1 commit 3784195d73223b2f93db2d8edd454483509c0808
2 Author: Djalal Harouni <tixxdz@opendz.org>
3 Date: Sun May 20 13:55:30 2012 +0000
5 drivers/net/stmmac: seq_file fix memory leak
7 Use single_release() instead of seq_release() to free memory allocated
10 Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
11 Signed-off-by: David S. Miller <davem@davemloft.net>
13 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 ++--
14 1 files changed, 2 insertions(+), 2 deletions(-)
16 commit 98131862203fd281c4cb8cbe01a8f20190f62cf7
17 Author: Brad Spengler <spender@grsecurity.net>
18 Date: Sat May 26 11:51:18 2012 -0400
20 When called for anonymous (non-shared) mappings,
21 hugetlb_reserve_pages() does a resv_map_alloc(). It depends on
22 code in hugetlbfs's vm_ops->close() to release that allocation.
24 However, in the mmap() failure path, we do a plain unmap_region()
25 without the remove_vma() which actually calls vm_ops->close().
27 This is a decent fix. This leak could get reintroduced if
28 new code (say, after hugetlb_reserve_pages() in
29 hugetlbfs_file_mmap()) decides to return an error. But, I think
30 it would have to unroll the reservation anyway.
32 This hasn't been extensively tested. Pretty much compile and
33 boot tested along with Christoph's test case:
35 http://marc.info/?l=linux-mm&m=133728900729735
37 Signed-off-by: Dave Hansen <dave@linux.vnet.ibm.com>
38 Acked-by: Mel Gorman <mel@csn.ul.ie>
39 ecked-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
40 Reported/tested-by: Christoph Lameter <cl@linux.com>
42 mm/hugetlb.c | 28 ++++++++++++++++++++++------
43 1 files changed, 22 insertions(+), 6 deletions(-)
45 commit 42526ac1fb37d444036f7ed781538f01979112b9
46 Merge: ef9c2e2 fe4d20a
47 Author: Brad Spengler <spender@grsecurity.net>
48 Date: Sat May 26 11:31:58 2012 -0400
50 Merge branch 'pax-test' into grsec-test
55 commit fe4d20ae91718b4c267bc9b048552d6a0daba5f1
56 Merge: 981e60c 4dc1c17
57 Author: Brad Spengler <spender@grsecurity.net>
58 Date: Sat May 26 11:30:35 2012 -0400
60 Update to pax-linux-3.3.7-test15.patch
61 Merge branch 'linux-3.3.y' into pax-test
66 commit 981e60cc448ce110e658c23c290cf96409ac558b
67 Author: Brad Spengler <spender@grsecurity.net>
68 Date: Sat May 26 11:00:42 2012 -0400
70 Update to pax-linux-3.3.6-test15.patch
73 arch/x86/crypto/aesni-intel_glue.c | 2 -
74 arch/x86/include/asm/floppy.h | 1 -
75 arch/x86/include/asm/kvm_host.h | 4 +-
76 arch/x86/include/asm/syscalls.h | 2 +-
77 arch/x86/include/asm/uaccess_32.h | 17 -
78 arch/x86/include/asm/uaccess_64.h | 18 -
79 arch/x86/kernel/cpu/mcheck/mce-inject.c | 2 -
80 arch/x86/kernel/cpu/mtrr/if.c | 2 -
81 arch/x86/kernel/dumpstack_64.c | 3 +
82 arch/x86/kernel/i387.c | 20 -
83 arch/x86/kernel/ldt.c | 2 -
84 arch/x86/kernel/microcode_intel.c | 1 -
85 arch/x86/kernel/module.c | 1 -
86 arch/x86/kernel/ptrace.c | 4 -
87 arch/x86/kernel/setup_percpu.c | 4 -
88 arch/x86/kernel/tls.h | 2 +-
89 arch/x86/kernel/vm86_32.c | 3 -
90 arch/x86/kvm/x86.c | 21 -
91 arch/x86/kvm/x86.h | 4 +-
92 arch/x86/platform/uv/tlb_uv.c | 4 -
93 crypto/ablkcipher.c | 4 -
95 crypto/blkcipher.c | 3 -
97 drivers/acpi/battery.c | 3 -
98 drivers/acpi/sbs.c | 3 -
99 drivers/infiniband/hw/ipath/ipath_fs.c | 4 -
100 drivers/infiniband/hw/qib/qib_fs.c | 4 -
101 drivers/lguest/lguest_user.c | 1 -
102 drivers/md/dm-raid1.c | 4 -
103 drivers/md/dm-stripe.c | 1 -
104 drivers/media/video/cpia2/cpia2_core.c | 1 -
105 drivers/media/video/cx18/cx18-alsa-pcm.c | 2 -
106 drivers/media/video/cx231xx/cx231xx-audio.c | 2 -
107 drivers/media/video/em28xx/em28xx-audio.c | 2 -
108 drivers/media/video/meye.c | 1 -
109 drivers/media/video/saa7164/saa7164-encoder.c | 2 -
110 drivers/media/video/saa7164/saa7164-vbi.c | 2 -
111 drivers/media/video/videobuf-dma-contig.c | 1 -
112 drivers/media/video/videobuf-dma-sg.c | 1 -
113 drivers/media/video/videobuf-vmalloc.c | 1 -
114 drivers/mtd/ubi/debug.c | 2 -
115 drivers/net/ethernet/chelsio/cxgb/sge.c | 2 -
116 drivers/net/ethernet/chelsio/cxgb3/sge.c | 4 -
117 drivers/net/ethernet/chelsio/cxgb4/sge.c | 3 -
118 drivers/net/ethernet/chelsio/cxgb4vf/sge.c | 3 -
119 drivers/net/wireless/ath/ath5k/debug.c | 3 -
120 drivers/net/wireless/ath/ath9k/debug.c | 2 -
121 drivers/net/wireless/ath/ath9k/htc_drv_debug.c | 2 -
122 drivers/oprofile/oprofile_files.c | 5 -
123 drivers/oprofile/oprofilefs.c | 1 -
124 drivers/platform/x86/asus_acpi.c | 2 -
125 drivers/platform/x86/toshiba_acpi.c | 2 -
126 drivers/staging/rtl8192e/rtllib_module.c | 2 -
127 .../staging/rtl8192u/ieee80211/ieee80211_module.c | 2 -
129 fs/configfs/file.c | 2 -
130 fs/ncpfs/ncplib_kernel.h | 4 +-
132 fs/ubifs/debug.c | 3 -
133 include/asm-generic/pgtable-nopud.h | 1 +
134 include/asm-generic/uaccess.h | 11 -
135 include/linux/compiler-gcc4.h | 1 +
136 include/linux/compiler.h | 1 +
137 include/linux/crash_dump.h | 2 +-
138 include/linux/kvm_host.h | 14 +-
139 include/linux/moduleloader.h | 2 +-
140 include/linux/oprofile.h | 2 +-
141 include/linux/slab.h | 4 +-
142 include/linux/slab_def.h | 2 -
143 include/linux/slob_def.h | 2 -
144 include/linux/slub_def.h | 6 +-
145 include/linux/uaccess.h | 2 +-
146 include/linux/vmalloc.h | 18 +-
148 net/bridge/netfilter/ebt_ulog.c | 1 -
150 net/ipv4/netfilter/arp_tables.c | 10 -
151 net/ipv4/netfilter/ip_tables.c | 11 -
152 net/ipv4/netfilter/ipt_ULOG.c | 1 -
153 net/ipv4/netfilter/nf_nat_snmp_basic.c | 4 -
155 net/ipv6/netfilter/ip6_tables.c | 11 -
156 scripts/Makefile.lib | 6 +-
157 tools/gcc/size_overflow_hash1.h | 3047 --------------------
158 tools/gcc/size_overflow_hash2.h | 35 -
159 tools/gcc/size_overflow_plugin.c | 158 +-
160 88 files changed, 144 insertions(+), 3434 deletions(-)
162 commit ef9c2e2cad33a477bf0c8f1ccf8aafb4a213a3df
163 Author: Brad Spengler <spender@grsecurity.net>
164 Date: Sat May 19 10:47:15 2012 -0400
166 init ebda range earlier in boot
172 arch/x86/mm/init.c | 48 +++++++++++++++++++++++++++++-------------------
173 1 files changed, 29 insertions(+), 19 deletions(-)
175 commit 945355803ce381eacce23b3383aca5964a92d063
176 Author: Brad Spengler <spender@grsecurity.net>
177 Date: Sat May 19 09:19:42 2012 -0400
179 [PATCH] mm: read_pmd_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition
181 When holding the mmap_sem for reading, pmd_offset_map_lock should only
182 run on a pmd_t that has been read atomically from the pmdp
183 pointer, otherwise we may read only half of it leading to this crash.
185 PID: 11679 TASK: f06e8000 CPU: 3 COMMAND: "do_race_2_panic"
186 #0 [f06a9dd8] crash_kexec at c049b5ec
187 #1 [f06a9e2c] oops_end at c083d1c2
188 #2 [f06a9e40] no_context at c0433ded
189 #3 [f06a9e64] bad_area_nosemaphore at c043401a
190 #4 [f06a9e6c] __do_page_fault at c0434493
191 #5 [f06a9eec] do_page_fault at c083eb45
192 #6 [f06a9f04] error_code (via page_fault) at c083c5d5
193 EAX: 01fb470c EBX: fff35000 ECX: 00000003 EDX: 00000100 EBP:
195 DS: 007b ESI: 9e201000 ES: 007b EDI: 01fb4700 GS: 00e0
196 CS: 0060 EIP: c083bc14 ERR: ffffffff EFLAGS: 00010246
197 #7 [f06a9f38] _spin_lock at c083bc14
198 #8 [f06a9f44] sys_mincore at c0507b7d
199 #9 [f06a9fb0] system_call at c083becd
201 EAX: ffffffda EBX: 9e200000 ECX: 00001000 EDX: 6228537f
202 DS: 007b ESI: 00000000 ES: 007b EDI: 003d0f00
203 SS: 007b ESP: 62285354 EBP: 62285388 GS: 0033
204 CS: 0073 EIP: 00291416 ERR: 000000da EFLAGS: 00000286
206 This should be a longstanding bug affecting x86 32bit PAE without
207 THP. Only archs with 64bit large pmd_t and 32bit unsigned long should
210 With THP enabled the barrier() in
211 pmd_none_or_trans_huge_or_clear_bad() would partly hide the bug when
212 the pmd transition from none to stable, by forcing a re-read of the
213 *pmd in pmd_offset_map_lock, but when THP is enabled a new set of
214 problem arises by the fact could then transition freely in any of the
215 none, pmd_trans_huge or pmd_trans_stable states. So making the barrier
216 in pmd_none_or_trans_huge_or_clear_bad() unconditional isn't good idea
217 and it would be a flakey solution.
219 This should be fully fixed by introducing a read_pmd_atomic that reads
220 the pmd in order with THP disabled, or by reading the pmd atomically
221 with cmpxchg8b with THP enabled.
223 Luckily this new race condition only triggers in the places that must
224 already be covered by pmd_none_or_trans_huge_or_clear_bad() so the fix
225 is localized there but this bug is not related to THP.
227 NOTE: this can trigger on x86 32bit systems with PAE enabled with more
228 than 4G of ram, otherwise the high part of the pmd will never risk to
229 be truncated because it would be zero at all times, in turn so hiding
232 This bug was discovered and fully debugged by Ulrich, quote:
236 pmd_none_or_trans_huge_or_clear_bad() loads the content of edx and
239 496 static inline int pmd_none_or_trans_huge_or_clear_bad(pmd_t
242 498 /* depend on compiler for an atomic pmd read */
243 499 pmd_t pmdval = *pmd;
246 0xc0507a74 <sys_mincore+548>: mov 0x8(%esp),%edi
248 // edx = PTE page table high address
249 0xc0507a84 <sys_mincore+564>: mov 0x4(%edi),%edx
251 // eax = PTE page table low address
252 0xc0507a8e <sys_mincore+574>: mov (%edi),%eax
256 Please note that the PMD is not read atomically. These are two "mov"
257 instructions where the high order bits of the PMD entry are fetched
258 first. Hence, the above machine code is prone to the following race.
260 - The PMD entry {high|low} is 0x0000000000000000.
261 The "mov" at 0xc0507a84 loads 0x00000000 into edx.
263 - A page fault (on another CPU) sneaks in between the two "mov"
264 instructions and instantiates the PMD.
266 - The PMD entry {high|low} is now 0x00000003fda38067.
267 The "mov" at 0xc0507a8e loads 0xfda38067 into eax.
270 Reported-by: Ulrich Obergfell <uobergfe <at> redhat.com>
271 Signed-off-by: Andrea Arcangeli <aarcange <at> redhat.com>
273 arch/x86/include/asm/pgtable-3level.h | 50 +++++++++++++++++++++++++++++++++
274 include/asm-generic/pgtable.h | 22 +++++++++++++-
275 2 files changed, 70 insertions(+), 2 deletions(-)
277 arch/x86/include/asm/pgtable-3level.h | 50 +++++++++++++++++++++++++++++++++
278 include/asm-generic/pgtable.h | 22 +++++++++++++-
279 2 files changed, 70 insertions(+), 2 deletions(-)
281 commit c372470ba53425b2e159282d81680c0c84f3750d
282 Author: Tushar Dave <tushar.n.dave@intel.com>
283 Date: Thu May 17 01:04:50 2012 +0000
285 e1000: Prevent reset task killing itself.
287 Killing reset task while adapter is resetting causes deadlock.
288 Only kill reset task if adapter is not resetting.
289 Ref bug #43132 on bugzilla.kernel.org
291 CC: stable@vger.kernel.org
292 Signed-off-by: Tushar Dave <tushar.n.dave@intel.com>
293 Tested-by: Aaron Brown <aaron.f.brown@intel.com>
294 Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
295 Signed-off-by: David S. Miller <davem@davemloft.net>
297 drivers/net/ethernet/intel/e1000/e1000_main.c | 6 +++++-
298 1 files changed, 5 insertions(+), 1 deletions(-)
300 commit 1ef7b1503902f0e58f843417b514ab79d52f85aa
301 Author: Willy Tarreau <w@1wt.eu>
302 Date: Thu May 17 11:14:14 2012 +0000
304 tcp: do_tcp_sendpages() must try to push data out on oom conditions
306 Since recent changes on TCP splicing (starting with commits 2f533844
307 "tcp: allow splice() to build full TSO packets" and 35f9c09f "tcp:
308 tcp_sendpages() should call tcp_push() once"), I started seeing
309 massive stalls when forwarding traffic between two sockets using
310 splice() when pipe buffers were larger than socket buffers.
312 Latest changes (net: netdev_alloc_skb() use build_skb()) made the
313 problem even more apparent.
315 The reason seems to be that if do_tcp_sendpages() fails on out of memory
316 condition without being able to send at least one byte, tcp_push() is not
317 called and the buffers cannot be flushed.
319 After applying the attached patch, I cannot reproduce the stalls at all
320 and the data rate it perfectly stable and steady under any condition
321 which previously caused the problem to be permanent.
323 The issue seems to have been there since before the kernel migrated to
324 git, which makes me think that the stalls I occasionally experienced
325 with tux during stress-tests years ago were probably related to the
328 This issue was first encountered on 3.0.31 and 3.2.17, so please backport
331 Signed-off-by: Willy Tarreau <w@1wt.eu>
332 Acked-by: Eric Dumazet <edumazet@google.com>
333 Cc: <stable@vger.kernel.org>
335 net/ipv4/tcp.c | 3 +--
336 1 files changed, 1 insertions(+), 2 deletions(-)
338 commit f1ef0322da87da4de06f2c12d9615e5b62906d98
339 Author: Sachin Prabhu <sprabhu@redhat.com>
340 Date: Tue Apr 17 14:35:39 2012 +0100
342 Avoid reading past buffer when calling GETACL
344 Bug noticed in commit
345 bf118a342f10dafe44b14451a1392c3254629a1f
347 When calling GETACL, if the size of the bitmap array, the length
348 attribute and the acl returned by the server is greater than the
349 allocated buffer(args.acl_len), we can Oops with a General Protection
350 fault at _copy_from_pages() when we attempt to read past the pages
353 This patch allocates an extra PAGE for the bitmap and checks to see that
354 the bitmap + attribute_length + ACLs don't exceed the buffer space
357 Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
358 Reported-by: Jian Li <jiali@redhat.com>
359 [Trond: Fixed a size_t vs unsigned int printk() warning]
360 Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
362 fs/nfs/nfs4proc.c | 16 ++++++++++------
363 fs/nfs/nfs4xdr.c | 18 +++++++++++-------
364 2 files changed, 21 insertions(+), 13 deletions(-)
366 commit 6405eafd58c9a79fdd2c383fcd15e1231f30e52d
367 Author: Brad Spengler <spender@grsecurity.net>
368 Date: Sat May 19 08:30:54 2012 -0400
370 Precompute _start/_end
372 arch/x86/mm/init.c | 25 ++++++++++++-------------
373 1 files changed, 12 insertions(+), 13 deletions(-)
375 commit 86d09b7998377aa2a41dfa094f09e3e37681771b
376 Author: Brad Spengler <spender@grsecurity.net>
377 Date: Sat May 19 07:45:06 2012 -0400
379 Use new method of EBDA detection
380 Resolves issue from: https://bugs.gentoo.org/show_bug.cgi?id=416415
382 arch/x86/mm/init.c | 28 +++++++++++++++++++++++++++-
383 1 files changed, 27 insertions(+), 1 deletions(-)
385 commit ae5d8ccb14ea02206a73bcfcb6fd1584229c7816
386 Author: Eric W. Biederman <ebiederm@xmission.com>
387 Date: Fri May 4 11:34:03 2012 +0000
389 connector/userns: replace netlink uses of cap_raised() with capable()
391 In 2009 Philip Reiser notied that a few users of netlink connector
392 interface needed a capability check and added the idiom
393 cap_raised(nsp->eff_cap, CAP_SYS_ADMIN) to a few of them, on the premise
394 that netlink was asynchronous.
396 In 2011 Patrick McHardy noticed we were being silly because netlink is
397 synchronous and removed eff_cap from the netlink_skb_params and changed
398 the idiom to cap_raised(current_cap(), CAP_SYS_ADMIN).
400 Looking at those spots with a fresh eye we should be calling
401 capable(CAP_SYS_ADMIN). The only reason I can see for not calling capable
402 is that it once appeared we were not in the same task as the caller which
403 would have made calling capable() impossible.
405 In the initial user_namespace the only difference between between
406 cap_raised(current_cap(), CAP_SYS_ADMIN) and capable(CAP_SYS_ADMIN) are a
407 few sanity checks and the fact that capable(CAP_SYS_ADMIN) sets
408 PF_SUPERPRIV if we use the capability.
410 Since we are going to be using root privilege setting PF_SUPERPRIV seems
411 the right thing to do.
413 The motivation for this that patch is that in a child user namespace
414 cap_raised(current_cap(),...) tests your capabilities with respect to that
415 child user namespace not capabilities in the initial user namespace and
416 thus will allow processes that should be unprivielged to use the kernel
417 services that are only protected with cap_raised(current_cap(),..).
419 To fix possible user_namespace issues and to just clean up the code
420 replace cap_raised(current_cap(), CAP_SYS_ADMIN) with
421 capable(CAP_SYS_ADMIN).
423 Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
424 Cc: Patrick McHardy <kaber@trash.net>
425 Cc: Philipp Reisner <philipp.reisner@linbit.com>
426 Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
427 Acked-by: Andrew G. Morgan <morgan@kernel.org>
428 Cc: Vasiliy Kulikov <segoon@openwall.com>
429 Cc: David Howells <dhowells@redhat.com>
430 Reviewed-by: James Morris <james.l.morris@oracle.com>
431 Cc: David Miller <davem@davemloft.net>
432 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
433 Signed-off-by: David S. Miller <davem@davemloft.net>
435 drivers/block/drbd/drbd_nl.c | 2 +-
436 drivers/md/dm-log-userspace-transfer.c | 2 +-
437 drivers/video/uvesafb.c | 2 +-
438 3 files changed, 3 insertions(+), 3 deletions(-)
440 commit 74650b6cb5756e6e78f90b31830ebe779c87e454
441 Author: Dan Carpenter <dan.carpenter@oracle.com>
442 Date: Sun May 13 08:44:18 2012 +0000
444 openvswitch: checking wrong variable in queue_userspace_packet()
446 "skb" is non-NULL here, for example we dereference it in skb_clone().
447 The intent was to test "nskb" which was just set.
449 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
450 Acked-by: Jesse Gross <jesse@nicira.com>
451 Signed-off-by: David S. Miller <davem@davemloft.net>
453 net/openvswitch/datapath.c | 2 +-
454 1 files changed, 1 insertions(+), 1 deletions(-)
456 commit c9edc7f133cb58a6f079390f1e31eac1d3122c86
457 Author: Brad Spengler <spender@grsecurity.net>
458 Date: Sun May 13 15:42:34 2012 -0400
460 Add MIPS support to GRKERNSEC_SETXID, choose a thread info flag bit
461 for each of our supported architectures that can be properly expressed
462 within the instruction making use of an immediate value:
466 < 8 or expressable within 8 bits with a shift amount on arm
468 (different values required for this kernel due to 3.3 feature additions)
472 arch/arm/include/asm/thread_info.h
473 arch/sparc/include/asm/thread_info_64.h
475 arch/arm/include/asm/thread_info.h | 7 ++++++-
476 arch/mips/include/asm/thread_info.h | 9 +++++++--
477 arch/mips/kernel/ptrace.c | 9 +++++++++
478 arch/mips/kernel/scall32-o32.S | 2 +-
479 arch/mips/kernel/scall64-64.S | 2 +-
480 arch/mips/kernel/scall64-n32.S | 2 +-
481 arch/mips/kernel/scall64-o32.S | 2 +-
482 arch/powerpc/include/asm/thread_info.h | 5 +++--
483 arch/sparc/include/asm/thread_info_64.h | 4 ++--
484 arch/x86/include/asm/thread_info.h | 3 ++-
485 grsecurity/Kconfig | 4 ++--
486 11 files changed, 35 insertions(+), 14 deletions(-)
488 commit 941429c6316391a4104d5781bf96a4a88b8b270d
489 Author: Brad Spengler <spender@grsecurity.net>
490 Date: Sun May 13 14:21:06 2012 -0400
492 Add arm/ppc/sparc64 support to GRKERNSEC_SETXID
494 arch/arm/include/asm/thread_info.h | 5 ++++-
495 arch/arm/kernel/ptrace.c | 9 +++++++++
496 arch/powerpc/include/asm/thread_info.h | 6 +++++-
497 arch/powerpc/kernel/ptrace.c | 14 ++++++++++++++
498 arch/sparc/include/asm/thread_info_64.h | 7 +++++++
499 arch/sparc/kernel/ptrace_64.c | 14 ++++++++++++++
500 arch/sparc/kernel/syscalls.S | 10 +++++-----
501 arch/x86/include/asm/thread_info.h | 2 +-
502 grsecurity/Kconfig | 4 ++--
503 9 files changed, 61 insertions(+), 10 deletions(-)
505 commit 27cd051e9c71168dd4ba8048be2bcd962cb9c1bb
506 Author: Brad Spengler <spender@grsecurity.net>
507 Date: Sat May 12 23:24:22 2012 -0400
509 Make CONFIG_GRKERNSEC_SETXID depend on X86 for now, more architectures to
511 Speeds up implementation by using existing thread info flag check
512 Will also apply the new credentials faster than the previous method, either
513 upon the next syscall entry or exit
514 Resolves oops triggerable by root reported by Pavel Labushev
516 arch/x86/include/asm/thread_info.h | 8 +++++---
517 arch/x86/kernel/ptrace.c | 14 ++++++++++++++
518 grsecurity/Kconfig | 3 ++-
519 kernel/cred.c | 11 ++++++++++-
520 kernel/sched/core.c | 15 ---------------
521 5 files changed, 31 insertions(+), 20 deletions(-)
523 commit 47565c239f57cef0f68934085945072768d8bfa3
524 Merge: f170787 58b316c
525 Author: Brad Spengler <spender@grsecurity.net>
526 Date: Sat May 12 17:21:53 2012 -0400
528 Merge branch 'pax-test' into grsec-test
530 commit 58b316c3d406413e6e007f313534cd54114c15e3
531 Author: Brad Spengler <spender@grsecurity.net>
532 Date: Sat May 12 17:21:15 2012 -0400
534 Update to pax-linux-3.3.6-test12.patch
536 arch/x86/kernel/entry_32.S | 2 +-
537 arch/x86/lib/atomic64_cx8_32.S | 2 +-
538 2 files changed, 2 insertions(+), 2 deletions(-)
540 commit f170787d59bfe8af56d3d12c6422ca6c9ee2c9a3
541 Merge: 1f1f22a 37725adf
542 Author: Brad Spengler <spender@grsecurity.net>
543 Date: Sat May 12 15:54:19 2012 -0400
545 Merge branch 'pax-test' into grsec-test
547 commit 37725adf42f6e157916e779acc37696810bc3213
548 Merge: a17565b b67be2a
549 Author: Brad Spengler <spender@grsecurity.net>
550 Date: Sat May 12 15:54:06 2012 -0400
552 Merge branch 'linux-3.3.y' into pax-test
555 arch/x86/boot/compressed/relocs.c
557 commit 1f1f22a1225b5083787871fa1b3825a3ad26c1dd
558 Author: Brad Spengler <spender@grsecurity.net>
559 Date: Wed May 9 17:22:32 2012 -0400
561 No need to perform descendent checks on anything but PTRACE_ATTACH/PTRACE_SEIZE
562 resolves issue with strace -f v4.7
564 grsecurity/gracl.c | 25 +++++++++++++------------
565 1 files changed, 13 insertions(+), 12 deletions(-)
567 commit 93d733045b6ebd24173c9ddbf70232382f196ab7
568 Merge: a2446fc a17565b
569 Author: Brad Spengler <spender@grsecurity.net>
570 Date: Wed May 9 17:13:44 2012 -0400
572 Merge branch 'pax-test' into grsec-test
574 commit a17565bf6246281d34fd530b7f93b6dc3affe932
575 Author: Brad Spengler <spender@grsecurity.net>
576 Date: Wed May 9 17:13:23 2012 -0400
578 Update to pax-linux-3.3.5-test11.patch
580 arch/x86/mm/hugetlbpage.c | 7 ++++++-
581 arch/x86/mm/init_64.c | 2 +-
582 lib/ioremap.c | 4 ++--
583 mm/memory.c | 8 ++++++--
584 4 files changed, 15 insertions(+), 6 deletions(-)
586 commit a2446fc9e8ab4215b81285e8e38fb7691fede567
587 Author: Jeff Mahoney <jeffm@suse.com>
588 Date: Wed Apr 25 14:32:09 2012 +0000
590 dl2k: Clean up rio_ioctl
592 The dl2k driver's rio_ioctl call has a few issues:
593 - No permissions checking
594 - Implements SIOCGMIIREG and SIOCGMIIREG using the SIOCDEVPRIVATE numbers
595 - Has a few ioctls that may have been used for debugging at one point
596 but have no place in the kernel proper.
