]> git.ipfire.org Git - thirdparty/grsecurity-scrape.git/blob - test/changelog-test.txt
projects / thirdparty / grsecurity-scrape.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
grsec-scrape autocommit. 1 new patch(es).
[thirdparty/grsecurity-scrape.git] / test / changelog-test.txt
1 commit 3784195d73223b2f93db2d8edd454483509c0808
2 Author: Djalal Harouni <tixxdz@opendz.org>
3 Date: Sun May 20 13:55:30 2012 +0000
4
5 drivers/net/stmmac: seq_file fix memory leak
6
7 Use single_release() instead of seq_release() to free memory allocated
8 by single_open().
9
10 Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
11 Signed-off-by: David S. Miller <davem@davemloft.net>
12
13 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 ++--
14 1 files changed, 2 insertions(+), 2 deletions(-)
15
16 commit 98131862203fd281c4cb8cbe01a8f20190f62cf7
17 Author: Brad Spengler <spender@grsecurity.net>
18 Date: Sat May 26 11:51:18 2012 -0400
19
20 When called for anonymous (non-shared) mappings,
21 hugetlb_reserve_pages() does a resv_map_alloc(). It depends on
22 code in hugetlbfs's vm_ops->close() to release that allocation.
23
24 However, in the mmap() failure path, we do a plain unmap_region()
25 without the remove_vma() which actually calls vm_ops->close().
26
27 This is a decent fix. This leak could get reintroduced if
28 new code (say, after hugetlb_reserve_pages() in
29 hugetlbfs_file_mmap()) decides to return an error. But, I think
30 it would have to unroll the reservation anyway.
31
32 This hasn't been extensively tested. Pretty much compile and
33 boot tested along with Christoph's test case:
34
35 http://marc.info/?l=linux-mm&m=133728900729735
36
37 Signed-off-by: Dave Hansen <dave@linux.vnet.ibm.com>
38 Acked-by: Mel Gorman <mel@csn.ul.ie>
39 ecked-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
40 Reported/tested-by: Christoph Lameter <cl@linux.com>
41
42 mm/hugetlb.c | 28 ++++++++++++++++++++++------
43 1 files changed, 22 insertions(+), 6 deletions(-)
44
45 commit 42526ac1fb37d444036f7ed781538f01979112b9
46 Merge: ef9c2e2 fe4d20a
47 Author: Brad Spengler <spender@grsecurity.net>
48 Date: Sat May 26 11:31:58 2012 -0400
49
50 Merge branch 'pax-test' into grsec-test
51
52 Conflicts:
53 fs/nfs/nfs4xdr.c
54
55 commit fe4d20ae91718b4c267bc9b048552d6a0daba5f1
56 Merge: 981e60c 4dc1c17
57 Author: Brad Spengler <spender@grsecurity.net>
58 Date: Sat May 26 11:30:35 2012 -0400
59
60 Update to pax-linux-3.3.7-test15.patch
61 Merge branch 'linux-3.3.y' into pax-test
62
63 Conflicts:
64 kernel/compat.c
65
66 commit 981e60cc448ce110e658c23c290cf96409ac558b
67 Author: Brad Spengler <spender@grsecurity.net>
68 Date: Sat May 26 11:00:42 2012 -0400
69
70 Update to pax-linux-3.3.6-test15.patch
71
72 Makefile | 4 +-
73 arch/x86/crypto/aesni-intel_glue.c | 2 -
74 arch/x86/include/asm/floppy.h | 1 -
75 arch/x86/include/asm/kvm_host.h | 4 +-
76 arch/x86/include/asm/syscalls.h | 2 +-
77 arch/x86/include/asm/uaccess_32.h | 17 -
78 arch/x86/include/asm/uaccess_64.h | 18 -
79 arch/x86/kernel/cpu/mcheck/mce-inject.c | 2 -
80 arch/x86/kernel/cpu/mtrr/if.c | 2 -
81 arch/x86/kernel/dumpstack_64.c | 3 +
82 arch/x86/kernel/i387.c | 20 -
83 arch/x86/kernel/ldt.c | 2 -
84 arch/x86/kernel/microcode_intel.c | 1 -
85 arch/x86/kernel/module.c | 1 -
86 arch/x86/kernel/ptrace.c | 4 -
87 arch/x86/kernel/setup_percpu.c | 4 -
88 arch/x86/kernel/tls.h | 2 +-
89 arch/x86/kernel/vm86_32.c | 3 -
90 arch/x86/kvm/x86.c | 21 -
91 arch/x86/kvm/x86.h | 4 +-
92 arch/x86/platform/uv/tlb_uv.c | 4 -
93 crypto/ablkcipher.c | 4 -
94 crypto/aead.c | 3 -
95 crypto/blkcipher.c | 3 -
96 crypto/cipher.c | 3 -
97 drivers/acpi/battery.c | 3 -
98 drivers/acpi/sbs.c | 3 -
99 drivers/infiniband/hw/ipath/ipath_fs.c | 4 -
100 drivers/infiniband/hw/qib/qib_fs.c | 4 -
101 drivers/lguest/lguest_user.c | 1 -
102 drivers/md/dm-raid1.c | 4 -
103 drivers/md/dm-stripe.c | 1 -
104 drivers/media/video/cpia2/cpia2_core.c | 1 -
105 drivers/media/video/cx18/cx18-alsa-pcm.c | 2 -
106 drivers/media/video/cx231xx/cx231xx-audio.c | 2 -
107 drivers/media/video/em28xx/em28xx-audio.c | 2 -
108 drivers/media/video/meye.c | 1 -
109 drivers/media/video/saa7164/saa7164-encoder.c | 2 -
110 drivers/media/video/saa7164/saa7164-vbi.c | 2 -
111 drivers/media/video/videobuf-dma-contig.c | 1 -
112 drivers/media/video/videobuf-dma-sg.c | 1 -
113 drivers/media/video/videobuf-vmalloc.c | 1 -
114 drivers/mtd/ubi/debug.c | 2 -
115 drivers/net/ethernet/chelsio/cxgb/sge.c | 2 -
116 drivers/net/ethernet/chelsio/cxgb3/sge.c | 4 -
117 drivers/net/ethernet/chelsio/cxgb4/sge.c | 3 -
118 drivers/net/ethernet/chelsio/cxgb4vf/sge.c | 3 -
119 drivers/net/wireless/ath/ath5k/debug.c | 3 -
120 drivers/net/wireless/ath/ath9k/debug.c | 2 -
121 drivers/net/wireless/ath/ath9k/htc_drv_debug.c | 2 -
122 drivers/oprofile/oprofile_files.c | 5 -
123 drivers/oprofile/oprofilefs.c | 1 -
124 drivers/platform/x86/asus_acpi.c | 2 -
125 drivers/platform/x86/toshiba_acpi.c | 2 -
126 drivers/staging/rtl8192e/rtllib_module.c | 2 -
127 .../staging/rtl8192u/ieee80211/ieee80211_module.c | 2 -
128 fs/cifs/asn1.c | 3 -
129 fs/configfs/file.c | 2 -
130 fs/ncpfs/ncplib_kernel.h | 4 +-
131 fs/sysfs/bin.c | 2 -
132 fs/ubifs/debug.c | 3 -
133 include/asm-generic/pgtable-nopud.h | 1 +
134 include/asm-generic/uaccess.h | 11 -
135 include/linux/compiler-gcc4.h | 1 +
136 include/linux/compiler.h | 1 +
137 include/linux/crash_dump.h | 2 +-
138 include/linux/kvm_host.h | 14 +-
139 include/linux/moduleloader.h | 2 +-
140 include/linux/oprofile.h | 2 +-
141 include/linux/slab.h | 4 +-
142 include/linux/slab_def.h | 2 -
143 include/linux/slob_def.h | 2 -
144 include/linux/slub_def.h | 6 +-
145 include/linux/uaccess.h | 2 +-
146 include/linux/vmalloc.h | 18 +-
147 mm/vmalloc.c | 4 +
148 net/bridge/netfilter/ebt_ulog.c | 1 -
149 net/ipv4/ah4.c | 2 -
150 net/ipv4/netfilter/arp_tables.c | 10 -
151 net/ipv4/netfilter/ip_tables.c | 11 -
152 net/ipv4/netfilter/ipt_ULOG.c | 1 -
153 net/ipv4/netfilter/nf_nat_snmp_basic.c | 4 -
154 net/ipv6/ah6.c | 2 -
155 net/ipv6/netfilter/ip6_tables.c | 11 -
156 scripts/Makefile.lib | 6 +-
157 tools/gcc/size_overflow_hash1.h | 3047 --------------------
158 tools/gcc/size_overflow_hash2.h | 35 -
159 tools/gcc/size_overflow_plugin.c | 158 +-
160 88 files changed, 144 insertions(+), 3434 deletions(-)
161
162 commit ef9c2e2cad33a477bf0c8f1ccf8aafb4a213a3df
163 Author: Brad Spengler <spender@grsecurity.net>
164 Date: Sat May 19 10:47:15 2012 -0400
165
166 init ebda range earlier in boot
167
168 Conflicts:
169
170 arch/x86/mm/init.c
171
172 arch/x86/mm/init.c | 48 +++++++++++++++++++++++++++++-------------------
173 1 files changed, 29 insertions(+), 19 deletions(-)
174
175 commit 945355803ce381eacce23b3383aca5964a92d063
176 Author: Brad Spengler <spender@grsecurity.net>
177 Date: Sat May 19 09:19:42 2012 -0400
178
179 [PATCH] mm: read_pmd_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition
180
181 When holding the mmap_sem for reading, pmd_offset_map_lock should only
182 run on a pmd_t that has been read atomically from the pmdp
183 pointer, otherwise we may read only half of it leading to this crash.
184
185 PID: 11679 TASK: f06e8000 CPU: 3 COMMAND: "do_race_2_panic"
186 #0 [f06a9dd8] crash_kexec at c049b5ec
187 #1 [f06a9e2c] oops_end at c083d1c2
188 #2 [f06a9e40] no_context at c0433ded
189 #3 [f06a9e64] bad_area_nosemaphore at c043401a
190 #4 [f06a9e6c] __do_page_fault at c0434493
191 #5 [f06a9eec] do_page_fault at c083eb45
192 #6 [f06a9f04] error_code (via page_fault) at c083c5d5
193 EAX: 01fb470c EBX: fff35000 ECX: 00000003 EDX: 00000100 EBP:
194 00000000
195 DS: 007b ESI: 9e201000 ES: 007b EDI: 01fb4700 GS: 00e0
196 CS: 0060 EIP: c083bc14 ERR: ffffffff EFLAGS: 00010246
197 #7 [f06a9f38] _spin_lock at c083bc14
198 #8 [f06a9f44] sys_mincore at c0507b7d
199 #9 [f06a9fb0] system_call at c083becd
200 start len
201 EAX: ffffffda EBX: 9e200000 ECX: 00001000 EDX: 6228537f
202 DS: 007b ESI: 00000000 ES: 007b EDI: 003d0f00
203 SS: 007b ESP: 62285354 EBP: 62285388 GS: 0033
204 CS: 0073 EIP: 00291416 ERR: 000000da EFLAGS: 00000286
205
206 This should be a longstanding bug affecting x86 32bit PAE without
207 THP. Only archs with 64bit large pmd_t and 32bit unsigned long should
208 be affected.
209
210 With THP enabled the barrier() in
211 pmd_none_or_trans_huge_or_clear_bad() would partly hide the bug when
212 the pmd transition from none to stable, by forcing a re-read of the
213 *pmd in pmd_offset_map_lock, but when THP is enabled a new set of
214 problem arises by the fact could then transition freely in any of the
215 none, pmd_trans_huge or pmd_trans_stable states. So making the barrier
216 in pmd_none_or_trans_huge_or_clear_bad() unconditional isn't good idea
217 and it would be a flakey solution.
218
219 This should be fully fixed by introducing a read_pmd_atomic that reads
220 the pmd in order with THP disabled, or by reading the pmd atomically
221 with cmpxchg8b with THP enabled.
222
223 Luckily this new race condition only triggers in the places that must
224 already be covered by pmd_none_or_trans_huge_or_clear_bad() so the fix
225 is localized there but this bug is not related to THP.
226
227 NOTE: this can trigger on x86 32bit systems with PAE enabled with more
228 than 4G of ram, otherwise the high part of the pmd will never risk to
229 be truncated because it would be zero at all times, in turn so hiding
230 the SMP race.
231
232 This bug was discovered and fully debugged by Ulrich, quote:
233
234 ----
235 [..]
236 pmd_none_or_trans_huge_or_clear_bad() loads the content of edx and
237 eax.
238
239 496 static inline int pmd_none_or_trans_huge_or_clear_bad(pmd_t
240 *pmd)
241 497 {
242 498 /* depend on compiler for an atomic pmd read */
243 499 pmd_t pmdval = *pmd;
244
245 // edi = pmd pointer
246 0xc0507a74 <sys_mincore+548>: mov 0x8(%esp),%edi
247 ...
248 // edx = PTE page table high address
249 0xc0507a84 <sys_mincore+564>: mov 0x4(%edi),%edx
250 ...
251 // eax = PTE page table low address
252 0xc0507a8e <sys_mincore+574>: mov (%edi),%eax
253
254 [..]
255
256 Please note that the PMD is not read atomically. These are two "mov"
257 instructions where the high order bits of the PMD entry are fetched
258 first. Hence, the above machine code is prone to the following race.
259
260 - The PMD entry {high|low} is 0x0000000000000000.
261 The "mov" at 0xc0507a84 loads 0x00000000 into edx.
262
263 - A page fault (on another CPU) sneaks in between the two "mov"
264 instructions and instantiates the PMD.
265
266 - The PMD entry {high|low} is now 0x00000003fda38067.
267 The "mov" at 0xc0507a8e loads 0xfda38067 into eax.
268 ----
269
270 Reported-by: Ulrich Obergfell <uobergfe <at> redhat.com>
271 Signed-off-by: Andrea Arcangeli <aarcange <at> redhat.com>
272 ---
273 arch/x86/include/asm/pgtable-3level.h | 50 +++++++++++++++++++++++++++++++++
274 include/asm-generic/pgtable.h | 22 +++++++++++++-
275 2 files changed, 70 insertions(+), 2 deletions(-)
276
277 arch/x86/include/asm/pgtable-3level.h | 50 +++++++++++++++++++++++++++++++++
278 include/asm-generic/pgtable.h | 22 +++++++++++++-
279 2 files changed, 70 insertions(+), 2 deletions(-)
280
281 commit c372470ba53425b2e159282d81680c0c84f3750d
282 Author: Tushar Dave <tushar.n.dave@intel.com>
283 Date: Thu May 17 01:04:50 2012 +0000
284
285 e1000: Prevent reset task killing itself.
286
287 Killing reset task while adapter is resetting causes deadlock.
288 Only kill reset task if adapter is not resetting.
289 Ref bug #43132 on bugzilla.kernel.org
290
291 CC: stable@vger.kernel.org
292 Signed-off-by: Tushar Dave <tushar.n.dave@intel.com>
293 Tested-by: Aaron Brown <aaron.f.brown@intel.com>
294 Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
295 Signed-off-by: David S. Miller <davem@davemloft.net>
296
297 drivers/net/ethernet/intel/e1000/e1000_main.c | 6 +++++-
298 1 files changed, 5 insertions(+), 1 deletions(-)
299
300 commit 1ef7b1503902f0e58f843417b514ab79d52f85aa
301 Author: Willy Tarreau <w@1wt.eu>
302 Date: Thu May 17 11:14:14 2012 +0000
303
304 tcp: do_tcp_sendpages() must try to push data out on oom conditions
305
306 Since recent changes on TCP splicing (starting with commits 2f533844
307 "tcp: allow splice() to build full TSO packets" and 35f9c09f "tcp:
308 tcp_sendpages() should call tcp_push() once"), I started seeing
309 massive stalls when forwarding traffic between two sockets using
310 splice() when pipe buffers were larger than socket buffers.
311
312 Latest changes (net: netdev_alloc_skb() use build_skb()) made the
313 problem even more apparent.
314
315 The reason seems to be that if do_tcp_sendpages() fails on out of memory
316 condition without being able to send at least one byte, tcp_push() is not
317 called and the buffers cannot be flushed.
318
319 After applying the attached patch, I cannot reproduce the stalls at all
320 and the data rate it perfectly stable and steady under any condition
321 which previously caused the problem to be permanent.
322
323 The issue seems to have been there since before the kernel migrated to
324 git, which makes me think that the stalls I occasionally experienced
325 with tux during stress-tests years ago were probably related to the
326 same issue.
327
328 This issue was first encountered on 3.0.31 and 3.2.17, so please backport
329 to -stable.
330
331 Signed-off-by: Willy Tarreau <w@1wt.eu>
332 Acked-by: Eric Dumazet <edumazet@google.com>
333 Cc: <stable@vger.kernel.org>
334
335 net/ipv4/tcp.c | 3 +--
336 1 files changed, 1 insertions(+), 2 deletions(-)
337
338 commit f1ef0322da87da4de06f2c12d9615e5b62906d98
339 Author: Sachin Prabhu <sprabhu@redhat.com>
340 Date: Tue Apr 17 14:35:39 2012 +0100
341
342 Avoid reading past buffer when calling GETACL
343
344 Bug noticed in commit
345 bf118a342f10dafe44b14451a1392c3254629a1f
346
347 When calling GETACL, if the size of the bitmap array, the length
348 attribute and the acl returned by the server is greater than the
349 allocated buffer(args.acl_len), we can Oops with a General Protection
350 fault at _copy_from_pages() when we attempt to read past the pages
351 allocated.
352
353 This patch allocates an extra PAGE for the bitmap and checks to see that
354 the bitmap + attribute_length + ACLs don't exceed the buffer space
355 allocated to it.
356
357 Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
358 Reported-by: Jian Li <jiali@redhat.com>
359 [Trond: Fixed a size_t vs unsigned int printk() warning]
360 Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
361
362 fs/nfs/nfs4proc.c | 16 ++++++++++------
363 fs/nfs/nfs4xdr.c | 18 +++++++++++-------
364 2 files changed, 21 insertions(+), 13 deletions(-)
365
366 commit 6405eafd58c9a79fdd2c383fcd15e1231f30e52d
367 Author: Brad Spengler <spender@grsecurity.net>
368 Date: Sat May 19 08:30:54 2012 -0400
369
370 Precompute _start/_end
371
372 arch/x86/mm/init.c | 25 ++++++++++++-------------
373 1 files changed, 12 insertions(+), 13 deletions(-)
374
375 commit 86d09b7998377aa2a41dfa094f09e3e37681771b
376 Author: Brad Spengler <spender@grsecurity.net>
377 Date: Sat May 19 07:45:06 2012 -0400
378
379 Use new method of EBDA detection
380 Resolves issue from: https://bugs.gentoo.org/show_bug.cgi?id=416415
381
382 arch/x86/mm/init.c | 28 +++++++++++++++++++++++++++-
383 1 files changed, 27 insertions(+), 1 deletions(-)
384
385 commit ae5d8ccb14ea02206a73bcfcb6fd1584229c7816
386 Author: Eric W. Biederman <ebiederm@xmission.com>
387 Date: Fri May 4 11:34:03 2012 +0000
388
389 connector/userns: replace netlink uses of cap_raised() with capable()
390
391 In 2009 Philip Reiser notied that a few users of netlink connector
392 interface needed a capability check and added the idiom
393 cap_raised(nsp->eff_cap, CAP_SYS_ADMIN) to a few of them, on the premise
394 that netlink was asynchronous.
395
396 In 2011 Patrick McHardy noticed we were being silly because netlink is
397 synchronous and removed eff_cap from the netlink_skb_params and changed
398 the idiom to cap_raised(current_cap(), CAP_SYS_ADMIN).
399
400 Looking at those spots with a fresh eye we should be calling
401 capable(CAP_SYS_ADMIN). The only reason I can see for not calling capable
402 is that it once appeared we were not in the same task as the caller which
403 would have made calling capable() impossible.
404
405 In the initial user_namespace the only difference between between
406 cap_raised(current_cap(), CAP_SYS_ADMIN) and capable(CAP_SYS_ADMIN) are a
407 few sanity checks and the fact that capable(CAP_SYS_ADMIN) sets
408 PF_SUPERPRIV if we use the capability.
409
410 Since we are going to be using root privilege setting PF_SUPERPRIV seems
411 the right thing to do.
412
413 The motivation for this that patch is that in a child user namespace
414 cap_raised(current_cap(),...) tests your capabilities with respect to that
415 child user namespace not capabilities in the initial user namespace and
416 thus will allow processes that should be unprivielged to use the kernel
417 services that are only protected with cap_raised(current_cap(),..).
418
419 To fix possible user_namespace issues and to just clean up the code
420 replace cap_raised(current_cap(), CAP_SYS_ADMIN) with
421 capable(CAP_SYS_ADMIN).
422
423 Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
424 Cc: Patrick McHardy <kaber@trash.net>
425 Cc: Philipp Reisner <philipp.reisner@linbit.com>
426 Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
427 Acked-by: Andrew G. Morgan <morgan@kernel.org>
428 Cc: Vasiliy Kulikov <segoon@openwall.com>
429 Cc: David Howells <dhowells@redhat.com>
430 Reviewed-by: James Morris <james.l.morris@oracle.com>
431 Cc: David Miller <davem@davemloft.net>
432 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
433 Signed-off-by: David S. Miller <davem@davemloft.net>
434
435 drivers/block/drbd/drbd_nl.c | 2 +-
436 drivers/md/dm-log-userspace-transfer.c | 2 +-
437 drivers/video/uvesafb.c | 2 +-
438 3 files changed, 3 insertions(+), 3 deletions(-)
439
440 commit 74650b6cb5756e6e78f90b31830ebe779c87e454
441 Author: Dan Carpenter <dan.carpenter@oracle.com>
442 Date: Sun May 13 08:44:18 2012 +0000
443
444 openvswitch: checking wrong variable in queue_userspace_packet()
445
446 "skb" is non-NULL here, for example we dereference it in skb_clone().
447 The intent was to test "nskb" which was just set.
448
449 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
450 Acked-by: Jesse Gross <jesse@nicira.com>
451 Signed-off-by: David S. Miller <davem@davemloft.net>
452
453 net/openvswitch/datapath.c | 2 +-
454 1 files changed, 1 insertions(+), 1 deletions(-)
455
456 commit c9edc7f133cb58a6f079390f1e31eac1d3122c86
457 Author: Brad Spengler <spender@grsecurity.net>
458 Date: Sun May 13 15:42:34 2012 -0400
459
460 Add MIPS support to GRKERNSEC_SETXID, choose a thread info flag bit
461 for each of our supported architectures that can be properly expressed
462 within the instruction making use of an immediate value:
463 < 12 on sparc64
464 < 32 on mips
465 < 16 on powerpc
466 < 8 or expressable within 8 bits with a shift amount on arm
467
468 (different values required for this kernel due to 3.3 feature additions)
469
470 Conflicts:
471
472 arch/arm/include/asm/thread_info.h
473 arch/sparc/include/asm/thread_info_64.h
474
475 arch/arm/include/asm/thread_info.h | 7 ++++++-
476 arch/mips/include/asm/thread_info.h | 9 +++++++--
477 arch/mips/kernel/ptrace.c | 9 +++++++++
478 arch/mips/kernel/scall32-o32.S | 2 +-
479 arch/mips/kernel/scall64-64.S | 2 +-
480 arch/mips/kernel/scall64-n32.S | 2 +-
481 arch/mips/kernel/scall64-o32.S | 2 +-
482 arch/powerpc/include/asm/thread_info.h | 5 +++--
483 arch/sparc/include/asm/thread_info_64.h | 4 ++--
484 arch/x86/include/asm/thread_info.h | 3 ++-
485 grsecurity/Kconfig | 4 ++--
486 11 files changed, 35 insertions(+), 14 deletions(-)
487
488 commit 941429c6316391a4104d5781bf96a4a88b8b270d
489 Author: Brad Spengler <spender@grsecurity.net>
490 Date: Sun May 13 14:21:06 2012 -0400
491
492 Add arm/ppc/sparc64 support to GRKERNSEC_SETXID
493
494 arch/arm/include/asm/thread_info.h | 5 ++++-
495 arch/arm/kernel/ptrace.c | 9 +++++++++
496 arch/powerpc/include/asm/thread_info.h | 6 +++++-
497 arch/powerpc/kernel/ptrace.c | 14 ++++++++++++++
498 arch/sparc/include/asm/thread_info_64.h | 7 +++++++
499 arch/sparc/kernel/ptrace_64.c | 14 ++++++++++++++
500 arch/sparc/kernel/syscalls.S | 10 +++++-----
501 arch/x86/include/asm/thread_info.h | 2 +-
502 grsecurity/Kconfig | 4 ++--
503 9 files changed, 61 insertions(+), 10 deletions(-)
504
505 commit 27cd051e9c71168dd4ba8048be2bcd962cb9c1bb
506 Author: Brad Spengler <spender@grsecurity.net>
507 Date: Sat May 12 23:24:22 2012 -0400
508
509 Make CONFIG_GRKERNSEC_SETXID depend on X86 for now, more architectures to
510 be added later
511 Speeds up implementation by using existing thread info flag check
512 Will also apply the new credentials faster than the previous method, either
513 upon the next syscall entry or exit
514 Resolves oops triggerable by root reported by Pavel Labushev
515
516 arch/x86/include/asm/thread_info.h | 8 +++++---
517 arch/x86/kernel/ptrace.c | 14 ++++++++++++++
518 grsecurity/Kconfig | 3 ++-
519 kernel/cred.c | 11 ++++++++++-
520 kernel/sched/core.c | 15 ---------------
521 5 files changed, 31 insertions(+), 20 deletions(-)
522
523 commit 47565c239f57cef0f68934085945072768d8bfa3
524 Merge: f170787 58b316c
525 Author: Brad Spengler <spender@grsecurity.net>
526 Date: Sat May 12 17:21:53 2012 -0400
527
528 Merge branch 'pax-test' into grsec-test
529
530 commit 58b316c3d406413e6e007f313534cd54114c15e3
531 Author: Brad Spengler <spender@grsecurity.net>
532 Date: Sat May 12 17:21:15 2012 -0400
533
534 Update to pax-linux-3.3.6-test12.patch
535
536 arch/x86/kernel/entry_32.S | 2 +-
537 arch/x86/lib/atomic64_cx8_32.S | 2 +-
538 2 files changed, 2 insertions(+), 2 deletions(-)
539
540 commit f170787d59bfe8af56d3d12c6422ca6c9ee2c9a3
541 Merge: 1f1f22a 37725adf
542 Author: Brad Spengler <spender@grsecurity.net>
543 Date: Sat May 12 15:54:19 2012 -0400
544
545 Merge branch 'pax-test' into grsec-test
546
547 commit 37725adf42f6e157916e779acc37696810bc3213
548 Merge: a17565b b67be2a
549 Author: Brad Spengler <spender@grsecurity.net>
550 Date: Sat May 12 15:54:06 2012 -0400
551
552 Merge branch 'linux-3.3.y' into pax-test
553
554 Conflicts:
555 arch/x86/boot/compressed/relocs.c
556
557 commit 1f1f22a1225b5083787871fa1b3825a3ad26c1dd
558 Author: Brad Spengler <spender@grsecurity.net>
559 Date: Wed May 9 17:22:32 2012 -0400
560
561 No need to perform descendent checks on anything but PTRACE_ATTACH/PTRACE_SEIZE
562 resolves issue with strace -f v4.7
563
564 grsecurity/gracl.c | 25 +++++++++++++------------
565 1 files changed, 13 insertions(+), 12 deletions(-)
566
567 commit 93d733045b6ebd24173c9ddbf70232382f196ab7
568 Merge: a2446fc a17565b
569 Author: Brad Spengler <spender@grsecurity.net>
570 Date: Wed May 9 17:13:44 2012 -0400
571
572 Merge branch 'pax-test' into grsec-test
573
574 commit a17565bf6246281d34fd530b7f93b6dc3affe932
575 Author: Brad Spengler <spender@grsecurity.net>
576 Date: Wed May 9 17:13:23 2012 -0400
577
578 Update to pax-linux-3.3.5-test11.patch
579
580 arch/x86/mm/hugetlbpage.c | 7 ++++++-
581 arch/x86/mm/init_64.c | 2 +-
582 lib/ioremap.c | 4 ++--
583 mm/memory.c | 8 ++++++--
584 4 files changed, 15 insertions(+), 6 deletions(-)
585
586 commit a2446fc9e8ab4215b81285e8e38fb7691fede567
587 Author: Jeff Mahoney <jeffm@suse.com>
588 Date: Wed Apr 25 14:32:09 2012 +0000
589
590 dl2k: Clean up rio_ioctl
591
592 The dl2k driver's rio_ioctl call has a few issues:
593 - No permissions checking
594 - Implements SIOCGMIIREG and SIOCGMIIREG using the SIOCDEVPRIVATE numbers
595 - Has a few ioctls that may have been used for debugging at one point
596 but have no place in the kernel proper.
597
598 This patch removes all but the MII ioctls, renumbers them to use the
599 standard ones, and adds the proper permission check for SIOCSMIIREG.
600
601 We can also get rid of the dl2k-specific struct mii_data in favor of
602 the generic struct mii_ioctl_data.
603
604 Since we have the phyid on hand, we can add the SIOCGMIIPHY ioctl too.
605
606 Most of the MII code for the driver could probably be converted to use
607 the generic MII library but I don't have a device to test the results.
608
609 Reported-by: Stephan Mueller <stephan.mueller@atsec.com>
610 Signed-off-by: Jeff Mahoney <jeffm@suse.com>
611 Signed-off-by: David S. Miller <davem@davemloft.net>
612
613 drivers/net/ethernet/dlink/dl2k.c | 52 ++++++------------------------------
614 drivers/net/ethernet/dlink/dl2k.h | 7 -----
615 2 files changed, 9 insertions(+), 50 deletions(-)
616
617 commit 0387e294960d1a97aecf9a091fd04dc6ea60dc24
618 Merge: 8721cf2 b472141
619 Author: Brad Spengler <spender@grsecurity.net>
620 Date: Mon May 7 17:47:29 2012 -0400
621
622 Merge branch 'pax-test' into grsec-test
623
624 commit b472141f82dcaaebb0915579b664deb13dd51a63
625 Author: Brad Spengler <spender@grsecurity.net>
626 Date: Mon May 7 17:47:09 2012 -0400
627
628 Update to pax-linux-3.3.5-test10.patch
629
630 arch/alpha/include/asm/pgalloc.h | 6 +++
631 arch/arm/include/asm/pgalloc.h | 6 +++
632 arch/ia64/include/asm/pgalloc.h | 12 ++++++
633 arch/mips/include/asm/pgalloc.h | 5 ++
634 arch/parisc/include/asm/pgalloc.h | 6 +++
635 arch/powerpc/include/asm/pgalloc-64.h | 7 +++
636 arch/sparc/include/asm/pgalloc_32.h | 1 +
637 arch/sparc/include/asm/pgalloc_64.h | 1 +
638 arch/um/include/asm/pgtable-3level.h | 1 +
639 arch/x86/include/asm/pgalloc.h | 16 ++++++++
640 arch/x86/include/asm/pgtable_64.h | 2 +
641 arch/x86/mm/init_64.c | 6 +-
642 fs/binfmt_elf.c | 6 ++-
643 include/linux/mm.h | 26 ++++++++++++
644 mm/memory.c | 41 ++++++++++++++++++++
645 mm/sparse-vmemmap.c | 4 +-
646 mm/vmalloc.c | 4 +-
647 tools/gcc/size_overflow_plugin.c | 68 ++++++++++++++++++++++++++-------
648 18 files changed, 196 insertions(+), 22 deletions(-)
649
650 commit 1d0532c4ddc0739cd7638044ffc05159992468b3
651 Merge: 09bdf6a dda1cd5
652 Author: Brad Spengler <spender@grsecurity.net>
653 Date: Mon May 7 17:46:55 2012 -0400
654
655 Merge branch 'linux-3.3.y' into pax-test
656
657 commit 8721cf24ffec2f9a120ad5a057b305c0e42c6f74
658 Author: Oleg Nesterov <oleg@redhat.com>
659 Date: Mon Apr 16 22:48:15 2012 +0200
660
661 i387: ptrace breaks the lazy-fpu-restore logic
662
663 Starting from 7e16838d "i387: support lazy restore of FPU state"
664 we assume that fpu_owner_task doesn't need restore_fpu_checking()
665 on the context switch, its FPU state should match what we already
666 have in the FPU on this CPU.
667
668 However, debugger can change the tracee's FPU state, in this case
669 we should reset fpu.last_cpu to ensure fpu_lazy_restore() can't
670 return true.
671
672 Change init_fpu() to do this, it is called by user_regset->set()
673 methods.
674
675 Reported-by: Jan Kratochvil <jan.kratochvil@redhat.com>
676 Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
677 Signed-off-by: Oleg Nesterov <oleg@redhat.com>
678 Link: http://lkml.kernel.org/r/20120416204815.GB24884@redhat.com
679 Cc: <stable@vger.kernel.org> v3.3
680 Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
681
682 arch/x86/kernel/i387.c | 1 +
683 1 files changed, 1 insertions(+), 0 deletions(-)
684
685 commit e21c05262f5cb25748625efe8c8955ec052772d8
686 Merge: daa5a9b 09bdf6a
687 Author: Brad Spengler <spender@grsecurity.net>
688 Date: Fri Apr 27 17:52:51 2012 -0400
689
690 Merge branch 'pax-test' into grsec-test
691
692 commit 09bdf6a25a5f726fa28e60d0594ecf58dd766696
693 Merge: 955435e d0c4f31
694 Author: Brad Spengler <spender@grsecurity.net>
695 Date: Fri Apr 27 17:52:43 2012 -0400
696
697 Merge branch 'linux-3.3.y' into pax-test
698
699 commit daa5a9b75978fafef5f453d3efb91723ad084539
700 Merge: 76b9055 955435e
701 Author: Brad Spengler <spender@grsecurity.net>
702 Date: Mon Apr 23 18:07:54 2012 -0400
703
704 Merge branch 'pax-test' into grsec-test
705
706 Conflicts:
707 security/Kconfig
708
709 commit 955435e0efc1b188f632ca4d0918b133174a0fba
710 Author: Brad Spengler <spender@grsecurity.net>
711 Date: Mon Apr 23 17:53:48 2012 -0400
712
713 Update to pax-linux-3.3.3-test8.patch
714
715 arch/x86/kvm/svm.c | 1 -
716 drivers/gpu/drm/i915/intel_display.c | 8 +++++++-
717 drivers/video/uvesafb.c | 5 +++--
718 security/Kconfig | 1 +
719 tools/gcc/constify_plugin.c | 2 +-
720 5 files changed, 12 insertions(+), 5 deletions(-)
721
722 commit 76b90550e7c2202e102e09f48b77def5302b1298
723 Merge: ed57dbd e64c3b2
724 Author: Brad Spengler <spender@grsecurity.net>
725 Date: Sun Apr 22 20:52:35 2012 -0400
726
727 Upstream finally got around to fixing the ASLR infoleak I found and fixed
728 in grsecurity in 2009. Three years with the fix in plain sight in the patch,
729 yet still it wasn't known or fixed until I explicitly mentioned it to Kees.
