/x86/include/asm/atomic.h | 39 ++++++++++++++----
261 drivers/char/random.c | 11 +++++
262 drivers/gpu/drm/i915/intel_display.c | 3 +-
263 fs/binfmt_elf.c | 72 ++++++++--------------------------
264 fs/bio.c | 2 +-
265 include/asm-generic/atomic-long.h | 4 ++
266 include/asm-generic/atomic.h | 2 +-
267 include/linux/gfp.h | 11 +++++-
268 include/linux/random.h | 4 ++
269 include/linux/slab_def.h | 19 +++++++++
270 init/main.c | 16 +++++++-
271 mm/slab.c | 19 ++++++++-
272 mm/slub.c | 27 +++++++++++++
273 scripts/mod/modpost.c | 10 ++--
274 security/Kconfig | 37 +++++++++++-------
275 tools/gcc/Makefile | 6 ++-
276 tools/gcc/colorize_plugin.c | 2 +-
277 tools/gcc/constify_plugin.c | 2 +-
278 tools/gcc/kallocstat_plugin.c | 2 +-
279 tools/gcc/kernexec_plugin.c | 6 +-
280 tools/gcc/stackleak_plugin.c | 4 +-
281 24 files changed, 208 insertions(+), 105 deletions(-)
282
bc3721b8
PK		 283commit 0fde9f63da76747b91368fe0e87ae7083069e608
284Author: Julian Anastasov <ja@ssi.bg>
285Date: Sat Jul 7 20:30:11 2012 +0300
286
287 ipvs: fix oops in ip_vs_dst_event on rmmod
288
289 After commit 39f618b4fd95ae243d940ec64c961009c74e3333 (3.4)
290 "ipvs: reset ipvs pointer in netns" we can oops in
291 ip_vs_dst_event on rmmod ip_vs because ip_vs_control_cleanup
292 is called after the ipvs_core_ops subsys is unregistered and
293 net->ipvs is NULL. Fix it by exiting early from ip_vs_dst_event
294 if ipvs is NULL. It is safe because all services and dests
295 for the net are already freed.
296
297 Signed-off-by: Julian Anastasov <ja@ssi.bg>
298 Signed-off-by: Simon Horman <horms@verge.net.au>
299 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
300
301 net/netfilter/ipvs/ip_vs_ctl.c | 5 +++--
302 1 files changed, 3 insertions(+), 2 deletions(-)
303
304commit 84ff89dd529fed3b129ca498bc2b4840940af008
305Author: Lin Ming <mlin@ss.pku.edu.cn>
306Date: Sat Jul 7 18:26:10 2012 +0800
307
308 ipvs: fix oops on NAT reply in br_nf context
309
310 IPVS should not reset skb->nf_bridge in FORWARD hook
311 by calling nf_reset for NAT replies. It triggers oops in
312 br_nf_forward_finish.
313
314 [ 579.781508] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
315 [ 579.781669] IP: [<ffffffff817b1ca5>] br_nf_forward_finish+0x58/0x112
316 [ 579.781792] PGD 218f9067 PUD 0
317 [ 579.781865] Oops: 0000 [#1] SMP
318 [ 579.781945] CPU 0
319 [ 579.781983] Modules linked in:
320 [ 579.782047]
321 [ 579.782080]
322 [ 579.782114] Pid: 4644, comm: qemu Tainted: G W 3.5.0-rc5-00006-g95e69f9 #282 Hewlett-Packard /30E8
323 [ 579.782300] RIP: 0010:[<ffffffff817b1ca5>] [<ffffffff817b1ca5>] br_nf_forward_finish+0x58/0x112
324 [ 579.782455] RSP: 0018:ffff88007b003a98 EFLAGS: 00010287
325 [ 579.782541] RAX: 0000000000000008 RBX: ffff8800762ead00 RCX: 000000000001670a
326 [ 579.782653] RDX: 0000000000000000 RSI: 000000000000000a RDI: ffff8800762ead00
327 [ 579.782845] RBP: ffff88007b003ac8 R08: 0000000000016630 R09: ffff88007b003a90
328 [ 579.782957] R10: ffff88007b0038e8 R11: ffff88002da37540 R12: ffff88002da01a02
329 [ 579.783066] R13: ffff88002da01a80 R14: ffff88002d83c000 R15: ffff88002d82a000
330 [ 579.783177] FS: 0000000000000000(0000) GS:ffff88007b000000(0063) knlGS:00000000f62d1b70
331 [ 579.783306] CS: 0010 DS: 002b ES: 002b CR0: 000000008005003b
332 [ 579.783395] CR2: 0000000000000004 CR3: 00000000218fe000 CR4: 00000000000027f0
333 [ 579.783505] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
334 [ 579.783684] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
335 [ 579.783795] Process qemu (pid: 4644, threadinfo ffff880021b20000, task ffff880021aba760)
336 [ 579.783919] Stack:
337 [ 579.783959] ffff88007693cedc ffff8800762ead00 ffff88002da01a02 ffff8800762ead00
338 [ 579.784110] ffff88002da01a02 ffff88002da01a80 ffff88007b003b18 ffffffff817b26c7
339 [ 579.784260] ffff880080000000 ffffffff81ef59f0 ffff8800762ead00 ffffffff81ef58b0
340 [ 579.784477] Call Trace:
341 [ 579.784523] <IRQ>
342 [ 579.784562]
343 [ 579.784603] [<ffffffff817b26c7>] br_nf_forward_ip+0x275/0x2c8
344 [ 579.784707] [<ffffffff81704b58>] nf_iterate+0x47/0x7d
345 [ 579.784797] [<ffffffff817ac32e>] ? br_dev_queue_push_xmit+0xae/0xae
346 [ 579.784906] [<ffffffff81704bfb>] nf_hook_slow+0x6d/0x102
347 [ 579.784995] [<ffffffff817ac32e>] ? br_dev_queue_push_xmit+0xae/0xae
348 [ 579.785175] [<ffffffff8187fa95>] ? _raw_write_unlock_bh+0x19/0x1b
349 [ 579.785179] [<ffffffff817ac417>] __br_forward+0x97/0xa2
350 [ 579.785179] [<ffffffff817ad366>] br_handle_frame_finish+0x1a6/0x257
351 [ 579.785179] [<ffffffff817b2386>] br_nf_pre_routing_finish+0x26d/0x2cb
352 [ 579.785179] [<ffffffff817b2cf0>] br_nf_pre_routing+0x55d/0x5c1
353 [ 579.785179] [<ffffffff81704b58>] nf_iterate+0x47/0x7d
354 [ 579.785179] [<ffffffff817ad1c0>] ? br_handle_local_finish+0x44/0x44
355 [ 579.785179] [<ffffffff81704bfb>] nf_hook_slow+0x6d/0x102
356 [ 579.785179] [<ffffffff817ad1c0>] ? br_handle_local_finish+0x44/0x44
357 [ 579.785179] [<ffffffff81551525>] ? sky2_poll+0xb35/0xb54
358 [ 579.785179] [<ffffffff817ad62a>] br_handle_frame+0x213/0x229
359 [ 579.785179] [<ffffffff817ad417>] ? br_handle_frame_finish+0x257/0x257
360 [ 579.785179] [<ffffffff816e3b47>] __netif_receive_skb+0x2b4/0x3f1
361 [ 579.785179] [<ffffffff816e69fc>] process_backlog+0x99/0x1e2
362 [ 579.785179] [<ffffffff816e6800>] net_rx_action+0xdf/0x242
363 [ 579.785179] [<ffffffff8107e8a8>] __do_softirq+0xc1/0x1e0
364 [ 579.785179] [<ffffffff8135a5ba>] ? trace_hardirqs_off_thunk+0x3a/0x6c
365 [ 579.785179] [<ffffffff8188812c>] call_softirq+0x1c/0x30
366
367 The steps to reproduce as follow,
368
369 1. On Host1, setup brige br0(192.168.1.106)
370 2. Boot a kvm guest(192.168.1.105) on Host1 and start httpd
371 3. Start IPVS service on Host1
372 ipvsadm -A -t 192.168.1.106:80 -s rr
373 ipvsadm -a -t 192.168.1.106:80 -r 192.168.1.105:80 -m
374 4. Run apache benchmark on Host2(192.168.1.101)
375 ab -n 1000 http://192.168.1.106/
376
377 ip_vs_reply4
378 ip_vs_out
379 handle_response
380 ip_vs_notrack
381 nf_reset()
382 {
383 skb->nf_bridge = NULL;
384 }
385
386 Actually, IPVS wants in this case just to replace nfct
387 with untracked version. So replace the nf_reset(skb) call
388 in ip_vs_notrack() with a nf_conntrack_put(skb->nfct) call.
389
390 Signed-off-by: Lin Ming <mlin@ss.pku.edu.cn>
391 Signed-off-by: Julian Anastasov <ja@ssi.bg>
392 Signed-off-by: Simon Horman <horms@verge.net.au>
393 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
394
395 include/net/ip_vs.h | 2 +-
396 1 files changed, 1 insertions(+), 1 deletions(-)
397
398commit cf8728f8d5c9ef951c60bae6869ca37a1d47db71
399Author: Roland Dreier <roland@purestorage.com>
400Date: Mon Jul 16 17:10:17 2012 -0700
401
402 target: Fix range calculation in WRITE SAME emulation when num blocks == 0
403
404 When NUMBER OF LOGICAL BLOCKS is 0, WRITE SAME is supposed to write
405 all the blocks from the specified LBA through the end of the device.
406 However, dev->transport->get_blocks(dev) (perhaps confusingly) returns
407 the last valid LBA rather than the number of blocks, so the correct
408 number of blocks to write starting with lba is
409
410 dev->transport->get_blocks(dev) - lba + 1
411
412 (nab: Backport roland's for-3.6 patch to for-3.5)
413
414 Signed-off-by: Roland Dreier <roland@purestorage.com>
415 Cc: Cc: <stable@vger.kernel.org>
416 Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
417
418 drivers/target/target_core_cdb.c | 2 +-
419 1 files changed, 1 insertions(+), 1 deletions(-)
420
421commit fa2a541734ee5a0a5a4deede35ee2dd04a920869
422Author: Roland Dreier <roland@purestorage.com>
423Date: Mon Jul 16 15:17:10 2012 -0700
424
425 target: Clean up returning errors in PR handling code
426
427 - instead of (PTR_ERR(file) < 0) just use IS_ERR(file)
428 - return -EINVAL instead of EINVAL
429 - all other error returns in target_scsi3_emulate_pr_out() use
430 "goto out" -- get rid of the one remaining straight "return."
431
432 Signed-off-by: Roland Dreier <roland@purestorage.com>
433 Cc: <stable@vger.kernel.org>
434 Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
435
436 drivers/target/target_core_pr.c | 7 ++++---
437 1 files changed, 4 insertions(+), 3 deletions(-)
438
439commit 1fa25312a4feec20b61263cdd727072133e3ffaf
440Author: Mark Rustad <mark.d.rustad@intel.com>
441Date: Fri Jul 13 18:18:04 2012 -0700
442
443 tcm_fc: Fix crash seen with aborts and large reads
444
445 This patch fixes a crash seen when large reads have their exchange
446 aborted by either timing out or being reset. Because the exchange
447 abort results in the seq pointer being set to NULL, because the
448 sequence is no longer valid, it must not be dereferenced. This
449 patch changes the function ft_get_task_tag to return ~0 if it is
450 unable to get the tag for this reason. Because the get_task_tag
451 interface provides no means of returning an error, this seems
452 like the best way to fix this issue at the moment.
453
454 Signed-off-by: Mark Rustad <mark.d.rustad@intel.com>
455 Cc: <stable@vger.kernel.org>
456 Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
457
458 drivers/target/tcm_fc/tfc_cmd.c | 2 ++
459 1 files changed, 2 insertions(+), 0 deletions(-)
460
461commit c49651f69746a8f668b58a05287fc5af6de1461e
462Author: Sjur Brændeland <sjur.brandeland@stericsson.com>
463Date: Sun Jul 15 10:10:14 2012 +0000
464
465 caif: Fix access to freed pernet memory
466
467 unregister_netdevice_notifier() must be called before
468 unregister_pernet_subsys() to avoid accessing already freed
469 pernet memory. This fixes the following oops when doing rmmod:
470
471 Call Trace:
472 [<ffffffffa0f802bd>] caif_device_notify+0x4d/0x5a0 [caif]
473 [<ffffffff81552ba9>] unregister_netdevice_notifier+0xb9/0x100
474 [<ffffffffa0f86dcc>] caif_device_exit+0x1c/0x250 [caif]
475 [<ffffffff810e7734>] sys_delete_module+0x1a4/0x300
476 [<ffffffff810da82d>] ? trace_hardirqs_on_caller+0x15d/0x1e0
477 [<ffffffff813517de>] ? trace_hardirqs_on_thunk+0x3a/0x3
478 [<ffffffff81696bad>] system_call_fastpath+0x1a/0x1f
479
480 RIP
481 [<ffffffffa0f7f561>] caif_get+0x51/0xb0 [caif]
482
483 Signed-off-by: Sjur Brændeland <sjur.brandeland@stericsson.com>
484 Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
485 Signed-off-by: David S. Miller <davem@davemloft.net>
486
487 net/caif/caif_dev.c | 2 +-
488 1 files changed, 1 insertions(+), 1 deletions(-)
489
490commit fa30e8f354c9fe1bcd2fede64b716d2212658544
491Author: Narendra K <narendra_k@dell.com>
492Date: Mon Jul 16 15:24:41 2012 +0000
493
494 ixgbevf: Prevent RX/TX statistics getting reset to zero
495
496 The commit 4197aa7bb81877ebb06e4f2cc1b5fea2da23a7bd implements 64 bit
497 per ring statistics. But the driver resets the 'total_bytes' and
498 'total_packets' from RX and TX rings in the RX and TX interrupt
499 handlers to zero. This results in statistics being lost and user space
500 reporting RX and TX statistics as zero. This patch addresses the
501 issue by preventing the resetting of RX and TX ring statistics to
502 zero.
503
504 Signed-off-by: Narendra K <narendra_k@dell.com>
505 Tested-by: Sibai Li <sibai.li@intel.com>
506 Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
507 Signed-off-by: David S. Miller <davem@davemloft.net>
508
509 drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 12 ------------
510 1 files changed, 0 insertions(+), 12 deletions(-)
511
512commit 5c26ce9063882b577d5423f5c0ef656c96fb82e5
513Author: Neil Horman <nhorman@tuxdriver.com>
514Date: Mon Jul 16 09:13:51 2012 +0000
515
516 sctp: Fix list corruption resulting from freeing an association on a list
517
518 A few days ago Dave Jones reported this oops:
519
520 [22766.294255] general protection fault: 0000 [#1] PREEMPT SMP
521 [22766.295376] CPU 0
522 [22766.295384] Modules linked in:
523 [22766.387137] ffffffffa169f292 6b6b6b6b6b6b6b6b ffff880147c03a90
524 ffff880147c03a74
525 [22766.387135] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 00000000000
526 [22766.387136] Process trinity-watchdo (pid: 10896, threadinfo ffff88013e7d2000,
527 [22766.387137] Stack:
528 [22766.387140] ffff880147c03a10
529 [22766.387140] ffffffffa169f2b6
530 [22766.387140] ffff88013ed95728
531 [22766.387143] 0000000000000002
532 [22766.387143] 0000000000000000
533 [22766.387143] ffff880003fad062
534 [22766.387144] ffff88013c120000
535 [22766.387144]
536 [22766.387145] Call Trace:
537 [22766.387145] <IRQ>
538 [22766.387150] [<ffffffffa169f292>] ? __sctp_lookup_association+0x62/0xd0
539 [sctp]
540 [22766.387154] [<ffffffffa169f2b6>] __sctp_lookup_association+0x86/0xd0 [sctp]
541 [22766.387157] [<ffffffffa169f597>] sctp_rcv+0x207/0xbb0 [sctp]
542 [22766.387161] [<ffffffff810d4da8>] ? trace_hardirqs_off_caller+0x28/0xd0
543 [22766.387163] [<ffffffff815827e3>] ? nf_hook_slow+0x133/0x210
544 [22766.387166] [<ffffffff815902fc>] ? ip_local_deliver_finish+0x4c/0x4c0
545 [22766.387168] [<ffffffff8159043d>] ip_local_deliver_finish+0x18d/0x4c0
546 [22766.387169] [<ffffffff815902fc>] ? ip_local_deliver_finish+0x4c/0x4c0
547 [22766.387171] [<ffffffff81590a07>] ip_local_deliver+0x47/0x80
548 [22766.387172] [<ffffffff8158fd80>] ip_rcv_finish+0x150/0x680
549 [22766.387174] [<ffffffff81590c54>] ip_rcv+0x214/0x320
550 [22766.387176] [<ffffffff81558c07>] __netif_receive_skb+0x7b7/0x910
551 [22766.387178] [<ffffffff8155856c>] ? __netif_receive_skb+0x11c/0x910
552 [22766.387180] [<ffffffff810d423e>] ? put_lock_stats.isra.25+0xe/0x40
553 [22766.387182] [<ffffffff81558f83>] netif_receive_skb+0x23/0x1f0
554 [22766.387183] [<ffffffff815596a9>] ? dev_gro_receive+0x139/0x440
555 [22766.387185] [<ffffffff81559280>] napi_skb_finish+0x70/0xa0
556 [22766.387187] [<ffffffff81559cb5>] napi_gro_receive+0xf5/0x130
557 [22766.387218] [<ffffffffa01c4679>] e1000_receive_skb+0x59/0x70 [e1000e]
558 [22766.387242] [<ffffffffa01c5aab>] e1000_clean_rx_irq+0x28b/0x460 [e1000e]
559 [22766.387266] [<ffffffffa01c9c18>] e1000e_poll+0x78/0x430 [e1000e]
560 [22766.387268] [<ffffffff81559fea>] net_rx_action+0x1aa/0x3d0
561 [22766.387270] [<ffffffff810a495f>] ? account_system_vtime+0x10f/0x130
562 [22766.387273] [<ffffffff810734d0>] __do_softirq+0xe0/0x420
563 [22766.387275] [<ffffffff8169826c>] call_softirq+0x1c/0x30
564 [22766.387278] [<ffffffff8101db15>] do_softirq+0xd5/0x110
565 [22766.387279] [<ffffffff81073bc5>] irq_exit+0xd5/0xe0
566 [22766.387281] [<ffffffff81698b03>] do_IRQ+0x63/0xd0
567 [22766.387283] [<ffffffff8168ee2f>] common_interrupt+0x6f/0x6f
568 [22766.387283] <EOI>
569 [22766.387284]
570 [22766.387285] [<ffffffff8168eed9>] ? retint_swapgs+0x13/0x1b
571 [22766.387285] Code: c0 90 5d c3 66 0f 1f 44 00 00 4c 89 c8 5d c3 0f 1f 00 55 48
572 89 e5 48 83
573 ec 20 48 89 5d e8 4c 89 65 f0 4c 89 6d f8 66 66 66 66 90 <0f> b7 87 98 00 00 00
574 48 89 fb
575 49 89 f5 66 c1 c0 08 66 39 46 02
576 [22766.387307]
577 [22766.387307] RIP
578 [22766.387311] [<ffffffffa168a2c9>] sctp_assoc_is_match+0x19/0x90 [sctp]
579 [22766.387311] RSP <ffff880147c039b0>
580 [22766.387142] ffffffffa16ab120
581 [22766.599537] ---[ end trace 3f6dae82e37b17f5 ]---
582 [22766.601221] Kernel panic - not syncing: Fatal exception in interrupt
583
584 It appears from his analysis and some staring at the code that this is likely
585 occuring because an association is getting freed while still on the
586 sctp_assoc_hashtable. As a result, we get a gpf when traversing the hashtable
587 while a freed node corrupts part of the list.
588
589 Nominally I would think that an mibalanced refcount was responsible for this,
590 but I can't seem to find any obvious imbalance. What I did note however was
591 that the two places where we create an association using
592 sctp_primitive_ASSOCIATE (__sctp_connect and sctp_sendmsg), have failure paths
593 which free a newly created association after calling sctp_primitive_ASSOCIATE.
594 sctp_primitive_ASSOCIATE brings us into the sctp_sf_do_prm_asoc path, which
595 issues a SCTP_CMD_NEW_ASOC side effect, which in turn adds a new association to
596 the aforementioned hash table. the sctp command interpreter that process side
597 effects has not way to unwind previously processed commands, so freeing the
598 association from the __sctp_connect or sctp_sendmsg error path would lead to a
599 freed association remaining on this hash table.
600
601 I've fixed this but modifying sctp_[un]hash_established to use hlist_del_init,
602 which allows us to proerly use hlist_unhashed to check if the node is on a
603 hashlist safely during a delete. That in turn alows us to safely call
604 sctp_unhash_established in the __sctp_connect and sctp_sendmsg error paths
605 before freeing them, regardles of what the associations state is on the hash
606 list.
607
608 I noted, while I was doing this, that the __sctp_unhash_endpoint was using
609 hlist_unhsashed in a simmilar fashion, but never nullified any removed nodes
610 pointers to make that function work properly, so I fixed that up in a simmilar
611 fashion.
612
613 I attempted to test this using a virtual guest running the SCTP_RR test from
614 netperf in a loop while running the trinity fuzzer, both in a loop. I wasn't
615 able to recreate the problem prior to this fix, nor was I able to trigger the
616 failure after (neither of which I suppose is suprising). Given the trace above
617 however, I think its likely that this is what we hit.
618
619 Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
620 Reported-by: davej@redhat.com
621 CC: davej@redhat.com
622 CC: "David S. Miller" <davem@davemloft.net>
623 CC: Vlad Yasevich <vyasevich@gmail.com>
624 CC: Sridhar Samudrala <sri@us.ibm.com>
625 CC: linux-sctp@vger.kernel.org
626 Signed-off-by: David S. Miller <davem@davemloft.net>
627
628 net/sctp/input.c | 7 ++-----
629 net/sctp/socket.c | 12 ++++++++++--
630 2 files changed, 12 insertions(+), 7 deletions(-)
631
632commit 97355f3f950ced177820265a12ead41556a09019
633Author: Al Viro <viro@ZenIV.linux.org.uk>
634Date: Wed Jul 18 09:31:36 2012 +0100
635
636 ext4: fix duplicated mnt_drop_write call in EXT4_IOC_MOVE_EXT
637
638 Caused, AFAICS, by mismerge in commit ff9cb1c4eead ("Merge branch
639 'for_linus' into for_linus_merged")
640
641 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
642 Cc: Theodore Ts'o <tytso@mit.edu>
643 Cc: stable@vger.kernel.org # 3.3+
644 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
645
646 fs/ext4/ioctl.c | 1 -
647 1 files changed, 0 insertions(+), 1 deletions(-)
648
649commit a6f393313e5cf96303b0f64ebe7f0ba8537710dd
650Author: Aaditya Kumar <aaditya.kumar.30@gmail.com>
651Date: Tue Jul 17 15:48:07 2012 -0700
652
653 mm: fix lost kswapd wakeup in kswapd_stop()
654
655 Offlining memory may block forever, waiting for kswapd() to wake up
656 because kswapd() does not check the event kthread->should_stop before
657 sleeping.
658
659 The proper pattern, from Documentation/memory-barriers.txt, is:
660
661 --- waker ---
662 event_indicated = 1;
663 wake_up_process(event_daemon);
664
665 --- sleeper ---
666 for (;;) {
667 set_current_state(TASK_UNINTERRUPTIBLE);
668 if (event_indicated)
669 break;
670 schedule();
671 }
672
673 set_current_state() may be wrapped by:
674 prepare_to_wait();
675
676 In the kswapd() case, event_indicated is kthread->should_stop.
677
678 === offlining memory (waker) ===
679 kswapd_stop()
680 kthread_stop()
681 kthread->should_stop = 1
682 wake_up_process()
683 wait_for_completion()
684
685 === kswapd_try_to_sleep (sleeper) ===
686 kswapd_try_to_sleep()
687 prepare_to_wait()
688 .
689 .
690 schedule()
691 .
692 .
693 finish_wait()
694
695 The schedule() needs to be protected by a test of kthread->should_stop,
696 which is wrapped by kthread_should_stop().
697
698 Reproducer:
699 Do heavy file I/O in background.
700 Do a memory offline/online in a tight loop
701
702 Signed-off-by: Aaditya Kumar <aaditya.kumar@ap.sony.com>
703 Acked-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
704 Reviewed-by: Minchan Kim <minchan@kernel.org>
705 Acked-by: Mel Gorman <mel@csn.ul.ie>
706 Cc: <stable@vger.kernel.org>
707 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
708 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
709
710 mm/vmscan.c | 5 ++++-
711 1 files changed, 4 insertions(+), 1 deletions(-)
712
713commit b1960a662288c1fd52acce9ec96ddf048198dd2f
714Author: Ezequiel Garcia <elezegarcia@gmail.com>
715Date: Wed Jul 18 10:05:26 2012 -0300
716
717 cx25821: Remove bad strcpy to read-only char*
718
719 The strcpy was being used to set the name of the board. Since the
720 destination char* was read-only and the name is set statically at
721 compile time; this was both wrong and redundant.
722
723 The type of char* is changed to const char* to prevent future errors.
724
725 Reported-by: Radek Masin <radek@masin.eu>
726 Signed-off-by: Ezequiel Garcia <elezegarcia@gmail.com>
727 [ Taking directly due to vacations - Linus ]
728 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
729
730 drivers/media/video/cx25821/cx25821-core.c | 3 ---
731 drivers/media/video/cx25821/cx25821.h | 2 +-
732 2 files changed, 1 insertions(+), 4 deletions(-)
733
734commit e239c0a5e5e71e366e33d25efd3969e476ab2913
735Author: NeilBrown <neilb@suse.de>
736Date: Thu Jul 19 15:59:18 2012 +1000
737
738 md: avoid crash when stopping md array races with closing other open fds.
739
740 md will refuse to stop an array if any other fd (or mounted fs) is
741 using it.
742 When any fs is unmounted of when the last open fd is closed all
743 pending IO will be flushed (e.g. sync_blockdev call in __blkdev_put)
744 so there will be no pending IO to worry about when the array is
745 stopped.
746
747 However in order to send the STOP_ARRAY ioctl to stop the array one
748 must first get and open fd on the block device.
749 If some fd is being used to write to the block device and it is closed
750 after mdadm open the block device, but before mdadm issues the
751 STOP_ARRAY ioctl, then there will be no last-close on the md device so
752 __blkdev_put will not call sync_blockdev.
753
754 If this happens, then IO can still be in-flight while md tears down
755 the array and bad things can happen (use-after-free and subsequent
756 havoc).
757
758 So in the case where do_md_stop is being called from an open file
759 descriptor, call sync_block after taking the mutex to ensure there
760 will be no new openers.
761
762 This is needed when setting a read-write device to read-only too.
763
764 Cc: stable@vger.kernel.org
765 Reported-by: majianpeng <majianpeng@gmail.com>
766 Signed-off-by: NeilBrown <neilb@suse.de>
767
768 drivers/md/md.c | 36 +++++++++++++++++++++++-------------
769 1 files changed, 23 insertions(+), 13 deletions(-)
770
771commit 12ddfed115b71e959b10eb7ef36e488986fc36cc
772Author: Paul Moore <pmoore@redhat.com>
773Date: Tue Jul 17 11:07:47 2012 +0000
774
775 cipso: don't follow a NULL pointer when setsockopt() is called
776
777 As reported by Alan Cox, and verified by Lin Ming, when a user
778 attempts to add a CIPSO option to a socket using the CIPSO_V4_TAG_LOCAL
779 tag the kernel dies a terrible death when it attempts to follow a NULL
780 pointer (the skb argument to cipso_v4_validate() is NULL when called via
781 the setsockopt() syscall).
782
783 This patch fixes this by first checking to ensure that the skb is
784 non-NULL before using it to find the incoming network interface. In
785 the unlikely case where the skb is NULL and the user attempts to add
786 a CIPSO option with the _TAG_LOCAL tag we return an error as this is
787 not something we want to allow.
788
789 A simple reproducer, kindly supplied by Lin Ming, although you must
790 have the CIPSO DOI #3 configure on the system first or you will be
791 caught early in cipso_v4_validate():
792
793 #include <sys/types.h>
794 #include <sys/socket.h>
795 #include <linux/ip.h>
796 #include <linux/in.h>
797 #include <string.h>
798
799 struct local_tag {
800 char type;
801 char length;
802 char info[4];
803 };
804
805 struct cipso {
806 char type;
807 char length;
808 char doi[4];
809 struct local_tag local;
810 };
811
812 int main(int argc, char **argv)
813 {
814 int sockfd;
815 struct cipso cipso = {
816 .type = IPOPT_CIPSO,
817 .length = sizeof(struct cipso),
818 .local = {
819 .type = 128,
820 .length = sizeof(struct local_tag),
821 },
822 };
823
824 memset(cipso.doi, 0, 4);
825 cipso.doi[3] = 3;
826
827 sockfd = socket(AF_INET, SOCK_DGRAM, 0);
828 #define SOL_IP 0
829 setsockopt(sockfd, SOL_IP, IP_OPTIONS,
830 &cipso, sizeof(struct cipso));
831
832 return 0;
833 }
834
835 CC: Lin Ming <mlin@ss.pku.edu.cn>
836 Reported-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
837 Signed-off-by: Paul Moore <pmoore@redhat.com>
838 Signed-off-by: David S. Miller <davem@davemloft.net>
839
840 net/ipv4/cipso_ipv4.c | 6 ++++--
841 1 files changed, 4 insertions(+), 2 deletions(-)
842
843commit 99bbccf243fbab120a8630e3b4ea011220951e24
844Merge: 73c146e 79e5994
845Author: Brad Spengler <spender@grsecurity.net>
846Date: Fri Jul 20 11:56:12 2012 -0400
847
848 Merge branch 'pax-test' into grsec-test
849
850commit 79e59943ec22dc9abe7cf7df8f4fca77041f1a36
851Merge: 432259e 1c8f63c
852Author: Brad Spengler <spender@grsecurity.net>
853Date: Fri Jul 20 11:55:59 2012 -0400
854
855 Merge branch 'linux-3.4.y' into pax-test
856
857 Conflicts:
858 fs/fifo.c
859
2d54cc08
PK		 860commit 73c146e6d7aacfd0507622b9a58c9c47cf4ff30e
861Author: Brad Spengler <spender@grsecurity.net>
862Date: Tue Jul 17 16:21:01 2012 -0400
863
864 Fix mangled backport introduced during recent merge of upstream backports for mm/madvise.c
865 Thanks to Kamil Kaczkowski for the report
866
867 mm/madvise.c | 1 -
868 1 files changed, 0 insertions(+), 1 deletions(-)
869
b3fcb643
PK		 870commit 49f436025fd5aa8447a86d013b30e7f8ad952c1b
871Author: Jeff Moyer <jmoyer@redhat.com>
872Date: Thu Jul 12 09:43:14 2012 -0400
873
874 block: fix infinite loop in __getblk_slow
875
876 Commit 080399aaaf35 ("block: don't mark buffers beyond end of disk as
877 mapped") exposed a bug in __getblk_slow that causes mount to hang as it
878 loops infinitely waiting for a buffer that lies beyond the end of the
879 disk to become uptodate.
880
881 The problem was initially reported by Torsten Hilbrich here:
882
883 https://lkml.org/lkml/2012/6/18/54
884
885 and also reported independently here:
886
887 http://www.sysresccd.org/forums/viewtopic.php?f=13&t=4511
888
889 and then Richard W.M. Jones and Marcos Mello noted a few separate
890 bugzillas also associated with the same issue. This patch has been
891 confirmed to fix:
892
893 https://bugzilla.redhat.com/show_bug.cgi?id=835019
894
895 The main problem is here, in __getblk_slow:
896
897 for (;;) {
898 struct buffer_head * bh;
899 int ret;
900
901 bh = __find_get_block(bdev, block, size);
902 if (bh)
903 return bh;
904
905 ret = grow_buffers(bdev, block, size);
906 if (ret < 0)
907 return NULL;
908 if (ret == 0)
909 free_more_memory();
910 }
911
912 __find_get_block does not find the block, since it will not be marked as
913 mapped, and so grow_buffers is called to fill in the buffers for the
914 associated page. I believe the for (;;) loop is there primarily to
915 retry in the case of memory pressure keeping grow_buffers from
916 succeeding. However, we also continue to loop for other cases, like the
917 block lying beond the end of the disk. So, the fix I came up with is to
918 only loop when grow_buffers fails due to memory allocation issues
919 (return value of 0).
920
921 The attached patch was tested by myself, Torsten, and Rich, and was
922 found to resolve the problem in call cases.
923
924 Signed-off-by: Jeff Moyer <jmoyer@redhat.com>
925 Reported-and-Tested-by: Torsten Hilbrich <torsten.hilbrich@secunet.com>
926 Tested-by: Richard W.M. Jones <rjones@redhat.com>
927 Reviewed-by: Josh Boyer <jwboyer@redhat.com>
928 Cc: Stable <stable@vger.kernel.org> # 3.0+
929 [ Jens is on vacation, taking this directly - Linus ]
930 --
931 Stable Notes: this patch requires backport to 3.0, 3.2 and 3.3.
932 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
933
934 fs/buffer.c | 22 +++++++++++++---------
935 1 files changed, 13 insertions(+), 9 deletions(-)
936
937commit 1f10668cc85a886c753dc3f15def0ff2f6c03322
938Author: Dave Jones <davej@redhat.com>
939Date: Fri Jul 13 13:35:36 2012 -0400
940
941 Remove easily user-triggerable BUG from generic_setlease
942
943 This can be trivially triggered from userspace by passing in something unexpected.
944
945 kernel BUG at fs/locks.c:1468!
946 invalid opcode: 0000 [#1] SMP
947 RIP: 0010:generic_setlease+0xc2/0x100
948 Call Trace:
949 __vfs_setlease+0x35/0x40
950 fcntl_setlease+0x76/0x150
951 sys_fcntl+0x1c6/0x810
952 system_call_fastpath+0x1a/0x1f
953
954 Signed-off-by: Dave Jones <davej@redhat.com>
955 Cc: stable@kernel.org # 3.2+
956 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
957
958 fs/locks.c | 2 +-
959 1 files changed, 1 insertions(+), 1 deletions(-)
960
961commit 18b4f8fc8fd9815d418ebb7a9ec44bbe6fe905e1
962Author: Salman Qazi <sqazi@google.com>
963Date: Mon Jun 25 18:18:15 2012 -0700
964
965 sched: Fix fork() error path to not crash
966
967 In dup_task_struct(), if arch_dup_task_struct() fails, the clean up
968 code fails to clean up correctly. That's because the clean up
969 code depends on unininitalized ti->task pointer. We fix this
970 by making sure that the task and thread_info know about each other
971 before we attempt to take the error path.