598 This patch removes all but the MII ioctls, renumbers them to use the
599 standard ones, and adds the proper permission check for SIOCSMIIREG.
601 We can also get rid of the dl2k-specific struct mii_data in favor of
602 the generic struct mii_ioctl_data.
604 Since we have the phyid on hand, we can add the SIOCGMIIPHY ioctl too.
606 Most of the MII code for the driver could probably be converted to use
607 the generic MII library but I don't have a device to test the results.
609 Reported-by: Stephan Mueller <stephan.mueller@atsec.com>
610 Signed-off-by: Jeff Mahoney <jeffm@suse.com>
611 Signed-off-by: David S. Miller <davem@davemloft.net>
613 drivers/net/ethernet/dlink/dl2k.c | 52 ++++++------------------------------
614 drivers/net/ethernet/dlink/dl2k.h | 7 -----
615 2 files changed, 9 insertions(+), 50 deletions(-)
617 commit 0387e294960d1a97aecf9a091fd04dc6ea60dc24
618 Merge: 8721cf2 b472141
619 Author: Brad Spengler <spender@grsecurity.net>
620 Date: Mon May 7 17:47:29 2012 -0400
622 Merge branch 'pax-test' into grsec-test
624 commit b472141f82dcaaebb0915579b664deb13dd51a63
625 Author: Brad Spengler <spender@grsecurity.net>
626 Date: Mon May 7 17:47:09 2012 -0400
628 Update to pax-linux-3.3.5-test10.patch
630 arch/alpha/include/asm/pgalloc.h | 6 +++
631 arch/arm/include/asm/pgalloc.h | 6 +++
632 arch/ia64/include/asm/pgalloc.h | 12 ++++++
633 arch/mips/include/asm/pgalloc.h | 5 ++
634 arch/parisc/include/asm/pgalloc.h | 6 +++
635 arch/powerpc/include/asm/pgalloc-64.h | 7 +++
636 arch/sparc/include/asm/pgalloc_32.h | 1 +
637 arch/sparc/include/asm/pgalloc_64.h | 1 +
638 arch/um/include/asm/pgtable-3level.h | 1 +
639 arch/x86/include/asm/pgalloc.h | 16 ++++++++
640 arch/x86/include/asm/pgtable_64.h | 2 +
641 arch/x86/mm/init_64.c | 6 +-
642 fs/binfmt_elf.c | 6 ++-
643 include/linux/mm.h | 26 ++++++++++++
644 mm/memory.c | 41 ++++++++++++++++++++
645 mm/sparse-vmemmap.c | 4 +-
647 tools/gcc/size_overflow_plugin.c | 68 ++++++++++++++++++++++++++-------
648 18 files changed, 196 insertions(+), 22 deletions(-)
650 commit 1d0532c4ddc0739cd7638044ffc05159992468b3
651 Merge: 09bdf6a dda1cd5
652 Author: Brad Spengler <spender@grsecurity.net>
653 Date: Mon May 7 17:46:55 2012 -0400
655 Merge branch 'linux-3.3.y' into pax-test
657 commit 8721cf24ffec2f9a120ad5a057b305c0e42c6f74
658 Author: Oleg Nesterov <oleg@redhat.com>
659 Date: Mon Apr 16 22:48:15 2012 +0200
661 i387: ptrace breaks the lazy-fpu-restore logic
663 Starting from 7e16838d "i387: support lazy restore of FPU state"
664 we assume that fpu_owner_task doesn't need restore_fpu_checking()
665 on the context switch, its FPU state should match what we already
666 have in the FPU on this CPU.
668 However, debugger can change the tracee's FPU state, in this case
669 we should reset fpu.last_cpu to ensure fpu_lazy_restore() can't
672 Change init_fpu() to do this, it is called by user_regset->set()
675 Reported-by: Jan Kratochvil <jan.kratochvil@redhat.com>
676 Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
677 Signed-off-by: Oleg Nesterov <oleg@redhat.com>
678 Link: http://lkml.kernel.org/r/20120416204815.GB24884@redhat.com
679 Cc: <stable@vger.kernel.org> v3.3
680 Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
682 arch/x86/kernel/i387.c | 1 +
683 1 files changed, 1 insertions(+), 0 deletions(-)
685 commit e21c05262f5cb25748625efe8c8955ec052772d8
686 Merge: daa5a9b 09bdf6a
687 Author: Brad Spengler <spender@grsecurity.net>
688 Date: Fri Apr 27 17:52:51 2012 -0400
690 Merge branch 'pax-test' into grsec-test
692 commit 09bdf6a25a5f726fa28e60d0594ecf58dd766696
693 Merge: 955435e d0c4f31
694 Author: Brad Spengler <spender@grsecurity.net>
695 Date: Fri Apr 27 17:52:43 2012 -0400
697 Merge branch 'linux-3.3.y' into pax-test
699 commit daa5a9b75978fafef5f453d3efb91723ad084539
700 Merge: 76b9055 955435e
701 Author: Brad Spengler <spender@grsecurity.net>
702 Date: Mon Apr 23 18:07:54 2012 -0400
704 Merge branch 'pax-test' into grsec-test
709 commit 955435e0efc1b188f632ca4d0918b133174a0fba
710 Author: Brad Spengler <spender@grsecurity.net>
711 Date: Mon Apr 23 17:53:48 2012 -0400
713 Update to pax-linux-3.3.3-test8.patch
715 arch/x86/kvm/svm.c | 1 -
716 drivers/gpu/drm/i915/intel_display.c | 8 +++++++-
717 drivers/video/uvesafb.c | 5 +++--
718 security/Kconfig | 1 +
719 tools/gcc/constify_plugin.c | 2 +-
720 5 files changed, 12 insertions(+), 5 deletions(-)
722 commit 76b90550e7c2202e102e09f48b77def5302b1298
723 Merge: ed57dbd e64c3b2
724 Author: Brad Spengler <spender@grsecurity.net>
725 Date: Sun Apr 22 20:52:35 2012 -0400
727 Upstream finally got around to fixing the ASLR infoleak I found and fixed
728 in grsecurity in 2009. Three years with the fix in plain sight in the patch,
729 yet still it wasn't known or fixed until I explicitly mentioned it to Kees.
730 (this seems to be a recurring theme)
732 Merge branch 'pax-test' into grsec-test
736 kernel/futex_compat.c
739 commit e64c3b2239335992182ff96235b81e2a87230b80
740 Merge: e538e1d fa023d5
741 Author: Brad Spengler <spender@grsecurity.net>
742 Date: Sun Apr 22 20:46:57 2012 -0400
744 Merge branch 'linux-3.3.y' into pax-test
746 commit ed57dbd68c344c1d0e6617247fb7e80e7db1d796
747 Author: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
748 Date: Fri Apr 13 03:35:13 2012 +0000
750 sparc64: Eliminate obsolete __handle_softirq() function
752 The invocation of softirq is now handled by irq_exit(), so there is no
753 need for sparc64 to invoke it on the trap-return path. In fact, doing so
754 is a bug because if the trap occurred in the idle loop, this invocation
755 can result in lockdep-RCU failures. The problem is that RCU ignores idle
756 CPUs, and the sparc64 trap-return path to the softirq handlers fails to
757 tell RCU that the CPU must be considered non-idle while those handlers
758 are executing. This means that RCU is ignoring any RCU read-side critical
759 sections in those handlers, which in turn means that RCU-protected data
760 can be yanked out from under those read-side critical sections.
762 The shiny new lockdep-RCU ability to detect RCU read-side critical sections
763 that RCU is ignoring located this problem.
765 The fix is straightforward: Make sparc64 stop manually invoking the
768 Reported-by: Meelis Roos <mroos@linux.ee>
769 Suggested-by: David Miller <davem@davemloft.net>
770 Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
771 Tested-by: Meelis Roos <mroos@linux.ee>
772 Cc: stable@vger.kernel.org
773 Signed-off-by: David S. Miller <davem@davemloft.net>
775 arch/sparc/kernel/rtrap_64.S | 7 -------
776 1 files changed, 0 insertions(+), 7 deletions(-)
778 commit e094cb83872b493ec77323eef91eaf409f13df79
779 Author: David S. Miller <davem@davemloft.net>
780 Date: Fri Apr 13 11:56:22 2012 -0700
782 sparc64: Fix bootup crash on sun4v.
784 The DS driver registers as a subsys_initcall() but this can be too
785 early, in particular this risks registering before we've had a chance
786 to allocate and setup module_kset in kernel/params.c which is
787 performed also as a subsyts_initcall().
789 Register DS using device_initcall() insteal.
791 Signed-off-by: David S. Miller <davem@davemloft.net>
792 Cc: stable@vger.kernel.org
794 arch/sparc/kernel/ds.c | 2 +-
795 1 files changed, 1 insertions(+), 1 deletions(-)
797 commit 2fe8dca41a62e05f6c0a0bf4852f8a8d0b8967e0
798 Author: Lubos Lunak <l.lunak@suse.cz>
799 Date: Wed Mar 21 14:08:24 2012 +0100
801 do not export kernel's NULL #define to userspace
803 GCC's NULL is actually __null, which allows detecting some questionable
804 NULL usage and warn about it. Moreover each platform/compiler should
805 have its own stddef.h anyway (which is different from linux/stddef.h).
807 So there's no good reason to leak kernel's NULL to userspace and
808 override what the compiler provides.
810 Signed-off-by: Luboš Luňák <l.lunak@suse.cz>
811 Acked-by: Arnd Bergmann <arnd@arndb.de>
812 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
814 include/linux/stddef.h | 8 ++------
815 1 files changed, 2 insertions(+), 6 deletions(-)
817 commit 7dc1db81ece569ccad1227ef72ab58c4f160c5f9
818 Author: Alex Williamson <alex.williamson@redhat.com>
819 Date: Wed Apr 11 09:51:49 2012 -0600
821 KVM: unmap pages from the iommu when slots are removed
823 We've been adding new mappings, but not destroying old mappings.
824 This can lead to a page leak as pages are pinned using
825 get_user_pages, but only unpinned with put_page if they still
826 exist in the memslots list on vm shutdown. A memslot that is
827 destroyed while an iommu domain is enabled for the guest will
828 therefore result in an elevated page reference count that is
831 Additionally, without this fix, the iommu is only programmed
832 with the first translation for a gpa. This can result in
833 peer-to-peer errors if a mapping is destroyed and replaced by a
834 new mapping at the same gpa as the iommu will still be pointing
835 to the original, pinned memory address.
837 Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
838 Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
840 include/linux/kvm_host.h | 6 ++++++
841 virt/kvm/iommu.c | 7 ++++++-
842 virt/kvm/kvm_main.c | 5 +++--
843 3 files changed, 15 insertions(+), 3 deletions(-)
845 commit b0e0913f11ccad2909d96833b21f3d1dd1dd187b
846 Author: Brad Spengler <spender@grsecurity.net>
847 Date: Thu Apr 19 20:27:57 2012 -0400
849 http://marc.info/?l=linux-kernel&m=133455712201581&w=2
851 Currently we do not validate the vector length before calling
852 get_user_pages_fast(), host stack would be easily overflowed by
853 malicious guest driver who give us a descriptor with length greater
854 than MAX_SKB_FRAGS. Solve this problem by checking the free entries
855 before trying to pin user pages.
857 Signed-off-by: Jason Wang <jasowang@redhat.com>
859 drivers/net/macvtap.c | 2 ++
860 1 files changed, 2 insertions(+), 0 deletions(-)
862 commit a3632ca0baf60466c650053eb72e1b047540e4cc
863 Author: Eric Paris <eparis@redhat.com>
864 Date: Tue Apr 17 16:26:54 2012 -0400
866 fcaps: clear the same personality flags as suid when fcaps are used
868 If a process increases permissions using fcaps all of the dangerous
869 personality flags which are cleared for suid apps should also be cleared.
870 Thus programs given priviledge with fcaps will continue to have address space
871 randomization enabled even if the parent tried to disable it to make it
874 Signed-off-by: Eric Paris <eparis@redhat.com>
875 Reviewed-by: Serge Hallyn <serge.hallyn@canonical.com>
876 Signed-off-by: James Morris <james.l.morris@oracle.com>
878 security/commoncap.c | 5 +++++
879 1 files changed, 5 insertions(+), 0 deletions(-)
881 commit 6bb89c4bd981848dd5647a2f3c933937d8e49a61
882 Merge: c7db64d e538e1d
883 Author: Brad Spengler <spender@grsecurity.net>
884 Date: Sun Apr 15 11:08:50 2012 -0400
886 Merge branch 'pax-test' into grsec-test
888 commit e538e1de0e33950814137a835b0402a097939c3f
889 Author: Brad Spengler <spender@grsecurity.net>
890 Date: Sun Apr 15 11:08:26 2012 -0400
892 Update to pax-linux-3.3.2-test7.patch
894 arch/x86/include/asm/cmpxchg.h | 4 ++--
895 arch/x86/include/asm/kvm_host.h | 2 +-
896 arch/x86/kvm/vmx.c | 1 -
897 include/asm-generic/pgtable.h | 4 ++--
898 kernel/panic.c | 2 +-
899 5 files changed, 6 insertions(+), 7 deletions(-)
901 commit c7db64db701e32d76797a3e07bc5c43c4029bb4b
902 Author: Jason Wessel <jason.wessel@windriver.com>
903 Date: Thu Apr 12 12:49:17 2012 -0700
905 panic: fix stack dump print on direct call to panic()
907 Commit 6e6f0a1f0fa6 ("panic: don't print redundant backtraces on oops")
908 causes a regression where no stack trace will be printed at all for the
909 case where kernel code calls panic() directly while not processing an
910 oops, and of course there are 100's of instances of this type of call.
912 The original commit executed the check (!oops_in_progress), but this will
913 always be false because just before the dump_stack() there is a call to
914 bust_spinlocks(1), which does the following:
916 void __attribute__((weak)) bust_spinlocks(int yes)
921 The proper way to resolve the problem that original commit tried to
922 solve is to avoid printing a stack dump from panic() when the either of
923 the following conditions is true:
925 1) TAINT_DIE has been set (this is done by oops_end())
926 This indicates and oops has already been printed.
927 2) oops_in_progress > 1
928 This guards against the rare case where panic() is invoked
929 a second time, or in between oops_begin() and oops_end()
931 Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
932 Cc: Andi Kleen <ak@linux.intel.com>
933 Cc: <stable@vger.kernel.org> [3.3+]
934 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
935 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
937 kernel/panic.c | 2 +-
938 1 files changed, 1 insertions(+), 1 deletions(-)
940 commit fa5fabf348ab41988ef87d20d24e3203c2aa8d40
941 Author: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
942 Date: Thu Apr 12 12:49:12 2012 -0700
944 drivers/char/random.c: fix boot id uniqueness race
946 /proc/sys/kernel/random/boot_id can be read concurrently by userspace
947 processes. If two (or more) user-space processes concurrently read
948 boot_id when sysctl_bootid is not yet assigned, a race can occur making
949 boot_id differ between the reads. Because the whole point of the boot id
950 is to be unique across a kernel execution, fix this by protecting this
951 operation with a spinlock.
953 Given that this operation is not frequently used, hitting the spinlock
954 on each call should not be an issue.
956 Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
957 Cc: "Theodore Ts'o" <tytso@mit.edu>
958 Cc: Matt Mackall <mpm@selenic.com>
959 Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
960 Cc: Greg Kroah-Hartman <greg@kroah.com>
961 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
962 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
964 drivers/char/random.c | 11 ++++++++---
965 1 files changed, 8 insertions(+), 3 deletions(-)
967 commit 9f055943f8c70a331e6066d154584b94b8a7e6ff
968 Merge: 15291162 69e4937
969 Author: Brad Spengler <spender@grsecurity.net>
970 Date: Fri Apr 13 16:10:29 2012 -0400
972 Merge branch 'pax-test' into grsec-test
977 commit 69e4937b96b2c03dbe975eb70991f89bbe448411
978 Merge: 0c851ef ad07d7b
979 Author: Brad Spengler <spender@grsecurity.net>
980 Date: Fri Apr 13 16:09:07 2012 -0400
982 Merge branch 'linux-3.3.y' into pax-test
984 commit 152911622e7f698d34ae653ea79060d3f518bcb7
985 Merge: 5c04558 0c851ef
986 Author: Brad Spengler <spender@grsecurity.net>
987 Date: Mon Apr 9 17:02:01 2012 -0400
989 Merge branch 'pax-test' into grsec-test
991 commit 0c851ef08806717abcb17f2e3f7156250a68e31a
992 Author: Brad Spengler <spender@grsecurity.net>
993 Date: Mon Apr 9 17:01:48 2012 -0400
995 Update to pax-linux-3.3.1-test7.patch
997 arch/x86/kernel/kdebugfs.c | 2 ++
998 arch/x86/mm/pgtable.c | 4 ++++
999 2 files changed, 6 insertions(+), 0 deletions(-)
1001 commit 5c04558d606ca8cfe925fa0d1c7cdcc7ad15b199
1002 Merge: 29547b5 8bb406f
1003 Author: Brad Spengler <spender@grsecurity.net>
1004 Date: Sun Apr 8 16:01:46 2012 -0400
1006 Merge branch 'pax-test' into grsec-test
1012 commit 29547b5c27a97d0e13bd59bc3869f270ec472d66
1013 Author: Brad Spengler <spender@grsecurity.net>
1014 Date: Sun Apr 8 15:59:33 2012 -0400
1016 Revert "Fix RLIMIT_AS accounting with brk randomization"
1018 This reverts commit e8719b11ed6e03b3c9c4ca769dcd9341af0ca411.
1020 fs/binfmt_elf.c | 2 +-
1022 2 files changed, 1 insertions(+), 3 deletions(-)
1024 commit 784a578e35994ada12d51ee064538c06f0ad527c
1025 Author: Brad Spengler <spender@grsecurity.net>
1026 Date: Sun Apr 8 15:59:14 2012 -0400
1028 Revert "Fix RLIMIT_AS checking with brk randomization"
1030 This reverts commit 0f5c00e65adef2b874afcaf36bd15898f1b07d1e.
1032 fs/binfmt_elf.c | 2 --
1034 2 files changed, 1 insertions(+), 6 deletions(-)
1036 commit 68018e31a67166e3459768a57bcb9827c42e4906
1037 Author: Brad Spengler <spender@grsecurity.net>
1038 Date: Sun Apr 8 15:58:59 2012 -0400
1040 Revert "set end_data before mmap of gap otherwise we'll be counting toward RLIMIT_AS"
1042 This reverts commit 3822d8ebbe141004d4b57c71cbc4ed2948753059.
1044 fs/binfmt_elf.c | 2 +-
1045 1 files changed, 1 insertions(+), 1 deletions(-)
1047 commit 22ed2b3ef411bfe753ddcb039f52a02336003f98
1048 Author: Brad Spengler <spender@grsecurity.net>
1049 Date: Sun Apr 8 15:58:40 2012 -0400
1051 Revert "Fix RLIMIT_AS checking with brk randomization"
1053 This reverts commit 5693e0379b65616a111084fc0db5e408ee716d54.
1055 fs/binfmt_elf.c | 2 ++
1057 2 files changed, 3 insertions(+), 1 deletions(-)
1059 commit dd0706106b0a4e80d65cb971262faedb2eff82cb
1060 Author: Brad Spengler <spender@grsecurity.net>
1061 Date: Sun Apr 8 15:58:12 2012 -0400
1063 Revert "fix wraparound"
1065 This reverts commit daa20cc1ecd09f3745ee2895af1385e02be79822.
1067 fs/binfmt_elf.c | 3 +--
1068 1 files changed, 1 insertions(+), 2 deletions(-)