730 (this seems to be a recurring theme)
731
732 Merge branch 'pax-test' into grsec-test
733
734 Conflicts:
735 kernel/futex.c
736 kernel/futex_compat.c
737 security/commoncap.c
738
739 commit e64c3b2239335992182ff96235b81e2a87230b80
740 Merge: e538e1d fa023d5
741 Author: Brad Spengler <spender@grsecurity.net>
742 Date: Sun Apr 22 20:46:57 2012 -0400
743
744 Merge branch 'linux-3.3.y' into pax-test
745
746 commit ed57dbd68c344c1d0e6617247fb7e80e7db1d796
747 Author: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
748 Date: Fri Apr 13 03:35:13 2012 +0000
749
750 sparc64: Eliminate obsolete __handle_softirq() function
751
752 The invocation of softirq is now handled by irq_exit(), so there is no
753 need for sparc64 to invoke it on the trap-return path. In fact, doing so
754 is a bug because if the trap occurred in the idle loop, this invocation
755 can result in lockdep-RCU failures. The problem is that RCU ignores idle
756 CPUs, and the sparc64 trap-return path to the softirq handlers fails to
757 tell RCU that the CPU must be considered non-idle while those handlers
758 are executing. This means that RCU is ignoring any RCU read-side critical
759 sections in those handlers, which in turn means that RCU-protected data
760 can be yanked out from under those read-side critical sections.
761
762 The shiny new lockdep-RCU ability to detect RCU read-side critical sections
763 that RCU is ignoring located this problem.
764
765 The fix is straightforward: Make sparc64 stop manually invoking the
766 softirq handlers.
767
768 Reported-by: Meelis Roos <mroos@linux.ee>
769 Suggested-by: David Miller <davem@davemloft.net>
770 Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
771 Tested-by: Meelis Roos <mroos@linux.ee>
772 Cc: stable@vger.kernel.org
773 Signed-off-by: David S. Miller <davem@davemloft.net>
774
775 arch/sparc/kernel/rtrap_64.S | 7 -------
776 1 files changed, 0 insertions(+), 7 deletions(-)
777
778 commit e094cb83872b493ec77323eef91eaf409f13df79
779 Author: David S. Miller <davem@davemloft.net>
780 Date: Fri Apr 13 11:56:22 2012 -0700
781
782 sparc64: Fix bootup crash on sun4v.
783
784 The DS driver registers as a subsys_initcall() but this can be too
785 early, in particular this risks registering before we've had a chance
786 to allocate and setup module_kset in kernel/params.c which is
787 performed also as a subsyts_initcall().
788
789 Register DS using device_initcall() insteal.
790
791 Signed-off-by: David S. Miller <davem@davemloft.net>
792 Cc: stable@vger.kernel.org
793
794 arch/sparc/kernel/ds.c | 2 +-
795 1 files changed, 1 insertions(+), 1 deletions(-)
796
797 commit 2fe8dca41a62e05f6c0a0bf4852f8a8d0b8967e0
798 Author: Lubos Lunak <l.lunak@suse.cz>
799 Date: Wed Mar 21 14:08:24 2012 +0100
800
801 do not export kernel's NULL #define to userspace
802
803 GCC's NULL is actually __null, which allows detecting some questionable
804 NULL usage and warn about it. Moreover each platform/compiler should
805 have its own stddef.h anyway (which is different from linux/stddef.h).
806
807 So there's no good reason to leak kernel's NULL to userspace and
808 override what the compiler provides.
809
810 Signed-off-by: Luboš Luňák <l.lunak@suse.cz>
811 Acked-by: Arnd Bergmann <arnd@arndb.de>
812 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
813
814 include/linux/stddef.h | 8 ++------
815 1 files changed, 2 insertions(+), 6 deletions(-)
816
817 commit 7dc1db81ece569ccad1227ef72ab58c4f160c5f9
818 Author: Alex Williamson <alex.williamson@redhat.com>
819 Date: Wed Apr 11 09:51:49 2012 -0600
820
821 KVM: unmap pages from the iommu when slots are removed
822
823 We've been adding new mappings, but not destroying old mappings.
824 This can lead to a page leak as pages are pinned using
825 get_user_pages, but only unpinned with put_page if they still
826 exist in the memslots list on vm shutdown. A memslot that is
827 destroyed while an iommu domain is enabled for the guest will
828 therefore result in an elevated page reference count that is
829 never cleared.
830
831 Additionally, without this fix, the iommu is only programmed
832 with the first translation for a gpa. This can result in
833 peer-to-peer errors if a mapping is destroyed and replaced by a
834 new mapping at the same gpa as the iommu will still be pointing
835 to the original, pinned memory address.
836
837 Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
838 Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
839
840 include/linux/kvm_host.h | 6 ++++++
841 virt/kvm/iommu.c | 7 ++++++-
842 virt/kvm/kvm_main.c | 5 +++--
843 3 files changed, 15 insertions(+), 3 deletions(-)
844
845 commit b0e0913f11ccad2909d96833b21f3d1dd1dd187b
846 Author: Brad Spengler <spender@grsecurity.net>
847 Date: Thu Apr 19 20:27:57 2012 -0400
848
849 http://marc.info/?l=linux-kernel&m=133455712201581&w=2
850
851 Currently we do not validate the vector length before calling
852 get_user_pages_fast(), host stack would be easily overflowed by
853 malicious guest driver who give us a descriptor with length greater
854 than MAX_SKB_FRAGS. Solve this problem by checking the free entries
855 before trying to pin user pages.
856
857 Signed-off-by: Jason Wang <jasowang@redhat.com>
858
859 drivers/net/macvtap.c | 2 ++
860 1 files changed, 2 insertions(+), 0 deletions(-)
861
862 commit a3632ca0baf60466c650053eb72e1b047540e4cc
863 Author: Eric Paris <eparis@redhat.com>
864 Date: Tue Apr 17 16:26:54 2012 -0400
865
866 fcaps: clear the same personality flags as suid when fcaps are used
867
868 If a process increases permissions using fcaps all of the dangerous
869 personality flags which are cleared for suid apps should also be cleared.
870 Thus programs given priviledge with fcaps will continue to have address space
871 randomization enabled even if the parent tried to disable it to make it
872 easier to attack.
873
874 Signed-off-by: Eric Paris <eparis@redhat.com>
875 Reviewed-by: Serge Hallyn <serge.hallyn@canonical.com>
876 Signed-off-by: James Morris <james.l.morris@oracle.com>
877
878 security/commoncap.c | 5 +++++
879 1 files changed, 5 insertions(+), 0 deletions(-)
880
881 commit 6bb89c4bd981848dd5647a2f3c933937d8e49a61
882 Merge: c7db64d e538e1d
883 Author: Brad Spengler <spender@grsecurity.net>
884 Date: Sun Apr 15 11:08:50 2012 -0400
885
886 Merge branch 'pax-test' into grsec-test
887
888 commit e538e1de0e33950814137a835b0402a097939c3f
889 Author: Brad Spengler <spender@grsecurity.net>
890 Date: Sun Apr 15 11:08:26 2012 -0400
891
892 Update to pax-linux-3.3.2-test7.patch
893
894 arch/x86/include/asm/cmpxchg.h | 4 ++--
895 arch/x86/include/asm/kvm_host.h | 2 +-
896 arch/x86/kvm/vmx.c | 1 -
897 include/asm-generic/pgtable.h | 4 ++--
898 kernel/panic.c | 2 +-
899 5 files changed, 6 insertions(+), 7 deletions(-)
900
901 commit c7db64db701e32d76797a3e07bc5c43c4029bb4b
902 Author: Jason Wessel <jason.wessel@windriver.com>
903 Date: Thu Apr 12 12:49:17 2012 -0700
904
905 panic: fix stack dump print on direct call to panic()
906
907 Commit 6e6f0a1f0fa6 ("panic: don't print redundant backtraces on oops")
908 causes a regression where no stack trace will be printed at all for the
909 case where kernel code calls panic() directly while not processing an
910 oops, and of course there are 100's of instances of this type of call.
911
912 The original commit executed the check (!oops_in_progress), but this will
913 always be false because just before the dump_stack() there is a call to
914 bust_spinlocks(1), which does the following:
915
916 void __attribute__((weak)) bust_spinlocks(int yes)
917 {
918 if (yes) {
919 ++oops_in_progress;
920
921 The proper way to resolve the problem that original commit tried to
922 solve is to avoid printing a stack dump from panic() when the either of
923 the following conditions is true:
924
925 1) TAINT_DIE has been set (this is done by oops_end())
926 This indicates and oops has already been printed.
927 2) oops_in_progress > 1
928 This guards against the rare case where panic() is invoked
929 a second time, or in between oops_begin() and oops_end()
930
931 Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
932 Cc: Andi Kleen <ak@linux.intel.com>
933 Cc: <stable@vger.kernel.org> [3.3+]
934 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
935 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
936
937 kernel/panic.c | 2 +-
938 1 files changed, 1 insertions(+), 1 deletions(-)
939
940 commit fa5fabf348ab41988ef87d20d24e3203c2aa8d40
941 Author: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
942 Date: Thu Apr 12 12:49:12 2012 -0700
943
944 drivers/char/random.c: fix boot id uniqueness race
945
946 /proc/sys/kernel/random/boot_id can be read concurrently by userspace
947 processes. If two (or more) user-space processes concurrently read
948 boot_id when sysctl_bootid is not yet assigned, a race can occur making
949 boot_id differ between the reads. Because the whole point of the boot id
950 is to be unique across a kernel execution, fix this by protecting this
951 operation with a spinlock.
952
953 Given that this operation is not frequently used, hitting the spinlock
954 on each call should not be an issue.
955
956 Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
957 Cc: "Theodore Ts'o" <tytso@mit.edu>
958 Cc: Matt Mackall <mpm@selenic.com>
959 Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
960 Cc: Greg Kroah-Hartman <greg@kroah.com>
961 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
962 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
963
964 drivers/char/random.c | 11 ++++++++---
965 1 files changed, 8 insertions(+), 3 deletions(-)
966
967 commit 9f055943f8c70a331e6066d154584b94b8a7e6ff
968 Merge: 15291162 69e4937
969 Author: Brad Spengler <spender@grsecurity.net>
970 Date: Fri Apr 13 16:10:29 2012 -0400
971
972 Merge branch 'pax-test' into grsec-test
973
974 Conflicts:
975 kernel/sysctl.c
976
977 commit 69e4937b96b2c03dbe975eb70991f89bbe448411
978 Merge: 0c851ef ad07d7b
979 Author: Brad Spengler <spender@grsecurity.net>
980 Date: Fri Apr 13 16:09:07 2012 -0400
981
982 Merge branch 'linux-3.3.y' into pax-test
983
984 commit 152911622e7f698d34ae653ea79060d3f518bcb7
985 Merge: 5c04558 0c851ef
986 Author: Brad Spengler <spender@grsecurity.net>
987 Date: Mon Apr 9 17:02:01 2012 -0400
988
989 Merge branch 'pax-test' into grsec-test
990
991 commit 0c851ef08806717abcb17f2e3f7156250a68e31a
992 Author: Brad Spengler <spender@grsecurity.net>
993 Date: Mon Apr 9 17:01:48 2012 -0400
994
995 Update to pax-linux-3.3.1-test7.patch
996
997 arch/x86/kernel/kdebugfs.c | 2 ++
998 arch/x86/mm/pgtable.c | 4 ++++
999 2 files changed, 6 insertions(+), 0 deletions(-)
1000
1001 commit 5c04558d606ca8cfe925fa0d1c7cdcc7ad15b199
1002 Merge: 29547b5 8bb406f
1003 Author: Brad Spengler <spender@grsecurity.net>
1004 Date: Sun Apr 8 16:01:46 2012 -0400
1005
1006 Merge branch 'pax-test' into grsec-test
1007
1008 Conflicts:
1009 mm/mmap.c
1010 security/Kconfig
1011
1012 commit 29547b5c27a97d0e13bd59bc3869f270ec472d66
1013 Author: Brad Spengler <spender@grsecurity.net>
1014 Date: Sun Apr 8 15:59:33 2012 -0400
1015
1016 Revert "Fix RLIMIT_AS accounting with brk randomization"
1017
1018 This reverts commit e8719b11ed6e03b3c9c4ca769dcd9341af0ca411.
1019
1020 fs/binfmt_elf.c | 2 +-
1021 mm/mmap.c | 2 --
1022 2 files changed, 1 insertions(+), 3 deletions(-)
1023
1024 commit 784a578e35994ada12d51ee064538c06f0ad527c
1025 Author: Brad Spengler <spender@grsecurity.net>
1026 Date: Sun Apr 8 15:59:14 2012 -0400
1027
1028 Revert "Fix RLIMIT_AS checking with brk randomization"
1029
1030 This reverts commit 0f5c00e65adef2b874afcaf36bd15898f1b07d1e.
1031
1032 fs/binfmt_elf.c | 2 --
1033 mm/mmap.c | 5 +----
1034 2 files changed, 1 insertions(+), 6 deletions(-)
1035
1036 commit 68018e31a67166e3459768a57bcb9827c42e4906
1037 Author: Brad Spengler <spender@grsecurity.net>
1038 Date: Sun Apr 8 15:58:59 2012 -0400
1039
1040 Revert "set end_data before mmap of gap otherwise we'll be counting toward RLIMIT_AS"
1041
1042 This reverts commit 3822d8ebbe141004d4b57c71cbc4ed2948753059.
1043
1044 fs/binfmt_elf.c | 2 +-
1045 1 files changed, 1 insertions(+), 1 deletions(-)
1046
1047 commit 22ed2b3ef411bfe753ddcb039f52a02336003f98
1048 Author: Brad Spengler <spender@grsecurity.net>
1049 Date: Sun Apr 8 15:58:40 2012 -0400
1050
1051 Revert "Fix RLIMIT_AS checking with brk randomization"
1052
1053 This reverts commit 5693e0379b65616a111084fc0db5e408ee716d54.
1054
1055 fs/binfmt_elf.c | 2 ++
1056 mm/mmap.c | 2 +-
1057 2 files changed, 3 insertions(+), 1 deletions(-)
1058
1059 commit dd0706106b0a4e80d65cb971262faedb2eff82cb
1060 Author: Brad Spengler <spender@grsecurity.net>
1061 Date: Sun Apr 8 15:58:12 2012 -0400
1062
1063 Revert "fix wraparound"
1064
1065 This reverts commit daa20cc1ecd09f3745ee2895af1385e02be79822.
1066
1067 fs/binfmt_elf.c | 3 +--
1068 1 files changed, 1 insertions(+), 2 deletions(-)
1069
1070 commit 803884ee45cb70ea06558aa4e409fbcff93d3d71
1071 Author: Brad Spengler <spender@grsecurity.net>
1072 Date: Sun Apr 8 15:56:40 2012 -0400
1073
1074 Revert "fake start_brk value before mmap is processed"
1075
1076 This reverts commit a18343183d8978e473d53569ed4d700ff798ad35.
1077
1078 fs/binfmt_elf.c | 1 -
1079 1 files changed, 0 insertions(+), 1 deletions(-)
1080
1081 commit 8bb406fb30151e48b05390fcbdf886c3a9f773f9
1082 Author: Brad Spengler <spender@grsecurity.net>
1083 Date: Sun Apr 8 15:55:34 2012 -0400
1084
1085 Update to pax-linux-3.3.1-test6.patch
1086
1087 Documentation/dontdiff | 1 +
1088 Makefile | 7 +-
1089 arch/x86/crypto/aesni-intel_glue.c | 2 +
1090 arch/x86/include/asm/floppy.h | 1 +
1091 arch/x86/include/asm/kvm_host.h | 6 +-
1092 arch/x86/include/asm/syscalls.h | 2 +-
1093 arch/x86/include/asm/uaccess_32.h | 31 +-
1094 arch/x86/include/asm/uaccess_64.h | 38 +-
1095 arch/x86/kernel/cpu/mcheck/mce-inject.c | 2 +
1096 arch/x86/kernel/cpu/mtrr/if.c | 2 +
1097 arch/x86/kernel/i387.c | 20 +
1098 arch/x86/kernel/ldt.c | 2 +
1099 arch/x86/kernel/microcode_intel.c | 1 +
1100 arch/x86/kernel/module.c | 1 +
1101 arch/x86/kernel/ptrace.c | 4 +
1102 arch/x86/kernel/setup_percpu.c | 4 +
1103 arch/x86/kernel/tls.h | 2 +-
1104 arch/x86/kernel/vm86_32.c | 3 +
1105 arch/x86/kvm/svm.c | 1 +
1106 arch/x86/kvm/vmx.c | 1 +
1107 arch/x86/kvm/x86.c | 21 +
1108 arch/x86/kvm/x86.h | 4 +-
1109 arch/x86/lib/usercopy_32.c | 6 +
1110 arch/x86/mm/pgtable.c | 12 +-
1111 arch/x86/platform/uv/tlb_uv.c | 4 +
1112 crypto/ablkcipher.c | 4 +
1113 crypto/aead.c | 3 +
1114 crypto/blkcipher.c | 3 +
1115 crypto/cipher.c | 3 +
1116 drivers/acpi/battery.c | 3 +
1117 drivers/acpi/sbs.c | 3 +
1118 drivers/infiniband/hw/ipath/ipath_fs.c | 4 +
1119 drivers/infiniband/hw/qib/qib_fs.c | 4 +
1120 drivers/lguest/lguest_user.c | 1 +
1121 drivers/md/dm-raid1.c | 4 +
1122 drivers/md/dm-stripe.c | 1 +
1123 drivers/media/video/cpia2/cpia2_core.c | 1 +
1124 drivers/media/video/cx18/cx18-alsa-pcm.c | 2 +
1125 drivers/media/video/cx231xx/cx231xx-audio.c | 2 +
1126 drivers/media/video/em28xx/em28xx-audio.c | 2 +
1127 drivers/media/video/meye.c | 1 +
1128 drivers/media/video/saa7164/saa7164-encoder.c | 2 +
1129 drivers/media/video/saa7164/saa7164-vbi.c | 2 +
1130 drivers/media/video/videobuf-dma-contig.c | 1 +
1131 drivers/media/video/videobuf-dma-sg.c | 1 +
1132 drivers/media/video/videobuf-vmalloc.c | 1 +
1133 drivers/mtd/ubi/build.c | 16 +-
1134 drivers/mtd/ubi/debug.c | 2 +
1135 drivers/net/ethernet/chelsio/cxgb/sge.c | 2 +
1136 drivers/net/ethernet/chelsio/cxgb3/sge.c | 4 +
1137 drivers/net/ethernet/chelsio/cxgb4/sge.c | 3 +
1138 drivers/net/ethernet/chelsio/cxgb4vf/sge.c | 3 +
1139 drivers/net/wireless/ath/ath5k/debug.c | 3 +
1140 drivers/net/wireless/ath/ath9k/debug.c | 2 +
1141 drivers/net/wireless/ath/ath9k/htc_drv_debug.c | 2 +
1142 drivers/oprofile/oprofile_files.c | 5 +
1143 drivers/oprofile/oprofilefs.c | 1 +
1144 drivers/platform/x86/asus_acpi.c | 2 +
1145 drivers/platform/x86/toshiba_acpi.c | 2 +
1146 drivers/staging/rtl8192e/rtllib_module.c | 2 +
1147 .../staging/rtl8192u/ieee80211/ieee80211_module.c | 2 +
1148 drivers/usb/core/message.c | 4 +-
1149 fs/binfmt_elf.c | 1 +
1150 fs/cifs/asn1.c | 3 +
1151 fs/configfs/file.c | 2 +
1152 fs/exec.c | 10 +
1153 fs/ncpfs/ncplib_kernel.h | 4 +-
1154 fs/seq_file.c | 12 +-
1155 fs/sysfs/bin.c | 2 +
1156 fs/ubifs/debug.c | 3 +
1157 include/asm-generic/int-l64.h | 2 -
1158 include/asm-generic/int-ll64.h | 2 -
1159 include/asm-generic/uaccess.h | 11 +
1160 include/linux/compiler-gcc4.h | 3 +
1161 include/linux/compiler.h | 3 +
1162 include/linux/crash_dump.h | 2 +-
1163 include/linux/kvm_host.h | 14 +-
1164 include/linux/mm_types.h | 4 +-
1165 include/linux/moduleloader.h | 4 +-
1166 include/linux/oprofile.h | 2 +-
1167 include/linux/slab.h | 63 +-
1168 include/linux/slab_def.h | 6 +-
1169 include/linux/slob_def.h | 5 +-
1170 include/linux/slub_def.h | 10 +-
1171 include/linux/uaccess.h | 2 +-
1172 include/linux/vmalloc.h | 123 +-
1173 mm/mmap.c | 5 +
1174 mm/util.c | 2 -
1175 mm/vmalloc.c | 9 -
1176 net/bridge/netfilter/ebt_ulog.c | 1 +
1177 net/ipv4/ah4.c | 2 +
1178 net/ipv4/netfilter/arp_tables.c | 10 +
1179 net/ipv4/netfilter/ip_tables.c | 11 +
1180 net/ipv4/netfilter/ipt_ULOG.c | 1 +
1181 net/ipv4/netfilter/nf_nat_snmp_basic.c | 6 +-
1182 net/ipv6/ah6.c | 2 +
1183 net/ipv6/netfilter/ip6_tables.c | 11 +
1184 scripts/mod/modpost.c | 2 +-
1185 scripts/tags.sh | 2 +-
1186 security/Kconfig | 15 +-
1187 tools/gcc/Makefile | 3 +
1188 tools/gcc/kernexec_plugin.c | 2 +-
1189 tools/gcc/size_overflow_hash1.h | 3047 ++++++++++++++++++++
1190 tools/gcc/size_overflow_hash2.h | 35 +
1191 tools/gcc/size_overflow_plugin.c | 1110 +++++++
1192 105 files changed, 4589 insertions(+), 261 deletions(-)
1193
1194 commit 8b57bb1090a9dbe75bee876917e2522d278f004b
1195 Author: Brad Spengler <spender@grsecurity.net>
1196 Date: Sun Apr 8 15:40:58 2012 -0400
1197
1198 Always allow use of AF_UNSPEC for already-connected sockets to disconnect
1199
1200 grsecurity/gracl_ip.c | 3 +++
1201 1 files changed, 3 insertions(+), 0 deletions(-)
1202
1203 commit 9f88f736253a3bffdaaefc2dfb97cba3761707aa
1204 Author: Eric Dumazet <eric.dumazet@gmail.com>
1205 Date: Thu Apr 5 22:17:46 2012 +0000
1206
1207 netlink: fix races after skb queueing
1208
1209 As soon as an skb is queued into socket receive_queue, another thread
1210 can consume it, so we are not allowed to reference skb anymore, or risk
1211 use after free.
1212
1213 Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
1214 Signed-off-by: David S. Miller <davem@davemloft.net>
1215
1216 net/netlink/af_netlink.c | 24 +++++++++++++-----------
1217 1 files changed, 13 insertions(+), 11 deletions(-)
1218
1219 commit cdbca15d6401902654b96d3105113865c37941e4
1220 Author: Eric Dumazet <eric.dumazet@gmail.com>
1221 Date: Fri Apr 6 10:49:10 2012 +0200
1222
1223 net: fix a race in sock_queue_err_skb()
1224
1225 As soon as an skb is queued into socket error queue, another thread
1226 can consume it, so we are not allowed to reference skb anymore, or risk
1227 use after free.
1228
1229 Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
1230 Signed-off-by: David S. Miller <davem@davemloft.net>
1231
1232 net/core/skbuff.c | 4 +++-
1233 1 files changed, 3 insertions(+), 1 deletions(-)
1234
1235 commit 96360cf85c2108f01a4fbbcfe6f63b4893f6a0fc
1236 Author: Brad Spengler <spender@grsecurity.net>
1237 Date: Sun Apr 8 10:13:28 2012 -0400
1238
1239 always allow admin to follow ptrace'd execs
1240 no need for task_lock
1241
1242 grsecurity/gracl.c | 19 ++++++++++++++++---
1243 1 files changed, 16 insertions(+), 3 deletions(-)
1244
1245 commit 9b915f7c937489fc3625981b619006c496e4bdaf
1246 Author: Brad Spengler <spender@grsecurity.net>
1247 Date: Sun Apr 8 07:01:20 2012 -0400
1248
1249 Require CAP_SYS_ADMIN for /sys/kernel/uevent_helper
1250
1251 kernel/ksysfs.c | 2 ++
1252 1 files changed, 2 insertions(+), 0 deletions(-)
1253
1254 commit ac1df8a3412ab214b392a7eaee2b96f3478c8469
1255 Author: Brad Spengler <spender@grsecurity.net>
1256 Date: Sun Apr 8 06:58:58 2012 -0400
1257
1258 Require CAP_SYS_ADMIN for /proc/sysrq-trigger
1259
1260 drivers/tty/sysrq.c | 2 +-
1261 1 files changed, 1 insertions(+), 1 deletions(-)
1262
1263 commit a18343183d8978e473d53569ed4d700ff798ad35
1264 Author: Brad Spengler <spender@grsecurity.net>
1265 Date: Fri Apr 6 19:45:36 2012 -0400
1266
1267 fake start_brk value before mmap is processed
1268
1269 fs/binfmt_elf.c | 1 +
1270 1 files changed, 1 insertions(+), 0 deletions(-)
1271
1272 commit daa20cc1ecd09f3745ee2895af1385e02be79822
1273 Author: Brad Spengler <spender@grsecurity.net>
1274 Date: Fri Apr 6 18:56:24 2012 -0400
1275
1276 fix wraparound
1277
1278 fs/binfmt_elf.c | 3 ++-
1279 1 files changed, 2 insertions(+), 1 deletions(-)
1280
1281 commit 5693e0379b65616a111084fc0db5e408ee716d54
1282 Author: Brad Spengler <spender@grsecurity.net>
1283 Date: Fri Apr 6 18:14:20 2012 -0400
1284
1285 Fix RLIMIT_AS checking with brk randomization
1286
1287 fs/binfmt_elf.c | 2 --
1288 mm/mmap.c | 2 +-
1289 2 files changed, 1 insertions(+), 3 deletions(-)
1290
1291 commit 3822d8ebbe141004d4b57c71cbc4ed2948753059
1292 Author: Brad Spengler <spender@grsecurity.net>
1293 Date: Thu Apr 5 21:23:00 2012 -0400
1294
1295 set end_data before mmap of gap otherwise we'll be counting toward RLIMIT_AS
1296
1297 fs/binfmt_elf.c | 2 +-
1298 1 files changed, 1 insertions(+), 1 deletions(-)
1299
1300 commit 0f5c00e65adef2b874afcaf36bd15898f1b07d1e
1301 Author: Brad Spengler <spender@grsecurity.net>
1302 Date: Thu Apr 5 20:54:16 2012 -0400
1303
1304 Fix RLIMIT_AS checking with brk randomization
1305
1306 fs/binfmt_elf.c | 2 ++
1307 mm/mmap.c | 5 ++++-
1308 2 files changed, 6 insertions(+), 1 deletions(-)
1309
1310 commit e8719b11ed6e03b3c9c4ca769dcd9341af0ca411
1311 Author: Brad Spengler <spender@grsecurity.net>
1312 Date: Thu Apr 5 19:53:46 2012 -0400
1313
1314 Fix RLIMIT_AS accounting with brk randomization
1315
1316 fs/binfmt_elf.c | 2 +-
1317 mm/mmap.c | 2 ++
1318 2 files changed, 3 insertions(+), 1 deletions(-)
1319
1320 commit 71e7dbb7e5586987130b85faec1b689557ae89ea
1321 Merge: 236c100 d333553
1322 Author: Brad Spengler <spender@grsecurity.net>
1323 Date: Mon Apr 2 17:38:41 2012 -0400
1324
1325 Merge branch 'pax-test' into grsec-test
1326
1327 commit d333553e2c2b46b81ddeaa6c06e66d885f853514
1328 Merge: efbb92a 07a4483
1329 Author: Brad Spengler <spender@grsecurity.net>
1330 Date: Mon Apr 2 17:38:26 2012 -0400
1331
1332 Merge branch 'linux-3.3.y' into pax-test
1333
1334 Conflicts:
1335 arch/x86/net/bpf_jit_comp.c
1336
1337 commit 236c100307ff0416f0ef17efe7540a2ce0077cbf
1338 Author: Dan Carpenter <dan.carpenter@oracle.com>
1339 Date: Sat Mar 24 10:52:50 2012 +0300
1340
1341 x86, tls: Off by one limit check
1342
1343 These are used as offsets into an array of GDT_ENTRY_TLS_ENTRIES members
1344 so GDT_ENTRY_TLS_ENTRIES is one past the end of the array.
1345
1346 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
1347 Link: http://lkml.kernel.org/r/20120324075250.GA28258@elgon.mountain
1348 Cc: <stable@vger.kernel.org>
1349 Signed-off-by: H. Peter Anvin <hpa@zytor.com>
1350
1351 arch/x86/kernel/tls.c | 4 ++--
1352 1 files changed, 2 insertions(+), 2 deletions(-)
1353
1354 commit 7062ff9c0cada849bc7d984d6318d52be7647b44
1355 Author: Linus Torvalds <torvalds@linux-foundation.org>
1356 Date: Mon Mar 19 16:19:53 2012 -0700
1357
1358 vfs: get rid of batshit-insane pointless dentry hash calculations
1359
1360 For some odd historical reason, the final mixing round for the dentry
1361 cache hash table lookup had an insane "xor with big constant" logic. In
1362 two places.
1363
1364 The big constant that is being xor'ed is GOLDEN_RATIO_PRIME, which is a
1365 fairly random-looking number that is designed to be *multiplied* with so
1366 that the bits get spread out over a whole long-word.
1367
1368 But xor'ing with it is insane. It doesn't really even change the hash -
1369 it really only shifts the hash around in the hash table. To make
1370 matters worse, the insane big constant is different on 32-bit and 64-bit
1371 builds, even though the name hash bits we use are always 32-bit (and the
1372 bits from the pointer we mix in effectively are too).
1373
1374 It's all total voodoo programming, in other words.
1375
1376 Now, some testing and analysis of the hash chains shows that the rest of
1377 the hash function seems to be fairly good. It does pick the right bits
1378 of the parent dentry pointer, for example, and while it's generally a
1379 bad idea to use an xor to mix down the upper bits (because if there is a
1380 repeating pattern, the xor can cause "destructive interference"), it
1381 seems to not have been a disaster.
1382
1383 For example, replacing the hash with the normal "hash_long()" code (that
1384 uses the GOLDEN_RATIO_PRIME constant correctly, btw) actually just makes
1385 the hash worse. The hand-picked hash knew which bits of the pointer had
1386 the highest entropy, and hash_long() ends up mixing bits less optimally
1387 at least in some trivial tests.
1388
1389 So the hash function overall seems fine, it just has that really odd
1390 "shift result around by a constant xor".
1391
1392 So get rid of the silly xor, and replace the down-mixing of the bits
1393 with an add instead of an xor that tends to not have the same kind of
1394 destructive interference issues. Some stats on the resulting hash
1395 chains shows that they look statistically identical before and after,
1396 but the code is simpler and no longer makes you go "WTF?".
1397
1398 Also, the incoming hash really is just "unsigned int", not a long, and
1399 there's no real point to worry about the high 26 bits of the dentry
1400 pointer for the 64-bit case, because they are all going to be identical
1401 anyway.
1402
1403 So also change the hashing to be done in the more natural 'unsigned int'
1404 that is the real size of the actual hashed data anyway.
1405
1406 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1407
1408 fs/dcache.c | 6 +++---
1409 1 files changed, 3 insertions(+), 3 deletions(-)
1410
1411 commit 1933ee4cf1ce8f256e0441323d0fa1555016ca3c
1412 Author: Oleg Nesterov <oleg@redhat.com>
1413 Date: Fri Mar 23 15:02:40 2012 -0700
1414
1415 ptrace: don't send SIGTRAP on exec if SEIZED
1416
1417 ptrace_event(PTRACE_EVENT_EXEC) sends SIGTRAP if PT_TRACE_EXEC is not
1418 set. This is because this SIGTRAP predates PTRACE_O_TRACEEXEC option,
1419 we do not need/want this with PT_SEIZED which can set the options during
1420 attach.
1421
1422 Suggested-by: Pedro Alves <palves@redhat.com>
1423 Signed-off-by: Oleg Nesterov <oleg@redhat.com>
1424 Cc: Chris Evans <scarybeasts@gmail.com>
1425 Cc: Indan Zupancic <indan@nul.nu>
1426 Cc: Denys Vlasenko <vda.linux@googlemail.com>
1427 Cc: Tejun Heo <tj@kernel.org>
1428 Cc: Pedro Alves <palves@redhat.com>
1429 Cc: Jan Kratochvil <jan.kratochvil@redhat.com>
1430 Cc: Steven Rostedt <rostedt@goodmis.org>
1431 Cc: Frederic Weisbecker <fweisbec@gmail.com>
1432 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
1433 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1434
1435 include/linux/ptrace.h | 5 +++--
1436 1 files changed, 3 insertions(+), 2 deletions(-)
1437
1438 commit 96b9985a386432ddefbca4f3ca3837fe72652e77
1439 Author: Dmitry Adamushko <dmitry.adamushko@gmail.com>
1440 Date: Thu Mar 22 21:39:25 2012 +0100
1441
1442 x86-32: Fix endless loop when processing signals for kernel tasks
1443
1444 The problem occurs on !CONFIG_VM86 kernels [1] when a kernel-mode task
1445 returns from a system call with a pending signal.
1446
1447 A real-life scenario is a child of 'khelper' returning from a failed
1448 kernel_execve() in ____call_usermodehelper() [ kernel/kmod.c ].
1449 kernel_execve() fails due to a pending SIGKILL, which is the result of
1450 "kill -9 -1" (at least, busybox's init does it upon reboot).
1451
1452 The loop is as follows:
1453
1454 * syscall_exit_work:
1455 - work_pending: // start_of_the_loop
1456 - work_notify_sig:
1457 - do_notify_resume()
1458 - do_signal()
1459 - if (!user_mode(regs)) return;
1460 - resume_userspace // TIF_SIGPENDING is still set
1461 - work_pending // so we call work_pending => goto
1462 // start_of_the_loop
1463
1464 More information can be found in another LKML thread:
1465 http://www.serverphorums.com/read.php?12,457826
1466
1467 [1] the problem was also seen on MIPS.