972
973 Signed-off-by: Salman Qazi <sqazi@google.com>
974 Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
975 Link: http://lkml.kernel.org/r/20120626011815.11323.5533.stgit@dungbeetle.mtv.corp.google.com
976 Signed-off-by: Ingo Molnar <mingo@kernel.org>
977
978 kernel/fork.c | 11 ++++++++---
979 1 files changed, 8 insertions(+), 3 deletions(-)
980
981commit a4fc0f03818fe1ed37ea4af365bd42bf8489c460
982Merge: b2f27d3 432259e
983Author: Brad Spengler <spender@grsecurity.net>
984Date: Mon Jul 16 17:12:21 2012 -0400
985
986 Merge branch 'pax-test' into grsec-test
987
988 Conflicts:
989 arch/x86/include/asm/pgtable-3level.h
990 drivers/net/macvtap.c
991 include/asm-generic/pgtable.h
992 mm/madvise.c
993
994commit 432259e6e74a2018b051b92b94ed503f14f89f00
995Merge: ca21de7 763c71b
996Author: Brad Spengler <spender@grsecurity.net>
997Date: Mon Jul 16 17:08:36 2012 -0400
998
999 Merge branch 'linux-3.4.y' into pax-test
1000
2cc88922
PK		 1001commit b2f27d37c5c3c9608af4e945f3b54d18236dda64
1002Author: Brad Spengler <spender@grsecurity.net>
1003Date: Thu Jul 12 21:53:37 2012 -0400
1004
1005 Force STOP_MACHINE on if grsecurity is enabled
1006
1007 init/Kconfig | 2 +-
1008 security/Kconfig | 1 +
1009 2 files changed, 2 insertions(+), 1 deletions(-)
1010
1011commit d89c6fd34b17e760c1f3218994aa7fab14cafbfe
1012Author: Brad Spengler <spender@grsecurity.net>
1013Date: Thu Jul 12 21:14:51 2012 -0400
1014
1015 Fix possible race on RBAC disable by ensuring all other
1016 CPUs are forced out of the kernel -- this is preferable to
1017 other locking methods that would impact performance of common paths
1018 for what should be a very infrequent operation that doesn't
1019 need to be fast
1020 Thanks to Mark Moseley for reporting and testing
1021
1022 grsecurity/gracl.c | 33 +++++++++++++++++----------------
1023 1 files changed, 17 insertions(+), 16 deletions(-)
1024
1025commit 05eed9f83c245d4d223b24d93215fa590180b949
1026Author: Brad Spengler <spender@grsecurity.net>
1027Date: Thu Jul 12 20:46:54 2012 -0400
1028
1029 Fix RBAC enable / special role exit race with fork
1030 Thanks to Mark Moseley for reporting and testing
1031
1032 race looked like:
1033 > cpu 1 cpu 2
1034 > fork begins
1035 > fork calls dup_task_struct
1036 > RBAC sets ->acl on all procs in tasklist
1037 > fork completes, adds to tasklist
1038 > RBAC sets enabled flag
1039 > process exists with RBAC enabled
1040 > and NULL ->acl
1041
1042 grsecurity/gracl.c | 11 +++++------
1043 kernel/fork.c | 5 +++--
1044 2 files changed, 8 insertions(+), 8 deletions(-)
1045
ad0f5e64
PK		 1046commit 16bebf10a5bd1f56669ceeadd8276fb2fd555935
1047Author: Brad Spengler <spender@grsecurity.net>
1048Date: Sat Jul 7 20:30:28 2012 -0400
1049
1050 Backport security fix:
1051 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb
1052
1053 author Andy Lutomirski <luto@amacapital.net>
1054 Thu, 5 Jul 2012 23:00:11 +0000 (16:00 -0700)
1055 committer Linus Torvalds <torvalds@linux-foundation.org>
1056 Fri, 6 Jul 2012 17:34:38 +0000 (10:34 -0700)
1057 Otherwise the code races with munmap (causing a use-after-free
1058 of the vma) or with close (causing a use-after-free of the struct
1059 file).
1060
1061 The bug was introduced by commit 90ed52ebe481 ("[PATCH] holepunch: fix
1062 mmap_sem i_mutex deadlock")
1063
1064 Cc: Hugh Dickins <hugh@veritas.com>
1065 Cc: Miklos Szeredi <mszeredi@suse.cz>
1066 Cc: Badari Pulavarty <pbadari@us.ibm.com>
1067 Cc: Nick Piggin <npiggin@suse.de>
1068 Cc: stable@vger.kernel.org
1069 Signed-off-by: Andy Lutomirski <luto@amacapital.net>
1070 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1071
1072 Conflicts:
1073
1074 mm/madvise.c
1075
1076 mm/madvise.c | 19 ++++++++++++++-----
1077 1 files changed, 14 insertions(+), 5 deletions(-)
1078
9d3ccf41
PK		 1079commit 52c32ad32bc64e861526c959c4d3aae2dac0d7ac
1080Author: Brad Spengler <spender@grsecurity.net>
1081Date: Sat Jul 7 15:24:59 2012 -0400
1082
1083 Fix compilation failure when !GRKERNSEC
1084
1085 security/Kconfig | 38 +++++++++++++++++++-------------------
1086 1 files changed, 19 insertions(+), 19 deletions(-)
1087
dfd4ecac
PK		 1088commit 2f0d56b1c24a188e0f29aaf9f20547cc7c211749
1089Author: Brad Spengler <spender@grsecurity.net>
1090Date: Mon Jul 2 18:36:51 2012 -0400
1091
1092 Introduce kernel-enforced SymlinksIfOwnerMatch feature
1093 (Highly desirable feature for webhosting companies)
1094
1095 fs/namei.c | 14 +++++++++++++-
1096 grsecurity/Kconfig | 27 ++++++++++++++++++++++++++-
1097 grsecurity/grsec_init.c | 6 ++++++
1098 grsecurity/grsec_link.c | 16 ++++++++++++++++
1099 grsecurity/grsec_sysctl.c | 16 ++++++++++++++++
1100 include/linux/grinternal.h | 2 ++
1101 include/linux/grmsg.h | 1 +
1102 include/linux/grsecurity.h | 1 +
1103 security/Kconfig | 11 +++++++++++
1104 9 files changed, 92 insertions(+), 2 deletions(-)
1105
1106commit 0f9c29f46e114c46ce8dcafe8aa301c4d7deaa05
1107Author: Brad Spengler <spender@grsecurity.net>
1108Date: Sun Jul 1 19:58:41 2012 -0400
1109
1110 Add missing read lock in recent filldir code
1111
1112 grsecurity/gracl.c | 6 +++++-
1113 1 files changed, 5 insertions(+), 1 deletions(-)
1114
1115commit 2e9351f4eaadf070e1e0cf5523bf7eea2c24b066
1116Merge: 47b9c09 ca21de7
1117Author: Brad Spengler <spender@grsecurity.net>
1118Date: Sun Jul 1 20:03:27 2012 -0400
1119
1120 Merge branch 'pax-test' into grsec-test
1121
1122commit ca21de7d1018997346eb06667126291bbf5582d1
1123Author: Brad Spengler <spender@grsecurity.net>
1124Date: Sun Jul 1 19:50:14 2012 -0400
1125
1126 Update to pax-linux-3.4.4-test18.patch
1127
1128 moved some ifdef's around to fix compiler warnings in the ELF loader hunks,
1129 thanks to Thiébaud Weksteen for raising the problem and providing the initial
1130 patch.
1131
1132 fs/binfmt_elf.c | 164 +++++++++++++++++++++++++++----------------------------
1133 1 files changed, 81 insertions(+), 83 deletions(-)
1134
8e625769
PK		 1135commit 47b9c09fe205559fb7a7a1ec7be4d56f0999928c
1136Author: Brad Spengler <spender@grsecurity.net>
1137Date: Mon Jun 25 17:10:14 2012 -0400
1138
1139 Introduce new configuration system
1140 make the strict copy checks depend on !PAX_SIZE_OVERFLOW
1141
1142 arch/x86/Kconfig.debug | 2 +-
1143 grsecurity/Kconfig | 252 +++++++++---------------------------------------
1144 security/Kconfig | 215 ++++++++++++++++++++++++++++++++++++++++-
1145 3 files changed, 257 insertions(+), 212 deletions(-)
1146
c2c87ce0
PK		 1147commit beb73d410e9456bca0a668d98d9ef2064f7a5b67
1148Merge: 5e156f5 bcf98a5
1149Author: Brad Spengler <spender@grsecurity.net>
1150Date: Sat Jun 23 10:29:50 2012 -0400
1151
1152 Merge branch 'pax-test' into grsec-test
1153
1154commit bcf98a545e8383659122e74dffaa13b61b60ab70
1155Merge: 2fa1656 ff74ae5
1156Author: Brad Spengler <spender@grsecurity.net>
1157Date: Sat Jun 23 10:28:41 2012 -0400
1158
1159 Merge branch 'linux-3.4.y' into pax-test
1160
412fce5a
PK		 1161commit 5e156f5344ec5d68a236a170debe117988fd8cf4
1162Merge: d2fe646 2fa1656
1163Author: Brad Spengler <spender@grsecurity.net>
1164Date: Fri Jun 22 18:40:59 2012 -0400
1165
1166 Merge branch 'pax-test' into grsec-test
1167
1168commit 2fa1656a750d794e8ee009e629b82a58f35b8287
1169Author: Brad Spengler <spender@grsecurity.net>
1170Date: Fri Jun 22 18:40:42 2012 -0400
1171
1172 Update to pax-linux-3.4.3-test17.patch
1173
1174 scripts/gcc-plugin.sh | 6 +++---
1175 tools/gcc/size_overflow_plugin.c | 2 ++
1176 2 files changed, 5 insertions(+), 3 deletions(-)
1177
dcd056f6
PK		 1178commit d2fe6469f4abb9fedc3e12105537327eee1fcabb
1179Merge: a37a708 dc69f03
1180Author: Brad Spengler <spender@grsecurity.net>
1181Date: Wed Jun 20 18:02:07 2012 -0400
1182
1183 Merge branch 'pax-test' into grsec-test
1184
1185commit dc69f038525a50ec51afb148043f8f157fe5deae
1186Author: Brad Spengler <spender@grsecurity.net>
1187Date: Wed Jun 20 18:01:53 2012 -0400
1188
1189 Update to pax-linux-3.4.3-test16.patch
1190
1191 Makefile | 2 +-
1192 1 files changed, 1 insertions(+), 1 deletions(-)
1193
1194commit a37a7084ebf08e082bfd1c3f742f0193ec95f584
1195Author: Brad Spengler <spender@grsecurity.net>
1196Date: Wed Jun 20 17:55:07 2012 -0400
1197
1198 revert sort change
1199
1200 tools/gcc/generate_size_overflow_hash.sh | 2 +-
1201 1 files changed, 1 insertions(+), 1 deletions(-)
1202
82e63073
PK		 1203commit f8be9961ae75583b60ecdba9ddde0f3ef8c97d31
1204Author: Brad Spengler <spender@grsecurity.net>
1205Date: Tue Jun 19 21:56:18 2012 -0400
1206
1207 change sort of overflow table
1208
1209 tools/gcc/generate_size_overflow_hash.sh | 2 +-
1210 1 files changed, 1 insertions(+), 1 deletions(-)
1211
1212commit ae562ecce55559db31cc15060b343f65dd5e1a70
1213Author: Brad Spengler <spender@grsecurity.net>
1214Date: Tue Jun 19 20:51:41 2012 -0400
1215
1216 Add grsecurity allocators to size_overflow plugin
1217
1218 tools/gcc/size_overflow_hash.data | 3 +++
1219 1 files changed, 3 insertions(+), 0 deletions(-)
1220
1221commit 2212fe760ef45b7ca3b3ee6e4de4404cb0c05ad7
1222Merge: f641a7e d17adff
1223Author: Brad Spengler <spender@grsecurity.net>
1224Date: Tue Jun 19 20:07:30 2012 -0400
1225
1226 Merge branch 'pax-test' into grsec-test
1227
1228commit d17adff014544488ad37ea7458242911e4da3658
1229Author: Brad Spengler <spender@grsecurity.net>
1230Date: Tue Jun 19 20:07:09 2012 -0400
1231
1232 Add new files from pax-linux-3.4.3-test15.patch
1233
1234 tools/gcc/generate_size_overflow_hash.sh | 94 ++
1235 tools/gcc/size_overflow_hash.data | 2483 ++++++++++++++++++++++++++++++
1236 2 files changed, 2577 insertions(+), 0 deletions(-)
1237
1238commit 98cc0feb455ba32fb2d543e9310c41c023c5b6bc
1239Author: Brad Spengler <spender@grsecurity.net>
1240Date: Tue Jun 19 20:06:36 2012 -0400
1241
1242 Update to pax-linux-3.4.3-test15.patch
1243
1244 Documentation/dontdiff | 1 +
1245 arch/x86/tools/relocs.c | 4 +-
1246 tools/gcc/Makefile | 10 +
1247 tools/gcc/size_overflow_hash.h |17290 --------------------------------------
1248 tools/gcc/size_overflow_plugin.c | 15 +-
1249 5 files changed, 20 insertions(+), 17300 deletions(-)
1250
811b06e3
PK		 1251commit f641a7e5f15df0827343698a120a9e7b3d27441f
1252Merge: e40b896 60f9a98
1253Author: Brad Spengler <spender@grsecurity.net>
1254Date: Mon Jun 18 20:09:29 2012 -0400
1255
1256 Merge branch 'pax-test' into grsec-test
1257
1258commit 60f9a988efec39eabb69231ef5846cdf92020c5e
1259Author: Brad Spengler <spender@grsecurity.net>
1260Date: Mon Jun 18 20:09:15 2012 -0400
1261
1262 Update to pax-linux-3.4.3-test14.patch
1263
1264 drivers/net/wireless/rt2x00/rt2x00.h | 2 +-
1265 drivers/net/wireless/rt2x00/rt2x00queue.c | 4 ++--
1266 2 files changed, 3 insertions(+), 3 deletions(-)
1267
1268commit 2322a1a95b17f3299244c567a9442b10516ba20d
1269Author: Brad Spengler <spender@grsecurity.net>
1270Date: Mon Jun 18 20:07:33 2012 -0400
1271
1272 Update to pax-linux-3.4.2-test14.patch
1273
1274 arch/parisc/include/asm/uaccess.h | 4 ++--
1275 arch/s390/include/asm/uaccess.h | 4 ++--
1276 arch/tile/include/asm/uaccess.h | 4 ++--
1277 arch/x86/include/asm/uaccess_32.h | 8 ++++----
1278 arch/x86/include/asm/uaccess_64.h | 8 ++++----
1279 tools/gcc/size_overflow_plugin.c | 2 +-
1280 6 files changed, 15 insertions(+), 15 deletions(-)
1281
8a60f200
PK		 1282commit e40b896abcc8e0c5e373fd8cd7ba4bb924ac9097
1283Merge: 3a471d9 1b59177
1284Author: Brad Spengler <spender@grsecurity.net>
1285Date: Sun Jun 17 18:17:18 2012 -0400
1286
1287 Merge branch 'pax-test' into grsec-test
1288
1289commit 1b59177de797491f1a6a2a5830ed965091039a08
1290Author: Brad Spengler <spender@grsecurity.net>
1291Date: Sun Jun 17 18:17:01 2012 -0400
1292
1293 Update to pax-linux-3.4.2-test13.patch
1294
1295 tools/gcc/size_overflow_plugin.c | 79 ++++++++++++++------------------------
1296 1 files changed, 29 insertions(+), 50 deletions(-)
1297
1298commit 3a471d988191ea83a0c9614ae4529efdf71b551f
1299Merge: ec7bcbb ce3962c
1300Author: Brad Spengler <spender@grsecurity.net>
1301Date: Sun Jun 17 17:08:34 2012 -0400
1302
1303 Merge branch 'pax-test' into grsec-test
1304
1305commit ce3962cc142cf806da83a9df56219c5e31da7b41
1306Merge: 36b71bc a694d36
1307Author: Brad Spengler <spender@grsecurity.net>
1308Date: Sun Jun 17 17:08:26 2012 -0400
1309
1310 Merge branch 'linux-3.4.y' into pax-test
1311
81a76c15
PK		 1312commit ec7bcbb3c44f65b7a0202861133ee624757150d0
1313Author: Brad Spengler <spender@grsecurity.net>
1314Date: Sat Jun 16 08:30:43 2012 -0400
1315
1316 remove unnecessary checks, false positives generated by overflow plugin
1317
1318 mm/migrate.c | 4 ++--
1319 security/keys/keyring.c | 2 +-
1320 2 files changed, 3 insertions(+), 3 deletions(-)
1321
1322commit b1dd06d72cdbc971761fe2429c6d041b23fcf9cf
1323Author: Brad Spengler <spender@grsecurity.net>
1324Date: Fri Jun 15 19:18:29 2012 -0400
1325
1326 Fix latency spikes:
1327 http://www.mail-archive.com/e1000-devel@lists.sourceforge.net/msg05591.html
1328
1329 drivers/net/ethernet/intel/e1000e/e1000.h | 2 +-
1330 1 files changed, 1 insertions(+), 1 deletions(-)
1331
1332commit 936e60a29d607325513a157de4093709acd8c6b7
1333Merge: 6789a07 36b71bc
1334Author: Brad Spengler <spender@grsecurity.net>
1335Date: Thu Jun 14 21:10:59 2012 -0400
1336
1337 Merge branch 'pax-test' into grsec-test
1338
1339 Conflicts:
1340 Makefile
1341 tools/gcc/Makefile
1342
1343commit 36b71bcb365d56d124cce340ae310372071af47f
1344Author: Brad Spengler <spender@grsecurity.net>
1345Date: Thu Jun 14 21:07:19 2012 -0400
1346
1347 Update to pax-linux-3.4.2-test12.patch
1348
1349 Makefile | 5 +-
1350 arch/x86/include/asm/uaccess_64.h | 24 +-
1351 arch/x86/lib/usercopy_64.c | 12 +
1352 scripts/Makefile.build | 2 +-
1353 scripts/Makefile.host | 26 +-
1354 scripts/gcc-plugin.sh | 17 +-
1355 tools/gcc/Makefile | 23 +-
1356 tools/gcc/colorize_plugin.c | 1 +
1357 tools/gcc/size_overflow_hash.h | 4701 +++++++++++++++++++------------------
1358 tools/gcc/size_overflow_plugin.c | 5 +-
1359 10 files changed, 2447 insertions(+), 2369 deletions(-)
1360
1361commit 6789a071369c01337d6c2469e4d5382650ffcc5b
1362Author: Brad Spengler <spender@grsecurity.net>
1363Date: Wed Jun 13 22:42:48 2012 -0400
1364
1365 eliminate gcc warnings
1366
1367 mm/migrate.c | 4 ++--
1368 security/keys/keyring.c | 2 +-
1369 2 files changed, 3 insertions(+), 3 deletions(-)
1370
1371commit cb49bc0035f863f6a8f38f232eadba7ebd7da137
1372Merge: 4544a66 8e9e791
1373Author: Brad Spengler <spender@grsecurity.net>
1374Date: Wed Jun 13 21:49:52 2012 -0400
1375
1376 Merge branch 'pax-test' into grsec-test
1377
1378commit 8e9e791377bcd24ebd97b0a748ea08e6d34f18ca
1379Author: Brad Spengler <spender@grsecurity.net>
1380Date: Wed Jun 13 21:15:12 2012 -0400
1381
1382 Update to pax-linux-3.4.2-test11.patch
1383
1384 arch/x86/include/asm/elf.h | 4 ++--
1385 kernel/jump_label.c | 1 +
1386 2 files changed, 3 insertions(+), 2 deletions(-)
1387
83f3b3d5
PK		 1388commit 4544a66bac90e337d31c7a2d96653abfc14e3fc4
1389Merge: ce03676 49f6484
1390Author: Brad Spengler <spender@grsecurity.net>
1391Date: Tue Jun 12 21:38:35 2012 -0400
1392
1393 Merge branch 'pax-test' into grsec-test
1394
1395commit 49f6484ac317388cc8e705f06f10567110ef6468
1396Author: Brad Spengler <spender@grsecurity.net>
1397Date: Tue Jun 12 21:38:09 2012 -0400
1398
1399 Update to pax-linux-3.4.2-test10.patch
1400
1401 Documentation/dontdiff | 1 +
1402 arch/arm/include/asm/atomic.h | 24 +-
1403 arch/arm/plat-orion/include/plat/addr-map.h | 2 +-
1404 fs/exec.c | 7 +-
1405 tools/gcc/size_overflow_hash.h |19893 ++++++++++++++++-----------
1406 tools/gcc/size_overflow_plugin.c | 191 +-
1407 6 files changed, 12153 insertions(+), 7965 deletions(-)
1408
9e29c26c
PK		 1409commit ce03676ffe1185a3406a76d39b3d71356bc16a39
1410Merge: 98a4b83 48738bf
1411Author: Brad Spengler <spender@grsecurity.net>
1412Date: Mon Jun 11 17:49:22 2012 -0400
1413
1414 Merge branch 'pax-test' into grsec-test
1415
1416commit 48738bfe9809defb696d82b85d75641eb9d14824
1417Author: Brad Spengler <spender@grsecurity.net>
1418Date: Mon Jun 11 17:49:05 2012 -0400
1419
1420 Update to pax-linux-3.4.2-test8.patch
1421
1422 mm/mempolicy.c | 2 +-
1423 1 files changed, 1 insertions(+), 1 deletions(-)
1424
1425commit 0568c5f972e295c7c83c4c48805c13957d799169
1426Merge: bf822e2 1f5547c
1427Author: Brad Spengler <spender@grsecurity.net>
1428Date: Mon Jun 11 17:47:45 2012 -0400
1429
1430 Merge branch 'linux-3.4.y' into pax-test
1431
1432 Conflicts:
1433 kernel/fork.c
1434
1435commit 98a4b834b1d034c1f37ef979635da588dc1c8475
1436Author: Brad Spengler <spender@grsecurity.net>
1437Date: Mon Jun 11 17:23:28 2012 -0400
1438
1439 make filename const
1440
1441 include/trace/events/fs.h | 2 +-
1442 1 files changed, 1 insertions(+), 1 deletions(-)
1443
1444commit 42c6cfb1fbbb4b04e541bae0d8360892cf03d3d1
1445Author: Brad Spengler <spender@grsecurity.net>
1446Date: Sat Jun 9 15:58:21 2012 -0400
1447
1448 Add (a correct) Ubuntu ureadahead patch
1449
1450 Conflicts:
1451
1452 fs/open.c
1453
1454 fs/exec.c | 4 +++
1455 fs/open.c | 3 ++
1456 include/trace/events/fs.h | 53 +++++++++++++++++++++++++++++++++++++++++++++
1457 3 files changed, 60 insertions(+), 0 deletions(-)
1458
d91cac3f
PK		 1459commit a906e5f96e8ed36a901ea1f16e88bec12971bd43
1460Merge: 3701524b bf822e2
ca13cdab 1461Author: Brad Spengler <spender@grsecurity.net>
d91cac3f 1462Date: Sat Jun 9 14:55:37 2012 -0400
ca13cdab 1463
35f99e7e
PK		 1464 Merge branch 'pax-test' into grsec-test
1465
1466 Conflicts:
d91cac3f
PK		 1467 kernel/module.c
1468
1469commit bf822e20ef05d40ba37cdd95d78a2c94f42b7da8
1470Author: Brad Spengler <spender@grsecurity.net>
1471Date: Sat Jun 9 14:54:24 2012 -0400
1472
1473 revert LTO
1474
1475 Makefile | 19 +---
1476 arch/x86/Makefile | 5 -
1477 arch/x86/crypto/Makefile | 40 ++-----
1478 arch/x86/ia32/Makefile | 7 +-
1479 arch/x86/include/asm/arch_hweight.h | 6 +-
1480 arch/x86/include/asm/mutex_32.h | 10 +-
1481 arch/x86/include/asm/mutex_64.h | 10 +-
1482 arch/x86/include/asm/rwsem.h | 30 ++----
1483 arch/x86/include/asm/switch_to.h | 6 +-
1484 arch/x86/include/asm/syscall.h | 3 +-
1485 arch/x86/include/asm/thread_info.h | 8 --
1486 arch/x86/include/asm/unistd.h | 4 -
1487 arch/x86/include/asm/vdso.h | 10 --
1488 arch/x86/kernel/Makefile | 25 +----
1489 arch/x86/kernel/acpi/Makefile | 8 +-
1490 arch/x86/kernel/dumpstack_32.c | 2 +-
1491 arch/x86/kernel/dumpstack_64.c | 2 +-
1492 arch/x86/kernel/kprobes-common.h | 102 +++++++++---------
1493 arch/x86/kernel/kprobes.c | 24 ++--
1494 arch/x86/kernel/rtc.c | 2 +-
1495 arch/x86/kernel/tsc.c | 2 +-
1496 arch/x86/kernel/vmlinux.lds.S | 2 +-
1497 arch/x86/kvm/vmx.c | 9 +-
1498 arch/x86/lib/Makefile | 8 +-
1499 arch/x86/net/Makefile | 7 +-
1500 arch/x86/platform/efi/Makefile | 8 +-
1501 arch/x86/power/Makefile | 7 +-
1502 arch/x86/vdso/Makefile | 29 +-----
1503 fs/exec.c | 6 +-
1504 include/linux/export.h | 2 +-
1505 include/linux/ftrace.h | 2 +-
1506 include/linux/syscalls.h | 4 +-
1507 init/Kconfig | 17 ---
1508 init/calibrate.c | 2 +-
1509 kernel/module.c | 8 +-
1510 kernel/mutex.c | 8 +-
1511 lib/gen_crc32table.c | 6 +-
1512 scripts/Makefile.build | 2 +-
1513 scripts/Makefile.host | 25 +----
1514 scripts/mod/modpost.c | 5 -
1515 tools/gcc/Makefile | 6 +-
1516 tools/gcc/lto_plugin.c | 210 -----------------------------------
1517 virt/kvm/kvm_main.c | 2 +-
1518 43 files changed, 138 insertions(+), 562 deletions(-)
1519
1520commit 3701524b1724055f47c00a4edbfe0f90e725ea5c
1521Author: Brad Spengler <spender@grsecurity.net>
1522Date: Sat Jun 9 14:18:35 2012 -0400
1523
1524 remove new entry
1525
1526 net/core/dev.c | 5 +++++
af489f2b
PK		 1527 1 files changed, 5 insertions(+), 0 deletions(-)
1528
d91cac3f 1529commit 9e8b3c2932d78a285f59698552e4dc947071a16a
23fa62ed 1530Author: Brad Spengler <spender@grsecurity.net>
d91cac3f 1531Date: Sat Jun 9 13:52:37 2012 -0400
23fa62ed
PK		 1532
1533 compile fix
1534
d91cac3f
PK		 1535 fs/proc/proc_sysctl.c | 2 +-
1536 1 files changed, 1 insertions(+), 1 deletions(-)
af489f2b 1537
d91cac3f 1538commit 1ce6d92493cd75f5017706226474daa073527bbc
23fa62ed 1539Author: Brad Spengler <spender@grsecurity.net>
d91cac3f 1540Date: Sat Jun 9 13:47:46 2012 -0400
23fa62ed 1541
d91cac3f 1542 Remove now unnecessary functions
23fa62ed 1543
d91cac3f
PK		 1544 grsecurity/gracl.c | 187 ----------------------------------------------------
1545 1 files changed, 0 insertions(+), 187 deletions(-)
af489f2b 1546
d91cac3f 1547commit 190aa4a11441d872d2107765f7a801c904bd3259
23fa62ed 1548Author: Brad Spengler <spender@grsecurity.net>
d91cac3f 1549Date: Sat Jun 9 13:34:58 2012 -0400
23fa62ed 1550
d91cac3f 1551 Complete sysctl handling, update grsecurity version
23fa62ed 1552
d91cac3f
PK		 1553 fs/proc/proc_sysctl.c | 17 +++++++++++++++--
1554 grsecurity/gracl.c | 10 ++++++++--
1555 grsecurity/grsec_sysctl.c | 2 ++
1556 include/linux/gracl.h | 4 ++--
1557 kernel/sysctl.c | 7 -------
1558 security/yama/Kconfig | 2 +-
1559 6 files changed, 28 insertions(+), 14 deletions(-)
af489f2b 1560
d91cac3f 1561commit ab6767c0b881d1fafbb793767d7388183de6b15c
23fa62ed 1562Author: Brad Spengler <spender@grsecurity.net>
d91cac3f 1563Date: Sat Jun 9 11:33:13 2012 -0400
23fa62ed 1564
d91cac3f 1565 Initial (broken) port to 3.4.1
23fa62ed 1566
d91cac3f 1567 Makefile | 10 +-
af489f2b
PK		 1568 arch/alpha/include/asm/cache.h | 4 +-
1569 arch/arm/include/asm/cache.h | 2 +
d91cac3f
PK		 1570 arch/arm/include/asm/thread_info.h | 10 +-
1571 arch/arm/kernel/ptrace.c | 9 +
af489f2b 1572 arch/arm/kernel/traps.c | 5 +
af489f2b
PK		 1573 arch/avr32/include/asm/cache.h | 4 +-
1574 arch/blackfin/include/asm/cache.h | 3 +-
1575 arch/cris/include/arch-v10/arch/cache.h | 3 +-
1576 arch/cris/include/arch-v32/arch/cache.h | 3 +-
1577 arch/frv/include/asm/cache.h | 3 +-
1578 arch/h8300/include/asm/cache.h | 4 +-
1579 arch/hexagon/include/asm/cache.h | 6 +-
1580 arch/ia64/include/asm/cache.h | 3 +-
1581 arch/m32r/include/asm/cache.h | 4 +-
1582 arch/m68k/include/asm/cache.h | 4 +-
1583 arch/microblaze/include/asm/cache.h | 3 +-
1584 arch/mips/include/asm/cache.h | 3 +-
d91cac3f
PK		 1585 arch/mips/include/asm/thread_info.h | 9 +-
1586 arch/mips/kernel/ptrace.c | 9 +
1587 arch/mips/kernel/scall32-o32.S | 2 +-
1588 arch/mips/kernel/scall64-64.S | 2 +-
1589 arch/mips/kernel/scall64-n32.S | 2 +-
1590 arch/mips/kernel/scall64-o32.S | 2 +-
af489f2b
PK		 1591 arch/mn10300/proc-mn103e010/include/proc/cache.h | 4 +-
1592 arch/mn10300/proc-mn2ws0050/include/proc/cache.h | 4 +-
1593 arch/openrisc/include/asm/cache.h | 4 +-
1594 arch/parisc/include/asm/cache.h | 5 +-
1595 arch/powerpc/include/asm/cache.h | 3 +-
d91cac3f 1596 arch/powerpc/include/asm/thread_info.h | 9 +-
af489f2b 1597 arch/powerpc/kernel/process.c | 10 +-
d91cac3f 1598 arch/powerpc/kernel/ptrace.c | 14 +
af489f2b
PK		 1599 arch/powerpc/kernel/traps.c | 5 +
1600 arch/s390/include/asm/cache.h | 4 +-
1601 arch/score/include/asm/cache.h | 4 +-
1602 arch/sh/include/asm/cache.h | 3 +-
1603 arch/sparc/Makefile | 2 +-
1604 arch/sparc/include/asm/cache.h | 4 +-
d91cac3f 1605 arch/sparc/include/asm/thread_info_64.h | 9 +-
af489f2b
PK		 1606 arch/sparc/kernel/process_32.c | 8 +-
1607 arch/sparc/kernel/process_64.c | 8 +-
d91cac3f
PK		 1608 arch/sparc/kernel/ptrace_64.c | 14 +
1609 arch/sparc/kernel/syscalls.S | 10 +-
af489f2b
PK		 1610 arch/sparc/kernel/traps_32.c | 8 +-
1611 arch/sparc/kernel/traps_64.c | 28 +-
1612 arch/sparc/kernel/unaligned_64.c | 2 +-
1613 arch/sparc/mm/fault_64.c | 2 +-
1614 arch/tile/include/asm/cache.h | 3 +-
1615 arch/um/include/asm/cache.h | 3 +-
1616 arch/unicore32/include/asm/cache.h | 6 +-
1617 arch/x86/Kconfig | 5 +-
1618 arch/x86/ia32/ia32_aout.c | 2 +
d91cac3f
PK		 1619 arch/x86/include/asm/pgtable-3level.h | 50 +
1620 arch/x86/include/asm/thread_info.h | 10 +-
af489f2b