1070 commit 803884ee45cb70ea06558aa4e409fbcff93d3d71
1071 Author: Brad Spengler <spender@grsecurity.net>
1072 Date: Sun Apr 8 15:56:40 2012 -0400
1074 Revert "fake start_brk value before mmap is processed"
1076 This reverts commit a18343183d8978e473d53569ed4d700ff798ad35.
1078 fs/binfmt_elf.c | 1 -
1079 1 files changed, 0 insertions(+), 1 deletions(-)
1081 commit 8bb406fb30151e48b05390fcbdf886c3a9f773f9
1082 Author: Brad Spengler <spender@grsecurity.net>
1083 Date: Sun Apr 8 15:55:34 2012 -0400
1085 Update to pax-linux-3.3.1-test6.patch
1087 Documentation/dontdiff | 1 +
1089 arch/x86/crypto/aesni-intel_glue.c | 2 +
1090 arch/x86/include/asm/floppy.h | 1 +
1091 arch/x86/include/asm/kvm_host.h | 6 +-
1092 arch/x86/include/asm/syscalls.h | 2 +-
1093 arch/x86/include/asm/uaccess_32.h | 31 +-
1094 arch/x86/include/asm/uaccess_64.h | 38 +-
1095 arch/x86/kernel/cpu/mcheck/mce-inject.c | 2 +
1096 arch/x86/kernel/cpu/mtrr/if.c | 2 +
1097 arch/x86/kernel/i387.c | 20 +
1098 arch/x86/kernel/ldt.c | 2 +
1099 arch/x86/kernel/microcode_intel.c | 1 +
1100 arch/x86/kernel/module.c | 1 +
1101 arch/x86/kernel/ptrace.c | 4 +
1102 arch/x86/kernel/setup_percpu.c | 4 +
1103 arch/x86/kernel/tls.h | 2 +-
1104 arch/x86/kernel/vm86_32.c | 3 +
1105 arch/x86/kvm/svm.c | 1 +
1106 arch/x86/kvm/vmx.c | 1 +
1107 arch/x86/kvm/x86.c | 21 +
1108 arch/x86/kvm/x86.h | 4 +-
1109 arch/x86/lib/usercopy_32.c | 6 +
1110 arch/x86/mm/pgtable.c | 12 +-
1111 arch/x86/platform/uv/tlb_uv.c | 4 +
1112 crypto/ablkcipher.c | 4 +
1114 crypto/blkcipher.c | 3 +
1115 crypto/cipher.c | 3 +
1116 drivers/acpi/battery.c | 3 +
1117 drivers/acpi/sbs.c | 3 +
1118 drivers/infiniband/hw/ipath/ipath_fs.c | 4 +
1119 drivers/infiniband/hw/qib/qib_fs.c | 4 +
1120 drivers/lguest/lguest_user.c | 1 +
1121 drivers/md/dm-raid1.c | 4 +
1122 drivers/md/dm-stripe.c | 1 +
1123 drivers/media/video/cpia2/cpia2_core.c | 1 +
1124 drivers/media/video/cx18/cx18-alsa-pcm.c | 2 +
1125 drivers/media/video/cx231xx/cx231xx-audio.c | 2 +
1126 drivers/media/video/em28xx/em28xx-audio.c | 2 +
1127 drivers/media/video/meye.c | 1 +
1128 drivers/media/video/saa7164/saa7164-encoder.c | 2 +
1129 drivers/media/video/saa7164/saa7164-vbi.c | 2 +
1130 drivers/media/video/videobuf-dma-contig.c | 1 +
1131 drivers/media/video/videobuf-dma-sg.c | 1 +
1132 drivers/media/video/videobuf-vmalloc.c | 1 +
1133 drivers/mtd/ubi/build.c | 16 +-
1134 drivers/mtd/ubi/debug.c | 2 +
1135 drivers/net/ethernet/chelsio/cxgb/sge.c | 2 +
1136 drivers/net/ethernet/chelsio/cxgb3/sge.c | 4 +
1137 drivers/net/ethernet/chelsio/cxgb4/sge.c | 3 +
1138 drivers/net/ethernet/chelsio/cxgb4vf/sge.c | 3 +
1139 drivers/net/wireless/ath/ath5k/debug.c | 3 +
1140 drivers/net/wireless/ath/ath9k/debug.c | 2 +
1141 drivers/net/wireless/ath/ath9k/htc_drv_debug.c | 2 +
1142 drivers/oprofile/oprofile_files.c | 5 +
1143 drivers/oprofile/oprofilefs.c | 1 +
1144 drivers/platform/x86/asus_acpi.c | 2 +
1145 drivers/platform/x86/toshiba_acpi.c | 2 +
1146 drivers/staging/rtl8192e/rtllib_module.c | 2 +
1147 .../staging/rtl8192u/ieee80211/ieee80211_module.c | 2 +
1148 drivers/usb/core/message.c | 4 +-
1149 fs/binfmt_elf.c | 1 +
1150 fs/cifs/asn1.c | 3 +
1151 fs/configfs/file.c | 2 +
1153 fs/ncpfs/ncplib_kernel.h | 4 +-
1154 fs/seq_file.c | 12 +-
1155 fs/sysfs/bin.c | 2 +
1156 fs/ubifs/debug.c | 3 +
1157 include/asm-generic/int-l64.h | 2 -
1158 include/asm-generic/int-ll64.h | 2 -
1159 include/asm-generic/uaccess.h | 11 +
1160 include/linux/compiler-gcc4.h | 3 +
1161 include/linux/compiler.h | 3 +
1162 include/linux/crash_dump.h | 2 +-
1163 include/linux/kvm_host.h | 14 +-
1164 include/linux/mm_types.h | 4 +-
1165 include/linux/moduleloader.h | 4 +-
1166 include/linux/oprofile.h | 2 +-
1167 include/linux/slab.h | 63 +-
1168 include/linux/slab_def.h | 6 +-
1169 include/linux/slob_def.h | 5 +-
1170 include/linux/slub_def.h | 10 +-
1171 include/linux/uaccess.h | 2 +-
1172 include/linux/vmalloc.h | 123 +-
1176 net/bridge/netfilter/ebt_ulog.c | 1 +
1177 net/ipv4/ah4.c | 2 +
1178 net/ipv4/netfilter/arp_tables.c | 10 +
1179 net/ipv4/netfilter/ip_tables.c | 11 +
1180 net/ipv4/netfilter/ipt_ULOG.c | 1 +
1181 net/ipv4/netfilter/nf_nat_snmp_basic.c | 6 +-
1182 net/ipv6/ah6.c | 2 +
1183 net/ipv6/netfilter/ip6_tables.c | 11 +
1184 scripts/mod/modpost.c | 2 +-
1185 scripts/tags.sh | 2 +-
1186 security/Kconfig | 15 +-
1187 tools/gcc/Makefile | 3 +
1188 tools/gcc/kernexec_plugin.c | 2 +-
1189 tools/gcc/size_overflow_hash1.h | 3047 ++++++++++++++++++++
1190 tools/gcc/size_overflow_hash2.h | 35 +
1191 tools/gcc/size_overflow_plugin.c | 1110 +++++++
1192 105 files changed, 4589 insertions(+), 261 deletions(-)
1194 commit 8b57bb1090a9dbe75bee876917e2522d278f004b
1195 Author: Brad Spengler <spender@grsecurity.net>
1196 Date: Sun Apr 8 15:40:58 2012 -0400
1198 Always allow use of AF_UNSPEC for already-connected sockets to disconnect
1200 grsecurity/gracl_ip.c | 3 +++
1201 1 files changed, 3 insertions(+), 0 deletions(-)
1203 commit 9f88f736253a3bffdaaefc2dfb97cba3761707aa
1204 Author: Eric Dumazet <eric.dumazet@gmail.com>
1205 Date: Thu Apr 5 22:17:46 2012 +0000
1207 netlink: fix races after skb queueing
1209 As soon as an skb is queued into socket receive_queue, another thread
1210 can consume it, so we are not allowed to reference skb anymore, or risk
1213 Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
1214 Signed-off-by: David S. Miller <davem@davemloft.net>
1216 net/netlink/af_netlink.c | 24 +++++++++++++-----------
1217 1 files changed, 13 insertions(+), 11 deletions(-)
1219 commit cdbca15d6401902654b96d3105113865c37941e4
1220 Author: Eric Dumazet <eric.dumazet@gmail.com>
1221 Date: Fri Apr 6 10:49:10 2012 +0200
1223 net: fix a race in sock_queue_err_skb()
1225 As soon as an skb is queued into socket error queue, another thread
1226 can consume it, so we are not allowed to reference skb anymore, or risk
1229 Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
1230 Signed-off-by: David S. Miller <davem@davemloft.net>
1232 net/core/skbuff.c | 4 +++-
1233 1 files changed, 3 insertions(+), 1 deletions(-)
1235 commit 96360cf85c2108f01a4fbbcfe6f63b4893f6a0fc
1236 Author: Brad Spengler <spender@grsecurity.net>
1237 Date: Sun Apr 8 10:13:28 2012 -0400
1239 always allow admin to follow ptrace'd execs
1240 no need for task_lock
1242 grsecurity/gracl.c | 19 ++++++++++++++++---
1243 1 files changed, 16 insertions(+), 3 deletions(-)
1245 commit 9b915f7c937489fc3625981b619006c496e4bdaf
1246 Author: Brad Spengler <spender@grsecurity.net>
1247 Date: Sun Apr 8 07:01:20 2012 -0400
1249 Require CAP_SYS_ADMIN for /sys/kernel/uevent_helper
1251 kernel/ksysfs.c | 2 ++
1252 1 files changed, 2 insertions(+), 0 deletions(-)
1254 commit ac1df8a3412ab214b392a7eaee2b96f3478c8469
1255 Author: Brad Spengler <spender@grsecurity.net>
1256 Date: Sun Apr 8 06:58:58 2012 -0400
1258 Require CAP_SYS_ADMIN for /proc/sysrq-trigger
1260 drivers/tty/sysrq.c | 2 +-
1261 1 files changed, 1 insertions(+), 1 deletions(-)
1263 commit a18343183d8978e473d53569ed4d700ff798ad35
1264 Author: Brad Spengler <spender@grsecurity.net>
1265 Date: Fri Apr 6 19:45:36 2012 -0400
1267 fake start_brk value before mmap is processed
1269 fs/binfmt_elf.c | 1 +
1270 1 files changed, 1 insertions(+), 0 deletions(-)
1272 commit daa20cc1ecd09f3745ee2895af1385e02be79822
1273 Author: Brad Spengler <spender@grsecurity.net>
1274 Date: Fri Apr 6 18:56:24 2012 -0400
1278 fs/binfmt_elf.c | 3 ++-
1279 1 files changed, 2 insertions(+), 1 deletions(-)
1281 commit 5693e0379b65616a111084fc0db5e408ee716d54
1282 Author: Brad Spengler <spender@grsecurity.net>
1283 Date: Fri Apr 6 18:14:20 2012 -0400
1285 Fix RLIMIT_AS checking with brk randomization
1287 fs/binfmt_elf.c | 2 --
1289 2 files changed, 1 insertions(+), 3 deletions(-)
1291 commit 3822d8ebbe141004d4b57c71cbc4ed2948753059
1292 Author: Brad Spengler <spender@grsecurity.net>
1293 Date: Thu Apr 5 21:23:00 2012 -0400
1295 set end_data before mmap of gap otherwise we'll be counting toward RLIMIT_AS
1297 fs/binfmt_elf.c | 2 +-
1298 1 files changed, 1 insertions(+), 1 deletions(-)
1300 commit 0f5c00e65adef2b874afcaf36bd15898f1b07d1e
1301 Author: Brad Spengler <spender@grsecurity.net>
1302 Date: Thu Apr 5 20:54:16 2012 -0400
1304 Fix RLIMIT_AS checking with brk randomization
1306 fs/binfmt_elf.c | 2 ++
1308 2 files changed, 6 insertions(+), 1 deletions(-)
1310 commit e8719b11ed6e03b3c9c4ca769dcd9341af0ca411
1311 Author: Brad Spengler <spender@grsecurity.net>
1312 Date: Thu Apr 5 19:53:46 2012 -0400
1314 Fix RLIMIT_AS accounting with brk randomization
1316 fs/binfmt_elf.c | 2 +-
1318 2 files changed, 3 insertions(+), 1 deletions(-)
1320 commit 71e7dbb7e5586987130b85faec1b689557ae89ea
1321 Merge: 236c100 d333553
1322 Author: Brad Spengler <spender@grsecurity.net>
1323 Date: Mon Apr 2 17:38:41 2012 -0400
1325 Merge branch 'pax-test' into grsec-test
1327 commit d333553e2c2b46b81ddeaa6c06e66d885f853514
1328 Merge: efbb92a 07a4483
1329 Author: Brad Spengler <spender@grsecurity.net>
1330 Date: Mon Apr 2 17:38:26 2012 -0400
1332 Merge branch 'linux-3.3.y' into pax-test
1335 arch/x86/net/bpf_jit_comp.c
1337 commit 236c100307ff0416f0ef17efe7540a2ce0077cbf
1338 Author: Dan Carpenter <dan.carpenter@oracle.com>
1339 Date: Sat Mar 24 10:52:50 2012 +0300
1341 x86, tls: Off by one limit check
1343 These are used as offsets into an array of GDT_ENTRY_TLS_ENTRIES members
1344 so GDT_ENTRY_TLS_ENTRIES is one past the end of the array.
1346 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
1347 Link: http://lkml.kernel.org/r/20120324075250.GA28258@elgon.mountain
1348 Cc: <stable@vger.kernel.org>
1349 Signed-off-by: H. Peter Anvin <hpa@zytor.com>
1351 arch/x86/kernel/tls.c | 4 ++--
1352 1 files changed, 2 insertions(+), 2 deletions(-)
1354 commit 7062ff9c0cada849bc7d984d6318d52be7647b44
1355 Author: Linus Torvalds <torvalds@linux-foundation.org>
1356 Date: Mon Mar 19 16:19:53 2012 -0700
1358 vfs: get rid of batshit-insane pointless dentry hash calculations
1360 For some odd historical reason, the final mixing round for the dentry
1361 cache hash table lookup had an insane "xor with big constant" logic. In
1364 The big constant that is being xor'ed is GOLDEN_RATIO_PRIME, which is a
1365 fairly random-looking number that is designed to be *multiplied* with so
1366 that the bits get spread out over a whole long-word.
1368 But xor'ing with it is insane. It doesn't really even change the hash -
1369 it really only shifts the hash around in the hash table. To make
1370 matters worse, the insane big constant is different on 32-bit and 64-bit
1371 builds, even though the name hash bits we use are always 32-bit (and the
1372 bits from the pointer we mix in effectively are too).
1374 It's all total voodoo programming, in other words.
1376 Now, some testing and analysis of the hash chains shows that the rest of
1377 the hash function seems to be fairly good. It does pick the right bits
1378 of the parent dentry pointer, for example, and while it's generally a
1379 bad idea to use an xor to mix down the upper bits (because if there is a
1380 repeating pattern, the xor can cause "destructive interference"), it
1381 seems to not have been a disaster.
1383 For example, replacing the hash with the normal "hash_long()" code (that
1384 uses the GOLDEN_RATIO_PRIME constant correctly, btw) actually just makes
1385 the hash worse. The hand-picked hash knew which bits of the pointer had
1386 the highest entropy, and hash_long() ends up mixing bits less optimally
1387 at least in some trivial tests.
1389 So the hash function overall seems fine, it just has that really odd
1390 "shift result around by a constant xor".
1392 So get rid of the silly xor, and replace the down-mixing of the bits
1393 with an add instead of an xor that tends to not have the same kind of
1394 destructive interference issues. Some stats on the resulting hash
1395 chains shows that they look statistically identical before and after,
1396 but the code is simpler and no longer makes you go "WTF?".
1398 Also, the incoming hash really is just "unsigned int", not a long, and
1399 there's no real point to worry about the high 26 bits of the dentry
1400 pointer for the 64-bit case, because they are all going to be identical
1403 So also change the hashing to be done in the more natural 'unsigned int'
1404 that is the real size of the actual hashed data anyway.
1406 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1408 fs/dcache.c | 6 +++---
1409 1 files changed, 3 insertions(+), 3 deletions(-)
1411 commit 1933ee4cf1ce8f256e0441323d0fa1555016ca3c
1412 Author: Oleg Nesterov <oleg@redhat.com>
1413 Date: Fri Mar 23 15:02:40 2012 -0700
1415 ptrace: don't send SIGTRAP on exec if SEIZED
1417 ptrace_event(PTRACE_EVENT_EXEC) sends SIGTRAP if PT_TRACE_EXEC is not
1418 set. This is because this SIGTRAP predates PTRACE_O_TRACEEXEC option,
1419 we do not need/want this with PT_SEIZED which can set the options during
1422 Suggested-by: Pedro Alves <palves@redhat.com>
1423 Signed-off-by: Oleg Nesterov <oleg@redhat.com>
1424 Cc: Chris Evans <scarybeasts@gmail.com>
1425 Cc: Indan Zupancic <indan@nul.nu>
1426 Cc: Denys Vlasenko <vda.linux@googlemail.com>
1427 Cc: Tejun Heo <tj@kernel.org>
1428 Cc: Pedro Alves <palves@redhat.com>
1429 Cc: Jan Kratochvil <jan.kratochvil@redhat.com>
1430 Cc: Steven Rostedt <rostedt@goodmis.org>
1431 Cc: Frederic Weisbecker <fweisbec@gmail.com>
1432 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
1433 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1435 include/linux/ptrace.h | 5 +++--
1436 1 files changed, 3 insertions(+), 2 deletions(-)
1438 commit 96b9985a386432ddefbca4f3ca3837fe72652e77
1439 Author: Dmitry Adamushko <dmitry.adamushko@gmail.com>
1440 Date: Thu Mar 22 21:39:25 2012 +0100
1442 x86-32: Fix endless loop when processing signals for kernel tasks
1444 The problem occurs on !CONFIG_VM86 kernels [1] when a kernel-mode task
1445 returns from a system call with a pending signal.
1447 A real-life scenario is a child of 'khelper' returning from a failed
1448 kernel_execve() in ____call_usermodehelper() [ kernel/kmod.c ].
1449 kernel_execve() fails due to a pending SIGKILL, which is the result of
1450 "kill -9 -1" (at least, busybox's init does it upon reboot).
1452 The loop is as follows:
1454 * syscall_exit_work:
1455 - work_pending: // start_of_the_loop
1457 - do_notify_resume()
1459 - if (!user_mode(regs)) return;
1460 - resume_userspace // TIF_SIGPENDING is still set
1461 - work_pending // so we call work_pending => goto
1462 // start_of_the_loop
1464 More information can be found in another LKML thread:
1465 http://www.serverphorums.com/read.php?12,457826
1467 [1] the problem was also seen on MIPS.
1469 Signed-off-by: Dmitry Adamushko <dmitry.adamushko@gmail.com>
1470 Link: http://lkml.kernel.org/r/1332448765.2299.68.camel@dimm
1471 Cc: Oleg Nesterov <oleg@redhat.com>
1472 Cc: Roland McGrath <roland@hack.frob.com>
1473 Cc: Andrew Morton <akpm@linux-foundation.org>
1474 Cc: <stable@vger.kernel.org>
1475 Signed-off-by: H. Peter Anvin <hpa@zytor.com>
1477 arch/x86/kernel/entry_32.S | 17 ++++++++++-------
1478 1 files changed, 10 insertions(+), 7 deletions(-)
1480 commit d2184c1098a46d3b1f96299f352d11f2e20da3b0
1481 Merge: 412185c efbb92a
1482 Author: Brad Spengler <spender@grsecurity.net>
1483 Date: Sun Mar 25 18:35:21 2012 -0400
1485 Merge branch 'pax-test' into grsec-test
1487 commit efbb92ad36e7e4f53482380f53a9cc38faca925d
1488 Author: Brad Spengler <spender@grsecurity.net>
1489 Date: Sun Mar 25 18:35:07 2012 -0400
1491 Update to pax-linux-3.3-test4.patch
1493 fs/binfmt_elf.c | 8 ++++----
1494 kernel/rcutiny_plugin.h | 2 +-
1495 2 files changed, 5 insertions(+), 5 deletions(-)
1497 commit 412185c4992a6b746d4afd039ba43ef234f67aad
1498 Author: Brad Spengler <spender@grsecurity.net>
1499 Date: Sat Mar 24 20:19:01 2012 -0400
1503 fs/proc/base.c | 12 +++++++-----
1504 1 files changed, 7 insertions(+), 5 deletions(-)
1506 commit c9ef1bf36c5145857ddec249fd3faac5507661cd
1507 Author: Brad Spengler <spender@grsecurity.net>
1508 Date: Sat Mar 24 20:03:33 2012 -0400
1510 Fix port of /proc restrictions
1512 fs/proc/base.c | 5 +++++
1513 1 files changed, 5 insertions(+), 0 deletions(-)
1515 commit 3eb9d8c8fef296ab41ac6db5e24f8472f2849ea9
1516 Merge: 0e19043 0570523
1517 Author: Brad Spengler <spender@grsecurity.net>
1518 Date: Sat Mar 24 19:35:37 2012 -0400
1520 Merge branch 'pax-test' into grsec-test
1522 commit 0570523cdca02dd228082b0152dd14140aa9b4d4
1523 Author: Brad Spengler <spender@grsecurity.net>
1524 Date: Sat Mar 24 19:34:11 2012 -0400
1526 Update to pax-linux-3.3-test3.patch
1527 reduces overcommit amount from recently increased brk entropy
1529 arch/arm/include/asm/atomic.h | 5 +++++
1530 fs/binfmt_elf.c | 27 ++++++++++++++++++++++-----
1532 3 files changed, 28 insertions(+), 6 deletions(-)
1534 commit 0e19043d13ef5ba8c833d075d49b5cfb1bdfec53
1535 Author: Brad Spengler <spender@grsecurity.net>
1536 Date: Sat Mar 24 19:25:48 2012 -0400
1540 fs/proc/base.c | 22 +++++++++++++---------
1541 1 files changed, 13 insertions(+), 9 deletions(-)
1543 commit 9a90e1cffec9080574cef64611b1828690a6f3d8
1544 Author: Brad Spengler <spender@grsecurity.net>
1545 Date: Sat Mar 24 19:20:34 2012 -0400
1549 grsecurity/gracl.c | 25 ++++++++++++++++---------
1550 grsecurity/grsec_chroot.c | 4 ++--
1551 2 files changed, 18 insertions(+), 11 deletions(-)
1553 commit 485755bfa7629914889409b5aa18d614fedaf873
1554 Author: Brad Spengler <spender@grsecurity.net>
1555 Date: Sat Mar 24 18:34:44 2012 -0400
1559 fs/proc/base.c | 4 ++--
1560 grsecurity/grsec_chroot.c | 3 +--
1561 2 files changed, 3 insertions(+), 4 deletions(-)
1563 commit e796b6a7bd9f204ae918e9bef8b6aa7650735e77
1564 Author: Brad Spengler <spender@grsecurity.net>
1565 Date: Sat Mar 24 18:30:36 2012 -0400
1569 fs/proc/base.c | 10 ++--------
1570 grsecurity/grsec_chroot.c | 1 +
1571 grsecurity/grsec_exec.c | 2 ++
1572 3 files changed, 5 insertions(+), 8 deletions(-)