1468
1469 Signed-off-by: Dmitry Adamushko <dmitry.adamushko@gmail.com>
1470 Link: http://lkml.kernel.org/r/1332448765.2299.68.camel@dimm
1471 Cc: Oleg Nesterov <oleg@redhat.com>
1472 Cc: Roland McGrath <roland@hack.frob.com>
1473 Cc: Andrew Morton <akpm@linux-foundation.org>
1474 Cc: <stable@vger.kernel.org>
1475 Signed-off-by: H. Peter Anvin <hpa@zytor.com>
1476
1477 arch/x86/kernel/entry_32.S | 17 ++++++++++-------
1478 1 files changed, 10 insertions(+), 7 deletions(-)
1479
1480 commit d2184c1098a46d3b1f96299f352d11f2e20da3b0
1481 Merge: 412185c efbb92a
1482 Author: Brad Spengler <spender@grsecurity.net>
1483 Date: Sun Mar 25 18:35:21 2012 -0400
1484
1485 Merge branch 'pax-test' into grsec-test
1486
1487 commit efbb92ad36e7e4f53482380f53a9cc38faca925d
1488 Author: Brad Spengler <spender@grsecurity.net>
1489 Date: Sun Mar 25 18:35:07 2012 -0400
1490
1491 Update to pax-linux-3.3-test4.patch
1492
1493 fs/binfmt_elf.c | 8 ++++----
1494 kernel/rcutiny_plugin.h | 2 +-
1495 2 files changed, 5 insertions(+), 5 deletions(-)
1496
1497 commit 412185c4992a6b746d4afd039ba43ef234f67aad
1498 Author: Brad Spengler <spender@grsecurity.net>
1499 Date: Sat Mar 24 20:19:01 2012 -0400
1500
1501 compile fix
1502
1503 fs/proc/base.c | 12 +++++++-----
1504 1 files changed, 7 insertions(+), 5 deletions(-)
1505
1506 commit c9ef1bf36c5145857ddec249fd3faac5507661cd
1507 Author: Brad Spengler <spender@grsecurity.net>
1508 Date: Sat Mar 24 20:03:33 2012 -0400
1509
1510 Fix port of /proc restrictions
1511
1512 fs/proc/base.c | 5 +++++
1513 1 files changed, 5 insertions(+), 0 deletions(-)
1514
1515 commit 3eb9d8c8fef296ab41ac6db5e24f8472f2849ea9
1516 Merge: 0e19043 0570523
1517 Author: Brad Spengler <spender@grsecurity.net>
1518 Date: Sat Mar 24 19:35:37 2012 -0400
1519
1520 Merge branch 'pax-test' into grsec-test
1521
1522 commit 0570523cdca02dd228082b0152dd14140aa9b4d4
1523 Author: Brad Spengler <spender@grsecurity.net>
1524 Date: Sat Mar 24 19:34:11 2012 -0400
1525
1526 Update to pax-linux-3.3-test3.patch
1527 reduces overcommit amount from recently increased brk entropy
1528
1529 arch/arm/include/asm/atomic.h | 5 +++++
1530 fs/binfmt_elf.c | 27 ++++++++++++++++++++++-----
1531 fs/bio.c | 2 +-
1532 3 files changed, 28 insertions(+), 6 deletions(-)
1533
1534 commit 0e19043d13ef5ba8c833d075d49b5cfb1bdfec53
1535 Author: Brad Spengler <spender@grsecurity.net>
1536 Date: Sat Mar 24 19:25:48 2012 -0400
1537
1538 Hold rcu_read_lock
1539
1540 fs/proc/base.c | 22 +++++++++++++---------
1541 1 files changed, 13 insertions(+), 9 deletions(-)
1542
1543 commit 9a90e1cffec9080574cef64611b1828690a6f3d8
1544 Author: Brad Spengler <spender@grsecurity.net>
1545 Date: Sat Mar 24 19:20:34 2012 -0400
1546
1547 compile fix
1548
1549 grsecurity/gracl.c | 25 ++++++++++++++++---------
1550 grsecurity/grsec_chroot.c | 4 ++--
1551 2 files changed, 18 insertions(+), 11 deletions(-)
1552
1553 commit 485755bfa7629914889409b5aa18d614fedaf873
1554 Author: Brad Spengler <spender@grsecurity.net>
1555 Date: Sat Mar 24 18:34:44 2012 -0400
1556
1557 compile fix
1558
1559 fs/proc/base.c | 4 ++--
1560 grsecurity/grsec_chroot.c | 3 +--
1561 2 files changed, 3 insertions(+), 4 deletions(-)
1562
1563 commit e796b6a7bd9f204ae918e9bef8b6aa7650735e77
1564 Author: Brad Spengler <spender@grsecurity.net>
1565 Date: Sat Mar 24 18:30:36 2012 -0400
1566
1567 compile fix
1568
1569 fs/proc/base.c | 10 ++--------
1570 grsecurity/grsec_chroot.c | 1 +
1571 grsecurity/grsec_exec.c | 2 ++
1572 3 files changed, 5 insertions(+), 8 deletions(-)
1573
1574 commit 75f929048fd30016197a1d3b265b46591b985e72
1575 Author: Brad Spengler <spender@grsecurity.net>
1576 Date: Sat Mar 24 18:19:34 2012 -0400
1577
1578 compile fix
1579
1580 kernel/fork.c | 2 +-
1581 1 files changed, 1 insertions(+), 1 deletions(-)
1582
1583 commit f5d20702ca626d8ed7c7cdb3312f02dcf7eb0fe8
1584 Author: Brad Spengler <spender@grsecurity.net>
1585 Date: Sat Mar 24 18:16:51 2012 -0400
1586
1587 Initial patch of grsecurity 2.9 for Linux 3.3
1588
1589 Makefile | 8 +-
1590 arch/alpha/include/asm/cache.h | 4 +-
1591 arch/arm/include/asm/cache.h | 2 +
1592 arch/arm/kernel/traps.c | 5 +
1593 arch/arm/mach-ux500/mbox-db5500.c | 2 +-
1594 arch/avr32/include/asm/cache.h | 4 +-
1595 arch/blackfin/include/asm/cache.h | 3 +-
1596 arch/cris/include/arch-v10/arch/cache.h | 3 +-
1597 arch/cris/include/arch-v32/arch/cache.h | 3 +-
1598 arch/frv/include/asm/cache.h | 3 +-
1599 arch/h8300/include/asm/cache.h | 4 +-
1600 arch/hexagon/include/asm/cache.h | 6 +-
1601 arch/ia64/include/asm/cache.h | 3 +-
1602 arch/m32r/include/asm/cache.h | 4 +-
1603 arch/m68k/include/asm/cache.h | 4 +-
1604 arch/microblaze/include/asm/cache.h | 3 +-
1605 arch/mips/include/asm/cache.h | 3 +-
1606 arch/mn10300/proc-mn103e010/include/proc/cache.h | 4 +-
1607 arch/mn10300/proc-mn2ws0050/include/proc/cache.h | 4 +-
1608 arch/openrisc/include/asm/cache.h | 4 +-
1609 arch/parisc/include/asm/cache.h | 5 +-
1610 arch/powerpc/include/asm/cache.h | 3 +-
1611 arch/powerpc/kernel/process.c | 10 +-
1612 arch/powerpc/kernel/traps.c | 5 +
1613 arch/s390/include/asm/cache.h | 4 +-
1614 arch/score/include/asm/cache.h | 4 +-
1615 arch/sh/include/asm/cache.h | 3 +-
1616 arch/sparc/Makefile | 2 +-
1617 arch/sparc/include/asm/cache.h | 4 +-
1618 arch/sparc/kernel/process_32.c | 8 +-
1619 arch/sparc/kernel/process_64.c | 8 +-
1620 arch/sparc/kernel/traps_32.c | 8 +-
1621 arch/sparc/kernel/traps_64.c | 28 +-
1622 arch/sparc/kernel/unaligned_64.c | 2 +-
1623 arch/sparc/mm/fault_64.c | 2 +-
1624 arch/tile/include/asm/cache.h | 3 +-
1625 arch/um/include/asm/cache.h | 3 +-
1626 arch/unicore32/include/asm/cache.h | 6 +-
1627 arch/x86/Kconfig | 5 +-
1628 arch/x86/ia32/ia32_aout.c | 2 +
1629 arch/x86/kernel/acpi/realmode/wakeup.S | 4 +
1630 arch/x86/kernel/dumpstack.c | 8 +
1631 arch/x86/kernel/entry_32.S | 2 +-
1632 arch/x86/kernel/entry_64.S | 2 +-
1633 arch/x86/kernel/ioport.c | 13 +
1634 arch/x86/kernel/verify_cpu.S | 1 +
1635 arch/x86/kernel/vm86_32.c | 16 +
1636 arch/x86/mm/fault.c | 11 +-
1637 arch/x86/mm/init.c | 15 +
1638 arch/xtensa/variants/dc232b/include/variant/core.h | 2 +-
1639 arch/xtensa/variants/fsf/include/variant/core.h | 3 +-
1640 arch/xtensa/variants/s6000/include/variant/core.h | 3 +-
1641 drivers/block/cciss.c | 2 +
1642 drivers/char/Kconfig | 4 +-
1643 drivers/char/briq_panel.c | 8 +-
1644 drivers/char/genrtc.c | 1 +
1645 drivers/char/mem.c | 17 +
1646 drivers/char/random.c | 12 +
1647 drivers/gpu/drm/drm_info.c | 4 +
1648 drivers/message/fusion/mptbase.c | 5 +
1649 drivers/pci/proc.c | 9 +
1650 drivers/rtc/rtc-dev.c | 3 +
1651 drivers/tty/vt/keyboard.c | 10 +
1652 drivers/tty/vt/vt_ioctl.c | 12 +-
1653 drivers/video/logo/logo_linux_clut224.ppm | 2721 ++++++--------
1654 fs/attr.c | 1 +
1655 fs/binfmt_aout.c | 7 +
1656 fs/binfmt_elf.c | 6 +
1657 fs/btrfs/inode.c | 10 +-
1658 fs/btrfs/ioctl.c | 6 +-
1659 fs/ceph/dir.c | 2 +-
1660 fs/compat.c | 18 +
1661 fs/debugfs/inode.c | 4 +
1662 fs/exec.c | 155 +-
1663 fs/ext2/balloc.c | 2 +-
1664 fs/ext3/balloc.c | 5 +-
1665 fs/ext4/balloc.c | 4 +-
1666 fs/fcntl.c | 6 +
1667 fs/file.c | 2 +
1668 fs/filesystems.c | 5 +
1669 fs/fs_struct.c | 11 +-
1670 fs/hugetlbfs/inode.c | 2 +-
1671 fs/namei.c | 226 +-
1672 fs/namespace.c | 24 +
1673 fs/open.c | 35 +
1674 fs/pipe.c | 2 +-
1675 fs/proc/Kconfig | 10 +-
1676 fs/proc/array.c | 61 +-
1677 fs/proc/base.c | 171 +-
1678 fs/proc/cmdline.c | 4 +
1679 fs/proc/devices.c | 4 +
1680 fs/proc/inode.c | 17 +
1681 fs/proc/internal.h | 3 +
1682 fs/proc/kcore.c | 3 +
1683 fs/proc/proc_net.c | 11 +
1684 fs/proc/proc_sysctl.c | 31 +-
1685 fs/proc/root.c | 8 +
1686 fs/proc/task_mmu.c | 67 +-
1687 fs/readdir.c | 19 +
1688 fs/select.c | 2 +
1689 fs/seq_file.c | 4 +
1690 fs/sysfs/dir.c | 12 +
1691 fs/utimes.c | 7 +
1692 fs/xattr.c | 20 +-
1693 grsecurity/Kconfig | 1078 +++++
1694 grsecurity/Makefile | 38 +
1695 grsecurity/gracl.c | 4172 ++++++++++++++++++++
1696 grsecurity/gracl_alloc.c | 105 +
1697 grsecurity/gracl_cap.c | 110 +
1698 grsecurity/gracl_fs.c | 435 ++
1699 grsecurity/gracl_ip.c | 381 ++
1700 grsecurity/gracl_learn.c | 207 +
1701 grsecurity/gracl_res.c | 68 +
1702 grsecurity/gracl_segv.c | 299 ++
1703 grsecurity/gracl_shm.c | 40 +
1704 grsecurity/grsec_chdir.c | 19 +
1705 grsecurity/grsec_chroot.c | 368 ++
1706 grsecurity/grsec_disabled.c | 437 ++
1707 grsecurity/grsec_exec.c | 172 +
1708 grsecurity/grsec_fifo.c | 24 +
1709 grsecurity/grsec_fork.c | 23 +
1710 grsecurity/grsec_init.c | 277 ++
1711 grsecurity/grsec_link.c | 43 +
1712 grsecurity/grsec_log.c | 322 ++
1713 grsecurity/grsec_mem.c | 40 +
1714 grsecurity/grsec_mount.c | 62 +
1715 grsecurity/grsec_pax.c | 36 +
1716 grsecurity/grsec_ptrace.c | 30 +
1717 grsecurity/grsec_sig.c | 207 +
1718 grsecurity/grsec_sock.c | 244 ++
1719 grsecurity/grsec_sysctl.c | 451 +++
1720 grsecurity/grsec_time.c | 16 +
1721 grsecurity/grsec_tpe.c | 73 +
1722 grsecurity/grsum.c | 61 +
1723 include/linux/capability.h | 2 +
1724 include/linux/cred.h | 3 +
1725 include/linux/gracl.h | 319 ++
1726 include/linux/gralloc.h | 9 +
1727 include/linux/grdefs.h | 140 +
1728 include/linux/grinternal.h | 221 ++
1729 include/linux/grmsg.h | 109 +
1730 include/linux/grsecurity.h | 232 ++
1731 include/linux/grsock.h | 19 +
1732 include/linux/kallsyms.h | 13 +-
1733 include/linux/kmod.h | 2 +
1734 include/linux/netfilter/xt_gradm.h | 9 +
1735 include/linux/personality.h | 1 +
1736 include/linux/proc_fs.h | 12 +
1737 include/linux/sched.h | 54 +-
1738 include/linux/security.h | 1 +
1739 include/linux/seq_file.h | 3 +
1740 include/linux/shm.h | 4 +
1741 include/linux/sysctl.h | 2 +
1742 include/linux/tracehook.h | 9 +-
1743 include/linux/vermagic.h | 9 +-
1744 init/Kconfig | 1 +
1745 init/main.c | 4 +
1746 ipc/mqueue.c | 1 +
1747 ipc/shm.c | 28 +
1748 kernel/capability.c | 32 +-
1749 kernel/compat.c | 1 +
1750 kernel/configs.c | 11 +
1751 kernel/cred.c | 99 +-
1752 kernel/exit.c | 25 +-
1753 kernel/fork.c | 15 +-
1754 kernel/futex.c | 5 +
1755 kernel/futex_compat.c | 8 +-
1756 kernel/kallsyms.c | 8 +
1757 kernel/kmod.c | 64 +-
1758 kernel/module.c | 80 +-
1759 kernel/panic.c | 4 +-
1760 kernel/pid.c | 19 +-
1761 kernel/posix-cpu-timers.c | 1 +
1762 kernel/posix-timers.c | 8 +
1763 kernel/printk.c | 5 +
1764 kernel/ptrace.c | 20 +-
1765 kernel/resource.c | 10 +
1766 kernel/sched/core.c | 21 +-
1767 kernel/signal.c | 37 +-
1768 kernel/sys.c | 43 +-
1769 kernel/sysctl.c | 51 +-
1770 kernel/sysctl_check.c | 1 +
1771 kernel/taskstats.c | 6 +
1772 kernel/time.c | 5 +
1773 kernel/time/timekeeping.c | 3 +
1774 kernel/time/timer_list.c | 12 +
1775 kernel/time/timer_stats.c | 8 +
1776 lib/Kconfig.debug | 1 +
1777 lib/is_single_threaded.c | 3 +
1778 lib/vsprintf.c | 18 +-
1779 localversion-grsec | 1 +
1780 mm/Kconfig | 2 +-
1781 mm/filemap.c | 1 +
1782 mm/kmemleak.c | 2 +-
1783 mm/mempolicy.c | 11 +-
1784 mm/migrate.c | 11 +-
1785 mm/mlock.c | 3 +
1786 mm/mmap.c | 30 +-
1787 mm/mprotect.c | 8 +
1788 mm/page_alloc.c | 6 +
1789 mm/process_vm_access.c | 6 +
1790 mm/shmem.c | 2 +-
1791 mm/slab.c | 2 +-
1792 mm/slub.c | 14 +-
1793 mm/vmstat.c | 18 +-
1794 net/core/dev.c | 4 +
1795 net/core/sock.c | 2 +-
1796 net/core/sock_diag.c | 7 +
1797 net/econet/Kconfig | 2 +-
1798 net/ipv4/inet_hashtables.c | 5 +
1799 net/ipv4/ip_sockglue.c | 3 +-
1800 net/ipv4/raw.c | 8 +-
1801 net/ipv4/tcp_ipv4.c | 42 +-
1802 net/ipv4/tcp_minisocks.c | 8 +
1803 net/ipv4/tcp_timer.c | 11 +
1804 net/ipv4/udp.c | 31 +-
1805 net/ipv6/raw.c | 8 +-
1806 net/ipv6/tcp_ipv6.c | 46 +-
1807 net/ipv6/udp.c | 14 +-
1808 net/netfilter/Kconfig | 10 +
1809 net/netfilter/Makefile | 1 +
1810 net/netfilter/xt_gradm.c | 51 +
1811 net/netrom/af_netrom.c | 2 +-
1812 net/phonet/af_phonet.c | 4 +-
1813 net/phonet/socket.c | 7 +-
1814 net/sctp/proc.c | 3 +-
1815 net/socket.c | 62 +-
1816 net/sysctl_net.c | 2 +-
1817 net/unix/af_unix.c | 20 +
1818 scripts/Makefile.build | 2 +-
1819 security/Kconfig | 87 +-
1820 security/apparmor/lsm.c | 2 +-
1821 security/commoncap.c | 4 +
1822 security/min_addr.c | 2 +
1823 security/security.c | 2 -
1824 security/selinux/hooks.c | 2 -
1825 tools/gcc/Makefile | 2 +-
1826 237 files changed, 14385 insertions(+), 1923 deletions(-)
1827
1828 commit 65a4fc291c85027ea1be6b06dc99d3cfcd07a1d9
1829 Author: Brad Spengler <spender@grsecurity.net>
1830 Date: Sat Mar 24 15:31:31 2012 -0400
1831
1832 Import pax-linux-3.3-test2.patch
1833
1834 Documentation/dontdiff | 29 +-
1835 Documentation/kernel-parameters.txt | 7 +
1836 Makefile | 83 +++-
1837 arch/alpha/include/asm/atomic.h | 10 +
1838 arch/alpha/include/asm/elf.h | 7 +
1839 arch/alpha/include/asm/pgtable.h | 11 +
1840 arch/alpha/kernel/module.c | 2 +-
1841 arch/alpha/kernel/osf_sys.c | 10 +-
1842 arch/alpha/mm/fault.c | 141 +++++-
1843 arch/arm/include/asm/atomic.h | 394 ++++++++++++-
1844 arch/arm/include/asm/cache.h | 2 +-
1845 arch/arm/include/asm/cacheflush.h | 2 +-
1846 arch/arm/include/asm/elf.h | 13 +-
1847 arch/arm/include/asm/kmap_types.h | 1 +
1848 arch/arm/include/asm/outercache.h | 2 +-
1849 arch/arm/include/asm/page.h | 2 +-
1850 arch/arm/include/asm/system.h | 9 +
1851 arch/arm/include/asm/uaccess.h | 27 +-
1852 arch/arm/kernel/armksyms.c | 4 +-
1853 arch/arm/kernel/process.c | 10 +-
1854 arch/arm/kernel/setup.c | 6 +-
1855 arch/arm/lib/copy_from_user.S | 6 +-
1856 arch/arm/lib/copy_page.S | 1 +
1857 arch/arm/lib/copy_to_user.S | 6 +-
1858 arch/arm/lib/uaccess.S | 12 +-
1859 arch/arm/lib/uaccess_with_memcpy.c | 2 +-
1860 arch/arm/mach-omap2/board-n8x0.c | 2 +-
1861 arch/arm/mm/fault.c | 48 ++
1862 arch/arm/mm/mmap.c | 31 +-
1863 arch/arm/plat-samsung/include/plat/dma-ops.h | 2 +-
1864 arch/arm/plat-samsung/include/plat/ehci.h | 2 +-
1865 arch/avr32/include/asm/elf.h | 8 +-
1866 arch/avr32/include/asm/kmap_types.h | 3 +-
1867 arch/avr32/mm/fault.c | 27 +
1868 arch/frv/include/asm/atomic.h | 10 +
1869 arch/frv/include/asm/kmap_types.h | 1 +
1870 arch/frv/mm/elf-fdpic.c | 7 +-
1871 arch/ia64/include/asm/atomic.h | 10 +
1872 arch/ia64/include/asm/elf.h | 7 +
1873 arch/ia64/include/asm/pgtable.h | 13 +-
1874 arch/ia64/include/asm/spinlock.h | 2 +-
1875 arch/ia64/include/asm/uaccess.h | 4 +-
1876 arch/ia64/kernel/module.c | 48 ++-
1877 arch/ia64/kernel/sys_ia64.c | 13 +-
1878 arch/ia64/kernel/vmlinux.lds.S | 2 +-
1879 arch/ia64/mm/fault.c | 33 +-
1880 arch/ia64/mm/hugetlbpage.c | 2 +-
1881 arch/ia64/mm/init.c | 13 +
1882 arch/m32r/lib/usercopy.c | 6 +
1883 arch/mips/include/asm/atomic.h | 14 +
1884 arch/mips/include/asm/elf.h | 11 +-
1885 arch/mips/include/asm/page.h | 2 +-
1886 arch/mips/include/asm/system.h | 2 +-
1887 arch/mips/kernel/binfmt_elfn32.c | 7 +
1888 arch/mips/kernel/binfmt_elfo32.c | 7 +
1889 arch/mips/kernel/process.c | 12 -
1890 arch/mips/mm/fault.c | 17 +
1891 arch/mips/mm/mmap.c | 41 +-
1892 arch/parisc/include/asm/atomic.h | 10 +
1893 arch/parisc/include/asm/elf.h | 7 +
1894 arch/parisc/include/asm/pgtable.h | 11 +
1895 arch/parisc/kernel/module.c | 50 ++-
1896 arch/parisc/kernel/sys_parisc.c | 6 +-
1897 arch/parisc/kernel/traps.c | 4 +-
1898 arch/parisc/mm/fault.c | 140 +++++-
1899 arch/powerpc/include/asm/atomic.h | 10 +
1900 arch/powerpc/include/asm/elf.h | 18 +-
1901 arch/powerpc/include/asm/kmap_types.h | 1 +
1902 arch/powerpc/include/asm/mman.h | 2 +-
1903 arch/powerpc/include/asm/page.h | 8 +-
1904 arch/powerpc/include/asm/page_64.h | 7 +-
1905 arch/powerpc/include/asm/pgtable.h | 1 +
1906 arch/powerpc/include/asm/pte-hash32.h | 1 +
1907 arch/powerpc/include/asm/reg.h | 1 +
1908 arch/powerpc/include/asm/system.h | 2 +-
1909 arch/powerpc/include/asm/uaccess.h | 142 +++--
1910 arch/powerpc/kernel/exceptions-64e.S | 4 +-
1911 arch/powerpc/kernel/exceptions-64s.S | 2 +-
1912 arch/powerpc/kernel/irq.c | 10 +-
1913 arch/powerpc/kernel/module_32.c | 13 +-
1914 arch/powerpc/kernel/process.c | 55 --
1915 arch/powerpc/kernel/signal_32.c | 2 +-
1916 arch/powerpc/kernel/signal_64.c | 2 +-
1917 arch/powerpc/kernel/vdso.c | 5 +-
1918 arch/powerpc/lib/usercopy_64.c | 18 -
1919 arch/powerpc/mm/fault.c | 55 ++-
1920 arch/powerpc/mm/mmap_64.c | 12 +
1921 arch/powerpc/mm/slice.c | 23 +-
1922 arch/s390/include/asm/atomic.h | 10 +
1923 arch/s390/include/asm/elf.h | 13 +-
1924 arch/s390/include/asm/system.h | 2 +-
1925 arch/s390/include/asm/uaccess.h | 11 +
1926 arch/s390/kernel/module.c | 22 +-
1927 arch/s390/kernel/process.c | 36 --
1928 arch/s390/mm/mmap.c | 24 +
1929 arch/score/include/asm/system.h | 2 +-
1930 arch/score/kernel/process.c | 5 -
1931 arch/sh/mm/mmap.c | 24 +-
1932 arch/sparc/include/asm/atomic_64.h | 106 +++-
1933 arch/sparc/include/asm/cache.h | 2 +-
1934 arch/sparc/include/asm/elf_32.h | 7 +
1935 arch/sparc/include/asm/elf_64.h | 7 +
1936 arch/sparc/include/asm/pgtable_32.h | 17 +
1937 arch/sparc/include/asm/pgtsrmmu.h | 7 +
1938 arch/sparc/include/asm/spinlock_64.h | 35 +-
1939 arch/sparc/include/asm/thread_info_32.h | 2 +
1940 arch/sparc/include/asm/thread_info_64.h | 2 +
1941 arch/sparc/include/asm/uaccess.h | 8 +
1942 arch/sparc/include/asm/uaccess_32.h | 27 +-
1943 arch/sparc/include/asm/uaccess_64.h | 19 +-
1944 arch/sparc/kernel/Makefile | 2 +-
1945 arch/sparc/kernel/sys_sparc_32.c | 4 +-
1946 arch/sparc/kernel/sys_sparc_64.c | 52 +-
1947 arch/sparc/kernel/traps_64.c | 13 +-
1948 arch/sparc/lib/Makefile | 2 +-
1949 arch/sparc/lib/atomic_64.S | 148 +++++-
1950 arch/sparc/lib/ksyms.c | 6 +
1951 arch/sparc/mm/Makefile | 2 +-
1952 arch/sparc/mm/fault_32.c | 283 +++++++++
1953 arch/sparc/mm/fault_64.c | 477 +++++++++++++++
1954 arch/sparc/mm/hugetlbpage.c | 16 +-
1955 arch/sparc/mm/init_32.c | 15 +-
1956 arch/sparc/mm/srmmu.c | 7 +
1957 arch/tile/include/asm/atomic_64.h | 10 +
1958 arch/um/Makefile | 4 +
1959 arch/um/include/asm/kmap_types.h | 1 +
1960 arch/um/include/asm/page.h | 3 +
1961 arch/um/kernel/process.c | 16 -
1962 arch/x86/Kconfig | 9 +-
1963 arch/x86/Kconfig.cpu | 6 +-
1964 arch/x86/Kconfig.debug | 4 +-
1965 arch/x86/Makefile | 10 +
1966 arch/x86/boot/Makefile | 3 +
1967 arch/x86/boot/bitops.h | 4 +-
1968 arch/x86/boot/boot.h | 4 +-
1969 arch/x86/boot/compressed/Makefile | 3 +
1970 arch/x86/boot/compressed/head_32.S | 7 +-
1971 arch/x86/boot/compressed/head_64.S | 4 +-
1972 arch/x86/boot/compressed/misc.c | 4 +-
1973 arch/x86/boot/compressed/relocs.c | 85 +++-
1974 arch/x86/boot/cpucheck.c | 28 +-
1975 arch/x86/boot/header.S | 2 +-
1976 arch/x86/boot/memory.c | 2 +-
1977 arch/x86/boot/video-vesa.c | 1 +
1978 arch/x86/boot/video.c | 2 +-
1979 arch/x86/crypto/aes-x86_64-asm_64.S | 4 +
1980 arch/x86/crypto/aesni-intel_asm.S | 31 +
1981 arch/x86/crypto/blowfish-x86_64-asm_64.S | 8 +
1982 arch/x86/crypto/salsa20-x86_64-asm_64.S | 5 +
1983 arch/x86/crypto/serpent-sse2-x86_64-asm_64.S | 5 +
1984 arch/x86/crypto/sha1_ssse3_asm.S | 3 +
1985 arch/x86/crypto/twofish-x86_64-asm_64-3way.S | 5 +
1986 arch/x86/crypto/twofish-x86_64-asm_64.S | 3 +
1987 arch/x86/ia32/ia32_signal.c | 20 +-
1988 arch/x86/ia32/ia32entry.S | 126 +++-
1989 arch/x86/ia32/sys_ia32.c | 18 +-
1990 arch/x86/include/asm/alternative-asm.h | 39 ++
1991 arch/x86/include/asm/alternative.h | 2 +-
1992 arch/x86/include/asm/apic.h | 2 +-
1993 arch/x86/include/asm/apm.h | 4 +-
1994 arch/x86/include/asm/atomic.h | 285 +++++++++-
1995 arch/x86/include/asm/atomic64_32.h | 100 +++
1996 arch/x86/include/asm/atomic64_64.h | 202 ++++++-
1997 arch/x86/include/asm/bitops.h | 2 +-
1998 arch/x86/include/asm/boot.h | 7 +-
1999 arch/x86/include/asm/cache.h | 5 +-
2000 arch/x86/include/asm/cacheflush.h | 2 +-
2001 arch/x86/include/asm/checksum_32.h | 12 +-
2002 arch/x86/include/asm/cmpxchg.h | 35 ++
2003 arch/x86/include/asm/cpufeature.h | 2 +-
2004 arch/x86/include/asm/desc.h | 65 ++-
2005 arch/x86/include/asm/desc_defs.h | 6 +
2006 arch/x86/include/asm/e820.h | 2 +-
2007 arch/x86/include/asm/elf.h | 27 +-
2008 arch/x86/include/asm/emergency-restart.h | 2 +-
2009 arch/x86/include/asm/futex.h | 14 +-
2010 arch/x86/include/asm/hw_irq.h | 4 +-
2011 arch/x86/include/asm/i387.h | 14 +-
2012 arch/x86/include/asm/io.h | 11 +
2013 arch/x86/include/asm/irqflags.h | 5 +
2014 arch/x86/include/asm/kprobes.h | 9 +-
2015 arch/x86/include/asm/kvm_host.h | 2 +-
2016 arch/x86/include/asm/local.h | 94 +++-
2017 arch/x86/include/asm/mman.h | 10 +
2018 arch/x86/include/asm/mmu.h | 16 +-
2019 arch/x86/include/asm/mmu_context.h | 76 +++-
2020 arch/x86/include/asm/module.h | 17 +-
2021 arch/x86/include/asm/page_64_types.h | 2 +-
2022 arch/x86/include/asm/paravirt.h | 44 ++-
2023 arch/x86/include/asm/paravirt_types.h | 19 +-
2024 arch/x86/include/asm/pgalloc.h | 7 +
2025 arch/x86/include/asm/pgtable-2level.h | 2 +
2026 arch/x86/include/asm/pgtable-3level.h | 4 +
2027 arch/x86/include/asm/pgtable.h | 110 ++++-
2028 arch/x86/include/asm/pgtable_32.h | 14 +-
2029 arch/x86/include/asm/pgtable_32_types.h | 15 +-
2030 arch/x86/include/asm/pgtable_64.h | 17 +-
2031 arch/x86/include/asm/pgtable_64_types.h | 5 +
2032 arch/x86/include/asm/pgtable_types.h | 36 +-
2033 arch/x86/include/asm/processor.h | 35 +-
2034 arch/x86/include/asm/ptrace.h | 18 +-
2035 arch/x86/include/asm/reboot.h | 12 +-
2036 arch/x86/include/asm/rwsem.h | 60 ++-
2037 arch/x86/include/asm/segment.h | 22 +-
2038 arch/x86/include/asm/smp.h | 14 +-
2039 arch/x86/include/asm/spinlock.h | 36 +-
2040 arch/x86/include/asm/stackprotector.h | 4 +-
2041 arch/x86/include/asm/stacktrace.h | 32 +-
2042 arch/x86/include/asm/sys_ia32.h | 2 +-
2043 arch/x86/include/asm/system.h | 10 +-
2044 arch/x86/include/asm/thread_info.h | 87 +--
2045 arch/x86/include/asm/uaccess.h | 93 +++-
2046 arch/x86/include/asm/uaccess_32.h | 95 +++-
2047 arch/x86/include/asm/uaccess_64.h | 272 +++++++---
2048 arch/x86/include/asm/vdso.h | 2 +-
2049 arch/x86/include/asm/x86_init.h | 26 +-
2050 arch/x86/include/asm/xsave.h | 12 +-
2051 arch/x86/kernel/acpi/realmode/Makefile | 3 +
2052 arch/x86/kernel/acpi/sleep.c | 4 +
2053 arch/x86/kernel/acpi/wakeup_32.S | 6 +-
2054 arch/x86/kernel/alternative.c | 65 ++-
2055 arch/x86/kernel/apic/apic.c | 4 +-
2056 arch/x86/kernel/apic/io_apic.c | 8 +-
2057 arch/x86/kernel/apm_32.c | 19 +-
2058 arch/x86/kernel/asm-offsets.c | 20 +
2059 arch/x86/kernel/asm-offsets_64.c | 1 +
2060 arch/x86/kernel/cpu/Makefile | 4 -
2061 arch/x86/kernel/cpu/amd.c | 2 +-
2062 arch/x86/kernel/cpu/common.c | 77 +--
2063 arch/x86/kernel/cpu/intel.c | 2 +-
2064 arch/x86/kernel/cpu/mcheck/mce.c | 27 +-
2065 arch/x86/kernel/cpu/mcheck/p5.c | 3 +
2066 arch/x86/kernel/cpu/mcheck/winchip.c | 3 +
2067 arch/x86/kernel/cpu/mtrr/main.c | 2 +-
2068 arch/x86/kernel/cpu/mtrr/mtrr.h | 2 +-
2069 arch/x86/kernel/cpu/perf_event.c | 2 +-
2070 arch/x86/kernel/crash.c | 4 +-
2071 arch/x86/kernel/doublefault_32.c | 8 +-
2072 arch/x86/kernel/dumpstack.c | 29 +-
2073 arch/x86/kernel/dumpstack_32.c | 32 +-
2074 arch/x86/kernel/dumpstack_64.c | 58 ++-
2075 arch/x86/kernel/early_printk.c | 1 +
2076 arch/x86/kernel/entry_32.S | 378 ++++++++++--
2077 arch/x86/kernel/entry_64.S | 512 ++++++++++++++--
2078 arch/x86/kernel/ftrace.c | 14 +-
2079 arch/x86/kernel/head32.c | 4 +-
2080 arch/x86/kernel/head_32.S | 244 +++++++--
2081 arch/x86/kernel/head_64.S | 158 ++++--
2082 arch/x86/kernel/i386_ksyms_32.c | 8 +
2083 arch/x86/kernel/i8259.c | 2 +-
2084 arch/x86/kernel/init_task.c | 7 +-
2085 arch/x86/kernel/ioport.c | 2 +-
2086 arch/x86/kernel/irq.c | 10 +-
2087 arch/x86/kernel/irq_32.c | 69 +--
2088 arch/x86/kernel/irq_64.c | 2 +-
2089 arch/x86/kernel/kgdb.c | 10 +-
2090 arch/x86/kernel/kprobes.c | 34 +-
2091 arch/x86/kernel/ldt.c | 31 +-
2092 arch/x86/kernel/machine_kexec_32.c | 6 +-
2093 arch/x86/kernel/microcode_intel.c | 4 +-
2094 arch/x86/kernel/module.c | 76 +++-
2095 arch/x86/kernel/nmi.c | 11 +
2096 arch/x86/kernel/paravirt-spinlocks.c | 2 +-
2097 arch/x86/kernel/paravirt.c | 43 +-
2098 arch/x86/kernel/pci-iommu_table.c | 2 +-
2099 arch/x86/kernel/process.c | 81 ++-
2100 arch/x86/kernel/process_32.c | 21 +-