PK		 1621 arch/x86/kernel/acpi/realmode/wakeup.S | 4 +
1622 arch/x86/kernel/dumpstack.c | 8 +
1623 arch/x86/kernel/entry_32.S | 2 +-
1624 arch/x86/kernel/entry_64.S | 2 +-
1625 arch/x86/kernel/ioport.c | 13 +
d91cac3f 1626 arch/x86/kernel/ptrace.c | 14 +
af489f2b
PK		 1627 arch/x86/kernel/verify_cpu.S | 1 +
1628 arch/x86/kernel/vm86_32.c | 16 +
1629 arch/x86/mm/fault.c | 11 +-
d91cac3f
PK		 1630 arch/x86/mm/init.c | 62 +-
1631 arch/x86/xen/enlighten.c | 3 +
af489f2b
PK		 1632 arch/xtensa/variants/dc232b/include/variant/core.h | 2 +-
1633 arch/xtensa/variants/fsf/include/variant/core.h | 3 +-
1634 arch/xtensa/variants/s6000/include/variant/core.h | 3 +-
d91cac3f 1635 drivers/base/node.c | 8 +-
af489f2b
PK		 1636 drivers/block/cciss.c | 2 +
1637 drivers/char/Kconfig | 4 +-
af489f2b
PK		 1638 drivers/char/genrtc.c | 1 +
1639 drivers/char/mem.c | 17 +
1640 drivers/char/random.c | 12 +
1641 drivers/gpu/drm/drm_info.c | 4 +
d91cac3f
PK		 1642 drivers/hid/hid-wiimote-debug.c | 2 +-
1643 drivers/leds/leds-mc13783.c | 2 +-
1644 drivers/media/radio/radio-cadet.c | 2 +-
af489f2b 1645 drivers/message/fusion/mptbase.c | 5 +
d91cac3f
PK		 1646 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +-
1647 drivers/net/macvtap.c | 2 +
af489f2b
PK		 1648 drivers/pci/proc.c | 9 +
1649 drivers/rtc/rtc-dev.c | 3 +
d91cac3f
PK		 1650 drivers/tty/sysrq.c | 2 +-
1651 drivers/tty/vt/keyboard.c | 22 +-
af489f2b
PK		 1652 drivers/video/logo/logo_linux_clut224.ppm | 2721 ++++++--------
1653 fs/attr.c | 1 +
1654 fs/binfmt_aout.c | 7 +
1655 fs/binfmt_elf.c | 6 +
1656 fs/btrfs/inode.c | 10 +-
1657 fs/btrfs/ioctl.c | 6 +-
1658 fs/ceph/dir.c | 2 +-
1659 fs/compat.c | 18 +
1660 fs/debugfs/inode.c | 4 +
1661 fs/exec.c | 155 +-
1662 fs/ext2/balloc.c | 2 +-
1663 fs/ext3/balloc.c | 5 +-
1664 fs/ext4/balloc.c | 4 +-
d91cac3f 1665 fs/ext4/resize.c | 2 +
af489f2b
PK		 1666 fs/fcntl.c | 6 +
1667 fs/file.c | 2 +
1668 fs/filesystems.c | 5 +
d91cac3f 1669 fs/fs_struct.c | 23 +-
af489f2b
PK		 1670 fs/hugetlbfs/inode.c | 2 +-
1671 fs/namei.c | 226 +-
1672 fs/namespace.c | 24 +
1673 fs/open.c | 35 +
1674 fs/pipe.c | 2 +-
1675 fs/proc/Kconfig | 10 +-
d91cac3f
PK		 1676 fs/proc/array.c | 67 +-
1677 fs/proc/base.c | 176 +-
af489f2b
PK		 1678 fs/proc/cmdline.c | 4 +
1679 fs/proc/devices.c | 4 +
1680 fs/proc/inode.c | 17 +
1681 fs/proc/internal.h | 3 +
1682 fs/proc/kcore.c | 3 +
1683 fs/proc/proc_net.c | 11 +
d91cac3f 1684 fs/proc/proc_sysctl.c | 32 +-
af489f2b 1685 fs/proc/root.c | 8 +
d91cac3f 1686 fs/proc/task_mmu.c | 75 +-
af489f2b
PK		 1687 fs/readdir.c | 19 +
1688 fs/select.c | 2 +
1689 fs/seq_file.c | 4 +
1690 fs/sysfs/dir.c | 12 +
1691 fs/utimes.c | 7 +
d91cac3f
PK		 1692 fs/xattr.c | 19 +-
1693 grsecurity/Kconfig | 1079 +++++
af489f2b 1694 grsecurity/Makefile | 38 +
d91cac3f 1695 grsecurity/gracl.c | 4193 ++++++++++++++++++++
af489f2b
PK		 1696 grsecurity/gracl_alloc.c | 105 +
1697 grsecurity/gracl_cap.c | 110 +
1698 grsecurity/gracl_fs.c | 435 ++
d91cac3f 1699 grsecurity/gracl_ip.c | 384 ++
af489f2b
PK		 1700 grsecurity/gracl_learn.c | 207 +
1701 grsecurity/gracl_res.c | 68 +
1702 grsecurity/gracl_segv.c | 299 ++
1703 grsecurity/gracl_shm.c | 40 +
1704 grsecurity/grsec_chdir.c | 19 +
1705 grsecurity/grsec_chroot.c | 368 ++
1706 grsecurity/grsec_disabled.c | 437 ++
d91cac3f 1707 grsecurity/grsec_exec.c | 174 +
af489f2b
PK		 1708 grsecurity/grsec_fifo.c | 24 +
1709 grsecurity/grsec_fork.c | 23 +
1710 grsecurity/grsec_init.c | 277 ++
1711 grsecurity/grsec_link.c | 43 +
1712 grsecurity/grsec_log.c | 322 ++
1713 grsecurity/grsec_mem.c | 40 +
1714 grsecurity/grsec_mount.c | 62 +
1715 grsecurity/grsec_pax.c | 36 +
1716 grsecurity/grsec_ptrace.c | 30 +
1717 grsecurity/grsec_sig.c | 207 +
1718 grsecurity/grsec_sock.c | 244 ++
1719 grsecurity/grsec_sysctl.c | 451 +++
1720 grsecurity/grsec_time.c | 16 +
1721 grsecurity/grsec_tpe.c | 73 +
1722 grsecurity/grsum.c | 61 +
d91cac3f 1723 include/asm-generic/pgtable.h | 22 +-
af489f2b
PK		 1724 include/linux/capability.h | 2 +
1725 include/linux/cred.h | 3 +
1726 include/linux/gracl.h | 319 ++
1727 include/linux/gralloc.h | 9 +
1728 include/linux/grdefs.h | 140 +
d91cac3f 1729 include/linux/grinternal.h | 221 +
af489f2b
PK		 1730 include/linux/grmsg.h | 109 +
1731 include/linux/grsecurity.h | 232 ++
1732 include/linux/grsock.h | 19 +
1733 include/linux/kallsyms.h | 13 +-
1734 include/linux/kmod.h | 2 +
1735 include/linux/netfilter/xt_gradm.h | 9 +
1736 include/linux/personality.h | 1 +
d91cac3f 1737 include/linux/printk.h | 3 +-
af489f2b
PK		 1738 include/linux/proc_fs.h | 12 +
1739 include/linux/sched.h | 54 +-
1740 include/linux/security.h | 1 +
1741 include/linux/seq_file.h | 3 +
1742 include/linux/shm.h | 4 +
1743 include/linux/sysctl.h | 2 +
af489f2b
PK		 1744 include/linux/vermagic.h | 9 +-
1745 init/Kconfig | 1 +
1746 init/main.c | 4 +
1747 ipc/mqueue.c | 1 +
1748 ipc/shm.c | 28 +
1749 kernel/capability.c | 32 +-
1750 kernel/compat.c | 1 +
1751 kernel/configs.c | 11 +
d91cac3f 1752 kernel/cred.c | 108 +-
af489f2b
PK		 1753 kernel/exit.c | 25 +-
1754 kernel/fork.c | 15 +-
d91cac3f 1755 kernel/futex.c | 1 +
af489f2b 1756 kernel/kallsyms.c | 8 +
d91cac3f
PK		 1757 kernel/kmod.c | 71 +-
1758 kernel/ksysfs.c | 2 +
1759 kernel/module.c | 83 +-
af489f2b
PK		 1760 kernel/panic.c | 4 +-
1761 kernel/pid.c | 19 +-
1762 kernel/posix-cpu-timers.c | 1 +
1763 kernel/posix-timers.c | 8 +
1764 kernel/printk.c | 5 +
1765 kernel/ptrace.c | 20 +-
1766 kernel/resource.c | 10 +
d91cac3f 1767 kernel/sched/core.c | 6 +-
af489f2b
PK		 1768 kernel/signal.c | 37 +-
1769 kernel/sys.c | 43 +-
d91cac3f 1770 kernel/sysctl.c | 44 +-
af489f2b
PK		 1771 kernel/taskstats.c | 6 +
1772 kernel/time.c | 5 +
1773 kernel/time/timekeeping.c | 3 +
1774 kernel/time/timer_list.c | 12 +
1775 kernel/time/timer_stats.c | 8 +
1776 lib/Kconfig.debug | 1 +
1777 lib/is_single_threaded.c | 3 +
1778 lib/vsprintf.c | 18 +-
1779 localversion-grsec | 1 +
d91cac3f 1780 mm/Kconfig | 4 +-
af489f2b 1781 mm/filemap.c | 1 +
d91cac3f 1782 mm/hugetlb.c | 29 +-
af489f2b 1783 mm/kmemleak.c | 2 +-
d91cac3f 1784 mm/mempolicy.c | 12 +-
af489f2b 1785 mm/mlock.c | 3 +
d91cac3f 1786 mm/mmap.c | 29 +-
af489f2b
PK		 1787 mm/mprotect.c | 8 +
1788 mm/page_alloc.c | 6 +
1789 mm/process_vm_access.c | 6 +
1790 mm/shmem.c | 2 +-
1791 mm/slab.c | 2 +-
1792 mm/slub.c | 14 +-
d91cac3f 1793 mm/vmalloc.c | 4 +-
af489f2b
PK		 1794 mm/vmstat.c | 18 +-
1795 net/core/dev.c | 4 +
1796 net/core/sock.c | 2 +-
1797 net/core/sock_diag.c | 7 +
1798 net/econet/Kconfig | 2 +-
1799 net/ipv4/inet_hashtables.c | 5 +
1800 net/ipv4/ip_sockglue.c | 3 +-
1801 net/ipv4/raw.c | 8 +-
d91cac3f 1802 net/ipv4/tcp_ipv4.c | 43 +-
af489f2b
PK		 1803 net/ipv4/tcp_minisocks.c | 8 +
1804 net/ipv4/tcp_timer.c | 11 +
1805 net/ipv4/udp.c | 31 +-
1806 net/ipv6/raw.c | 8 +-
1807 net/ipv6/tcp_ipv6.c | 46 +-
1808 net/ipv6/udp.c | 14 +-
1809 net/netfilter/Kconfig | 10 +
1810 net/netfilter/Makefile | 1 +
1811 net/netfilter/xt_gradm.c | 51 +
1812 net/netrom/af_netrom.c | 2 +-
1813 net/phonet/af_phonet.c | 4 +-
1814 net/phonet/socket.c | 7 +-
1815 net/sctp/proc.c | 3 +-
1816 net/socket.c | 62 +-
1817 net/sysctl_net.c | 2 +-
1818 net/unix/af_unix.c | 20 +
1819 scripts/Makefile.build | 2 +-
d91cac3f 1820 security/Kconfig | 88 +-
af489f2b 1821 security/apparmor/lsm.c | 2 +-
d91cac3f 1822 security/commoncap.c | 3 +
af489f2b
PK		 1823 security/min_addr.c | 2 +
1824 security/security.c | 2 -
1825 security/selinux/hooks.c | 2 -
1826 tools/gcc/Makefile | 2 +-
d91cac3f 1827 260 files changed, 14663 insertions(+), 1971 deletions(-)
af489f2b 1828
d91cac3f 1829commit d7f1e0f44fc98afbc5391f27a7eab4e9ed36f9f8
23fa62ed 1830Author: Brad Spengler <spender@grsecurity.net>
d91cac3f 1831Date: Wed Jun 6 17:51:31 2012 -0400
23fa62ed 1832
d91cac3f 1833 Initial import of pax-linux-3.4-test8-lto.patch, ported to 3.4.1
af489f2b 1834
d91cac3f 1835 Documentation/dontdiff | 34 +-
af489f2b 1836 Documentation/kernel-parameters.txt | 7 +
d91cac3f 1837 Makefile | 105 +-
af489f2b
PK		 1838 arch/alpha/include/asm/atomic.h | 10 +
1839 arch/alpha/include/asm/elf.h | 7 +
d91cac3f 1840 arch/alpha/include/asm/pgalloc.h | 6 +
af489f2b
PK		 1841 arch/alpha/include/asm/pgtable.h | 11 +
1842 arch/alpha/kernel/module.c | 2 +-
1843 arch/alpha/kernel/osf_sys.c | 10 +-
d91cac3f
PK		 1844 arch/alpha/mm/fault.c | 141 +-
1845 arch/arm/include/asm/atomic.h | 405 +-
af489f2b
PK		 1846 arch/arm/include/asm/cache.h | 2 +-
1847 arch/arm/include/asm/cacheflush.h | 2 +-
d91cac3f 1848 arch/arm/include/asm/cmpxchg.h | 2 +
af489f2b
PK		 1849 arch/arm/include/asm/elf.h | 13 +-
1850 arch/arm/include/asm/kmap_types.h | 1 +
1851 arch/arm/include/asm/outercache.h | 2 +-
1852 arch/arm/include/asm/page.h | 2 +-
d91cac3f 1853 arch/arm/include/asm/pgalloc.h | 6 +
af489f2b
PK		 1854 arch/arm/include/asm/uaccess.h | 27 +-
1855 arch/arm/kernel/armksyms.c | 4 +-
1856 arch/arm/kernel/process.c | 10 +-
1857 arch/arm/kernel/setup.c | 6 +-
1858 arch/arm/lib/copy_from_user.S | 6 +-
1859 arch/arm/lib/copy_page.S | 1 +
1860 arch/arm/lib/copy_to_user.S | 6 +-
1861 arch/arm/lib/uaccess.S | 12 +-
1862 arch/arm/lib/uaccess_with_memcpy.c | 2 +-
1863 arch/arm/mach-omap2/board-n8x0.c | 2 +-
d91cac3f 1864 arch/arm/mm/fault.c | 48 +
af489f2b
PK		 1865 arch/arm/mm/mmap.c | 31 +-
1866 arch/arm/plat-samsung/include/plat/dma-ops.h | 2 +-
1867 arch/arm/plat-samsung/include/plat/ehci.h | 2 +-
1868 arch/avr32/include/asm/elf.h | 8 +-
1869 arch/avr32/include/asm/kmap_types.h | 3 +-
1870 arch/avr32/mm/fault.c | 27 +
1871 arch/frv/include/asm/atomic.h | 10 +
1872 arch/frv/include/asm/kmap_types.h | 1 +
1873 arch/frv/mm/elf-fdpic.c | 7 +-
1874 arch/ia64/include/asm/atomic.h | 10 +
1875 arch/ia64/include/asm/elf.h | 7 +
d91cac3f 1876 arch/ia64/include/asm/pgalloc.h | 12 +
af489f2b
PK		 1877 arch/ia64/include/asm/pgtable.h | 13 +-
1878 arch/ia64/include/asm/spinlock.h | 2 +-
1879 arch/ia64/include/asm/uaccess.h | 4 +-
d91cac3f 1880 arch/ia64/kernel/module.c | 48 +-
af489f2b
PK		 1881 arch/ia64/kernel/sys_ia64.c | 13 +-
1882 arch/ia64/kernel/vmlinux.lds.S | 2 +-
1883 arch/ia64/mm/fault.c | 33 +-
1884 arch/ia64/mm/hugetlbpage.c | 2 +-
1885 arch/ia64/mm/init.c | 13 +
1886 arch/m32r/lib/usercopy.c | 6 +
1887 arch/mips/include/asm/atomic.h | 14 +
1888 arch/mips/include/asm/elf.h | 11 +-
d91cac3f 1889 arch/mips/include/asm/exec.h | 2 +-
af489f2b 1890 arch/mips/include/asm/page.h | 2 +-
d91cac3f 1891 arch/mips/include/asm/pgalloc.h | 5 +
af489f2b
PK		 1892 arch/mips/kernel/binfmt_elfn32.c | 7 +
1893 arch/mips/kernel/binfmt_elfo32.c | 7 +
1894 arch/mips/kernel/process.c | 12 -
1895 arch/mips/mm/fault.c | 17 +
1896 arch/mips/mm/mmap.c | 41 +-
1897 arch/parisc/include/asm/atomic.h | 10 +
1898 arch/parisc/include/asm/elf.h | 7 +
d91cac3f 1899 arch/parisc/include/asm/pgalloc.h | 6 +
af489f2b 1900 arch/parisc/include/asm/pgtable.h | 11 +
d91cac3f 1901 arch/parisc/kernel/module.c | 50 +-
af489f2b
PK		 1902 arch/parisc/kernel/sys_parisc.c | 6 +-
1903 arch/parisc/kernel/traps.c | 4 +-
d91cac3f 1904 arch/parisc/mm/fault.c | 140 +-
af489f2b
PK		 1905 arch/powerpc/include/asm/atomic.h | 10 +
1906 arch/powerpc/include/asm/elf.h | 18 +-
d91cac3f 1907 arch/powerpc/include/asm/exec.h | 2 +-
af489f2b
PK		 1908 arch/powerpc/include/asm/kmap_types.h | 1 +
1909 arch/powerpc/include/asm/mman.h | 2 +-
1910 arch/powerpc/include/asm/page.h | 8 +-
1911 arch/powerpc/include/asm/page_64.h | 7 +-
d91cac3f 1912 arch/powerpc/include/asm/pgalloc-64.h | 7 +
af489f2b
PK		 1913 arch/powerpc/include/asm/pgtable.h | 1 +
1914 arch/powerpc/include/asm/pte-hash32.h | 1 +
1915 arch/powerpc/include/asm/reg.h | 1 +
d91cac3f 1916 arch/powerpc/include/asm/uaccess.h | 142 +-
af489f2b
PK		 1917 arch/powerpc/kernel/exceptions-64e.S | 4 +-
1918 arch/powerpc/kernel/exceptions-64s.S | 2 +-
af489f2b 1919 arch/powerpc/kernel/module_32.c | 13 +-
d91cac3f 1920 arch/powerpc/kernel/process.c | 55 -
af489f2b
PK		 1921 arch/powerpc/kernel/signal_32.c | 2 +-
1922 arch/powerpc/kernel/signal_64.c | 2 +-
1923 arch/powerpc/kernel/vdso.c | 5 +-
1924 arch/powerpc/lib/usercopy_64.c | 18 -
d91cac3f 1925 arch/powerpc/mm/fault.c | 54 +-
af489f2b
PK		 1926 arch/powerpc/mm/mmap_64.c | 12 +
1927 arch/powerpc/mm/slice.c | 23 +-
1928 arch/s390/include/asm/atomic.h | 10 +
1929 arch/s390/include/asm/elf.h | 13 +-
d91cac3f 1930 arch/s390/include/asm/exec.h | 2 +-
af489f2b
PK		 1931 arch/s390/include/asm/uaccess.h | 11 +
1932 arch/s390/kernel/module.c | 22 +-
d91cac3f 1933 arch/s390/kernel/process.c | 36 -
af489f2b 1934 arch/s390/mm/mmap.c | 24 +
d91cac3f 1935 arch/score/include/asm/exec.h | 2 +-
af489f2b
PK		 1936 arch/score/kernel/process.c | 5 -
1937 arch/sh/mm/mmap.c | 24 +-
d91cac3f 1938 arch/sparc/include/asm/atomic_64.h | 106 +-
af489f2b
PK		 1939 arch/sparc/include/asm/cache.h | 2 +-
1940 arch/sparc/include/asm/elf_32.h | 7 +
1941 arch/sparc/include/asm/elf_64.h | 7 +
d91cac3f
PK		 1942 arch/sparc/include/asm/pgalloc_32.h | 1 +
1943 arch/sparc/include/asm/pgalloc_64.h | 1 +
af489f2b
PK		 1944 arch/sparc/include/asm/pgtable_32.h | 17 +
1945 arch/sparc/include/asm/pgtsrmmu.h | 7 +
1946 arch/sparc/include/asm/spinlock_64.h | 35 +-
1947 arch/sparc/include/asm/thread_info_32.h | 2 +
1948 arch/sparc/include/asm/thread_info_64.h | 2 +
1949 arch/sparc/include/asm/uaccess.h | 8 +
1950 arch/sparc/include/asm/uaccess_32.h | 27 +-
1951 arch/sparc/include/asm/uaccess_64.h | 19 +-
1952 arch/sparc/kernel/Makefile | 2 +-
1953 arch/sparc/kernel/sys_sparc_32.c | 4 +-
1954 arch/sparc/kernel/sys_sparc_64.c | 52 +-
1955 arch/sparc/kernel/traps_64.c | 13 +-
1956 arch/sparc/lib/Makefile | 2 +-
d91cac3f 1957 arch/sparc/lib/atomic_64.S | 148 +-
af489f2b
PK		 1958 arch/sparc/lib/ksyms.c | 6 +
1959 arch/sparc/mm/Makefile | 2 +-
d91cac3f
PK		 1960 arch/sparc/mm/fault_32.c | 283 +
1961 arch/sparc/mm/fault_64.c | 477 +
af489f2b
PK		 1962 arch/sparc/mm/hugetlbpage.c | 16 +-
1963 arch/sparc/mm/init_32.c | 15 +-
1964 arch/sparc/mm/srmmu.c | 7 +
1965 arch/tile/include/asm/atomic_64.h | 10 +
1966 arch/um/Makefile | 4 +
1967 arch/um/include/asm/kmap_types.h | 1 +
1968 arch/um/include/asm/page.h | 3 +
d91cac3f 1969 arch/um/include/asm/pgtable-3level.h | 1 +
af489f2b
PK		 1970 arch/um/kernel/process.c | 16 -
1971 arch/x86/Kconfig | 9 +-
1972 arch/x86/Kconfig.cpu | 6 +-
1973 arch/x86/Kconfig.debug | 4 +-
d91cac3f 1974 arch/x86/Makefile | 15 +
af489f2b
PK		 1975 arch/x86/boot/Makefile | 3 +
1976 arch/x86/boot/bitops.h | 4 +-
1977 arch/x86/boot/boot.h | 4 +-
1978 arch/x86/boot/compressed/Makefile | 3 +
d91cac3f 1979 arch/x86/boot/compressed/eboot.c | 2 -
af489f2b
PK		 1980 arch/x86/boot/compressed/head_32.S | 7 +-
1981 arch/x86/boot/compressed/head_64.S | 4 +-
1982 arch/x86/boot/compressed/misc.c | 4 +-
af489f2b
PK		 1983 arch/x86/boot/cpucheck.c | 28 +-
1984 arch/x86/boot/header.S | 2 +-
1985 arch/x86/boot/memory.c | 2 +-
1986 arch/x86/boot/video-vesa.c | 1 +
1987 arch/x86/boot/video.c | 2 +-
d91cac3f 1988 arch/x86/crypto/Makefile | 40 +-
af489f2b
PK		 1989 arch/x86/crypto/aes-x86_64-asm_64.S | 4 +
1990 arch/x86/crypto/aesni-intel_asm.S | 31 +
1991 arch/x86/crypto/blowfish-x86_64-asm_64.S | 8 +
d91cac3f 1992 arch/x86/crypto/camellia-x86_64-asm_64.S | 8 +
af489f2b
PK		 1993 arch/x86/crypto/salsa20-x86_64-asm_64.S | 5 +
1994 arch/x86/crypto/serpent-sse2-x86_64-asm_64.S | 5 +
1995 arch/x86/crypto/sha1_ssse3_asm.S | 3 +
1996 arch/x86/crypto/twofish-x86_64-asm_64-3way.S | 5 +
1997 arch/x86/crypto/twofish-x86_64-asm_64.S | 3 +
d91cac3f 1998 arch/x86/ia32/Makefile | 7 +-
af489f2b 1999 arch/x86/ia32/ia32_signal.c | 20 +-
d91cac3f
PK		 2000 arch/x86/ia32/ia32entry.S | 126 +-
2001 arch/x86/ia32/sys_ia32.c | 14 +-
2002 arch/x86/include/asm/alternative-asm.h | 39 +
af489f2b
PK		 2003 arch/x86/include/asm/alternative.h | 2 +-
2004 arch/x86/include/asm/apic.h | 2 +-
2005 arch/x86/include/asm/apm.h | 4 +-
d91cac3f
PK		 2006 arch/x86/include/asm/arch_hweight.h | 6 +-
2007 arch/x86/include/asm/atomic.h | 285 +-
2008 arch/x86/include/asm/atomic64_32.h | 100 +
2009 arch/x86/include/asm/atomic64_64.h | 202 +-
af489f2b
PK		 2010 arch/x86/include/asm/bitops.h | 2 +-
2011 arch/x86/include/asm/boot.h | 7 +-
2012 arch/x86/include/asm/cache.h | 5 +-
2013 arch/x86/include/asm/cacheflush.h | 2 +-
2014 arch/x86/include/asm/checksum_32.h | 12 +-
d91cac3f 2015 arch/x86/include/asm/cmpxchg.h | 35 +
af489f2b 2016 arch/x86/include/asm/cpufeature.h | 2 +-
d91cac3f 2017 arch/x86/include/asm/desc.h | 65 +-
af489f2b
PK		 2018 arch/x86/include/asm/desc_defs.h | 6 +
2019 arch/x86/include/asm/e820.h | 2 +-
d91cac3f 2020 arch/x86/include/asm/elf.h | 31 +-
af489f2b 2021 arch/x86/include/asm/emergency-restart.h | 2 +-
d91cac3f 2022 arch/x86/include/asm/fpu-internal.h | 12 +-
af489f2b
PK		 2023 arch/x86/include/asm/futex.h | 14 +-
2024 arch/x86/include/asm/hw_irq.h | 4 +-
af489f2b
PK		 2025 arch/x86/include/asm/io.h | 11 +
2026 arch/x86/include/asm/irqflags.h | 5 +
2027 arch/x86/include/asm/kprobes.h | 9 +-
2028 arch/x86/include/asm/kvm_host.h | 2 +-
d91cac3f 2029 arch/x86/include/asm/local.h | 94 +-
af489f2b
PK		 2030 arch/x86/include/asm/mman.h | 10 +
2031 arch/x86/include/asm/mmu.h | 16 +-
d91cac3f 2032 arch/x86/include/asm/mmu_context.h | 76 +-
af489f2b 2033 arch/x86/include/asm/module.h | 17 +-
d91cac3f
PK		 2034 arch/x86/include/asm/mutex_32.h | 10 +-
2035 arch/x86/include/asm/mutex_64.h | 10 +-
af489f2b 2036 arch/x86/include/asm/page_64_types.h | 2 +-
d91cac3f 2037 arch/x86/include/asm/paravirt.h | 44 +-
af489f2b 2038 arch/x86/include/asm/paravirt_types.h | 19 +-
d91cac3f 2039 arch/x86/include/asm/pgalloc.h | 23 +
af489f2b
PK		 2040 arch/x86/include/asm/pgtable-2level.h | 2 +
2041 arch/x86/include/asm/pgtable-3level.h | 4 +
d91cac3f 2042 arch/x86/include/asm/pgtable.h | 110 +-
af489f2b
PK		 2043 arch/x86/include/asm/pgtable_32.h | 14 +-
2044 arch/x86/include/asm/pgtable_32_types.h | 15 +-
d91cac3f 2045 arch/x86/include/asm/pgtable_64.h | 19 +-
af489f2b
PK		 2046 arch/x86/include/asm/pgtable_64_types.h | 5 +
2047 arch/x86/include/asm/pgtable_types.h | 36 +-
d91cac3f 2048 arch/x86/include/asm/processor.h | 39 +-
af489f2b
PK		 2049 arch/x86/include/asm/ptrace.h | 18 +-
2050 arch/x86/include/asm/reboot.h | 12 +-
d91cac3f
PK		 2051 arch/x86/include/asm/rwsem.h | 90 +-
2052 arch/x86/include/asm/segment.h | 24 +-
af489f2b
PK		 2053 arch/x86/include/asm/smp.h | 14 +-
2054 arch/x86/include/asm/spinlock.h | 36 +-
2055 arch/x86/include/asm/stackprotector.h | 4 +-
2056 arch/x86/include/asm/stacktrace.h | 32 +-
d91cac3f 2057 arch/x86/include/asm/switch_to.h | 10 +-
af489f2b 2058 arch/x86/include/asm/sys_ia32.h | 2 +-
d91cac3f
PK		 2059 arch/x86/include/asm/syscall.h | 3 +-
2060 arch/x86/include/asm/thread_info.h | 95 +-
2061 arch/x86/include/asm/uaccess.h | 93 +-
2062 arch/x86/include/asm/uaccess_32.h | 109 +-
2063 arch/x86/include/asm/uaccess_64.h | 278 +-
2064 arch/x86/include/asm/unistd.h | 4 +
2065 arch/x86/include/asm/vdso.h | 12 +-
af489f2b
PK		 2066 arch/x86/include/asm/x86_init.h | 26 +-
2067 arch/x86/include/asm/xsave.h | 12 +-
d91cac3f
PK		 2068 arch/x86/kernel/Makefile | 25 +-
2069 arch/x86/kernel/acpi/Makefile | 8 +-
af489f2b
PK		 2070 arch/x86/kernel/acpi/realmode/Makefile | 3 +
2071 arch/x86/kernel/acpi/sleep.c | 4 +
2072 arch/x86/kernel/acpi/wakeup_32.S | 6 +-
d91cac3f 2073 arch/x86/kernel/alternative.c | 65 +-
af489f2b 2074 arch/x86/kernel/apic/apic.c | 4 +-
d91cac3f 2075 arch/x86/kernel/apic/io_apic.c | 12 +-
af489f2b
PK		 2076 arch/x86/kernel/apm_32.c | 19 +-
2077 arch/x86/kernel/asm-offsets.c | 20 +
2078 arch/x86/kernel/asm-offsets_64.c | 1 +
2079 arch/x86/kernel/cpu/Makefile | 4 -
2080 arch/x86/kernel/cpu/amd.c | 2 +-
d91cac3f 2081 arch/x86/kernel/cpu/common.c | 77 +-
af489f2b
PK		 2082 arch/x86/kernel/cpu/intel.c | 2 +-
2083 arch/x86/kernel/cpu/mcheck/mce.c | 27 +-
2084 arch/x86/kernel/cpu/mcheck/p5.c | 3 +
2085 arch/x86/kernel/cpu/mcheck/winchip.c | 3 +
2086 arch/x86/kernel/cpu/mtrr/main.c | 2 +-
2087 arch/x86/kernel/cpu/mtrr/mtrr.h | 2 +-
2088 arch/x86/kernel/cpu/perf_event.c | 2 +-
2089 arch/x86/kernel/crash.c | 4 +-
2090 arch/x86/kernel/doublefault_32.c | 8 +-
d91cac3f
PK		 2091 arch/x86/kernel/dumpstack.c | 30 +-
2092 arch/x86/kernel/dumpstack_32.c | 34 +-
2093 arch/x86/kernel/dumpstack_64.c | 61 +-
af489f2b 2094 arch/x86/kernel/early_printk.c | 1 +
d91cac3f
PK		 2095 arch/x86/kernel/entry_32.S | 378 +-
2096 arch/x86/kernel/entry_64.S | 512 +-
af489f2b
PK		 2097 arch/x86/kernel/ftrace.c | 14 +-
2098 arch/x86/kernel/head32.c | 4 +-
d91cac3f
PK		 2099 arch/x86/kernel/head_32.S | 244 +-
2100 arch/x86/kernel/head_64.S | 158 +-
af489f2b 2101 arch/x86/kernel/i386_ksyms_32.c | 8 +
d91cac3f 2102 arch/x86/kernel/i387.c | 2 +-
af489f2b
PK		 2103 arch/x86/kernel/i8259.c | 2 +-
2104 arch/x86/kernel/init_task.c | 7 +-
2105 arch/x86/kernel/ioport.c | 2 +-
2106 arch/x86/kernel/irq.c | 10 +-
d91cac3f 2107 arch/x86/kernel/irq_32.c | 66 +-
af489f2b 2108 arch/x86/kernel/irq_64.c | 2 +-
d91cac3f 2109 arch/x86/kernel/kdebugfs.c | 2 +
af489f2b 2110 arch/x86/kernel/kgdb.c | 10 +-
d91cac3f
PK		 2111 arch/x86/kernel/kprobes-common.h | 102 +-
2112 arch/x86/kernel/kprobes-opt.c | 8 +-
2113 arch/x86/kernel/kprobes.c | 44 +-
af489f2b
PK		 2114 arch/x86/kernel/ldt.c | 31 +-
2115 arch/x86/kernel/machine_kexec_32.c | 6 +-
2116 arch/x86/kernel/microcode_intel.c | 4 +-
d91cac3f 2117 arch/x86/kernel/module.c | 76 +-
af489f2b
PK		 2118 arch/x86/kernel/nmi.c | 11 +
2119 arch/x86/kernel/paravirt-spinlocks.c | 2 +-
2120 arch/x86/kernel/paravirt.c | 43 +-
2121 arch/x86/kernel/pci-iommu_table.c | 2 +-
d91cac3f 2122 arch/x86/kernel/process.c | 83 +-
af489f2b 2123 arch/x86/kernel/process_32.c | 21 +-
d91cac3f 2124 arch/x86/kernel/process_64.c | 16 +-
af489f2b
PK		 2125 arch/x86/kernel/ptrace.c | 8 +-
2126 arch/x86/kernel/pvclock.c | 8 +-
d91cac3f 2127 arch/x86/kernel/reboot.c | 51 +-
af489f2b 2128 arch/x86/kernel/relocate_kernel_64.S | 4 +-
d91cac3f 2129 arch/x86/kernel/rtc.c | 2 +-
af489f2b
PK		 2130 arch/x86/kernel/setup.c | 14 +-
2131 arch/x86/kernel/setup_percpu.c | 27 +-
2132 arch/x86/kernel/signal.c | 21 +-
2133 arch/x86/kernel/smpboot.c | 15 +-
2134 arch/x86/kernel/step.c | 10 +-
d91cac3f
PK		 2135 arch/x86/kernel/sys_i386_32.c | 231 +-
2136 arch/x86/kernel/sys_x86_64.c | 50 +-
af489f2b
PK		 2137 arch/x86/kernel/tboot.c | 12 +-
2138 arch/x86/kernel/time.c | 10 +-
2139 arch/x86/kernel/tls.c | 5 +
2140 arch/x86/kernel/trampoline_32.S | 8 +-
2141 arch/x86/kernel/trampoline_64.S | 4 +-
d91cac3f
PK		 2142 arch/x86/kernel/traps.c | 59 +-
2143 arch/x86/kernel/tsc.c | 2 +-
af489f2b 2144 arch/x86/kernel/vm86_32.c | 6 +-
d91cac3f 2145 arch/x86/kernel/vmlinux.lds.S | 149 +-
af489f2b
PK		 2146 arch/x86/kernel/vsyscall_64.c | 14 +-
2147 arch/x86/kernel/x8664_ksyms_64.c | 2 -
2148 arch/x86/kernel/xsave.c | 6 +-
2149 arch/x86/kvm/cpuid.c | 21 +-
2150 arch/x86/kvm/emulate.c | 4 +-
2151 arch/x86/kvm/lapic.c | 2 +-
2152 arch/x86/kvm/paging_tmpl.h | 2 +-
2153 arch/x86/kvm/svm.c | 8 +
d91cac3f 2154 arch/x86/kvm/vmx.c | 44 +-
af489f2b
PK		 2155 arch/x86/kvm/x86.c | 10 +-
2156 arch/x86/lguest/boot.c | 3 +-
d91cac3f
PK		 2157 arch/x86/lib/Makefile | 8 +-
2158 arch/x86/lib/atomic64_386_32.S | 164 +
2159 arch/x86/lib/atomic64_cx8_32.S | 103 +-
2160 arch/x86/lib/checksum_32.S | 100 +-
af489f2b
PK		 2161 arch/x86/lib/clear_page_64.S | 5 +-
2162 arch/x86/lib/cmpxchg16b_emu.S | 2 +
d91cac3f
PK		 2163 arch/x86/lib/copy_page_64.S | 24 +-
2164 arch/x86/lib/copy_user_64.S | 47 +-
af489f2b
PK		 2165 arch/x86/lib/copy_user_nocache_64.S | 20 +-
2166 arch/x86/lib/csum-copy_64.S | 2 +
2167 arch/x86/lib/csum-wrappers_64.c | 16 +-
d91cac3f 2168 arch/x86/lib/getuser.S | 68 +-
af489f2b
PK		 2169 arch/x86/lib/insn.c | 9 +-
2170 arch/x86/lib/iomap_copy_64.S | 2 +