1574 commit 75f929048fd30016197a1d3b265b46591b985e72
1575 Author: Brad Spengler <spender@grsecurity.net>
1576 Date: Sat Mar 24 18:19:34 2012 -0400
1580 kernel/fork.c | 2 +-
1581 1 files changed, 1 insertions(+), 1 deletions(-)
1583 commit f5d20702ca626d8ed7c7cdb3312f02dcf7eb0fe8
1584 Author: Brad Spengler <spender@grsecurity.net>
1585 Date: Sat Mar 24 18:16:51 2012 -0400
1587 Initial patch of grsecurity 2.9 for Linux 3.3
1590 arch/alpha/include/asm/cache.h | 4 +-
1591 arch/arm/include/asm/cache.h | 2 +
1592 arch/arm/kernel/traps.c | 5 +
1593 arch/arm/mach-ux500/mbox-db5500.c | 2 +-
1594 arch/avr32/include/asm/cache.h | 4 +-
1595 arch/blackfin/include/asm/cache.h | 3 +-
1596 arch/cris/include/arch-v10/arch/cache.h | 3 +-
1597 arch/cris/include/arch-v32/arch/cache.h | 3 +-
1598 arch/frv/include/asm/cache.h | 3 +-
1599 arch/h8300/include/asm/cache.h | 4 +-
1600 arch/hexagon/include/asm/cache.h | 6 +-
1601 arch/ia64/include/asm/cache.h | 3 +-
1602 arch/m32r/include/asm/cache.h | 4 +-
1603 arch/m68k/include/asm/cache.h | 4 +-
1604 arch/microblaze/include/asm/cache.h | 3 +-
1605 arch/mips/include/asm/cache.h | 3 +-
1606 arch/mn10300/proc-mn103e010/include/proc/cache.h | 4 +-
1607 arch/mn10300/proc-mn2ws0050/include/proc/cache.h | 4 +-
1608 arch/openrisc/include/asm/cache.h | 4 +-
1609 arch/parisc/include/asm/cache.h | 5 +-
1610 arch/powerpc/include/asm/cache.h | 3 +-
1611 arch/powerpc/kernel/process.c | 10 +-
1612 arch/powerpc/kernel/traps.c | 5 +
1613 arch/s390/include/asm/cache.h | 4 +-
1614 arch/score/include/asm/cache.h | 4 +-
1615 arch/sh/include/asm/cache.h | 3 +-
1616 arch/sparc/Makefile | 2 +-
1617 arch/sparc/include/asm/cache.h | 4 +-
1618 arch/sparc/kernel/process_32.c | 8 +-
1619 arch/sparc/kernel/process_64.c | 8 +-
1620 arch/sparc/kernel/traps_32.c | 8 +-
1621 arch/sparc/kernel/traps_64.c | 28 +-
1622 arch/sparc/kernel/unaligned_64.c | 2 +-
1623 arch/sparc/mm/fault_64.c | 2 +-
1624 arch/tile/include/asm/cache.h | 3 +-
1625 arch/um/include/asm/cache.h | 3 +-
1626 arch/unicore32/include/asm/cache.h | 6 +-
1627 arch/x86/Kconfig | 5 +-
1628 arch/x86/ia32/ia32_aout.c | 2 +
1629 arch/x86/kernel/acpi/realmode/wakeup.S | 4 +
1630 arch/x86/kernel/dumpstack.c | 8 +
1631 arch/x86/kernel/entry_32.S | 2 +-
1632 arch/x86/kernel/entry_64.S | 2 +-
1633 arch/x86/kernel/ioport.c | 13 +
1634 arch/x86/kernel/verify_cpu.S | 1 +
1635 arch/x86/kernel/vm86_32.c | 16 +
1636 arch/x86/mm/fault.c | 11 +-
1637 arch/x86/mm/init.c | 15 +
1638 arch/xtensa/variants/dc232b/include/variant/core.h | 2 +-
1639 arch/xtensa/variants/fsf/include/variant/core.h | 3 +-
1640 arch/xtensa/variants/s6000/include/variant/core.h | 3 +-
1641 drivers/block/cciss.c | 2 +
1642 drivers/char/Kconfig | 4 +-
1643 drivers/char/briq_panel.c | 8 +-
1644 drivers/char/genrtc.c | 1 +
1645 drivers/char/mem.c | 17 +
1646 drivers/char/random.c | 12 +
1647 drivers/gpu/drm/drm_info.c | 4 +
1648 drivers/message/fusion/mptbase.c | 5 +
1649 drivers/pci/proc.c | 9 +
1650 drivers/rtc/rtc-dev.c | 3 +
1651 drivers/tty/vt/keyboard.c | 10 +
1652 drivers/tty/vt/vt_ioctl.c | 12 +-
1653 drivers/video/logo/logo_linux_clut224.ppm | 2721 ++++++--------
1655 fs/binfmt_aout.c | 7 +
1656 fs/binfmt_elf.c | 6 +
1657 fs/btrfs/inode.c | 10 +-
1658 fs/btrfs/ioctl.c | 6 +-
1659 fs/ceph/dir.c | 2 +-
1661 fs/debugfs/inode.c | 4 +
1663 fs/ext2/balloc.c | 2 +-
1664 fs/ext3/balloc.c | 5 +-
1665 fs/ext4/balloc.c | 4 +-
1668 fs/filesystems.c | 5 +
1669 fs/fs_struct.c | 11 +-
1670 fs/hugetlbfs/inode.c | 2 +-
1672 fs/namespace.c | 24 +
1675 fs/proc/Kconfig | 10 +-
1676 fs/proc/array.c | 61 +-
1677 fs/proc/base.c | 171 +-
1678 fs/proc/cmdline.c | 4 +
1679 fs/proc/devices.c | 4 +
1680 fs/proc/inode.c | 17 +
1681 fs/proc/internal.h | 3 +
1682 fs/proc/kcore.c | 3 +
1683 fs/proc/proc_net.c | 11 +
1684 fs/proc/proc_sysctl.c | 31 +-
1685 fs/proc/root.c | 8 +
1686 fs/proc/task_mmu.c | 67 +-
1690 fs/sysfs/dir.c | 12 +
1693 grsecurity/Kconfig | 1078 +++++
1694 grsecurity/Makefile | 38 +
1695 grsecurity/gracl.c | 4172 ++++++++++++++++++++
1696 grsecurity/gracl_alloc.c | 105 +
1697 grsecurity/gracl_cap.c | 110 +
1698 grsecurity/gracl_fs.c | 435 ++
1699 grsecurity/gracl_ip.c | 381 ++
1700 grsecurity/gracl_learn.c | 207 +
1701 grsecurity/gracl_res.c | 68 +
1702 grsecurity/gracl_segv.c | 299 ++
1703 grsecurity/gracl_shm.c | 40 +
1704 grsecurity/grsec_chdir.c | 19 +
1705 grsecurity/grsec_chroot.c | 368 ++
1706 grsecurity/grsec_disabled.c | 437 ++
1707 grsecurity/grsec_exec.c | 172 +
1708 grsecurity/grsec_fifo.c | 24 +
1709 grsecurity/grsec_fork.c | 23 +
1710 grsecurity/grsec_init.c | 277 ++
1711 grsecurity/grsec_link.c | 43 +
1712 grsecurity/grsec_log.c | 322 ++
1713 grsecurity/grsec_mem.c | 40 +
1714 grsecurity/grsec_mount.c | 62 +
1715 grsecurity/grsec_pax.c | 36 +
1716 grsecurity/grsec_ptrace.c | 30 +
1717 grsecurity/grsec_sig.c | 207 +
1718 grsecurity/grsec_sock.c | 244 ++
1719 grsecurity/grsec_sysctl.c | 451 +++
1720 grsecurity/grsec_time.c | 16 +
1721 grsecurity/grsec_tpe.c | 73 +
1722 grsecurity/grsum.c | 61 +
1723 include/linux/capability.h | 2 +
1724 include/linux/cred.h | 3 +
1725 include/linux/gracl.h | 319 ++
1726 include/linux/gralloc.h | 9 +
1727 include/linux/grdefs.h | 140 +
1728 include/linux/grinternal.h | 221 ++
1729 include/linux/grmsg.h | 109 +
1730 include/linux/grsecurity.h | 232 ++
1731 include/linux/grsock.h | 19 +
1732 include/linux/kallsyms.h | 13 +-
1733 include/linux/kmod.h | 2 +
1734 include/linux/netfilter/xt_gradm.h | 9 +
1735 include/linux/personality.h | 1 +
1736 include/linux/proc_fs.h | 12 +
1737 include/linux/sched.h | 54 +-
1738 include/linux/security.h | 1 +
1739 include/linux/seq_file.h | 3 +
1740 include/linux/shm.h | 4 +
1741 include/linux/sysctl.h | 2 +
1742 include/linux/tracehook.h | 9 +-
1743 include/linux/vermagic.h | 9 +-
1748 kernel/capability.c | 32 +-
1749 kernel/compat.c | 1 +
1750 kernel/configs.c | 11 +
1751 kernel/cred.c | 99 +-
1752 kernel/exit.c | 25 +-
1753 kernel/fork.c | 15 +-
1754 kernel/futex.c | 5 +
1755 kernel/futex_compat.c | 8 +-
1756 kernel/kallsyms.c | 8 +
1757 kernel/kmod.c | 64 +-
1758 kernel/module.c | 80 +-
1759 kernel/panic.c | 4 +-
1760 kernel/pid.c | 19 +-
1761 kernel/posix-cpu-timers.c | 1 +
1762 kernel/posix-timers.c | 8 +
1763 kernel/printk.c | 5 +
1764 kernel/ptrace.c | 20 +-
1765 kernel/resource.c | 10 +
1766 kernel/sched/core.c | 21 +-
1767 kernel/signal.c | 37 +-
1768 kernel/sys.c | 43 +-
1769 kernel/sysctl.c | 51 +-
1770 kernel/sysctl_check.c | 1 +
1771 kernel/taskstats.c | 6 +
1773 kernel/time/timekeeping.c | 3 +
1774 kernel/time/timer_list.c | 12 +
1775 kernel/time/timer_stats.c | 8 +
1776 lib/Kconfig.debug | 1 +
1777 lib/is_single_threaded.c | 3 +
1778 lib/vsprintf.c | 18 +-
1779 localversion-grsec | 1 +
1782 mm/kmemleak.c | 2 +-
1783 mm/mempolicy.c | 11 +-
1784 mm/migrate.c | 11 +-
1788 mm/page_alloc.c | 6 +
1789 mm/process_vm_access.c | 6 +
1794 net/core/dev.c | 4 +
1795 net/core/sock.c | 2 +-
1796 net/core/sock_diag.c | 7 +
1797 net/econet/Kconfig | 2 +-
1798 net/ipv4/inet_hashtables.c | 5 +
1799 net/ipv4/ip_sockglue.c | 3 +-
1800 net/ipv4/raw.c | 8 +-
1801 net/ipv4/tcp_ipv4.c | 42 +-
1802 net/ipv4/tcp_minisocks.c | 8 +
1803 net/ipv4/tcp_timer.c | 11 +
1804 net/ipv4/udp.c | 31 +-
1805 net/ipv6/raw.c | 8 +-
1806 net/ipv6/tcp_ipv6.c | 46 +-
1807 net/ipv6/udp.c | 14 +-
1808 net/netfilter/Kconfig | 10 +
1809 net/netfilter/Makefile | 1 +
1810 net/netfilter/xt_gradm.c | 51 +
1811 net/netrom/af_netrom.c | 2 +-
1812 net/phonet/af_phonet.c | 4 +-
1813 net/phonet/socket.c | 7 +-
1814 net/sctp/proc.c | 3 +-
1815 net/socket.c | 62 +-
1816 net/sysctl_net.c | 2 +-
1817 net/unix/af_unix.c | 20 +
1818 scripts/Makefile.build | 2 +-
1819 security/Kconfig | 87 +-
1820 security/apparmor/lsm.c | 2 +-
1821 security/commoncap.c | 4 +
1822 security/min_addr.c | 2 +
1823 security/security.c | 2 -
1824 security/selinux/hooks.c | 2 -
1825 tools/gcc/Makefile | 2 +-
1826 237 files changed, 14385 insertions(+), 1923 deletions(-)
1828 commit 65a4fc291c85027ea1be6b06dc99d3cfcd07a1d9
1829 Author: Brad Spengler <spender@grsecurity.net>
1830 Date: Sat Mar 24 15:31:31 2012 -0400
1832 Import pax-linux-3.3-test2.patch
1834 Documentation/dontdiff | 29 +-
1835 Documentation/kernel-parameters.txt | 7 +
1837 arch/alpha/include/asm/atomic.h | 10 +
1838 arch/alpha/include/asm/elf.h | 7 +
1839 arch/alpha/include/asm/pgtable.h | 11 +
1840 arch/alpha/kernel/module.c | 2 +-
1841 arch/alpha/kernel/osf_sys.c | 10 +-
1842 arch/alpha/mm/fault.c | 141 +++++-
1843 arch/arm/include/asm/atomic.h | 394 ++++++++++++-
1844 arch/arm/include/asm/cache.h | 2 +-
1845 arch/arm/include/asm/cacheflush.h | 2 +-
1846 arch/arm/include/asm/elf.h | 13 +-
1847 arch/arm/include/asm/kmap_types.h | 1 +
1848 arch/arm/include/asm/outercache.h | 2 +-
1849 arch/arm/include/asm/page.h | 2 +-
1850 arch/arm/include/asm/system.h | 9 +
1851 arch/arm/include/asm/uaccess.h | 27 +-
1852 arch/arm/kernel/armksyms.c | 4 +-
1853 arch/arm/kernel/process.c | 10 +-
1854 arch/arm/kernel/setup.c | 6 +-
1855 arch/arm/lib/copy_from_user.S | 6 +-
1856 arch/arm/lib/copy_page.S | 1 +
1857 arch/arm/lib/copy_to_user.S | 6 +-
1858 arch/arm/lib/uaccess.S | 12 +-
1859 arch/arm/lib/uaccess_with_memcpy.c | 2 +-
1860 arch/arm/mach-omap2/board-n8x0.c | 2 +-
1861 arch/arm/mm/fault.c | 48 ++
1862 arch/arm/mm/mmap.c | 31 +-
1863 arch/arm/plat-samsung/include/plat/dma-ops.h | 2 +-
1864 arch/arm/plat-samsung/include/plat/ehci.h | 2 +-
1865 arch/avr32/include/asm/elf.h | 8 +-
1866 arch/avr32/include/asm/kmap_types.h | 3 +-
1867 arch/avr32/mm/fault.c | 27 +
1868 arch/frv/include/asm/atomic.h | 10 +
1869 arch/frv/include/asm/kmap_types.h | 1 +
1870 arch/frv/mm/elf-fdpic.c | 7 +-
1871 arch/ia64/include/asm/atomic.h | 10 +
1872 arch/ia64/include/asm/elf.h | 7 +
1873 arch/ia64/include/asm/pgtable.h | 13 +-
1874 arch/ia64/include/asm/spinlock.h | 2 +-
1875 arch/ia64/include/asm/uaccess.h | 4 +-
1876 arch/ia64/kernel/module.c | 48 ++-
1877 arch/ia64/kernel/sys_ia64.c | 13 +-
1878 arch/ia64/kernel/vmlinux.lds.S | 2 +-
1879 arch/ia64/mm/fault.c | 33 +-
1880 arch/ia64/mm/hugetlbpage.c | 2 +-
1881 arch/ia64/mm/init.c | 13 +
1882 arch/m32r/lib/usercopy.c | 6 +
1883 arch/mips/include/asm/atomic.h | 14 +
1884 arch/mips/include/asm/elf.h | 11 +-
1885 arch/mips/include/asm/page.h | 2 +-
1886 arch/mips/include/asm/system.h | 2 +-
1887 arch/mips/kernel/binfmt_elfn32.c | 7 +
1888 arch/mips/kernel/binfmt_elfo32.c | 7 +
1889 arch/mips/kernel/process.c | 12 -
1890 arch/mips/mm/fault.c | 17 +
1891 arch/mips/mm/mmap.c | 41 +-
1892 arch/parisc/include/asm/atomic.h | 10 +
1893 arch/parisc/include/asm/elf.h | 7 +
1894 arch/parisc/include/asm/pgtable.h | 11 +
1895 arch/parisc/kernel/module.c | 50 ++-
1896 arch/parisc/kernel/sys_parisc.c | 6 +-
1897 arch/parisc/kernel/traps.c | 4 +-
1898 arch/parisc/mm/fault.c | 140 +++++-
1899 arch/powerpc/include/asm/atomic.h | 10 +
1900 arch/powerpc/include/asm/elf.h | 18 +-
1901 arch/powerpc/include/asm/kmap_types.h | 1 +
1902 arch/powerpc/include/asm/mman.h | 2 +-
1903 arch/powerpc/include/asm/page.h | 8 +-
1904 arch/powerpc/include/asm/page_64.h | 7 +-
1905 arch/powerpc/include/asm/pgtable.h | 1 +
1906 arch/powerpc/include/asm/pte-hash32.h | 1 +
1907 arch/powerpc/include/asm/reg.h | 1 +
1908 arch/powerpc/include/asm/system.h | 2 +-
1909 arch/powerpc/include/asm/uaccess.h | 142 +++--
1910 arch/powerpc/kernel/exceptions-64e.S | 4 +-
1911 arch/powerpc/kernel/exceptions-64s.S | 2 +-
1912 arch/powerpc/kernel/irq.c | 10 +-
1913 arch/powerpc/kernel/module_32.c | 13 +-
1914 arch/powerpc/kernel/process.c | 55 --
1915 arch/powerpc/kernel/signal_32.c | 2 +-
1916 arch/powerpc/kernel/signal_64.c | 2 +-
1917 arch/powerpc/kernel/vdso.c | 5 +-
1918 arch/powerpc/lib/usercopy_64.c | 18 -
1919 arch/powerpc/mm/fault.c | 55 ++-
1920 arch/powerpc/mm/mmap_64.c | 12 +
1921 arch/powerpc/mm/slice.c | 23 +-
1922 arch/s390/include/asm/atomic.h | 10 +
1923 arch/s390/include/asm/elf.h | 13 +-
1924 arch/s390/include/asm/system.h | 2 +-
1925 arch/s390/include/asm/uaccess.h | 11 +
1926 arch/s390/kernel/module.c | 22 +-
1927 arch/s390/kernel/process.c | 36 --
1928 arch/s390/mm/mmap.c | 24 +
1929 arch/score/include/asm/system.h | 2 +-
1930 arch/score/kernel/process.c | 5 -
1931 arch/sh/mm/mmap.c | 24 +-
1932 arch/sparc/include/asm/atomic_64.h | 106 +++-
1933 arch/sparc/include/asm/cache.h | 2 +-
1934 arch/sparc/include/asm/elf_32.h | 7 +
1935 arch/sparc/include/asm/elf_64.h | 7 +
1936 arch/sparc/include/asm/pgtable_32.h | 17 +
1937 arch/sparc/include/asm/pgtsrmmu.h | 7 +
1938 arch/sparc/include/asm/spinlock_64.h | 35 +-
1939 arch/sparc/include/asm/thread_info_32.h | 2 +
1940 arch/sparc/include/asm/thread_info_64.h | 2 +
1941 arch/sparc/include/asm/uaccess.h | 8 +
1942 arch/sparc/include/asm/uaccess_32.h | 27 +-
1943 arch/sparc/include/asm/uaccess_64.h | 19 +-
1944 arch/sparc/kernel/Makefile | 2 +-
1945 arch/sparc/kernel/sys_sparc_32.c | 4 +-
1946 arch/sparc/kernel/sys_sparc_64.c | 52 +-
1947 arch/sparc/kernel/traps_64.c | 13 +-
1948 arch/sparc/lib/Makefile | 2 +-
1949 arch/sparc/lib/atomic_64.S | 148 +++++-
1950 arch/sparc/lib/ksyms.c | 6 +
1951 arch/sparc/mm/Makefile | 2 +-
1952 arch/sparc/mm/fault_32.c | 283 +++++++++
1953 arch/sparc/mm/fault_64.c | 477 +++++++++++++++
1954 arch/sparc/mm/hugetlbpage.c | 16 +-
1955 arch/sparc/mm/init_32.c | 15 +-
1956 arch/sparc/mm/srmmu.c | 7 +
1957 arch/tile/include/asm/atomic_64.h | 10 +
1958 arch/um/Makefile | 4 +
1959 arch/um/include/asm/kmap_types.h | 1 +
1960 arch/um/include/asm/page.h | 3 +
1961 arch/um/kernel/process.c | 16 -
1962 arch/x86/Kconfig | 9 +-
1963 arch/x86/Kconfig.cpu | 6 +-
1964 arch/x86/Kconfig.debug | 4 +-
1965 arch/x86/Makefile | 10 +
1966 arch/x86/boot/Makefile | 3 +
1967 arch/x86/boot/bitops.h | 4 +-
1968 arch/x86/boot/boot.h | 4 +-
1969 arch/x86/boot/compressed/Makefile | 3 +
1970 arch/x86/boot/compressed/head_32.S | 7 +-
1971 arch/x86/boot/compressed/head_64.S | 4 +-
1972 arch/x86/boot/compressed/misc.c | 4 +-
1973 arch/x86/boot/compressed/relocs.c | 85 +++-
1974 arch/x86/boot/cpucheck.c | 28 +-
1975 arch/x86/boot/header.S | 2 +-
1976 arch/x86/boot/memory.c | 2 +-
1977 arch/x86/boot/video-vesa.c | 1 +
1978 arch/x86/boot/video.c | 2 +-
1979 arch/x86/crypto/aes-x86_64-asm_64.S | 4 +
1980 arch/x86/crypto/aesni-intel_asm.S | 31 +
1981 arch/x86/crypto/blowfish-x86_64-asm_64.S | 8 +
1982 arch/x86/crypto/salsa20-x86_64-asm_64.S | 5 +
1983 arch/x86/crypto/serpent-sse2-x86_64-asm_64.S | 5 +
1984 arch/x86/crypto/sha1_ssse3_asm.S | 3 +
1985 arch/x86/crypto/twofish-x86_64-asm_64-3way.S | 5 +
1986 arch/x86/crypto/twofish-x86_64-asm_64.S | 3 +
1987 arch/x86/ia32/ia32_signal.c | 20 +-
1988 arch/x86/ia32/ia32entry.S | 126 +++-
1989 arch/x86/ia32/sys_ia32.c | 18 +-
1990 arch/x86/include/asm/alternative-asm.h | 39 ++
1991 arch/x86/include/asm/alternative.h | 2 +-
1992 arch/x86/include/asm/apic.h | 2 +-
1993 arch/x86/include/asm/apm.h | 4 +-
1994 arch/x86/include/asm/atomic.h | 285 +++++++++-
1995 arch/x86/include/asm/atomic64_32.h | 100 +++
1996 arch/x86/include/asm/atomic64_64.h | 202 ++++++-
1997 arch/x86/include/asm/bitops.h | 2 +-
1998 arch/x86/include/asm/boot.h | 7 +-
1999 arch/x86/include/asm/cache.h | 5 +-
2000 arch/x86/include/asm/cacheflush.h | 2 +-
2001 arch/x86/include/asm/checksum_32.h | 12 +-
2002 arch/x86/include/asm/cmpxchg.h | 35 ++
2003 arch/x86/include/asm/cpufeature.h | 2 +-
2004 arch/x86/include/asm/desc.h | 65 ++-
2005 arch/x86/include/asm/desc_defs.h | 6 +
2006 arch/x86/include/asm/e820.h | 2 +-
2007 arch/x86/include/asm/elf.h | 27 +-
2008 arch/x86/include/asm/emergency-restart.h | 2 +-
2009 arch/x86/include/asm/futex.h | 14 +-
2010 arch/x86/include/asm/hw_irq.h | 4 +-
2011 arch/x86/include/asm/i387.h | 14 +-
2012 arch/x86/include/asm/io.h | 11 +
2013 arch/x86/include/asm/irqflags.h | 5 +
2014 arch/x86/include/asm/kprobes.h | 9 +-
2015 arch/x86/include/asm/kvm_host.h | 2 +-
2016 arch/x86/include/asm/local.h | 94 +++-
2017 arch/x86/include/asm/mman.h | 10 +
2018 arch/x86/include/asm/mmu.h | 16 +-
2019 arch/x86/include/asm/mmu_context.h | 76 +++-
2020 arch/x86/include/asm/module.h | 17 +-
2021 arch/x86/include/asm/page_64_types.h | 2 +-
2022 arch/x86/include/asm/paravirt.h | 44 ++-
2023 arch/x86/include/asm/paravirt_types.h | 19 +-
2024 arch/x86/include/asm/pgalloc.h | 7 +
2025 arch/x86/include/asm/pgtable-2level.h | 2 +
2026 arch/x86/include/asm/pgtable-3level.h | 4 +
2027 arch/x86/include/asm/pgtable.h | 110 ++++-
2028 arch/x86/include/asm/pgtable_32.h | 14 +-
2029 arch/x86/include/asm/pgtable_32_types.h | 15 +-
2030 arch/x86/include/asm/pgtable_64.h | 17 +-
2031 arch/x86/include/asm/pgtable_64_types.h | 5 +
2032 arch/x86/include/asm/pgtable_types.h | 36 +-
2033 arch/x86/include/asm/processor.h | 35 +-
2034 arch/x86/include/asm/ptrace.h | 18 +-
2035 arch/x86/include/asm/reboot.h | 12 +-
2036 arch/x86/include/asm/rwsem.h | 60 ++-
2037 arch/x86/include/asm/segment.h | 22 +-
2038 arch/x86/include/asm/smp.h | 14 +-
2039 arch/x86/include/asm/spinlock.h | 36 +-
2040 arch/x86/include/asm/stackprotector.h | 4 +-
2041 arch/x86/include/asm/stacktrace.h | 32 +-
2042 arch/x86/include/asm/sys_ia32.h | 2 +-
2043 arch/x86/include/asm/system.h | 10 +-
2044 arch/x86/include/asm/thread_info.h | 87 +--
2045 arch/x86/include/asm/uaccess.h | 93 +++-
2046 arch/x86/include/asm/uaccess_32.h | 95 +++-
2047 arch/x86/include/asm/uaccess_64.h | 272 +++++++---
2048 arch/x86/include/asm/vdso.h | 2 +-
2049 arch/x86/include/asm/x86_init.h | 26 +-
2050 arch/x86/include/asm/xsave.h | 12 +-
2051 arch/x86/kernel/acpi/realmode/Makefile | 3 +
2052 arch/x86/kernel/acpi/sleep.c | 4 +
2053 arch/x86/kernel/acpi/wakeup_32.S | 6 +-
2054 arch/x86/kernel/alternative.c | 65 ++-
2055 arch/x86/kernel/apic/apic.c | 4 +-
2056 arch/x86/kernel/apic/io_apic.c | 8 +-
2057 arch/x86/kernel/apm_32.c | 19 +-
2058 arch/x86/kernel/asm-offsets.c | 20 +
2059 arch/x86/kernel/asm-offsets_64.c | 1 +
2060 arch/x86/kernel/cpu/Makefile | 4 -
2061 arch/x86/kernel/cpu/amd.c | 2 +-
2062 arch/x86/kernel/cpu/common.c | 77 +--
2063 arch/x86/kernel/cpu/intel.c | 2 +-