2101 arch/x86/kernel/process_64.c | 18 +-
2102 arch/x86/kernel/ptrace.c | 8 +-
2103 arch/x86/kernel/pvclock.c | 8 +-
2104 arch/x86/kernel/reboot.c | 51 ++-
2105 arch/x86/kernel/relocate_kernel_64.S | 4 +-
2106 arch/x86/kernel/setup.c | 14 +-
2107 arch/x86/kernel/setup_percpu.c | 27 +-
2108 arch/x86/kernel/signal.c | 21 +-
2109 arch/x86/kernel/smpboot.c | 15 +-
2110 arch/x86/kernel/step.c | 10 +-
2111 arch/x86/kernel/sys_i386_32.c | 231 +++++++-
2112 arch/x86/kernel/sys_x86_64.c | 52 +-
2113 arch/x86/kernel/tboot.c | 12 +-
2114 arch/x86/kernel/time.c | 10 +-
2115 arch/x86/kernel/tls.c | 5 +
2116 arch/x86/kernel/trampoline_32.S | 8 +-
2117 arch/x86/kernel/trampoline_64.S | 4 +-
2118 arch/x86/kernel/traps.c | 59 ++-
2119 arch/x86/kernel/vm86_32.c | 6 +-
2120 arch/x86/kernel/vmlinux.lds.S | 147 ++++--
2121 arch/x86/kernel/vsyscall_64.c | 14 +-
2122 arch/x86/kernel/x8664_ksyms_64.c | 2 -
2123 arch/x86/kernel/xsave.c | 6 +-
2124 arch/x86/kvm/cpuid.c | 21 +-
2125 arch/x86/kvm/emulate.c | 4 +-
2126 arch/x86/kvm/lapic.c | 2 +-
2127 arch/x86/kvm/paging_tmpl.h | 2 +-
2128 arch/x86/kvm/svm.c | 8 +
2129 arch/x86/kvm/vmx.c | 35 +-
2130 arch/x86/kvm/x86.c | 10 +-
2131 arch/x86/lguest/boot.c | 3 +-
2132 arch/x86/lib/atomic64_32.c | 32 +
2133 arch/x86/lib/atomic64_386_32.S | 164 +++++
2134 arch/x86/lib/atomic64_cx8_32.S | 103 +++-
2135 arch/x86/lib/checksum_32.S | 100 +++-
2136 arch/x86/lib/clear_page_64.S | 5 +-
2137 arch/x86/lib/cmpxchg16b_emu.S | 2 +
2138 arch/x86/lib/copy_page_64.S | 12 +-
2139 arch/x86/lib/copy_user_64.S | 47 +--
2140 arch/x86/lib/copy_user_nocache_64.S | 20 +-
2141 arch/x86/lib/csum-copy_64.S | 2 +
2142 arch/x86/lib/csum-wrappers_64.c | 16 +-
2143 arch/x86/lib/getuser.S | 68 ++-
2144 arch/x86/lib/insn.c | 9 +-
2145 arch/x86/lib/iomap_copy_64.S | 2 +
2146 arch/x86/lib/memcpy_64.S | 18 +-
2147 arch/x86/lib/memmove_64.S | 34 +-
2148 arch/x86/lib/memset_64.S | 7 +-
2149 arch/x86/lib/mmx_32.c | 243 +++++---
2150 arch/x86/lib/msr-reg.S | 18 +-
2151 arch/x86/lib/putuser.S | 87 +++-
2152 arch/x86/lib/rwlock.S | 42 ++
2153 arch/x86/lib/rwsem.S | 6 +-
2154 arch/x86/lib/thunk_64.S | 2 +
2155 arch/x86/lib/usercopy_32.c | 379 ++++++++-----
2156 arch/x86/lib/usercopy_64.c | 32 +-
2157 arch/x86/mm/extable.c | 2 +-
2158 arch/x86/mm/fault.c | 551 ++++++++++++++++-
2159 arch/x86/mm/gup.c | 2 +-
2160 arch/x86/mm/highmem_32.c | 4 +
2161 arch/x86/mm/hugetlbpage.c | 113 ++--
2162 arch/x86/mm/init.c | 91 +++-
2163 arch/x86/mm/init_32.c | 122 ++--
2164 arch/x86/mm/init_64.c | 40 +-
2165 arch/x86/mm/iomap_32.c | 4 +
2166 arch/x86/mm/ioremap.c | 10 +-
2167 arch/x86/mm/kmemcheck/kmemcheck.c | 4 +-
2168 arch/x86/mm/mmap.c | 41 +-
2169 arch/x86/mm/mmio-mod.c | 6 +-
2170 arch/x86/mm/pageattr-test.c | 2 +-
2171 arch/x86/mm/pageattr.c | 33 +-
2172 arch/x86/mm/pat.c | 12 +-
2173 arch/x86/mm/pf_in.c | 10 +-
2174 arch/x86/mm/pgtable.c | 125 +++--
2175 arch/x86/mm/pgtable_32.c | 3 +
2176 arch/x86/mm/setup_nx.c | 7 +
2177 arch/x86/mm/tlb.c | 4 +
2178 arch/x86/net/bpf_jit.S | 10 +
2179 arch/x86/net/bpf_jit_comp.c | 38 +-
2180 arch/x86/oprofile/backtrace.c | 8 +-
2181 arch/x86/pci/mrst.c | 4 +-
2182 arch/x86/pci/pcbios.c | 146 ++++-
2183 arch/x86/platform/efi/efi_32.c | 19 +
2184 arch/x86/platform/efi/efi_stub_32.S | 48 +-
2185 arch/x86/platform/efi/efi_stub_64.S | 8 +
2186 arch/x86/platform/mrst/mrst.c | 6 +-
2187 arch/x86/power/cpu.c | 4 +-
2188 arch/x86/vdso/Makefile | 2 +-
2189 arch/x86/vdso/vdso32-setup.c | 23 +-
2190 arch/x86/vdso/vma.c | 30 +-
2191 arch/x86/xen/enlighten.c | 35 +-
2192 arch/x86/xen/mmu.c | 9 +
2193 arch/x86/xen/smp.c | 16 +-
2194 arch/x86/xen/xen-asm_32.S | 12 +-
2195 arch/x86/xen/xen-head.S | 11 +
2196 arch/x86/xen/xen-ops.h | 2 -
2197 block/blk-iopoll.c | 2 +-
2198 block/blk-map.c | 2 +-
2199 block/blk-softirq.c | 2 +-
2200 block/bsg.c | 12 +-
2201 block/compat_ioctl.c | 2 +-
2202 block/partitions/efi.c | 8 +-
2203 block/scsi_ioctl.c | 27 +-
2204 crypto/cryptd.c | 4 +-
2205 drivers/acpi/apei/cper.c | 8 +-
2206 drivers/acpi/ec_sys.c | 12 +-
2207 drivers/acpi/proc.c | 18 +-
2208 drivers/acpi/processor_driver.c | 2 +-
2209 drivers/ata/libata-core.c | 8 +-
2210 drivers/ata/pata_arasan_cf.c | 4 +-
2211 drivers/atm/adummy.c | 2 +-
2212 drivers/atm/ambassador.c | 8 +-
2213 drivers/atm/atmtcp.c | 14 +-
2214 drivers/atm/eni.c | 12 +-
2215 drivers/atm/firestream.c | 8 +-
2216 drivers/atm/fore200e.c | 14 +-
2217 drivers/atm/he.c | 18 +-
2218 drivers/atm/horizon.c | 4 +-
2219 drivers/atm/idt77252.c | 36 +-
2220 drivers/atm/iphase.c | 34 +-
2221 drivers/atm/lanai.c | 12 +-
2222 drivers/atm/nicstar.c | 46 +-
2223 drivers/atm/solos-pci.c | 4 +-
2224 drivers/atm/suni.c | 4 +-
2225 drivers/atm/uPD98402.c | 16 +-
2226 drivers/atm/zatm.c | 6 +-
2227 drivers/base/devtmpfs.c | 2 +-
2228 drivers/base/power/wakeup.c | 8 +-
2229 drivers/block/cciss.c | 28 +-
2230 drivers/block/cciss.h | 2 +-
2231 drivers/block/cpqarray.c | 28 +-
2232 drivers/block/cpqarray.h | 2 +-
2233 drivers/block/drbd/drbd_int.h | 20 +-
2234 drivers/block/drbd/drbd_main.c | 10 +-
2235 drivers/block/drbd/drbd_nl.c | 10 +-
2236 drivers/block/drbd/drbd_receiver.c | 20 +-
2237 drivers/block/loop.c | 2 +-
2238 drivers/char/agp/frontend.c | 2 +-
2239 drivers/char/hpet.c | 2 +-
2240 drivers/char/ipmi/ipmi_msghandler.c | 8 +-
2241 drivers/char/ipmi/ipmi_si_intf.c | 8 +-
2242 drivers/char/mbcs.c | 2 +-
2243 drivers/char/mem.c | 41 ++-
2244 drivers/char/nvram.c | 2 +-
2245 drivers/char/random.c | 4 +-
2246 drivers/char/sonypi.c | 9 +-
2247 drivers/char/tpm/tpm.c | 2 +-
2248 drivers/char/tpm/tpm_bios.c | 14 +-
2249 drivers/char/virtio_console.c | 4 +-
2250 drivers/edac/amd64_edac.c | 2 +-
2251 drivers/edac/amd76x_edac.c | 2 +-
2252 drivers/edac/e752x_edac.c | 2 +-
2253 drivers/edac/e7xxx_edac.c | 2 +-
2254 drivers/edac/edac_pci_sysfs.c | 20 +-
2255 drivers/edac/i3000_edac.c | 2 +-
2256 drivers/edac/i3200_edac.c | 2 +-
2257 drivers/edac/i5000_edac.c | 2 +-
2258 drivers/edac/i5100_edac.c | 2 +-
2259 drivers/edac/i5400_edac.c | 2 +-
2260 drivers/edac/i7300_edac.c | 2 +-
2261 drivers/edac/i7core_edac.c | 2 +-
2262 drivers/edac/i82443bxgx_edac.c | 2 +-
2263 drivers/edac/i82860_edac.c | 2 +-
2264 drivers/edac/i82875p_edac.c | 2 +-
2265 drivers/edac/i82975x_edac.c | 2 +-
2266 drivers/edac/mce_amd.h | 2 +-
2267 drivers/edac/r82600_edac.c | 2 +-
2268 drivers/edac/sb_edac.c | 2 +-
2269 drivers/edac/x38_edac.c | 2 +-
2270 drivers/firewire/core-card.c | 2 +-
2271 drivers/firewire/core-cdev.c | 3 +-
2272 drivers/firewire/core-transaction.c | 1 +
2273 drivers/firewire/core.h | 1 +
2274 drivers/firmware/dmi_scan.c | 7 +-
2275 drivers/gpio/gpio-vr41xx.c | 2 +-
2276 drivers/gpu/drm/drm_crtc_helper.c | 2 +-
2277 drivers/gpu/drm/drm_drv.c | 4 +-
2278 drivers/gpu/drm/drm_fops.c | 16 +-
2279 drivers/gpu/drm/drm_global.c | 14 +-
2280 drivers/gpu/drm/drm_info.c | 14 +-
2281 drivers/gpu/drm/drm_ioc32.c | 4 +-
2282 drivers/gpu/drm/drm_ioctl.c | 2 +-
2283 drivers/gpu/drm/drm_lock.c | 4 +-
2284 drivers/gpu/drm/i810/i810_dma.c | 8 +-
2285 drivers/gpu/drm/i810/i810_drv.h | 4 +-
2286 drivers/gpu/drm/i915/i915_debugfs.c | 4 +-
2287 drivers/gpu/drm/i915/i915_dma.c | 2 +-
2288 drivers/gpu/drm/i915/i915_drv.h | 8 +-
2289 drivers/gpu/drm/i915/i915_gem_execbuffer.c | 6 +-
2290 drivers/gpu/drm/i915/i915_irq.c | 10 +-
2291 drivers/gpu/drm/i915/intel_display.c | 10 +-
2292 drivers/gpu/drm/mga/mga_drv.h | 4 +-
2293 drivers/gpu/drm/mga/mga_irq.c | 8 +-
2294 drivers/gpu/drm/nouveau/nouveau_bios.c | 4 +-
2295 drivers/gpu/drm/nouveau/nouveau_drv.h | 12 +-
2296 drivers/gpu/drm/nouveau/nouveau_fence.c | 4 +-
2297 drivers/gpu/drm/nouveau/nouveau_gem.c | 2 +-
2298 drivers/gpu/drm/nouveau/nouveau_state.c | 2 +-
2299 drivers/gpu/drm/nouveau/nv04_graph.c | 2 +-
2300 drivers/gpu/drm/r128/r128_cce.c | 2 +-
2301 drivers/gpu/drm/r128/r128_drv.h | 4 +-
2302 drivers/gpu/drm/r128/r128_irq.c | 4 +-
2303 drivers/gpu/drm/r128/r128_state.c | 4 +-
2304 drivers/gpu/drm/radeon/mkregtable.c | 4 +-
2305 drivers/gpu/drm/radeon/radeon.h | 6 +-
2306 drivers/gpu/drm/radeon/radeon_device.c | 2 +-
2307 drivers/gpu/drm/radeon/radeon_drv.h | 2 +-
2308 drivers/gpu/drm/radeon/radeon_fence.c | 6 +-
2309 drivers/gpu/drm/radeon/radeon_ioc32.c | 2 +-
2310 drivers/gpu/drm/radeon/radeon_irq.c | 6 +-
2311 drivers/gpu/drm/radeon/radeon_state.c | 4 +-
2312 drivers/gpu/drm/radeon/radeon_ttm.c | 6 +-
2313 drivers/gpu/drm/radeon/rs690.c | 4 +-
2314 drivers/gpu/drm/ttm/ttm_page_alloc.c | 4 +-
2315 drivers/gpu/drm/via/via_drv.h | 4 +-
2316 drivers/gpu/drm/via/via_irq.c | 18 +-
2317 drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 2 +-
2318 drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c | 8 +-
2319 drivers/gpu/drm/vmwgfx/vmwgfx_irq.c | 4 +-
2320 drivers/gpu/drm/vmwgfx/vmwgfx_marker.c | 2 +-
2321 drivers/hid/hid-core.c | 4 +-
2322 drivers/hid/usbhid/hiddev.c | 2 +-
2323 drivers/hv/channel.c | 4 +-
2324 drivers/hv/hv.c | 2 +-
2325 drivers/hv/hyperv_vmbus.h | 2 +-
2326 drivers/hv/vmbus_drv.c | 4 +-
2327 drivers/hwmon/acpi_power_meter.c | 2 -
2328 drivers/hwmon/sht15.c | 12 +-
2329 drivers/i2c/busses/i2c-amd756-s4882.c | 2 +-
2330 drivers/i2c/busses/i2c-nforce2-s4985.c | 2 +-
2331 drivers/i2c/i2c-mux.c | 2 +-
2332 drivers/ide/aec62xx.c | 2 +-
2333 drivers/ide/alim15x3.c | 2 +-
2334 drivers/ide/amd74xx.c | 2 +-
2335 drivers/ide/atiixp.c | 2 +-
2336 drivers/ide/cmd64x.c | 2 +-
2337 drivers/ide/cs5520.c | 2 +-
2338 drivers/ide/cs5530.c | 2 +-
2339 drivers/ide/cs5535.c | 2 +-
2340 drivers/ide/cy82c693.c | 2 +-
2341 drivers/ide/hpt366.c | 24 +-
2342 drivers/ide/ide-cd.c | 2 +-
2343 drivers/ide/ide-pci-generic.c | 2 +-
2344 drivers/ide/it8172.c | 2 +-
2345 drivers/ide/it8213.c | 2 +-
2346 drivers/ide/it821x.c | 2 +-
2347 drivers/ide/jmicron.c | 2 +-
2348 drivers/ide/ns87415.c | 2 +-
2349 drivers/ide/opti621.c | 2 +-
2350 drivers/ide/pdc202xx_new.c | 2 +-
2351 drivers/ide/pdc202xx_old.c | 2 +-
2352 drivers/ide/piix.c | 2 +-
2353 drivers/ide/rz1000.c | 2 +-
2354 drivers/ide/sc1200.c | 2 +-
2355 drivers/ide/scc_pata.c | 2 +-
2356 drivers/ide/serverworks.c | 2 +-
2357 drivers/ide/siimage.c | 2 +-
2358 drivers/ide/sis5513.c | 2 +-
2359 drivers/ide/sl82c105.c | 2 +-
2360 drivers/ide/slc90e66.c | 2 +-
2361 drivers/ide/tc86c001.c | 2 +-
2362 drivers/ide/triflex.c | 2 +-
2363 drivers/ide/trm290.c | 2 +-
2364 drivers/ide/via82cxxx.c | 2 +-
2365 drivers/ieee802154/fakehard.c | 2 +-
2366 drivers/infiniband/core/cm.c | 32 +-
2367 drivers/infiniband/core/fmr_pool.c | 20 +-
2368 drivers/infiniband/hw/cxgb4/mem.c | 4 +-
2369 drivers/infiniband/hw/ipath/ipath_rc.c | 6 +-
2370 drivers/infiniband/hw/ipath/ipath_ruc.c | 6 +-
2371 drivers/infiniband/hw/nes/nes.c | 4 +-
2372 drivers/infiniband/hw/nes/nes.h | 40 +-
2373 drivers/infiniband/hw/nes/nes_cm.c | 62 +-
2374 drivers/infiniband/hw/nes/nes_mgt.c | 8 +-
2375 drivers/infiniband/hw/nes/nes_nic.c | 40 +-
2376 drivers/infiniband/hw/nes/nes_verbs.c | 10 +-
2377 drivers/infiniband/hw/qib/qib.h | 1 +
2378 drivers/input/gameport/gameport.c | 4 +-
2379 drivers/input/input.c | 4 +-
2380 drivers/input/joystick/sidewinder.c | 1 +
2381 drivers/input/joystick/xpad.c | 4 +-
2382 drivers/input/mousedev.c | 2 +-
2383 drivers/input/serio/serio.c | 4 +-
2384 drivers/isdn/capi/capi.c | 10 +-
2385 drivers/isdn/gigaset/common.c | 2 +-
2386 drivers/isdn/gigaset/gigaset.h | 3 +-
2387 drivers/isdn/gigaset/interface.c | 22 +-
2388 drivers/isdn/hardware/avm/b1.c | 4 +-
2389 drivers/isdn/hardware/eicon/divasync.h | 2 +-
2390 drivers/isdn/hardware/eicon/xdi_adapter.h | 2 +-
2391 drivers/isdn/icn/icn.c | 2 +-
2392 drivers/lguest/core.c | 10 +-
2393 drivers/lguest/x86/core.c | 12 +-
2394 drivers/lguest/x86/switcher_32.S | 27 +-
2395 drivers/macintosh/macio_asic.c | 2 +-
2396 drivers/md/dm-ioctl.c | 2 +-
2397 drivers/md/dm-raid1.c | 16 +-
2398 drivers/md/dm-stripe.c | 10 +-
2399 drivers/md/dm-table.c | 2 +-
2400 drivers/md/dm-thin-metadata.c | 4 +-
2401 drivers/md/dm.c | 16 +-
2402 drivers/md/md.c | 28 +-
2403 drivers/md/md.h | 6 +-
2404 drivers/md/persistent-data/dm-space-map-checker.c | 2 +-
2405 drivers/md/persistent-data/dm-space-map-disk.c | 2 +-
2406 drivers/md/persistent-data/dm-space-map-metadata.c | 2 +-
2407 drivers/md/persistent-data/dm-space-map.h | 1 +
2408 drivers/md/raid1.c | 4 +-
2409 drivers/md/raid10.c | 16 +-
2410 drivers/md/raid5.c | 10 +-
2411 drivers/media/dvb/ddbridge/ddbridge-core.c | 2 +-
2412 drivers/media/dvb/dvb-core/dvb_demux.h | 2 +-
2413 drivers/media/dvb/dvb-core/dvbdev.c | 2 +-
2414 drivers/media/dvb/dvb-usb/cxusb.c | 2 +-
2415 drivers/media/dvb/dvb-usb/dw2102.c | 2 +-
2416 drivers/media/dvb/frontends/dib3000.h | 2 +-
2417 drivers/media/dvb/ngene/ngene-cards.c | 2 +-
2418 drivers/media/radio/radio-cadet.c | 2 +
2419 drivers/media/video/au0828/au0828.h | 2 +-
2420 drivers/media/video/cx88/cx88-alsa.c | 2 +-
2421 drivers/media/video/omap/omap_vout.c | 11 +-
2422 drivers/media/video/pvrusb2/pvrusb2-hdw-internal.h | 2 +-
2423 drivers/media/video/timblogiw.c | 4 +-
2424 drivers/message/fusion/mptsas.c | 34 +-
2425 drivers/message/fusion/mptscsih.c | 19 +-
2426 drivers/message/i2o/i2o_proc.c | 44 +-
2427 drivers/message/i2o/iop.c | 8 +-
2428 drivers/mfd/abx500-core.c | 2 +-
2429 drivers/mfd/janz-cmodio.c | 1 +
2430 drivers/misc/lis3lv02d/lis3lv02d.c | 8 +-
2431 drivers/misc/lis3lv02d/lis3lv02d.h | 2 +-
2432 drivers/misc/sgi-gru/gruhandles.c | 4 +-
2433 drivers/misc/sgi-gru/gruprocfs.c | 8 +-
2434 drivers/misc/sgi-gru/grutables.h | 154 +++---
2435 drivers/misc/sgi-xp/xp.h | 2 +-
2436 drivers/misc/sgi-xp/xpc.h | 3 +-
2437 drivers/misc/sgi-xp/xpc_main.c | 2 +-
2438 drivers/mmc/host/sdhci-pci.c | 2 +-
2439 drivers/mtd/devices/doc2000.c | 2 +-
2440 drivers/mtd/devices/doc2001.c | 2 +-
2441 drivers/mtd/nand/denali.c | 1 +
2442 drivers/mtd/nftlmount.c | 1 +
2443 drivers/mtd/ubi/build.c | 16 +-
2444 drivers/net/ethernet/atheros/atlx/atl2.c | 2 +-
2445 drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h | 2 +-
2446 drivers/net/ethernet/broadcom/tg3.h | 1 +
2447 drivers/net/ethernet/chelsio/cxgb3/l2t.h | 2 +-
2448 drivers/net/ethernet/dec/tulip/de4x5.c | 4 +-
2449 drivers/net/ethernet/dec/tulip/eeprom.c | 2 +-
2450 drivers/net/ethernet/dec/tulip/winbond-840.c | 2 +-
2451 drivers/net/ethernet/dlink/sundance.c | 2 +-
2452 drivers/net/ethernet/emulex/benet/be_main.c | 2 +-
2453 drivers/net/ethernet/faraday/ftgmac100.c | 2 +
2454 drivers/net/ethernet/faraday/ftmac100.c | 2 +
2455 drivers/net/ethernet/fealnx.c | 2 +-
2456 drivers/net/ethernet/intel/e1000e/80003es2lan.c | 2 +-
2457 drivers/net/ethernet/intel/e1000e/82571.c | 2 +-
2458 drivers/net/ethernet/intel/e1000e/hw.h | 9 +-
2459 drivers/net/ethernet/intel/igb/e1000_hw.h | 12 +-
2460 drivers/net/ethernet/intel/igbvf/vf.h | 6 +-
2461 drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 12 +-
2462 drivers/net/ethernet/intel/ixgbevf/vf.h | 6 +-
2463 drivers/net/ethernet/mellanox/mlx4/main.c | 1 +
2464 drivers/net/ethernet/neterion/vxge/vxge-config.h | 2 +-
2465 drivers/net/ethernet/neterion/vxge/vxge-traffic.h | 2 +-
2466 drivers/net/ethernet/realtek/r8169.c | 6 +-
2467 drivers/net/ethernet/sis/sis190.c | 2 +-
2468 drivers/net/ethernet/stmicro/stmmac/mmc_core.c | 4 +-
2469 drivers/net/hyperv/hyperv_net.h | 2 +-
2470 drivers/net/hyperv/rndis_filter.c | 4 +-
2471 drivers/net/ppp/ppp_generic.c | 4 +-
2472 drivers/net/tokenring/abyss.c | 8 +-
2473 drivers/net/tokenring/madgemc.c | 8 +-
2474 drivers/net/tokenring/proteon.c | 8 +-
2475 drivers/net/tokenring/skisa.c | 8 +-
2476 drivers/net/usb/hso.c | 25 +-
2477 drivers/net/wireless/ath/ath.h | 1 +
2478 drivers/net/wireless/ath/ath9k/ar9002_mac.c | 30 +-
2479 drivers/net/wireless/ath/ath9k/ar9003_mac.c | 58 +-
2480 drivers/net/wireless/ath/ath9k/hw.h | 6 +-
2481 .../net/wireless/brcm80211/brcmsmac/phy/phy_int.h | 2 +-
2482 drivers/net/wireless/iwlegacy/3945-mac.c | 4 +-
2483 drivers/net/wireless/iwlwifi/iwl-debug.h | 4 +-
2484 drivers/net/wireless/mac80211_hwsim.c | 8 +-
2485 drivers/net/wireless/mwifiex/main.h | 2 +-
2486 drivers/net/wireless/rndis_wlan.c | 2 +-
2487 drivers/net/wireless/wl1251/wl1251.h | 2 +-
2488 drivers/oprofile/buffer_sync.c | 8 +-
2489 drivers/oprofile/event_buffer.c | 2 +-
2490 drivers/oprofile/oprof.c | 2 +-
2491 drivers/oprofile/oprofile_stats.c | 10 +-
2492 drivers/oprofile/oprofile_stats.h | 10 +-
2493 drivers/oprofile/oprofilefs.c | 2 +-
2494 drivers/parport/procfs.c | 4 +-
2495 drivers/pci/hotplug/cpci_hotplug.h | 2 +-
2496 drivers/pci/hotplug/cpqphp_nvram.c | 4 +
2497 drivers/pci/pcie/aspm.c | 6 +-
2498 drivers/pci/probe.c | 2 +-
2499 drivers/platform/x86/thinkpad_acpi.c | 70 ++-
2500 drivers/pnp/pnpbios/bioscalls.c | 14 +-
2501 drivers/pnp/resource.c | 4 +-
2502 drivers/power/bq27x00_battery.c | 2 +-
2503 drivers/regulator/max8660.c | 6 +-
2504 drivers/regulator/mc13892-regulator.c | 6 +-
2505 drivers/scsi/aacraid/aacraid.h | 2 +-
2506 drivers/scsi/aacraid/linit.c | 2 +-
2507 drivers/scsi/aic94xx/aic94xx_init.c | 2 +-
2508 drivers/scsi/bfa/bfa.h | 2 +-
2509 drivers/scsi/bfa/bfa_fcpim.c | 4 +-
2510 drivers/scsi/bfa/bfa_fcpim.h | 3 +-
2511 drivers/scsi/bfa/bfa_ioc.h | 4 +-
2512 drivers/scsi/hosts.c | 4 +-
2513 drivers/scsi/hpsa.c | 30 +-
2514 drivers/scsi/hpsa.h | 2 +-
2515 drivers/scsi/ips.h | 2 +-
2516 drivers/scsi/libfc/fc_exch.c | 38 +-
2517 drivers/scsi/libsas/sas_ata.c | 2 +-
2518 drivers/scsi/lpfc/lpfc.h | 8 +-
2519 drivers/scsi/lpfc/lpfc_debugfs.c | 18 +-
2520 drivers/scsi/lpfc/lpfc_init.c | 6 +-
2521 drivers/scsi/lpfc/lpfc_scsi.c | 16 +-
2522 drivers/scsi/pmcraid.c | 20 +-
2523 drivers/scsi/pmcraid.h | 8 +-
2524 drivers/scsi/qla2xxx/qla_def.h | 2 +-
2525 drivers/scsi/qla4xxx/ql4_def.h | 2 +-
2526 drivers/scsi/qla4xxx/ql4_os.c | 6 +-
2527 drivers/scsi/scsi.c | 2 +-
2528 drivers/scsi/scsi_lib.c | 6 +-
2529 drivers/scsi/scsi_sysfs.c | 2 +-
2530 drivers/scsi/scsi_tgt_lib.c | 2 +-
2531 drivers/scsi/scsi_transport_fc.c | 8 +-
2532 drivers/scsi/scsi_transport_iscsi.c | 6 +-
2533 drivers/scsi/scsi_transport_srp.c | 6 +-
2534 drivers/scsi/sg.c | 6 +-
2535 drivers/spi/spi-dw-pci.c | 2 +-
2536 drivers/spi/spi.c | 2 +-
2537 drivers/staging/octeon/ethernet-rx.c | 12 +-
2538 drivers/staging/octeon/ethernet.c | 8 +-
2539 drivers/staging/rtl8712/rtl871x_io.h | 2 +-
2540 drivers/staging/sbe-2t3e3/netdev.c | 2 +-
2541 drivers/staging/speakup/speakup_soft.c | 2 +-
2542 drivers/staging/usbip/usbip_common.h | 2 +-
2543 drivers/staging/usbip/vhci.h | 2 +-
2544 drivers/staging/usbip/vhci_hcd.c | 6 +-
2545 drivers/staging/usbip/vhci_rx.c | 2 +-
2546 drivers/staging/vt6655/hostap.c | 7 +-
2547 drivers/staging/vt6656/hostap.c | 7 +-
2548 drivers/staging/wlan-ng/hfa384x_usb.c | 2 +-
2549 drivers/staging/zcache/tmem.c | 4 +-
2550 drivers/staging/zcache/tmem.h | 2 +
2551 drivers/target/iscsi/iscsi_target.c | 2 +-
2552 drivers/target/target_core_tmr.c | 6 +-
2553 drivers/target/target_core_transport.c | 16 +-
2554 drivers/tty/hvc/hvcs.c | 23 +-
2555 drivers/tty/ipwireless/tty.c | 29 +-
2556 drivers/tty/n_gsm.c | 2 +-
2557 drivers/tty/n_tty.c | 3 +-
2558 drivers/tty/pty.c | 4 +-
2559 drivers/tty/serial/kgdboc.c | 32 +-
2560 drivers/tty/tty_io.c | 2 +-
2561 drivers/tty/tty_ldisc.c | 10 +-
2562 drivers/uio/uio.c | 21 +-
2563 drivers/usb/atm/cxacru.c | 2 +-
2564 drivers/usb/atm/usbatm.c | 24 +-
2565 drivers/usb/core/devices.c | 6 +-
2566 drivers/usb/core/message.c | 4 +-
2567 drivers/usb/early/ehci-dbgp.c | 16 +-
2568 drivers/usb/wusbcore/wa-hc.h | 4 +-
2569 drivers/usb/wusbcore/wa-xfer.c | 2 +-
2570 drivers/vhost/vhost.c | 2 +-
2571 drivers/video/aty/aty128fb.c | 2 +-
2572 drivers/video/fbcmap.c | 3 +-
2573 drivers/video/fbmem.c | 6 +-
2574 drivers/video/geode/gx1fb_core.c | 2 +-
2575 drivers/video/gxt4500.c | 4 +-
2576 drivers/video/i810/i810_accel.c | 1 +
2577 drivers/video/i810/i810_main.c | 2 +-
2578 drivers/video/jz4740_fb.c | 2 +-
2579 drivers/video/udlfb.c | 32 +-
2580 drivers/video/uvesafb.c | 36 ++-
2581 drivers/video/vesafb.c | 51 ++-
2582 drivers/video/via/via_clock.h | 2 +-
2583 drivers/xen/xen-pciback/conf_space.h | 6 +-
2584 fs/9p/vfs_inode.c | 2 +-
2585 fs/Kconfig.binfmt | 2 +-
2586 fs/aio.c | 11 +-
2587 fs/autofs4/waitq.c | 2 +-
2588 fs/befs/linuxvfs.c | 2 +-
2589 fs/binfmt_aout.c | 23 +-
2590 fs/binfmt_elf.c | 609 ++++++++++++++++++-
2591 fs/binfmt_flat.c | 6 +
2592 fs/bio.c | 2 +-
2593 fs/block_dev.c | 2 +-
2594 fs/btrfs/check-integrity.c | 2 +-
2595 fs/btrfs/ctree.c | 9 +-
2596 fs/btrfs/ioctl.c | 2 +-
2597 fs/btrfs/relocation.c | 2 +-
2598 fs/cachefiles/bind.c | 6 +-
2599 fs/cachefiles/daemon.c | 8 +-
2600 fs/cachefiles/internal.h | 12 +-
2601 fs/cachefiles/namei.c | 2 +-
2602 fs/cachefiles/proc.c | 12 +-
2603 fs/cachefiles/rdwr.c | 2 +-
2604 fs/ceph/dir.c | 2 +-
2605 fs/cifs/cifs_debug.c | 86 ++--
2606 fs/cifs/cifsfs.c | 8 +-
2607 fs/cifs/cifsglob.h | 50 +-
2608 fs/cifs/link.c | 2 +-
2609 fs/cifs/misc.c | 4 +-
2610 fs/coda/cache.c | 10 +-
2611 fs/compat.c | 6 +-
2612 fs/compat_binfmt_elf.c | 2 +
2613 fs/compat_ioctl.c | 10 +-
2614 fs/configfs/dir.c | 10 +-
2615 fs/dcache.c | 2 +-
2616 fs/ecryptfs/inode.c | 6 +-
2617 fs/ecryptfs/miscdev.c | 2 +-
2618 fs/ecryptfs/read_write.c | 4 +-
2619 fs/exec.c | 317 +++++++++--
2620 fs/ext4/ext4.h | 20 +-
2621 fs/ext4/mballoc.c | 44 +-
2622 fs/fcntl.c | 4 +-
2623 fs/fifo.c | 22 +-
2624 fs/fs_struct.c | 12 +-
2625 fs/fscache/cookie.c | 34 +-
2626 fs/fscache/internal.h | 182 +++---
2627 fs/fscache/object.c | 26 +-
2628 fs/fscache/operation.c | 28 +-
2629 fs/fscache/page.c | 106 ++--
2630 fs/fscache/stats.c | 330 +++++-----
2631 fs/fuse/cuse.c | 10 +-
2632 fs/fuse/dev.c | 2 +-
2633 fs/fuse/dir.c | 2 +-
2634 fs/gfs2/inode.c | 2 +-
2635 fs/inode.c | 4 +-
2636 fs/jffs2/erase.c | 3 +-
2637 fs/jffs2/wbuf.c | 3 +-
2638 fs/jfs/super.c | 2 +-
2639 fs/libfs.c | 10 +-
2640 fs/lockd/clntproc.c | 4 +-
2641 fs/locks.c | 8 +-
2642 fs/namei.c | 13 +-
2643 fs/nfs/inode.c | 8 +-
2644 fs/nfsd/vfs.c | 6 +-
2645 fs/notify/fanotify/fanotify_user.c | 3 +-
2646 fs/notify/notification.c | 4 +-
2647 fs/ntfs/dir.c | 2 +-
2648 fs/ntfs/file.c | 4 +-
2649 fs/ocfs2/localalloc.c | 2 +-
2650 fs/ocfs2/ocfs2.h | 10 +-
2651 fs/ocfs2/suballoc.c | 12 +-
2652 fs/ocfs2/super.c | 20 +-
2653 fs/ocfs2/symlink.c | 2 +-
2654 fs/pipe.c | 33 +-
2655 fs/proc/array.c | 20 +
2656 fs/proc/base.c | 2 +-
2657 fs/proc/kcore.c | 32 +-
2658 fs/proc/meminfo.c | 2 +-
2659 fs/proc/nommu.c | 2 +-
2660 fs/proc/task_mmu.c | 39 +-
2661 fs/proc/task_nommu.c | 4 +-
2662 fs/quota/netlink.c | 4 +-
2663 fs/readdir.c | 2 +-
2664 fs/reiserfs/do_balan.c | 2 +-
2665 fs/reiserfs/procfs.c | 2 +-
2666 fs/seq_file.c | 14 +-
2667 fs/splice.c | 36 +-
2668 fs/sysfs/file.c | 10 +-
2669 fs/sysfs/symlink.c | 2 +-
2670 fs/udf/misc.c | 2 +-
2671 fs/xattr_acl.c | 4 +-
2672 fs/xfs/xfs_bmap.c | 2 +-
2673 fs/xfs/xfs_dir2_sf.c | 10 +-
2674 fs/xfs/xfs_ioctl.c | 2 +-
2675 fs/xfs/xfs_iops.c | 2 +-
2676 include/acpi/acpi_bus.h | 2 +-
2677 include/asm-generic/atomic-long.h | 183 ++++++
2678 include/asm-generic/atomic64.h | 12 +
2679 include/asm-generic/cache.h | 4 +-
2680 include/asm-generic/emergency-restart.h | 2 +-
2681 include/asm-generic/int-l64.h | 2 +
2682 include/asm-generic/int-ll64.h | 2 +
2683 include/asm-generic/kmap_types.h | 3 +-
2684 include/asm-generic/local.h | 1 +
2685 include/asm-generic/pgtable-nopmd.h | 18 +-
2686 include/asm-generic/pgtable-nopud.h | 14 +-
2687 include/asm-generic/pgtable.h | 8 +
2688 include/asm-generic/vmlinux.lds.h | 10 +-
2689 include/drm/drmP.h | 5 +-
2690 include/drm/drm_crtc_helper.h | 4 +-
2691 include/drm/ttm/ttm_memory.h | 2 +-
2692 include/linux/a.out.h | 8 +
2693 include/linux/atmdev.h | 2 +-
2694 include/linux/binfmts.h | 1 +
2695 include/linux/blkdev.h | 2 +-
2696 include/linux/blktrace_api.h | 2 +-
2697 include/linux/byteorder/little_endian.h | 24 +-
2698 include/linux/cache.h | 4 +
2699 include/linux/cleancache.h | 2 +-
2700 include/linux/compiler-gcc4.h | 11 +
2701 include/linux/compiler.h | 60 ++-