2171 arch/x86/lib/memcpy_64.S | 18 +-
2172 arch/x86/lib/memmove_64.S | 34 +-
2173 arch/x86/lib/memset_64.S | 7 +-
d91cac3f 2174 arch/x86/lib/mmx_32.c | 243 +-
af489f2b 2175 arch/x86/lib/msr-reg.S | 18 +-
d91cac3f
PK		 2176 arch/x86/lib/putuser.S | 87 +-
2177 arch/x86/lib/rwlock.S | 42 +
af489f2b
PK		 2178 arch/x86/lib/rwsem.S | 6 +-
2179 arch/x86/lib/thunk_64.S | 2 +
d91cac3f
PK		 2180 arch/x86/lib/usercopy_32.c | 383 +-
2181 arch/x86/lib/usercopy_64.c | 26 +-
af489f2b 2182 arch/x86/mm/extable.c | 2 +-
d91cac3f 2183 arch/x86/mm/fault.c | 552 +-
af489f2b
PK		 2184 arch/x86/mm/gup.c | 2 +-
2185 arch/x86/mm/highmem_32.c | 4 +
d91cac3f
PK		 2186 arch/x86/mm/hugetlbpage.c | 90 +-
2187 arch/x86/mm/init.c | 91 +-
2188 arch/x86/mm/init_32.c | 122 +-
2189 arch/x86/mm/init_64.c | 48 +-
af489f2b
PK		 2190 arch/x86/mm/iomap_32.c | 4 +
2191 arch/x86/mm/ioremap.c | 10 +-
2192 arch/x86/mm/kmemcheck/kmemcheck.c | 4 +-
2193 arch/x86/mm/mmap.c | 41 +-
2194 arch/x86/mm/mmio-mod.c | 6 +-
2195 arch/x86/mm/pageattr-test.c | 2 +-
2196 arch/x86/mm/pageattr.c | 33 +-
2197 arch/x86/mm/pat.c | 12 +-
2198 arch/x86/mm/pf_in.c | 10 +-
d91cac3f 2199 arch/x86/mm/pgtable.c | 137 +-
af489f2b
PK		 2200 arch/x86/mm/pgtable_32.c | 3 +
2201 arch/x86/mm/setup_nx.c | 7 +
2202 arch/x86/mm/tlb.c | 4 +
d91cac3f
PK		 2203 arch/x86/net/Makefile | 7 +-
2204 arch/x86/net/bpf_jit.S | 14 +
2205 arch/x86/net/bpf_jit_comp.c | 37 +-
af489f2b
PK		 2206 arch/x86/oprofile/backtrace.c | 8 +-
2207 arch/x86/pci/mrst.c | 4 +-
d91cac3f
PK		 2208 arch/x86/pci/pcbios.c | 146 +-
2209 arch/x86/platform/efi/Makefile | 8 +-
af489f2b
PK		 2210 arch/x86/platform/efi/efi_32.c | 19 +
2211 arch/x86/platform/efi/efi_stub_32.S | 48 +-
2212 arch/x86/platform/efi/efi_stub_64.S | 8 +
2213 arch/x86/platform/mrst/mrst.c | 6 +-
d91cac3f 2214 arch/x86/power/Makefile | 7 +-
af489f2b 2215 arch/x86/power/cpu.c | 4 +-
d91cac3f
PK		 2216 arch/x86/tools/relocs.c | 85 +-
2217 arch/x86/vdso/Makefile | 31 +-
af489f2b 2218 arch/x86/vdso/vdso32-setup.c | 23 +-
d91cac3f 2219 arch/x86/vdso/vma.c | 29 +-
af489f2b
PK		 2220 arch/x86/xen/enlighten.c | 35 +-
2221 arch/x86/xen/mmu.c | 9 +
2222 arch/x86/xen/smp.c | 16 +-
2223 arch/x86/xen/xen-asm_32.S | 12 +-
2224 arch/x86/xen/xen-head.S | 11 +
2225 arch/x86/xen/xen-ops.h | 2 -
2226 block/blk-iopoll.c | 2 +-
2227 block/blk-map.c | 2 +-
2228 block/blk-softirq.c | 2 +-
2229 block/bsg.c | 12 +-
2230 block/compat_ioctl.c | 2 +-
2231 block/partitions/efi.c | 8 +-
2232 block/scsi_ioctl.c | 27 +-
2233 crypto/cryptd.c | 4 +-
2234 drivers/acpi/apei/cper.c | 8 +-
2235 drivers/acpi/ec_sys.c | 12 +-
2236 drivers/acpi/proc.c | 18 +-
2237 drivers/acpi/processor_driver.c | 2 +-
2238 drivers/ata/libata-core.c | 8 +-
2239 drivers/ata/pata_arasan_cf.c | 4 +-
2240 drivers/atm/adummy.c | 2 +-
2241 drivers/atm/ambassador.c | 8 +-
2242 drivers/atm/atmtcp.c | 14 +-
2243 drivers/atm/eni.c | 12 +-
2244 drivers/atm/firestream.c | 8 +-
2245 drivers/atm/fore200e.c | 14 +-
2246 drivers/atm/he.c | 18 +-
2247 drivers/atm/horizon.c | 4 +-
2248 drivers/atm/idt77252.c | 36 +-
2249 drivers/atm/iphase.c | 34 +-
2250 drivers/atm/lanai.c | 12 +-
2251 drivers/atm/nicstar.c | 46 +-
2252 drivers/atm/solos-pci.c | 4 +-
2253 drivers/atm/suni.c | 4 +-
2254 drivers/atm/uPD98402.c | 16 +-
2255 drivers/atm/zatm.c | 6 +-
2256 drivers/base/devtmpfs.c | 2 +-
2257 drivers/base/power/wakeup.c | 8 +-
2258 drivers/block/cciss.c | 28 +-
2259 drivers/block/cciss.h | 2 +-
2260 drivers/block/cpqarray.c | 28 +-
2261 drivers/block/cpqarray.h | 2 +-
2262 drivers/block/drbd/drbd_int.h | 20 +-
2263 drivers/block/drbd/drbd_main.c | 10 +-
2264 drivers/block/drbd/drbd_nl.c | 10 +-
2265 drivers/block/drbd/drbd_receiver.c | 20 +-
2266 drivers/block/loop.c | 2 +-
2267 drivers/char/agp/frontend.c | 2 +-
2268 drivers/char/hpet.c | 2 +-
2269 drivers/char/ipmi/ipmi_msghandler.c | 8 +-
2270 drivers/char/ipmi/ipmi_si_intf.c | 8 +-
2271 drivers/char/mbcs.c | 2 +-
d91cac3f 2272 drivers/char/mem.c | 41 +-
af489f2b
PK		 2273 drivers/char/nvram.c | 2 +-
2274 drivers/char/random.c | 4 +-
2275 drivers/char/sonypi.c | 9 +-
2276 drivers/char/tpm/tpm.c | 2 +-
2277 drivers/char/tpm/tpm_bios.c | 14 +-
2278 drivers/char/virtio_console.c | 4 +-
af489f2b 2279 drivers/edac/edac_pci_sysfs.c | 20 +-
af489f2b 2280 drivers/edac/mce_amd.h | 2 +-
af489f2b
PK		 2281 drivers/firewire/core-card.c | 2 +-
2282 drivers/firewire/core-cdev.c | 3 +-
2283 drivers/firewire/core-transaction.c | 1 +
2284 drivers/firewire/core.h | 1 +
2285 drivers/firmware/dmi_scan.c | 7 +-
2286 drivers/gpio/gpio-vr41xx.c | 2 +-
2287 drivers/gpu/drm/drm_crtc_helper.c | 2 +-
2288 drivers/gpu/drm/drm_drv.c | 4 +-
2289 drivers/gpu/drm/drm_fops.c | 16 +-
2290 drivers/gpu/drm/drm_global.c | 14 +-
2291 drivers/gpu/drm/drm_info.c | 14 +-
2292 drivers/gpu/drm/drm_ioc32.c | 4 +-
2293 drivers/gpu/drm/drm_ioctl.c | 2 +-
2294 drivers/gpu/drm/drm_lock.c | 4 +-
d91cac3f 2295 drivers/gpu/drm/drm_stub.c | 2 +-
af489f2b
PK		 2296 drivers/gpu/drm/i810/i810_dma.c | 8 +-
2297 drivers/gpu/drm/i810/i810_drv.h | 4 +-
2298 drivers/gpu/drm/i915/i915_debugfs.c | 4 +-
2299 drivers/gpu/drm/i915/i915_dma.c | 2 +-
2300 drivers/gpu/drm/i915/i915_drv.h | 8 +-
2301 drivers/gpu/drm/i915/i915_gem_execbuffer.c | 6 +-
2302 drivers/gpu/drm/i915/i915_irq.c | 10 +-
2303 drivers/gpu/drm/i915/intel_display.c | 10 +-
2304 drivers/gpu/drm/mga/mga_drv.h | 4 +-
2305 drivers/gpu/drm/mga/mga_irq.c | 8 +-
d91cac3f 2306 drivers/gpu/drm/nouveau/nouveau_bios.c | 2 +-
af489f2b
PK		 2307 drivers/gpu/drm/nouveau/nouveau_drv.h | 12 +-
2308 drivers/gpu/drm/nouveau/nouveau_fence.c | 4 +-
2309 drivers/gpu/drm/nouveau/nouveau_gem.c | 2 +-
2310 drivers/gpu/drm/nouveau/nouveau_state.c | 2 +-
2311 drivers/gpu/drm/nouveau/nv04_graph.c | 2 +-
d91cac3f
PK		 2312 drivers/gpu/drm/nouveau/nv50_sor.c | 2 +-
2313 drivers/gpu/drm/nouveau/nvd0_display.c | 2 +-
af489f2b
PK		 2314 drivers/gpu/drm/r128/r128_cce.c | 2 +-
2315 drivers/gpu/drm/r128/r128_drv.h | 4 +-
2316 drivers/gpu/drm/r128/r128_irq.c | 4 +-
2317 drivers/gpu/drm/r128/r128_state.c | 4 +-
2318 drivers/gpu/drm/radeon/mkregtable.c | 4 +-
2319 drivers/gpu/drm/radeon/radeon.h | 6 +-
2320 drivers/gpu/drm/radeon/radeon_device.c | 2 +-
2321 drivers/gpu/drm/radeon/radeon_drv.h | 2 +-
2322 drivers/gpu/drm/radeon/radeon_fence.c | 6 +-
2323 drivers/gpu/drm/radeon/radeon_ioc32.c | 2 +-
2324 drivers/gpu/drm/radeon/radeon_irq.c | 6 +-
2325 drivers/gpu/drm/radeon/radeon_state.c | 4 +-
2326 drivers/gpu/drm/radeon/radeon_ttm.c | 6 +-
2327 drivers/gpu/drm/radeon/rs690.c | 4 +-
2328 drivers/gpu/drm/ttm/ttm_page_alloc.c | 4 +-
2329 drivers/gpu/drm/via/via_drv.h | 4 +-
2330 drivers/gpu/drm/via/via_irq.c | 18 +-
2331 drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 2 +-
2332 drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c | 8 +-
2333 drivers/gpu/drm/vmwgfx/vmwgfx_irq.c | 4 +-
2334 drivers/gpu/drm/vmwgfx/vmwgfx_marker.c | 2 +-
2335 drivers/hid/hid-core.c | 4 +-
2336 drivers/hid/usbhid/hiddev.c | 2 +-
2337 drivers/hv/channel.c | 4 +-
2338 drivers/hv/hv.c | 2 +-
2339 drivers/hv/hyperv_vmbus.h | 2 +-
2340 drivers/hv/vmbus_drv.c | 4 +-
2341 drivers/hwmon/acpi_power_meter.c | 2 -
2342 drivers/hwmon/sht15.c | 12 +-
2343 drivers/i2c/busses/i2c-amd756-s4882.c | 2 +-
2344 drivers/i2c/busses/i2c-nforce2-s4985.c | 2 +-
2345 drivers/i2c/i2c-mux.c | 2 +-
2346 drivers/ide/aec62xx.c | 2 +-
2347 drivers/ide/alim15x3.c | 2 +-
2348 drivers/ide/amd74xx.c | 2 +-
2349 drivers/ide/atiixp.c | 2 +-
2350 drivers/ide/cmd64x.c | 2 +-
2351 drivers/ide/cs5520.c | 2 +-
2352 drivers/ide/cs5530.c | 2 +-
2353 drivers/ide/cs5535.c | 2 +-
2354 drivers/ide/cy82c693.c | 2 +-
2355 drivers/ide/hpt366.c | 24 +-
2356 drivers/ide/ide-cd.c | 2 +-
2357 drivers/ide/ide-pci-generic.c | 2 +-
2358 drivers/ide/it8172.c | 2 +-
2359 drivers/ide/it8213.c | 2 +-
2360 drivers/ide/it821x.c | 2 +-
2361 drivers/ide/jmicron.c | 2 +-
2362 drivers/ide/ns87415.c | 2 +-
2363 drivers/ide/opti621.c | 2 +-
2364 drivers/ide/pdc202xx_new.c | 2 +-
2365 drivers/ide/pdc202xx_old.c | 2 +-
2366 drivers/ide/piix.c | 2 +-
2367 drivers/ide/rz1000.c | 2 +-
2368 drivers/ide/sc1200.c | 2 +-
2369 drivers/ide/scc_pata.c | 2 +-
2370 drivers/ide/serverworks.c | 2 +-
2371 drivers/ide/siimage.c | 2 +-
2372 drivers/ide/sis5513.c | 2 +-
2373 drivers/ide/sl82c105.c | 2 +-
2374 drivers/ide/slc90e66.c | 2 +-
2375 drivers/ide/tc86c001.c | 2 +-
2376 drivers/ide/triflex.c | 2 +-
2377 drivers/ide/trm290.c | 2 +-
2378 drivers/ide/via82cxxx.c | 2 +-
2379 drivers/ieee802154/fakehard.c | 2 +-
2380 drivers/infiniband/core/cm.c | 32 +-
2381 drivers/infiniband/core/fmr_pool.c | 20 +-
2382 drivers/infiniband/hw/cxgb4/mem.c | 4 +-
2383 drivers/infiniband/hw/ipath/ipath_rc.c | 6 +-
2384 drivers/infiniband/hw/ipath/ipath_ruc.c | 6 +-
2385 drivers/infiniband/hw/nes/nes.c | 4 +-
2386 drivers/infiniband/hw/nes/nes.h | 40 +-
2387 drivers/infiniband/hw/nes/nes_cm.c | 62 +-
2388 drivers/infiniband/hw/nes/nes_mgt.c | 8 +-
2389 drivers/infiniband/hw/nes/nes_nic.c | 40 +-
2390 drivers/infiniband/hw/nes/nes_verbs.c | 10 +-
2391 drivers/infiniband/hw/qib/qib.h | 1 +
2392 drivers/input/gameport/gameport.c | 4 +-
2393 drivers/input/input.c | 4 +-
2394 drivers/input/joystick/sidewinder.c | 1 +
2395 drivers/input/joystick/xpad.c | 4 +-
2396 drivers/input/mousedev.c | 2 +-
2397 drivers/input/serio/serio.c | 4 +-
2398 drivers/isdn/capi/capi.c | 10 +-
af489f2b
PK		 2399 drivers/isdn/hardware/avm/b1.c | 4 +-
2400 drivers/isdn/hardware/eicon/divasync.h | 2 +-
2401 drivers/isdn/hardware/eicon/xdi_adapter.h | 2 +-
2402 drivers/isdn/icn/icn.c | 2 +-
2403 drivers/lguest/core.c | 10 +-
2404 drivers/lguest/x86/core.c | 12 +-
2405 drivers/lguest/x86/switcher_32.S | 27 +-
2406 drivers/macintosh/macio_asic.c | 2 +-
d91cac3f 2407 drivers/md/bitmap.c | 2 +-
af489f2b
PK		 2408 drivers/md/dm-ioctl.c | 2 +-
2409 drivers/md/dm-raid1.c | 16 +-
2410 drivers/md/dm-stripe.c | 10 +-
2411 drivers/md/dm-table.c | 2 +-
2412 drivers/md/dm-thin-metadata.c | 4 +-
2413 drivers/md/dm.c | 16 +-
d91cac3f 2414 drivers/md/md.c | 26 +-
af489f2b
PK		 2415 drivers/md/md.h | 6 +-
2416 drivers/md/persistent-data/dm-space-map-checker.c | 2 +-
2417 drivers/md/persistent-data/dm-space-map-disk.c | 2 +-
2418 drivers/md/persistent-data/dm-space-map-metadata.c | 2 +-
2419 drivers/md/persistent-data/dm-space-map.h | 1 +
2420 drivers/md/raid1.c | 4 +-
2421 drivers/md/raid10.c | 16 +-
2422 drivers/md/raid5.c | 10 +-
2423 drivers/media/dvb/ddbridge/ddbridge-core.c | 2 +-
2424 drivers/media/dvb/dvb-core/dvb_demux.h | 2 +-
2425 drivers/media/dvb/dvb-core/dvbdev.c | 2 +-
2426 drivers/media/dvb/dvb-usb/cxusb.c | 2 +-
2427 drivers/media/dvb/dvb-usb/dw2102.c | 2 +-
2428 drivers/media/dvb/frontends/dib3000.h | 2 +-
2429 drivers/media/dvb/ngene/ngene-cards.c | 2 +-
2430 drivers/media/radio/radio-cadet.c | 2 +
2431 drivers/media/video/au0828/au0828.h | 2 +-
2432 drivers/media/video/cx88/cx88-alsa.c | 2 +-
2433 drivers/media/video/omap/omap_vout.c | 11 +-
2434 drivers/media/video/pvrusb2/pvrusb2-hdw-internal.h | 2 +-
2435 drivers/media/video/timblogiw.c | 4 +-
2436 drivers/message/fusion/mptsas.c | 34 +-
2437 drivers/message/fusion/mptscsih.c | 19 +-
2438 drivers/message/i2o/i2o_proc.c | 44 +-
2439 drivers/message/i2o/iop.c | 8 +-
2440 drivers/mfd/abx500-core.c | 2 +-
2441 drivers/mfd/janz-cmodio.c | 1 +
2442 drivers/misc/lis3lv02d/lis3lv02d.c | 8 +-
2443 drivers/misc/lis3lv02d/lis3lv02d.h | 2 +-
2444 drivers/misc/sgi-gru/gruhandles.c | 4 +-
2445 drivers/misc/sgi-gru/gruprocfs.c | 8 +-
d91cac3f 2446 drivers/misc/sgi-gru/grutables.h | 154 +-
af489f2b
PK		 2447 drivers/misc/sgi-xp/xp.h | 2 +-
2448 drivers/misc/sgi-xp/xpc.h | 3 +-
2449 drivers/misc/sgi-xp/xpc_main.c | 2 +-
2450 drivers/mmc/host/sdhci-pci.c | 2 +-
2451 drivers/mtd/devices/doc2000.c | 2 +-
af489f2b
PK		 2452 drivers/mtd/nand/denali.c | 1 +
2453 drivers/mtd/nftlmount.c | 1 +
af489f2b
PK		 2454 drivers/net/ethernet/atheros/atlx/atl2.c | 2 +-
2455 drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h | 2 +-
2456 drivers/net/ethernet/broadcom/tg3.h | 1 +
2457 drivers/net/ethernet/chelsio/cxgb3/l2t.h | 2 +-
2458 drivers/net/ethernet/dec/tulip/de4x5.c | 4 +-
2459 drivers/net/ethernet/dec/tulip/eeprom.c | 2 +-
2460 drivers/net/ethernet/dec/tulip/winbond-840.c | 2 +-
2461 drivers/net/ethernet/dlink/sundance.c | 2 +-
2462 drivers/net/ethernet/emulex/benet/be_main.c | 2 +-
2463 drivers/net/ethernet/faraday/ftgmac100.c | 2 +
2464 drivers/net/ethernet/faraday/ftmac100.c | 2 +
2465 drivers/net/ethernet/fealnx.c | 2 +-
af489f2b
PK		 2466 drivers/net/ethernet/intel/e1000e/hw.h | 9 +-
2467 drivers/net/ethernet/intel/igb/e1000_hw.h | 12 +-
2468 drivers/net/ethernet/intel/igbvf/vf.h | 6 +-
2469 drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 12 +-
2470 drivers/net/ethernet/intel/ixgbevf/vf.h | 6 +-
2471 drivers/net/ethernet/mellanox/mlx4/main.c | 1 +
2472 drivers/net/ethernet/neterion/vxge/vxge-config.h | 2 +-
2473 drivers/net/ethernet/neterion/vxge/vxge-traffic.h | 2 +-
2474 drivers/net/ethernet/realtek/r8169.c | 6 +-
2475 drivers/net/ethernet/sis/sis190.c | 2 +-
2476 drivers/net/ethernet/stmicro/stmmac/mmc_core.c | 4 +-
2477 drivers/net/hyperv/hyperv_net.h | 2 +-
2478 drivers/net/hyperv/rndis_filter.c | 4 +-
2479 drivers/net/ppp/ppp_generic.c | 4 +-
2480 drivers/net/tokenring/abyss.c | 8 +-
2481 drivers/net/tokenring/madgemc.c | 8 +-
2482 drivers/net/tokenring/proteon.c | 8 +-
2483 drivers/net/tokenring/skisa.c | 8 +-
2484 drivers/net/usb/hso.c | 25 +-
2485 drivers/net/wireless/ath/ath.h | 1 +
2486 drivers/net/wireless/ath/ath9k/ar9002_mac.c | 30 +-
2487 drivers/net/wireless/ath/ath9k/ar9003_mac.c | 58 +-
2488 drivers/net/wireless/ath/ath9k/hw.h | 6 +-
2489 .../net/wireless/brcm80211/brcmsmac/phy/phy_int.h | 2 +-
2490 drivers/net/wireless/iwlegacy/3945-mac.c | 4 +-
af489f2b
PK		 2491 drivers/net/wireless/mac80211_hwsim.c | 8 +-
2492 drivers/net/wireless/mwifiex/main.h | 2 +-
2493 drivers/net/wireless/rndis_wlan.c | 2 +-
2494 drivers/net/wireless/wl1251/wl1251.h | 2 +-
2495 drivers/oprofile/buffer_sync.c | 8 +-
2496 drivers/oprofile/event_buffer.c | 2 +-
2497 drivers/oprofile/oprof.c | 2 +-
2498 drivers/oprofile/oprofile_stats.c | 10 +-
2499 drivers/oprofile/oprofile_stats.h | 10 +-
2500 drivers/oprofile/oprofilefs.c | 2 +-
2501 drivers/parport/procfs.c | 4 +-
2502 drivers/pci/hotplug/cpci_hotplug.h | 2 +-
2503 drivers/pci/hotplug/cpqphp_nvram.c | 4 +
2504 drivers/pci/pcie/aspm.c | 6 +-
2505 drivers/pci/probe.c | 2 +-
d91cac3f 2506 drivers/platform/x86/thinkpad_acpi.c | 70 +-
af489f2b
PK		 2507 drivers/pnp/pnpbios/bioscalls.c | 14 +-
2508 drivers/pnp/resource.c | 4 +-
2509 drivers/power/bq27x00_battery.c | 2 +-
2510 drivers/regulator/max8660.c | 6 +-
2511 drivers/regulator/mc13892-regulator.c | 6 +-
2512 drivers/scsi/aacraid/aacraid.h | 2 +-
2513 drivers/scsi/aacraid/linit.c | 2 +-
2514 drivers/scsi/aic94xx/aic94xx_init.c | 2 +-
2515 drivers/scsi/bfa/bfa.h | 2 +-
2516 drivers/scsi/bfa/bfa_fcpim.c | 4 +-
2517 drivers/scsi/bfa/bfa_fcpim.h | 3 +-
2518 drivers/scsi/bfa/bfa_ioc.h | 4 +-
2519 drivers/scsi/hosts.c | 4 +-
2520 drivers/scsi/hpsa.c | 30 +-
2521 drivers/scsi/hpsa.h | 2 +-
2522 drivers/scsi/ips.h | 2 +-
2523 drivers/scsi/libfc/fc_exch.c | 38 +-
2524 drivers/scsi/libsas/sas_ata.c | 2 +-
2525 drivers/scsi/lpfc/lpfc.h | 8 +-
2526 drivers/scsi/lpfc/lpfc_debugfs.c | 18 +-
2527 drivers/scsi/lpfc/lpfc_init.c | 6 +-
2528 drivers/scsi/lpfc/lpfc_scsi.c | 16 +-
2529 drivers/scsi/pmcraid.c | 20 +-
2530 drivers/scsi/pmcraid.h | 8 +-
2531 drivers/scsi/qla2xxx/qla_def.h | 2 +-
2532 drivers/scsi/qla4xxx/ql4_def.h | 2 +-
2533 drivers/scsi/qla4xxx/ql4_os.c | 6 +-
2534 drivers/scsi/scsi.c | 2 +-
2535 drivers/scsi/scsi_lib.c | 6 +-
2536 drivers/scsi/scsi_sysfs.c | 2 +-
2537 drivers/scsi/scsi_tgt_lib.c | 2 +-
2538 drivers/scsi/scsi_transport_fc.c | 8 +-
2539 drivers/scsi/scsi_transport_iscsi.c | 6 +-
2540 drivers/scsi/scsi_transport_srp.c | 6 +-
2541 drivers/scsi/sg.c | 6 +-
af489f2b
PK		 2542 drivers/spi/spi.c | 2 +-
2543 drivers/staging/octeon/ethernet-rx.c | 12 +-
2544 drivers/staging/octeon/ethernet.c | 8 +-
2545 drivers/staging/rtl8712/rtl871x_io.h | 2 +-
2546 drivers/staging/sbe-2t3e3/netdev.c | 2 +-
2547 drivers/staging/speakup/speakup_soft.c | 2 +-
2548 drivers/staging/usbip/usbip_common.h | 2 +-
2549 drivers/staging/usbip/vhci.h | 2 +-
2550 drivers/staging/usbip/vhci_hcd.c | 6 +-
2551 drivers/staging/usbip/vhci_rx.c | 2 +-
2552 drivers/staging/vt6655/hostap.c | 7 +-
2553 drivers/staging/vt6656/hostap.c | 7 +-
2554 drivers/staging/wlan-ng/hfa384x_usb.c | 2 +-
2555 drivers/staging/zcache/tmem.c | 4 +-
2556 drivers/staging/zcache/tmem.h | 2 +
d91cac3f
PK		 2557 drivers/target/target_core_tmr.c | 2 +-
2558 drivers/target/target_core_transport.c | 10 +-
af489f2b
PK		 2559 drivers/tty/hvc/hvcs.c | 23 +-
2560 drivers/tty/ipwireless/tty.c | 29 +-
2561 drivers/tty/n_gsm.c | 2 +-
2562 drivers/tty/n_tty.c | 3 +-
2563 drivers/tty/pty.c | 4 +-
2564 drivers/tty/serial/kgdboc.c | 32 +-
2565 drivers/tty/tty_io.c | 2 +-
2566 drivers/tty/tty_ldisc.c | 10 +-
2567 drivers/uio/uio.c | 21 +-
2568 drivers/usb/atm/cxacru.c | 2 +-
2569 drivers/usb/atm/usbatm.c | 24 +-
2570 drivers/usb/core/devices.c | 6 +-
af489f2b
PK		 2571 drivers/usb/early/ehci-dbgp.c | 16 +-
2572 drivers/usb/wusbcore/wa-hc.h | 4 +-
2573 drivers/usb/wusbcore/wa-xfer.c | 2 +-
2574 drivers/vhost/vhost.c | 2 +-
2575 drivers/video/aty/aty128fb.c | 2 +-
2576 drivers/video/fbcmap.c | 3 +-
2577 drivers/video/fbmem.c | 6 +-
2578 drivers/video/geode/gx1fb_core.c | 2 +-
2579 drivers/video/gxt4500.c | 4 +-
2580 drivers/video/i810/i810_accel.c | 1 +
2581 drivers/video/i810/i810_main.c | 2 +-
2582 drivers/video/jz4740_fb.c | 2 +-
2583 drivers/video/udlfb.c | 32 +-
d91cac3f
PK		 2584 drivers/video/uvesafb.c | 39 +-
2585 drivers/video/vesafb.c | 51 +-
af489f2b
PK		 2586 drivers/video/via/via_clock.h | 2 +-
2587 drivers/xen/xen-pciback/conf_space.h | 6 +-
2588 fs/9p/vfs_inode.c | 2 +-
2589 fs/Kconfig.binfmt | 2 +-
2590 fs/aio.c | 11 +-
2591 fs/autofs4/waitq.c | 2 +-
2592 fs/befs/linuxvfs.c | 2 +-
2593 fs/binfmt_aout.c | 23 +-
d91cac3f 2594 fs/binfmt_elf.c | 631 +-
af489f2b 2595 fs/binfmt_flat.c | 6 +
d91cac3f 2596 fs/bio.c | 4 +-
af489f2b
PK		 2597 fs/block_dev.c | 2 +-
2598 fs/btrfs/check-integrity.c | 2 +-
2599 fs/btrfs/ctree.c | 9 +-
2600 fs/btrfs/ioctl.c | 2 +-
2601 fs/btrfs/relocation.c | 2 +-
2602 fs/cachefiles/bind.c | 6 +-
2603 fs/cachefiles/daemon.c | 8 +-
2604 fs/cachefiles/internal.h | 12 +-
2605 fs/cachefiles/namei.c | 2 +-
2606 fs/cachefiles/proc.c | 12 +-
2607 fs/cachefiles/rdwr.c | 2 +-
2608 fs/ceph/dir.c | 2 +-
d91cac3f 2609 fs/cifs/cifs_debug.c | 86 +-
af489f2b
PK		 2610 fs/cifs/cifsfs.c | 8 +-
2611 fs/cifs/cifsglob.h | 50 +-
2612 fs/cifs/link.c | 2 +-
2613 fs/cifs/misc.c | 4 +-
2614 fs/coda/cache.c | 10 +-
2615 fs/compat.c | 6 +-
2616 fs/compat_binfmt_elf.c | 2 +
2617 fs/compat_ioctl.c | 10 +-
2618 fs/configfs/dir.c | 10 +-
2619 fs/dcache.c | 2 +-
2620 fs/ecryptfs/inode.c | 6 +-
2621 fs/ecryptfs/miscdev.c | 2 +-
2622 fs/ecryptfs/read_write.c | 4 +-
d91cac3f 2623 fs/exec.c | 327 +-
af489f2b
PK		 2624 fs/ext4/ext4.h | 20 +-
2625 fs/ext4/mballoc.c | 44 +-
2626 fs/fcntl.c | 4 +-
2627 fs/fifo.c | 22 +-
2628 fs/fs_struct.c | 12 +-
2629 fs/fscache/cookie.c | 34 +-
d91cac3f 2630 fs/fscache/internal.h | 182 +-
af489f2b
PK		 2631 fs/fscache/object.c | 26 +-
2632 fs/fscache/operation.c | 28 +-
d91cac3f
PK		 2633 fs/fscache/page.c | 106 +-
2634 fs/fscache/stats.c | 330 +-
af489f2b
PK		 2635 fs/fuse/cuse.c | 10 +-
2636 fs/fuse/dev.c | 2 +-
2637 fs/fuse/dir.c | 2 +-
2638 fs/gfs2/inode.c | 2 +-
2639 fs/inode.c | 4 +-
2640 fs/jffs2/erase.c | 3 +-
2641 fs/jffs2/wbuf.c | 3 +-
2642 fs/jfs/super.c | 2 +-
2643 fs/libfs.c | 10 +-
2644 fs/lockd/clntproc.c | 4 +-
2645 fs/locks.c | 8 +-
2646 fs/namei.c | 13 +-
2647 fs/nfs/inode.c | 8 +-
2648 fs/nfsd/vfs.c | 6 +-
2649 fs/notify/fanotify/fanotify_user.c | 3 +-
2650 fs/notify/notification.c | 4 +-
2651 fs/ntfs/dir.c | 2 +-
2652 fs/ntfs/file.c | 4 +-
2653 fs/ocfs2/localalloc.c | 2 +-
2654 fs/ocfs2/ocfs2.h | 10 +-
2655 fs/ocfs2/suballoc.c | 12 +-
2656 fs/ocfs2/super.c | 20 +-
2657 fs/ocfs2/symlink.c | 2 +-
2658 fs/pipe.c | 33 +-
2659 fs/proc/array.c | 20 +
2660 fs/proc/base.c | 2 +-
2661 fs/proc/kcore.c | 32 +-
2662 fs/proc/meminfo.c | 2 +-
2663 fs/proc/nommu.c | 2 +-
d91cac3f 2664 fs/proc/task_mmu.c | 41 +-
af489f2b
PK		 2665 fs/proc/task_nommu.c | 4 +-
2666 fs/quota/netlink.c | 4 +-
2667 fs/readdir.c | 2 +-
2668 fs/reiserfs/do_balan.c | 2 +-
2669 fs/reiserfs/procfs.c | 2 +-
d91cac3f
PK		 2670 fs/reiserfs/reiserfs.h | 4 +-
2671 fs/seq_file.c | 2 +-
af489f2b
PK		 2672 fs/splice.c | 36 +-
2673 fs/sysfs/file.c | 10 +-
2674 fs/sysfs/symlink.c | 2 +-
2675 fs/udf/misc.c | 2 +-
2676 fs/xattr_acl.c | 4 +-
2677 fs/xfs/xfs_bmap.c | 2 +-
2678 fs/xfs/xfs_dir2_sf.c | 10 +-
2679 fs/xfs/xfs_ioctl.c | 2 +-
2680 fs/xfs/xfs_iops.c | 2 +-
2681 include/acpi/acpi_bus.h | 2 +-
d91cac3f 2682 include/asm-generic/atomic-long.h | 183 +
af489f2b
PK		 2683 include/asm-generic/atomic64.h | 12 +
2684 include/asm-generic/cache.h | 4 +-
2685 include/asm-generic/emergency-restart.h | 2 +-
af489f2b
PK		 2686 include/asm-generic/kmap_types.h | 3 +-
2687 include/asm-generic/local.h | 1 +
2688 include/asm-generic/pgtable-nopmd.h | 18 +-
d91cac3f 2689 include/asm-generic/pgtable-nopud.h | 15 +-
af489f2b
PK		 2690 include/asm-generic/pgtable.h | 8 +
2691 include/asm-generic/vmlinux.lds.h | 10 +-
2692 include/drm/drmP.h | 5 +-
2693 include/drm/drm_crtc_helper.h | 4 +-
2694 include/drm/ttm/ttm_memory.h | 2 +-
2695 include/linux/a.out.h | 8 +
2696 include/linux/atmdev.h | 2 +-
2697 include/linux/binfmts.h | 1 +
2698 include/linux/blkdev.h | 2 +-
2699 include/linux/blktrace_api.h | 2 +-
2700 include/linux/byteorder/little_endian.h | 24 +-
2701 include/linux/cache.h | 4 +
2702 include/linux/cleancache.h | 2 +-
d91cac3f
PK		 2703 include/linux/compiler-gcc4.h | 15 +
2704 include/linux/compiler.h | 64 +-
af489f2b
PK		 2705 include/linux/crypto.h | 6 +-
2706 include/linux/decompress/mm.h | 2 +-
2707 include/linux/dma-mapping.h | 2 +-
2708 include/linux/efi.h | 2 +-
2709 include/linux/elf.h | 30 +
d91cac3f 2710 include/linux/export.h | 2 +-
af489f2b
PK		 2711 include/linux/filter.h | 4 +
2712 include/linux/firewire.h | 2 +-
2713 include/linux/fs.h | 3 +-
2714 include/linux/fs_struct.h | 2 +-
2715 include/linux/fscache-cache.h | 4 +-
2716 include/linux/fsnotify.h | 2 +-
2717 include/linux/fsnotify_backend.h | 1 +
d91cac3f 2718 include/linux/ftrace.h | 2 +-
af489f2b
PK		 2719 include/linux/ftrace_event.h | 4 +-
2720 include/linux/genhd.h | 2 +-
2721 include/linux/hid.h | 2 +-
2722 include/linux/highmem.h | 12 +
2723 include/linux/i2c.h | 1 +
2724 include/linux/i2o.h | 2 +-
2725 include/linux/if_team.h | 3 +-
2726 include/linux/init.h | 4 +-
2727 include/linux/init_task.h | 7 +
2728 include/linux/intel-iommu.h | 2 +-
2729 include/linux/interrupt.h | 6 +-
2730 include/linux/kgdb.h | 6 +-
2731 include/linux/kref.h | 2 +-
2732 include/linux/kvm_host.h | 4 +-
2733 include/linux/libata.h | 2 +-
2734 include/linux/mca.h | 2 +-
2735 include/linux/memory.h | 2 +-
2736 include/linux/mfd/abx500.h | 1 +
d91cac3f
PK		 2737 include/linux/mfd/abx500/ux500_chargalg.h | 2 +-
2738 include/linux/mm.h | 92 +-
2739 include/linux/mm_types.h | 22 +-
af489f2b
PK		 2740 include/linux/mmu_notifier.h | 6 +-
2741 include/linux/mmzone.h | 2 +-
2742 include/linux/mod_devicetable.h | 4 +-
d91cac3f
PK		 2743 include/linux/module.h | 54 +-
2744 include/linux/moduleloader.h | 14 +-
af489f2b
PK		 2745 include/linux/moduleparam.h | 4 +-
2746 include/linux/namei.h | 6 +-
2747 include/linux/netdevice.h | 3 +-
2748 include/linux/of_pdt.h | 2 +-
2749 include/linux/oprofile.h | 4 +-