2064 arch/x86/kernel/cpu/mcheck/mce.c | 27 +-
2065 arch/x86/kernel/cpu/mcheck/p5.c | 3 +
2066 arch/x86/kernel/cpu/mcheck/winchip.c | 3 +
2067 arch/x86/kernel/cpu/mtrr/main.c | 2 +-
2068 arch/x86/kernel/cpu/mtrr/mtrr.h | 2 +-
2069 arch/x86/kernel/cpu/perf_event.c | 2 +-
2070 arch/x86/kernel/crash.c | 4 +-
2071 arch/x86/kernel/doublefault_32.c | 8 +-
2072 arch/x86/kernel/dumpstack.c | 29 +-
2073 arch/x86/kernel/dumpstack_32.c | 32 +-
2074 arch/x86/kernel/dumpstack_64.c | 58 ++-
2075 arch/x86/kernel/early_printk.c | 1 +
2076 arch/x86/kernel/entry_32.S | 378 ++++++++++--
2077 arch/x86/kernel/entry_64.S | 512 ++++++++++++++--
2078 arch/x86/kernel/ftrace.c | 14 +-
2079 arch/x86/kernel/head32.c | 4 +-
2080 arch/x86/kernel/head_32.S | 244 +++++++--
2081 arch/x86/kernel/head_64.S | 158 ++++--
2082 arch/x86/kernel/i386_ksyms_32.c | 8 +
2083 arch/x86/kernel/i8259.c | 2 +-
2084 arch/x86/kernel/init_task.c | 7 +-
2085 arch/x86/kernel/ioport.c | 2 +-
2086 arch/x86/kernel/irq.c | 10 +-
2087 arch/x86/kernel/irq_32.c | 69 +--
2088 arch/x86/kernel/irq_64.c | 2 +-
2089 arch/x86/kernel/kgdb.c | 10 +-
2090 arch/x86/kernel/kprobes.c | 34 +-
2091 arch/x86/kernel/ldt.c | 31 +-
2092 arch/x86/kernel/machine_kexec_32.c | 6 +-
2093 arch/x86/kernel/microcode_intel.c | 4 +-
2094 arch/x86/kernel/module.c | 76 +++-
2095 arch/x86/kernel/nmi.c | 11 +
2096 arch/x86/kernel/paravirt-spinlocks.c | 2 +-
2097 arch/x86/kernel/paravirt.c | 43 +-
2098 arch/x86/kernel/pci-iommu_table.c | 2 +-
2099 arch/x86/kernel/process.c | 81 ++-
2100 arch/x86/kernel/process_32.c | 21 +-
2101 arch/x86/kernel/process_64.c | 18 +-
2102 arch/x86/kernel/ptrace.c | 8 +-
2103 arch/x86/kernel/pvclock.c | 8 +-
2104 arch/x86/kernel/reboot.c | 51 ++-
2105 arch/x86/kernel/relocate_kernel_64.S | 4 +-
2106 arch/x86/kernel/setup.c | 14 +-
2107 arch/x86/kernel/setup_percpu.c | 27 +-
2108 arch/x86/kernel/signal.c | 21 +-
2109 arch/x86/kernel/smpboot.c | 15 +-
2110 arch/x86/kernel/step.c | 10 +-
2111 arch/x86/kernel/sys_i386_32.c | 231 +++++++-
2112 arch/x86/kernel/sys_x86_64.c | 52 +-
2113 arch/x86/kernel/tboot.c | 12 +-
2114 arch/x86/kernel/time.c | 10 +-
2115 arch/x86/kernel/tls.c | 5 +
2116 arch/x86/kernel/trampoline_32.S | 8 +-
2117 arch/x86/kernel/trampoline_64.S | 4 +-
2118 arch/x86/kernel/traps.c | 59 ++-
2119 arch/x86/kernel/vm86_32.c | 6 +-
2120 arch/x86/kernel/vmlinux.lds.S | 147 ++++--
2121 arch/x86/kernel/vsyscall_64.c | 14 +-
2122 arch/x86/kernel/x8664_ksyms_64.c | 2 -
2123 arch/x86/kernel/xsave.c | 6 +-
2124 arch/x86/kvm/cpuid.c | 21 +-
2125 arch/x86/kvm/emulate.c | 4 +-
2126 arch/x86/kvm/lapic.c | 2 +-
2127 arch/x86/kvm/paging_tmpl.h | 2 +-
2128 arch/x86/kvm/svm.c | 8 +
2129 arch/x86/kvm/vmx.c | 35 +-
2130 arch/x86/kvm/x86.c | 10 +-
2131 arch/x86/lguest/boot.c | 3 +-
2132 arch/x86/lib/atomic64_32.c | 32 +
2133 arch/x86/lib/atomic64_386_32.S | 164 +++++
2134 arch/x86/lib/atomic64_cx8_32.S | 103 +++-
2135 arch/x86/lib/checksum_32.S | 100 +++-
2136 arch/x86/lib/clear_page_64.S | 5 +-
2137 arch/x86/lib/cmpxchg16b_emu.S | 2 +
2138 arch/x86/lib/copy_page_64.S | 12 +-
2139 arch/x86/lib/copy_user_64.S | 47 +--
2140 arch/x86/lib/copy_user_nocache_64.S | 20 +-
2141 arch/x86/lib/csum-copy_64.S | 2 +
2142 arch/x86/lib/csum-wrappers_64.c | 16 +-
2143 arch/x86/lib/getuser.S | 68 ++-
2144 arch/x86/lib/insn.c | 9 +-
2145 arch/x86/lib/iomap_copy_64.S | 2 +
2146 arch/x86/lib/memcpy_64.S | 18 +-
2147 arch/x86/lib/memmove_64.S | 34 +-
2148 arch/x86/lib/memset_64.S | 7 +-
2149 arch/x86/lib/mmx_32.c | 243 +++++---
2150 arch/x86/lib/msr-reg.S | 18 +-
2151 arch/x86/lib/putuser.S | 87 +++-
2152 arch/x86/lib/rwlock.S | 42 ++
2153 arch/x86/lib/rwsem.S | 6 +-
2154 arch/x86/lib/thunk_64.S | 2 +
2155 arch/x86/lib/usercopy_32.c | 379 ++++++++-----
2156 arch/x86/lib/usercopy_64.c | 32 +-
2157 arch/x86/mm/extable.c | 2 +-
2158 arch/x86/mm/fault.c | 551 ++++++++++++++++-
2159 arch/x86/mm/gup.c | 2 +-
2160 arch/x86/mm/highmem_32.c | 4 +
2161 arch/x86/mm/hugetlbpage.c | 113 ++--
2162 arch/x86/mm/init.c | 91 +++-
2163 arch/x86/mm/init_32.c | 122 ++--
2164 arch/x86/mm/init_64.c | 40 +-
2165 arch/x86/mm/iomap_32.c | 4 +
2166 arch/x86/mm/ioremap.c | 10 +-
2167 arch/x86/mm/kmemcheck/kmemcheck.c | 4 +-
2168 arch/x86/mm/mmap.c | 41 +-
2169 arch/x86/mm/mmio-mod.c | 6 +-
2170 arch/x86/mm/pageattr-test.c | 2 +-
2171 arch/x86/mm/pageattr.c | 33 +-
2172 arch/x86/mm/pat.c | 12 +-
2173 arch/x86/mm/pf_in.c | 10 +-
2174 arch/x86/mm/pgtable.c | 125 +++--
2175 arch/x86/mm/pgtable_32.c | 3 +
2176 arch/x86/mm/setup_nx.c | 7 +
2177 arch/x86/mm/tlb.c | 4 +
2178 arch/x86/net/bpf_jit.S | 10 +
2179 arch/x86/net/bpf_jit_comp.c | 38 +-
2180 arch/x86/oprofile/backtrace.c | 8 +-
2181 arch/x86/pci/mrst.c | 4 +-
2182 arch/x86/pci/pcbios.c | 146 ++++-
2183 arch/x86/platform/efi/efi_32.c | 19 +
2184 arch/x86/platform/efi/efi_stub_32.S | 48 +-
2185 arch/x86/platform/efi/efi_stub_64.S | 8 +
2186 arch/x86/platform/mrst/mrst.c | 6 +-
2187 arch/x86/power/cpu.c | 4 +-
2188 arch/x86/vdso/Makefile | 2 +-
2189 arch/x86/vdso/vdso32-setup.c | 23 +-
2190 arch/x86/vdso/vma.c | 30 +-
2191 arch/x86/xen/enlighten.c | 35 +-
2192 arch/x86/xen/mmu.c | 9 +
2193 arch/x86/xen/smp.c | 16 +-
2194 arch/x86/xen/xen-asm_32.S | 12 +-
2195 arch/x86/xen/xen-head.S | 11 +
2196 arch/x86/xen/xen-ops.h | 2 -
2197 block/blk-iopoll.c | 2 +-
2198 block/blk-map.c | 2 +-
2199 block/blk-softirq.c | 2 +-
2201 block/compat_ioctl.c | 2 +-
2202 block/partitions/efi.c | 8 +-
2203 block/scsi_ioctl.c | 27 +-
2204 crypto/cryptd.c | 4 +-
2205 drivers/acpi/apei/cper.c | 8 +-
2206 drivers/acpi/ec_sys.c | 12 +-
2207 drivers/acpi/proc.c | 18 +-
2208 drivers/acpi/processor_driver.c | 2 +-
2209 drivers/ata/libata-core.c | 8 +-
2210 drivers/ata/pata_arasan_cf.c | 4 +-
2211 drivers/atm/adummy.c | 2 +-
2212 drivers/atm/ambassador.c | 8 +-
2213 drivers/atm/atmtcp.c | 14 +-
2214 drivers/atm/eni.c | 12 +-
2215 drivers/atm/firestream.c | 8 +-
2216 drivers/atm/fore200e.c | 14 +-
2217 drivers/atm/he.c | 18 +-
2218 drivers/atm/horizon.c | 4 +-
2219 drivers/atm/idt77252.c | 36 +-
2220 drivers/atm/iphase.c | 34 +-
2221 drivers/atm/lanai.c | 12 +-
2222 drivers/atm/nicstar.c | 46 +-
2223 drivers/atm/solos-pci.c | 4 +-
2224 drivers/atm/suni.c | 4 +-
2225 drivers/atm/uPD98402.c | 16 +-
2226 drivers/atm/zatm.c | 6 +-
2227 drivers/base/devtmpfs.c | 2 +-
2228 drivers/base/power/wakeup.c | 8 +-
2229 drivers/block/cciss.c | 28 +-
2230 drivers/block/cciss.h | 2 +-
2231 drivers/block/cpqarray.c | 28 +-
2232 drivers/block/cpqarray.h | 2 +-
2233 drivers/block/drbd/drbd_int.h | 20 +-
2234 drivers/block/drbd/drbd_main.c | 10 +-
2235 drivers/block/drbd/drbd_nl.c | 10 +-
2236 drivers/block/drbd/drbd_receiver.c | 20 +-
2237 drivers/block/loop.c | 2 +-
2238 drivers/char/agp/frontend.c | 2 +-
2239 drivers/char/hpet.c | 2 +-
2240 drivers/char/ipmi/ipmi_msghandler.c | 8 +-
2241 drivers/char/ipmi/ipmi_si_intf.c | 8 +-
2242 drivers/char/mbcs.c | 2 +-
2243 drivers/char/mem.c | 41 ++-
2244 drivers/char/nvram.c | 2 +-
2245 drivers/char/random.c | 4 +-
2246 drivers/char/sonypi.c | 9 +-
2247 drivers/char/tpm/tpm.c | 2 +-
2248 drivers/char/tpm/tpm_bios.c | 14 +-
2249 drivers/char/virtio_console.c | 4 +-
2250 drivers/edac/amd64_edac.c | 2 +-
2251 drivers/edac/amd76x_edac.c | 2 +-
2252 drivers/edac/e752x_edac.c | 2 +-
2253 drivers/edac/e7xxx_edac.c | 2 +-
2254 drivers/edac/edac_pci_sysfs.c | 20 +-
2255 drivers/edac/i3000_edac.c | 2 +-
2256 drivers/edac/i3200_edac.c | 2 +-
2257 drivers/edac/i5000_edac.c | 2 +-
2258 drivers/edac/i5100_edac.c | 2 +-
2259 drivers/edac/i5400_edac.c | 2 +-
2260 drivers/edac/i7300_edac.c | 2 +-
2261 drivers/edac/i7core_edac.c | 2 +-
2262 drivers/edac/i82443bxgx_edac.c | 2 +-
2263 drivers/edac/i82860_edac.c | 2 +-
2264 drivers/edac/i82875p_edac.c | 2 +-
2265 drivers/edac/i82975x_edac.c | 2 +-
2266 drivers/edac/mce_amd.h | 2 +-
2267 drivers/edac/r82600_edac.c | 2 +-
2268 drivers/edac/sb_edac.c | 2 +-
2269 drivers/edac/x38_edac.c | 2 +-
2270 drivers/firewire/core-card.c | 2 +-
2271 drivers/firewire/core-cdev.c | 3 +-
2272 drivers/firewire/core-transaction.c | 1 +
2273 drivers/firewire/core.h | 1 +
2274 drivers/firmware/dmi_scan.c | 7 +-
2275 drivers/gpio/gpio-vr41xx.c | 2 +-
2276 drivers/gpu/drm/drm_crtc_helper.c | 2 +-
2277 drivers/gpu/drm/drm_drv.c | 4 +-
2278 drivers/gpu/drm/drm_fops.c | 16 +-
2279 drivers/gpu/drm/drm_global.c | 14 +-
2280 drivers/gpu/drm/drm_info.c | 14 +-
2281 drivers/gpu/drm/drm_ioc32.c | 4 +-
2282 drivers/gpu/drm/drm_ioctl.c | 2 +-
2283 drivers/gpu/drm/drm_lock.c | 4 +-
2284 drivers/gpu/drm/i810/i810_dma.c | 8 +-
2285 drivers/gpu/drm/i810/i810_drv.h | 4 +-
2286 drivers/gpu/drm/i915/i915_debugfs.c | 4 +-
2287 drivers/gpu/drm/i915/i915_dma.c | 2 +-
2288 drivers/gpu/drm/i915/i915_drv.h | 8 +-
2289 drivers/gpu/drm/i915/i915_gem_execbuffer.c | 6 +-
2290 drivers/gpu/drm/i915/i915_irq.c | 10 +-
2291 drivers/gpu/drm/i915/intel_display.c | 10 +-
2292 drivers/gpu/drm/mga/mga_drv.h | 4 +-
2293 drivers/gpu/drm/mga/mga_irq.c | 8 +-
2294 drivers/gpu/drm/nouveau/nouveau_bios.c | 4 +-
2295 drivers/gpu/drm/nouveau/nouveau_drv.h | 12 +-
2296 drivers/gpu/drm/nouveau/nouveau_fence.c | 4 +-
2297 drivers/gpu/drm/nouveau/nouveau_gem.c | 2 +-
2298 drivers/gpu/drm/nouveau/nouveau_state.c | 2 +-
2299 drivers/gpu/drm/nouveau/nv04_graph.c | 2 +-
2300 drivers/gpu/drm/r128/r128_cce.c | 2 +-
2301 drivers/gpu/drm/r128/r128_drv.h | 4 +-
2302 drivers/gpu/drm/r128/r128_irq.c | 4 +-
2303 drivers/gpu/drm/r128/r128_state.c | 4 +-
2304 drivers/gpu/drm/radeon/mkregtable.c | 4 +-
2305 drivers/gpu/drm/radeon/radeon.h | 6 +-
2306 drivers/gpu/drm/radeon/radeon_device.c | 2 +-
2307 drivers/gpu/drm/radeon/radeon_drv.h | 2 +-
2308 drivers/gpu/drm/radeon/radeon_fence.c | 6 +-
2309 drivers/gpu/drm/radeon/radeon_ioc32.c | 2 +-
2310 drivers/gpu/drm/radeon/radeon_irq.c | 6 +-
2311 drivers/gpu/drm/radeon/radeon_state.c | 4 +-
2312 drivers/gpu/drm/radeon/radeon_ttm.c | 6 +-
2313 drivers/gpu/drm/radeon/rs690.c | 4 +-
2314 drivers/gpu/drm/ttm/ttm_page_alloc.c | 4 +-
2315 drivers/gpu/drm/via/via_drv.h | 4 +-
2316 drivers/gpu/drm/via/via_irq.c | 18 +-
2317 drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 2 +-
2318 drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c | 8 +-
2319 drivers/gpu/drm/vmwgfx/vmwgfx_irq.c | 4 +-
2320 drivers/gpu/drm/vmwgfx/vmwgfx_marker.c | 2 +-
2321 drivers/hid/hid-core.c | 4 +-
2322 drivers/hid/usbhid/hiddev.c | 2 +-
2323 drivers/hv/channel.c | 4 +-
2324 drivers/hv/hv.c | 2 +-
2325 drivers/hv/hyperv_vmbus.h | 2 +-
2326 drivers/hv/vmbus_drv.c | 4 +-
2327 drivers/hwmon/acpi_power_meter.c | 2 -
2328 drivers/hwmon/sht15.c | 12 +-
2329 drivers/i2c/busses/i2c-amd756-s4882.c | 2 +-
2330 drivers/i2c/busses/i2c-nforce2-s4985.c | 2 +-
2331 drivers/i2c/i2c-mux.c | 2 +-
2332 drivers/ide/aec62xx.c | 2 +-
2333 drivers/ide/alim15x3.c | 2 +-
2334 drivers/ide/amd74xx.c | 2 +-
2335 drivers/ide/atiixp.c | 2 +-
2336 drivers/ide/cmd64x.c | 2 +-
2337 drivers/ide/cs5520.c | 2 +-
2338 drivers/ide/cs5530.c | 2 +-
2339 drivers/ide/cs5535.c | 2 +-
2340 drivers/ide/cy82c693.c | 2 +-
2341 drivers/ide/hpt366.c | 24 +-
2342 drivers/ide/ide-cd.c | 2 +-
2343 drivers/ide/ide-pci-generic.c | 2 +-
2344 drivers/ide/it8172.c | 2 +-
2345 drivers/ide/it8213.c | 2 +-
2346 drivers/ide/it821x.c | 2 +-
2347 drivers/ide/jmicron.c | 2 +-
2348 drivers/ide/ns87415.c | 2 +-
2349 drivers/ide/opti621.c | 2 +-
2350 drivers/ide/pdc202xx_new.c | 2 +-
2351 drivers/ide/pdc202xx_old.c | 2 +-
2352 drivers/ide/piix.c | 2 +-
2353 drivers/ide/rz1000.c | 2 +-
2354 drivers/ide/sc1200.c | 2 +-
2355 drivers/ide/scc_pata.c | 2 +-
2356 drivers/ide/serverworks.c | 2 +-
2357 drivers/ide/siimage.c | 2 +-
2358 drivers/ide/sis5513.c | 2 +-
2359 drivers/ide/sl82c105.c | 2 +-
2360 drivers/ide/slc90e66.c | 2 +-
2361 drivers/ide/tc86c001.c | 2 +-
2362 drivers/ide/triflex.c | 2 +-
2363 drivers/ide/trm290.c | 2 +-
2364 drivers/ide/via82cxxx.c | 2 +-
2365 drivers/ieee802154/fakehard.c | 2 +-
2366 drivers/infiniband/core/cm.c | 32 +-
2367 drivers/infiniband/core/fmr_pool.c | 20 +-
2368 drivers/infiniband/hw/cxgb4/mem.c | 4 +-
2369 drivers/infiniband/hw/ipath/ipath_rc.c | 6 +-
2370 drivers/infiniband/hw/ipath/ipath_ruc.c | 6 +-
2371 drivers/infiniband/hw/nes/nes.c | 4 +-
2372 drivers/infiniband/hw/nes/nes.h | 40 +-
2373 drivers/infiniband/hw/nes/nes_cm.c | 62 +-
2374 drivers/infiniband/hw/nes/nes_mgt.c | 8 +-
2375 drivers/infiniband/hw/nes/nes_nic.c | 40 +-
2376 drivers/infiniband/hw/nes/nes_verbs.c | 10 +-
2377 drivers/infiniband/hw/qib/qib.h | 1 +
2378 drivers/input/gameport/gameport.c | 4 +-
2379 drivers/input/input.c | 4 +-
2380 drivers/input/joystick/sidewinder.c | 1 +
2381 drivers/input/joystick/xpad.c | 4 +-
2382 drivers/input/mousedev.c | 2 +-
2383 drivers/input/serio/serio.c | 4 +-
2384 drivers/isdn/capi/capi.c | 10 +-
2385 drivers/isdn/gigaset/common.c | 2 +-
2386 drivers/isdn/gigaset/gigaset.h | 3 +-
2387 drivers/isdn/gigaset/interface.c | 22 +-
2388 drivers/isdn/hardware/avm/b1.c | 4 +-
2389 drivers/isdn/hardware/eicon/divasync.h | 2 +-
2390 drivers/isdn/hardware/eicon/xdi_adapter.h | 2 +-
2391 drivers/isdn/icn/icn.c | 2 +-
2392 drivers/lguest/core.c | 10 +-
2393 drivers/lguest/x86/core.c | 12 +-
2394 drivers/lguest/x86/switcher_32.S | 27 +-
2395 drivers/macintosh/macio_asic.c | 2 +-
2396 drivers/md/dm-ioctl.c | 2 +-
2397 drivers/md/dm-raid1.c | 16 +-
2398 drivers/md/dm-stripe.c | 10 +-
2399 drivers/md/dm-table.c | 2 +-
2400 drivers/md/dm-thin-metadata.c | 4 +-
2401 drivers/md/dm.c | 16 +-
2402 drivers/md/md.c | 28 +-
2403 drivers/md/md.h | 6 +-
2404 drivers/md/persistent-data/dm-space-map-checker.c | 2 +-
2405 drivers/md/persistent-data/dm-space-map-disk.c | 2 +-
2406 drivers/md/persistent-data/dm-space-map-metadata.c | 2 +-
2407 drivers/md/persistent-data/dm-space-map.h | 1 +
2408 drivers/md/raid1.c | 4 +-
2409 drivers/md/raid10.c | 16 +-
2410 drivers/md/raid5.c | 10 +-
2411 drivers/media/dvb/ddbridge/ddbridge-core.c | 2 +-
2412 drivers/media/dvb/dvb-core/dvb_demux.h | 2 +-
2413 drivers/media/dvb/dvb-core/dvbdev.c | 2 +-
2414 drivers/media/dvb/dvb-usb/cxusb.c | 2 +-
2415 drivers/media/dvb/dvb-usb/dw2102.c | 2 +-
2416 drivers/media/dvb/frontends/dib3000.h | 2 +-
2417 drivers/media/dvb/ngene/ngene-cards.c | 2 +-
2418 drivers/media/radio/radio-cadet.c | 2 +
2419 drivers/media/video/au0828/au0828.h | 2 +-
2420 drivers/media/video/cx88/cx88-alsa.c | 2 +-
2421 drivers/media/video/omap/omap_vout.c | 11 +-
2422 drivers/media/video/pvrusb2/pvrusb2-hdw-internal.h | 2 +-
2423 drivers/media/video/timblogiw.c | 4 +-
2424 drivers/message/fusion/mptsas.c | 34 +-
2425 drivers/message/fusion/mptscsih.c | 19 +-
2426 drivers/message/i2o/i2o_proc.c | 44 +-
2427 drivers/message/i2o/iop.c | 8 +-
2428 drivers/mfd/abx500-core.c | 2 +-
2429 drivers/mfd/janz-cmodio.c | 1 +
2430 drivers/misc/lis3lv02d/lis3lv02d.c | 8 +-
2431 drivers/misc/lis3lv02d/lis3lv02d.h | 2 +-
2432 drivers/misc/sgi-gru/gruhandles.c | 4 +-
2433 drivers/misc/sgi-gru/gruprocfs.c | 8 +-
2434 drivers/misc/sgi-gru/grutables.h | 154 +++---
2435 drivers/misc/sgi-xp/xp.h | 2 +-
2436 drivers/misc/sgi-xp/xpc.h | 3 +-
2437 drivers/misc/sgi-xp/xpc_main.c | 2 +-
2438 drivers/mmc/host/sdhci-pci.c | 2 +-
2439 drivers/mtd/devices/doc2000.c | 2 +-
2440 drivers/mtd/devices/doc2001.c | 2 +-
2441 drivers/mtd/nand/denali.c | 1 +
2442 drivers/mtd/nftlmount.c | 1 +
2443 drivers/mtd/ubi/build.c | 16 +-
2444 drivers/net/ethernet/atheros/atlx/atl2.c | 2 +-
2445 drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h | 2 +-
2446 drivers/net/ethernet/broadcom/tg3.h | 1 +
2447 drivers/net/ethernet/chelsio/cxgb3/l2t.h | 2 +-
2448 drivers/net/ethernet/dec/tulip/de4x5.c | 4 +-
2449 drivers/net/ethernet/dec/tulip/eeprom.c | 2 +-
2450 drivers/net/ethernet/dec/tulip/winbond-840.c | 2 +-
2451 drivers/net/ethernet/dlink/sundance.c | 2 +-
2452 drivers/net/ethernet/emulex/benet/be_main.c | 2 +-
2453 drivers/net/ethernet/faraday/ftgmac100.c | 2 +
2454 drivers/net/ethernet/faraday/ftmac100.c | 2 +
2455 drivers/net/ethernet/fealnx.c | 2 +-
2456 drivers/net/ethernet/intel/e1000e/80003es2lan.c | 2 +-
2457 drivers/net/ethernet/intel/e1000e/82571.c | 2 +-
2458 drivers/net/ethernet/intel/e1000e/hw.h | 9 +-
2459 drivers/net/ethernet/intel/igb/e1000_hw.h | 12 +-
2460 drivers/net/ethernet/intel/igbvf/vf.h | 6 +-
2461 drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 12 +-
2462 drivers/net/ethernet/intel/ixgbevf/vf.h | 6 +-
2463 drivers/net/ethernet/mellanox/mlx4/main.c | 1 +
2464 drivers/net/ethernet/neterion/vxge/vxge-config.h | 2 +-
2465 drivers/net/ethernet/neterion/vxge/vxge-traffic.h | 2 +-
2466 drivers/net/ethernet/realtek/r8169.c | 6 +-
2467 drivers/net/ethernet/sis/sis190.c | 2 +-
2468 drivers/net/ethernet/stmicro/stmmac/mmc_core.c | 4 +-
2469 drivers/net/hyperv/hyperv_net.h | 2 +-
2470 drivers/net/hyperv/rndis_filter.c | 4 +-
2471 drivers/net/ppp/ppp_generic.c | 4 +-
2472 drivers/net/tokenring/abyss.c | 8 +-
2473 drivers/net/tokenring/madgemc.c | 8 +-
2474 drivers/net/tokenring/proteon.c | 8 +-
2475 drivers/net/tokenring/skisa.c | 8 +-
2476 drivers/net/usb/hso.c | 25 +-
2477 drivers/net/wireless/ath/ath.h | 1 +
2478 drivers/net/wireless/ath/ath9k/ar9002_mac.c | 30 +-
2479 drivers/net/wireless/ath/ath9k/ar9003_mac.c | 58 +-
2480 drivers/net/wireless/ath/ath9k/hw.h | 6 +-
2481 .../net/wireless/brcm80211/brcmsmac/phy/phy_int.h | 2 +-
2482 drivers/net/wireless/iwlegacy/3945-mac.c | 4 +-
2483 drivers/net/wireless/iwlwifi/iwl-debug.h | 4 +-
2484 drivers/net/wireless/mac80211_hwsim.c | 8 +-
2485 drivers/net/wireless/mwifiex/main.h | 2 +-
2486 drivers/net/wireless/rndis_wlan.c | 2 +-
2487 drivers/net/wireless/wl1251/wl1251.h | 2 +-
2488 drivers/oprofile/buffer_sync.c | 8 +-
2489 drivers/oprofile/event_buffer.c | 2 +-
2490 drivers/oprofile/oprof.c | 2 +-
2491 drivers/oprofile/oprofile_stats.c | 10 +-
2492 drivers/oprofile/oprofile_stats.h | 10 +-
2493 drivers/oprofile/oprofilefs.c | 2 +-
2494 drivers/parport/procfs.c | 4 +-
2495 drivers/pci/hotplug/cpci_hotplug.h | 2 +-
2496 drivers/pci/hotplug/cpqphp_nvram.c | 4 +