2702 include/linux/cpuset.h | 2 +-
2703 include/linux/crypto.h | 6 +-
2704 include/linux/decompress/mm.h | 2 +-
2705 include/linux/dma-mapping.h | 2 +-
2706 include/linux/efi.h | 2 +-
2707 include/linux/elf.h | 30 +
2708 include/linux/filter.h | 4 +
2709 include/linux/firewire.h | 2 +-
2710 include/linux/fs.h | 3 +-
2711 include/linux/fs_struct.h | 2 +-
2712 include/linux/fscache-cache.h | 4 +-
2713 include/linux/fsnotify.h | 2 +-
2714 include/linux/fsnotify_backend.h | 1 +
2715 include/linux/ftrace_event.h | 4 +-
2716 include/linux/genhd.h | 2 +-
2717 include/linux/hid.h | 2 +-
2718 include/linux/highmem.h | 12 +
2719 include/linux/i2c.h | 1 +
2720 include/linux/i2o.h | 2 +-
2721 include/linux/if_team.h | 3 +-
2722 include/linux/init.h | 4 +-
2723 include/linux/init_task.h | 7 +
2724 include/linux/intel-iommu.h | 2 +-
2725 include/linux/interrupt.h | 6 +-
2726 include/linux/kgdb.h | 6 +-
2727 include/linux/kref.h | 2 +-
2728 include/linux/kvm_host.h | 4 +-
2729 include/linux/libata.h | 2 +-
2730 include/linux/mca.h | 2 +-
2731 include/linux/memory.h | 2 +-
2732 include/linux/mfd/abx500.h | 1 +
2733 include/linux/mm.h | 66 +--
2734 include/linux/mm_types.h | 20 +
2735 include/linux/mmu_notifier.h | 6 +-
2736 include/linux/mmzone.h | 2 +-
2737 include/linux/mod_devicetable.h | 4 +-
2738 include/linux/module.h | 54 ++-
2739 include/linux/moduleloader.h | 12 +
2740 include/linux/moduleparam.h | 4 +-
2741 include/linux/namei.h | 6 +-
2742 include/linux/netdevice.h | 3 +-
2743 include/linux/of_pdt.h | 2 +-
2744 include/linux/oprofile.h | 4 +-
2745 include/linux/padata.h | 2 +-
2746 include/linux/perf_event.h | 8 +-
2747 include/linux/pipe_fs_i.h | 6 +-
2748 include/linux/pm_runtime.h | 2 +-
2749 include/linux/poison.h | 4 +-
2750 include/linux/preempt.h | 2 +-
2751 include/linux/proc_fs.h | 2 +-
2752 include/linux/random.h | 7 +-
2753 include/linux/reboot.h | 14 +-
2754 include/linux/reiserfs_fs.h | 2 +-
2755 include/linux/reiserfs_fs_sb.h | 2 +-
2756 include/linux/relay.h | 2 +-
2757 include/linux/rfkill.h | 1 +
2758 include/linux/rio.h | 2 +-
2759 include/linux/rmap.h | 4 +-
2760 include/linux/sched.h | 69 ++-
2761 include/linux/screen_info.h | 3 +-
2762 include/linux/seq_file.h | 1 +
2763 include/linux/skbuff.h | 8 +-
2764 include/linux/slab.h | 73 +++-
2765 include/linux/slab_def.h | 8 +-
2766 include/linux/slub_def.h | 4 +-
2767 include/linux/sonet.h | 2 +-
2768 include/linux/sunrpc/clnt.h | 8 +-
2769 include/linux/sunrpc/sched.h | 1 +
2770 include/linux/sunrpc/svc_rdma.h | 18 +-
2771 include/linux/sysctl.h | 6 +-
2772 include/linux/tty_ldisc.h | 2 +-
2773 include/linux/types.h | 16 +
2774 include/linux/uaccess.h | 6 +-
2775 include/linux/unaligned/access_ok.h | 12 +-
2776 include/linux/usb/renesas_usbhs.h | 4 +-
2777 include/linux/vermagic.h | 21 +-
2778 include/linux/vmalloc.h | 104 ++++
2779 include/linux/vmstat.h | 20 +-
2780 include/linux/xattr.h | 5 +
2781 include/media/saa7146_vv.h | 2 +-
2782 include/media/v4l2-dev.h | 3 +-
2783 include/media/v4l2-ioctl.h | 2 +-
2784 include/net/caif/caif_hsi.h | 2 +-
2785 include/net/caif/cfctrl.h | 6 +-
2786 include/net/flow.h | 2 +-
2787 include/net/inetpeer.h | 8 +-
2788 include/net/ip_fib.h | 2 +-
2789 include/net/ip_vs.h | 4 +-
2790 include/net/irda/ircomm_core.h | 2 +-
2791 include/net/irda/ircomm_tty.h | 5 +-
2792 include/net/iucv/af_iucv.h | 2 +-
2793 include/net/neighbour.h | 2 +-
2794 include/net/netlink.h | 2 +-
2795 include/net/netns/ipv4.h | 4 +-
2796 include/net/sctp/sctp.h | 6 +-
2797 include/net/sock.h | 4 +-
2798 include/net/tcp.h | 2 +-
2799 include/net/udp.h | 2 +-
2800 include/net/xfrm.h | 2 +-
2801 include/rdma/iw_cm.h | 2 +-
2802 include/scsi/libfc.h | 3 +-
2803 include/scsi/scsi_device.h | 6 +-
2804 include/scsi/scsi_transport_fc.h | 2 +-
2805 include/sound/ak4xxx-adda.h | 2 +-
2806 include/sound/hwdep.h | 2 +-
2807 include/sound/info.h | 2 +-
2808 include/sound/pcm.h | 1 +
2809 include/sound/sb16_csp.h | 2 +-
2810 include/sound/soc.h | 4 +-
2811 include/sound/ymfpci.h | 2 +-
2812 include/target/target_core_base.h | 8 +-
2813 include/trace/events/irq.h | 4 +-
2814 include/video/udlfb.h | 8 +-
2815 include/video/uvesafb.h | 1 +
2816 init/Kconfig | 2 +-
2817 init/do_mounts.c | 14 +-
2818 init/do_mounts.h | 8 +-
2819 init/do_mounts_initrd.c | 28 +-
2820 init/do_mounts_md.c | 6 +-
2821 init/initramfs.c | 40 +-
2822 init/main.c | 56 ++-
2823 ipc/msg.c | 11 +-
2824 ipc/sem.c | 11 +-
2825 ipc/shm.c | 17 +-
2826 kernel/acct.c | 2 +-
2827 kernel/audit.c | 8 +-
2828 kernel/auditsc.c | 4 +-
2829 kernel/capability.c | 3 +
2830 kernel/compat.c | 44 +-
2831 kernel/debug/debug_core.c | 16 +-
2832 kernel/debug/kdb/kdb_main.c | 4 +-
2833 kernel/events/core.c | 28 +-
2834 kernel/exit.c | 4 +-
2835 kernel/fork.c | 165 ++++--
2836 kernel/futex.c | 9 +
2837 kernel/gcov/base.c | 7 +-
2838 kernel/hrtimer.c | 2 +-
2839 kernel/jump_label.c | 4 +
2840 kernel/kallsyms.c | 39 ++-
2841 kernel/kexec.c | 3 +-
2842 kernel/kmod.c | 2 +-
2843 kernel/kprobes.c | 8 +-
2844 kernel/lockdep.c | 7 +-
2845 kernel/lockdep_proc.c | 2 +-
2846 kernel/module.c | 326 +++++++----
2847 kernel/mutex-debug.c | 12 +-
2848 kernel/mutex-debug.h | 4 +-
2849 kernel/mutex.c | 7 +-
2850 kernel/padata.c | 8 +-
2851 kernel/panic.c | 3 +-
2852 kernel/pid.c | 2 +-
2853 kernel/posix-cpu-timers.c | 4 +-
2854 kernel/posix-timers.c | 20 +-
2855 kernel/power/poweroff.c | 2 +-
2856 kernel/power/process.c | 13 +-
2857 kernel/profile.c | 14 +-
2858 kernel/ptrace.c | 6 +-
2859 kernel/rcutiny.c | 4 +-
2860 kernel/rcutorture.c | 56 +-
2861 kernel/rcutree.c | 32 +-
2862 kernel/rcutree.h | 2 +-
2863 kernel/rcutree_plugin.h | 16 +-
2864 kernel/rcutree_trace.c | 4 +-
2865 kernel/rtmutex-tester.c | 24 +-
2866 kernel/sched/auto_group.c | 4 +-
2867 kernel/sched/fair.c | 2 +-
2868 kernel/signal.c | 8 +-
2869 kernel/smp.c | 8 +-
2870 kernel/softirq.c | 14 +-
2871 kernel/sys.c | 12 +-
2872 kernel/sysctl.c | 37 ++-
2873 kernel/sysctl_binary.c | 14 +-
2874 kernel/time/alarmtimer.c | 2 +-
2875 kernel/time/tick-broadcast.c | 2 +-
2876 kernel/time/timer_stats.c | 10 +-
2877 kernel/timer.c | 2 +-
2878 kernel/trace/blktrace.c | 6 +-
2879 kernel/trace/ftrace.c | 11 +-
2880 kernel/trace/trace.c | 6 +-
2881 kernel/trace/trace_events.c | 25 +-
2882 kernel/trace/trace_kprobe.c | 8 +-
2883 kernel/trace/trace_mmiotrace.c | 8 +-
2884 kernel/trace/trace_output.c | 2 +-
2885 kernel/trace/trace_stack.c | 2 +-
2886 kernel/trace/trace_workqueue.c | 6 +-
2887 lib/bitmap.c | 8 +-
2888 lib/bug.c | 2 +
2889 lib/debugobjects.c | 2 +-
2890 lib/devres.c | 4 +-
2891 lib/dma-debug.c | 2 +-
2892 lib/extable.c | 3 +
2893 lib/inflate.c | 2 +-
2894 lib/radix-tree.c | 2 +-
2895 lib/vsprintf.c | 12 +-
2896 mm/Kconfig | 6 +-
2897 mm/filemap.c | 2 +-
2898 mm/fremap.c | 5 +
2899 mm/highmem.c | 7 +-
2900 mm/huge_memory.c | 2 +-
2901 mm/hugetlb.c | 54 ++
2902 mm/internal.h | 1 +
2903 mm/maccess.c | 4 +-
2904 mm/madvise.c | 41 ++
2905 mm/memory-failure.c | 18 +-
2906 mm/memory.c | 358 +++++++++--
2907 mm/mempolicy.c | 25 +
2908 mm/mlock.c | 20 +-
2909 mm/mmap.c | 632 +++++++++++++++++---
2910 mm/mprotect.c | 137 +++++-
2911 mm/mremap.c | 45 ++-
2912 mm/nommu.c | 11 +-
2913 mm/page_alloc.c | 14 +-
2914 mm/percpu.c | 2 +-
2915 mm/process_vm_access.c | 14 +-
2916 mm/rmap.c | 41 ++-
2917 mm/shmem.c | 5 +-
2918 mm/slab.c | 81 ++-
2919 mm/slob.c | 180 +++++-
2920 mm/slub.c | 69 ++-
2921 mm/swap.c | 3 +
2922 mm/swapfile.c | 12 +-
2923 mm/util.c | 8 +
2924 mm/vmalloc.c | 92 +++-
2925 mm/vmstat.c | 6 +-
2926 net/8021q/vlan.c | 3 +-
2927 net/9p/trans_fd.c | 2 +-
2928 net/atm/atm_misc.c | 8 +-
2929 net/atm/lec.h | 2 +-
2930 net/atm/mpc.h | 2 +-
2931 net/atm/proc.c | 6 +-
2932 net/atm/resources.c | 4 +-
2933 net/batman-adv/bat_iv_ogm.c | 6 +-
2934 net/batman-adv/hard-interface.c | 4 +-
2935 net/batman-adv/soft-interface.c | 4 +-
2936 net/batman-adv/types.h | 6 +-
2937 net/batman-adv/unicast.c | 2 +-
2938 net/bluetooth/hci_conn.c | 2 +-
2939 net/bluetooth/l2cap_core.c | 12 +-
2940 net/bridge/netfilter/ebtables.c | 2 +-
2941 net/caif/caif_socket.c | 43 +-
2942 net/caif/cfctrl.c | 11 +-
2943 net/can/gw.c | 2 +-
2944 net/compat.c | 32 +-
2945 net/core/datagram.c | 2 +-
2946 net/core/dev.c | 16 +-
2947 net/core/flow.c | 8 +-
2948 net/core/iovec.c | 4 +-
2949 net/core/rtnetlink.c | 2 +-
2950 net/core/scm.c | 8 +-
2951 net/core/sock.c | 16 +-
2952 net/decnet/sysctl_net_decnet.c | 4 +-
2953 net/ipv4/fib_frontend.c | 6 +-
2954 net/ipv4/fib_semantics.c | 2 +-
2955 net/ipv4/inetpeer.c | 4 +-
2956 net/ipv4/ip_fragment.c | 2 +-
2957 net/ipv4/ip_sockglue.c | 2 +-
2958 net/ipv4/ipconfig.c | 6 +-
2959 net/ipv4/netfilter/nf_nat_snmp_basic.c | 2 +-
2960 net/ipv4/ping.c | 2 +-
2961 net/ipv4/raw.c | 14 +-
2962 net/ipv4/route.c | 6 +-
2963 net/ipv4/tcp_probe.c | 2 +-
2964 net/ipv4/udp.c | 8 +-
2965 net/ipv6/addrconf.c | 2 +-
2966 net/ipv6/inet6_connection_sock.c | 4 +-
2967 net/ipv6/ipv6_sockglue.c | 2 +-
2968 net/ipv6/raw.c | 19 +-
2969 net/ipv6/udp.c | 8 +-
2970 net/irda/ircomm/ircomm_tty.c | 38 +-
2971 net/iucv/af_iucv.c | 4 +-
2972 net/key/af_key.c | 4 +-
2973 net/mac80211/ieee80211_i.h | 3 +-
2974 net/mac80211/iface.c | 12 +-
2975 net/mac80211/main.c | 2 +-
2976 net/mac80211/pm.c | 6 +-
2977 net/mac80211/rate.c | 2 +-
2978 net/mac80211/rc80211_pid_debugfs.c | 2 +-
2979 net/mac80211/util.c | 2 +-
2980 net/netfilter/ipvs/ip_vs_conn.c | 6 +-
2981 net/netfilter/ipvs/ip_vs_core.c | 4 +-
2982 net/netfilter/ipvs/ip_vs_ctl.c | 10 +-
2983 net/netfilter/ipvs/ip_vs_sync.c | 4 +-
2984 net/netfilter/ipvs/ip_vs_xmit.c | 4 +-
2985 net/netfilter/nfnetlink_log.c | 4 +-
2986 net/netfilter/xt_statistic.c | 8 +-
2987 net/netlink/af_netlink.c | 4 +-
2988 net/packet/af_packet.c | 8 +-
2989 net/phonet/pep.c | 6 +-
2990 net/phonet/socket.c | 2 +-
2991 net/rds/cong.c | 6 +-
2992 net/rds/ib.h | 2 +-
2993 net/rds/ib_cm.c | 2 +-
2994 net/rds/ib_recv.c | 4 +-
2995 net/rds/iw.h | 2 +-
2996 net/rds/iw_cm.c | 2 +-
2997 net/rds/iw_recv.c | 4 +-
2998 net/rds/tcp.c | 2 +-
2999 net/rds/tcp_send.c | 2 +-
3000 net/rxrpc/af_rxrpc.c | 2 +-
3001 net/rxrpc/ar-ack.c | 14 +-
3002 net/rxrpc/ar-call.c | 2 +-
3003 net/rxrpc/ar-connection.c | 2 +-
3004 net/rxrpc/ar-connevent.c | 2 +-
3005 net/rxrpc/ar-input.c | 4 +-
3006 net/rxrpc/ar-internal.h | 8 +-
3007 net/rxrpc/ar-local.c | 2 +-
3008 net/rxrpc/ar-output.c | 4 +-
3009 net/rxrpc/ar-peer.c | 2 +-
3010 net/rxrpc/ar-proc.c | 4 +-
3011 net/rxrpc/ar-transport.c | 2 +-
3012 net/rxrpc/rxkad.c | 4 +-
3013 net/sctp/socket.c | 2 +-
3014 net/socket.c | 34 +-
3015 net/sunrpc/sched.c | 4 +-
3016 net/sunrpc/svcsock.c | 2 +-
3017 net/sunrpc/xprtrdma/svc_rdma.c | 38 +-
3018 net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 6 +-
3019 net/sunrpc/xprtrdma/svc_rdma_sendto.c | 2 +-
3020 net/sunrpc/xprtrdma/svc_rdma_transport.c | 10 +-
3021 net/tipc/link.c | 6 +-
3022 net/tipc/msg.c | 2 +-
3023 net/tipc/subscr.c | 2 +-
3024 net/wireless/core.h | 2 +-
3025 net/wireless/wext-core.c | 19 +-
3026 net/xfrm/xfrm_policy.c | 16 +-
3027 scripts/Makefile.build | 4 +-
3028 scripts/Makefile.clean | 3 +-
3029 scripts/Makefile.host | 2 +
3030 scripts/basic/fixdep.c | 12 +-
3031 scripts/gcc-plugin.sh | 2 +
3032 scripts/mod/file2alias.c | 14 +-
3033 scripts/mod/modpost.c | 25 +-
3034 scripts/mod/modpost.h | 6 +-
3035 scripts/mod/sumversion.c | 2 +-
3036 scripts/pnmtologo.c | 6 +-
3037 security/Kconfig | 618 +++++++++++++++++++-
3038 security/integrity/ima/ima.h | 4 +-
3039 security/integrity/ima/ima_api.c | 2 +-
3040 security/integrity/ima/ima_fs.c | 4 +-
3041 security/integrity/ima/ima_queue.c | 2 +-
3042 security/keys/compat.c | 2 +-
3043 security/keys/keyctl.c | 8 +-
3044 security/keys/keyring.c | 6 +-
3045 security/security.c | 8 +-
3046 security/selinux/hooks.c | 2 +-
3047 security/selinux/include/xfrm.h | 2 +-
3048 security/smack/smack_lsm.c | 2 +-
3049 security/tomoyo/tomoyo.c | 2 +-
3050 sound/aoa/codecs/onyx.c | 7 +-
3051 sound/aoa/codecs/onyx.h | 1 +
3052 sound/core/oss/pcm_oss.c | 18 +-
3053 sound/core/pcm_compat.c | 2 +-
3054 sound/core/pcm_native.c | 4 +-
3055 sound/core/seq/seq_device.c | 8 +-
3056 sound/drivers/mts64.c | 14 +-
3057 sound/drivers/opl4/opl4_lib.c | 2 +-
3058 sound/drivers/portman2x4.c | 3 +-
3059 sound/firewire/amdtp.c | 4 +-
3060 sound/firewire/amdtp.h | 2 +-
3061 sound/firewire/isight.c | 10 +-
3062 sound/isa/cmi8330.c | 2 +-
3063 sound/oss/sb_audio.c | 2 +-
3064 sound/oss/swarm_cs4297a.c | 6 +-
3065 sound/pci/hda/hda_codec.h | 7 +-
3066 sound/pci/ice1712/ice1712.h | 4 +-
3067 sound/pci/ymfpci/ymfpci_main.c | 12 +-
3068 sound/soc/soc-pcm.c | 2 +-
3069 sound/usb/card.h | 3 +-
3070 tools/gcc/Makefile | 23 +
3071 tools/gcc/checker_plugin.c | 171 ++++++
3072 tools/gcc/colorize_plugin.c | 147 +++++
3073 tools/gcc/constify_plugin.c | 303 ++++++++++
3074 tools/gcc/kallocstat_plugin.c | 167 +++++
3075 tools/gcc/kernexec_plugin.c | 427 +++++++++++++
3076 tools/gcc/stackleak_plugin.c | 313 ++++++++++
3077 tools/perf/util/include/asm/alternative-asm.h | 3 +
3078 usr/gen_init_cpio.c | 7 +-
3079 virt/kvm/kvm_main.c | 20 +-
3080 1246 files changed, 18805 insertions(+), 5986 deletions(-)
3081 commit a00016a11e35e91aec8e2d9b6ec4c6fbb11d6d2b
3082 Merge: 0949bd4 fc53d63
3083 Author: Brad Spengler <spender@grsecurity.net>
3084 Date: Thu Mar 22 19:03:44 2012 -0400
3085
3086 Merge branch 'pax-test' into grsec-test
3087
3088 commit fc53d6338964741b368070ec5c935bc579b8c2a6
3089 Author: Brad Spengler <spender@grsecurity.net>
3090 Date: Thu Mar 22 19:02:45 2012 -0400
3091
3092 Update to pax-linux-3.2.12-test33.patch
3093
3094 commit 0949bd46a6455b308f66ad7c993bfee62412db35
3095 Author: Brad Spengler <spender@grsecurity.net>
3096 Date: Thu Mar 22 16:56:09 2012 -0400
3097
3098 Use current_umask() instead of current->fs->umask
3099
3100 commit 22f6432d0fe733619cfcb523782ed7d80c46d645
3101 Author: Brad Spengler <spender@grsecurity.net>
3102 Date: Wed Mar 21 19:42:42 2012 -0400
3103
3104 compile fix
3105
3106 commit 0cad49d6b8fbb32395da924c1665a1110a9a9eef
3107 Author: Brad Spengler <spender@grsecurity.net>
3108 Date: Wed Mar 21 19:34:56 2012 -0400
3109
3110 Resolve some very tricky hash table manipulations that resulted in an infinite loop in certain
3111 uses of domains with particular hash collisions
3112
3113 commit 47fc52e0a068a29d6cca2f809daf0679cba33c44
3114 Author: Brad Spengler <spender@grsecurity.net>
3115 Date: Tue Mar 20 20:25:49 2012 -0400
3116
3117 zero kernel_role
3118
3119 commit b00953b43c69238d181d21121ef1577c988d5f6b
3120 Author: Brad Spengler <spender@grsecurity.net>
3121 Date: Tue Mar 20 19:29:34 2012 -0400
3122
3123 zero real_root after releasing it
3124
3125 commit 0b3ab73ce5d34a2c3206955cd65eddd6bdfd32a1
3126 Merge: b724f59 273f98e
3127 Author: Brad Spengler <spender@grsecurity.net>
3128 Date: Tue Mar 20 19:11:26 2012 -0400
3129
3130 Merge branch 'pax-test' into grsec-test
3131
3132 commit 273f98e58cdac555d3b5dce5c1ca168349f95878
3133 Author: Brad Spengler <spender@grsecurity.net>
3134 Date: Tue Mar 20 19:10:52 2012 -0400
3135
3136 Temporary workaround for (most) size_overflow plugin false-positives
3137 Increase randomization for brk-managed heap to 21 bits
3138 Update to pax-linux-3.2.12-test32.patch
3139
3140 commit b724f59125304460c2af8bd4b02921993afbb5d3
3141 Author: Brad Spengler <spender@grsecurity.net>
3142 Date: Tue Mar 20 18:58:53 2012 -0400
3143
3144 compile fix
3145
3146 commit 329f1a9d0f137d0a973316c53bbec18a6eeecd4f
3147 Author: Brad Spengler <spender@grsecurity.net>
3148 Date: Tue Mar 20 18:52:23 2012 -0400
3149
3150 Require default and kernel role
3151
3152 commit a7c5c4f55bdd61cfcd0fb1be7a67160429409878
3153 Author: Brad Spengler <spender@grsecurity.net>
3154 Date: Tue Mar 20 18:47:28 2012 -0400
3155
3156 Allow policies without special roles
3157 don't call free_variables in error path of copy_user_acl, we'll call it later (triggered by a policy without special roles)
3158
3159 commit 402ec3d24d66d38403dc543c84851f5e72d39e22
3160 Merge: 8e012dc f14661a
3161 Author: Brad Spengler <spender@grsecurity.net>
3162 Date: Mon Mar 19 18:06:59 2012 -0400
3163
3164 Merge branch 'pax-test' into grsec-test
3165
3166 Conflicts:
3167 fs/namei.c
3168
3169 commit f14661aaf202155c97f66626cea0269017bb7775
3170 Merge: eae671f 058b017
3171 Author: Brad Spengler <spender@grsecurity.net>
3172 Date: Mon Mar 19 18:05:44 2012 -0400
3173
3174 Merge branch 'linux-3.2.y' into pax-test
3175
3176 commit 8e012dcf7a50b7cde34c2cec93ecedd049123b75
3177 Author: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
3178 Date: Fri Mar 16 17:08:39 2012 -0700
3179
3180 nilfs2: fix NULL pointer dereference in nilfs_load_super_block()
3181
3182 According to the report from Slicky Devil, nilfs caused kernel oops at
3183 nilfs_load_super_block function during mount after he shrank the
3184 partition without resizing the filesystem:
3185
3186 BUG: unable to handle kernel NULL pointer dereference at 00000048
3187 IP: [<d0d7a08e>] nilfs_load_super_block+0x17e/0x280 [nilfs2]
3188 *pde = 00000000
3189 Oops: 0000 [#1] PREEMPT SMP
3190 ...
3191 Call Trace:
3192 [<d0d7a87b>] init_nilfs+0x4b/0x2e0 [nilfs2]
3193 [<d0d6f707>] nilfs_mount+0x447/0x5b0 [nilfs2]
3194 [<c0226636>] mount_fs+0x36/0x180
3195 [<c023d961>] vfs_kern_mount+0x51/0xa0
3196 [<c023ddae>] do_kern_mount+0x3e/0xe0
3197 [<c023f189>] do_mount+0x169/0x700
3198 [<c023fa9b>] sys_mount+0x6b/0xa0
3199 [<c04abd1f>] sysenter_do_call+0x12/0x28
3200 Code: 53 18 8b 43 20 89 4b 18 8b 4b 24 89 53 1c 89 43 24 89 4b 20 8b 43
3201 20 c7 43 2c 00 00 00 00 23 75 e8 8b 50 68 89 53 28 8b 54 b3 20 <8b> 72
3202 48 8b 7a 4c 8b 55 08 89 b3 84 00 00 00 89 bb 88 00 00 00
3203 EIP: [<d0d7a08e>] nilfs_load_super_block+0x17e/0x280 [nilfs2] SS:ESP 0068:ca9bbdcc
3204 CR2: 0000000000000048
3205
3206 This turned out due to a defect in an error path which runs if the
3207 calculated location of the secondary super block was invalid.
3208
3209 This patch fixes it and eliminates the reported oops.
3210
3211 Reported-by: Slicky Devil <slicky.dvl@gmail.com>
3212 Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
3213 Tested-by: Slicky Devil <slicky.dvl@gmail.com>
3214 Cc: <stable@vger.kernel.org> [2.6.30+]
3215 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
3216 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3217
3218 commit 8067d7f69bf27dc08057a771cf125e71e4575bf2
3219 Author: Haogang Chen <haogangchen@gmail.com>
3220 Date: Fri Mar 16 17:08:38 2012 -0700
3221
3222 nilfs2: clamp ns_r_segments_percentage to [1, 99]
3223
3224 ns_r_segments_percentage is read from the disk. Bogus or malicious
3225 value could cause integer overflow and malfunction due to meaningless
3226 disk usage calculation. This patch reports error when mounting such
3227 bogus volumes.
3228
3229 Signed-off-by: Haogang Chen <haogangchen@gmail.com>
3230 Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
3231 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
3232 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3233
3234 commit e1a90645643f9b0194a5984ec8febd06360d5c8b
3235 Author: Eric Dumazet <eric.dumazet@gmail.com>
3236 Date: Sat Mar 10 09:20:21 2012 +0000
3237
3238 tcp: fix syncookie regression
3239
3240 commit ea4fc0d619 (ipv4: Don't use rt->rt_{src,dst} in ip_queue_xmit())
3241 added a serious regression on synflood handling.
3242
3243 Simon Kirby discovered a successful connection was delayed by 20 seconds
3244 before being responsive.
3245
3246 In my tests, I discovered that xmit frames were lost, and needed ~4
3247 retransmits and a socket dst rebuild before being really sent.
3248
3249 In case of syncookie initiated connection, we use a different path to
3250 initialize the socket dst, and inet->cork.fl.u.ip4 is left cleared.
3251
3252 As ip_queue_xmit() now depends on inet flow being setup, fix this by
3253 copying the temp flowi4 we use in cookie_v4_check().
3254
3255 Reported-by: Simon Kirby <sim@netnation.com>
3256 Bisected-by: Simon Kirby <sim@netnation.com>
3257 Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
3258 Tested-by: Eric Dumazet <eric.dumazet@gmail.com>
3259 Signed-off-by: David S. Miller <davem@davemloft.net>
3260
3261 commit 06c6c8628bf38b08b4d97f4c55cde9fdecfb5d65
3262 Author: Stanislav Kinsbursky <skinsbursky@parallels.com>
3263 Date: Mon Mar 12 02:59:41 2012 +0000
3264
3265 tun: don't hold network namespace by tun sockets
3266
3267 v3: added previously removed sock_put() to the tun_release() callback, because
3268 sk_release_kernel() doesn't drop the socket reference.
3269
3270 v2: sk_release_kernel() used for socket release. Dummy tun_release() is
3271 required for sk_release_kernel() ---> sock_release() ---> sock->ops->release()
3272 call.
3273
3274 TUN was designed to destroy it's socket on network namesapce shutdown. But this
3275 will never happen for persistent device, because it's socket holds network
3276 namespace.
3277 This patch removes of holding network namespace by TUN socket and replaces it
3278 by creating socket in init_net and then changing it's net it to desired one. On
3279 shutdown socket is moved back to init_net prior to final put.
3280
3281 Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
3282 Signed-off-by: David S. Miller <davem@davemloft.net>
3283
3284 commit 46ae7374bd387c58d673a9e58852a9fd31042c5c
3285 Author: Tyler Hicks <tyhicks@canonical.com>
3286 Date: Mon Dec 12 10:02:30 2011 -0600
3287
3288 vfs: Correctly set the dir i_mutex lockdep class
3289
3290 9a7aa12f3911853a introduced additional logic around setting the i_mutex
3291 lockdep class for directory inodes. The idea was that some filesystems
3292 may want their own special lockdep class for different directory
3293 inodes and calling unlock_new_inode() should not clobber one of
3294 those special classes.
3295
3296 I believe that the added conditional, around the *negated* return value
3297 of lockdep_match_class(), caused directory inodes to be placed in the
3298 wrong lockdep class.
3299
3300 inode_init_always() sets the i_mutex lockdep class with i_mutex_key for
3301 all inodes. If the filesystem did not change the class during inode
3302 initialization, then the conditional mentioned above was false and the
3303 directory inode was incorrectly left in the non-directory lockdep class.
3304 If the filesystem did set a special lockdep class, then the conditional
3305 mentioned above was true and that class was clobbered with
3306 i_mutex_dir_key.
3307
3308 This patch removes the negation from the conditional so that the i_mutex
3309 lockdep class is properly set for directory inodes. Special classes are
3310 preserved and directory inodes with unmodified classes are set with
3311 i_mutex_dir_key.
3312
3313 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
3314 Reviewed-by: Jan Kara <jack@suse.cz>
3315 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3316
3317 commit 603590b0d2eca61ce26499eac9c563bc567a18c9
3318 Author: Jan Kara <jack@suse.cz>
3319 Date: Mon Feb 20 17:54:00 2012 +0100
3320
3321 udf: Fix deadlock in udf_release_file()
3322
3323 udf_release_file() can be called from munmap() path with mmap_sem held. Thus
3324 we cannot take i_mutex there because that ranks above mmap_sem. Luckily,
3325 i_mutex is not needed in udf_release_file() anymore since protection by
3326 i_data_sem is enough to protect from races with write and truncate.
3327
3328 Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
3329 Reviewed-by: Namjae Jeon <linkinjeon@gmail.com>
3330 Signed-off-by: Jan Kara <jack@suse.cz>
3331 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3332
3333 commit ca79ab9034f3c2f7e3f65c35e0d9ed3ecea529bf
3334 Author: Miklos Szeredi <mszeredi@suse.cz>
3335 Date: Tue Mar 6 13:56:33 2012 +0100
3336
3337 vfs: fix double put after complete_walk()
3338
3339 complete_walk() already puts nd->path, no need to do it again at cleanup time.