af489f2b
PK		 2750 include/linux/perf_event.h | 8 +-
2751 include/linux/pipe_fs_i.h | 6 +-
2752 include/linux/pm_runtime.h | 2 +-
2753 include/linux/poison.h | 4 +-
2754 include/linux/preempt.h | 2 +-
2755 include/linux/proc_fs.h | 2 +-
2756 include/linux/random.h | 7 +-
2757 include/linux/reboot.h | 14 +-
af489f2b
PK		 2758 include/linux/relay.h | 2 +-
2759 include/linux/rfkill.h | 1 +
2760 include/linux/rio.h | 2 +-
2761 include/linux/rmap.h | 4 +-
d91cac3f 2762 include/linux/sched.h | 69 +-
af489f2b
PK		 2763 include/linux/screen_info.h | 3 +-
2764 include/linux/seq_file.h | 1 +
2765 include/linux/skbuff.h | 8 +-
d91cac3f
PK		 2766 include/linux/slab.h | 23 +-
2767 include/linux/slab_def.h | 12 +-
2768 include/linux/slob_def.h | 3 +-
2769 include/linux/slub_def.h | 8 +-
af489f2b
PK		 2770 include/linux/sonet.h | 2 +-
2771 include/linux/sunrpc/clnt.h | 8 +-
2772 include/linux/sunrpc/sched.h | 1 +
2773 include/linux/sunrpc/svc_rdma.h | 18 +-
d91cac3f 2774 include/linux/syscalls.h | 4 +-
af489f2b
PK		 2775 include/linux/sysctl.h | 6 +-
2776 include/linux/tty_ldisc.h | 2 +-
2777 include/linux/types.h | 16 +
2778 include/linux/uaccess.h | 6 +-
2779 include/linux/unaligned/access_ok.h | 12 +-
2780 include/linux/usb/renesas_usbhs.h | 4 +-
2781 include/linux/vermagic.h | 21 +-
d91cac3f 2782 include/linux/vmalloc.h | 11 +-
af489f2b
PK		 2783 include/linux/vmstat.h | 20 +-
2784 include/linux/xattr.h | 5 +
2785 include/media/saa7146_vv.h | 2 +-
2786 include/media/v4l2-dev.h | 3 +-
2787 include/media/v4l2-ioctl.h | 2 +-
2788 include/net/caif/caif_hsi.h | 2 +-
2789 include/net/caif/cfctrl.h | 6 +-
2790 include/net/flow.h | 2 +-
2791 include/net/inetpeer.h | 8 +-
2792 include/net/ip_fib.h | 2 +-
2793 include/net/ip_vs.h | 4 +-
2794 include/net/irda/ircomm_core.h | 2 +-
2795 include/net/irda/ircomm_tty.h | 5 +-
2796 include/net/iucv/af_iucv.h | 2 +-
2797 include/net/neighbour.h | 2 +-
2798 include/net/netlink.h | 2 +-
2799 include/net/netns/ipv4.h | 4 +-
2800 include/net/sctp/sctp.h | 6 +-
2801 include/net/sock.h | 4 +-
2802 include/net/tcp.h | 2 +-
2803 include/net/udp.h | 2 +-
2804 include/net/xfrm.h | 2 +-
2805 include/rdma/iw_cm.h | 2 +-
2806 include/scsi/libfc.h | 3 +-
2807 include/scsi/scsi_device.h | 6 +-
2808 include/scsi/scsi_transport_fc.h | 2 +-
2809 include/sound/ak4xxx-adda.h | 2 +-
2810 include/sound/hwdep.h | 2 +-
2811 include/sound/info.h | 2 +-
2812 include/sound/pcm.h | 1 +
2813 include/sound/sb16_csp.h | 2 +-
2814 include/sound/soc.h | 4 +-
2815 include/sound/ymfpci.h | 2 +-
d91cac3f 2816 include/target/target_core_base.h | 6 +-
af489f2b
PK		 2817 include/trace/events/irq.h | 4 +-
2818 include/video/udlfb.h | 8 +-
2819 include/video/uvesafb.h | 1 +
d91cac3f
PK		 2820 init/Kconfig | 19 +-
2821 init/calibrate.c | 2 +-
af489f2b
PK		 2822 init/do_mounts.c | 14 +-
2823 init/do_mounts.h | 8 +-
2824 init/do_mounts_initrd.c | 28 +-
2825 init/do_mounts_md.c | 6 +-
2826 init/initramfs.c | 40 +-
d91cac3f 2827 init/main.c | 56 +-
af489f2b
PK		 2828 ipc/msg.c | 11 +-
2829 ipc/sem.c | 11 +-
2830 ipc/shm.c | 17 +-
2831 kernel/acct.c | 2 +-
2832 kernel/audit.c | 8 +-
2833 kernel/auditsc.c | 4 +-
2834 kernel/capability.c | 3 +
d91cac3f 2835 kernel/compat.c | 40 +-
af489f2b
PK		 2836 kernel/debug/debug_core.c | 16 +-
2837 kernel/debug/kdb/kdb_main.c | 4 +-
2838 kernel/events/core.c | 28 +-
2839 kernel/exit.c | 4 +-
d91cac3f 2840 kernel/fork.c | 166 +-
af489f2b
PK		 2841 kernel/futex.c | 9 +
2842 kernel/gcov/base.c | 7 +-
2843 kernel/hrtimer.c | 2 +-
2844 kernel/jump_label.c | 4 +
d91cac3f 2845 kernel/kallsyms.c | 39 +-
af489f2b
PK		 2846 kernel/kexec.c | 3 +-
2847 kernel/kmod.c | 2 +-
2848 kernel/kprobes.c | 8 +-
2849 kernel/lockdep.c | 7 +-
2850 kernel/lockdep_proc.c | 2 +-
d91cac3f 2851 kernel/module.c | 334 +-
af489f2b
PK		 2852 kernel/mutex-debug.c | 12 +-
2853 kernel/mutex-debug.h | 4 +-
d91cac3f 2854 kernel/mutex.c | 15 +-
af489f2b
PK		 2855 kernel/panic.c | 3 +-
2856 kernel/pid.c | 2 +-
2857 kernel/posix-cpu-timers.c | 4 +-
2858 kernel/posix-timers.c | 20 +-
2859 kernel/power/poweroff.c | 2 +-
2860 kernel/power/process.c | 13 +-
2861 kernel/profile.c | 14 +-
2862 kernel/ptrace.c | 6 +-
2863 kernel/rcutiny.c | 4 +-
d91cac3f 2864 kernel/rcutiny_plugin.h | 2 +-
af489f2b 2865 kernel/rcutorture.c | 56 +-
d91cac3f 2866 kernel/rcutree.c | 50 +-
af489f2b 2867 kernel/rcutree.h | 2 +-
d91cac3f 2868 kernel/rcutree_plugin.h | 2 +-
af489f2b
PK		 2869 kernel/rcutree_trace.c | 4 +-
2870 kernel/rtmutex-tester.c | 24 +-
2871 kernel/sched/auto_group.c | 4 +-
2872 kernel/sched/fair.c | 2 +-
2873 kernel/signal.c | 8 +-
2874 kernel/smp.c | 8 +-
2875 kernel/softirq.c | 14 +-
2876 kernel/sys.c | 12 +-
d91cac3f 2877 kernel/sysctl.c | 37 +-
af489f2b
PK		 2878 kernel/sysctl_binary.c | 14 +-
2879 kernel/time/alarmtimer.c | 2 +-
2880 kernel/time/tick-broadcast.c | 2 +-
2881 kernel/time/timer_stats.c | 10 +-
2882 kernel/timer.c | 2 +-
2883 kernel/trace/blktrace.c | 6 +-
2884 kernel/trace/ftrace.c | 11 +-
2885 kernel/trace/trace.c | 6 +-
2886 kernel/trace/trace_events.c | 25 +-
2887 kernel/trace/trace_kprobe.c | 8 +-
2888 kernel/trace/trace_mmiotrace.c | 8 +-
2889 kernel/trace/trace_output.c | 2 +-
2890 kernel/trace/trace_stack.c | 2 +-
2891 kernel/trace/trace_workqueue.c | 6 +-
2892 lib/bitmap.c | 8 +-
2893 lib/bug.c | 2 +
2894 lib/debugobjects.c | 2 +-
2895 lib/devres.c | 4 +-
2896 lib/dma-debug.c | 2 +-
2897 lib/extable.c | 3 +
d91cac3f 2898 lib/gen_crc32table.c | 6 +-
af489f2b 2899 lib/inflate.c | 2 +-
d91cac3f 2900 lib/ioremap.c | 4 +-
af489f2b
PK		 2901 lib/radix-tree.c | 2 +-
2902 lib/vsprintf.c | 12 +-
2903 mm/Kconfig | 6 +-
2904 mm/filemap.c | 2 +-
2905 mm/fremap.c | 5 +
2906 mm/highmem.c | 7 +-
2907 mm/huge_memory.c | 2 +-
d91cac3f 2908 mm/hugetlb.c | 54 +
af489f2b
PK		 2909 mm/internal.h | 1 +
2910 mm/maccess.c | 4 +-
d91cac3f 2911 mm/madvise.c | 41 +
af489f2b 2912 mm/memory-failure.c | 18 +-
d91cac3f 2913 mm/memory.c | 407 +-
af489f2b
PK		 2914 mm/mempolicy.c | 25 +
2915 mm/mlock.c | 20 +-
d91cac3f
PK		 2916 mm/mmap.c | 638 +-
2917 mm/mprotect.c | 138 +-
2918 mm/mremap.c | 45 +-
af489f2b
PK		 2919 mm/nommu.c | 11 +-
2920 mm/page_alloc.c | 14 +-
2921 mm/percpu.c | 2 +-
2922 mm/process_vm_access.c | 14 +-
d91cac3f 2923 mm/rmap.c | 38 +-
af489f2b 2924 mm/shmem.c | 5 +-
d91cac3f
PK		 2925 mm/slab.c | 81 +-
2926 mm/slob.c | 180 +-
2927 mm/slub.c | 69 +-
2928 mm/sparse-vmemmap.c | 4 +-
af489f2b
PK		 2929 mm/swap.c | 3 +
2930 mm/swapfile.c | 12 +-
d91cac3f
PK		 2931 mm/util.c | 6 +
2932 mm/vmalloc.c | 91 +-
af489f2b
PK		 2933 mm/vmstat.c | 6 +-
2934 net/8021q/vlan.c | 3 +-
2935 net/9p/trans_fd.c | 2 +-
2936 net/atm/atm_misc.c | 8 +-
2937 net/atm/lec.h | 2 +-
2938 net/atm/mpc.h | 2 +-
2939 net/atm/proc.c | 6 +-
2940 net/atm/resources.c | 4 +-
2941 net/batman-adv/bat_iv_ogm.c | 6 +-
2942 net/batman-adv/hard-interface.c | 4 +-
2943 net/batman-adv/soft-interface.c | 4 +-
2944 net/batman-adv/types.h | 6 +-
2945 net/batman-adv/unicast.c | 2 +-
2946 net/bluetooth/hci_conn.c | 2 +-
2947 net/bluetooth/l2cap_core.c | 12 +-
2948 net/bridge/netfilter/ebtables.c | 2 +-
af489f2b
PK		 2949 net/caif/cfctrl.c | 11 +-
2950 net/can/gw.c | 2 +-
2951 net/compat.c | 32 +-
2952 net/core/datagram.c | 2 +-
2953 net/core/dev.c | 16 +-
2954 net/core/flow.c | 8 +-
2955 net/core/iovec.c | 4 +-
2956 net/core/rtnetlink.c | 2 +-
2957 net/core/scm.c | 8 +-
2958 net/core/sock.c | 16 +-
2959 net/decnet/sysctl_net_decnet.c | 4 +-
2960 net/ipv4/fib_frontend.c | 6 +-
2961 net/ipv4/fib_semantics.c | 2 +-
2962 net/ipv4/inetpeer.c | 4 +-
2963 net/ipv4/ip_fragment.c | 2 +-
2964 net/ipv4/ip_sockglue.c | 2 +-
2965 net/ipv4/ipconfig.c | 6 +-
af489f2b
PK		 2966 net/ipv4/ping.c | 2 +-
2967 net/ipv4/raw.c | 14 +-
2968 net/ipv4/route.c | 6 +-
2969 net/ipv4/tcp_probe.c | 2 +-
2970 net/ipv4/udp.c | 8 +-
2971 net/ipv6/addrconf.c | 2 +-
2972 net/ipv6/inet6_connection_sock.c | 4 +-
2973 net/ipv6/ipv6_sockglue.c | 2 +-
2974 net/ipv6/raw.c | 19 +-
2975 net/ipv6/udp.c | 8 +-
2976 net/irda/ircomm/ircomm_tty.c | 38 +-
2977 net/iucv/af_iucv.c | 4 +-
2978 net/key/af_key.c | 4 +-
2979 net/mac80211/ieee80211_i.h | 3 +-
2980 net/mac80211/iface.c | 12 +-
2981 net/mac80211/main.c | 2 +-
2982 net/mac80211/pm.c | 6 +-
2983 net/mac80211/rate.c | 2 +-
2984 net/mac80211/rc80211_pid_debugfs.c | 2 +-
2985 net/mac80211/util.c | 2 +-
2986 net/netfilter/ipvs/ip_vs_conn.c | 6 +-
2987 net/netfilter/ipvs/ip_vs_core.c | 4 +-
2988 net/netfilter/ipvs/ip_vs_ctl.c | 10 +-
2989 net/netfilter/ipvs/ip_vs_sync.c | 4 +-
2990 net/netfilter/ipvs/ip_vs_xmit.c | 4 +-
2991 net/netfilter/nfnetlink_log.c | 4 +-
2992 net/netfilter/xt_statistic.c | 8 +-
2993 net/netlink/af_netlink.c | 4 +-
2994 net/packet/af_packet.c | 8 +-
2995 net/phonet/pep.c | 6 +-
2996 net/phonet/socket.c | 2 +-
2997 net/rds/cong.c | 6 +-
2998 net/rds/ib.h | 2 +-
2999 net/rds/ib_cm.c | 2 +-
3000 net/rds/ib_recv.c | 4 +-
3001 net/rds/iw.h | 2 +-
3002 net/rds/iw_cm.c | 2 +-
3003 net/rds/iw_recv.c | 4 +-
3004 net/rds/tcp.c | 2 +-
3005 net/rds/tcp_send.c | 2 +-
3006 net/rxrpc/af_rxrpc.c | 2 +-
3007 net/rxrpc/ar-ack.c | 14 +-
3008 net/rxrpc/ar-call.c | 2 +-
3009 net/rxrpc/ar-connection.c | 2 +-
3010 net/rxrpc/ar-connevent.c | 2 +-
3011 net/rxrpc/ar-input.c | 4 +-
3012 net/rxrpc/ar-internal.h | 8 +-
3013 net/rxrpc/ar-local.c | 2 +-
3014 net/rxrpc/ar-output.c | 4 +-
3015 net/rxrpc/ar-peer.c | 2 +-
3016 net/rxrpc/ar-proc.c | 4 +-
3017 net/rxrpc/ar-transport.c | 2 +-
3018 net/rxrpc/rxkad.c | 4 +-
3019 net/sctp/socket.c | 2 +-
3020 net/socket.c | 34 +-
3021 net/sunrpc/sched.c | 4 +-
af489f2b
PK		 3022 net/sunrpc/xprtrdma/svc_rdma.c | 38 +-
3023 net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 6 +-
3024 net/sunrpc/xprtrdma/svc_rdma_sendto.c | 2 +-
3025 net/sunrpc/xprtrdma/svc_rdma_transport.c | 10 +-
3026 net/tipc/link.c | 6 +-
3027 net/tipc/msg.c | 2 +-
3028 net/tipc/subscr.c | 2 +-
3029 net/wireless/core.h | 2 +-
3030 net/wireless/wext-core.c | 19 +-
3031 net/xfrm/xfrm_policy.c | 16 +-
3032 scripts/Makefile.build | 4 +-
3033 scripts/Makefile.clean | 3 +-
d91cac3f 3034 scripts/Makefile.host | 27 +-
af489f2b
PK		 3035 scripts/basic/fixdep.c | 12 +-
3036 scripts/gcc-plugin.sh | 2 +
3037 scripts/mod/file2alias.c | 14 +-
d91cac3f 3038 scripts/mod/modpost.c | 30 +-
af489f2b
PK		 3039 scripts/mod/modpost.h | 6 +-
3040 scripts/mod/sumversion.c | 2 +-
3041 scripts/pnmtologo.c | 6 +-
d91cac3f 3042 security/Kconfig | 632 +-
af489f2b
PK		 3043 security/integrity/ima/ima.h | 4 +-
3044 security/integrity/ima/ima_api.c | 2 +-
3045 security/integrity/ima/ima_fs.c | 4 +-
3046 security/integrity/ima/ima_queue.c | 2 +-
3047 security/keys/compat.c | 2 +-
3048 security/keys/keyctl.c | 8 +-
3049 security/keys/keyring.c | 6 +-
d91cac3f 3050 security/security.c | 9 +-
af489f2b
PK		 3051 security/selinux/hooks.c | 2 +-
3052 security/selinux/include/xfrm.h | 2 +-
3053 security/smack/smack_lsm.c | 2 +-
3054 security/tomoyo/tomoyo.c | 2 +-
3055 sound/aoa/codecs/onyx.c | 7 +-
3056 sound/aoa/codecs/onyx.h | 1 +
3057 sound/core/oss/pcm_oss.c | 18 +-
3058 sound/core/pcm_compat.c | 2 +-
3059 sound/core/pcm_native.c | 4 +-
3060 sound/core/seq/seq_device.c | 8 +-
3061 sound/drivers/mts64.c | 14 +-
3062 sound/drivers/opl4/opl4_lib.c | 2 +-
3063 sound/drivers/portman2x4.c | 3 +-
3064 sound/firewire/amdtp.c | 4 +-
3065 sound/firewire/amdtp.h | 2 +-
3066 sound/firewire/isight.c | 10 +-
3067 sound/isa/cmi8330.c | 2 +-
3068 sound/oss/sb_audio.c | 2 +-
3069 sound/oss/swarm_cs4297a.c | 6 +-
3070 sound/pci/hda/hda_codec.h | 7 +-
3071 sound/pci/ice1712/ice1712.h | 4 +-
3072 sound/pci/ymfpci/ymfpci_main.c | 12 +-
3073 sound/soc/soc-pcm.c | 2 +-
3074 sound/usb/card.h | 3 +-
d91cac3f
PK		 3075 tools/gcc/Makefile | 30 +
3076 tools/gcc/checker_plugin.c | 171 +
3077 tools/gcc/colorize_plugin.c | 147 +
3078 tools/gcc/constify_plugin.c | 328 +
3079 tools/gcc/kallocstat_plugin.c | 167 +
3080 tools/gcc/kernexec_plugin.c | 427 +
3081 tools/gcc/lto_plugin.c | 210 +
3082 tools/gcc/size_overflow_hash.h |13146 ++++++++++++++++++++
3083 tools/gcc/size_overflow_plugin.c | 1188 ++
3084 tools/gcc/stackleak_plugin.c | 313 +
af489f2b
PK		 3085 tools/perf/util/include/asm/alternative-asm.h | 3 +
3086 usr/gen_init_cpio.c | 7 +-
d91cac3f
PK		 3087 virt/kvm/kvm_main.c | 22 +-
3088 1253 files changed, 33706 insertions(+), 6050 deletions(-)
3cba718f
PK		 3089commit a00016a11e35e91aec8e2d9b6ec4c6fbb11d6d2b
3090Merge: 0949bd4 fc53d63
3091Author: Brad Spengler <spender@grsecurity.net>
3092Date: Thu Mar 22 19:03:44 2012 -0400
3093
3094 Merge branch 'pax-test' into grsec-test
3095
3096commit fc53d6338964741b368070ec5c935bc579b8c2a6
3097Author: Brad Spengler <spender@grsecurity.net>
3098Date: Thu Mar 22 19:02:45 2012 -0400
3099
3100 Update to pax-linux-3.2.12-test33.patch
3101
3102commit 0949bd46a6455b308f66ad7c993bfee62412db35
3103Author: Brad Spengler <spender@grsecurity.net>
3104Date: Thu Mar 22 16:56:09 2012 -0400
3105
3106 Use current_umask() instead of current->fs->umask
3107
6f12eece
PK		 3108commit 22f6432d0fe733619cfcb523782ed7d80c46d645
3109Author: Brad Spengler <spender@grsecurity.net>
3110Date: Wed Mar 21 19:42:42 2012 -0400
3111
3112 compile fix
3113
3114commit 0cad49d6b8fbb32395da924c1665a1110a9a9eef
3115Author: Brad Spengler <spender@grsecurity.net>
3116Date: Wed Mar 21 19:34:56 2012 -0400
3117
3118 Resolve some very tricky hash table manipulations that resulted in an infinite loop in certain
3119 uses of domains with particular hash collisions
3120
3121commit 47fc52e0a068a29d6cca2f809daf0679cba33c44
3122Author: Brad Spengler <spender@grsecurity.net>
3123Date: Tue Mar 20 20:25:49 2012 -0400
3124
3125 zero kernel_role
3126
a685e4d8
PK		 3127commit b00953b43c69238d181d21121ef1577c988d5f6b
3128Author: Brad Spengler <spender@grsecurity.net>
3129Date: Tue Mar 20 19:29:34 2012 -0400
3130
3131 zero real_root after releasing it
3132
3133commit 0b3ab73ce5d34a2c3206955cd65eddd6bdfd32a1
3134Merge: b724f59 273f98e
3135Author: Brad Spengler <spender@grsecurity.net>
3136Date: Tue Mar 20 19:11:26 2012 -0400
3137
3138 Merge branch 'pax-test' into grsec-test
3139
3140commit 273f98e58cdac555d3b5dce5c1ca168349f95878
3141Author: Brad Spengler <spender@grsecurity.net>
3142Date: Tue Mar 20 19:10:52 2012 -0400
3143
3144 Temporary workaround for (most) size_overflow plugin false-positives
3145 Increase randomization for brk-managed heap to 21 bits
3146 Update to pax-linux-3.2.12-test32.patch
3147
3148commit b724f59125304460c2af8bd4b02921993afbb5d3
3149Author: Brad Spengler <spender@grsecurity.net>
3150Date: Tue Mar 20 18:58:53 2012 -0400
3151
3152 compile fix
3153
3154commit 329f1a9d0f137d0a973316c53bbec18a6eeecd4f
3155Author: Brad Spengler <spender@grsecurity.net>
3156Date: Tue Mar 20 18:52:23 2012 -0400
3157
3158 Require default and kernel role
3159
3160commit a7c5c4f55bdd61cfcd0fb1be7a67160429409878
3161Author: Brad Spengler <spender@grsecurity.net>
3162Date: Tue Mar 20 18:47:28 2012 -0400
3163
3164 Allow policies without special roles
3165 don't call free_variables in error path of copy_user_acl, we'll call it later (triggered by a policy without special roles)
3166
943db133
PK		 3167commit 402ec3d24d66d38403dc543c84851f5e72d39e22
3168Merge: 8e012dc f14661a
3169Author: Brad Spengler <spender@grsecurity.net>
3170Date: Mon Mar 19 18:06:59 2012 -0400
3171
3172 Merge branch 'pax-test' into grsec-test
3173
3174 Conflicts:
3175 fs/namei.c
3176
3177commit f14661aaf202155c97f66626cea0269017bb7775
3178Merge: eae671f 058b017
3179Author: Brad Spengler <spender@grsecurity.net>
3180Date: Mon Mar 19 18:05:44 2012 -0400
3181
3182 Merge branch 'linux-3.2.y' into pax-test
3183
f54c964d
PK		 3184commit 8e012dcf7a50b7cde34c2cec93ecedd049123b75
3185Author: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
3186Date: Fri Mar 16 17:08:39 2012 -0700
3187
3188 nilfs2: fix NULL pointer dereference in nilfs_load_super_block()
3189
3190 According to the report from Slicky Devil, nilfs caused kernel oops at
3191 nilfs_load_super_block function during mount after he shrank the
3192 partition without resizing the filesystem:
3193
3194 BUG: unable to handle kernel NULL pointer dereference at 00000048
3195 IP: [<d0d7a08e>] nilfs_load_super_block+0x17e/0x280 [nilfs2]
3196 *pde = 00000000
3197 Oops: 0000 [#1] PREEMPT SMP
3198 ...
3199 Call Trace:
3200 [<d0d7a87b>] init_nilfs+0x4b/0x2e0 [nilfs2]
3201 [<d0d6f707>] nilfs_mount+0x447/0x5b0 [nilfs2]
3202 [<c0226636>] mount_fs+0x36/0x180
3203 [<c023d961>] vfs_kern_mount+0x51/0xa0
3204 [<c023ddae>] do_kern_mount+0x3e/0xe0
3205 [<c023f189>] do_mount+0x169/0x700
3206 [<c023fa9b>] sys_mount+0x6b/0xa0
3207 [<c04abd1f>] sysenter_do_call+0x12/0x28
3208 Code: 53 18 8b 43 20 89 4b 18 8b 4b 24 89 53 1c 89 43 24 89 4b 20 8b 43
3209 20 c7 43 2c 00 00 00 00 23 75 e8 8b 50 68 89 53 28 8b 54 b3 20 <8b> 72
3210 48 8b 7a 4c 8b 55 08 89 b3 84 00 00 00 89 bb 88 00 00 00
3211 EIP: [<d0d7a08e>] nilfs_load_super_block+0x17e/0x280 [nilfs2] SS:ESP 0068:ca9bbdcc
3212 CR2: 0000000000000048
3213
3214 This turned out due to a defect in an error path which runs if the
3215 calculated location of the secondary super block was invalid.
3216
3217 This patch fixes it and eliminates the reported oops.
3218
3219 Reported-by: Slicky Devil <slicky.dvl@gmail.com>
3220 Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
3221 Tested-by: Slicky Devil <slicky.dvl@gmail.com>
3222 Cc: <stable@vger.kernel.org> [2.6.30+]
3223 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
3224 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3225
3226commit 8067d7f69bf27dc08057a771cf125e71e4575bf2
3227Author: Haogang Chen <haogangchen@gmail.com>
3228Date: Fri Mar 16 17:08:38 2012 -0700
3229
3230 nilfs2: clamp ns_r_segments_percentage to [1, 99]
3231
3232 ns_r_segments_percentage is read from the disk. Bogus or malicious
3233 value could cause integer overflow and malfunction due to meaningless
3234 disk usage calculation. This patch reports error when mounting such
3235 bogus volumes.
3236
3237 Signed-off-by: Haogang Chen <haogangchen@gmail.com>
3238 Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
3239 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
3240 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3241
3242commit e1a90645643f9b0194a5984ec8febd06360d5c8b
3243Author: Eric Dumazet <eric.dumazet@gmail.com>
3244Date: Sat Mar 10 09:20:21 2012 +0000
3245
3246 tcp: fix syncookie regression
3247
3248 commit ea4fc0d619 (ipv4: Don't use rt->rt_{src,dst} in ip_queue_xmit())
3249 added a serious regression on synflood handling.
3250
3251 Simon Kirby discovered a successful connection was delayed by 20 seconds
3252 before being responsive.
3253
3254 In my tests, I discovered that xmit frames were lost, and needed ~4
3255 retransmits and a socket dst rebuild before being really sent.
3256
3257 In case of syncookie initiated connection, we use a different path to
3258 initialize the socket dst, and inet->cork.fl.u.ip4 is left cleared.
3259
3260 As ip_queue_xmit() now depends on inet flow being setup, fix this by
3261 copying the temp flowi4 we use in cookie_v4_check().
3262
3263 Reported-by: Simon Kirby <sim@netnation.com>
3264 Bisected-by: Simon Kirby <sim@netnation.com>
3265 Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
3266 Tested-by: Eric Dumazet <eric.dumazet@gmail.com>
3267 Signed-off-by: David S. Miller <davem@davemloft.net>
3268
3269commit 06c6c8628bf38b08b4d97f4c55cde9fdecfb5d65
3270Author: Stanislav Kinsbursky <skinsbursky@parallels.com>
3271Date: Mon Mar 12 02:59:41 2012 +0000
3272
3273 tun: don't hold network namespace by tun sockets
3274
3275 v3: added previously removed sock_put() to the tun_release() callback, because
3276 sk_release_kernel() doesn't drop the socket reference.
3277
3278 v2: sk_release_kernel() used for socket release. Dummy tun_release() is
3279 required for sk_release_kernel() ---> sock_release() ---> sock->ops->release()
3280 call.
3281
3282 TUN was designed to destroy it's socket on network namesapce shutdown. But this
3283 will never happen for persistent device, because it's socket holds network
3284 namespace.
3285 This patch removes of holding network namespace by TUN socket and replaces it
3286 by creating socket in init_net and then changing it's net it to desired one. On
3287 shutdown socket is moved back to init_net prior to final put.
3288
3289 Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
3290 Signed-off-by: David S. Miller <davem@davemloft.net>
3291
3292commit 46ae7374bd387c58d673a9e58852a9fd31042c5c
3293Author: Tyler Hicks <tyhicks@canonical.com>
3294Date: Mon Dec 12 10:02:30 2011 -0600
3295
3296 vfs: Correctly set the dir i_mutex lockdep class
3297
3298 9a7aa12f3911853a introduced additional logic around setting the i_mutex
3299 lockdep class for directory inodes. The idea was that some filesystems
3300 may want their own special lockdep class for different directory
3301 inodes and calling unlock_new_inode() should not clobber one of
3302 those special classes.
3303
3304 I believe that the added conditional, around the *negated* return value
3305 of lockdep_match_class(), caused directory inodes to be placed in the
3306 wrong lockdep class.
3307
3308 inode_init_always() sets the i_mutex lockdep class with i_mutex_key for
3309 all inodes. If the filesystem did not change the class during inode
3310 initialization, then the conditional mentioned above was false and the
3311 directory inode was incorrectly left in the non-directory lockdep class.
3312 If the filesystem did set a special lockdep class, then the conditional
3313 mentioned above was true and that class was clobbered with
3314 i_mutex_dir_key.
3315
3316 This patch removes the negation from the conditional so that the i_mutex
3317 lockdep class is properly set for directory inodes. Special classes are
3318 preserved and directory inodes with unmodified classes are set with
3319 i_mutex_dir_key.
3320
3321 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
3322 Reviewed-by: Jan Kara <jack@suse.cz>
3323 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3324
3325commit 603590b0d2eca61ce26499eac9c563bc567a18c9
3326Author: Jan Kara <jack@suse.cz>
3327Date: Mon Feb 20 17:54:00 2012 +0100
3328
3329 udf: Fix deadlock in udf_release_file()
3330
3331 udf_release_file() can be called from munmap() path with mmap_sem held. Thus
3332 we cannot take i_mutex there because that ranks above mmap_sem. Luckily,
3333 i_mutex is not needed in udf_release_file() anymore since protection by
3334 i_data_sem is enough to protect from races with write and truncate.
3335
3336 Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
3337 Reviewed-by: Namjae Jeon <linkinjeon@gmail.com>
3338 Signed-off-by: Jan Kara <jack@suse.cz>
3339 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3340
3341commit ca79ab9034f3c2f7e3f65c35e0d9ed3ecea529bf
3342Author: Miklos Szeredi <mszeredi@suse.cz>
3343Date: Tue Mar 6 13:56:33 2012 +0100
3344
3345 vfs: fix double put after complete_walk()
3346
3347 complete_walk() already puts nd->path, no need to do it again at cleanup time.
3348
3349 This would result in Oopses if triggered, apparently the codepath is not too
3350 well exercised.
3351
3352 Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
3353 CC: stable@vger.kernel.org
3354 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3355
3356commit 13885ba2b18400f3ef6540497d30f1af896605e5
3357Author: Miklos Szeredi <mszeredi@suse.cz>
3358Date: Tue Mar 6 13:56:34 2012 +0100
3359
3360 vfs: fix return value from do_last()
3361
3362 complete_walk() returns either ECHILD or ESTALE. do_last() turns this into
3363 ECHILD unconditionally. If not in RCU mode, this error will reach userspace
3364 which is complete nonsense.