2497 drivers/pci/pcie/aspm.c | 6 +-
2498 drivers/pci/probe.c | 2 +-
2499 drivers/platform/x86/thinkpad_acpi.c | 70 ++-
2500 drivers/pnp/pnpbios/bioscalls.c | 14 +-
2501 drivers/pnp/resource.c | 4 +-
2502 drivers/power/bq27x00_battery.c | 2 +-
2503 drivers/regulator/max8660.c | 6 +-
2504 drivers/regulator/mc13892-regulator.c | 6 +-
2505 drivers/scsi/aacraid/aacraid.h | 2 +-
2506 drivers/scsi/aacraid/linit.c | 2 +-
2507 drivers/scsi/aic94xx/aic94xx_init.c | 2 +-
2508 drivers/scsi/bfa/bfa.h | 2 +-
2509 drivers/scsi/bfa/bfa_fcpim.c | 4 +-
2510 drivers/scsi/bfa/bfa_fcpim.h | 3 +-
2511 drivers/scsi/bfa/bfa_ioc.h | 4 +-
2512 drivers/scsi/hosts.c | 4 +-
2513 drivers/scsi/hpsa.c | 30 +-
2514 drivers/scsi/hpsa.h | 2 +-
2515 drivers/scsi/ips.h | 2 +-
2516 drivers/scsi/libfc/fc_exch.c | 38 +-
2517 drivers/scsi/libsas/sas_ata.c | 2 +-
2518 drivers/scsi/lpfc/lpfc.h | 8 +-
2519 drivers/scsi/lpfc/lpfc_debugfs.c | 18 +-
2520 drivers/scsi/lpfc/lpfc_init.c | 6 +-
2521 drivers/scsi/lpfc/lpfc_scsi.c | 16 +-
2522 drivers/scsi/pmcraid.c | 20 +-
2523 drivers/scsi/pmcraid.h | 8 +-
2524 drivers/scsi/qla2xxx/qla_def.h | 2 +-
2525 drivers/scsi/qla4xxx/ql4_def.h | 2 +-
2526 drivers/scsi/qla4xxx/ql4_os.c | 6 +-
2527 drivers/scsi/scsi.c | 2 +-
2528 drivers/scsi/scsi_lib.c | 6 +-
2529 drivers/scsi/scsi_sysfs.c | 2 +-
2530 drivers/scsi/scsi_tgt_lib.c | 2 +-
2531 drivers/scsi/scsi_transport_fc.c | 8 +-
2532 drivers/scsi/scsi_transport_iscsi.c | 6 +-
2533 drivers/scsi/scsi_transport_srp.c | 6 +-
2534 drivers/scsi/sg.c | 6 +-
2535 drivers/spi/spi-dw-pci.c | 2 +-
2536 drivers/spi/spi.c | 2 +-
2537 drivers/staging/octeon/ethernet-rx.c | 12 +-
2538 drivers/staging/octeon/ethernet.c | 8 +-
2539 drivers/staging/rtl8712/rtl871x_io.h | 2 +-
2540 drivers/staging/sbe-2t3e3/netdev.c | 2 +-
2541 drivers/staging/speakup/speakup_soft.c | 2 +-
2542 drivers/staging/usbip/usbip_common.h | 2 +-
2543 drivers/staging/usbip/vhci.h | 2 +-
2544 drivers/staging/usbip/vhci_hcd.c | 6 +-
2545 drivers/staging/usbip/vhci_rx.c | 2 +-
2546 drivers/staging/vt6655/hostap.c | 7 +-
2547 drivers/staging/vt6656/hostap.c | 7 +-
2548 drivers/staging/wlan-ng/hfa384x_usb.c | 2 +-
2549 drivers/staging/zcache/tmem.c | 4 +-
2550 drivers/staging/zcache/tmem.h | 2 +
2551 drivers/target/iscsi/iscsi_target.c | 2 +-
2552 drivers/target/target_core_tmr.c | 6 +-
2553 drivers/target/target_core_transport.c | 16 +-
2554 drivers/tty/hvc/hvcs.c | 23 +-
2555 drivers/tty/ipwireless/tty.c | 29 +-
2556 drivers/tty/n_gsm.c | 2 +-
2557 drivers/tty/n_tty.c | 3 +-
2558 drivers/tty/pty.c | 4 +-
2559 drivers/tty/serial/kgdboc.c | 32 +-
2560 drivers/tty/tty_io.c | 2 +-
2561 drivers/tty/tty_ldisc.c | 10 +-
2562 drivers/uio/uio.c | 21 +-
2563 drivers/usb/atm/cxacru.c | 2 +-
2564 drivers/usb/atm/usbatm.c | 24 +-
2565 drivers/usb/core/devices.c | 6 +-
2566 drivers/usb/core/message.c | 4 +-
2567 drivers/usb/early/ehci-dbgp.c | 16 +-
2568 drivers/usb/wusbcore/wa-hc.h | 4 +-
2569 drivers/usb/wusbcore/wa-xfer.c | 2 +-
2570 drivers/vhost/vhost.c | 2 +-
2571 drivers/video/aty/aty128fb.c | 2 +-
2572 drivers/video/fbcmap.c | 3 +-
2573 drivers/video/fbmem.c | 6 +-
2574 drivers/video/geode/gx1fb_core.c | 2 +-
2575 drivers/video/gxt4500.c | 4 +-
2576 drivers/video/i810/i810_accel.c | 1 +
2577 drivers/video/i810/i810_main.c | 2 +-
2578 drivers/video/jz4740_fb.c | 2 +-
2579 drivers/video/udlfb.c | 32 +-
2580 drivers/video/uvesafb.c | 36 ++-
2581 drivers/video/vesafb.c | 51 ++-
2582 drivers/video/via/via_clock.h | 2 +-
2583 drivers/xen/xen-pciback/conf_space.h | 6 +-
2584 fs/9p/vfs_inode.c | 2 +-
2585 fs/Kconfig.binfmt | 2 +-
2587 fs/autofs4/waitq.c | 2 +-
2588 fs/befs/linuxvfs.c | 2 +-
2589 fs/binfmt_aout.c | 23 +-
2590 fs/binfmt_elf.c | 609 ++++++++++++++++++-
2591 fs/binfmt_flat.c | 6 +
2593 fs/block_dev.c | 2 +-
2594 fs/btrfs/check-integrity.c | 2 +-
2595 fs/btrfs/ctree.c | 9 +-
2596 fs/btrfs/ioctl.c | 2 +-
2597 fs/btrfs/relocation.c | 2 +-
2598 fs/cachefiles/bind.c | 6 +-
2599 fs/cachefiles/daemon.c | 8 +-
2600 fs/cachefiles/internal.h | 12 +-
2601 fs/cachefiles/namei.c | 2 +-
2602 fs/cachefiles/proc.c | 12 +-
2603 fs/cachefiles/rdwr.c | 2 +-
2604 fs/ceph/dir.c | 2 +-
2605 fs/cifs/cifs_debug.c | 86 ++--
2606 fs/cifs/cifsfs.c | 8 +-
2607 fs/cifs/cifsglob.h | 50 +-
2608 fs/cifs/link.c | 2 +-
2609 fs/cifs/misc.c | 4 +-
2610 fs/coda/cache.c | 10 +-
2612 fs/compat_binfmt_elf.c | 2 +
2613 fs/compat_ioctl.c | 10 +-
2614 fs/configfs/dir.c | 10 +-
2616 fs/ecryptfs/inode.c | 6 +-
2617 fs/ecryptfs/miscdev.c | 2 +-
2618 fs/ecryptfs/read_write.c | 4 +-
2619 fs/exec.c | 317 +++++++++--
2620 fs/ext4/ext4.h | 20 +-
2621 fs/ext4/mballoc.c | 44 +-
2624 fs/fs_struct.c | 12 +-
2625 fs/fscache/cookie.c | 34 +-
2626 fs/fscache/internal.h | 182 +++---
2627 fs/fscache/object.c | 26 +-
2628 fs/fscache/operation.c | 28 +-
2629 fs/fscache/page.c | 106 ++--
2630 fs/fscache/stats.c | 330 +++++-----
2631 fs/fuse/cuse.c | 10 +-
2632 fs/fuse/dev.c | 2 +-
2633 fs/fuse/dir.c | 2 +-
2634 fs/gfs2/inode.c | 2 +-
2636 fs/jffs2/erase.c | 3 +-
2637 fs/jffs2/wbuf.c | 3 +-
2638 fs/jfs/super.c | 2 +-
2640 fs/lockd/clntproc.c | 4 +-
2643 fs/nfs/inode.c | 8 +-
2644 fs/nfsd/vfs.c | 6 +-
2645 fs/notify/fanotify/fanotify_user.c | 3 +-
2646 fs/notify/notification.c | 4 +-
2647 fs/ntfs/dir.c | 2 +-
2648 fs/ntfs/file.c | 4 +-
2649 fs/ocfs2/localalloc.c | 2 +-
2650 fs/ocfs2/ocfs2.h | 10 +-
2651 fs/ocfs2/suballoc.c | 12 +-
2652 fs/ocfs2/super.c | 20 +-
2653 fs/ocfs2/symlink.c | 2 +-
2655 fs/proc/array.c | 20 +
2656 fs/proc/base.c | 2 +-
2657 fs/proc/kcore.c | 32 +-
2658 fs/proc/meminfo.c | 2 +-
2659 fs/proc/nommu.c | 2 +-
2660 fs/proc/task_mmu.c | 39 +-
2661 fs/proc/task_nommu.c | 4 +-
2662 fs/quota/netlink.c | 4 +-
2664 fs/reiserfs/do_balan.c | 2 +-
2665 fs/reiserfs/procfs.c | 2 +-
2666 fs/seq_file.c | 14 +-
2668 fs/sysfs/file.c | 10 +-
2669 fs/sysfs/symlink.c | 2 +-
2670 fs/udf/misc.c | 2 +-
2671 fs/xattr_acl.c | 4 +-
2672 fs/xfs/xfs_bmap.c | 2 +-
2673 fs/xfs/xfs_dir2_sf.c | 10 +-
2674 fs/xfs/xfs_ioctl.c | 2 +-
2675 fs/xfs/xfs_iops.c | 2 +-
2676 include/acpi/acpi_bus.h | 2 +-
2677 include/asm-generic/atomic-long.h | 183 ++++++
2678 include/asm-generic/atomic64.h | 12 +
2679 include/asm-generic/cache.h | 4 +-
2680 include/asm-generic/emergency-restart.h | 2 +-
2681 include/asm-generic/int-l64.h | 2 +
2682 include/asm-generic/int-ll64.h | 2 +
2683 include/asm-generic/kmap_types.h | 3 +-
2684 include/asm-generic/local.h | 1 +
2685 include/asm-generic/pgtable-nopmd.h | 18 +-
2686 include/asm-generic/pgtable-nopud.h | 14 +-
2687 include/asm-generic/pgtable.h | 8 +
2688 include/asm-generic/vmlinux.lds.h | 10 +-
2689 include/drm/drmP.h | 5 +-
2690 include/drm/drm_crtc_helper.h | 4 +-
2691 include/drm/ttm/ttm_memory.h | 2 +-
2692 include/linux/a.out.h | 8 +
2693 include/linux/atmdev.h | 2 +-
2694 include/linux/binfmts.h | 1 +
2695 include/linux/blkdev.h | 2 +-
2696 include/linux/blktrace_api.h | 2 +-
2697 include/linux/byteorder/little_endian.h | 24 +-
2698 include/linux/cache.h | 4 +
2699 include/linux/cleancache.h | 2 +-
2700 include/linux/compiler-gcc4.h | 11 +
2701 include/linux/compiler.h | 60 ++-
2702 include/linux/cpuset.h | 2 +-
2703 include/linux/crypto.h | 6 +-
2704 include/linux/decompress/mm.h | 2 +-
2705 include/linux/dma-mapping.h | 2 +-
2706 include/linux/efi.h | 2 +-
2707 include/linux/elf.h | 30 +
2708 include/linux/filter.h | 4 +
2709 include/linux/firewire.h | 2 +-
2710 include/linux/fs.h | 3 +-
2711 include/linux/fs_struct.h | 2 +-
2712 include/linux/fscache-cache.h | 4 +-
2713 include/linux/fsnotify.h | 2 +-
2714 include/linux/fsnotify_backend.h | 1 +
2715 include/linux/ftrace_event.h | 4 +-
2716 include/linux/genhd.h | 2 +-
2717 include/linux/hid.h | 2 +-
2718 include/linux/highmem.h | 12 +
2719 include/linux/i2c.h | 1 +
2720 include/linux/i2o.h | 2 +-
2721 include/linux/if_team.h | 3 +-
2722 include/linux/init.h | 4 +-
2723 include/linux/init_task.h | 7 +
2724 include/linux/intel-iommu.h | 2 +-
2725 include/linux/interrupt.h | 6 +-
2726 include/linux/kgdb.h | 6 +-
2727 include/linux/kref.h | 2 +-
2728 include/linux/kvm_host.h | 4 +-
2729 include/linux/libata.h | 2 +-
2730 include/linux/mca.h | 2 +-
2731 include/linux/memory.h | 2 +-
2732 include/linux/mfd/abx500.h | 1 +
2733 include/linux/mm.h | 66 +--
2734 include/linux/mm_types.h | 20 +
2735 include/linux/mmu_notifier.h | 6 +-
2736 include/linux/mmzone.h | 2 +-
2737 include/linux/mod_devicetable.h | 4 +-
2738 include/linux/module.h | 54 ++-
2739 include/linux/moduleloader.h | 12 +
2740 include/linux/moduleparam.h | 4 +-
2741 include/linux/namei.h | 6 +-
2742 include/linux/netdevice.h | 3 +-
2743 include/linux/of_pdt.h | 2 +-
2744 include/linux/oprofile.h | 4 +-
2745 include/linux/padata.h | 2 +-
2746 include/linux/perf_event.h | 8 +-
2747 include/linux/pipe_fs_i.h | 6 +-
2748 include/linux/pm_runtime.h | 2 +-
2749 include/linux/poison.h | 4 +-
2750 include/linux/preempt.h | 2 +-
2751 include/linux/proc_fs.h | 2 +-
2752 include/linux/random.h | 7 +-
2753 include/linux/reboot.h | 14 +-
2754 include/linux/reiserfs_fs.h | 2 +-
2755 include/linux/reiserfs_fs_sb.h | 2 +-
2756 include/linux/relay.h | 2 +-
2757 include/linux/rfkill.h | 1 +
2758 include/linux/rio.h | 2 +-
2759 include/linux/rmap.h | 4 +-
2760 include/linux/sched.h | 69 ++-
2761 include/linux/screen_info.h | 3 +-
2762 include/linux/seq_file.h | 1 +
2763 include/linux/skbuff.h | 8 +-
2764 include/linux/slab.h | 73 +++-
2765 include/linux/slab_def.h | 8 +-
2766 include/linux/slub_def.h | 4 +-
2767 include/linux/sonet.h | 2 +-
2768 include/linux/sunrpc/clnt.h | 8 +-
2769 include/linux/sunrpc/sched.h | 1 +
2770 include/linux/sunrpc/svc_rdma.h | 18 +-
2771 include/linux/sysctl.h | 6 +-
2772 include/linux/tty_ldisc.h | 2 +-
2773 include/linux/types.h | 16 +
2774 include/linux/uaccess.h | 6 +-
2775 include/linux/unaligned/access_ok.h | 12 +-
2776 include/linux/usb/renesas_usbhs.h | 4 +-
2777 include/linux/vermagic.h | 21 +-
2778 include/linux/vmalloc.h | 104 ++++
2779 include/linux/vmstat.h | 20 +-
2780 include/linux/xattr.h | 5 +
2781 include/media/saa7146_vv.h | 2 +-
2782 include/media/v4l2-dev.h | 3 +-
2783 include/media/v4l2-ioctl.h | 2 +-
2784 include/net/caif/caif_hsi.h | 2 +-
2785 include/net/caif/cfctrl.h | 6 +-
2786 include/net/flow.h | 2 +-
2787 include/net/inetpeer.h | 8 +-
2788 include/net/ip_fib.h | 2 +-
2789 include/net/ip_vs.h | 4 +-
2790 include/net/irda/ircomm_core.h | 2 +-
2791 include/net/irda/ircomm_tty.h | 5 +-
2792 include/net/iucv/af_iucv.h | 2 +-
2793 include/net/neighbour.h | 2 +-
2794 include/net/netlink.h | 2 +-
2795 include/net/netns/ipv4.h | 4 +-
2796 include/net/sctp/sctp.h | 6 +-
2797 include/net/sock.h | 4 +-
2798 include/net/tcp.h | 2 +-
2799 include/net/udp.h | 2 +-
2800 include/net/xfrm.h | 2 +-
2801 include/rdma/iw_cm.h | 2 +-
2802 include/scsi/libfc.h | 3 +-
2803 include/scsi/scsi_device.h | 6 +-
2804 include/scsi/scsi_transport_fc.h | 2 +-
2805 include/sound/ak4xxx-adda.h | 2 +-
2806 include/sound/hwdep.h | 2 +-
2807 include/sound/info.h | 2 +-
2808 include/sound/pcm.h | 1 +
2809 include/sound/sb16_csp.h | 2 +-
2810 include/sound/soc.h | 4 +-
2811 include/sound/ymfpci.h | 2 +-
2812 include/target/target_core_base.h | 8 +-
2813 include/trace/events/irq.h | 4 +-
2814 include/video/udlfb.h | 8 +-
2815 include/video/uvesafb.h | 1 +
2817 init/do_mounts.c | 14 +-
2818 init/do_mounts.h | 8 +-
2819 init/do_mounts_initrd.c | 28 +-
2820 init/do_mounts_md.c | 6 +-
2821 init/initramfs.c | 40 +-
2822 init/main.c | 56 ++-
2826 kernel/acct.c | 2 +-
2827 kernel/audit.c | 8 +-
2828 kernel/auditsc.c | 4 +-
2829 kernel/capability.c | 3 +
2830 kernel/compat.c | 44 +-
2831 kernel/debug/debug_core.c | 16 +-
2832 kernel/debug/kdb/kdb_main.c | 4 +-
2833 kernel/events/core.c | 28 +-
2834 kernel/exit.c | 4 +-
2835 kernel/fork.c | 165 ++++--
2836 kernel/futex.c | 9 +
2837 kernel/gcov/base.c | 7 +-
2838 kernel/hrtimer.c | 2 +-
2839 kernel/jump_label.c | 4 +
2840 kernel/kallsyms.c | 39 ++-
2841 kernel/kexec.c | 3 +-
2842 kernel/kmod.c | 2 +-
2843 kernel/kprobes.c | 8 +-
2844 kernel/lockdep.c | 7 +-
2845 kernel/lockdep_proc.c | 2 +-
2846 kernel/module.c | 326 +++++++----
2847 kernel/mutex-debug.c | 12 +-
2848 kernel/mutex-debug.h | 4 +-
2849 kernel/mutex.c | 7 +-
2850 kernel/padata.c | 8 +-
2851 kernel/panic.c | 3 +-
2853 kernel/posix-cpu-timers.c | 4 +-
2854 kernel/posix-timers.c | 20 +-
2855 kernel/power/poweroff.c | 2 +-
2856 kernel/power/process.c | 13 +-
2857 kernel/profile.c | 14 +-
2858 kernel/ptrace.c | 6 +-
2859 kernel/rcutiny.c | 4 +-
2860 kernel/rcutorture.c | 56 +-
2861 kernel/rcutree.c | 32 +-
2862 kernel/rcutree.h | 2 +-
2863 kernel/rcutree_plugin.h | 16 +-
2864 kernel/rcutree_trace.c | 4 +-
2865 kernel/rtmutex-tester.c | 24 +-
2866 kernel/sched/auto_group.c | 4 +-
2867 kernel/sched/fair.c | 2 +-
2868 kernel/signal.c | 8 +-
2870 kernel/softirq.c | 14 +-
2871 kernel/sys.c | 12 +-
2872 kernel/sysctl.c | 37 ++-
2873 kernel/sysctl_binary.c | 14 +-
2874 kernel/time/alarmtimer.c | 2 +-
2875 kernel/time/tick-broadcast.c | 2 +-
2876 kernel/time/timer_stats.c | 10 +-
2877 kernel/timer.c | 2 +-
2878 kernel/trace/blktrace.c | 6 +-
2879 kernel/trace/ftrace.c | 11 +-
2880 kernel/trace/trace.c | 6 +-
2881 kernel/trace/trace_events.c | 25 +-
2882 kernel/trace/trace_kprobe.c | 8 +-
2883 kernel/trace/trace_mmiotrace.c | 8 +-
2884 kernel/trace/trace_output.c | 2 +-
2885 kernel/trace/trace_stack.c | 2 +-
2886 kernel/trace/trace_workqueue.c | 6 +-
2889 lib/debugobjects.c | 2 +-
2891 lib/dma-debug.c | 2 +-
2893 lib/inflate.c | 2 +-
2894 lib/radix-tree.c | 2 +-
2895 lib/vsprintf.c | 12 +-
2900 mm/huge_memory.c | 2 +-
2901 mm/hugetlb.c | 54 ++
2904 mm/madvise.c | 41 ++
2905 mm/memory-failure.c | 18 +-
2906 mm/memory.c | 358 +++++++++--
2907 mm/mempolicy.c | 25 +
2909 mm/mmap.c | 632 +++++++++++++++++---
2910 mm/mprotect.c | 137 +++++-
2911 mm/mremap.c | 45 ++-
2913 mm/page_alloc.c | 14 +-
2915 mm/process_vm_access.c | 14 +-
2919 mm/slob.c | 180 +++++-
2922 mm/swapfile.c | 12 +-
2924 mm/vmalloc.c | 92 +++-
2926 net/8021q/vlan.c | 3 +-
2927 net/9p/trans_fd.c | 2 +-
2928 net/atm/atm_misc.c | 8 +-
2929 net/atm/lec.h | 2 +-
2930 net/atm/mpc.h | 2 +-
2931 net/atm/proc.c | 6 +-
2932 net/atm/resources.c | 4 +-
2933 net/batman-adv/bat_iv_ogm.c | 6 +-
2934 net/batman-adv/hard-interface.c | 4 +-
2935 net/batman-adv/soft-interface.c | 4 +-
2936 net/batman-adv/types.h | 6 +-
2937 net/batman-adv/unicast.c | 2 +-
2938 net/bluetooth/hci_conn.c | 2 +-
2939 net/bluetooth/l2cap_core.c | 12 +-
2940 net/bridge/netfilter/ebtables.c | 2 +-
2941 net/caif/caif_socket.c | 43 +-
2942 net/caif/cfctrl.c | 11 +-
2944 net/compat.c | 32 +-
2945 net/core/datagram.c | 2 +-
2946 net/core/dev.c | 16 +-
2947 net/core/flow.c | 8 +-
2948 net/core/iovec.c | 4 +-
2949 net/core/rtnetlink.c | 2 +-
2950 net/core/scm.c | 8 +-
2951 net/core/sock.c | 16 +-
2952 net/decnet/sysctl_net_decnet.c | 4 +-
2953 net/ipv4/fib_frontend.c | 6 +-
2954 net/ipv4/fib_semantics.c | 2 +-
2955 net/ipv4/inetpeer.c | 4 +-
2956 net/ipv4/ip_fragment.c | 2 +-
2957 net/ipv4/ip_sockglue.c | 2 +-
2958 net/ipv4/ipconfig.c | 6 +-
2959 net/ipv4/netfilter/nf_nat_snmp_basic.c | 2 +-
2960 net/ipv4/ping.c | 2 +-
2961 net/ipv4/raw.c | 14 +-
2962 net/ipv4/route.c | 6 +-
2963 net/ipv4/tcp_probe.c | 2 +-
2964 net/ipv4/udp.c | 8 +-
2965 net/ipv6/addrconf.c | 2 +-
2966 net/ipv6/inet6_connection_sock.c | 4 +-
2967 net/ipv6/ipv6_sockglue.c | 2 +-
2968 net/ipv6/raw.c | 19 +-
2969 net/ipv6/udp.c | 8 +-
2970 net/irda/ircomm/ircomm_tty.c | 38 +-
2971 net/iucv/af_iucv.c | 4 +-
2972 net/key/af_key.c | 4 +-
2973 net/mac80211/ieee80211_i.h | 3 +-
2974 net/mac80211/iface.c | 12 +-
2975 net/mac80211/main.c | 2 +-
2976 net/mac80211/pm.c | 6 +-
2977 net/mac80211/rate.c | 2 +-
2978 net/mac80211/rc80211_pid_debugfs.c | 2 +-
2979 net/mac80211/util.c | 2 +-
2980 net/netfilter/ipvs/ip_vs_conn.c | 6 +-
2981 net/netfilter/ipvs/ip_vs_core.c | 4 +-
2982 net/netfilter/ipvs/ip_vs_ctl.c | 10 +-
2983 net/netfilter/ipvs/ip_vs_sync.c | 4 +-
2984 net/netfilter/ipvs/ip_vs_xmit.c | 4 +-
2985 net/netfilter/nfnetlink_log.c | 4 +-
2986 net/netfilter/xt_statistic.c | 8 +-
2987 net/netlink/af_netlink.c | 4 +-
2988 net/packet/af_packet.c | 8 +-
2989 net/phonet/pep.c | 6 +-
2990 net/phonet/socket.c | 2 +-
2991 net/rds/cong.c | 6 +-
2993 net/rds/ib_cm.c | 2 +-
2994 net/rds/ib_recv.c | 4 +-
2996 net/rds/iw_cm.c | 2 +-
2997 net/rds/iw_recv.c | 4 +-
2998 net/rds/tcp.c | 2 +-
2999 net/rds/tcp_send.c | 2 +-
3000 net/rxrpc/af_rxrpc.c | 2 +-
3001 net/rxrpc/ar-ack.c | 14 +-
3002 net/rxrpc/ar-call.c | 2 +-
3003 net/rxrpc/ar-connection.c | 2 +-
3004 net/rxrpc/ar-connevent.c | 2 +-
3005 net/rxrpc/ar-input.c | 4 +-
3006 net/rxrpc/ar-internal.h | 8 +-
3007 net/rxrpc/ar-local.c | 2 +-
3008 net/rxrpc/ar-output.c | 4 +-
3009 net/rxrpc/ar-peer.c | 2 +-
3010 net/rxrpc/ar-proc.c | 4 +-
3011 net/rxrpc/ar-transport.c | 2 +-
3012 net/rxrpc/rxkad.c | 4 +-
3013 net/sctp/socket.c | 2 +-
3014 net/socket.c | 34 +-
3015 net/sunrpc/sched.c | 4 +-
3016 net/sunrpc/svcsock.c | 2 +-
3017 net/sunrpc/xprtrdma/svc_rdma.c | 38 +-
3018 net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 6 +-
3019 net/sunrpc/xprtrdma/svc_rdma_sendto.c | 2 +-
3020 net/sunrpc/xprtrdma/svc_rdma_transport.c | 10 +-
3021 net/tipc/link.c | 6 +-
3022 net/tipc/msg.c | 2 +-
3023 net/tipc/subscr.c | 2 +-
3024 net/wireless/core.h | 2 +-
3025 net/wireless/wext-core.c | 19 +-
3026 net/xfrm/xfrm_policy.c | 16 +-
3027 scripts/Makefile.build | 4 +-
3028 scripts/Makefile.clean | 3 +-
3029 scripts/Makefile.host | 2 +
3030 scripts/basic/fixdep.c | 12 +-
3031 scripts/gcc-plugin.sh | 2 +
3032 scripts/mod/file2alias.c | 14 +-
3033 scripts/mod/modpost.c | 25 +-
3034 scripts/mod/modpost.h | 6 +-
3035 scripts/mod/sumversion.c | 2 +-
3036 scripts/pnmtologo.c | 6 +-
3037 security/Kconfig | 618 +++++++++++++++++++-
3038 security/integrity/ima/ima.h | 4 +-
3039 security/integrity/ima/ima_api.c | 2 +-
3040 security/integrity/ima/ima_fs.c | 4 +-
3041 security/integrity/ima/ima_queue.c | 2 +-
3042 security/keys/compat.c | 2 +-
3043 security/keys/keyctl.c | 8 +-