3340
3341 This would result in Oopses if triggered, apparently the codepath is not too
3342 well exercised.
3343
3344 Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
3345 CC: stable@vger.kernel.org
3346 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3347
3348 commit 13885ba2b18400f3ef6540497d30f1af896605e5
3349 Author: Miklos Szeredi <mszeredi@suse.cz>
3350 Date: Tue Mar 6 13:56:34 2012 +0100
3351
3352 vfs: fix return value from do_last()
3353
3354 complete_walk() returns either ECHILD or ESTALE. do_last() turns this into
3355 ECHILD unconditionally. If not in RCU mode, this error will reach userspace
3356 which is complete nonsense.
3357
3358 Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
3359 CC: stable@vger.kernel.org
3360 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3361
3362 Conflicts:
3363
3364 fs/namei.c
3365
3366 commit f5ab7572c99ffb58953eb1070622307e904c3b7f
3367 Author: Al Viro <viro@zeniv.linux.org.uk>
3368 Date: Sat Mar 10 17:07:28 2012 -0500
3369
3370 restore smp_mb() in unlock_new_inode()
3371
3372 wait_on_inode() doesn't have ->i_lock
3373
3374 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3375
3376 commit f3e758cd08e3881982d4b78eb72fe8a1ead6b872
3377 Author: David S. Miller <davem@davemloft.net>
3378 Date: Tue Mar 13 18:19:51 2012 -0700
3379
3380 sparc32: Add -Av8 to assembler command line.
3381
3382 Newer version of binutils are more strict about specifying the
3383 correct options to enable certain classes of instructions.
3384
3385 The sparc32 build is done for v7 in order to support sun4c systems
3386 which lack hardware integer multiply and divide instructions.
3387
3388 So we have to pass -Av8 when building the assembler routines that
3389 use these instructions and get patched into the kernel when we find
3390 out that we have a v8 capable cpu.
3391
3392 Reported-by: Paul Gortmaker <paul.gortmaker@windriver.com>
3393 Signed-off-by: David S. Miller <davem@davemloft.net>
3394
3395 commit 66276ec78b2a971d2e704e5ef963cdc8b6a049a4
3396 Author: Thomas Gleixner <tglx@linutronix.de>
3397 Date: Fri Mar 9 20:55:10 2012 +0100
3398
3399 x86: Derandom delay_tsc for 64 bit
3400
3401 Commit f0fbf0abc093 ("x86: integrate delay functions") converted
3402 delay_tsc() into a random delay generator for 64 bit. The reason is
3403 that it merged the mostly identical versions of delay_32.c and
3404 delay_64.c. Though the subtle difference of the result was:
3405
3406 static void delay_tsc(unsigned long loops)
3407 {
3408 - unsigned bclock, now;
3409 + unsigned long bclock, now;
3410
3411 Now the function uses rdtscl() which returns the lower 32bit of the
3412 TSC. On 32bit that's not problematic as unsigned long is 32bit. On 64
3413 bit this fails when the lower 32bit are close to wrap around when
3414 bclock is read, because the following check
3415
3416 if ((now - bclock) >= loops)
3417 break;
3418
3419 evaluated to true on 64bit for e.g. bclock = 0xffffffff and now = 0
3420 because the unsigned long (now - bclock) of these values results in
3421 0xffffffff00000001 which is definitely larger than the loops
3422 value. That explains Tvortkos observation:
3423
3424 "Because I am seeing udelay(500) (_occasionally_) being short, and
3425 that by delaying for some duration between 0us (yep) and 491us."
3426
3427 Make those variables explicitely u32 again, so this works for both 32
3428 and 64 bit.
3429
3430 Reported-by: Tvrtko Ursulin <tvrtko.ursulin@onelan.co.uk>
3431 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
3432 Cc: stable@vger.kernel.org # >= 2.6.27
3433 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3434
3435 commit 2d0ddb60f5031bdf79b4d51225f9f2d5856255bf
3436 Author: Al Viro <viro@ZenIV.linux.org.uk>
3437 Date: Thu Mar 8 17:51:19 2012 +0000
3438
3439 aio: fix the "too late munmap()" race
3440
3441 Current code has put_ioctx() called asynchronously from aio_fput_routine();
3442 that's done *after* we have killed the request that used to pin ioctx,
3443 so there's nothing to stop io_destroy() waiting in wait_for_all_aios()
3444 from progressing. As the result, we can end up with async call of
3445 put_ioctx() being the last one and possibly happening during exit_mmap()
3446 or elf_core_dump(), neither of which expects stray munmap() being done
3447 to them...
3448
3449 We do need to prevent _freeing_ ioctx until aio_fput_routine() is done
3450 with that, but that's all we care about - neither io_destroy() nor
3451 exit_aio() will progress past wait_for_all_aios() until aio_fput_routine()
3452 does really_put_req(), so the ioctx teardown won't be done until then
3453 and we don't care about the contents of ioctx past that point.
3454
3455 Since actual freeing of these suckers is RCU-delayed, we don't need to
3456 bump ioctx refcount when request goes into list for async removal.
3457 All we need is rcu_read_lock held just over the ->ctx_lock-protected
3458 area in aio_fput_routine().
3459
3460 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3461 Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
3462 Acked-by: Benjamin LaHaise <bcrl@kvack.org>
3463 Cc: stable@vger.kernel.org
3464 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3465
3466 commit 002124c055afbf09b52226af65621999e8316448
3467 Author: Al Viro <viro@ZenIV.linux.org.uk>
3468 Date: Wed Mar 7 05:16:35 2012 +0000
3469
3470 aio: fix io_setup/io_destroy race
3471
3472 Have ioctx_alloc() return an extra reference, so that caller would drop it
3473 on success and not bother with re-grabbing it on failure exit. The current
3474 code is obviously broken - io_destroy() from another thread that managed
3475 to guess the address io_setup() would've returned would free ioctx right
3476 under us; gets especially interesting if aio_context_t * we pass to
3477 io_setup() points to PROT_READ mapping, so put_user() fails and we end
3478 up doing io_destroy() on kioctx another thread has just got freed...
3479
3480 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3481 Acked-by: Benjamin LaHaise <bcrl@kvack.org>
3482 Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
3483 Cc: stable@vger.kernel.org
3484 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3485
3486 commit a1cd2719b8ed8e40dbd98c87713ac23a2169f6d8
3487 Author: Dan Carpenter <dan.carpenter@oracle.com>
3488 Date: Thu Mar 15 15:17:12 2012 -0700
3489
3490 drivers/video/backlight/s6e63m0.c: fix corruption storing gamma mode
3491
3492 strict_strtoul() writes a long but ->gamma_mode only has space to store an
3493 int, so on 64 bit systems we end up scribbling over ->gamma_table_count as
3494 well. I've changed it to use kstrtouint() instead.
3495
3496 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
3497 Acked-by: Inki Dae <inki.dae@samsung.com>
3498 Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
3499 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
3500 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3501
3502 commit cf83f735a5571f4341ee6eab947a1f7d833cea6e
3503 Merge: e4b05b6 eae671f
3504 Author: Brad Spengler <spender@grsecurity.net>
3505 Date: Fri Mar 16 21:04:27 2012 -0400
3506
3507 Merge branch 'pax-test' into grsec-test
3508
3509 Conflicts:
3510 security/Kconfig
3511
3512 commit eae671fafe93f04685c04a089cc13efebc05d600
3513 Author: Brad Spengler <spender@grsecurity.net>
3514 Date: Fri Mar 16 20:58:01 2012 -0400
3515
3516 Update to pax-linux-3.2.11-test31.patch
3517 Introduction of the size_overflow plugin from Emese Revfy
3518 Many thanks to Emese for her hard work :)
3519
3520 commit e4b05b65c645c412eceb9c950ee7b4771627e6b1
3521 Merge: e55aa68 258c015
3522 Author: Brad Spengler <spender@grsecurity.net>
3523 Date: Thu Mar 15 20:59:19 2012 -0400
3524
3525 Merge branch 'pax-test' into grsec-test
3526
3527 commit 258c0159fa6dd5044ca984eeaad57bb6e21bacea
3528 Author: Brad Spengler <spender@grsecurity.net>
3529 Date: Thu Mar 15 20:59:05 2012 -0400
3530
3531 fix ARM compilation
3532
3533 commit e55aa68f4bb20e75cd7423123aa612c2a69590c0
3534 Merge: 8f95ea9 55b7573
3535 Author: Brad Spengler <spender@grsecurity.net>
3536 Date: Wed Mar 14 19:33:41 2012 -0400
3537
3538 Merge branch 'pax-test' into grsec-test
3539
3540 commit 55b7573f6c2f3be26fb39c7bd6a9d742d02811ca
3541 Author: Brad Spengler <spender@grsecurity.net>
3542 Date: Wed Mar 14 19:33:15 2012 -0400
3543
3544 Update to pax-linux-3.2.10-test28.patch
3545
3546 commit 8f95ea9f718c293794a1f6bdd2a5f5f336f7bd64
3547 Merge: c8786a2 886ac5e
3548 Author: Brad Spengler <spender@grsecurity.net>
3549 Date: Tue Mar 13 17:38:13 2012 -0400
3550
3551 Merge branch 'pax-test' into grsec-test
3552
3553 Greets and thanks to snq for his assistance in testing/debugging REFCOUNT on ARM :)
3554
3555 commit 886ac5eeb1835e87cf7398b8aae9e9ba6b36bf77
3556 Author: Brad Spengler <spender@grsecurity.net>
3557 Date: Tue Mar 13 17:37:44 2012 -0400
3558
3559 Update to pax-linux-3.2.10-test26.patch
3560
3561 commit c8786a2abed5e5327f68efa520c04db99bb6a63a
3562 Merge: 219c982 c061fcf
3563 Author: Brad Spengler <spender@grsecurity.net>
3564 Date: Tue Mar 13 17:25:06 2012 -0400
3565
3566 Merge branch 'pax-test' into grsec-test
3567
3568 commit c061fcfa6b78f3774800821144d8ac2d94d7da3e
3569 Merge: 89373d2 3f4b3b2
3570 Author: Brad Spengler <spender@grsecurity.net>
3571 Date: Tue Mar 13 17:25:02 2012 -0400
3572
3573 Merge branch 'linux-3.2.y' into pax-test
3574
3575 commit 219c982a05abe47be4ea7d749e1b408e0cb86f1f
3576 Merge: 54e19a3 89373d2
3577 Author: Brad Spengler <spender@grsecurity.net>
3578 Date: Mon Mar 12 17:23:57 2012 -0400
3579
3580 Merge branch 'pax-test' into grsec-test
3581
3582 commit 89373d2abafb9bda97f78bdb157d1d05cf21e008
3583 Merge: a778588 7459f11
3584 Author: Brad Spengler <spender@grsecurity.net>
3585 Date: Mon Mar 12 17:23:49 2012 -0400
3586
3587 Merge branch 'linux-3.2.y' into pax-test
3588
3589 commit 54e19a3979978fca902b14ae25125f26fbbbc7a7
3590 Merge: c4650f1 a778588
3591 Author: Brad Spengler <spender@grsecurity.net>
3592 Date: Mon Mar 12 16:51:25 2012 -0400
3593
3594 Merge branch 'pax-test' into grsec-test
3595
3596 commit a778588c9d1b75c48c1f09aac98c1b28bd87a749
3597 Author: Brad Spengler <spender@grsecurity.net>
3598 Date: Mon Mar 12 16:51:12 2012 -0400
3599
3600 Update to pax-linux-3.2.9-test24.patch
3601
3602 commit c4650f14b13f84735fe3de06a1f3ff5776473eff
3603 Merge: fb2abee 1015790
3604 Author: Brad Spengler <spender@grsecurity.net>
3605 Date: Sun Mar 11 21:08:28 2012 -0400
3606
3607 Merge branch 'pax-test' into grsec-test
3608
3609 Conflicts:
3610 security/Kconfig
3611
3612 commit 101579028a736c224e590c7e12a7357018c424e1
3613 Author: Brad Spengler <spender@grsecurity.net>
3614 Date: Sun Mar 11 21:07:27 2012 -0400
3615
3616 Update to pax-linux-3.2.9-test22.patch
3617
3618 commit fb2abee4b9b49f5f18342a8cdf7aa3ba2b7c9100
3619 Author: Brad Spengler <spender@grsecurity.net>
3620 Date: Sun Mar 11 11:02:17 2012 -0400
3621
3622 Allow 4096 CPUs
3623
3624 commit 96bae28cbe6a41d48e3b56e5904814096e956000
3625 Author: Brad Spengler <spender@grsecurity.net>
3626 Date: Sun Mar 11 10:25:58 2012 -0400
3627
3628 Use a per-cpu 48-bit counter instead of a global atomic64
3629 Initialize each counter to have the cpu number in the lower 16 bits
3630 instead of incrementing the counter each time by 1, perform the increments
3631 above the cpu number so that wrapping/exhausting the counter doesn't corrupt
3632 any state
3633 idea from PaX Team
3634
3635 commit b975688101da6e966aebb1bc6b8c5c5983974f9c
3636 Author: Brad Spengler <spender@grsecurity.net>
3637 Date: Sat Mar 10 20:33:12 2012 -0500
3638
3639 Special vnsec edition! :)
3640 Further reduce argv/env allowance for suid/sgid apps to 512KB
3641 Clamp suid/sgid stack resource limit to 8MB (preventing compat mmap layout fallback/too large stack gap)
3642 Clear 3GB personality on suid/sgid binaries
3643 Restore 4 bits entropy in the lowest bits of arg/env strings (now 28 bits on x86, 39 bits on x64)
3644 with the main purpose of throwing off program stack -> arg/env alignment
3645 Update documentation
3646
3647 commit e5cfa902c4e891d11dd2086543d2555aa0c27d33
3648 Author: Brad Spengler <spender@grsecurity.net>
3649 Date: Sat Mar 10 19:54:47 2012 -0500
3650
3651 Resolve skbuff.h warnings that turn into errors during compilation in
3652 the grsecurity directory with -Werror
3653
3654 commit 2023210ad43a944033fcacc660ce410888f562ee
3655 Merge: ece4383 5f66adf
3656 Author: Brad Spengler <spender@grsecurity.net>
3657 Date: Fri Mar 9 19:48:01 2012 -0500
3658
3659 Merge branch 'pax-test' into grsec-test
3660
3661 commit 5f66adf72f83730a07bc79a2fab56afed6dbbd0e
3662 Author: Brad Spengler <spender@grsecurity.net>
3663 Date: Fri Mar 9 19:47:06 2012 -0500
3664
3665 Add colorize plugin
3666
3667 commit ece4383e5e91c92d138c4df84225a70b552f4d69
3668 Merge: a366d0e ab4a5a1
3669 Author: Brad Spengler <spender@grsecurity.net>
3670 Date: Fri Mar 9 17:56:46 2012 -0500
3671
3672 Merge branch 'pax-test' into grsec-test
3673
3674 commit ab4a5a1a67289c3585e2ff8aa64ecece7bd17eea
3675 Author: Brad Spengler <spender@grsecurity.net>
3676 Date: Fri Mar 9 17:56:26 2012 -0500
3677
3678 Update to pax-linux-3.2.9-test21.patch
3679
3680 commit a366d0ed963ce93fce10121c1100989d5f064e75
3681 Author: Mikulas Patocka <mpatocka@redhat.com>
3682 Date: Sun Mar 4 19:52:03 2012 -0500
3683
3684 mm: fix find_vma_prev
3685
3686 Commit 6bd4837de96e ("mm: simplify find_vma_prev()") broke memory
3687 management on PA-RISC.
3688
3689 After application of the patch, programs that allocate big arrays on the
3690 stack crash with segfault, for example, this will crash if compiled
3691 without optimization:
3692
3693 int main()
3694 {
3695 char array[200000];
3696 array[199999] = 0;
3697 return 0;
3698 }
3699
3700 The reason is that PA-RISC has up-growing stack and the stack is usually
3701 the last memory area. In the above example, a page fault happens above
3702 the stack.
3703
3704 Previously, if we passed too high address to find_vma_prev, it returned
3705 NULL and stored the last VMA in *pprev. After "simplify find_vma_prev"
3706 change, it stores NULL in *pprev. Consequently, the stack area is not
3707 found and it is not expanded, as it used to be before the change.
3708
3709 This patch restores the old behavior and makes it return the last VMA in
3710 *pprev if the requested address is higher than address of any other VMA.
3711
3712 Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
3713 Acked-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
3714 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3715
3716 commit 9cd8dd4d56051099f11563f72fcd91cd0ce19604
3717 Author: Hugh Dickins <hughd@google.com>
3718 Date: Tue Mar 6 12:28:52 2012 -0800
3719
3720 mmap: EINVAL not ENOMEM when rejecting VM_GROWS
3721
3722 Currently error is -ENOMEM when rejecting VM_GROWSDOWN|VM_GROWSUP
3723 from shared anonymous: hoist the file case's -EINVAL up for both.
3724
3725 Signed-off-by: Hugh Dickins <hughd@google.com>
3726 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3727
3728 commit 97745dce6c87f9d9ca5b4be9bd4c2fc1684ca04c
3729 Author: Al Viro <viro@ZenIV.linux.org.uk>
3730 Date: Mon Mar 5 06:38:42 2012 +0000
3731
3732 aout: move setup_arg_pages() prior to reading/mapping the binary
3733
3734 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3735 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3736
3737 commit 3b20ce55ae8cffee43cb4afdf5be438b5ac4fef0
3738 Author: Jan Beulich <JBeulich@suse.com>
3739 Date: Mon Mar 5 16:49:24 2012 +0000
3740
3741 vsprintf: make %pV handling compatible with kasprintf()
3742
3743 kasprintf() (and potentially other functions that I didn't run across so
3744 far) want to evaluate argument lists twice. Caring to do so for the
3745 primary list is obviously their job, but they can't reasonably be
3746 expected to check the format string for instances of %pV, which however
3747 need special handling too: On architectures like x86-64 (as opposed to
3748 e.g. ix86), using the same argument list twice doesn't produce the
3749 expected results, as an internally managed cursor gets updated during
3750 the first run.
3751
3752 Fix the problem by always acting on a copy of the original list when
3753 handling %pV.
3754
3755 Signed-off-by: Jan Beulich <jbeulich@suse.com>
3756 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3757
3758 commit 4146896ab9674f51d4909f3a52bc7fe80f04e4cb
3759 Author: Al Viro <viro@ZenIV.linux.org.uk>
3760 Date: Mon Mar 5 06:39:47 2012 +0000
3761
3762 VM_GROWS{UP,DOWN} shouldn't be set on shmem VMAs
3763
3764 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3765 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3766
3767 commit a831bd53764695ea680cc1fa3c98759a610ed2ac
3768 Author: Christian König <deathsimple@vodafone.de>
3769 Date: Tue Feb 28 23:19:20 2012 +0100
3770
3771 drm/radeon: fix uninitialized variable
3772
3773 Without this fix the driver randomly treats
3774 textures as arrays and I'm really wondering
3775 why gcc isn't complaining about it.
3776
3777 Signed-off-by: Christian König <deathsimple@vodafone.de>
3778 Reviewed-by: Jerome Glisse <jglisse@redhat.com>
3779 Signed-off-by: Dave Airlie <airlied@redhat.com>
3780
3781 commit aa2cd55f97f3cc03bdd895b6e8ba99619ee69dfc
3782 Author: H. Peter Anvin <hpa@zytor.com>
3783 Date: Fri Mar 2 10:43:48 2012 -0800
3784
3785 regset: Prevent null pointer reference on readonly regsets
3786
3787 The regset common infrastructure assumed that regsets would always
3788 have .get and .set methods, but not necessarily .active methods.
3789 Unfortunately people have since written regsets without .set methods.
3790
3791 Rather than putting in stub functions everywhere, handle regsets with
3792 null .get or .set methods explicitly.
3793
3794 Signed-off-by: H. Peter Anvin <hpa@zytor.com>
3795 Reviewed-by: Oleg Nesterov <oleg@redhat.com>
3796 Acked-by: Roland McGrath <roland@hack.frob.com>
3797 Cc: <stable@vger.kernel.org>
3798 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3799
3800 commit 072ddd99401c79b53c6bf6bff9deb93022124c79
3801 Author: Brad Spengler <spender@grsecurity.net>
3802 Date: Mon Mar 5 18:12:57 2012 -0500
3803
3804 Fix compiler errors reported on forums
3805
3806 commit 1606774b48af24e6f99d99c624c0e447d4b66474
3807 Merge: 3127bd5 4ca2ffd
3808 Author: Brad Spengler <spender@grsecurity.net>
3809 Date: Mon Mar 5 17:31:35 2012 -0500
3810
3811 Merge branch 'pax-test' into grsec-test
3812
3813 commit 4ca2ffd9da024f4ba2d0cb6245ba1b2726169452
3814 Author: Brad Spengler <spender@grsecurity.net>
3815 Date: Mon Mar 5 17:31:21 2012 -0500
3816
3817 Update to pax-linux-3.2.9-test20.patch
3818
3819 commit 3127bd581a292966b1057c7433219dac188c3720
3820 Author: Brad Spengler <spender@grsecurity.net>
3821 Date: Fri Mar 2 21:30:37 2012 -0500
3822
3823 Fix memory leak on logged exec_id check failure in /proc/pid/statm
3824 Thanks to Djalal Harouni for the report
3825
3826 commit d9f1a3be0e97e0632f97379322712d8deeb3ce23
3827 Merge: 0a56be8 9aa8288
3828 Author: Brad Spengler <spender@grsecurity.net>
3829 Date: Fri Mar 2 18:38:22 2012 -0500
3830
3831 Merge branch 'pax-test' into grsec-test
3832
3833 commit 9aa8288a09e6e03ce37c08136b26bff17a093b5c
3834 Author: Brad Spengler <spender@grsecurity.net>
3835 Date: Fri Mar 2 18:37:43 2012 -0500
3836
3837 Update to pax-linux-3.2.9-test19.patch
3838
3839 commit 0a56be884bbd7ce733cac0b879c45383494d73b0
3840 Merge: 9e66745 3f5c52a
3841 Author: Brad Spengler <spender@grsecurity.net>
3842 Date: Thu Mar 1 20:18:01 2012 -0500
3843
3844 Merge branch 'pax-test' into grsec-test
3845
3846 commit 3f5c52aba100b3bb252980f9d363aafde52da1a2
3847 Author: Brad Spengler <spender@grsecurity.net>
3848 Date: Thu Mar 1 20:16:56 2012 -0500
3849
3850 Update to pax-linux-3.2.9-test18.patch
3851
3852 commit ae53ec231d12719a36bf871f8c5841020ed692ee
3853 Merge: b255baf 44fb317
3854 Author: Brad Spengler <spender@grsecurity.net>
3855 Date: Thu Mar 1 20:15:31 2012 -0500
3856
3857 Merge branch 'linux-3.2.y' into pax-test
3858
3859 commit 9e667456c03eadea2f305be761abe4de9a5877a3
3860 Merge: 5e4e200 b255baf
3861 Author: Brad Spengler <spender@grsecurity.net>
3862 Date: Mon Feb 27 20:53:59 2012 -0500
3863
3864 Merge branch 'pax-test' into grsec-test
3865
3866 commit b255baf50365d39b406f43aab2c64745607baaa2
3867 Merge: 340ce90 1de504e
3868 Author: Brad Spengler <spender@grsecurity.net>
3869 Date: Mon Feb 27 20:53:29 2012 -0500
3870
3871 Merge branch 'linux-3.2.y' into pax-test
3872 Update to pax-linux-3.2.8-test17.patch
3873
3874 Conflicts:
3875 arch/x86/include/asm/i387.h
3876 arch/x86/kernel/process_32.c
3877 arch/x86/kernel/traps.c
3878
3879 commit 5e4e200ac530452884b625cb75de240e1e98c731
3880 Merge: 44306d7 340ce90
3881 Author: Brad Spengler <spender@grsecurity.net>
3882 Date: Mon Feb 27 18:02:13 2012 -0500
3883
3884 Merge branch 'pax-test' into grsec-test
3885
3886 commit 340ce90d98a043fa8e4ed9ffc229d4c1f86e2fec
3887 Author: Brad Spengler <spender@grsecurity.net>
3888 Date: Mon Feb 27 18:01:48 2012 -0500
3889
3890 Update to pax-linux-3.2.7-test17.patch
3891
3892 commit 44306d7b3097f77e73040dd25f4f6750751bae7a
3893 Merge: 29d0b07 521c411
3894 Author: Brad Spengler <spender@grsecurity.net>
3895 Date: Sun Feb 26 19:04:15 2012 -0500
3896
3897 Merge branch 'pax-test' into grsec-test
3898
3899 Conflicts:
3900 Makefile
3901
3902 commit 521c411bb4ca66ce01146fde8bac9dd22414076d
3903 Author: Brad Spengler <spender@grsecurity.net>
3904 Date: Sun Feb 26 19:03:33 2012 -0500
3905
3906 Update to pax-linux-3.2.7-test16.patch
3907
3908 commit 29d0b07290bb9a10cdfcc3c30058e16265330dea
3909 Author: Brad Spengler <spender@grsecurity.net>
3910 Date: Sun Feb 26 17:12:44 2012 -0500
3911
3912 fix typo
3913
3914 commit 344f6d84e5d3fdc6ec40a078fc2f5861d340b2ef
3915 Merge: f45b3be caa8f83
3916 Author: Brad Spengler <spender@grsecurity.net>
3917 Date: Sat Feb 25 20:59:27 2012 -0500
3918
3919 Merge branch 'pax-test' into grsec-test
3920
3921 commit caa8f83456c4d0b204beefffaa1d1993f2348d08
3922 Author: Brad Spengler <spender@grsecurity.net>
3923 Date: Sat Feb 25 20:59:12 2012 -0500
3924
3925 Update to pax-linux-3.2.7-test15.patch
3926
3927 commit f45b3be34a345502a302e736af9a65742ddef7cb
3928 Merge: 62f35fd 9f1309b
3929 Author: Brad Spengler <spender@grsecurity.net>
3930 Date: Sat Feb 25 11:40:15 2012 -0500
3931
3932 Merge branch 'pax-test' into grsec-test
3933
3934 commit 9f1309b0b935e3b30fc87a9e3009b84cf943ef47
3935 Author: Brad Spengler <spender@grsecurity.net>
3936 Date: Sat Feb 25 11:39:57 2012 -0500
3937
3938 Update to pax-linux-3.2.7-test14.patch
3939
3940 commit 62f35fdbecc58f2988fe13638d907b87a15776bb
3941 Author: Brad Spengler <spender@grsecurity.net>
3942 Date: Sat Feb 25 09:08:55 2012 -0500
3943
3944 We could log on attempted exploits of writing /proc/self/mem, but the current
3945 log function declares the access a read, so just swap the ordering for now
3946
3947 commit 066ee8f9c26f1549b4ad893508777b549c8d4b79
3948 Author: Brad Spengler <spender@grsecurity.net>
3949 Date: Sat Feb 25 08:46:14 2012 -0500
3950
3951 Log /proc/pid/mem attempts
3952
3953 commit 674471e581893a94d475acac3e3c4496209b3ac9
3954 Author: Brad Spengler <spender@grsecurity.net>
3955 Date: Sat Feb 25 08:15:00 2012 -0500
3956
3957 Make use of f_version for protecting /proc file structs (fine since we're not a directory
3958 or seq_file)
3959
3960 commit eab42cfdd237ffcdd8ec24bedecc275a3a9e987f
3961 Author: Brad Spengler <spender@grsecurity.net>
3962 Date: Fri Feb 24 20:02:19 2012 -0500
3963
3964 Fix ia64 compilation
3965
3966 commit 50dfea412fd395e0183c2ade368efa525d38b267
3967 Merge: 12db845 4c6f99b
3968 Author: Brad Spengler <spender@grsecurity.net>
3969 Date: Fri Feb 24 19:00:53 2012 -0500
3970
3971 Merge branch 'pax-test' into grsec-test
3972
3973 commit 4c6f99bf338e03966356b147d0360cb3b522a44f
3974 Author: Brad Spengler <spender@grsecurity.net>
3975 Date: Fri Feb 24 19:00:36 2012 -0500
3976
3977 (6:57:09 PM) pipacs: but you can be proactive
3978 (Fix other-arch atomic64/REFCOUNT compilation failures)
3979
3980 commit 12db8453f6bb0a756f369c9151668ba1249bc478
3981 Author: Brad Spengler <spender@grsecurity.net>
3982 Date: Thu Feb 23 21:10:12 2012 -0500
3983
3984 Remove unnecessary copies, as suggested by solar
3985
3986 commit cc02cab84368467ea03cb35f861a8a7092d91ab4
3987 Author: Brad Spengler <spender@grsecurity.net>
3988 Date: Thu Feb 23 20:59:35 2012 -0500
3989
3990 Make global_exec_counter static, as suggested by solar
3991
3992 commit e642091a475ebb3a30e81f85e7751233d0c2af43
3993 Author: Brad Spengler <spender@grsecurity.net>
3994 Date: Thu Feb 23 19:00:26 2012 -0500
3995
3996 sync with stable tree
3997
3998 commit 6df09c3d8e371905b7b8fe90c4188f23614c6be5
3999 Author: Brad Spengler <spender@grsecurity.net>
4000 Date: Thu Feb 23 18:48:47 2012 -0500
4001
4002 Remove unneeded gr_acl_handle_fchmod, as the code is shared now by gr_acl_handle_chmod
4003 Remove handling of old kludge in chmod/fchmod
4004
4005 commit 815cb62f2ca7b58efc39778b3a855feb675ab56c
4006 Author: Brad Spengler <spender@grsecurity.net>
4007 Date: Thu Feb 23 18:18:49 2012 -0500
4008
4009 Apply umask checks to chmod/fchmod as well, as requested by sponsor
4010 Union the enforced umask with the existing one to produce minimal privilege
4011 Change umask type to u16
4012
4013 commit 0e7668c6abbdbcd3f7f9759e3994d6f4bc9953f0
4014 Author: Brad Spengler <spender@grsecurity.net>
4015 Date: Wed Feb 22 18:16:11 2012 -0500
4016
4017 Add per-role umask enforcement to RBAC, requested by a sponsor
4018
4019 commit ad5ac943fe58199f1cc475912a39edb157acb77b
4020 Merge: dda0bb5 41722e3
4021 Author: Brad Spengler <spender@grsecurity.net>
4022 Date: Mon Feb 20 20:04:42 2012 -0500
4023
4024 Merge branch 'pax-test' into grsec-test
4025
4026 commit 41722e342e116d95f3d3556d66c97c888d752d39
4027 Author: Brad Spengler <spender@grsecurity.net>
4028 Date: Mon Feb 20 20:04:00 2012 -0500
4029
4030 Merge changes from pax-linux-3.2.7-test12.patch, fixes KVM incompatibility with
4031 KERNEXEC plugin
4032
4033 commit dda0bb57137846a476a866c60db2681aaf6052c0
4034 Merge: 4fd554e d70927a
4035 Author: Brad Spengler <spender@grsecurity.net>
4036 Date: Mon Feb 20 20:01:41 2012 -0500
4037
4038 Merge branch 'pax-test' into grsec-test
4039
4040 commit d70927afec977d489a54c106a3c3ddc32e953050
4041 Merge: 1daebf1 9d0231c
4042 Author: Brad Spengler <spender@grsecurity.net>
4043 Date: Mon Feb 20 20:01:33 2012 -0500
4044
4045 Merge branch 'linux-3.2.y' into pax-test
4046
4047 commit 4fd554e3a097b22c5049fcdc423897477deff5ef
4048 Author: Brad Spengler <spender@grsecurity.net>
4049 Date: Mon Feb 20 09:17:57 2012 -0500
4050
4051 Fix wrong logic on capability checks for switching roles, broke policies
4052 Thanks to Richard Kojedzinszky for reporting
4053
4054 commit 12f97d52ac603f24344f8d71569c412a307e9422
4055 Author: Brad Spengler <spender@grsecurity.net>
4056 Date: Thu Feb 16 21:20:10 2012 -0500
4057
4058 sparc64 compile fix
4059
4060 commit 07af3d8e76a6a47ce1836e5b20ed8c0f879c8201
4061 Author: Brad Spengler <spender@grsecurity.net>
4062 Date: Thu Feb 16 18:38:32 2012 -0500
4063
4064 Update configuration help and name for GRKERNSEC_PROC_MEMMAP
4065
4066 commit 5ced6f8def06c2176b40b5fa07345fc723dc4dcb
4067 Author: Brad Spengler <spender@grsecurity.net>
4068 Date: Thu Feb 16 18:18:01 2012 -0500
4069
4070 optimize the check a bit
4071
4072 commit 03159050f64989be44ae03be769cbed62a7cd2e5
4073 Author: Brad Spengler <spender@grsecurity.net>
4074 Date: Thu Feb 16 18:00:45 2012 -0500
4075
4076 smile VUPEN :D
4077 (limit argv+env to 1MB for suid/sgid binaries)
4078
4079 commit dd759d8800d225a397e4de49fe729c7d601298d2
4080 Author: Brad Spengler <spender@grsecurity.net>
4081 Date: Thu Feb 16 17:49:33 2012 -0500
4082
4083 Address Space Protection -> Memory Protections (suggested on IRC for consistency)
4084
4085 commit 4de635bda8ebfb85312e3bf851bdbff93de400da
4086 Author: Brad Spengler <spender@grsecurity.net>
4087 Date: Thu Feb 16 17:45:06 2012 -0500
4088
4089 Change the long long type for exec_id to the proper u64
4090
4091 commit 4feb07e7cb64b3d0f0f8cca1aef70bc725cae6fa
4092 Author: Dan Carpenter <dan.carpenter@oracle.com>
4093 Date: Thu Feb 9 00:46:47 2012 +0000
4094
4095 isdn: type bug in isdn_net_header()
4096
4097 We use len to store the return value from eth_header(). eth_header()
4098 can return -ETH_HLEN (-14). We want to pass this back instead of
4099 truncating it to 65522 and returning that.
4100
4101 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
4102 Acked-by: Neil Horman <nhorman@tuxdriver.com>
4103 Signed-off-by: David S. Miller <davem@davemloft.net>
4104
4105 commit 134ac8545b47f0f27d550ea6e1edb3a1ed7a9748
4106 Author: Heiko Carstens <heiko.carstens@de.ibm.com>
4107 Date: Sat Feb 4 10:47:10 2012 +0100
4108
4109 exec: fix use-after-free bug in setup_new_exec()
4110
4111 Setting the task name is done within setup_new_exec() by accessing
4112 bprm->filename. However this happens after flush_old_exec().
4113 This may result in a use after free bug, flush_old_exec() may
4114 "complete" vfork_done, which will wake up the parent which in turn
4115 may free the passed in filename.
4116 To fix this add a new tcomm field in struct linux_binprm which
4117 contains the now early generated task name until it is used.