3365
3366 Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
3367 CC: stable@vger.kernel.org
3368 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3369
3370 Conflicts:
3371
3372 fs/namei.c
3373
3374commit f5ab7572c99ffb58953eb1070622307e904c3b7f
3375Author: Al Viro <viro@zeniv.linux.org.uk>
3376Date: Sat Mar 10 17:07:28 2012 -0500
3377
3378 restore smp_mb() in unlock_new_inode()
3379
3380 wait_on_inode() doesn't have ->i_lock
3381
3382 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3383
3384commit f3e758cd08e3881982d4b78eb72fe8a1ead6b872
3385Author: David S. Miller <davem@davemloft.net>
3386Date: Tue Mar 13 18:19:51 2012 -0700
3387
3388 sparc32: Add -Av8 to assembler command line.
3389
3390 Newer version of binutils are more strict about specifying the
3391 correct options to enable certain classes of instructions.
3392
3393 The sparc32 build is done for v7 in order to support sun4c systems
3394 which lack hardware integer multiply and divide instructions.
3395
3396 So we have to pass -Av8 when building the assembler routines that
3397 use these instructions and get patched into the kernel when we find
3398 out that we have a v8 capable cpu.
3399
3400 Reported-by: Paul Gortmaker <paul.gortmaker@windriver.com>
3401 Signed-off-by: David S. Miller <davem@davemloft.net>
3402
3403commit 66276ec78b2a971d2e704e5ef963cdc8b6a049a4
3404Author: Thomas Gleixner <tglx@linutronix.de>
3405Date: Fri Mar 9 20:55:10 2012 +0100
3406
3407 x86: Derandom delay_tsc for 64 bit
3408
3409 Commit f0fbf0abc093 ("x86: integrate delay functions") converted
3410 delay_tsc() into a random delay generator for 64 bit. The reason is
3411 that it merged the mostly identical versions of delay_32.c and
3412 delay_64.c. Though the subtle difference of the result was:
3413
3414 static void delay_tsc(unsigned long loops)
3415 {
3416 - unsigned bclock, now;
3417 + unsigned long bclock, now;
3418
3419 Now the function uses rdtscl() which returns the lower 32bit of the
3420 TSC. On 32bit that's not problematic as unsigned long is 32bit. On 64
3421 bit this fails when the lower 32bit are close to wrap around when
3422 bclock is read, because the following check
3423
3424 if ((now - bclock) >= loops)
3425 break;
3426
3427 evaluated to true on 64bit for e.g. bclock = 0xffffffff and now = 0
3428 because the unsigned long (now - bclock) of these values results in
3429 0xffffffff00000001 which is definitely larger than the loops
3430 value. That explains Tvortkos observation:
3431
3432 "Because I am seeing udelay(500) (_occasionally_) being short, and
3433 that by delaying for some duration between 0us (yep) and 491us."
3434
3435 Make those variables explicitely u32 again, so this works for both 32
3436 and 64 bit.
3437
3438 Reported-by: Tvrtko Ursulin <tvrtko.ursulin@onelan.co.uk>
3439 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
3440 Cc: stable@vger.kernel.org # >= 2.6.27
3441 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3442
3443commit 2d0ddb60f5031bdf79b4d51225f9f2d5856255bf
3444Author: Al Viro <viro@ZenIV.linux.org.uk>
3445Date: Thu Mar 8 17:51:19 2012 +0000
3446
3447 aio: fix the "too late munmap()" race
3448
3449 Current code has put_ioctx() called asynchronously from aio_fput_routine();
3450 that's done *after* we have killed the request that used to pin ioctx,
3451 so there's nothing to stop io_destroy() waiting in wait_for_all_aios()
3452 from progressing. As the result, we can end up with async call of
3453 put_ioctx() being the last one and possibly happening during exit_mmap()
3454 or elf_core_dump(), neither of which expects stray munmap() being done
3455 to them...
3456
3457 We do need to prevent _freeing_ ioctx until aio_fput_routine() is done
3458 with that, but that's all we care about - neither io_destroy() nor
3459 exit_aio() will progress past wait_for_all_aios() until aio_fput_routine()
3460 does really_put_req(), so the ioctx teardown won't be done until then
3461 and we don't care about the contents of ioctx past that point.
3462
3463 Since actual freeing of these suckers is RCU-delayed, we don't need to
3464 bump ioctx refcount when request goes into list for async removal.
3465 All we need is rcu_read_lock held just over the ->ctx_lock-protected
3466 area in aio_fput_routine().
3467
3468 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3469 Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
3470 Acked-by: Benjamin LaHaise <bcrl@kvack.org>
3471 Cc: stable@vger.kernel.org
3472 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3473
3474commit 002124c055afbf09b52226af65621999e8316448
3475Author: Al Viro <viro@ZenIV.linux.org.uk>
3476Date: Wed Mar 7 05:16:35 2012 +0000
3477
3478 aio: fix io_setup/io_destroy race
3479
3480 Have ioctx_alloc() return an extra reference, so that caller would drop it
3481 on success and not bother with re-grabbing it on failure exit. The current
3482 code is obviously broken - io_destroy() from another thread that managed
3483 to guess the address io_setup() would've returned would free ioctx right
3484 under us; gets especially interesting if aio_context_t * we pass to
3485 io_setup() points to PROT_READ mapping, so put_user() fails and we end
3486 up doing io_destroy() on kioctx another thread has just got freed...
3487
3488 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3489 Acked-by: Benjamin LaHaise <bcrl@kvack.org>
3490 Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
3491 Cc: stable@vger.kernel.org
3492 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3493
3494commit a1cd2719b8ed8e40dbd98c87713ac23a2169f6d8
3495Author: Dan Carpenter <dan.carpenter@oracle.com>
3496Date: Thu Mar 15 15:17:12 2012 -0700
3497
3498 drivers/video/backlight/s6e63m0.c: fix corruption storing gamma mode
3499
3500 strict_strtoul() writes a long but ->gamma_mode only has space to store an
3501 int, so on 64 bit systems we end up scribbling over ->gamma_table_count as
3502 well. I've changed it to use kstrtouint() instead.
3503
3504 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
3505 Acked-by: Inki Dae <inki.dae@samsung.com>
3506 Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
3507 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
3508 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3509
cc0d37e9
PK		 3510commit cf83f735a5571f4341ee6eab947a1f7d833cea6e
3511Merge: e4b05b6 eae671f
3512Author: Brad Spengler <spender@grsecurity.net>
3513Date: Fri Mar 16 21:04:27 2012 -0400
3514
3515 Merge branch 'pax-test' into grsec-test
3516
3517 Conflicts:
3518 security/Kconfig
3519
3520commit eae671fafe93f04685c04a089cc13efebc05d600
3521Author: Brad Spengler <spender@grsecurity.net>
3522Date: Fri Mar 16 20:58:01 2012 -0400
3523
3524 Update to pax-linux-3.2.11-test31.patch
3525 Introduction of the size_overflow plugin from Emese Revfy
3526 Many thanks to Emese for her hard work :)
3527
6ecae204
PK		 3528commit e4b05b65c645c412eceb9c950ee7b4771627e6b1
3529Merge: e55aa68 258c015
3530Author: Brad Spengler <spender@grsecurity.net>
3531Date: Thu Mar 15 20:59:19 2012 -0400
3532
3533 Merge branch 'pax-test' into grsec-test
3534
3535commit 258c0159fa6dd5044ca984eeaad57bb6e21bacea
3536Author: Brad Spengler <spender@grsecurity.net>
3537Date: Thu Mar 15 20:59:05 2012 -0400
3538
3539 fix ARM compilation
3540
3541commit e55aa68f4bb20e75cd7423123aa612c2a69590c0
3542Merge: 8f95ea9 55b7573
3543Author: Brad Spengler <spender@grsecurity.net>
3544Date: Wed Mar 14 19:33:41 2012 -0400
3545
3546 Merge branch 'pax-test' into grsec-test
3547
3548commit 55b7573f6c2f3be26fb39c7bd6a9d742d02811ca
3549Author: Brad Spengler <spender@grsecurity.net>
3550Date: Wed Mar 14 19:33:15 2012 -0400
3551
3552 Update to pax-linux-3.2.10-test28.patch
3553
dc66cfc9
PK		 3554commit 8f95ea9f718c293794a1f6bdd2a5f5f336f7bd64
3555Merge: c8786a2 886ac5e
3556Author: Brad Spengler <spender@grsecurity.net>
3557Date: Tue Mar 13 17:38:13 2012 -0400
3558
3559 Merge branch 'pax-test' into grsec-test
3560
3561 Greets and thanks to snq for his assistance in testing/debugging REFCOUNT on ARM :)
3562
3563commit 886ac5eeb1835e87cf7398b8aae9e9ba6b36bf77
3564Author: Brad Spengler <spender@grsecurity.net>
3565Date: Tue Mar 13 17:37:44 2012 -0400
3566
3567 Update to pax-linux-3.2.10-test26.patch
3568
3569commit c8786a2abed5e5327f68efa520c04db99bb6a63a
3570Merge: 219c982 c061fcf
3571Author: Brad Spengler <spender@grsecurity.net>
3572Date: Tue Mar 13 17:25:06 2012 -0400
3573
3574 Merge branch 'pax-test' into grsec-test
3575
3576commit c061fcfa6b78f3774800821144d8ac2d94d7da3e
3577Merge: 89373d2 3f4b3b2
3578Author: Brad Spengler <spender@grsecurity.net>
3579Date: Tue Mar 13 17:25:02 2012 -0400
3580
3581 Merge branch 'linux-3.2.y' into pax-test
3582
3583commit 219c982a05abe47be4ea7d749e1b408e0cb86f1f
3584Merge: 54e19a3 89373d2
3585Author: Brad Spengler <spender@grsecurity.net>
3586Date: Mon Mar 12 17:23:57 2012 -0400
3587
3588 Merge branch 'pax-test' into grsec-test
3589
3590commit 89373d2abafb9bda97f78bdb157d1d05cf21e008
3591Merge: a778588 7459f11
3592Author: Brad Spengler <spender@grsecurity.net>
3593Date: Mon Mar 12 17:23:49 2012 -0400
3594
3595 Merge branch 'linux-3.2.y' into pax-test
3596
3597commit 54e19a3979978fca902b14ae25125f26fbbbc7a7
3598Merge: c4650f1 a778588
3599Author: Brad Spengler <spender@grsecurity.net>
3600Date: Mon Mar 12 16:51:25 2012 -0400
3601
3602 Merge branch 'pax-test' into grsec-test
3603
3604commit a778588c9d1b75c48c1f09aac98c1b28bd87a749
3605Author: Brad Spengler <spender@grsecurity.net>
3606Date: Mon Mar 12 16:51:12 2012 -0400
3607
3608 Update to pax-linux-3.2.9-test24.patch
3609
3a5590ab
PK		 3610commit c4650f14b13f84735fe3de06a1f3ff5776473eff
3611Merge: fb2abee 1015790
3612Author: Brad Spengler <spender@grsecurity.net>
3613Date: Sun Mar 11 21:08:28 2012 -0400
3614
3615 Merge branch 'pax-test' into grsec-test
3616
3617 Conflicts:
3618 security/Kconfig
3619
3620commit 101579028a736c224e590c7e12a7357018c424e1
3621Author: Brad Spengler <spender@grsecurity.net>
3622Date: Sun Mar 11 21:07:27 2012 -0400
3623
3624 Update to pax-linux-3.2.9-test22.patch
3625
3626commit fb2abee4b9b49f5f18342a8cdf7aa3ba2b7c9100
3627Author: Brad Spengler <spender@grsecurity.net>
3628Date: Sun Mar 11 11:02:17 2012 -0400
3629
3630 Allow 4096 CPUs
3631
3632commit 96bae28cbe6a41d48e3b56e5904814096e956000
3633Author: Brad Spengler <spender@grsecurity.net>
3634Date: Sun Mar 11 10:25:58 2012 -0400
3635
3636 Use a per-cpu 48-bit counter instead of a global atomic64
3637 Initialize each counter to have the cpu number in the lower 16 bits
3638 instead of incrementing the counter each time by 1, perform the increments
3639 above the cpu number so that wrapping/exhausting the counter doesn't corrupt
3640 any state
3641 idea from PaX Team
3642
3643commit b975688101da6e966aebb1bc6b8c5c5983974f9c
3644Author: Brad Spengler <spender@grsecurity.net>
3645Date: Sat Mar 10 20:33:12 2012 -0500
3646
3647 Special vnsec edition! :)
3648 Further reduce argv/env allowance for suid/sgid apps to 512KB
3649 Clamp suid/sgid stack resource limit to 8MB (preventing compat mmap layout fallback/too large stack gap)
3650 Clear 3GB personality on suid/sgid binaries
3651 Restore 4 bits entropy in the lowest bits of arg/env strings (now 28 bits on x86, 39 bits on x64)
3652 with the main purpose of throwing off program stack -> arg/env alignment
3653 Update documentation
3654
3655commit e5cfa902c4e891d11dd2086543d2555aa0c27d33
3656Author: Brad Spengler <spender@grsecurity.net>
3657Date: Sat Mar 10 19:54:47 2012 -0500
3658
3659 Resolve skbuff.h warnings that turn into errors during compilation in
3660 the grsecurity directory with -Werror
3661
3662commit 2023210ad43a944033fcacc660ce410888f562ee
3663Merge: ece4383 5f66adf
3664Author: Brad Spengler <spender@grsecurity.net>
3665Date: Fri Mar 9 19:48:01 2012 -0500
3666
3667 Merge branch 'pax-test' into grsec-test
3668
3669commit 5f66adf72f83730a07bc79a2fab56afed6dbbd0e
3670Author: Brad Spengler <spender@grsecurity.net>
3671Date: Fri Mar 9 19:47:06 2012 -0500
3672
3673 Add colorize plugin
3674
3675commit ece4383e5e91c92d138c4df84225a70b552f4d69
3676Merge: a366d0e ab4a5a1
3677Author: Brad Spengler <spender@grsecurity.net>
3678Date: Fri Mar 9 17:56:46 2012 -0500
3679
3680 Merge branch 'pax-test' into grsec-test
3681
3682commit ab4a5a1a67289c3585e2ff8aa64ecece7bd17eea
3683Author: Brad Spengler <spender@grsecurity.net>
3684Date: Fri Mar 9 17:56:26 2012 -0500
3685
3686 Update to pax-linux-3.2.9-test21.patch
3687
3bb6c9c4
PK		 3688commit a366d0ed963ce93fce10121c1100989d5f064e75
3689Author: Mikulas Patocka <mpatocka@redhat.com>
3690Date: Sun Mar 4 19:52:03 2012 -0500
3691
3692 mm: fix find_vma_prev
3693
3694 Commit 6bd4837de96e ("mm: simplify find_vma_prev()") broke memory
3695 management on PA-RISC.
3696
3697 After application of the patch, programs that allocate big arrays on the
3698 stack crash with segfault, for example, this will crash if compiled
3699 without optimization:
3700
3701 int main()
3702 {
3703 char array[200000];
3704 array[199999] = 0;
3705 return 0;
3706 }
3707
3708 The reason is that PA-RISC has up-growing stack and the stack is usually
3709 the last memory area. In the above example, a page fault happens above
3710 the stack.
3711
3712 Previously, if we passed too high address to find_vma_prev, it returned
3713 NULL and stored the last VMA in *pprev. After "simplify find_vma_prev"
3714 change, it stores NULL in *pprev. Consequently, the stack area is not
3715 found and it is not expanded, as it used to be before the change.
3716
3717 This patch restores the old behavior and makes it return the last VMA in
3718 *pprev if the requested address is higher than address of any other VMA.
3719
3720 Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
3721 Acked-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
3722 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3723
6fea7883
PK		 3724commit 9cd8dd4d56051099f11563f72fcd91cd0ce19604
3725Author: Hugh Dickins <hughd@google.com>
3726Date: Tue Mar 6 12:28:52 2012 -0800
3727
3728 mmap: EINVAL not ENOMEM when rejecting VM_GROWS
3729
3730 Currently error is -ENOMEM when rejecting VM_GROWSDOWN|VM_GROWSUP
3731 from shared anonymous: hoist the file case's -EINVAL up for both.
3732
3733 Signed-off-by: Hugh Dickins <hughd@google.com>
3734 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3735
3736commit 97745dce6c87f9d9ca5b4be9bd4c2fc1684ca04c
3737Author: Al Viro <viro@ZenIV.linux.org.uk>
3738Date: Mon Mar 5 06:38:42 2012 +0000
3739
3740 aout: move setup_arg_pages() prior to reading/mapping the binary
3741
3742 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3743 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3744
3745commit 3b20ce55ae8cffee43cb4afdf5be438b5ac4fef0
3746Author: Jan Beulich <JBeulich@suse.com>
3747Date: Mon Mar 5 16:49:24 2012 +0000
3748
3749 vsprintf: make %pV handling compatible with kasprintf()
3750
3751 kasprintf() (and potentially other functions that I didn't run across so
3752 far) want to evaluate argument lists twice. Caring to do so for the
3753 primary list is obviously their job, but they can't reasonably be
3754 expected to check the format string for instances of %pV, which however
3755 need special handling too: On architectures like x86-64 (as opposed to
3756 e.g. ix86), using the same argument list twice doesn't produce the
3757 expected results, as an internally managed cursor gets updated during
3758 the first run.
3759
3760 Fix the problem by always acting on a copy of the original list when
3761 handling %pV.
3762
3763 Signed-off-by: Jan Beulich <jbeulich@suse.com>
3764 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3765
3766commit 4146896ab9674f51d4909f3a52bc7fe80f04e4cb
3767Author: Al Viro <viro@ZenIV.linux.org.uk>
3768Date: Mon Mar 5 06:39:47 2012 +0000
3769
3770 VM_GROWS{UP,DOWN} shouldn't be set on shmem VMAs
3771
3772 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3773 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3774
7225d8dd
PK		 3775commit a831bd53764695ea680cc1fa3c98759a610ed2ac
3776Author: Christian König <deathsimple@vodafone.de>
3777Date: Tue Feb 28 23:19:20 2012 +0100
3778
3779 drm/radeon: fix uninitialized variable
3780
3781 Without this fix the driver randomly treats
3782 textures as arrays and I'm really wondering
3783 why gcc isn't complaining about it.
3784
3785 Signed-off-by: Christian König <deathsimple@vodafone.de>
3786 Reviewed-by: Jerome Glisse <jglisse@redhat.com>
3787 Signed-off-by: Dave Airlie <airlied@redhat.com>
3788
3789commit aa2cd55f97f3cc03bdd895b6e8ba99619ee69dfc
3790Author: H. Peter Anvin <hpa@zytor.com>
3791Date: Fri Mar 2 10:43:48 2012 -0800
3792
3793 regset: Prevent null pointer reference on readonly regsets
3794
3795 The regset common infrastructure assumed that regsets would always
3796 have .get and .set methods, but not necessarily .active methods.
3797 Unfortunately people have since written regsets without .set methods.
3798
3799 Rather than putting in stub functions everywhere, handle regsets with
3800 null .get or .set methods explicitly.
3801
3802 Signed-off-by: H. Peter Anvin <hpa@zytor.com>
3803 Reviewed-by: Oleg Nesterov <oleg@redhat.com>
3804 Acked-by: Roland McGrath <roland@hack.frob.com>
3805 Cc: <stable@vger.kernel.org>
3806 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3807
3808commit 072ddd99401c79b53c6bf6bff9deb93022124c79
3809Author: Brad Spengler <spender@grsecurity.net>
3810Date: Mon Mar 5 18:12:57 2012 -0500
3811
3812 Fix compiler errors reported on forums
3813
3814commit 1606774b48af24e6f99d99c624c0e447d4b66474
3815Merge: 3127bd5 4ca2ffd
3816Author: Brad Spengler <spender@grsecurity.net>
3817Date: Mon Mar 5 17:31:35 2012 -0500
3818
3819 Merge branch 'pax-test' into grsec-test
3820
3821commit 4ca2ffd9da024f4ba2d0cb6245ba1b2726169452
3822Author: Brad Spengler <spender@grsecurity.net>
3823Date: Mon Mar 5 17:31:21 2012 -0500
3824
3825 Update to pax-linux-3.2.9-test20.patch
3826
f7b53b3e
PK		 3827commit 3127bd581a292966b1057c7433219dac188c3720
3828Author: Brad Spengler <spender@grsecurity.net>
3829Date: Fri Mar 2 21:30:37 2012 -0500
3830
3831 Fix memory leak on logged exec_id check failure in /proc/pid/statm
3832 Thanks to Djalal Harouni for the report
3833
3834commit d9f1a3be0e97e0632f97379322712d8deeb3ce23
3835Merge: 0a56be8 9aa8288
3836Author: Brad Spengler <spender@grsecurity.net>
3837Date: Fri Mar 2 18:38:22 2012 -0500
3838
3839 Merge branch 'pax-test' into grsec-test
3840
3841commit 9aa8288a09e6e03ce37c08136b26bff17a093b5c
3842Author: Brad Spengler <spender@grsecurity.net>
3843Date: Fri Mar 2 18:37:43 2012 -0500
3844
3845 Update to pax-linux-3.2.9-test19.patch
3846
ebd0c7c2
PK		 3847commit 0a56be884bbd7ce733cac0b879c45383494d73b0
3848Merge: 9e66745 3f5c52a
3849Author: Brad Spengler <spender@grsecurity.net>
3850Date: Thu Mar 1 20:18:01 2012 -0500
3851
3852 Merge branch 'pax-test' into grsec-test
3853
3854commit 3f5c52aba100b3bb252980f9d363aafde52da1a2
3855Author: Brad Spengler <spender@grsecurity.net>
3856Date: Thu Mar 1 20:16:56 2012 -0500
3857
3858 Update to pax-linux-3.2.9-test18.patch
3859
3860commit ae53ec231d12719a36bf871f8c5841020ed692ee
3861Merge: b255baf 44fb317
3862Author: Brad Spengler <spender@grsecurity.net>
3863Date: Thu Mar 1 20:15:31 2012 -0500
3864
3865 Merge branch 'linux-3.2.y' into pax-test
3866
5001bfca
PK		 3867commit 9e667456c03eadea2f305be761abe4de9a5877a3
3868Merge: 5e4e200 b255baf
3869Author: Brad Spengler <spender@grsecurity.net>
3870Date: Mon Feb 27 20:53:59 2012 -0500
3871
3872 Merge branch 'pax-test' into grsec-test
3873
3874commit b255baf50365d39b406f43aab2c64745607baaa2
3875Merge: 340ce90 1de504e
3876Author: Brad Spengler <spender@grsecurity.net>
3877Date: Mon Feb 27 20:53:29 2012 -0500
3878
3879 Merge branch 'linux-3.2.y' into pax-test
3880 Update to pax-linux-3.2.8-test17.patch
3881
3882 Conflicts:
3883 arch/x86/include/asm/i387.h
3884 arch/x86/kernel/process_32.c
3885 arch/x86/kernel/traps.c
3886
3887commit 5e4e200ac530452884b625cb75de240e1e98c731
3888Merge: 44306d7 340ce90
3889Author: Brad Spengler <spender@grsecurity.net>
3890Date: Mon Feb 27 18:02:13 2012 -0500
3891
3892 Merge branch 'pax-test' into grsec-test
3893
3894commit 340ce90d98a043fa8e4ed9ffc229d4c1f86e2fec
3895Author: Brad Spengler <spender@grsecurity.net>
3896Date: Mon Feb 27 18:01:48 2012 -0500
3897
3898 Update to pax-linux-3.2.7-test17.patch
3899
92a32a3c
PK		 3900commit 44306d7b3097f77e73040dd25f4f6750751bae7a
3901Merge: 29d0b07 521c411
3902Author: Brad Spengler <spender@grsecurity.net>
3903Date: Sun Feb 26 19:04:15 2012 -0500
3904
3905 Merge branch 'pax-test' into grsec-test
3906
3907 Conflicts:
3908 Makefile
3909
3910commit 521c411bb4ca66ce01146fde8bac9dd22414076d
3911Author: Brad Spengler <spender@grsecurity.net>
3912Date: Sun Feb 26 19:03:33 2012 -0500
3913
3914 Update to pax-linux-3.2.7-test16.patch
3915
3916commit 29d0b07290bb9a10cdfcc3c30058e16265330dea
3917Author: Brad Spengler <spender@grsecurity.net>
3918Date: Sun Feb 26 17:12:44 2012 -0500
3919
3920 fix typo
3921
2ae4ee49
PK		 3922commit 344f6d84e5d3fdc6ec40a078fc2f5861d340b2ef
3923Merge: f45b3be caa8f83
3924Author: Brad Spengler <spender@grsecurity.net>
3925Date: Sat Feb 25 20:59:27 2012 -0500
3926
3927 Merge branch 'pax-test' into grsec-test
3928
3929commit caa8f83456c4d0b204beefffaa1d1993f2348d08
3930Author: Brad Spengler <spender@grsecurity.net>
3931Date: Sat Feb 25 20:59:12 2012 -0500
3932
3933 Update to pax-linux-3.2.7-test15.patch
3934
bd150498
PK		 3935commit f45b3be34a345502a302e736af9a65742ddef7cb
3936Merge: 62f35fd 9f1309b
3937Author: Brad Spengler <spender@grsecurity.net>
3938Date: Sat Feb 25 11:40:15 2012 -0500
3939
3940 Merge branch 'pax-test' into grsec-test
3941
3942commit 9f1309b0b935e3b30fc87a9e3009b84cf943ef47
3943Author: Brad Spengler <spender@grsecurity.net>
3944Date: Sat Feb 25 11:39:57 2012 -0500
3945
3946 Update to pax-linux-3.2.7-test14.patch
3947
0b1c60a0
PK		 3948commit 62f35fdbecc58f2988fe13638d907b87a15776bb
3949Author: Brad Spengler <spender@grsecurity.net>
3950Date: Sat Feb 25 09:08:55 2012 -0500
3951
3952 We could log on attempted exploits of writing /proc/self/mem, but the current
3953 log function declares the access a read, so just swap the ordering for now
3954
3955commit 066ee8f9c26f1549b4ad893508777b549c8d4b79
3956Author: Brad Spengler <spender@grsecurity.net>
3957Date: Sat Feb 25 08:46:14 2012 -0500
3958
3959 Log /proc/pid/mem attempts
3960
3961commit 674471e581893a94d475acac3e3c4496209b3ac9
3962Author: Brad Spengler <spender@grsecurity.net>
3963Date: Sat Feb 25 08:15:00 2012 -0500
3964
3965 Make use of f_version for protecting /proc file structs (fine since we're not a directory
3966 or seq_file)
3967
e68c5f82
PK		 3968commit eab42cfdd237ffcdd8ec24bedecc275a3a9e987f
3969Author: Brad Spengler <spender@grsecurity.net>
3970Date: Fri Feb 24 20:02:19 2012 -0500
3971
3972 Fix ia64 compilation
3973
3974commit 50dfea412fd395e0183c2ade368efa525d38b267
3975Merge: 12db845 4c6f99b
3976Author: Brad Spengler <spender@grsecurity.net>
3977Date: Fri Feb 24 19:00:53 2012 -0500
3978
3979 Merge branch 'pax-test' into grsec-test
3980
3981commit 4c6f99bf338e03966356b147d0360cb3b522a44f
3982Author: Brad Spengler <spender@grsecurity.net>
3983Date: Fri Feb 24 19:00:36 2012 -0500
3984
3985 (6:57:09 PM) pipacs: but you can be proactive
3986 (Fix other-arch atomic64/REFCOUNT compilation failures)
3987
abeb2c11
PK		 3988commit 12db8453f6bb0a756f369c9151668ba1249bc478
3989Author: Brad Spengler <spender@grsecurity.net>
3990Date: Thu Feb 23 21:10:12 2012 -0500
3991
3992 Remove unnecessary copies, as suggested by solar
3993
3994commit cc02cab84368467ea03cb35f861a8a7092d91ab4
3995Author: Brad Spengler <spender@grsecurity.net>
3996Date: Thu Feb 23 20:59:35 2012 -0500
3997
3998 Make global_exec_counter static, as suggested by solar
3999
4000commit e642091a475ebb3a30e81f85e7751233d0c2af43
4001Author: Brad Spengler <spender@grsecurity.net>
4002Date: Thu Feb 23 19:00:26 2012 -0500
4003
4004 sync with stable tree
4005
4006commit 6df09c3d8e371905b7b8fe90c4188f23614c6be5
4007Author: Brad Spengler <spender@grsecurity.net>
4008Date: Thu Feb 23 18:48:47 2012 -0500
4009
4010 Remove unneeded gr_acl_handle_fchmod, as the code is shared now by gr_acl_handle_chmod
4011 Remove handling of old kludge in chmod/fchmod
4012
4013commit 815cb62f2ca7b58efc39778b3a855feb675ab56c
4014Author: Brad Spengler <spender@grsecurity.net>
4015Date: Thu Feb 23 18:18:49 2012 -0500
4016
4017 Apply umask checks to chmod/fchmod as well, as requested by sponsor
4018 Union the enforced umask with the existing one to produce minimal privilege
4019 Change umask type to u16
4020
4021commit 0e7668c6abbdbcd3f7f9759e3994d6f4bc9953f0
4022Author: Brad Spengler <spender@grsecurity.net>
4023Date: Wed Feb 22 18:16:11 2012 -0500
4024
4025 Add per-role umask enforcement to RBAC, requested by a sponsor
4026
ef577b6f
PK		 4027commit ad5ac943fe58199f1cc475912a39edb157acb77b
4028Merge: dda0bb5 41722e3
4029Author: Brad Spengler <spender@grsecurity.net>
4030Date: Mon Feb 20 20:04:42 2012 -0500
4031
4032 Merge branch 'pax-test' into grsec-test
4033
4034commit 41722e342e116d95f3d3556d66c97c888d752d39
4035Author: Brad Spengler <spender@grsecurity.net>
4036Date: Mon Feb 20 20:04:00 2012 -0500
4037
4038 Merge changes from pax-linux-3.2.7-test12.patch, fixes KVM incompatibility with
4039 KERNEXEC plugin
4040
4041commit dda0bb57137846a476a866c60db2681aaf6052c0
4042Merge: 4fd554e d70927a
4043Author: Brad Spengler <spender@grsecurity.net>
4044Date: Mon Feb 20 20:01:41 2012 -0500
4045
4046 Merge branch 'pax-test' into grsec-test
4047
4048commit d70927afec977d489a54c106a3c3ddc32e953050
4049Merge: 1daebf1 9d0231c
4050Author: Brad Spengler <spender@grsecurity.net>
4051Date: Mon Feb 20 20:01:33 2012 -0500
4052
4053 Merge branch 'linux-3.2.y' into pax-test
4054
a40a2c53
PK		 4055commit 4fd554e3a097b22c5049fcdc423897477deff5ef
4056Author: Brad Spengler <spender@grsecurity.net>
4057Date: Mon Feb 20 09:17:57 2012 -0500
4058
4059 Fix wrong logic on capability checks for switching roles, broke policies
4060 Thanks to Richard Kojedzinszky for reporting
4061
c10e8210
PK		 4062commit 12f97d52ac603f24344f8d71569c412a307e9422
4063Author: Brad Spengler <spender@grsecurity.net>
4064Date: Thu Feb 16 21:20:10 2012 -0500
4065
4066 sparc64 compile fix
4067
b86e1712
PK		 4068commit 07af3d8e76a6a47ce1836e5b20ed8c0f879c8201
4069Author: Brad Spengler <spender@grsecurity.net>
4070Date: Thu Feb 16 18:38:32 2012 -0500
4071
4072 Update configuration help and name for GRKERNSEC_PROC_MEMMAP
4073
4074commit 5ced6f8def06c2176b40b5fa07345fc723dc4dcb
4075Author: Brad Spengler <spender@grsecurity.net>
4076Date: Thu Feb 16 18:18:01 2012 -0500
4077
4078 optimize the check a bit
4079
4080commit 03159050f64989be44ae03be769cbed62a7cd2e5
4081Author: Brad Spengler <spender@grsecurity.net>
4082Date: Thu Feb 16 18:00:45 2012 -0500
4083
4084 smile VUPEN :D
4085 (limit argv+env to 1MB for suid/sgid binaries)
4086
4087commit dd759d8800d225a397e4de49fe729c7d601298d2
4088Author: Brad Spengler <spender@grsecurity.net>
4089Date: Thu Feb 16 17:49:33 2012 -0500
4090
4091 Address Space Protection -> Memory Protections (suggested on IRC for consistency)
4092
4093commit 4de635bda8ebfb85312e3bf851bdbff93de400da
4094Author: Brad Spengler <spender@grsecurity.net>
4095Date: Thu Feb 16 17:45:06 2012 -0500
4096
4097 Change the long long type for exec_id to the proper u64
4098
27a14279
PK		 4099commit 4feb07e7cb64b3d0f0f8cca1aef70bc725cae6fa
4100Author: Dan Carpenter <dan.carpenter@oracle.com>
4101Date: Thu Feb 9 00:46:47 2012 +0000
4102
4103 isdn: type bug in isdn_net_header()
4104
4105 We use len to store the return value from eth_header(). eth_header()
4106 can return -ETH_HLEN (-14). We want to pass this back instead of
4107 truncating it to 65522 and returning that.
4108
4109 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
4110 Acked-by: Neil Horman <nhorman@tuxdriver.com>
4111 Signed-off-by: David S. Miller <davem@davemloft.net>
4112
4113commit 134ac8545b47f0f27d550ea6e1edb3a1ed7a9748
4114Author: Heiko Carstens <heiko.carstens@de.ibm.com>
4115Date: Sat Feb 4 10:47:10 2012 +0100
4116
4117 exec: fix use-after-free bug in setup_new_exec()
4118
4119 Setting the task name is done within setup_new_exec() by accessing
4120 bprm->filename. However this happens after flush_old_exec().
4121 This may result in a use after free bug, flush_old_exec() may
4122 "complete" vfork_done, which will wake up the parent which in turn
4123 may free the passed in filename.
4124 To fix this add a new tcomm field in struct linux_binprm which
4125 contains the now early generated task name until it is used.
4126
4127 Fixes this bug on s390:
4128
4129 Unable to handle kernel pointer dereference at virtual kernel address 0000000039768000
4130 Process kworker/u:3 (pid: 245, task: 000000003a3dc840, ksp: 0000000039453818)
4131 Krnl PSW : 0704000180000000 0000000000282e94 (setup_new_exec+0xa0/0x374)
4132 Call Trace:
4133 ([<0000000000282e2c>] setup_new_exec+0x38/0x374)
4134 [<00000000002dd12e>] load_elf_binary+0x402/0x1bf4
4135 [<0000000000280a42>] search_binary_handler+0x38e/0x5bc
4136 [<0000000000282b6c>] do_execve_common+0x410/0x514
4137 [<0000000000282cb6>] do_execve+0x46/0x58
4138 [<00000000005bce58>] kernel_execve+0x28/0x70
4139 [<000000000014ba2e>] ____call_usermodehelper+0x102/0x140
4140 [<00000000005bc8da>] kernel_thread_starter+0x6/0xc
4141 [<00000000005bc8d4>] kernel_thread_starter+0x0/0xc
4142 Last Breaking-Event-Address:
4143 [<00000000002830f0>] setup_new_exec+0x2fc/0x374
4144
4145 Kernel panic - not syncing: Fatal exception: panic_on_oops
4146
4147 Reported-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
4148 Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
4149 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4150
4151commit d758ee9f5230893dabb5aab737b3109684bde196
4152Author: Dan Carpenter <dan.carpenter@oracle.com>
4153Date: Fri Feb 10 09:03:58 2012 +0100
4154
4155 relay: prevent integer overflow in relay_open()
4156
4157 "subbuf_size" and "n_subbufs" come from the user and they need to be
4158 capped to prevent an integer overflow.