3044 security/keys/keyring.c | 6 +-
3045 security/security.c | 8 +-
3046 security/selinux/hooks.c | 2 +-
3047 security/selinux/include/xfrm.h | 2 +-
3048 security/smack/smack_lsm.c | 2 +-
3049 security/tomoyo/tomoyo.c | 2 +-
3050 sound/aoa/codecs/onyx.c | 7 +-
3051 sound/aoa/codecs/onyx.h | 1 +
3052 sound/core/oss/pcm_oss.c | 18 +-
3053 sound/core/pcm_compat.c | 2 +-
3054 sound/core/pcm_native.c | 4 +-
3055 sound/core/seq/seq_device.c | 8 +-
3056 sound/drivers/mts64.c | 14 +-
3057 sound/drivers/opl4/opl4_lib.c | 2 +-
3058 sound/drivers/portman2x4.c | 3 +-
3059 sound/firewire/amdtp.c | 4 +-
3060 sound/firewire/amdtp.h | 2 +-
3061 sound/firewire/isight.c | 10 +-
3062 sound/isa/cmi8330.c | 2 +-
3063 sound/oss/sb_audio.c | 2 +-
3064 sound/oss/swarm_cs4297a.c | 6 +-
3065 sound/pci/hda/hda_codec.h | 7 +-
3066 sound/pci/ice1712/ice1712.h | 4 +-
3067 sound/pci/ymfpci/ymfpci_main.c | 12 +-
3068 sound/soc/soc-pcm.c | 2 +-
3069 sound/usb/card.h | 3 +-
3070 tools/gcc/Makefile | 23 +
3071 tools/gcc/checker_plugin.c | 171 ++++++
3072 tools/gcc/colorize_plugin.c | 147 +++++
3073 tools/gcc/constify_plugin.c | 303 ++++++++++
3074 tools/gcc/kallocstat_plugin.c | 167 +++++
3075 tools/gcc/kernexec_plugin.c | 427 +++++++++++++
3076 tools/gcc/stackleak_plugin.c | 313 ++++++++++
3077 tools/perf/util/include/asm/alternative-asm.h | 3 +
3078 usr/gen_init_cpio.c | 7 +-
3079 virt/kvm/kvm_main.c | 20 +-
3080 1246 files changed, 18805 insertions(+), 5986 deletions(-)
3081 commit a00016a11e35e91aec8e2d9b6ec4c6fbb11d6d2b
3082 Merge: 0949bd4 fc53d63
3083 Author: Brad Spengler <spender@grsecurity.net>
3084 Date: Thu Mar 22 19:03:44 2012 -0400
3086 Merge branch 'pax-test' into grsec-test
3088 commit fc53d6338964741b368070ec5c935bc579b8c2a6
3089 Author: Brad Spengler <spender@grsecurity.net>
3090 Date: Thu Mar 22 19:02:45 2012 -0400
3092 Update to pax-linux-3.2.12-test33.patch
3094 commit 0949bd46a6455b308f66ad7c993bfee62412db35
3095 Author: Brad Spengler <spender@grsecurity.net>
3096 Date: Thu Mar 22 16:56:09 2012 -0400
3098 Use current_umask() instead of current->fs->umask
3100 commit 22f6432d0fe733619cfcb523782ed7d80c46d645
3101 Author: Brad Spengler <spender@grsecurity.net>
3102 Date: Wed Mar 21 19:42:42 2012 -0400
3106 commit 0cad49d6b8fbb32395da924c1665a1110a9a9eef
3107 Author: Brad Spengler <spender@grsecurity.net>
3108 Date: Wed Mar 21 19:34:56 2012 -0400
3110 Resolve some very tricky hash table manipulations that resulted in an infinite loop in certain
3111 uses of domains with particular hash collisions
3113 commit 47fc52e0a068a29d6cca2f809daf0679cba33c44
3114 Author: Brad Spengler <spender@grsecurity.net>
3115 Date: Tue Mar 20 20:25:49 2012 -0400
3119 commit b00953b43c69238d181d21121ef1577c988d5f6b
3120 Author: Brad Spengler <spender@grsecurity.net>
3121 Date: Tue Mar 20 19:29:34 2012 -0400
3123 zero real_root after releasing it
3125 commit 0b3ab73ce5d34a2c3206955cd65eddd6bdfd32a1
3126 Merge: b724f59 273f98e
3127 Author: Brad Spengler <spender@grsecurity.net>
3128 Date: Tue Mar 20 19:11:26 2012 -0400
3130 Merge branch 'pax-test' into grsec-test
3132 commit 273f98e58cdac555d3b5dce5c1ca168349f95878
3133 Author: Brad Spengler <spender@grsecurity.net>
3134 Date: Tue Mar 20 19:10:52 2012 -0400
3136 Temporary workaround for (most) size_overflow plugin false-positives
3137 Increase randomization for brk-managed heap to 21 bits
3138 Update to pax-linux-3.2.12-test32.patch
3140 commit b724f59125304460c2af8bd4b02921993afbb5d3
3141 Author: Brad Spengler <spender@grsecurity.net>
3142 Date: Tue Mar 20 18:58:53 2012 -0400
3146 commit 329f1a9d0f137d0a973316c53bbec18a6eeecd4f
3147 Author: Brad Spengler <spender@grsecurity.net>
3148 Date: Tue Mar 20 18:52:23 2012 -0400
3150 Require default and kernel role
3152 commit a7c5c4f55bdd61cfcd0fb1be7a67160429409878
3153 Author: Brad Spengler <spender@grsecurity.net>
3154 Date: Tue Mar 20 18:47:28 2012 -0400
3156 Allow policies without special roles
3157 don't call free_variables in error path of copy_user_acl, we'll call it later (triggered by a policy without special roles)
3159 commit 402ec3d24d66d38403dc543c84851f5e72d39e22
3160 Merge: 8e012dc f14661a
3161 Author: Brad Spengler <spender@grsecurity.net>
3162 Date: Mon Mar 19 18:06:59 2012 -0400
3164 Merge branch 'pax-test' into grsec-test
3169 commit f14661aaf202155c97f66626cea0269017bb7775
3170 Merge: eae671f 058b017
3171 Author: Brad Spengler <spender@grsecurity.net>
3172 Date: Mon Mar 19 18:05:44 2012 -0400
3174 Merge branch 'linux-3.2.y' into pax-test
3176 commit 8e012dcf7a50b7cde34c2cec93ecedd049123b75
3177 Author: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
3178 Date: Fri Mar 16 17:08:39 2012 -0700
3180 nilfs2: fix NULL pointer dereference in nilfs_load_super_block()
3182 According to the report from Slicky Devil, nilfs caused kernel oops at
3183 nilfs_load_super_block function during mount after he shrank the
3184 partition without resizing the filesystem:
3186 BUG: unable to handle kernel NULL pointer dereference at 00000048
3187 IP: [<d0d7a08e>] nilfs_load_super_block+0x17e/0x280 [nilfs2]
3189 Oops: 0000 [#1] PREEMPT SMP
3192 [<d0d7a87b>] init_nilfs+0x4b/0x2e0 [nilfs2]
3193 [<d0d6f707>] nilfs_mount+0x447/0x5b0 [nilfs2]
3194 [<c0226636>] mount_fs+0x36/0x180
3195 [<c023d961>] vfs_kern_mount+0x51/0xa0
3196 [<c023ddae>] do_kern_mount+0x3e/0xe0
3197 [<c023f189>] do_mount+0x169/0x700
3198 [<c023fa9b>] sys_mount+0x6b/0xa0
3199 [<c04abd1f>] sysenter_do_call+0x12/0x28
3200 Code: 53 18 8b 43 20 89 4b 18 8b 4b 24 89 53 1c 89 43 24 89 4b 20 8b 43
3201 20 c7 43 2c 00 00 00 00 23 75 e8 8b 50 68 89 53 28 8b 54 b3 20 <8b> 72
3202 48 8b 7a 4c 8b 55 08 89 b3 84 00 00 00 89 bb 88 00 00 00
3203 EIP: [<d0d7a08e>] nilfs_load_super_block+0x17e/0x280 [nilfs2] SS:ESP 0068:ca9bbdcc
3204 CR2: 0000000000000048
3206 This turned out due to a defect in an error path which runs if the
3207 calculated location of the secondary super block was invalid.
3209 This patch fixes it and eliminates the reported oops.
3211 Reported-by: Slicky Devil <slicky.dvl@gmail.com>
3212 Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
3213 Tested-by: Slicky Devil <slicky.dvl@gmail.com>
3214 Cc: <stable@vger.kernel.org> [2.6.30+]
3215 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
3216 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3218 commit 8067d7f69bf27dc08057a771cf125e71e4575bf2
3219 Author: Haogang Chen <haogangchen@gmail.com>
3220 Date: Fri Mar 16 17:08:38 2012 -0700
3222 nilfs2: clamp ns_r_segments_percentage to [1, 99]
3224 ns_r_segments_percentage is read from the disk. Bogus or malicious
3225 value could cause integer overflow and malfunction due to meaningless
3226 disk usage calculation. This patch reports error when mounting such
3229 Signed-off-by: Haogang Chen <haogangchen@gmail.com>
3230 Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
3231 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
3232 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3234 commit e1a90645643f9b0194a5984ec8febd06360d5c8b
3235 Author: Eric Dumazet <eric.dumazet@gmail.com>
3236 Date: Sat Mar 10 09:20:21 2012 +0000
3238 tcp: fix syncookie regression
3240 commit ea4fc0d619 (ipv4: Don't use rt->rt_{src,dst} in ip_queue_xmit())
3241 added a serious regression on synflood handling.
3243 Simon Kirby discovered a successful connection was delayed by 20 seconds
3244 before being responsive.
3246 In my tests, I discovered that xmit frames were lost, and needed ~4
3247 retransmits and a socket dst rebuild before being really sent.
3249 In case of syncookie initiated connection, we use a different path to
3250 initialize the socket dst, and inet->cork.fl.u.ip4 is left cleared.
3252 As ip_queue_xmit() now depends on inet flow being setup, fix this by
3253 copying the temp flowi4 we use in cookie_v4_check().
3255 Reported-by: Simon Kirby <sim@netnation.com>
3256 Bisected-by: Simon Kirby <sim@netnation.com>
3257 Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
3258 Tested-by: Eric Dumazet <eric.dumazet@gmail.com>
3259 Signed-off-by: David S. Miller <davem@davemloft.net>
3261 commit 06c6c8628bf38b08b4d97f4c55cde9fdecfb5d65
3262 Author: Stanislav Kinsbursky <skinsbursky@parallels.com>
3263 Date: Mon Mar 12 02:59:41 2012 +0000
3265 tun: don't hold network namespace by tun sockets
3267 v3: added previously removed sock_put() to the tun_release() callback, because
3268 sk_release_kernel() doesn't drop the socket reference.
3270 v2: sk_release_kernel() used for socket release. Dummy tun_release() is
3271 required for sk_release_kernel() ---> sock_release() ---> sock->ops->release()
3274 TUN was designed to destroy it's socket on network namesapce shutdown. But this
3275 will never happen for persistent device, because it's socket holds network
3277 This patch removes of holding network namespace by TUN socket and replaces it
3278 by creating socket in init_net and then changing it's net it to desired one. On
3279 shutdown socket is moved back to init_net prior to final put.
3281 Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
3282 Signed-off-by: David S. Miller <davem@davemloft.net>
3284 commit 46ae7374bd387c58d673a9e58852a9fd31042c5c
3285 Author: Tyler Hicks <tyhicks@canonical.com>
3286 Date: Mon Dec 12 10:02:30 2011 -0600
3288 vfs: Correctly set the dir i_mutex lockdep class
3290 9a7aa12f3911853a introduced additional logic around setting the i_mutex
3291 lockdep class for directory inodes. The idea was that some filesystems
3292 may want their own special lockdep class for different directory
3293 inodes and calling unlock_new_inode() should not clobber one of
3294 those special classes.
3296 I believe that the added conditional, around the *negated* return value
3297 of lockdep_match_class(), caused directory inodes to be placed in the
3298 wrong lockdep class.
3300 inode_init_always() sets the i_mutex lockdep class with i_mutex_key for
3301 all inodes. If the filesystem did not change the class during inode
3302 initialization, then the conditional mentioned above was false and the
3303 directory inode was incorrectly left in the non-directory lockdep class.
3304 If the filesystem did set a special lockdep class, then the conditional
3305 mentioned above was true and that class was clobbered with
3308 This patch removes the negation from the conditional so that the i_mutex
3309 lockdep class is properly set for directory inodes. Special classes are
3310 preserved and directory inodes with unmodified classes are set with
3313 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
3314 Reviewed-by: Jan Kara <jack@suse.cz>
3315 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3317 commit 603590b0d2eca61ce26499eac9c563bc567a18c9
3318 Author: Jan Kara <jack@suse.cz>
3319 Date: Mon Feb 20 17:54:00 2012 +0100
3321 udf: Fix deadlock in udf_release_file()
3323 udf_release_file() can be called from munmap() path with mmap_sem held. Thus
3324 we cannot take i_mutex there because that ranks above mmap_sem. Luckily,
3325 i_mutex is not needed in udf_release_file() anymore since protection by
3326 i_data_sem is enough to protect from races with write and truncate.
3328 Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
3329 Reviewed-by: Namjae Jeon <linkinjeon@gmail.com>
3330 Signed-off-by: Jan Kara <jack@suse.cz>
3331 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3333 commit ca79ab9034f3c2f7e3f65c35e0d9ed3ecea529bf
3334 Author: Miklos Szeredi <mszeredi@suse.cz>
3335 Date: Tue Mar 6 13:56:33 2012 +0100
3337 vfs: fix double put after complete_walk()
3339 complete_walk() already puts nd->path, no need to do it again at cleanup time.
3341 This would result in Oopses if triggered, apparently the codepath is not too
3344 Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
3345 CC: stable@vger.kernel.org
3346 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3348 commit 13885ba2b18400f3ef6540497d30f1af896605e5
3349 Author: Miklos Szeredi <mszeredi@suse.cz>
3350 Date: Tue Mar 6 13:56:34 2012 +0100
3352 vfs: fix return value from do_last()
3354 complete_walk() returns either ECHILD or ESTALE. do_last() turns this into
3355 ECHILD unconditionally. If not in RCU mode, this error will reach userspace
3356 which is complete nonsense.
3358 Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
3359 CC: stable@vger.kernel.org
3360 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3366 commit f5ab7572c99ffb58953eb1070622307e904c3b7f
3367 Author: Al Viro <viro@zeniv.linux.org.uk>
3368 Date: Sat Mar 10 17:07:28 2012 -0500
3370 restore smp_mb() in unlock_new_inode()
3372 wait_on_inode() doesn't have ->i_lock
3374 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3376 commit f3e758cd08e3881982d4b78eb72fe8a1ead6b872
3377 Author: David S. Miller <davem@davemloft.net>
3378 Date: Tue Mar 13 18:19:51 2012 -0700
3380 sparc32: Add -Av8 to assembler command line.
3382 Newer version of binutils are more strict about specifying the
3383 correct options to enable certain classes of instructions.
3385 The sparc32 build is done for v7 in order to support sun4c systems
3386 which lack hardware integer multiply and divide instructions.
3388 So we have to pass -Av8 when building the assembler routines that
3389 use these instructions and get patched into the kernel when we find
3390 out that we have a v8 capable cpu.
3392 Reported-by: Paul Gortmaker <paul.gortmaker@windriver.com>
3393 Signed-off-by: David S. Miller <davem@davemloft.net>
3395 commit 66276ec78b2a971d2e704e5ef963cdc8b6a049a4
3396 Author: Thomas Gleixner <tglx@linutronix.de>
3397 Date: Fri Mar 9 20:55:10 2012 +0100
3399 x86: Derandom delay_tsc for 64 bit
3401 Commit f0fbf0abc093 ("x86: integrate delay functions") converted
3402 delay_tsc() into a random delay generator for 64 bit. The reason is
3403 that it merged the mostly identical versions of delay_32.c and
3404 delay_64.c. Though the subtle difference of the result was:
3406 static void delay_tsc(unsigned long loops)
3408 - unsigned bclock, now;
3409 + unsigned long bclock, now;
3411 Now the function uses rdtscl() which returns the lower 32bit of the
3412 TSC. On 32bit that's not problematic as unsigned long is 32bit. On 64
3413 bit this fails when the lower 32bit are close to wrap around when
3414 bclock is read, because the following check
3416 if ((now - bclock) >= loops)
3419 evaluated to true on 64bit for e.g. bclock = 0xffffffff and now = 0
3420 because the unsigned long (now - bclock) of these values results in
3421 0xffffffff00000001 which is definitely larger than the loops
3422 value. That explains Tvortkos observation:
3424 "Because I am seeing udelay(500) (_occasionally_) being short, and
3425 that by delaying for some duration between 0us (yep) and 491us."
3427 Make those variables explicitely u32 again, so this works for both 32
3430 Reported-by: Tvrtko Ursulin <tvrtko.ursulin@onelan.co.uk>
3431 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
3432 Cc: stable@vger.kernel.org # >= 2.6.27
3433 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3435 commit 2d0ddb60f5031bdf79b4d51225f9f2d5856255bf
3436 Author: Al Viro <viro@ZenIV.linux.org.uk>
3437 Date: Thu Mar 8 17:51:19 2012 +0000
3439 aio: fix the "too late munmap()" race
3441 Current code has put_ioctx() called asynchronously from aio_fput_routine();
3442 that's done *after* we have killed the request that used to pin ioctx,
3443 so there's nothing to stop io_destroy() waiting in wait_for_all_aios()
3444 from progressing. As the result, we can end up with async call of
3445 put_ioctx() being the last one and possibly happening during exit_mmap()
3446 or elf_core_dump(), neither of which expects stray munmap() being done
3449 We do need to prevent _freeing_ ioctx until aio_fput_routine() is done
3450 with that, but that's all we care about - neither io_destroy() nor
3451 exit_aio() will progress past wait_for_all_aios() until aio_fput_routine()
3452 does really_put_req(), so the ioctx teardown won't be done until then
3453 and we don't care about the contents of ioctx past that point.
3455 Since actual freeing of these suckers is RCU-delayed, we don't need to
3456 bump ioctx refcount when request goes into list for async removal.
3457 All we need is rcu_read_lock held just over the ->ctx_lock-protected
3458 area in aio_fput_routine().
3460 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3461 Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
3462 Acked-by: Benjamin LaHaise <bcrl@kvack.org>
3463 Cc: stable@vger.kernel.org
3464 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3466 commit 002124c055afbf09b52226af65621999e8316448
3467 Author: Al Viro <viro@ZenIV.linux.org.uk>
3468 Date: Wed Mar 7 05:16:35 2012 +0000
3470 aio: fix io_setup/io_destroy race
3472 Have ioctx_alloc() return an extra reference, so that caller would drop it
3473 on success and not bother with re-grabbing it on failure exit. The current
3474 code is obviously broken - io_destroy() from another thread that managed
3475 to guess the address io_setup() would've returned would free ioctx right
3476 under us; gets especially interesting if aio_context_t * we pass to
3477 io_setup() points to PROT_READ mapping, so put_user() fails and we end
3478 up doing io_destroy() on kioctx another thread has just got freed...
3480 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3481 Acked-by: Benjamin LaHaise <bcrl@kvack.org>
3482 Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
3483 Cc: stable@vger.kernel.org
3484 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3486 commit a1cd2719b8ed8e40dbd98c87713ac23a2169f6d8
3487 Author: Dan Carpenter <dan.carpenter@oracle.com>
3488 Date: Thu Mar 15 15:17:12 2012 -0700
3490 drivers/video/backlight/s6e63m0.c: fix corruption storing gamma mode
3492 strict_strtoul() writes a long but ->gamma_mode only has space to store an
3493 int, so on 64 bit systems we end up scribbling over ->gamma_table_count as
3494 well. I've changed it to use kstrtouint() instead.