4118
4119 Fixes this bug on s390:
4120
4121 Unable to handle kernel pointer dereference at virtual kernel address 0000000039768000
4122 Process kworker/u:3 (pid: 245, task: 000000003a3dc840, ksp: 0000000039453818)
4123 Krnl PSW : 0704000180000000 0000000000282e94 (setup_new_exec+0xa0/0x374)
4124 Call Trace:
4125 ([<0000000000282e2c>] setup_new_exec+0x38/0x374)
4126 [<00000000002dd12e>] load_elf_binary+0x402/0x1bf4
4127 [<0000000000280a42>] search_binary_handler+0x38e/0x5bc
4128 [<0000000000282b6c>] do_execve_common+0x410/0x514
4129 [<0000000000282cb6>] do_execve+0x46/0x58
4130 [<00000000005bce58>] kernel_execve+0x28/0x70
4131 [<000000000014ba2e>] ____call_usermodehelper+0x102/0x140
4132 [<00000000005bc8da>] kernel_thread_starter+0x6/0xc
4133 [<00000000005bc8d4>] kernel_thread_starter+0x0/0xc
4134 Last Breaking-Event-Address:
4135 [<00000000002830f0>] setup_new_exec+0x2fc/0x374
4136
4137 Kernel panic - not syncing: Fatal exception: panic_on_oops
4138
4139 Reported-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
4140 Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
4141 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4142
4143 commit d758ee9f5230893dabb5aab737b3109684bde196
4144 Author: Dan Carpenter <dan.carpenter@oracle.com>
4145 Date: Fri Feb 10 09:03:58 2012 +0100
4146
4147 relay: prevent integer overflow in relay_open()
4148
4149 "subbuf_size" and "n_subbufs" come from the user and they need to be
4150 capped to prevent an integer overflow.
4151
4152 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
4153 Cc: stable@kernel.org
4154 Signed-off-by: Jens Axboe <axboe@kernel.dk>
4155
4156 commit 40ed7b34848b8e0d7bf9a3fc21a7c75ce1ae507c
4157 Merge: b1baadf 1daebf1
4158 Author: Brad Spengler <spender@grsecurity.net>
4159 Date: Mon Feb 13 17:47:04 2012 -0500
4160
4161 Merge branch 'pax-test' into grsec-test
4162
4163 Conflicts:
4164 fs/proc/base.c
4165
4166 commit 1daebf1d623fe5b0efdd329f78562eb7078bc772
4167 Merge: 1413df2 c2db2e2
4168 Author: Brad Spengler <spender@grsecurity.net>
4169 Date: Mon Feb 13 17:45:54 2012 -0500
4170
4171 Merge branch 'linux-3.2.y' into pax-test
4172
4173 commit b1baadf5047ab67cf61cd20bf58c6afb09c37c7d
4174 Author: Brad Spengler <spender@grsecurity.net>
4175 Date: Sun Feb 12 16:44:05 2012 -0500
4176
4177 add missing declaration
4178
4179 commit 3981059c35e8463002517935c28f3d74b8e3703c
4180 Author: Brad Spengler <spender@grsecurity.net>
4181 Date: Sun Feb 12 16:36:04 2012 -0500
4182
4183 Require CAP_SETUID/CAP_SETGID in a subject in order to change roles
4184 in addition to existing checks (this handles the setresuid ruid = euid case)
4185
4186 commit 0beab03263c773f463412c350ad9064b44b6ede0
4187 Author: Brad Spengler <spender@grsecurity.net>
4188 Date: Sun Feb 12 16:13:40 2012 -0500
4189
4190 Revert setreuid changes when RBAC is enabled, breaks freeradius
4191 I'll fix the learning issue Lavish reported a different way through
4192 gradm modifications
4193
4194 This reverts commit d54ec64b7078f1dcb71b5d8a29e47d4a0f46c111.
4195
4196 commit 0c61cb1cfbbfec7d07647268c922d51434d22621
4197 Author: Brad Spengler <spender@grsecurity.net>
4198 Date: Sat Feb 11 14:22:46 2012 -0500
4199
4200 copy exec_id on fork
4201
4202 commit 000c08e0890630086b2ed04084050ed856a7ec31
4203 Author: Brad Spengler <spender@grsecurity.net>
4204 Date: Fri Feb 10 20:00:36 2012 -0500
4205
4206 compile fix
4207
4208 commit 54b8c8f54484e5ee18040657827158bc4b63bccc
4209 Author: Brad Spengler <spender@grsecurity.net>
4210 Date: Fri Feb 10 19:19:52 2012 -0500
4211
4212 Introduce enhancement to CONFIG_GRKERNSEC_PROC_MEMMAP
4213 denies reading of sensitive /proc/pid entries where the file descriptor
4214 was opened in a different task than the one performing the read
4215
4216 commit dd19579049186e2648b9ae5e42af04cfda7ab2dc
4217 Author: Brad Spengler <spender@grsecurity.net>
4218 Date: Fri Feb 10 17:43:24 2012 -0500
4219
4220 Remove duplicate signal check
4221
4222 commit 6ff60c34155bb73a4eec7bbfe6f59e9d35e1c0c6
4223 Merge: 4eba97e 1413df2
4224 Author: Brad Spengler <spender@grsecurity.net>
4225 Date: Wed Feb 8 19:24:34 2012 -0500
4226
4227 Merge branch 'pax-test' into grsec-test
4228
4229 commit 1413df258d4664d928b876ffb57e1bdc1ccd06f6
4230 Author: Brad Spengler <spender@grsecurity.net>
4231 Date: Wed Feb 8 19:24:08 2012 -0500
4232
4233 Merge changes from pax-linux-3.2.4-test11.patch
4234
4235 commit 4eba97eda7f7d25b7ab6ad5c9de094545e749044
4236 Merge: 0e058dd 8dd90a2
4237 Author: Brad Spengler <spender@grsecurity.net>
4238 Date: Mon Feb 6 17:50:12 2012 -0500
4239
4240 Merge branch 'pax-test' into grsec-test
4241
4242 commit 8dd90a21adfeefd86134d1fedf77b958bc59eaa3
4243 Author: Brad Spengler <spender@grsecurity.net>
4244 Date: Mon Feb 6 17:49:07 2012 -0500
4245
4246 Merge changes from pax-linux-3.2.4-test10.patch, fixes BPF JIT double-free
4247
4248 commit a6b5dfed0937a0eb386b4b519a387f8e8177ffdc
4249 Merge: 7e4169c 6133971
4250 Author: Brad Spengler <spender@grsecurity.net>
4251 Date: Mon Feb 6 17:48:57 2012 -0500
4252
4253 Merge branch 'linux-3.2.y' into pax-test
4254
4255 commit 0e058dd6d14e0c67c44dd332a871f1fe1bb06095
4256 Author: Brad Spengler <spender@grsecurity.net>
4257 Date: Sun Feb 5 19:24:45 2012 -0500
4258
4259 We now allow configurations with no PaX markings, giving the system no way to override the defaults
4260
4261 commit 9afb0110287e31c3c56d861b4927f64f8dbd7857
4262 Author: Brad Spengler <spender@grsecurity.net>
4263 Date: Sun Feb 5 10:01:23 2012 -0500
4264
4265 Increase the buffer size of logged TPE reason, otherwise we could truncate the "y" in directory
4266
4267 commit a6a0ad24a5f7bef90236d94c1bdfe21d291fc834
4268 Author: Brad Spengler <spender@grsecurity.net>
4269 Date: Sat Feb 4 21:01:16 2012 -0500
4270
4271 Improve security of ptrace-based monitoring/sandboxing
4272 See:
4273 http://article.gmane.org/gmane.linux.kernel.lsm/15156
4274
4275 commit ca4ca5a1027b41f9528794e52a53ce9c47926101
4276 Author: Brad Spengler <spender@grsecurity.net>
4277 Date: Fri Feb 3 20:42:55 2012 -0500
4278
4279 fix typo
4280
4281 commit d54ec64b7078f1dcb71b5d8a29e47d4a0f46c111
4282 Author: Brad Spengler <spender@grsecurity.net>
4283 Date: Fri Feb 3 20:25:38 2012 -0500
4284
4285 Reported by lavish on IRC:
4286 If a suid/sgid binary did not learn any setuid/setgid call during learning,
4287 we would not any CAP_SETUID/CAP_SETGID capability to the task, nor
4288 any restrictions on uid/gid changes. uid and gid can however be changed
4289 within a suid/sgid binary via setresuid/setresgid with ruid/rgid set to
4290 euid/egid.
4291
4292 My fix:
4293 POSIX doesn't specify whether unprivileged users can perform the above
4294 setresuid/setresgid as an unprivileged user, though Linux has historically
4295 permitted them. Modify this behavior when RBAC is enabled to require
4296 CAP_SETUID/CAP_SETGID for these operations.
4297
4298 Thanks to Lavish for the report!
4299
4300 Conflicts:
4301
4302 kernel/sys.c
4303
4304 commit e55be1f30908f1ad4450cb0558cde71ff5c7247f
4305 Merge: ba586eb 7e4169c
4306 Author: Brad Spengler <spender@grsecurity.net>
4307 Date: Fri Feb 3 20:10:21 2012 -0500
4308
4309 Merge branch 'pax-test' into grsec-test
4310
4311 commit 7e4169c6c880ec9641f1178c88545913c8a21e1f
4312 Author: Brad Spengler <spender@grsecurity.net>
4313 Date: Fri Feb 3 20:10:05 2012 -0500
4314
4315 Merge changes from pax-linux-3.2.4-test9.patch
4316
4317 commit ba586ebbcd0ed781e38a99c580a757a00347c6eb
4318 Author: Christopher Yeoh <cyeoh@au1.ibm.com>
4319 Date: Thu Feb 2 11:34:09 2012 +1030
4320
4321 Fix race in process_vm_rw_core
4322
4323 This fixes the race in process_vm_core found by Oleg (see
4324
4325 http://article.gmane.org/gmane.linux.kernel/1235667/
4326
4327 for details).
4328
4329 This has been updated since I last sent it as the creation of the new
4330 mm_access() function did almost exactly the same thing as parts of the
4331 previous version of this patch did.
4332
4333 In order to use mm_access() even when /proc isn't enabled, we move it to
4334 kernel/fork.c where other related process mm access functions already
4335 are.
4336
4337 Signed-off-by: Chris Yeoh <yeohc@au1.ibm.com>
4338 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4339
4340 Conflicts:
4341
4342 fs/proc/base.c
4343 mm/process_vm_access.c
4344
4345 commit b9194d60fb9fe579f5c34817ed822abde18939a0
4346 Author: Oleg Nesterov <oleg@redhat.com>
4347 Date: Tue Jan 31 17:15:11 2012 +0100
4348
4349 proc: make sure mem_open() doesn't pin the target's memory
4350
4351 Once /proc/pid/mem is opened, the memory can't be released until
4352 mem_release() even if its owner exits.
4353
4354 Change mem_open() to do atomic_inc(mm_count) + mmput(), this only
4355 pins mm_struct. Change mem_rw() to do atomic_inc_not_zero(mm_count)
4356 before access_remote_vm(), this verifies that this mm is still alive.
4357
4358 I am not sure what should mem_rw() return if atomic_inc_not_zero()
4359 fails. With this patch it returns zero to match the "mm == NULL" case,
4360 may be it should return -EINVAL like it did before e268337d.
4361
4362 Perhaps it makes sense to add the additional fatal_signal_pending()
4363 check into the main loop, to ensure we do not hold this memory if
4364 the target task was oom-killed.
4365
4366 Cc: stable@kernel.org
4367 Signed-off-by: Oleg Nesterov <oleg@redhat.com>
4368 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4369
4370 commit d4500134f9363bc79556e0e7a1fd811cd8552cc4
4371 Author: Oleg Nesterov <oleg@redhat.com>
4372 Date: Tue Jan 31 17:14:38 2012 +0100
4373
4374 proc: mem_release() should check mm != NULL
4375
4376 mem_release() can hit mm == NULL, add the necessary check.
4377
4378 Cc: stable@kernel.org
4379 Signed-off-by: Oleg Nesterov <oleg@redhat.com>
4380 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4381
4382 commit 5d1c11221a86f233fdbb232312a561f85d0a3a05
4383 Author: Oleg Nesterov <oleg@redhat.com>
4384 Date: Tue Jan 31 17:14:54 2012 +0100
4385
4386 note: redisabled mem_write
4387
4388 proc: unify mem_read() and mem_write()
4389
4390 No functional changes, cleanup and preparation.
4391
4392 mem_read() and mem_write() are very similar. Move this code into the
4393 new common helper, mem_rw(), which takes the additional "int write"
4394 argument.
4395
4396 Cc: stable@kernel.org
4397 Signed-off-by: Oleg Nesterov <oleg@redhat.com>
4398 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4399
4400 Conflicts:
4401
4402 fs/proc/base.c
4403
4404 commit af966b421d9f55ab7e1a8b2741beba44b22bc2e0
4405 Merge: 3903f01 01fee18
4406 Author: Brad Spengler <spender@grsecurity.net>
4407 Date: Fri Feb 3 19:50:40 2012 -0500
4408
4409 Merge branch 'pax-test' into grsec-test
4410
4411 commit 01fee1851aef26b898ccba5312cabf1f919b74cb
4412 Author: Brad Spengler <spender@grsecurity.net>
4413 Date: Fri Feb 3 19:49:46 2012 -0500
4414
4415 Merge changes from pax-linux-3.2.4-test8.patch
4416
4417 commit c2490ddbfc3f5dd664dd0e1b8575856c3be01879
4418 Merge: 201c0db 141936c
4419 Author: Brad Spengler <spender@grsecurity.net>
4420 Date: Fri Feb 3 19:49:01 2012 -0500
4421
4422 Merge branch 'linux-3.2.y' into pax-test
4423
4424 commit 3903f0172ecadf7a575ba3535402a1506133640a
4425 Author: Brad Spengler <spender@grsecurity.net>
4426 Date: Mon Jan 30 23:26:44 2012 -0500
4427
4428 Implement new version of CONFIG_GRKERNSEC_SYSFS_RESTRICT
4429
4430 We'll whitelist required directories for compatibility instead of requiring
4431 that people disable the feature entirely if they use SELinux, fuse, etc
4432
4433 Conflicts:
4434
4435 fs/sysfs/mount.c
4436
4437 commit e3618feaa7e63807f1b88c199882075b3ec9bd05
4438 Author: Brad Spengler <spender@grsecurity.net>
4439 Date: Sun Jan 29 01:12:19 2012 -0500
4440
4441 perform RBAC check if TPE is on but match fails, matches previous behavior
4442
4443 commit 627b7fe22799a86e2f81a74f0e0c53474bec3100
4444 Author: Brad Spengler <spender@grsecurity.net>
4445 Date: Sat Jan 28 13:17:06 2012 -0500
4446
4447 log more information about the reason for a TPE denial for novice users, requested by a sponsor
4448
4449 commit efefd67008cbad8a8591e2484410966a300a39a5
4450 Author: Brad Spengler <spender@grsecurity.net>
4451 Date: Fri Jan 27 19:58:53 2012 -0500
4452
4453 merge upstream sha512 changes
4454
4455 commit 8a79280377db78fb2091fe01eddb9e24f75d9fe1
4456 Author: Brad Spengler <spender@grsecurity.net>
4457 Date: Fri Jan 27 19:49:07 2012 -0500
4458
4459 drop lock on error in xfs_readlink
4460
4461 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=aaad641eadfd3e74b0fbb68fcf539b9cef0415d0
4462
4463 commit aa5f2f63e37f426bf2211c5fb8f7bc70de14f08a
4464 Author: Li Wang <liwang@nudt.edu.cn>
4465 Date: Thu Jan 19 09:44:36 2012 +0800
4466
4467 eCryptfs: Infinite loop due to overflow in ecryptfs_write()
4468
4469 ecryptfs_write() can enter an infinite loop when truncating a file to a
4470 size larger than 4G. This only happens on architectures where size_t is
4471 represented by 32 bits.
4472
4473 This was caused by a size_t overflow due to it incorrectly being used to
4474 store the result of a calculation which uses potentially large values of
4475 type loff_t.
4476
4477 [tyhicks@canonical.com: rewrite subject and commit message]
4478 Signed-off-by: Li Wang <liwang@nudt.edu.cn>
4479 Signed-off-by: Yunchuan Wen <wenyunchuan@kylinos.com.cn>
4480 Reviewed-by: Cong Wang <xiyou.wangcong@gmail.com>
4481 Cc: <stable@vger.kernel.org>
4482 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
4483
4484 commit a7607747d0f74f357d78bb796d70635dd05f46e8
4485 Author: Tyler Hicks <tyhicks@canonical.com>
4486 Date: Thu Jan 19 20:33:44 2012 -0600
4487
4488 eCryptfs: Check inode changes in setattr
4489
4490 Most filesystems call inode_change_ok() very early in ->setattr(), but
4491 eCryptfs didn't call it at all. It allowed the lower filesystem to make
4492 the call in its ->setattr() function. Then, eCryptfs would copy the
4493 appropriate inode attributes from the lower inode to the eCryptfs inode.
4494
4495 This patch changes that and actually calls inode_change_ok() on the
4496 eCryptfs inode, fairly early in ecryptfs_setattr(). Ideally, the call
4497 would happen earlier in ecryptfs_setattr(), but there are some possible
4498 inode initialization steps that must happen first.
4499
4500 Since the call was already being made on the lower inode, the change in
4501 functionality should be minimal, except for the case of a file extending
4502 truncate call. In that case, inode_newsize_ok() was never being
4503 called on the eCryptfs inode. Rather than inode_newsize_ok() catching
4504 maximum file size errors early on, eCryptfs would encrypt zeroed pages
4505 and write them to the lower filesystem until the lower filesystem's
4506 write path caught the error in generic_write_checks(). This patch
4507 introduces a new function, called ecryptfs_inode_newsize_ok(), which
4508 checks if the new lower file size is within the appropriate limits when
4509 the truncate operation will be growing the lower file.
4510
4511 In summary this change prevents eCryptfs truncate operations (and the
4512 resulting page encryptions), which would exceed the lower filesystem
4513 limits or FSIZE rlimits, from ever starting.
4514
4515 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
4516 Reviewed-by: Li Wang <liwang@nudt.edu.cn>
4517 Cc: <stable@vger.kernel.org>
4518
4519 commit 0d96f190a39505254ace4e9330219aaeda9b64e3
4520 Author: Tyler Hicks <tyhicks@canonical.com>
4521 Date: Wed Jan 18 18:30:04 2012 -0600
4522
4523 eCryptfs: Make truncate path killable
4524
4525 ecryptfs_write() handles the truncation of eCryptfs inodes. It grabs a
4526 page, zeroes out the appropriate portions, and then encrypts the page
4527 before writing it to the lower filesystem. It was unkillable and due to
4528 the lack of sparse file support could result in tying up a large portion
4529 of system resources, while encrypting pages of zeros, with no way for
4530 the truncate operation to be stopped from userspace.
4531
4532 This patch adds the ability for ecryptfs_write() to detect a pending
4533 fatal signal and return as gracefully as possible. The intent is to
4534 leave the lower file in a useable state, while still allowing a user to
4535 break out of the encryption loop. If a pending fatal signal is detected,
4536 the eCryptfs inode size is updated to reflect the modified inode size
4537 and then -EINTR is returned.
4538
4539 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
4540 Cc: <stable@vger.kernel.org>
4541
4542 commit a02d0d2516b9e92edffeb8fca87462bca49c1f6f
4543 Author: Tyler Hicks <tyhicks@canonical.com>
4544 Date: Tue Jan 24 10:02:22 2012 -0600
4545
4546 eCryptfs: Fix oops when printing debug info in extent crypto functions
4547
4548 If pages passed to the eCryptfs extent-based crypto functions are not
4549 mapped and the module parameter ecryptfs_verbosity=1 was specified at
4550 loading time, a NULL pointer dereference will occur.
4551
4552 Note that this wouldn't happen on a production system, as you wouldn't
4553 pass ecryptfs_verbosity=1 on a production system. It leaks private
4554 information to the system logs and is for debugging only.
4555
4556 The debugging info printed in these messages is no longer very useful
4557 and rather than doing a kmap() in these debugging paths, it will be
4558 better to simply remove the debugging paths completely.
4559
4560 https://launchpad.net/bugs/913651
4561
4562 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
4563 Reported-by: Daniel DeFreez
4564 Cc: <stable@vger.kernel.org>
4565
4566 commit b1c44d3054dc7f293b2e0a98c0e9e5e03e01f04c
4567 Author: Tyler Hicks <tyhicks@canonical.com>
4568 Date: Thu Jan 12 11:30:44 2012 +0100
4569
4570 eCryptfs: Sanitize write counts of /dev/ecryptfs
4571
4572 A malicious count value specified when writing to /dev/ecryptfs may
4573 result in a a very large kernel memory allocation.
4574
4575 This patch peeks at the specified packet payload size, adds that to the
4576 size of the packet headers and compares the result with the write count
4577 value. The resulting maximum memory allocation size is approximately 532
4578 bytes.
4579
4580 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
4581 Reported-by: Sasha Levin <levinsasha928@gmail.com>
4582 Cc: <stable@vger.kernel.org>
4583
4584 commit 96dcb7282d323813181a1791f51c0ab7696b675b
4585 Merge: 6c09fa5 201c0db
4586 Author: Brad Spengler <spender@grsecurity.net>
4587 Date: Fri Jan 27 19:44:15 2012 -0500
4588
4589 Merge branch 'pax-test' into grsec-test
4590
4591 commit 201c0dbf177527367676028151e36d340923f033
4592 Author: Brad Spengler <spender@grsecurity.net>
4593 Date: Fri Jan 27 19:43:24 2012 -0500
4594
4595 Merge changes from pax-linux-3.2.2-test6.patch, fixes 0 order vmalloc allocation errors
4596 on loading modules with empty sections
4597
4598 commit 6c09fa566a7c29f00556ca12f343f2db91c4f42b
4599 Author: Brad Spengler <spender@grsecurity.net>
4600 Date: Fri Jan 27 19:42:13 2012 -0500
4601
4602 compile fix
4603
4604 commit 917ae526b4fcec2b3e1afefa13de9dff7d8a5423
4605 Author: Brad Spengler <spender@grsecurity.net>
4606 Date: Fri Jan 27 19:39:28 2012 -0500
4607
4608 use LSM flags instead of duplicating checks
4609
4610 commit 0cf3be2ea2ae43c9dd4933fb26c0429041b8acb8
4611 Merge: 44b9f11 558718b
4612 Author: Brad Spengler <spender@grsecurity.net>
4613 Date: Fri Jan 27 18:56:23 2012 -0500
4614
4615 Merge branch 'pax-test' into grsec-test
4616
4617 commit 558718b2217beff69edf60f34a6f9893d910e9ac
4618 Author: Brad Spengler <spender@grsecurity.net>
4619 Date: Fri Jan 27 18:56:04 2012 -0500
4620
4621 Merge changes from pax-linux-3.2.2-test6.patch
4622
4623 commit 44b9f1132b2de7cbf5f57525fe0f7f9fb0a76507
4624 Author: Brad Spengler <spender@grsecurity.net>
4625 Date: Fri Jan 27 18:53:55 2012 -0500
4626
4627 don't increase the size of task_struct when unnecessary
4628 change ptrace_readexec log message
4629
4630 commit a9c9626e054adb885883aa64f85506852894dd33
4631 Author: Brad Spengler <spender@grsecurity.net>
4632 Date: Fri Jan 27 18:16:28 2012 -0500
4633
4634 Update documentation for CONFIG_GRKERNSEC_PTRACE_READEXEC --
4635 the protection applies to all unreadable binaries.
4636
4637 commit 98fdf4ab69eba7a72efb2054295daafdbbc2fb8f
4638 Merge: 7b3f3af 05a1349
4639 Author: Brad Spengler <spender@grsecurity.net>
4640 Date: Wed Jan 25 20:52:09 2012 -0500
4641
4642 Merge branch 'pax-test' into grsec-test
4643
4644 Conflicts:
4645 block/scsi_ioctl.c
4646 drivers/scsi/sd.c
4647 fs/proc/base.c
4648
4649 commit 05a134966efb9cb9346ad3422888969ffc79ac1d
4650 Author: Brad Spengler <spender@grsecurity.net>
4651 Date: Wed Jan 25 20:47:36 2012 -0500
4652
4653 Resync with pax-linux-3.2.2-test5.patch
4654
4655 commit 5ecaafd81b229aeeb5656df36f9c8da86307f82a
4656 Merge: c6d443d 3499d64
4657 Author: Brad Spengler <spender@grsecurity.net>
4658 Date: Wed Jan 25 20:45:16 2012 -0500
4659
4660 Merge branch 'linux-3.2.y' into pax-test (and pax-linux-3.2.2-test5.patch)
4661
4662 Conflicts:
4663 ipc/shm.c
4664
4665 commit 7b3f3afd7444613c759d68ff8c2efaebfae3bab1
4666 Author: Brad Spengler <spender@grsecurity.net>
4667 Date: Tue Jan 24 19:42:01 2012 -0500
4668
4669 Add two new features, one is automatic by enabling CONFIG_GRKERNSEC
4670 (may be changed if it breaks some userland), the other has its own
4671 config option
4672
4673 First feature requires CAP_SYS_ADMIN to write to any sysctl entry via
4674 the syscall or /proc/sys.
4675
4676 Second feature requires read access to a suid/sgid binary in order
4677 to ptrace it, preventing infoleaking of binaries in situations where
4678 the admin has specified 4711 or 2711 perms. Feature has been
4679 given the config option CONFIG_GRKERNSEC_PTRACE_READEXEC and
4680 a sysctl entry of ptrace_readexec
4681
4682 commit 11a7bb25c411c9dccfdca5718639b4becdffd388
4683 Author: Brad Spengler <spender@grsecurity.net>
4684 Date: Sun Jan 22 14:37:10 2012 -0500
4685
4686 Compilation fixes
4687
4688 commit cd400e21c7c352baba47d6f375297a7847afb33a
4689 Author: Brad Spengler <spender@grsecurity.net>
4690 Date: Sun Jan 22 14:20:27 2012 -0500
4691
4692 Initial port of grsecurity 2.2.2 for Linux 3.2.1
4693 Note that the new syscalls added to this kernel for remote process read/write
4694 are subject to ptrace hardening/other relevant RBAC features
4695 /proc/slabinfo is S_IRUSR via mainline now, so I made slab_allocators S_IRUSR by default
4696 as well
4697 pax_track_stack has been removed from support for this kernel -- if you're running this kernel
4698 you should be using a version of gcc with plugin support
4699
4700 commit c6d443d1270f455c56a4ffe0f1dd3d3e7ec12a2f
4701 Author: Brad Spengler <spender@grsecurity.net>
4702 Date: Sun Jan 22 11:47:31 2012 -0500
4703
4704 Import pax-linux-3.2.1-test5.patch
4705 commit bfd7db842f835f9837cd43644459b3a95b0b488d
4706 Author: Brad Spengler <spender@grsecurity.net>
4707 Date: Sun Jan 22 11:02:02 2012 -0500
4708
4709 Allow processes to access others' /proc/pid/maps files (subject to the normal modification of data)
4710 instead of returning -EACCES
4711 thanks to Wraith from irc for the report
4712
4713 commit 873ac13576506cd48ddb527c2540f274e249da50
4714 Merge: 34083dd 8a44fcc
4715 Author: Brad Spengler <spender@grsecurity.net>
4716 Date: Fri Jan 20 18:04:02 2012 -0500
4717
4718 Merge branch 'pax-test' into grsec-test
4719
4720 commit 8a44fcc90cf3368003dc84e1ed013b2e4248c9b2
4721 Author: Brad Spengler <spender@grsecurity.net>
4722 Date: Fri Jan 20 18:02:15 2012 -0500
4723
4724 Merge the diff between pax-linux-3.2.1-test4.patch and pax-linux-3.2.1-test5.patch
4725 Denies executable shared memory when MPROTECT is active
4726 Fixes ia32 emulation crash on 64bit host introduced in a recent patch
4727
4728 commit 34083ddf5c0b2b1c0f5e9f7d9e32ddcba223446b
4729 Author: Brad Spengler <spender@grsecurity.net>
4730 Date: Thu Jan 19 20:23:14 2012 -0500
4731
4732 Introduce new GRKERNSEC_SETXID implementation
4733 We're not able to change the credentials of other threads in the process until at most
4734 one syscall after the first thread does it, since we mark the threads as needing rescheduling
4735 and such work occurs on syscall exit.
4736 This does however ensure that we're only modifying the current task's credentials
4737 which upholds RCU expectations
4738
4739 Many thanks to corsac for testing
4740
4741 commit 5f900ad54d3992a4e1cda88273acc2f897a42e71
4742 Author: Brad Spengler <spender@grsecurity.net>
4743 Date: Thu Jan 19 17:42:48 2012 -0500
4744
4745 Simplify backport
4746
4747 commit f02e444f7b2fb286f99d3b4031ff4e44a4606c37
4748 Author: Brad Spengler <spender@grsecurity.net>
4749 Date: Thu Jan 19 17:08:16 2012 -0500
4750
4751 Commit the latest silent fix for a local privilege escalation from Linus
4752 Also disable writing to /proc/pid/mem
4753 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e268337dfe26dfc7efd422a804dbb27977a3cccc
4754
4755 commit 814d38c72b1ee3338294576a05af4f6ca9cffa6c
4756 Merge: 0394a3f 7e6299b
4757 Author: Brad Spengler <spender@grsecurity.net>
4758 Date: Wed Jan 18 20:22:09 2012 -0500
4759
4760 Merge branch 'pax-test' into grsec-test
4761
4762 commit 7e6299b4733c082dde930375dd207b63237751ec
4763 Merge: 83555fb 9bb1282
4764 Author: Brad Spengler <spender@grsecurity.net>
4765 Date: Wed Jan 18 20:21:37 2012 -0500
4766
4767 Merge branch 'linux-3.1.y' into pax-test
4768
4769 commit 0394a3f36c6195dcaf22e265c94d11bb7338c6f7
4770 Author: Jesper Juhl <jj@chaosbits.net>
4771 Date: Sun Jan 8 22:44:29 2012 +0100
4772
4773 audit: always follow va_copy() with va_end()
4774
4775 A call to va_copy() should always be followed by a call to va_end() in
4776 the same function. In kernel/autit.c::audit_log_vformat() this is not
4777 always done. This patch makes sure va_end() is always called.
4778
4779 Signed-off-by: Jesper Juhl <jj@chaosbits.net>
4780 Cc: Al Viro <viro@zeniv.linux.org.uk>
4781 Cc: Eric Paris <eparis@redhat.com>
4782 Cc: Andrew Morton <akpm@linux-foundation.org>
4783 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4784
4785 commit fcbb39319e88bfdf70efe3931cf80a9f23b1a4d9
4786 Author: Andi Kleen <ak@linux.intel.com>
4787 Date: Thu Jan 12 17:20:30 2012 -0800
4788
4789 panic: don't print redundant backtraces on oops
4790
4791 When an oops causes a panic and panic prints another backtrace it's pretty
4792 common to have the original oops data be scrolled away on a 80x50 screen.
4793
4794 The second backtrace is quite redundant and not needed anyways.
4795
4796 So don't print the panic backtrace when oops_in_progress is true.
4797
4798 [akpm@linux-foundation.org: add comment]
4799 Signed-off-by: Andi Kleen <ak@linux.intel.com>
4800 Cc: Michael Holzheu <holzheu@linux.vnet.ibm.com>
4801 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
4802 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4803
4804 commit 22e4717d04333e2aff6d5d1b2c1b16045f367a1f
4805 Author: Miklos Szeredi <mszeredi@suse.cz>
4806 Date: Thu Jan 12 17:59:46 2012 +0100
4807
4808 fsnotify: don't BUG in fsnotify_destroy_mark()
4809
4810 Removing the parent of a watched file results in "kernel BUG at
4811 fs/notify/mark.c:139".
4812
4813 To reproduce
4814
4815 add "-w /tmp/audit/dir/watched_file" to audit.rules
4816 rm -rf /tmp/audit/dir
4817
4818 This is caused by fsnotify_destroy_mark() being called without an
4819 extra reference taken by the caller.
4820
4821 Reported by Francesco Cosoleto here:
4822
4823 https://bugzilla.novell.com/show_bug.cgi?id=689860
4824
4825 Fix by removing the BUG_ON and adding a comment about not accessing mark after
4826 the iput.
4827
4828 Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
4829 CC: stable@vger.kernel.org
4830 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4831
4832 commit 1a90cff66ed00cd57bf00a990d13e95060fa362c
4833 Author: Paolo Bonzini <pbonzini@redhat.com>
4834 Date: Thu Jan 12 16:01:28 2012 +0100
4835
4836 block: fail SCSI passthrough ioctls on partition devices
4837
4838 Linux allows executing the SG_IO ioctl on a partition or LVM volume, and
4839 will pass the command to the underlying block device. This is
4840 well-known, but it is also a large security problem when (via Unix
4841 permissions, ACLs, SELinux or a combination thereof) a program or user
4842 needs to be granted access only to part of the disk.
4843
4844 This patch lets partitions forward a small set of harmless ioctls;
4845 others are logged with printk so that we can see which ioctls are
4846 actually sent. In my tests only CDROM_GET_CAPABILITY actually occurred.
4847 Of course it was being sent to a (partition on a) hard disk, so it would
4848 have failed with ENOTTY and the patch isn't changing anything in
4849 practice. Still, I'm treating it specially to avoid spamming the logs.
4850
4851 In principle, this restriction should include programs running with
4852 CAP_SYS_RAWIO. If for example I let a program access /dev/sda2 and
4853 /dev/sdb, it still should not be able to read/write outside the
4854 boundaries of /dev/sda2 independent of the capabilities. However, for
4855 now programs with CAP_SYS_RAWIO will still be allowed to send the
4856 ioctls. Their actions will still be logged.
4857
4858 This patch does not affect the non-libata IDE driver. That driver
4859 however already tests for bd != bd->bd_contains before issuing some
4860 ioctl; it could be restricted further to forbid these ioctls even for
4861 programs running with CAP_SYS_ADMIN/CAP_SYS_RAWIO.
4862
4863 Cc: linux-scsi@vger.kernel.org
4864 Cc: Jens Axboe <axboe@kernel.dk>
4865 Cc: James Bottomley <JBottomley@parallels.com>
4866 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4867 [ Make it also print the command name when warning - Linus ]
4868 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4869
4870 commit b41a1178caa15bd7d6d5b36c04c7b1ead05717e2
4871 Author: Paolo Bonzini <pbonzini@redhat.com>
4872 Date: Thu Jan 12 16:01:27 2012 +0100
4873
4874 block: add and use scsi_blk_cmd_ioctl
4875
4876 Introduce a wrapper around scsi_cmd_ioctl that takes a block device.
4877
4878 The function will then be enhanced to detect partition block devices
4879 and, in that case, subject the ioctls to whitelisting.
4880
4881 Cc: linux-scsi@vger.kernel.org
4882 Cc: Jens Axboe <axboe@kernel.dk>
4883 Cc: James Bottomley <JBottomley@parallels.com>
4884 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4885 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4886
4887 commit 97a79814903fc350e1d13704ea31528a42705401
4888 Author: Kees Cook <keescook@chromium.org>
4889 Date: Sat Jan 7 10:41:04 2012 -0800
4890
4891 audit: treat s_id as an untrusted string
4892
4893 The use of s_id should go through the untrusted string path, just to be
4894 extra careful.