4159
4160 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
4161 Cc: stable@kernel.org
4162 Signed-off-by: Jens Axboe <axboe@kernel.dk>
4163
4164commit 40ed7b34848b8e0d7bf9a3fc21a7c75ce1ae507c
4165Merge: b1baadf 1daebf1
4166Author: Brad Spengler <spender@grsecurity.net>
4167Date: Mon Feb 13 17:47:04 2012 -0500
4168
4169 Merge branch 'pax-test' into grsec-test
4170
4171 Conflicts:
4172 fs/proc/base.c
4173
4174commit 1daebf1d623fe5b0efdd329f78562eb7078bc772
4175Merge: 1413df2 c2db2e2
4176Author: Brad Spengler <spender@grsecurity.net>
4177Date: Mon Feb 13 17:45:54 2012 -0500
4178
4179 Merge branch 'linux-3.2.y' into pax-test
4180
7acf84a0
PK		 4181commit b1baadf5047ab67cf61cd20bf58c6afb09c37c7d
4182Author: Brad Spengler <spender@grsecurity.net>
4183Date: Sun Feb 12 16:44:05 2012 -0500
4184
4185 add missing declaration
4186
4187commit 3981059c35e8463002517935c28f3d74b8e3703c
4188Author: Brad Spengler <spender@grsecurity.net>
4189Date: Sun Feb 12 16:36:04 2012 -0500
4190
4191 Require CAP_SETUID/CAP_SETGID in a subject in order to change roles
4192 in addition to existing checks (this handles the setresuid ruid = euid case)
4193
4194commit 0beab03263c773f463412c350ad9064b44b6ede0
4195Author: Brad Spengler <spender@grsecurity.net>
4196Date: Sun Feb 12 16:13:40 2012 -0500
4197
4198 Revert setreuid changes when RBAC is enabled, breaks freeradius
4199 I'll fix the learning issue Lavish reported a different way through
4200 gradm modifications
4201
4202 This reverts commit d54ec64b7078f1dcb71b5d8a29e47d4a0f46c111.
4203
d5b14074
PK		 4204commit 0c61cb1cfbbfec7d07647268c922d51434d22621
4205Author: Brad Spengler <spender@grsecurity.net>
4206Date: Sat Feb 11 14:22:46 2012 -0500
4207
4208 copy exec_id on fork
4209
43359f88
PK		 4210commit 000c08e0890630086b2ed04084050ed856a7ec31
4211Author: Brad Spengler <spender@grsecurity.net>
4212Date: Fri Feb 10 20:00:36 2012 -0500
4213
4214 compile fix
4215
4216commit 54b8c8f54484e5ee18040657827158bc4b63bccc
4217Author: Brad Spengler <spender@grsecurity.net>
4218Date: Fri Feb 10 19:19:52 2012 -0500
4219
4220 Introduce enhancement to CONFIG_GRKERNSEC_PROC_MEMMAP
4221 denies reading of sensitive /proc/pid entries where the file descriptor
4222 was opened in a different task than the one performing the read
4223
4224commit dd19579049186e2648b9ae5e42af04cfda7ab2dc
4225Author: Brad Spengler <spender@grsecurity.net>
4226Date: Fri Feb 10 17:43:24 2012 -0500
4227
4228 Remove duplicate signal check
4229
19f70f34
PK		 4230commit 6ff60c34155bb73a4eec7bbfe6f59e9d35e1c0c6
4231Merge: 4eba97e 1413df2
4232Author: Brad Spengler <spender@grsecurity.net>
4233Date: Wed Feb 8 19:24:34 2012 -0500
4234
4235 Merge branch 'pax-test' into grsec-test
4236
4237commit 1413df258d4664d928b876ffb57e1bdc1ccd06f6
4238Author: Brad Spengler <spender@grsecurity.net>
4239Date: Wed Feb 8 19:24:08 2012 -0500
4240
4241 Merge changes from pax-linux-3.2.4-test11.patch
4242
e2fd9d66
PK		 4243commit 4eba97eda7f7d25b7ab6ad5c9de094545e749044
4244Merge: 0e058dd 8dd90a2
4245Author: Brad Spengler <spender@grsecurity.net>
4246Date: Mon Feb 6 17:50:12 2012 -0500
4247
4248 Merge branch 'pax-test' into grsec-test
4249
4250commit 8dd90a21adfeefd86134d1fedf77b958bc59eaa3
4251Author: Brad Spengler <spender@grsecurity.net>
4252Date: Mon Feb 6 17:49:07 2012 -0500
4253
4254 Merge changes from pax-linux-3.2.4-test10.patch, fixes BPF JIT double-free
4255
4256commit a6b5dfed0937a0eb386b4b519a387f8e8177ffdc
4257Merge: 7e4169c 6133971
4258Author: Brad Spengler <spender@grsecurity.net>
4259Date: Mon Feb 6 17:48:57 2012 -0500
4260
4261 Merge branch 'linux-3.2.y' into pax-test
4262
dadd4cae
PK		 4263commit 0e058dd6d14e0c67c44dd332a871f1fe1bb06095
4264Author: Brad Spengler <spender@grsecurity.net>
4265Date: Sun Feb 5 19:24:45 2012 -0500
4266
4267 We now allow configurations with no PaX markings, giving the system no way to override the defaults
4268
4269commit 9afb0110287e31c3c56d861b4927f64f8dbd7857
4270Author: Brad Spengler <spender@grsecurity.net>
4271Date: Sun Feb 5 10:01:23 2012 -0500
4272
4273 Increase the buffer size of logged TPE reason, otherwise we could truncate the "y" in directory
4274
4275commit a6a0ad24a5f7bef90236d94c1bdfe21d291fc834
4276Author: Brad Spengler <spender@grsecurity.net>
4277Date: Sat Feb 4 21:01:16 2012 -0500
4278
4279 Improve security of ptrace-based monitoring/sandboxing
4280 See:
4281 http://article.gmane.org/gmane.linux.kernel.lsm/15156
4282
45851677
PK		 4283commit ca4ca5a1027b41f9528794e52a53ce9c47926101
4284Author: Brad Spengler <spender@grsecurity.net>
4285Date: Fri Feb 3 20:42:55 2012 -0500
4286
4287 fix typo
4288
4289commit d54ec64b7078f1dcb71b5d8a29e47d4a0f46c111
4290Author: Brad Spengler <spender@grsecurity.net>
4291Date: Fri Feb 3 20:25:38 2012 -0500
4292
4293 Reported by lavish on IRC:
4294 If a suid/sgid binary did not learn any setuid/setgid call during learning,
4295 we would not any CAP_SETUID/CAP_SETGID capability to the task, nor
4296 any restrictions on uid/gid changes. uid and gid can however be changed
4297 within a suid/sgid binary via setresuid/setresgid with ruid/rgid set to
4298 euid/egid.
4299
4300 My fix:
4301 POSIX doesn't specify whether unprivileged users can perform the above
4302 setresuid/setresgid as an unprivileged user, though Linux has historically
4303 permitted them. Modify this behavior when RBAC is enabled to require
4304 CAP_SETUID/CAP_SETGID for these operations.
4305
4306 Thanks to Lavish for the report!
4307
4308 Conflicts:
4309
4310 kernel/sys.c
4311
4312commit e55be1f30908f1ad4450cb0558cde71ff5c7247f
4313Merge: ba586eb 7e4169c
4314Author: Brad Spengler <spender@grsecurity.net>
4315Date: Fri Feb 3 20:10:21 2012 -0500
4316
4317 Merge branch 'pax-test' into grsec-test
4318
4319commit 7e4169c6c880ec9641f1178c88545913c8a21e1f
4320Author: Brad Spengler <spender@grsecurity.net>
4321Date: Fri Feb 3 20:10:05 2012 -0500
4322
4323 Merge changes from pax-linux-3.2.4-test9.patch
4324
4325commit ba586ebbcd0ed781e38a99c580a757a00347c6eb
4326Author: Christopher Yeoh <cyeoh@au1.ibm.com>
4327Date: Thu Feb 2 11:34:09 2012 +1030
4328
4329 Fix race in process_vm_rw_core
4330
4331 This fixes the race in process_vm_core found by Oleg (see
4332
4333 http://article.gmane.org/gmane.linux.kernel/1235667/
4334
4335 for details).
4336
4337 This has been updated since I last sent it as the creation of the new
4338 mm_access() function did almost exactly the same thing as parts of the
4339 previous version of this patch did.
4340
4341 In order to use mm_access() even when /proc isn't enabled, we move it to
4342 kernel/fork.c where other related process mm access functions already
4343 are.
4344
4345 Signed-off-by: Chris Yeoh <yeohc@au1.ibm.com>
4346 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4347
4348 Conflicts:
4349
4350 fs/proc/base.c
4351 mm/process_vm_access.c
4352
4353commit b9194d60fb9fe579f5c34817ed822abde18939a0
4354Author: Oleg Nesterov <oleg@redhat.com>
4355Date: Tue Jan 31 17:15:11 2012 +0100
4356
4357 proc: make sure mem_open() doesn't pin the target's memory
4358
4359 Once /proc/pid/mem is opened, the memory can't be released until
4360 mem_release() even if its owner exits.
4361
4362 Change mem_open() to do atomic_inc(mm_count) + mmput(), this only
4363 pins mm_struct. Change mem_rw() to do atomic_inc_not_zero(mm_count)
4364 before access_remote_vm(), this verifies that this mm is still alive.
4365
4366 I am not sure what should mem_rw() return if atomic_inc_not_zero()
4367 fails. With this patch it returns zero to match the "mm == NULL" case,
4368 may be it should return -EINVAL like it did before e268337d.
4369
4370 Perhaps it makes sense to add the additional fatal_signal_pending()
4371 check into the main loop, to ensure we do not hold this memory if
4372 the target task was oom-killed.
4373
4374 Cc: stable@kernel.org
4375 Signed-off-by: Oleg Nesterov <oleg@redhat.com>
4376 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4377
4378commit d4500134f9363bc79556e0e7a1fd811cd8552cc4
4379Author: Oleg Nesterov <oleg@redhat.com>
4380Date: Tue Jan 31 17:14:38 2012 +0100
4381
4382 proc: mem_release() should check mm != NULL
4383
4384 mem_release() can hit mm == NULL, add the necessary check.
4385
4386 Cc: stable@kernel.org
4387 Signed-off-by: Oleg Nesterov <oleg@redhat.com>
4388 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4389
4390commit 5d1c11221a86f233fdbb232312a561f85d0a3a05
4391Author: Oleg Nesterov <oleg@redhat.com>
4392Date: Tue Jan 31 17:14:54 2012 +0100
4393
4394 note: redisabled mem_write
4395
4396 proc: unify mem_read() and mem_write()
4397
4398 No functional changes, cleanup and preparation.
4399
4400 mem_read() and mem_write() are very similar. Move this code into the
4401 new common helper, mem_rw(), which takes the additional "int write"
4402 argument.
4403
4404 Cc: stable@kernel.org
4405 Signed-off-by: Oleg Nesterov <oleg@redhat.com>
4406 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4407
4408 Conflicts:
4409
4410 fs/proc/base.c
4411
4412commit af966b421d9f55ab7e1a8b2741beba44b22bc2e0
4413Merge: 3903f01 01fee18
4414Author: Brad Spengler <spender@grsecurity.net>
4415Date: Fri Feb 3 19:50:40 2012 -0500
4416
4417 Merge branch 'pax-test' into grsec-test
4418
4419commit 01fee1851aef26b898ccba5312cabf1f919b74cb
4420Author: Brad Spengler <spender@grsecurity.net>
4421Date: Fri Feb 3 19:49:46 2012 -0500
4422
4423 Merge changes from pax-linux-3.2.4-test8.patch
4424
4425commit c2490ddbfc3f5dd664dd0e1b8575856c3be01879
4426Merge: 201c0db 141936c
4427Author: Brad Spengler <spender@grsecurity.net>
4428Date: Fri Feb 3 19:49:01 2012 -0500
4429
4430 Merge branch 'linux-3.2.y' into pax-test
4431
add64c76
PK		 4432commit 3903f0172ecadf7a575ba3535402a1506133640a
4433Author: Brad Spengler <spender@grsecurity.net>
4434Date: Mon Jan 30 23:26:44 2012 -0500
4435
4436 Implement new version of CONFIG_GRKERNSEC_SYSFS_RESTRICT
4437
4438 We'll whitelist required directories for compatibility instead of requiring
4439 that people disable the feature entirely if they use SELinux, fuse, etc
4440
4441 Conflicts:
4442
4443 fs/sysfs/mount.c
4444
b6142ec2
PK		 4445commit e3618feaa7e63807f1b88c199882075b3ec9bd05
4446Author: Brad Spengler <spender@grsecurity.net>
4447Date: Sun Jan 29 01:12:19 2012 -0500
4448
4449 perform RBAC check if TPE is on but match fails, matches previous behavior
4450
fea99670
PK		 4451commit 627b7fe22799a86e2f81a74f0e0c53474bec3100
4452Author: Brad Spengler <spender@grsecurity.net>
4453Date: Sat Jan 28 13:17:06 2012 -0500
4454
4455 log more information about the reason for a TPE denial for novice users, requested by a sponsor
4456
85393e19
PK		 4457commit efefd67008cbad8a8591e2484410966a300a39a5
4458Author: Brad Spengler <spender@grsecurity.net>
4459Date: Fri Jan 27 19:58:53 2012 -0500
4460
4461 merge upstream sha512 changes
4462
4463commit 8a79280377db78fb2091fe01eddb9e24f75d9fe1
4464Author: Brad Spengler <spender@grsecurity.net>
4465Date: Fri Jan 27 19:49:07 2012 -0500
4466
4467 drop lock on error in xfs_readlink
4468
4469 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=aaad641eadfd3e74b0fbb68fcf539b9cef0415d0
4470
4471commit aa5f2f63e37f426bf2211c5fb8f7bc70de14f08a
4472Author: Li Wang <liwang@nudt.edu.cn>
4473Date: Thu Jan 19 09:44:36 2012 +0800
4474
4475 eCryptfs: Infinite loop due to overflow in ecryptfs_write()
4476
4477 ecryptfs_write() can enter an infinite loop when truncating a file to a
4478 size larger than 4G. This only happens on architectures where size_t is
4479 represented by 32 bits.
4480
4481 This was caused by a size_t overflow due to it incorrectly being used to
4482 store the result of a calculation which uses potentially large values of
4483 type loff_t.
4484
4485 [tyhicks@canonical.com: rewrite subject and commit message]
4486 Signed-off-by: Li Wang <liwang@nudt.edu.cn>
4487 Signed-off-by: Yunchuan Wen <wenyunchuan@kylinos.com.cn>
4488 Reviewed-by: Cong Wang <xiyou.wangcong@gmail.com>
4489 Cc: <stable@vger.kernel.org>
4490 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
4491
4492commit a7607747d0f74f357d78bb796d70635dd05f46e8
4493Author: Tyler Hicks <tyhicks@canonical.com>
4494Date: Thu Jan 19 20:33:44 2012 -0600
4495
4496 eCryptfs: Check inode changes in setattr
4497
4498 Most filesystems call inode_change_ok() very early in ->setattr(), but
4499 eCryptfs didn't call it at all. It allowed the lower filesystem to make
4500 the call in its ->setattr() function. Then, eCryptfs would copy the
4501 appropriate inode attributes from the lower inode to the eCryptfs inode.
4502
4503 This patch changes that and actually calls inode_change_ok() on the
4504 eCryptfs inode, fairly early in ecryptfs_setattr(). Ideally, the call
4505 would happen earlier in ecryptfs_setattr(), but there are some possible
4506 inode initialization steps that must happen first.
4507
4508 Since the call was already being made on the lower inode, the change in
4509 functionality should be minimal, except for the case of a file extending
4510 truncate call. In that case, inode_newsize_ok() was never being
4511 called on the eCryptfs inode. Rather than inode_newsize_ok() catching
4512 maximum file size errors early on, eCryptfs would encrypt zeroed pages
4513 and write them to the lower filesystem until the lower filesystem's
4514 write path caught the error in generic_write_checks(). This patch
4515 introduces a new function, called ecryptfs_inode_newsize_ok(), which
4516 checks if the new lower file size is within the appropriate limits when
4517 the truncate operation will be growing the lower file.
4518
4519 In summary this change prevents eCryptfs truncate operations (and the
4520 resulting page encryptions), which would exceed the lower filesystem
4521 limits or FSIZE rlimits, from ever starting.
4522
4523 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
4524 Reviewed-by: Li Wang <liwang@nudt.edu.cn>
4525 Cc: <stable@vger.kernel.org>
4526
4527commit 0d96f190a39505254ace4e9330219aaeda9b64e3
4528Author: Tyler Hicks <tyhicks@canonical.com>
4529Date: Wed Jan 18 18:30:04 2012 -0600
4530
4531 eCryptfs: Make truncate path killable
4532
4533 ecryptfs_write() handles the truncation of eCryptfs inodes. It grabs a
4534 page, zeroes out the appropriate portions, and then encrypts the page
4535 before writing it to the lower filesystem. It was unkillable and due to
4536 the lack of sparse file support could result in tying up a large portion
4537 of system resources, while encrypting pages of zeros, with no way for
4538 the truncate operation to be stopped from userspace.
4539
4540 This patch adds the ability for ecryptfs_write() to detect a pending
4541 fatal signal and return as gracefully as possible. The intent is to
4542 leave the lower file in a useable state, while still allowing a user to
4543 break out of the encryption loop. If a pending fatal signal is detected,
4544 the eCryptfs inode size is updated to reflect the modified inode size
4545 and then -EINTR is returned.
4546
4547 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
4548 Cc: <stable@vger.kernel.org>
4549
4550commit a02d0d2516b9e92edffeb8fca87462bca49c1f6f
4551Author: Tyler Hicks <tyhicks@canonical.com>
4552Date: Tue Jan 24 10:02:22 2012 -0600
4553
4554 eCryptfs: Fix oops when printing debug info in extent crypto functions
4555
4556 If pages passed to the eCryptfs extent-based crypto functions are not
4557 mapped and the module parameter ecryptfs_verbosity=1 was specified at
4558 loading time, a NULL pointer dereference will occur.
4559
4560 Note that this wouldn't happen on a production system, as you wouldn't
4561 pass ecryptfs_verbosity=1 on a production system. It leaks private
4562 information to the system logs and is for debugging only.
4563
4564 The debugging info printed in these messages is no longer very useful
4565 and rather than doing a kmap() in these debugging paths, it will be
4566 better to simply remove the debugging paths completely.
4567
4568 https://launchpad.net/bugs/913651
4569
4570 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
4571 Reported-by: Daniel DeFreez
4572 Cc: <stable@vger.kernel.org>
4573
4574commit b1c44d3054dc7f293b2e0a98c0e9e5e03e01f04c
4575Author: Tyler Hicks <tyhicks@canonical.com>
4576Date: Thu Jan 12 11:30:44 2012 +0100
4577
4578 eCryptfs: Sanitize write counts of /dev/ecryptfs
4579
4580 A malicious count value specified when writing to /dev/ecryptfs may
4581 result in a a very large kernel memory allocation.
4582
4583 This patch peeks at the specified packet payload size, adds that to the
4584 size of the packet headers and compares the result with the write count
4585 value. The resulting maximum memory allocation size is approximately 532
4586 bytes.
4587
4588 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
4589 Reported-by: Sasha Levin <levinsasha928@gmail.com>
4590 Cc: <stable@vger.kernel.org>
4591
4592commit 96dcb7282d323813181a1791f51c0ab7696b675b
4593Merge: 6c09fa5 201c0db
4594Author: Brad Spengler <spender@grsecurity.net>
4595Date: Fri Jan 27 19:44:15 2012 -0500
4596
4597 Merge branch 'pax-test' into grsec-test
4598
4599commit 201c0dbf177527367676028151e36d340923f033
4600Author: Brad Spengler <spender@grsecurity.net>
4601Date: Fri Jan 27 19:43:24 2012 -0500
4602
4603 Merge changes from pax-linux-3.2.2-test6.patch, fixes 0 order vmalloc allocation errors
4604 on loading modules with empty sections
4605
4606commit 6c09fa566a7c29f00556ca12f343f2db91c4f42b
4607Author: Brad Spengler <spender@grsecurity.net>
4608Date: Fri Jan 27 19:42:13 2012 -0500
4609
4610 compile fix
4611
4612commit 917ae526b4fcec2b3e1afefa13de9dff7d8a5423
4613Author: Brad Spengler <spender@grsecurity.net>
4614Date: Fri Jan 27 19:39:28 2012 -0500
4615
4616 use LSM flags instead of duplicating checks
4617
4618commit 0cf3be2ea2ae43c9dd4933fb26c0429041b8acb8
4619Merge: 44b9f11 558718b
4620Author: Brad Spengler <spender@grsecurity.net>
4621Date: Fri Jan 27 18:56:23 2012 -0500
4622
4623 Merge branch 'pax-test' into grsec-test
4624
4625commit 558718b2217beff69edf60f34a6f9893d910e9ac
4626Author: Brad Spengler <spender@grsecurity.net>
4627Date: Fri Jan 27 18:56:04 2012 -0500
4628
4629 Merge changes from pax-linux-3.2.2-test6.patch
4630
4631commit 44b9f1132b2de7cbf5f57525fe0f7f9fb0a76507
4632Author: Brad Spengler <spender@grsecurity.net>
4633Date: Fri Jan 27 18:53:55 2012 -0500
4634
4635 don't increase the size of task_struct when unnecessary
4636 change ptrace_readexec log message
4637
4638commit a9c9626e054adb885883aa64f85506852894dd33
4639Author: Brad Spengler <spender@grsecurity.net>
4640Date: Fri Jan 27 18:16:28 2012 -0500
4641
4642 Update documentation for CONFIG_GRKERNSEC_PTRACE_READEXEC --
4643 the protection applies to all unreadable binaries.
4644
0a5b4650
PK		 4645commit 98fdf4ab69eba7a72efb2054295daafdbbc2fb8f
4646Merge: 7b3f3af 05a1349
4647Author: Brad Spengler <spender@grsecurity.net>
4648Date: Wed Jan 25 20:52:09 2012 -0500
4649
4650 Merge branch 'pax-test' into grsec-test
4651
4652 Conflicts:
4653 block/scsi_ioctl.c
4654 drivers/scsi/sd.c
4655 fs/proc/base.c
4656
4657commit 05a134966efb9cb9346ad3422888969ffc79ac1d
4658Author: Brad Spengler <spender@grsecurity.net>
4659Date: Wed Jan 25 20:47:36 2012 -0500
4660
4661 Resync with pax-linux-3.2.2-test5.patch
4662
4663commit 5ecaafd81b229aeeb5656df36f9c8da86307f82a
4664Merge: c6d443d 3499d64
4665Author: Brad Spengler <spender@grsecurity.net>
4666Date: Wed Jan 25 20:45:16 2012 -0500
4667
4668 Merge branch 'linux-3.2.y' into pax-test (and pax-linux-3.2.2-test5.patch)
4669
4670 Conflicts:
4671 ipc/shm.c
4672
850cb444
PK		 4673commit 7b3f3afd7444613c759d68ff8c2efaebfae3bab1
4674Author: Brad Spengler <spender@grsecurity.net>
4675Date: Tue Jan 24 19:42:01 2012 -0500
4676
4677 Add two new features, one is automatic by enabling CONFIG_GRKERNSEC
4678 (may be changed if it breaks some userland), the other has its own
4679 config option
4680
4681 First feature requires CAP_SYS_ADMIN to write to any sysctl entry via
4682 the syscall or /proc/sys.
4683
4684 Second feature requires read access to a suid/sgid binary in order
4685 to ptrace it, preventing infoleaking of binaries in situations where
4686 the admin has specified 4711 or 2711 perms. Feature has been
4687 given the config option CONFIG_GRKERNSEC_PTRACE_READEXEC and
4688 a sysctl entry of ptrace_readexec
4689
915703a9
PK		 4690commit 11a7bb25c411c9dccfdca5718639b4becdffd388
4691Author: Brad Spengler <spender@grsecurity.net>
4692Date: Sun Jan 22 14:37:10 2012 -0500
4693
4694 Compilation fixes
4695
4696commit cd400e21c7c352baba47d6f375297a7847afb33a
4697Author: Brad Spengler <spender@grsecurity.net>
4698Date: Sun Jan 22 14:20:27 2012 -0500
4699
4700 Initial port of grsecurity 2.2.2 for Linux 3.2.1
4701 Note that the new syscalls added to this kernel for remote process read/write
4702 are subject to ptrace hardening/other relevant RBAC features
4703 /proc/slabinfo is S_IRUSR via mainline now, so I made slab_allocators S_IRUSR by default
4704 as well
4705 pax_track_stack has been removed from support for this kernel -- if you're running this kernel
4706 you should be using a version of gcc with plugin support
4707
4708commit c6d443d1270f455c56a4ffe0f1dd3d3e7ec12a2f
4709Author: Brad Spengler <spender@grsecurity.net>
4710Date: Sun Jan 22 11:47:31 2012 -0500
4711
4712 Import pax-linux-3.2.1-test5.patch
9ad77c4a
PK		 4713commit bfd7db842f835f9837cd43644459b3a95b0b488d
4714Author: Brad Spengler <spender@grsecurity.net>
4715Date: Sun Jan 22 11:02:02 2012 -0500
4716
4717 Allow processes to access others' /proc/pid/maps files (subject to the normal modification of data)
4718 instead of returning -EACCES
4719 thanks to Wraith from irc for the report
4720
47d7767f
PK		 4721commit 873ac13576506cd48ddb527c2540f274e249da50
4722Merge: 34083dd 8a44fcc
4723Author: Brad Spengler <spender@grsecurity.net>
4724Date: Fri Jan 20 18:04:02 2012 -0500
4725
4726 Merge branch 'pax-test' into grsec-test
4727
4728commit 8a44fcc90cf3368003dc84e1ed013b2e4248c9b2
4729Author: Brad Spengler <spender@grsecurity.net>
4730Date: Fri Jan 20 18:02:15 2012 -0500
4731
4732 Merge the diff between pax-linux-3.2.1-test4.patch and pax-linux-3.2.1-test5.patch
4733 Denies executable shared memory when MPROTECT is active
4734 Fixes ia32 emulation crash on 64bit host introduced in a recent patch
4735
2be49e85
PK		 4736commit 34083ddf5c0b2b1c0f5e9f7d9e32ddcba223446b
4737Author: Brad Spengler <spender@grsecurity.net>
4738Date: Thu Jan 19 20:23:14 2012 -0500
4739
4740 Introduce new GRKERNSEC_SETXID implementation
4741 We're not able to change the credentials of other threads in the process until at most
4742 one syscall after the first thread does it, since we mark the threads as needing rescheduling
4743 and such work occurs on syscall exit.
4744 This does however ensure that we're only modifying the current task's credentials
4745 which upholds RCU expectations
4746
4747 Many thanks to corsac for testing
4748
4749commit 5f900ad54d3992a4e1cda88273acc2f897a42e71
4750Author: Brad Spengler <spender@grsecurity.net>
4751Date: Thu Jan 19 17:42:48 2012 -0500
4752
4753 Simplify backport
4754
4755commit f02e444f7b2fb286f99d3b4031ff4e44a4606c37
4756Author: Brad Spengler <spender@grsecurity.net>
4757Date: Thu Jan 19 17:08:16 2012 -0500
4758
4759 Commit the latest silent fix for a local privilege escalation from Linus
4760 Also disable writing to /proc/pid/mem
4761 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e268337dfe26dfc7efd422a804dbb27977a3cccc
4762
6341371d
PK		 4763commit 814d38c72b1ee3338294576a05af4f6ca9cffa6c
4764Merge: 0394a3f 7e6299b
4765Author: Brad Spengler <spender@grsecurity.net>
4766Date: Wed Jan 18 20:22:09 2012 -0500
4767
4768 Merge branch 'pax-test' into grsec-test
4769
4770commit 7e6299b4733c082dde930375dd207b63237751ec
4771Merge: 83555fb 9bb1282
4772Author: Brad Spengler <spender@grsecurity.net>
4773Date: Wed Jan 18 20:21:37 2012 -0500
4774
4775 Merge branch 'linux-3.1.y' into pax-test
4776
4777commit 0394a3f36c6195dcaf22e265c94d11bb7338c6f7
4778Author: Jesper Juhl <jj@chaosbits.net>
4779Date: Sun Jan 8 22:44:29 2012 +0100
4780
4781 audit: always follow va_copy() with va_end()
4782
4783 A call to va_copy() should always be followed by a call to va_end() in
4784 the same function. In kernel/autit.c::audit_log_vformat() this is not
4785 always done. This patch makes sure va_end() is always called.
4786
4787 Signed-off-by: Jesper Juhl <jj@chaosbits.net>
4788 Cc: Al Viro <viro@zeniv.linux.org.uk>
4789 Cc: Eric Paris <eparis@redhat.com>
4790 Cc: Andrew Morton <akpm@linux-foundation.org>
4791 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4792
4793commit fcbb39319e88bfdf70efe3931cf80a9f23b1a4d9
4794Author: Andi Kleen <ak@linux.intel.com>
4795Date: Thu Jan 12 17:20:30 2012 -0800
4796
4797 panic: don't print redundant backtraces on oops
4798
4799 When an oops causes a panic and panic prints another backtrace it's pretty
4800 common to have the original oops data be scrolled away on a 80x50 screen.
4801
4802 The second backtrace is quite redundant and not needed anyways.
4803
4804 So don't print the panic backtrace when oops_in_progress is true.
4805
4806 [akpm@linux-foundation.org: add comment]
4807 Signed-off-by: Andi Kleen <ak@linux.intel.com>
4808 Cc: Michael Holzheu <holzheu@linux.vnet.ibm.com>
4809 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
4810 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4811
4812commit 22e4717d04333e2aff6d5d1b2c1b16045f367a1f
4813Author: Miklos Szeredi <mszeredi@suse.cz>
4814Date: Thu Jan 12 17:59:46 2012 +0100
4815
4816 fsnotify: don't BUG in fsnotify_destroy_mark()
4817
4818 Removing the parent of a watched file results in "kernel BUG at
4819 fs/notify/mark.c:139".
4820
4821 To reproduce
4822
4823 add "-w /tmp/audit/dir/watched_file" to audit.rules
4824 rm -rf /tmp/audit/dir
4825
4826 This is caused by fsnotify_destroy_mark() being called without an
4827 extra reference taken by the caller.
4828
4829 Reported by Francesco Cosoleto here:
4830
4831 https://bugzilla.novell.com/show_bug.cgi?id=689860
4832
4833 Fix by removing the BUG_ON and adding a comment about not accessing mark after
4834 the iput.
4835
4836 Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
4837 CC: stable@vger.kernel.org
4838 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4839
4840commit 1a90cff66ed00cd57bf00a990d13e95060fa362c
4841Author: Paolo Bonzini <pbonzini@redhat.com>
4842Date: Thu Jan 12 16:01:28 2012 +0100
4843
4844 block: fail SCSI passthrough ioctls on partition devices
4845
4846 Linux allows executing the SG_IO ioctl on a partition or LVM volume, and
4847 will pass the command to the underlying block device. This is
4848 well-known, but it is also a large security problem when (via Unix
4849 permissions, ACLs, SELinux or a combination thereof) a program or user
4850 needs to be granted access only to part of the disk.
4851
4852 This patch lets partitions forward a small set of harmless ioctls;
4853 others are logged with printk so that we can see which ioctls are
4854 actually sent. In my tests only CDROM_GET_CAPABILITY actually occurred.
4855 Of course it was being sent to a (partition on a) hard disk, so it would
4856 have failed with ENOTTY and the patch isn't changing anything in
4857 practice. Still, I'm treating it specially to avoid spamming the logs.
4858
4859 In principle, this restriction should include programs running with
4860 CAP_SYS_RAWIO. If for example I let a program access /dev/sda2 and
4861 /dev/sdb, it still should not be able to read/write outside the
4862 boundaries of /dev/sda2 independent of the capabilities. However, for
4863 now programs with CAP_SYS_RAWIO will still be allowed to send the
4864 ioctls. Their actions will still be logged.
4865
4866 This patch does not affect the non-libata IDE driver. That driver
4867 however already tests for bd != bd->bd_contains before issuing some
4868 ioctl; it could be restricted further to forbid these ioctls even for
4869 programs running with CAP_SYS_ADMIN/CAP_SYS_RAWIO.
4870
4871 Cc: linux-scsi@vger.kernel.org
4872 Cc: Jens Axboe <axboe@kernel.dk>
4873 Cc: James Bottomley <JBottomley@parallels.com>
4874 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4875 [ Make it also print the command name when warning - Linus ]
4876 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4877
4878commit b41a1178caa15bd7d6d5b36c04c7b1ead05717e2
4879Author: Paolo Bonzini <pbonzini@redhat.com>
4880Date: Thu Jan 12 16:01:27 2012 +0100
4881
4882 block: add and use scsi_blk_cmd_ioctl
4883
4884 Introduce a wrapper around scsi_cmd_ioctl that takes a block device.
4885
4886 The function will then be enhanced to detect partition block devices
4887 and, in that case, subject the ioctls to whitelisting.
4888
4889 Cc: linux-scsi@vger.kernel.org
4890 Cc: Jens Axboe <axboe@kernel.dk>
4891 Cc: James Bottomley <JBottomley@parallels.com>
4892 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4893 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4894
4895commit 97a79814903fc350e1d13704ea31528a42705401
4896Author: Kees Cook <keescook@chromium.org>
4897Date: Sat Jan 7 10:41:04 2012 -0800
4898
4899 audit: treat s_id as an untrusted string
4900
4901 The use of s_id should go through the untrusted string path, just to be
4902 extra careful.
4903
4904 Signed-off-by: Kees Cook <keescook@chromium.org>
4905 Acked-by: Mimi Zohar <zohar@us.ibm.com>
4906 Signed-off-by: Eric Paris <eparis@redhat.com>
4907
4908commit 2d3f39e9dd73f26a8248fd4442f110d983c5b419
4909Author: Xi Wang <xi.wang@gmail.com>
4910Date: Tue Dec 20 18:39:41 2011 -0500
4911
4912 audit: fix signedness bug in audit_log_execve_info()
4913
4914 In the loop, a size_t "len" is used to hold the return value of
4915 audit_log_single_execve_arg(), which returns -1 on error. In that
4916 case the error handling (len <= 0) will be bypassed since "len" is
4917 unsigned, and the loop continues with (p += len) being wrapped.
4918 Change the type of "len" to signed int to fix the error handling.
4919
4920 size_t len;
4921 ...
4922 for (...) {
4923 len = audit_log_single_execve_arg(...);
4924 if (len <= 0)
4925 break;
4926 p += len;
4927 }
4928
4929 Signed-off-by: Xi Wang <xi.wang@gmail.com>
4930 Signed-off-by: Eric Paris <eparis@redhat.com>
4931
4932commit 1b3dc2ea3204fb22b9d0d30b2b7953991f5be594
4933Author: Dan Carpenter <dan.carpenter@oracle.com>
4934Date: Tue Jan 17 03:28:51 2012 -0300
4935
4936 [media] ds3000: using logical && instead of bitwise &
4937
4938 The intent here was to test if the FE_HAS_LOCK was set. The current
4939 test is equivalent to "if (status) { ..."
4940
4941 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
4942 Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
4943
4944commit 36522330dc59d2fc70c042f3f081d75c32b6259a
4945Author: Brad Spengler <spender@grsecurity.net>
4946Date: Mon Jan 16 13:10:38 2012 -0500
4947
4948 Ignore the 0 signal for protected task RBAC checks
4949
4950commit d513acd55f7a683f6e146a4f570cdb63300479ab
4951Author: Brad Spengler <spender@grsecurity.net>
4952Date: Mon Jan 16 11:56:13 2012 -0500
4953
4954 whitespace cleanup
4955
089c10e8
PK		 4956commit ced261c4b82818c700aff8487f647f6f3e5b5122
4957Merge: d48751f 83555fb
4958Author: Brad Spengler <spender@grsecurity.net>
4959Date: Fri Jan 13 20:12:54 2012 -0500
4960
4961 Merge branch 'pax-test' into grsec-test
4962
4963commit 83555fb431e5be6c0e09687ff3bdc583f0caf9d9
4964Merge: fcd8129 93dad39
4965Author: Brad Spengler <spender@grsecurity.net>
4966Date: Fri Jan 13 20:12:43 2012 -0500
4967
4968 Merge branch 'linux-3.1.y' into pax-test
4969
9f61e16c
PK		 4970commit d48751f3919ae855fda0ff6c149db82442329253
4971Author: Brad Spengler <spender@grsecurity.net>
4972Date: Wed Jan 11 19:05:47 2012 -0500
4973
4974 Call our own set_user when forcing change to new id
4975
5fa7f666
PK		 4976commit 26d9d497f6b926bc1699980aa18c360a3d3c52a0
4977Merge: e6578ff fcd8129
4978Author: Brad Spengler <spender@grsecurity.net>
4979Date: Tue Jan 10 16:00:10 2012 -0500
4980
4981 Merge branch 'pax-test' into grsec-test
4982
4983commit fcd8129277601f2e2d5a2066120cf8b2472d7d1f
4984Author: Brad Spengler <spender@grsecurity.net>
4985Date: Tue Jan 10 15:58:43 2012 -0500
4986
4987 Merge changes from pax-linux-3.1.8-test23.patch
4988
0b3f0ec9
PK		 4989commit e6578ff3e7629c432ed9b99bde6af2a1c00279b5
4990Merge: 8859ec3 a120549
4991Author: Brad Spengler <spender@grsecurity.net>
4992Date: Fri Jan 6 21:45:56 2012 -0500
4993
4994 Merge branch 'pax-test' into grsec-test
4995
4996commit a12054967a77090de1caa07c41e694a77db4e237
4997Author: Brad Spengler <spender@grsecurity.net>
4998Date: Fri Jan 6 21:45:30 2012 -0500
4999
5000 Merge changes from pax-linux-3.1.8-test22.patch
5001
5002commit 8859ec32f9815c274df65448f9f2960176c380d3
5003Merge: a5016b4 ddd4114
5004Author: Brad Spengler <spender@grsecurity.net>
5005Date: Fri Jan 6 21:26:08 2012 -0500
5006
5007 Merge branch 'pax-test' into grsec-test
5008
5009 Conflicts:
5010 fs/binfmt_elf.c
5011 security/Kconfig
5012
5013commit ddd41147e158a79704983a409b7433eba797cf66
5014Author: Brad Spengler <spender@grsecurity.net>
5015Date: Fri Jan 6 21:12:42 2012 -0500
5016
5017 Resync with PaX patch (whitespace difference)
5018
5019commit 29e569df8205c5f0e043fe4803aa984406c8b118
5020Author: Brad Spengler <spender@grsecurity.net>
5021Date: Fri Jan 6 21:09:47 2012 -0500
5022
5023 Merge changes from pax-linux-3.1.8-test21.patch
5024
5025commit a5016b4f9c09c337b17e063a7f369af1e86d944d
5026Merge: 0124c92 04231d5
5027Author: Brad Spengler <spender@grsecurity.net>
5028Date: Fri Jan 6 18:52:20 2012 -0500
5029
5030 Merge branch 'pax-test' into grsec-test
5031
5032commit 04231d52dc8d0d6788a6bc6709dc046d3eb37097
5033Merge: 7bdddeb a919904
5034Author: Brad Spengler <spender@grsecurity.net>
5035Date: Fri Jan 6 18:51:50 2012 -0500
5036
5037 Merge branch 'linux-3.1.y' into pax-test
5038
5039 Conflicts:
5040 include/net/flow.h
5041
5042commit 0124c9264234c450904a0a5fa2f8c608ab8e3796
5043Author: Brad Spengler <spender@grsecurity.net>
5044Date: Fri Jan 6 18:33:05 2012 -0500
5045
5046 Make GRKERNSEC_SETXID option compatible with credential debugging
5047
a965eed0
PK		 5048commit 69919c6da7cf8a781439da15b597a7d6bc9b3abe
5049Author: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
5050Date: Wed Dec 28 15:57:11 2011 -0800
5051
5052 mm/mempolicy.c: refix mbind_range() vma issue
5053
5054 commit 8aacc9f550 ("mm/mempolicy.c: fix pgoff in mbind vma merge") is the
5055 slightly incorrect fix.
5056
5057 Why? Think following case.
5058
5059 1. map 4 pages of a file at offset 0
5060
5061 [0123]
5062
5063 2. map 2 pages just after the first mapping of the same file but with
5064 page offset 2
5065
5066 [0123][23]
5067
5068 3. mbind() 2 pages from the first mapping at offset 2.
5069 mbind_range() should treat new vma is,
5070
5071 [0123][23]
5072 |23|
5073 mbind vma
5074
5075 but it does
5076
5077 [0123][23]
5078 |01|
5079 mbind vma
5080
5081 Oops. then, it makes wrong vma merge and splitting ([01][0123] or similar).
5082
5083 This patch fixes it.
5084
5085 [testcase]
5086 test result - before the patch
5087
5088 case4: 126: test failed. expect '2,4', actual '2,2,2'
5089 case5: passed
5090 case6: passed
5091 case7: passed
5092 case8: passed
5093 case_n: 246: test failed. expect '4,2', actual '1,4'
5094
5095 ------------[ cut here ]------------
5096 kernel BUG at mm/filemap.c:135!
5097 invalid opcode: 0000 [#4] SMP DEBUG_PAGEALLOC
5098
5099 (snip long bug on messages)
5100
5101 test result - after the patch
5102
5103 case4: passed
5104 case5: passed
5105 case6: passed
5106 case7: passed
5107 case8: passed
5108 case_n: passed
5109
5110 source: mbind_vma_test.c
5111 ============================================================
5112 #include <numaif.h>
5113 #include <numa.h>
5114 #include <sys/mman.h>
5115 #include <stdio.h>
5116 #include <unistd.h>
5117 #include <stdlib.h>
5118 #include <string.h>
5119
5120 static unsigned long pagesize;
5121 void* mmap_addr;
5122 struct bitmask *nmask;
5123 char buf[1024];
5124 FILE *file;
5125 char retbuf[10240] = "";
5126 int mapped_fd;
5127
5128 char *rubysrc = "ruby -e '\
5129 pid = %d; \
5130 vstart = 0x%llx; \
5131 vend = 0x%llx; \
5132 s = `pmap -q #{pid}`; \
5133 rary = []; \
5134 s.each_line {|line|; \
5135 ary=line.split(\" \"); \
5136 addr = ary[0].to_i(16); \
5137 if(vstart <= addr && addr < vend) then \
5138 rary.push(ary[1].to_i()/4); \
5139 end; \
5140 }; \
5141 print rary.join(\",\"); \
5142 '";
5143
5144 void init(void)
5145 {
5146 void* addr;
5147 char buf[128];
5148
5149 nmask = numa_allocate_nodemask();
5150 numa_bitmask_setbit(nmask, 0);
5151
5152 pagesize = getpagesize();
5153
5154 sprintf(buf, "%s", "mbind_vma_XXXXXX");
5155 mapped_fd = mkstemp(buf);
5156 if (mapped_fd == -1)
5157 perror("mkstemp "), exit(1);
5158 unlink(buf);
5159
5160 if (lseek(mapped_fd, pagesize*8, SEEK_SET) < 0)
5161 perror("lseek "), exit(1);
5162 if (write(mapped_fd, "\0", 1) < 0)
5163 perror("write "), exit(1);
5164
5165 addr = mmap(NULL, pagesize*8, PROT_NONE,
5166 MAP_SHARED, mapped_fd, 0);
5167 if (addr == MAP_FAILED)
5168 perror("mmap "), exit(1);
5169
5170 if (mprotect(addr+pagesize, pagesize*6, PROT_READ|PROT_WRITE) < 0)
5171 perror("mprotect "), exit(1);
5172
5173 mmap_addr = addr + pagesize;
5174
5175 /* make page populate */
5176 memset(mmap_addr, 0, pagesize*6);
5177 }
5178
5179 void fin(void)
5180 {
5181 void* addr = mmap_addr - pagesize;
5182 munmap(addr, pagesize*8);
5183
5184 memset(buf, 0, sizeof(buf));
5185 memset(retbuf, 0, sizeof(retbuf));
5186 }
5187
5188 void mem_bind(int index, int len)
5189 {
5190 int err;
5191
5192 err = mbind(mmap_addr+pagesize*index, pagesize*len,
5193 MPOL_BIND, nmask->maskp, nmask->size, 0);
5194 if (err)
5195 perror("mbind "), exit(err);
5196 }
5197
5198 void mem_interleave(int index, int len)
5199 {
5200 int err;
5201
5202 err = mbind(mmap_addr+pagesize*index, pagesize*len,
5203 MPOL_INTERLEAVE, nmask->maskp, nmask->size, 0);
5204 if (err)
5205 perror("mbind "), exit(err);
5206 }
5207
5208 void mem_unbind(int index, int len)
5209 {
5210 int err;
5211
5212 err = mbind(mmap_addr+pagesize*index, pagesize*len,
5213 MPOL_DEFAULT, NULL, 0, 0);
5214 if (err)
5215 perror("mbind "), exit(err);
5216 }
5217
5218 void Assert(char *expected, char *value, char *name, int line)
5219 {
5220 if (strcmp(expected, value) == 0) {
5221 fprintf(stderr, "%s: passed\n", name);
5222 return;
5223 }
5224 else {
5225 fprintf(stderr, "%s: %d: test failed. expect '%s', actual '%s'\n",
5226 name, line,
5227 expected, value);
5228 // exit(1);
5229 }
5230 }
5231
5232 /*
5233 AAAA
5234 PPPPPPNNNNNN
5235 might become
5236 PPNNNNNNNNNN
5237 case 4 below
5238 */
5239 void case4(void)
5240 {
5241 init();
5242 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5243
5244 mem_bind(0, 4);
5245 mem_unbind(2, 2);
5246
5247 file = popen(buf, "r");
5248 fread(retbuf, sizeof(retbuf), 1, file);
5249 Assert("2,4", retbuf, "case4", __LINE__);
5250
5251 fin();
5252 }
5253
5254 /*
5255 AAAA
5256 PPPPPPNNNNNN
5257 might become
5258 PPPPPPPPPPNN
5259 case 5 below
5260 */
5261 void case5(void)
5262 {
5263 init();
5264 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5265
5266 mem_bind(0, 2);
5267 mem_bind(2, 2);
5268
5269 file = popen(buf, "r");
5270 fread(retbuf, sizeof(retbuf), 1, file);
5271 Assert("4,2", retbuf, "case5", __LINE__);
5272
5273 fin();
5274 }
5275
5276 /*
5277 AAAA
5278 PPPPNNNNXXXX
5279 might become
5280 PPPPPPPPPPPP 6
5281 */
5282 void case6(void)
5283 {
5284 init();
5285 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5286
5287 mem_bind(0, 2);
5288 mem_bind(4, 2);
5289 mem_bind(2, 2);
5290
5291 file = popen(buf, "r");
5292 fread(retbuf, sizeof(retbuf), 1, file);
5293 Assert("6", retbuf, "case6", __LINE__);
5294
5295 fin();
5296 }
5297
5298 /*
5299 AAAA
5300 PPPPNNNNXXXX
5301 might become
5302 PPPPPPPPXXXX 7
5303 */
5304 void case7(void)
5305 {
5306 init();
5307 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5308
5309 mem_bind(0, 2);
5310 mem_interleave(4, 2);
5311 mem_bind(2, 2);
5312
5313 file = popen(buf, "r");
5314 fread(retbuf, sizeof(retbuf), 1, file);
5315 Assert("4,2", retbuf, "case7", __LINE__);
5316
5317 fin();
5318 }
5319
5320 /*
5321 AAAA
5322 PPPPNNNNXXXX
5323 might become
5324 PPPPNNNNNNNN 8
5325 */
5326 void case8(void)
5327 {
5328 init();
5329 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5330
5331 mem_bind(0, 2);
5332 mem_interleave(4, 2);
5333 mem_interleave(2, 2);
5334
5335 file = popen(buf, "r");
5336 fread(retbuf, sizeof(retbuf), 1, file);
5337 Assert("2,4", retbuf, "case8", __LINE__);
5338
5339 fin();
5340 }
5341
5342 void case_n(void)
5343 {
5344 init();
5345 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5346
5347 /* make redundunt mappings [0][1234][34][7] */
5348 mmap(mmap_addr + pagesize*4, pagesize*2, PROT_READ|PROT_WRITE,
5349 MAP_FIXED|MAP_SHARED, mapped_fd, pagesize*3);
5350
5351 /* Expect to do nothing. */
5352 mem_unbind(2, 2);
5353
5354 file = popen(buf, "r");
5355 fread(retbuf, sizeof(retbuf), 1, file);
5356 Assert("4,2", retbuf, "case_n", __LINE__);
5357
5358 fin();
5359 }
5360
5361 int main(int argc, char** argv)
5362 {
5363 case4();
5364 case5();
5365 case6();
5366 case7();
5367 case8();
5368 case_n();
5369
5370 return 0;
5371 }
5372 =============================================================
5373
5374 Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
5375 Acked-by: Johannes Weiner <hannes@cmpxchg.org>
5376 Cc: Minchan Kim <minchan.kim@gmail.com>
5377 Cc: Caspar Zhang <caspar@casparzhang.com>
5378 Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
5379 Cc: Christoph Lameter <cl@linux.com>
5380 Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
5381 Cc: Mel Gorman <mel@csn.ul.ie>
5382 Cc: Lee Schermerhorn <lee.schermerhorn@hp.com>
5383 Cc: <stable@vger.kernel.org> [3.1.x]
5384 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
5385 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
5386
5387commit f3a1082005781777086df235049f8c0b7efe524e
5388Author: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
5389Date: Tue Dec 27 22:32:41 2011 -0500
5390
5391 packet: fix possible dev refcnt leak when bind fail
5392
5393 If bind is fail when bind is called after set PACKET_FANOUT
5394 sock option, the dev refcnt will leak.
5395
5396 Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
5397 Signed-off-by: David S. Miller <davem@davemloft.net>
5398
5399commit 915f8b08dac68839dc7204ee81cf9852fda16d24
5400Author: Haogang Chen <haogangchen@gmail.com>
5401Date: Mon Dec 19 17:11:56 2011 -0800
5402
5403 nilfs2: potential integer overflow in nilfs_ioctl_clean_segments()
5404
5405 There is a potential integer overflow in nilfs_ioctl_clean_segments().
5406 When a large argv[n].v_nmembs is passed from the userspace, the subsequent
5407 call to vmalloc() will allocate a buffer smaller than expected, which
5408 leads to out-of-bound access in nilfs_ioctl_move_blocks() and
5409 lfs_clean_segments().
5410
5411 The following check does not prevent the overflow because nsegs is also
5412 controlled by the userspace and could be very large.
5413
5414 if (argv[n].v_nmembs > nsegs * nilfs->ns_blocks_per_segment)
5415 goto out_free;
5416
5417 This patch clamps argv[n].v_nmembs to UINT_MAX / argv[n].v_size, and
5418 returns -EINVAL when overflow.
5419
5420 Signed-off-by: Haogang Chen <haogangchen@gmail.com>
5421 Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
5422 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
5423 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
5424
5425commit 006afb6eb7a7398edc0068c3a7b9510ffaf80f72
5426Author: Kautuk Consul <consul.kautuk@gmail.com>
5427Date: Mon Dec 19 17:12:04 2011 -0800
5428
5429 mm/vmalloc.c: remove static declaration of va from __get_vm_area_node
5430
5431 Static storage is not required for the struct vmap_area in
5432 __get_vm_area_node.
5433
5434 Removing "static" to store this variable on the stack instead.
5435
5436 Signed-off-by: Kautuk Consul <consul.kautuk@gmail.com>
5437 Acked-by: David Rientjes <rientjes@google.com>
5438 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
5439 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
5440
5441commit 461ecdf221edb089e5fa0d5563e1688cd0a36f66
5442Author: Michel Lespinasse <walken@google.com>
5443Date: Mon Dec 19 17:12:06 2011 -0800
5444
5445 binary_sysctl(): fix memory leak
5446
5447 binary_sysctl() calls sysctl_getname() which allocates from names_cache
5448 slab usin __getname()
5449
5450 The matching function to free the name is __putname(), and not putname()
5451 which should be used only to match getname() allocations.
5452
5453 This is because when auditing is enabled, putname() calls audit_putname
5454 *instead* (not in addition) to __putname(). Then, if a syscall is in
5455 progress, audit_putname does not release the name - instead, it expects
5456 the name to get released when the syscall completes, but that will happen
5457 only if audit_getname() was called previously, i.e. if the name was
5458 allocated with getname() rather than the naked __getname(). So,
5459 __getname() followed by putname() ends up leaking memory.
5460
5461 Signed-off-by: Michel Lespinasse <walken@google.com>
5462 Acked-by: Al Viro <viro@zeniv.linux.org.uk>
5463 Cc: Christoph Hellwig <hch@infradead.org>
5464 Cc: Eric Paris <eparis@redhat.com>
5465 Cc: <stable@vger.kernel.org>
5466 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
5467 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
5468
5469commit 0a2cd3ef50c0bae70d59c74a77db0455d26fde56
5470Author: Sean Hefty <sean.hefty@intel.com>
5471Date: Tue Dec 6 21:17:11 2011 +0000
5472
5473 RDMA/cma: Verify private data length
5474
5475 private_data_len is defined as a u8. If the user specifies a large
5476 private_data size (> 220 bytes), we will calculate a total length that
5477 exceeds 255, resulting in private_data_len wrapping back to 0. This
5478 can lead to overwriting random kernel memory. Avoid this by verifying
5479 that the resulting size fits into a u8.
5480
5481 Reported-by: B. Thery <benjamin.thery@bull.net>
5482 Addresses: <http://bugs.openfabrics.org/bugzilla/show_bug.cgi?id=2335>
5483 Signed-off-by: Sean Hefty <sean.hefty@intel.com>
5484 Signed-off-by: Roland Dreier <roland@purestorage.com>
5485
5486commit 6b618c54aaec99078629ec5b9575cb7d6fc31176
5487Author: Xi Wang <xi.wang@gmail.com>
5488Date: Sun Dec 11 23:40:56 2011 -0800
5489
5490 Input: cma3000_d0x - fix signedness bug in cma3000_thread_irq()
5491
5492 The error check (intr_status < 0) didn't work because intr_status is
5493 a u8. Change its type to signed int.
5494
5495 Signed-off-by: Xi Wang <xi.wang@gmail.com>
5496 Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
5497
5498commit e27f34e383d7863b2528a63b81b23db09781f6b6
5499Author: Xi Wang <xi.wang@gmail.com>
5500Date: Fri Dec 16 12:44:15 2011 +0000
5501
5502 sctp: fix incorrect overflow check on autoclose
5503
5504 Commit 8ffd3208 voids the previous patches f6778aab and 810c0719 for
5505 limiting the autoclose value. If userspace passes in -1 on 32-bit
5506 platform, the overflow check didn't work and autoclose would be set
5507 to 0xffffffff.
5508
5509 This patch defines a max_autoclose (in seconds) for limiting the value
5510 and exposes it through sysctl, with the following intentions.
5511
5512 1) Avoid overflowing autoclose * HZ.
5513
5514 2) Keep the default autoclose bound consistent across 32- and 64-bit
5515 platforms (INT_MAX / HZ in this patch).
5516
5517 3) Keep the autoclose value consistent between setsockopt() and
5518 getsockopt() calls.
5519
5520 Suggested-by: Vlad Yasevich <vladislav.yasevich@hp.com>
5521 Signed-off-by: Xi Wang <xi.wang@gmail.com>
5522 Signed-off-by: David S. Miller <davem@davemloft.net>
5523
5524commit 8ebdfaad2f46ff0ac9fef9858e436bcc712a1ac8
5525Author: Xi Wang <xi.wang@gmail.com>
5526Date: Wed Dec 21 05:18:33 2011 -0500
5527
5528 vmwgfx: fix incorrect VRAM size check in vmw_kms_fb_create()
5529
5530 Commit e133e737 didn't correctly fix the integer overflow issue.
5531
5532 - unsigned int required_size;
5533 + u64 required_size;
5534 ...
5535 required_size = mode_cmd->pitch * mode_cmd->height;
5536 - if (unlikely(required_size > dev_priv->vram_size)) {
5537 + if (unlikely(required_size > (u64) dev_priv->vram_size)) {
5538
5539 Note that both pitch and height are u32. Their product is still u32 and
5540 would overflow before being assigned to required_size. A correct way is
5541 to convert pitch and height to u64 before the multiplication.
5542
5543 required_size = (u64)mode_cmd->pitch * (u64)mode_cmd->height;
5544
5545 This patch calls the existing vmw_kms_validate_mode_vram() for
5546 validation.
5547
5548 Signed-off-by: Xi Wang <xi.wang@gmail.com>
5549 Reviewed-and-tested-by: Thomas Hellstrom <thellstrom@vmware.com>
5550 Signed-off-by: Dave Airlie <airlied@redhat.com>
5551
5552 Conflicts:
5553
5554 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
5555
5556commit eb8f0bd01fb994c9abc77dc84729794cd841753d
5557Author: Xi Wang <xi.wang@gmail.com>
5558Date: Thu Dec 22 13:35:22 2011 +0000
5559
5560 rps: fix insufficient bounds checking in store_rps_dev_flow_table_cnt()
5561
5562 Setting a large rps_flow_cnt like (1 << 30) on 32-bit platform will
5563 cause a kernel oops due to insufficient bounds checking.
5564
5565 if (count > 1<<30) {
5566 /* Enforce a limit to prevent overflow */
5567 return -EINVAL;
5568 }
5569 count = roundup_pow_of_two(count);
5570 table = vmalloc(RPS_DEV_FLOW_TABLE_SIZE(count));
5571
5572 Note that the macro RPS_DEV_FLOW_TABLE_SIZE(count) is defined as:
5573
5574 ... + (count * sizeof(struct rps_dev_flow))
5575
5576 where sizeof(struct rps_dev_flow) is 8. (1 << 30) * 8 will overflow
5577 32 bits.
5578
5579 This patch replaces the magic number (1 << 30) with a symbolic bound.
5580
5581 Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
5582 Signed-off-by: Xi Wang <xi.wang@gmail.com>
5583 Signed-off-by: David S. Miller <davem@davemloft.net>
5584
5585commit 648188958672024b616c42c1f6c98c8cfc85619d
5586Author: Xi Wang <xi.wang@gmail.com>
5587Date: Fri Dec 30 10:40:17 2011 -0500
5588
5589 netfilter: ctnetlink: fix timeout calculation
5590
5591 The sanity check (timeout < 0) never works; the dividend is unsigned
5592 and so is the division, which should have been a signed division.
5593
5594 long timeout = (ct->timeout.expires - jiffies) / HZ;
5595 if (timeout < 0)
5596 timeout = 0;
5597
5598 This patch converts the time values to signed for the division.
5599
5600 Signed-off-by: Xi Wang <xi.wang@gmail.com>
5601 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
5602
68201d93
PK		 5603commit ab03a0973cee73f88655ff4981812ad316a6cd59
5604Merge: 76f82df 7bdddeb
5605Author: Brad Spengler <spender@grsecurity.net>
5606Date: Tue Jan 3 17:42:50 2012 -0500
5607
5608 Merge branch 'pax-test' into grsec-test
5609
5610commit 7bdddebd9d274a344a1c57a561152160c9e9a32a
5611Merge: 3e59cb5 55cc81a
5612Author: Brad Spengler <spender@grsecurity.net>
5613Date: Tue Jan 3 17:42:36 2012 -0500
5614
5615 Merge branch 'linux-3.1.y' into pax-test
5616
60dcdb15
PK		 5617commit 76f82df18ba181687f454426fa9ced7a92b2ac1f
5618Author: Brad Spengler <spender@grsecurity.net>
5619Date: Thu Dec 22 20:15:02 2011 -0500
5620
5621 Only further restrict futex targeting another process -- our modified
5622 permission check also happened to allow a case where a process retaining
5623 uid 0 could issue futex syscalls against other uid 0 tasks, despite the euid
5624 being non-zero (reported on forums by ben_w)
5625
5626commit 6b235a4450a5fea41663ec35fa0608988b6078c6
5627Merge: 97c16f0 3e59cb5
5628Author: Brad Spengler <spender@grsecurity.net>
5629Date: Thu Dec 22 19:11:06 2011 -0500
5630
5631 Merge branch 'pax-test' into grsec-test
5632
5633 Conflicts:
5634 fs/hfs/btree.c
5635
5636commit 3e59cb503d4ca6ce0954b8d3eb508cf7d1a31f50
5637Merge: 285eb4e c26f60b
5638Author: Brad Spengler <spender@grsecurity.net>
5639Date: Thu Dec 22 19:09:57 2011 -0500
5640
5641 Merge branch 'linux-3.1.y' into pax-test
5642
5643 Conflicts:
5644 arch/x86/kernel/process.c
5645
5646commit 97c16f0fcff592160c1787bd1c56ae7ad070ac17
5647Author: Brad Spengler <spender@grsecurity.net>
5648Date: Mon Dec 19 21:54:01 2011 -0500
5649
5650 Add new option: "Enforce consistent multithreaded privileges"
5651
2d294565 5652commit 7d125a16a5245b2bafc9184b8f93e864394ba1cb
dd203dd8
PK		 5653Author: Brad Spengler <spender@grsecurity.net>
5654Date: Wed Dec 7 19:58:31 2011 -0500
5655
5656 Remove harmless duplicate code -- exec_file would be null already so the
5657 second check would never pass.
5658
2d294565 5659commit 4e3304e94aa72737810bc50169519af157dce4ce
dd203dd8
PK		 5660Author: Brad Spengler <spender@grsecurity.net>
5661Date: Wed Dec 7 19:50:39 2011 -0500
5662
5663 Revert back to (possibly?) undocumented /proc/pid behavior that gdb
5664 depended on for attaching to a thread. Entries exist in /proc for
5665 threads, but are not visible in a readdir.
5666
2d294565 5667commit 1bd899335f23815cfe8deac44c6b346398f3b95e
627cd425
PK		 5668Author: Brad Spengler <spender@grsecurity.net>
5669Date: Sun Dec 4 18:03:28 2011 -0500
5670
5671 Put the already-walked path if in RCU-walk mode
5672
2d294565 5673commit ec7ae36b7159f10649709779443a988662965d66
627cd425
PK		 5674Author: Brad Spengler <spender@grsecurity.net>
5675Date: Sun Dec 4 17:35:21 2011 -0500
5676
5677 Fix memory leak introduced by recent (unpublished) commit
5678 75ab998b94a29d464518d6d501bdde3fbfcbfa14
5679
2d294565 5680commit 1e2318a8ea2e67eaf17236be374b5da8a5ba5e04
627cd425
PK		 5681Author: Brad Spengler <spender@grsecurity.net>
5682Date: Sun Dec 4 13:56:10 2011 -0500
5683
5684 Explicitly check size copied to userland in override_release to silence gcc
5685
2d294565 5686commit c30a85d0fff67e0724e726febb934c0b6fa01c6c
627cd425
PK		 5687Author: Brad Spengler <spender@grsecurity.net>
5688Date: Sun Dec 4 13:54:02 2011 -0500
5689
5690 Initialize variable to silence erroneous gcc warning
5691
2d294565 5692commit 2cf8e7a3bf4e97b2cd3de9ebc453bc505dc7eb78
627cd425
PK		 5693Author: Brad Spengler <spender@grsecurity.net>
5694Date: Sun Dec 4 13:47:47 2011 -0500
5695
5696 Future-proof other potential RCU-aware locations where we can log.
5697
2d294565 5698commit 0c904e8c7ea0338c47c7ae825e093a152dc8f8a8
627cd425
PK		 5699Author: Brad Spengler <spender@grsecurity.net>
5700Date: Sun Dec 4 13:02:54 2011 -0500
5701
5702 Fix freeze reported by 'vs' on the forums. Bug occurred due to
5703 MAY_NOT_BLOCK added to Linux 3.1. Our logging code, when a capability used
5704 in generic_permission() was in the task's effective set but disallowed by
5705 RBAC, would block when acquiring locks resulting in the freeze.
5706
5707 Also update the ordering of checks so that CAP_DAC_READ_SEARCH isn't logged
5708 as being required when CAP_DAC_OVERRIDE is present (consistent with
5709 older patches).
5710
2d294565 5711commit ab694e5eccfbc369baa593ebc1269d1908cf16dc
627cd425
PK		 5712Author: Xi Wang <xi.wang@gmail.com>
5713Date: Tue Nov 29 09:26:30 2011 +0000
5714
5715 sctp: better integer overflow check in sctp_auth_create_key()
5716
5717 The check from commit 30c2235c is incomplete and cannot prevent
5718 cases like key_len = 0x80000000 (INT_MAX + 1). In that case, the
5719 left-hand side of the check (INT_MAX - key_len), which is unsigned,
5720 becomes 0xffffffff (UINT_MAX) and bypasses the check.
5721
5722 However this shouldn't be a security issue. The function is called
5723 from the following two code paths:
5724
5725 1) setsockopt()
5726
5727 2) sctp_auth_asoc_set_secret()
5728
5729 In case (1), sca_keylength is never going to exceed 65535 since it's
5730 bounded by a u16 from the user API. As such, the key length will
5731 never overflow.
5732
5733 In case (2), sca_keylength is computed based on the user key (1 short)
5734 and 2 * key_vector (3 shorts) for a total of 7 * USHRT_MAX, which still
5735 will not overflow.
5736
5737 In other words, this overflow check is not really necessary. Just
5738 make it more correct.
5739
5740 Signed-off-by: Xi Wang <xi.wang@gmail.com>
5741 Cc: Vlad Yasevich <vladislav.yasevich@hp.com>
5742 Signed-off-by: David S. Miller <davem@davemloft.net>
5743
2d294565 5744commit e565e28c3635a1d50f80541fbf6b606d742fec76
627cd425
PK		 5745Author: Josh Boyer <jwboyer@redhat.com>
5746Date: Fri Aug 19 14:50:26 2011 -0400
5747
5748 fs/minix: Verify bitmap block counts before mounting
5749
5750 Newer versions of MINIX can create filesystems that allocate an extra
5751 bitmap block. Mounting of this succeeds, but doing a statfs call will
5752 result in an oops in count_free because of a negative number being used
5753 for the bh index.
5754
5755 Avoid this by verifying the number of allocated blocks at mount time,
5756 erroring out if there are not enough and make statfs ignore the extras
5757 if there are too many.
5758
5759 This fixes https://bugzilla.kernel.org/show_bug.cgi?id=18792
5760
5761 Signed-off-by: Josh Boyer <jwboyer@redhat.com>
5762 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
5763
2d294565 5764commit 6e134e398ec1a3f428261680e83df4319e64bed9
627cd425
PK		 5765Author: Julia Lawall <julia@diku.dk>
5766Date: Tue Nov 15 14:53:11 2011 -0800
5767
5768 drivers/gpu/vga/vgaarb.c: add missing kfree
5769
5770 kbuf is a buffer that is local to this function, so all of the error paths
5771 leaving the function should release it.
5772
5773 Signed-off-by: Julia Lawall <julia@diku.dk>
5774 Cc: Jesper Juhl <jj@chaosbits.net>
5775 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
5776 Signed-off-by: Dave Airlie <airlied@redhat.com>
5777
2d294565 5778commit 2b9057b321e36860e8d63985b5c4e496f254b717
627cd425
PK		 5779Author: Brad Spengler <spender@grsecurity.net>
5780Date: Sat Dec 3 21:33:28 2011 -0500
5781
5782 Import changes between pax-linux-3.1.4-test18.patch and grsecurity-2.2.2-3.1.4-201112021740.patch
5783
2d294565
PK		 5784commit 5dfe6091dca281a456eaff5e7b4692d768a05cfd
5785Author: Brad Spengler <spender@grsecurity.net>
5786Date: Sat Dec 3 21:29:37 2011 -0500
5787
5788 Import pax-linux-3.1.4-test18.patch
5789
5790commit 285eb4ea45d853ae00426b3315a61c1368080dad
5791Author: Brad Spengler <spender@grsecurity.net>
5792Date: Sat Dec 10 18:33:46 2011 -0500
5793
5794 Import changes from pax-linux-3.1.5-test20.patch
5795
5796commit a6bda918fc90ec1d5c387e978d147ad2044153f1
dd203dd8
PK		 5797Author: Brad Spengler <spender@grsecurity.net>
5798Date: Thu Dec 8 20:55:54 2011 -0500
5799
5800 Import changes from pax-linux-3.1.4-test19.patch
5801
2d294565 5802commit e6d987bdb782b280f882cc20055e3d9cb28ad3a5
627cd425
PK		 5803Author: Brad Spengler <spender@grsecurity.net>
5804Date: Sat Dec 3 21:29:37 2011 -0500
5805
5806 Import pax-linux-3.1.4-test18.patch
Unofficial grsecurity patch archive (https://github.com/slashbeast/grsecurity-scrape)