4895
4896 Signed-off-by: Kees Cook <keescook@chromium.org>
4897 Acked-by: Mimi Zohar <zohar@us.ibm.com>
4898 Signed-off-by: Eric Paris <eparis@redhat.com>
4899
4900 commit 2d3f39e9dd73f26a8248fd4442f110d983c5b419
4901 Author: Xi Wang <xi.wang@gmail.com>
4902 Date: Tue Dec 20 18:39:41 2011 -0500
4903
4904 audit: fix signedness bug in audit_log_execve_info()
4905
4906 In the loop, a size_t "len" is used to hold the return value of
4907 audit_log_single_execve_arg(), which returns -1 on error. In that
4908 case the error handling (len <= 0) will be bypassed since "len" is
4909 unsigned, and the loop continues with (p += len) being wrapped.
4910 Change the type of "len" to signed int to fix the error handling.
4911
4912 size_t len;
4913 ...
4914 for (...) {
4915 len = audit_log_single_execve_arg(...);
4916 if (len <= 0)
4917 break;
4918 p += len;
4919 }
4920
4921 Signed-off-by: Xi Wang <xi.wang@gmail.com>
4922 Signed-off-by: Eric Paris <eparis@redhat.com>
4923
4924 commit 1b3dc2ea3204fb22b9d0d30b2b7953991f5be594
4925 Author: Dan Carpenter <dan.carpenter@oracle.com>
4926 Date: Tue Jan 17 03:28:51 2012 -0300
4927
4928 [media] ds3000: using logical && instead of bitwise &
4929
4930 The intent here was to test if the FE_HAS_LOCK was set. The current
4931 test is equivalent to "if (status) { ..."
4932
4933 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
4934 Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
4935
4936 commit 36522330dc59d2fc70c042f3f081d75c32b6259a
4937 Author: Brad Spengler <spender@grsecurity.net>
4938 Date: Mon Jan 16 13:10:38 2012 -0500
4939
4940 Ignore the 0 signal for protected task RBAC checks
4941
4942 commit d513acd55f7a683f6e146a4f570cdb63300479ab
4943 Author: Brad Spengler <spender@grsecurity.net>
4944 Date: Mon Jan 16 11:56:13 2012 -0500
4945
4946 whitespace cleanup
4947
4948 commit ced261c4b82818c700aff8487f647f6f3e5b5122
4949 Merge: d48751f 83555fb
4950 Author: Brad Spengler <spender@grsecurity.net>
4951 Date: Fri Jan 13 20:12:54 2012 -0500
4952
4953 Merge branch 'pax-test' into grsec-test
4954
4955 commit 83555fb431e5be6c0e09687ff3bdc583f0caf9d9
4956 Merge: fcd8129 93dad39
4957 Author: Brad Spengler <spender@grsecurity.net>
4958 Date: Fri Jan 13 20:12:43 2012 -0500
4959
4960 Merge branch 'linux-3.1.y' into pax-test
4961
4962 commit d48751f3919ae855fda0ff6c149db82442329253
4963 Author: Brad Spengler <spender@grsecurity.net>
4964 Date: Wed Jan 11 19:05:47 2012 -0500
4965
4966 Call our own set_user when forcing change to new id
4967
4968 commit 26d9d497f6b926bc1699980aa18c360a3d3c52a0
4969 Merge: e6578ff fcd8129
4970 Author: Brad Spengler <spender@grsecurity.net>
4971 Date: Tue Jan 10 16:00:10 2012 -0500
4972
4973 Merge branch 'pax-test' into grsec-test
4974
4975 commit fcd8129277601f2e2d5a2066120cf8b2472d7d1f
4976 Author: Brad Spengler <spender@grsecurity.net>
4977 Date: Tue Jan 10 15:58:43 2012 -0500
4978
4979 Merge changes from pax-linux-3.1.8-test23.patch
4980
4981 commit e6578ff3e7629c432ed9b99bde6af2a1c00279b5
4982 Merge: 8859ec3 a120549
4983 Author: Brad Spengler <spender@grsecurity.net>
4984 Date: Fri Jan 6 21:45:56 2012 -0500
4985
4986 Merge branch 'pax-test' into grsec-test
4987
4988 commit a12054967a77090de1caa07c41e694a77db4e237
4989 Author: Brad Spengler <spender@grsecurity.net>
4990 Date: Fri Jan 6 21:45:30 2012 -0500
4991
4992 Merge changes from pax-linux-3.1.8-test22.patch
4993
4994 commit 8859ec32f9815c274df65448f9f2960176c380d3
4995 Merge: a5016b4 ddd4114
4996 Author: Brad Spengler <spender@grsecurity.net>
4997 Date: Fri Jan 6 21:26:08 2012 -0500
4998
4999 Merge branch 'pax-test' into grsec-test
5000
5001 Conflicts:
5002 fs/binfmt_elf.c
5003 security/Kconfig
5004
5005 commit ddd41147e158a79704983a409b7433eba797cf66
5006 Author: Brad Spengler <spender@grsecurity.net>
5007 Date: Fri Jan 6 21:12:42 2012 -0500
5008
5009 Resync with PaX patch (whitespace difference)
5010
5011 commit 29e569df8205c5f0e043fe4803aa984406c8b118
5012 Author: Brad Spengler <spender@grsecurity.net>
5013 Date: Fri Jan 6 21:09:47 2012 -0500
5014
5015 Merge changes from pax-linux-3.1.8-test21.patch
5016
5017 commit a5016b4f9c09c337b17e063a7f369af1e86d944d
5018 Merge: 0124c92 04231d5
5019 Author: Brad Spengler <spender@grsecurity.net>
5020 Date: Fri Jan 6 18:52:20 2012 -0500
5021
5022 Merge branch 'pax-test' into grsec-test
5023
5024 commit 04231d52dc8d0d6788a6bc6709dc046d3eb37097
5025 Merge: 7bdddeb a919904
5026 Author: Brad Spengler <spender@grsecurity.net>
5027 Date: Fri Jan 6 18:51:50 2012 -0500
5028
5029 Merge branch 'linux-3.1.y' into pax-test
5030
5031 Conflicts:
5032 include/net/flow.h
5033
5034 commit 0124c9264234c450904a0a5fa2f8c608ab8e3796
5035 Author: Brad Spengler <spender@grsecurity.net>
5036 Date: Fri Jan 6 18:33:05 2012 -0500
5037
5038 Make GRKERNSEC_SETXID option compatible with credential debugging
5039
5040 commit 69919c6da7cf8a781439da15b597a7d6bc9b3abe
5041 Author: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
5042 Date: Wed Dec 28 15:57:11 2011 -0800
5043
5044 mm/mempolicy.c: refix mbind_range() vma issue
5045
5046 commit 8aacc9f550 ("mm/mempolicy.c: fix pgoff in mbind vma merge") is the
5047 slightly incorrect fix.
5048
5049 Why? Think following case.
5050
5051 1. map 4 pages of a file at offset 0
5052
5053 [0123]
5054
5055 2. map 2 pages just after the first mapping of the same file but with
5056 page offset 2
5057
5058 [0123][23]
5059
5060 3. mbind() 2 pages from the first mapping at offset 2.
5061 mbind_range() should treat new vma is,
5062
5063 [0123][23]
5064 |23|
5065 mbind vma
5066
5067 but it does
5068
5069 [0123][23]
5070 |01|
5071 mbind vma
5072
5073 Oops. then, it makes wrong vma merge and splitting ([01][0123] or similar).
5074
5075 This patch fixes it.
5076
5077 [testcase]
5078 test result - before the patch
5079
5080 case4: 126: test failed. expect '2,4', actual '2,2,2'
5081 case5: passed
5082 case6: passed
5083 case7: passed
5084 case8: passed
5085 case_n: 246: test failed. expect '4,2', actual '1,4'
5086
5087 ------------[ cut here ]------------
5088 kernel BUG at mm/filemap.c:135!
5089 invalid opcode: 0000 [#4] SMP DEBUG_PAGEALLOC
5090
5091 (snip long bug on messages)
5092
5093 test result - after the patch
5094
5095 case4: passed
5096 case5: passed
5097 case6: passed
5098 case7: passed
5099 case8: passed
5100 case_n: passed
5101
5102 source: mbind_vma_test.c
5103 ============================================================
5104 #include <numaif.h>
5105 #include <numa.h>
5106 #include <sys/mman.h>
5107 #include <stdio.h>
5108 #include <unistd.h>
5109 #include <stdlib.h>
5110 #include <string.h>
5111
5112 static unsigned long pagesize;
5113 void* mmap_addr;
5114 struct bitmask *nmask;
5115 char buf[1024];
5116 FILE *file;
5117 char retbuf[10240] = "";
5118 int mapped_fd;
5119
5120 char *rubysrc = "ruby -e '\
5121 pid = %d; \
5122 vstart = 0x%llx; \
5123 vend = 0x%llx; \
5124 s = `pmap -q #{pid}`; \
5125 rary = []; \
5126 s.each_line {|line|; \
5127 ary=line.split(\" \"); \
5128 addr = ary[0].to_i(16); \
5129 if(vstart <= addr && addr < vend) then \
5130 rary.push(ary[1].to_i()/4); \
5131 end; \
5132 }; \
5133 print rary.join(\",\"); \
5134 '";
5135
5136 void init(void)
5137 {
5138 void* addr;
5139 char buf[128];
5140
5141 nmask = numa_allocate_nodemask();
5142 numa_bitmask_setbit(nmask, 0);
5143
5144 pagesize = getpagesize();
5145
5146 sprintf(buf, "%s", "mbind_vma_XXXXXX");
5147 mapped_fd = mkstemp(buf);
5148 if (mapped_fd == -1)
5149 perror("mkstemp "), exit(1);
5150 unlink(buf);
5151
5152 if (lseek(mapped_fd, pagesize*8, SEEK_SET) < 0)
5153 perror("lseek "), exit(1);
5154 if (write(mapped_fd, "\0", 1) < 0)
5155 perror("write "), exit(1);
5156
5157 addr = mmap(NULL, pagesize*8, PROT_NONE,
5158 MAP_SHARED, mapped_fd, 0);
5159 if (addr == MAP_FAILED)
5160 perror("mmap "), exit(1);
5161
5162 if (mprotect(addr+pagesize, pagesize*6, PROT_READ|PROT_WRITE) < 0)
5163 perror("mprotect "), exit(1);
5164
5165 mmap_addr = addr + pagesize;
5166
5167 /* make page populate */
5168 memset(mmap_addr, 0, pagesize*6);
5169 }
5170
5171 void fin(void)
5172 {
5173 void* addr = mmap_addr - pagesize;
5174 munmap(addr, pagesize*8);
5175
5176 memset(buf, 0, sizeof(buf));
5177 memset(retbuf, 0, sizeof(retbuf));
5178 }
5179
5180 void mem_bind(int index, int len)
5181 {
5182 int err;
5183
5184 err = mbind(mmap_addr+pagesize*index, pagesize*len,
5185 MPOL_BIND, nmask->maskp, nmask->size, 0);
5186 if (err)
5187 perror("mbind "), exit(err);
5188 }
5189
5190 void mem_interleave(int index, int len)
5191 {
5192 int err;
5193
5194 err = mbind(mmap_addr+pagesize*index, pagesize*len,
5195 MPOL_INTERLEAVE, nmask->maskp, nmask->size, 0);
5196 if (err)
5197 perror("mbind "), exit(err);
5198 }
5199
5200 void mem_unbind(int index, int len)
5201 {
5202 int err;
5203
5204 err = mbind(mmap_addr+pagesize*index, pagesize*len,
5205 MPOL_DEFAULT, NULL, 0, 0);
5206 if (err)
5207 perror("mbind "), exit(err);
5208 }
5209
5210 void Assert(char *expected, char *value, char *name, int line)
5211 {
5212 if (strcmp(expected, value) == 0) {
5213 fprintf(stderr, "%s: passed\n", name);
5214 return;
5215 }
5216 else {
5217 fprintf(stderr, "%s: %d: test failed. expect '%s', actual '%s'\n",
5218 name, line,
5219 expected, value);
5220 // exit(1);
5221 }
5222 }
5223
5224 /*
5225 AAAA
5226 PPPPPPNNNNNN
5227 might become
5228 PPNNNNNNNNNN
5229 case 4 below
5230 */
5231 void case4(void)
5232 {
5233 init();
5234 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5235
5236 mem_bind(0, 4);
5237 mem_unbind(2, 2);
5238
5239 file = popen(buf, "r");
5240 fread(retbuf, sizeof(retbuf), 1, file);
5241 Assert("2,4", retbuf, "case4", __LINE__);
5242
5243 fin();
5244 }
5245
5246 /*
5247 AAAA
5248 PPPPPPNNNNNN
5249 might become
5250 PPPPPPPPPPNN
5251 case 5 below
5252 */
5253 void case5(void)
5254 {
5255 init();
5256 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5257
5258 mem_bind(0, 2);
5259 mem_bind(2, 2);
5260
5261 file = popen(buf, "r");
5262 fread(retbuf, sizeof(retbuf), 1, file);
5263 Assert("4,2", retbuf, "case5", __LINE__);
5264
5265 fin();
5266 }
5267
5268 /*
5269 AAAA
5270 PPPPNNNNXXXX
5271 might become
5272 PPPPPPPPPPPP 6
5273 */
5274 void case6(void)
5275 {
5276 init();
5277 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5278
5279 mem_bind(0, 2);
5280 mem_bind(4, 2);
5281 mem_bind(2, 2);
5282
5283 file = popen(buf, "r");
5284 fread(retbuf, sizeof(retbuf), 1, file);
5285 Assert("6", retbuf, "case6", __LINE__);
5286
5287 fin();
5288 }
5289
5290 /*
5291 AAAA
5292 PPPPNNNNXXXX
5293 might become
5294 PPPPPPPPXXXX 7
5295 */
5296 void case7(void)
5297 {
5298 init();
5299 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5300
5301 mem_bind(0, 2);
5302 mem_interleave(4, 2);
5303 mem_bind(2, 2);
5304
5305 file = popen(buf, "r");
5306 fread(retbuf, sizeof(retbuf), 1, file);
5307 Assert("4,2", retbuf, "case7", __LINE__);
5308
5309 fin();
5310 }
5311
5312 /*
5313 AAAA
5314 PPPPNNNNXXXX
5315 might become
5316 PPPPNNNNNNNN 8
5317 */
5318 void case8(void)
5319 {
5320 init();
5321 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5322
5323 mem_bind(0, 2);
5324 mem_interleave(4, 2);
5325 mem_interleave(2, 2);
5326
5327 file = popen(buf, "r");
5328 fread(retbuf, sizeof(retbuf), 1, file);
5329 Assert("2,4", retbuf, "case8", __LINE__);
5330
5331 fin();
5332 }
5333
5334 void case_n(void)
5335 {
5336 init();
5337 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5338
5339 /* make redundunt mappings [0][1234][34][7] */
5340 mmap(mmap_addr + pagesize*4, pagesize*2, PROT_READ|PROT_WRITE,
5341 MAP_FIXED|MAP_SHARED, mapped_fd, pagesize*3);
5342
5343 /* Expect to do nothing. */
5344 mem_unbind(2, 2);
5345
5346 file = popen(buf, "r");
5347 fread(retbuf, sizeof(retbuf), 1, file);
5348 Assert("4,2", retbuf, "case_n", __LINE__);
5349
5350 fin();
5351 }
5352
5353 int main(int argc, char** argv)
5354 {
5355 case4();
5356 case5();
5357 case6();
5358 case7();
5359 case8();
5360 case_n();
5361
5362 return 0;
5363 }
5364 =============================================================
5365
5366 Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
5367 Acked-by: Johannes Weiner <hannes@cmpxchg.org>
5368 Cc: Minchan Kim <minchan.kim@gmail.com>
5369 Cc: Caspar Zhang <caspar@casparzhang.com>
5370 Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
5371 Cc: Christoph Lameter <cl@linux.com>
5372 Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
5373 Cc: Mel Gorman <mel@csn.ul.ie>
5374 Cc: Lee Schermerhorn <lee.schermerhorn@hp.com>
5375 Cc: <stable@vger.kernel.org> [3.1.x]
5376 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
5377 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
5378
5379 commit f3a1082005781777086df235049f8c0b7efe524e
5380 Author: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
5381 Date: Tue Dec 27 22:32:41 2011 -0500
5382
5383 packet: fix possible dev refcnt leak when bind fail
5384
5385 If bind is fail when bind is called after set PACKET_FANOUT
5386 sock option, the dev refcnt will leak.
5387
5388 Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
5389 Signed-off-by: David S. Miller <davem@davemloft.net>
5390
5391 commit 915f8b08dac68839dc7204ee81cf9852fda16d24
5392 Author: Haogang Chen <haogangchen@gmail.com>
5393 Date: Mon Dec 19 17:11:56 2011 -0800
5394
5395 nilfs2: potential integer overflow in nilfs_ioctl_clean_segments()
5396
5397 There is a potential integer overflow in nilfs_ioctl_clean_segments().
5398 When a large argv[n].v_nmembs is passed from the userspace, the subsequent
5399 call to vmalloc() will allocate a buffer smaller than expected, which
5400 leads to out-of-bound access in nilfs_ioctl_move_blocks() and
5401 lfs_clean_segments().
5402
5403 The following check does not prevent the overflow because nsegs is also
5404 controlled by the userspace and could be very large.
5405
5406 if (argv[n].v_nmembs > nsegs * nilfs->ns_blocks_per_segment)
5407 goto out_free;
5408
5409 This patch clamps argv[n].v_nmembs to UINT_MAX / argv[n].v_size, and
5410 returns -EINVAL when overflow.
5411
5412 Signed-off-by: Haogang Chen <haogangchen@gmail.com>
5413 Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
5414 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
5415 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
5416
5417 commit 006afb6eb7a7398edc0068c3a7b9510ffaf80f72
5418 Author: Kautuk Consul <consul.kautuk@gmail.com>
5419 Date: Mon Dec 19 17:12:04 2011 -0800
5420
5421 mm/vmalloc.c: remove static declaration of va from __get_vm_area_node
5422
5423 Static storage is not required for the struct vmap_area in
5424 __get_vm_area_node.
5425
5426 Removing "static" to store this variable on the stack instead.
5427
5428 Signed-off-by: Kautuk Consul <consul.kautuk@gmail.com>
5429 Acked-by: David Rientjes <rientjes@google.com>
5430 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
5431 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
5432
5433 commit 461ecdf221edb089e5fa0d5563e1688cd0a36f66
5434 Author: Michel Lespinasse <walken@google.com>
5435 Date: Mon Dec 19 17:12:06 2011 -0800
5436
5437 binary_sysctl(): fix memory leak
5438
5439 binary_sysctl() calls sysctl_getname() which allocates from names_cache
5440 slab usin __getname()
5441
5442 The matching function to free the name is __putname(), and not putname()
5443 which should be used only to match getname() allocations.
5444
5445 This is because when auditing is enabled, putname() calls audit_putname
5446 *instead* (not in addition) to __putname(). Then, if a syscall is in
5447 progress, audit_putname does not release the name - instead, it expects
5448 the name to get released when the syscall completes, but that will happen
5449 only if audit_getname() was called previously, i.e. if the name was
5450 allocated with getname() rather than the naked __getname(). So,
5451 __getname() followed by putname() ends up leaking memory.
5452
5453 Signed-off-by: Michel Lespinasse <walken@google.com>
5454 Acked-by: Al Viro <viro@zeniv.linux.org.uk>
5455 Cc: Christoph Hellwig <hch@infradead.org>
5456 Cc: Eric Paris <eparis@redhat.com>
5457 Cc: <stable@vger.kernel.org>
5458 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
5459 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
5460
5461 commit 0a2cd3ef50c0bae70d59c74a77db0455d26fde56
5462 Author: Sean Hefty <sean.hefty@intel.com>
5463 Date: Tue Dec 6 21:17:11 2011 +0000
5464
5465 RDMA/cma: Verify private data length
5466
5467 private_data_len is defined as a u8. If the user specifies a large
5468 private_data size (> 220 bytes), we will calculate a total length that
5469 exceeds 255, resulting in private_data_len wrapping back to 0. This
5470 can lead to overwriting random kernel memory. Avoid this by verifying
5471 that the resulting size fits into a u8.
5472
5473 Reported-by: B. Thery <benjamin.thery@bull.net>
5474 Addresses: <http://bugs.openfabrics.org/bugzilla/show_bug.cgi?id=2335>
5475 Signed-off-by: Sean Hefty <sean.hefty@intel.com>
5476 Signed-off-by: Roland Dreier <roland@purestorage.com>
5477
5478 commit 6b618c54aaec99078629ec5b9575cb7d6fc31176
5479 Author: Xi Wang <xi.wang@gmail.com>
5480 Date: Sun Dec 11 23:40:56 2011 -0800
5481
5482 Input: cma3000_d0x - fix signedness bug in cma3000_thread_irq()
5483
5484 The error check (intr_status < 0) didn't work because intr_status is
5485 a u8. Change its type to signed int.
5486
5487 Signed-off-by: Xi Wang <xi.wang@gmail.com>
5488 Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
5489
5490 commit e27f34e383d7863b2528a63b81b23db09781f6b6
5491 Author: Xi Wang <xi.wang@gmail.com>
5492 Date: Fri Dec 16 12:44:15 2011 +0000
5493
5494 sctp: fix incorrect overflow check on autoclose
5495
5496 Commit 8ffd3208 voids the previous patches f6778aab and 810c0719 for
5497 limiting the autoclose value. If userspace passes in -1 on 32-bit
5498 platform, the overflow check didn't work and autoclose would be set
5499 to 0xffffffff.
5500
5501 This patch defines a max_autoclose (in seconds) for limiting the value
5502 and exposes it through sysctl, with the following intentions.
5503
5504 1) Avoid overflowing autoclose * HZ.
5505
5506 2) Keep the default autoclose bound consistent across 32- and 64-bit
5507 platforms (INT_MAX / HZ in this patch).
5508
5509 3) Keep the autoclose value consistent between setsockopt() and
5510 getsockopt() calls.
5511
5512 Suggested-by: Vlad Yasevich <vladislav.yasevich@hp.com>
5513 Signed-off-by: Xi Wang <xi.wang@gmail.com>
5514 Signed-off-by: David S. Miller <davem@davemloft.net>
5515
5516 commit 8ebdfaad2f46ff0ac9fef9858e436bcc712a1ac8
5517 Author: Xi Wang <xi.wang@gmail.com>
5518 Date: Wed Dec 21 05:18:33 2011 -0500
5519
5520 vmwgfx: fix incorrect VRAM size check in vmw_kms_fb_create()
5521
5522 Commit e133e737 didn't correctly fix the integer overflow issue.
5523
5524 - unsigned int required_size;
5525 + u64 required_size;
5526 ...
5527 required_size = mode_cmd->pitch * mode_cmd->height;
5528 - if (unlikely(required_size > dev_priv->vram_size)) {
5529 + if (unlikely(required_size > (u64) dev_priv->vram_size)) {
5530
5531 Note that both pitch and height are u32. Their product is still u32 and
5532 would overflow before being assigned to required_size. A correct way is
5533 to convert pitch and height to u64 before the multiplication.
5534
5535 required_size = (u64)mode_cmd->pitch * (u64)mode_cmd->height;
5536
5537 This patch calls the existing vmw_kms_validate_mode_vram() for
5538 validation.
5539
5540 Signed-off-by: Xi Wang <xi.wang@gmail.com>
5541 Reviewed-and-tested-by: Thomas Hellstrom <thellstrom@vmware.com>
5542 Signed-off-by: Dave Airlie <airlied@redhat.com>
5543
5544 Conflicts:
5545
5546 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
5547
5548 commit eb8f0bd01fb994c9abc77dc84729794cd841753d
5549 Author: Xi Wang <xi.wang@gmail.com>
5550 Date: Thu Dec 22 13:35:22 2011 +0000
5551
5552 rps: fix insufficient bounds checking in store_rps_dev_flow_table_cnt()
5553
5554 Setting a large rps_flow_cnt like (1 << 30) on 32-bit platform will
5555 cause a kernel oops due to insufficient bounds checking.
5556
5557 if (count > 1<<30) {
5558 /* Enforce a limit to prevent overflow */
5559 return -EINVAL;
5560 }
5561 count = roundup_pow_of_two(count);
5562 table = vmalloc(RPS_DEV_FLOW_TABLE_SIZE(count));
5563
5564 Note that the macro RPS_DEV_FLOW_TABLE_SIZE(count) is defined as:
5565
5566 ... + (count * sizeof(struct rps_dev_flow))
5567
5568 where sizeof(struct rps_dev_flow) is 8. (1 << 30) * 8 will overflow
5569 32 bits.
5570
5571 This patch replaces the magic number (1 << 30) with a symbolic bound.
5572
5573 Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
5574 Signed-off-by: Xi Wang <xi.wang@gmail.com>
5575 Signed-off-by: David S. Miller <davem@davemloft.net>
5576
5577 commit 648188958672024b616c42c1f6c98c8cfc85619d
5578 Author: Xi Wang <xi.wang@gmail.com>
5579 Date: Fri Dec 30 10:40:17 2011 -0500
5580
5581 netfilter: ctnetlink: fix timeout calculation
5582
5583 The sanity check (timeout < 0) never works; the dividend is unsigned
5584 and so is the division, which should have been a signed division.
5585
5586 long timeout = (ct->timeout.expires - jiffies) / HZ;
5587 if (timeout < 0)
5588 timeout = 0;
5589
5590 This patch converts the time values to signed for the division.
5591
5592 Signed-off-by: Xi Wang <xi.wang@gmail.com>
5593 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
5594
5595 commit ab03a0973cee73f88655ff4981812ad316a6cd59
5596 Merge: 76f82df 7bdddeb
5597 Author: Brad Spengler <spender@grsecurity.net>
5598 Date: Tue Jan 3 17:42:50 2012 -0500
5599
5600 Merge branch 'pax-test' into grsec-test
5601
5602 commit 7bdddebd9d274a344a1c57a561152160c9e9a32a
5603 Merge: 3e59cb5 55cc81a
5604 Author: Brad Spengler <spender@grsecurity.net>
5605 Date: Tue Jan 3 17:42:36 2012 -0500
5606
5607 Merge branch 'linux-3.1.y' into pax-test
5608
5609 commit 76f82df18ba181687f454426fa9ced7a92b2ac1f
5610 Author: Brad Spengler <spender@grsecurity.net>
5611 Date: Thu Dec 22 20:15:02 2011 -0500
5612
5613 Only further restrict futex targeting another process -- our modified
5614 permission check also happened to allow a case where a process retaining
5615 uid 0 could issue futex syscalls against other uid 0 tasks, despite the euid
5616 being non-zero (reported on forums by ben_w)
5617
5618 commit 6b235a4450a5fea41663ec35fa0608988b6078c6
5619 Merge: 97c16f0 3e59cb5
5620 Author: Brad Spengler <spender@grsecurity.net>
5621 Date: Thu Dec 22 19:11:06 2011 -0500
5622
5623 Merge branch 'pax-test' into grsec-test
5624
5625 Conflicts:
5626 fs/hfs/btree.c
5627
5628 commit 3e59cb503d4ca6ce0954b8d3eb508cf7d1a31f50
5629 Merge: 285eb4e c26f60b
5630 Author: Brad Spengler <spender@grsecurity.net>
5631 Date: Thu Dec 22 19:09:57 2011 -0500
5632
5633 Merge branch 'linux-3.1.y' into pax-test
5634
5635 Conflicts:
5636 arch/x86/kernel/process.c
5637
5638 commit 97c16f0fcff592160c1787bd1c56ae7ad070ac17
5639 Author: Brad Spengler <spender@grsecurity.net>
5640 Date: Mon Dec 19 21:54:01 2011 -0500
5641
5642 Add new option: "Enforce consistent multithreaded privileges"
5643
5644 commit 7d125a16a5245b2bafc9184b8f93e864394ba1cb
5645 Author: Brad Spengler <spender@grsecurity.net>
5646 Date: Wed Dec 7 19:58:31 2011 -0500
5647
5648 Remove harmless duplicate code -- exec_file would be null already so the
5649 second check would never pass.
5650
5651 commit 4e3304e94aa72737810bc50169519af157dce4ce
5652 Author: Brad Spengler <spender@grsecurity.net>
5653 Date: Wed Dec 7 19:50:39 2011 -0500
5654
5655 Revert back to (possibly?) undocumented /proc/pid behavior that gdb
5656 depended on for attaching to a thread. Entries exist in /proc for
5657 threads, but are not visible in a readdir.
5658
5659 commit 1bd899335f23815cfe8deac44c6b346398f3b95e
5660 Author: Brad Spengler <spender@grsecurity.net>
5661 Date: Sun Dec 4 18:03:28 2011 -0500
5662
5663 Put the already-walked path if in RCU-walk mode
5664
5665 commit ec7ae36b7159f10649709779443a988662965d66
5666 Author: Brad Spengler <spender@grsecurity.net>
5667 Date: Sun Dec 4 17:35:21 2011 -0500
5668
5669 Fix memory leak introduced by recent (unpublished) commit
5670 75ab998b94a29d464518d6d501bdde3fbfcbfa14
5671
5672 commit 1e2318a8ea2e67eaf17236be374b5da8a5ba5e04
5673 Author: Brad Spengler <spender@grsecurity.net>
5674 Date: Sun Dec 4 13:56:10 2011 -0500
5675
5676 Explicitly check size copied to userland in override_release to silence gcc
5677
5678 commit c30a85d0fff67e0724e726febb934c0b6fa01c6c
5679 Author: Brad Spengler <spender@grsecurity.net>
5680 Date: Sun Dec 4 13:54:02 2011 -0500
5681
5682 Initialize variable to silence erroneous gcc warning
5683
5684 commit 2cf8e7a3bf4e97b2cd3de9ebc453bc505dc7eb78
5685 Author: Brad Spengler <spender@grsecurity.net>
5686 Date: Sun Dec 4 13:47:47 2011 -0500
5687
5688 Future-proof other potential RCU-aware locations where we can log.
5689
5690 commit 0c904e8c7ea0338c47c7ae825e093a152dc8f8a8
5691 Author: Brad Spengler <spender@grsecurity.net>
5692 Date: Sun Dec 4 13:02:54 2011 -0500
5693
5694 Fix freeze reported by 'vs' on the forums. Bug occurred due to
5695 MAY_NOT_BLOCK added to Linux 3.1. Our logging code, when a capability used
5696 in generic_permission() was in the task's effective set but disallowed by
5697 RBAC, would block when acquiring locks resulting in the freeze.
5698
5699 Also update the ordering of checks so that CAP_DAC_READ_SEARCH isn't logged
5700 as being required when CAP_DAC_OVERRIDE is present (consistent with
5701 older patches).
5702
5703 commit ab694e5eccfbc369baa593ebc1269d1908cf16dc
5704 Author: Xi Wang <xi.wang@gmail.com>
5705 Date: Tue Nov 29 09:26:30 2011 +0000
5706
5707 sctp: better integer overflow check in sctp_auth_create_key()
5708
5709 The check from commit 30c2235c is incomplete and cannot prevent
5710 cases like key_len = 0x80000000 (INT_MAX + 1). In that case, the
5711 left-hand side of the check (INT_MAX - key_len), which is unsigned,
5712 becomes 0xffffffff (UINT_MAX) and bypasses the check.
5713
5714 However this shouldn't be a security issue. The function is called
5715 from the following two code paths:
5716
5717 1) setsockopt()
5718
5719 2) sctp_auth_asoc_set_secret()
5720
5721 In case (1), sca_keylength is never going to exceed 65535 since it's
5722 bounded by a u16 from the user API. As such, the key length will
5723 never overflow.
5724
5725 In case (2), sca_keylength is computed based on the user key (1 short)
5726 and 2 * key_vector (3 shorts) for a total of 7 * USHRT_MAX, which still
5727 will not overflow.
5728
5729 In other words, this overflow check is not really necessary. Just
5730 make it more correct.
5731
5732 Signed-off-by: Xi Wang <xi.wang@gmail.com>
5733 Cc: Vlad Yasevich <vladislav.yasevich@hp.com>
5734 Signed-off-by: David S. Miller <davem@davemloft.net>
5735
5736 commit e565e28c3635a1d50f80541fbf6b606d742fec76
5737 Author: Josh Boyer <jwboyer@redhat.com>
5738 Date: Fri Aug 19 14:50:26 2011 -0400
5739
5740 fs/minix: Verify bitmap block counts before mounting
5741
5742 Newer versions of MINIX can create filesystems that allocate an extra
5743 bitmap block. Mounting of this succeeds, but doing a statfs call will
5744 result in an oops in count_free because of a negative number being used
5745 for the bh index.
5746
5747 Avoid this by verifying the number of allocated blocks at mount time,
5748 erroring out if there are not enough and make statfs ignore the extras
5749 if there are too many.
5750
5751 This fixes https://bugzilla.kernel.org/show_bug.cgi?id=18792
5752
5753 Signed-off-by: Josh Boyer <jwboyer@redhat.com>
5754 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
5755
5756 commit 6e134e398ec1a3f428261680e83df4319e64bed9
5757 Author: Julia Lawall <julia@diku.dk>
5758 Date: Tue Nov 15 14:53:11 2011 -0800
5759
5760 drivers/gpu/vga/vgaarb.c: add missing kfree
5761
5762 kbuf is a buffer that is local to this function, so all of the error paths
5763 leaving the function should release it.
5764
5765 Signed-off-by: Julia Lawall <julia@diku.dk>
5766 Cc: Jesper Juhl <jj@chaosbits.net>
5767 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
5768 Signed-off-by: Dave Airlie <airlied@redhat.com>
5769
5770 commit 2b9057b321e36860e8d63985b5c4e496f254b717
5771 Author: Brad Spengler <spender@grsecurity.net>
5772 Date: Sat Dec 3 21:33:28 2011 -0500
5773
5774 Import changes between pax-linux-3.1.4-test18.patch and grsecurity-2.2.2-3.1.4-201112021740.patch
5775
5776 commit 5dfe6091dca281a456eaff5e7b4692d768a05cfd
5777 Author: Brad Spengler <spender@grsecurity.net>
5778 Date: Sat Dec 3 21:29:37 2011 -0500
5779
5780 Import pax-linux-3.1.4-test18.patch
5781
5782 commit 285eb4ea45d853ae00426b3315a61c1368080dad
5783 Author: Brad Spengler <spender@grsecurity.net>
5784 Date: Sat Dec 10 18:33:46 2011 -0500
5785
5786 Import changes from pax-linux-3.1.5-test20.patch
5787
5788 commit a6bda918fc90ec1d5c387e978d147ad2044153f1
5789 Author: Brad Spengler <spender@grsecurity.net>
5790 Date: Thu Dec 8 20:55:54 2011 -0500
5791
5792 Import changes from pax-linux-3.1.4-test19.patch
5793
5794 commit e6d987bdb782b280f882cc20055e3d9cb28ad3a5
5795 Author: Brad Spengler <spender@grsecurity.net>
5796 Date: Sat Dec 3 21:29:37 2011 -0500
5797
5798 Import pax-linux-3.1.4-test18.patch
Unofficial grsecurity patch archive (https://github.com/slashbeast/grsecurity-scrape)