3496 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
3497 Acked-by: Inki Dae <inki.dae@samsung.com>
3498 Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
3499 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
3500 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3502 commit cf83f735a5571f4341ee6eab947a1f7d833cea6e
3503 Merge: e4b05b6 eae671f
3504 Author: Brad Spengler <spender@grsecurity.net>
3505 Date: Fri Mar 16 21:04:27 2012 -0400
3507 Merge branch 'pax-test' into grsec-test
3512 commit eae671fafe93f04685c04a089cc13efebc05d600
3513 Author: Brad Spengler <spender@grsecurity.net>
3514 Date: Fri Mar 16 20:58:01 2012 -0400
3516 Update to pax-linux-3.2.11-test31.patch
3517 Introduction of the size_overflow plugin from Emese Revfy
3518 Many thanks to Emese for her hard work :)
3520 commit e4b05b65c645c412eceb9c950ee7b4771627e6b1
3521 Merge: e55aa68 258c015
3522 Author: Brad Spengler <spender@grsecurity.net>
3523 Date: Thu Mar 15 20:59:19 2012 -0400
3525 Merge branch 'pax-test' into grsec-test
3527 commit 258c0159fa6dd5044ca984eeaad57bb6e21bacea
3528 Author: Brad Spengler <spender@grsecurity.net>
3529 Date: Thu Mar 15 20:59:05 2012 -0400
3533 commit e55aa68f4bb20e75cd7423123aa612c2a69590c0
3534 Merge: 8f95ea9 55b7573
3535 Author: Brad Spengler <spender@grsecurity.net>
3536 Date: Wed Mar 14 19:33:41 2012 -0400
3538 Merge branch 'pax-test' into grsec-test
3540 commit 55b7573f6c2f3be26fb39c7bd6a9d742d02811ca
3541 Author: Brad Spengler <spender@grsecurity.net>
3542 Date: Wed Mar 14 19:33:15 2012 -0400
3544 Update to pax-linux-3.2.10-test28.patch
3546 commit 8f95ea9f718c293794a1f6bdd2a5f5f336f7bd64
3547 Merge: c8786a2 886ac5e
3548 Author: Brad Spengler <spender@grsecurity.net>
3549 Date: Tue Mar 13 17:38:13 2012 -0400
3551 Merge branch 'pax-test' into grsec-test
3553 Greets and thanks to snq for his assistance in testing/debugging REFCOUNT on ARM :)
3555 commit 886ac5eeb1835e87cf7398b8aae9e9ba6b36bf77
3556 Author: Brad Spengler <spender@grsecurity.net>
3557 Date: Tue Mar 13 17:37:44 2012 -0400
3559 Update to pax-linux-3.2.10-test26.patch
3561 commit c8786a2abed5e5327f68efa520c04db99bb6a63a
3562 Merge: 219c982 c061fcf
3563 Author: Brad Spengler <spender@grsecurity.net>
3564 Date: Tue Mar 13 17:25:06 2012 -0400
3566 Merge branch 'pax-test' into grsec-test
3568 commit c061fcfa6b78f3774800821144d8ac2d94d7da3e
3569 Merge: 89373d2 3f4b3b2
3570 Author: Brad Spengler <spender@grsecurity.net>
3571 Date: Tue Mar 13 17:25:02 2012 -0400
3573 Merge branch 'linux-3.2.y' into pax-test
3575 commit 219c982a05abe47be4ea7d749e1b408e0cb86f1f
3576 Merge: 54e19a3 89373d2
3577 Author: Brad Spengler <spender@grsecurity.net>
3578 Date: Mon Mar 12 17:23:57 2012 -0400
3580 Merge branch 'pax-test' into grsec-test
3582 commit 89373d2abafb9bda97f78bdb157d1d05cf21e008
3583 Merge: a778588 7459f11
3584 Author: Brad Spengler <spender@grsecurity.net>
3585 Date: Mon Mar 12 17:23:49 2012 -0400
3587 Merge branch 'linux-3.2.y' into pax-test
3589 commit 54e19a3979978fca902b14ae25125f26fbbbc7a7
3590 Merge: c4650f1 a778588
3591 Author: Brad Spengler <spender@grsecurity.net>
3592 Date: Mon Mar 12 16:51:25 2012 -0400
3594 Merge branch 'pax-test' into grsec-test
3596 commit a778588c9d1b75c48c1f09aac98c1b28bd87a749
3597 Author: Brad Spengler <spender@grsecurity.net>
3598 Date: Mon Mar 12 16:51:12 2012 -0400
3600 Update to pax-linux-3.2.9-test24.patch
3602 commit c4650f14b13f84735fe3de06a1f3ff5776473eff
3603 Merge: fb2abee 1015790
3604 Author: Brad Spengler <spender@grsecurity.net>
3605 Date: Sun Mar 11 21:08:28 2012 -0400
3607 Merge branch 'pax-test' into grsec-test
3612 commit 101579028a736c224e590c7e12a7357018c424e1
3613 Author: Brad Spengler <spender@grsecurity.net>
3614 Date: Sun Mar 11 21:07:27 2012 -0400
3616 Update to pax-linux-3.2.9-test22.patch
3618 commit fb2abee4b9b49f5f18342a8cdf7aa3ba2b7c9100
3619 Author: Brad Spengler <spender@grsecurity.net>
3620 Date: Sun Mar 11 11:02:17 2012 -0400
3624 commit 96bae28cbe6a41d48e3b56e5904814096e956000
3625 Author: Brad Spengler <spender@grsecurity.net>
3626 Date: Sun Mar 11 10:25:58 2012 -0400
3628 Use a per-cpu 48-bit counter instead of a global atomic64
3629 Initialize each counter to have the cpu number in the lower 16 bits
3630 instead of incrementing the counter each time by 1, perform the increments
3631 above the cpu number so that wrapping/exhausting the counter doesn't corrupt
3635 commit b975688101da6e966aebb1bc6b8c5c5983974f9c
3636 Author: Brad Spengler <spender@grsecurity.net>
3637 Date: Sat Mar 10 20:33:12 2012 -0500
3639 Special vnsec edition! :)
3640 Further reduce argv/env allowance for suid/sgid apps to 512KB
3641 Clamp suid/sgid stack resource limit to 8MB (preventing compat mmap layout fallback/too large stack gap)
3642 Clear 3GB personality on suid/sgid binaries
3643 Restore 4 bits entropy in the lowest bits of arg/env strings (now 28 bits on x86, 39 bits on x64)
3644 with the main purpose of throwing off program stack -> arg/env alignment
3645 Update documentation
3647 commit e5cfa902c4e891d11dd2086543d2555aa0c27d33
3648 Author: Brad Spengler <spender@grsecurity.net>
3649 Date: Sat Mar 10 19:54:47 2012 -0500
3651 Resolve skbuff.h warnings that turn into errors during compilation in
3652 the grsecurity directory with -Werror
3654 commit 2023210ad43a944033fcacc660ce410888f562ee
3655 Merge: ece4383 5f66adf
3656 Author: Brad Spengler <spender@grsecurity.net>
3657 Date: Fri Mar 9 19:48:01 2012 -0500
3659 Merge branch 'pax-test' into grsec-test
3661 commit 5f66adf72f83730a07bc79a2fab56afed6dbbd0e
3662 Author: Brad Spengler <spender@grsecurity.net>
3663 Date: Fri Mar 9 19:47:06 2012 -0500
3667 commit ece4383e5e91c92d138c4df84225a70b552f4d69
3668 Merge: a366d0e ab4a5a1
3669 Author: Brad Spengler <spender@grsecurity.net>
3670 Date: Fri Mar 9 17:56:46 2012 -0500
3672 Merge branch 'pax-test' into grsec-test
3674 commit ab4a5a1a67289c3585e2ff8aa64ecece7bd17eea
3675 Author: Brad Spengler <spender@grsecurity.net>
3676 Date: Fri Mar 9 17:56:26 2012 -0500
3678 Update to pax-linux-3.2.9-test21.patch
3680 commit a366d0ed963ce93fce10121c1100989d5f064e75
3681 Author: Mikulas Patocka <mpatocka@redhat.com>
3682 Date: Sun Mar 4 19:52:03 2012 -0500
3684 mm: fix find_vma_prev
3686 Commit 6bd4837de96e ("mm: simplify find_vma_prev()") broke memory
3687 management on PA-RISC.
3689 After application of the patch, programs that allocate big arrays on the
3690 stack crash with segfault, for example, this will crash if compiled
3691 without optimization:
3700 The reason is that PA-RISC has up-growing stack and the stack is usually
3701 the last memory area. In the above example, a page fault happens above
3704 Previously, if we passed too high address to find_vma_prev, it returned
3705 NULL and stored the last VMA in *pprev. After "simplify find_vma_prev"
3706 change, it stores NULL in *pprev. Consequently, the stack area is not
3707 found and it is not expanded, as it used to be before the change.
3709 This patch restores the old behavior and makes it return the last VMA in
3710 *pprev if the requested address is higher than address of any other VMA.
3712 Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
3713 Acked-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
3714 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3716 commit 9cd8dd4d56051099f11563f72fcd91cd0ce19604
3717 Author: Hugh Dickins <hughd@google.com>
3718 Date: Tue Mar 6 12:28:52 2012 -0800
3720 mmap: EINVAL not ENOMEM when rejecting VM_GROWS
3722 Currently error is -ENOMEM when rejecting VM_GROWSDOWN|VM_GROWSUP
3723 from shared anonymous: hoist the file case's -EINVAL up for both.
3725 Signed-off-by: Hugh Dickins <hughd@google.com>
3726 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3728 commit 97745dce6c87f9d9ca5b4be9bd4c2fc1684ca04c
3729 Author: Al Viro <viro@ZenIV.linux.org.uk>
3730 Date: Mon Mar 5 06:38:42 2012 +0000
3732 aout: move setup_arg_pages() prior to reading/mapping the binary
3734 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3735 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3737 commit 3b20ce55ae8cffee43cb4afdf5be438b5ac4fef0
3738 Author: Jan Beulich <JBeulich@suse.com>
3739 Date: Mon Mar 5 16:49:24 2012 +0000
3741 vsprintf: make %pV handling compatible with kasprintf()
3743 kasprintf() (and potentially other functions that I didn't run across so
3744 far) want to evaluate argument lists twice. Caring to do so for the
3745 primary list is obviously their job, but they can't reasonably be
3746 expected to check the format string for instances of %pV, which however
3747 need special handling too: On architectures like x86-64 (as opposed to
3748 e.g. ix86), using the same argument list twice doesn't produce the
3749 expected results, as an internally managed cursor gets updated during
3752 Fix the problem by always acting on a copy of the original list when
3755 Signed-off-by: Jan Beulich <jbeulich@suse.com>
3756 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3758 commit 4146896ab9674f51d4909f3a52bc7fe80f04e4cb
3759 Author: Al Viro <viro@ZenIV.linux.org.uk>
3760 Date: Mon Mar 5 06:39:47 2012 +0000
3762 VM_GROWS{UP,DOWN} shouldn't be set on shmem VMAs
3764 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3765 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3767 commit a831bd53764695ea680cc1fa3c98759a610ed2ac
3768 Author: Christian König <deathsimple@vodafone.de>
3769 Date: Tue Feb 28 23:19:20 2012 +0100
3771 drm/radeon: fix uninitialized variable
3773 Without this fix the driver randomly treats
3774 textures as arrays and I'm really wondering
3775 why gcc isn't complaining about it.
3777 Signed-off-by: Christian König <deathsimple@vodafone.de>
3778 Reviewed-by: Jerome Glisse <jglisse@redhat.com>
3779 Signed-off-by: Dave Airlie <airlied@redhat.com>
3781 commit aa2cd55f97f3cc03bdd895b6e8ba99619ee69dfc
3782 Author: H. Peter Anvin <hpa@zytor.com>
3783 Date: Fri Mar 2 10:43:48 2012 -0800
3785 regset: Prevent null pointer reference on readonly regsets
3787 The regset common infrastructure assumed that regsets would always
3788 have .get and .set methods, but not necessarily .active methods.
3789 Unfortunately people have since written regsets without .set methods.
3791 Rather than putting in stub functions everywhere, handle regsets with
3792 null .get or .set methods explicitly.
3794 Signed-off-by: H. Peter Anvin <hpa@zytor.com>
3795 Reviewed-by: Oleg Nesterov <oleg@redhat.com>
3796 Acked-by: Roland McGrath <roland@hack.frob.com>
3797 Cc: <stable@vger.kernel.org>
3798 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3800 commit 072ddd99401c79b53c6bf6bff9deb93022124c79
3801 Author: Brad Spengler <spender@grsecurity.net>
3802 Date: Mon Mar 5 18:12:57 2012 -0500
3804 Fix compiler errors reported on forums
3806 commit 1606774b48af24e6f99d99c624c0e447d4b66474
3807 Merge: 3127bd5 4ca2ffd
3808 Author: Brad Spengler <spender@grsecurity.net>
3809 Date: Mon Mar 5 17:31:35 2012 -0500
3811 Merge branch 'pax-test' into grsec-test
3813 commit 4ca2ffd9da024f4ba2d0cb6245ba1b2726169452
3814 Author: Brad Spengler <spender@grsecurity.net>
3815 Date: Mon Mar 5 17:31:21 2012 -0500
3817 Update to pax-linux-3.2.9-test20.patch
3819 commit 3127bd581a292966b1057c7433219dac188c3720
3820 Author: Brad Spengler <spender@grsecurity.net>
3821 Date: Fri Mar 2 21:30:37 2012 -0500
3823 Fix memory leak on logged exec_id check failure in /proc/pid/statm
3824 Thanks to Djalal Harouni for the report
3826 commit d9f1a3be0e97e0632f97379322712d8deeb3ce23
3827 Merge: 0a56be8 9aa8288
3828 Author: Brad Spengler <spender@grsecurity.net>
3829 Date: Fri Mar 2 18:38:22 2012 -0500
3831 Merge branch 'pax-test' into grsec-test
3833 commit 9aa8288a09e6e03ce37c08136b26bff17a093b5c
3834 Author: Brad Spengler <spender@grsecurity.net>
3835 Date: Fri Mar 2 18:37:43 2012 -0500
3837 Update to pax-linux-3.2.9-test19.patch
3839 commit 0a56be884bbd7ce733cac0b879c45383494d73b0
3840 Merge: 9e66745 3f5c52a
3841 Author: Brad Spengler <spender@grsecurity.net>
3842 Date: Thu Mar 1 20:18:01 2012 -0500
3844 Merge branch 'pax-test' into grsec-test
3846 commit 3f5c52aba100b3bb252980f9d363aafde52da1a2
3847 Author: Brad Spengler <spender@grsecurity.net>
3848 Date: Thu Mar 1 20:16:56 2012 -0500
3850 Update to pax-linux-3.2.9-test18.patch
3852 commit ae53ec231d12719a36bf871f8c5841020ed692ee
3853 Merge: b255baf 44fb317
3854 Author: Brad Spengler <spender@grsecurity.net>
3855 Date: Thu Mar 1 20:15:31 2012 -0500
3857 Merge branch 'linux-3.2.y' into pax-test
3859 commit 9e667456c03eadea2f305be761abe4de9a5877a3
3860 Merge: 5e4e200 b255baf
3861 Author: Brad Spengler <spender@grsecurity.net>
3862 Date: Mon Feb 27 20:53:59 2012 -0500
3864 Merge branch 'pax-test' into grsec-test
3866 commit b255baf50365d39b406f43aab2c64745607baaa2
3867 Merge: 340ce90 1de504e
3868 Author: Brad Spengler <spender@grsecurity.net>
3869 Date: Mon Feb 27 20:53:29 2012 -0500
3871 Merge branch 'linux-3.2.y' into pax-test
3872 Update to pax-linux-3.2.8-test17.patch
3875 arch/x86/include/asm/i387.h
3876 arch/x86/kernel/process_32.c
3877 arch/x86/kernel/traps.c
3879 commit 5e4e200ac530452884b625cb75de240e1e98c731
3880 Merge: 44306d7 340ce90
3881 Author: Brad Spengler <spender@grsecurity.net>
3882 Date: Mon Feb 27 18:02:13 2012 -0500
3884 Merge branch 'pax-test' into grsec-test
3886 commit 340ce90d98a043fa8e4ed9ffc229d4c1f86e2fec
3887 Author: Brad Spengler <spender@grsecurity.net>
3888 Date: Mon Feb 27 18:01:48 2012 -0500
3890 Update to pax-linux-3.2.7-test17.patch
3892 commit 44306d7b3097f77e73040dd25f4f6750751bae7a
3893 Merge: 29d0b07 521c411
3894 Author: Brad Spengler <spender@grsecurity.net>
3895 Date: Sun Feb 26 19:04:15 2012 -0500
3897 Merge branch 'pax-test' into grsec-test
3902 commit 521c411bb4ca66ce01146fde8bac9dd22414076d
3903 Author: Brad Spengler <spender@grsecurity.net>
3904 Date: Sun Feb 26 19:03:33 2012 -0500
3906 Update to pax-linux-3.2.7-test16.patch
3908 commit 29d0b07290bb9a10cdfcc3c30058e16265330dea
3909 Author: Brad Spengler <spender@grsecurity.net>
3910 Date: Sun Feb 26 17:12:44 2012 -0500
3914 commit 344f6d84e5d3fdc6ec40a078fc2f5861d340b2ef
3915 Merge: f45b3be caa8f83
3916 Author: Brad Spengler <spender@grsecurity.net>
3917 Date: Sat Feb 25 20:59:27 2012 -0500
3919 Merge branch 'pax-test' into grsec-test
3921 commit caa8f83456c4d0b204beefffaa1d1993f2348d08
3922 Author: Brad Spengler <spender@grsecurity.net>
3923 Date: Sat Feb 25 20:59:12 2012 -0500
3925 Update to pax-linux-3.2.7-test15.patch
3927 commit f45b3be34a345502a302e736af9a65742ddef7cb
3928 Merge: 62f35fd 9f1309b
3929 Author: Brad Spengler <spender@grsecurity.net>
3930 Date: Sat Feb 25 11:40:15 2012 -0500
3932 Merge branch 'pax-test' into grsec-test
3934 commit 9f1309b0b935e3b30fc87a9e3009b84cf943ef47
3935 Author: Brad Spengler <spender@grsecurity.net>
3936 Date: Sat Feb 25 11:39:57 2012 -0500
3938 Update to pax-linux-3.2.7-test14.patch
3940 commit 62f35fdbecc58f2988fe13638d907b87a15776bb
3941 Author: Brad Spengler <spender@grsecurity.net>
3942 Date: Sat Feb 25 09:08:55 2012 -0500
3944 We could log on attempted exploits of writing /proc/self/mem, but the current
3945 log function declares the access a read, so just swap the ordering for now
3947 commit 066ee8f9c26f1549b4ad893508777b549c8d4b79
3948 Author: Brad Spengler <spender@grsecurity.net>
3949 Date: Sat Feb 25 08:46:14 2012 -0500
3951 Log /proc/pid/mem attempts
3953 commit 674471e581893a94d475acac3e3c4496209b3ac9
3954 Author: Brad Spengler <spender@grsecurity.net>
3955 Date: Sat Feb 25 08:15:00 2012 -0500
3957 Make use of f_version for protecting /proc file structs (fine since we're not a directory
3960 commit eab42cfdd237ffcdd8ec24bedecc275a3a9e987f
3961 Author: Brad Spengler <spender@grsecurity.net>
3962 Date: Fri Feb 24 20:02:19 2012 -0500
3964 Fix ia64 compilation
3966 commit 50dfea412fd395e0183c2ade368efa525d38b267
3967 Merge: 12db845 4c6f99b
3968 Author: Brad Spengler <spender@grsecurity.net>
3969 Date: Fri Feb 24 19:00:53 2012 -0500
3971 Merge branch 'pax-test' into grsec-test
3973 commit 4c6f99bf338e03966356b147d0360cb3b522a44f
3974 Author: Brad Spengler <spender@grsecurity.net>
3975 Date: Fri Feb 24 19:00:36 2012 -0500
3977 (6:57:09 PM) pipacs: but you can be proactive
3978 (Fix other-arch atomic64/REFCOUNT compilation failures)
3980 commit 12db8453f6bb0a756f369c9151668ba1249bc478
3981 Author: Brad Spengler <spender@grsecurity.net>
3982 Date: Thu Feb 23 21:10:12 2012 -0500
3984 Remove unnecessary copies, as suggested by solar
3986 commit cc02cab84368467ea03cb35f861a8a7092d91ab4
3987 Author: Brad Spengler <spender@grsecurity.net>
3988 Date: Thu Feb 23 20:59:35 2012 -0500
3990 Make global_exec_counter static, as suggested by solar
3992 commit e642091a475ebb3a30e81f85e7751233d0c2af43
3993 Author: Brad Spengler <spender@grsecurity.net>
3994 Date: Thu Feb 23 19:00:26 2012 -0500
3996 sync with stable tree
3998 commit 6df09c3d8e371905b7b8fe90c4188f23614c6be5
3999 Author: Brad Spengler <spender@grsecurity.net>
4000 Date: Thu Feb 23 18:48:47 2012 -0500
4002 Remove unneeded gr_acl_handle_fchmod, as the code is shared now by gr_acl_handle_chmod
4003 Remove handling of old kludge in chmod/fchmod
4005 commit 815cb62f2ca7b58efc39778b3a855feb675ab56c
4006 Author: Brad Spengler <spender@grsecurity.net>
4007 Date: Thu Feb 23 18:18:49 2012 -0500
4009 Apply umask checks to chmod/fchmod as well, as requested by sponsor
4010 Union the enforced umask with the existing one to produce minimal privilege
4011 Change umask type to u16
4013 commit 0e7668c6abbdbcd3f7f9759e3994d6f4bc9953f0
4014 Author: Brad Spengler <spender@grsecurity.net>
4015 Date: Wed Feb 22 18:16:11 2012 -0500
4017 Add per-role umask enforcement to RBAC, requested by a sponsor
4019 commit ad5ac943fe58199f1cc475912a39edb157acb77b
4020 Merge: dda0bb5 41722e3
4021 Author: Brad Spengler <spender@grsecurity.net>
4022 Date: Mon Feb 20 20:04:42 2012 -0500
4024 Merge branch 'pax-test' into grsec-test
4026 commit 41722e342e116d95f3d3556d66c97c888d752d39
4027 Author: Brad Spengler <spender@grsecurity.net>
4028 Date: Mon Feb 20 20:04:00 2012 -0500
4030 Merge changes from pax-linux-3.2.7-test12.patch, fixes KVM incompatibility with
4033 commit dda0bb57137846a476a866c60db2681aaf6052c0
4034 Merge: 4fd554e d70927a
4035 Author: Brad Spengler <spender@grsecurity.net>
4036 Date: Mon Feb 20 20:01:41 2012 -0500
4038 Merge branch 'pax-test' into grsec-test
4040 commit d70927afec977d489a54c106a3c3ddc32e953050
4041 Merge: 1daebf1 9d0231c
4042 Author: Brad Spengler <spender@grsecurity.net>
4043 Date: Mon Feb 20 20:01:33 2012 -0500
4045 Merge branch 'linux-3.2.y' into pax-test
4047 commit 4fd554e3a097b22c5049fcdc423897477deff5ef
4048 Author: Brad Spengler <spender@grsecurity.net>
4049 Date: Mon Feb 20 09:17:57 2012 -0500
4051 Fix wrong logic on capability checks for switching roles, broke policies
4052 Thanks to Richard Kojedzinszky for reporting
4054 commit 12f97d52ac603f24344f8d71569c412a307e9422
4055 Author: Brad Spengler <spender@grsecurity.net>
4056 Date: Thu Feb 16 21:20:10 2012 -0500
4060 commit 07af3d8e76a6a47ce1836e5b20ed8c0f879c8201
4061 Author: Brad Spengler <spender@grsecurity.net>
4062 Date: Thu Feb 16 18:38:32 2012 -0500
4064 Update configuration help and name for GRKERNSEC_PROC_MEMMAP
4066 commit 5ced6f8def06c2176b40b5fa07345fc723dc4dcb
4067 Author: Brad Spengler <spender@grsecurity.net>
4068 Date: Thu Feb 16 18:18:01 2012 -0500
4070 optimize the check a bit
4072 commit 03159050f64989be44ae03be769cbed62a7cd2e5
4073 Author: Brad Spengler <spender@grsecurity.net>
4074 Date: Thu Feb 16 18:00:45 2012 -0500
4077 (limit argv+env to 1MB for suid/sgid binaries)
4079 commit dd759d8800d225a397e4de49fe729c7d601298d2
4080 Author: Brad Spengler <spender@grsecurity.net>
4081 Date: Thu Feb 16 17:49:33 2012 -0500
4083 Address Space Protection -> Memory Protections (suggested on IRC for consistency)
4085 commit 4de635bda8ebfb85312e3bf851bdbff93de400da
4086 Author: Brad Spengler <spender@grsecurity.net>
4087 Date: Thu Feb 16 17:45:06 2012 -0500
4089 Change the long long type for exec_id to the proper u64
4091 commit 4feb07e7cb64b3d0f0f8cca1aef70bc725cae6fa
4092 Author: Dan Carpenter <dan.carpenter@oracle.com>
4093 Date: Thu Feb 9 00:46:47 2012 +0000
4095 isdn: type bug in isdn_net_header()
4097 We use len to store the return value from eth_header(). eth_header()
4098 can return -ETH_HLEN (-14). We want to pass this back instead of
4099 truncating it to 65522 and returning that.
4101 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
4102 Acked-by: Neil Horman <nhorman@tuxdriver.com>
4103 Signed-off-by: David S. Miller <davem@davemloft.net>
4105 commit 134ac8545b47f0f27d550ea6e1edb3a1ed7a9748
4106 Author: Heiko Carstens <heiko.carstens@de.ibm.com>
4107 Date: Sat Feb 4 10:47:10 2012 +0100
4109 exec: fix use-after-free bug in setup_new_exec()
4111 Setting the task name is done within setup_new_exec() by accessing
4112 bprm->filename. However this happens after flush_old_exec().
4113 This may result in a use after free bug, flush_old_exec() may
4114 "complete" vfork_done, which will wake up the parent which in turn
4115 may free the passed in filename.
4116 To fix this add a new tcomm field in struct linux_binprm which
4117 contains the now early generated task name until it is used.
4119 Fixes this bug on s390:
4121 Unable to handle kernel pointer dereference at virtual kernel address 0000000039768000
4122 Process kworker/u:3 (pid: 245, task: 000000003a3dc840, ksp: 0000000039453818)
4123 Krnl PSW : 0704000180000000 0000000000282e94 (setup_new_exec+0xa0/0x374)
4125 ([<0000000000282e2c>] setup_new_exec+0x38/0x374)
4126 [<00000000002dd12e>] load_elf_binary+0x402/0x1bf4
4127 [<0000000000280a42>] search_binary_handler+0x38e/0x5bc
4128 [<0000000000282b6c>] do_execve_common+0x410/0x514
4129 [<0000000000282cb6>] do_execve+0x46/0x58
4130 [<00000000005bce58>] kernel_execve+0x28/0x70
4131 [<000000000014ba2e>] ____call_usermodehelper+0x102/0x140
4132 [<00000000005bc8da>] kernel_thread_starter+0x6/0xc
4133 [<00000000005bc8d4>] kernel_thread_starter+0x0/0xc
4134 Last Breaking-Event-Address:
4135 [<00000000002830f0>] setup_new_exec+0x2fc/0x374
4137 Kernel panic - not syncing: Fatal exception: panic_on_oops
4139 Reported-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
4140 Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
4141 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4143 commit d758ee9f5230893dabb5aab737b3109684bde196
4144 Author: Dan Carpenter <dan.carpenter@oracle.com>
4145 Date: Fri Feb 10 09:03:58 2012 +0100
4147 relay: prevent integer overflow in relay_open()
4149 "subbuf_size" and "n_subbufs" come from the user and they need to be
4150 capped to prevent an integer overflow.
4152 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
4153 Cc: stable@kernel.org
4154 Signed-off-by: Jens Axboe <axboe@kernel.dk>
4156 commit 40ed7b34848b8e0d7bf9a3fc21a7c75ce1ae507c
4157 Merge: b1baadf 1daebf1
4158 Author: Brad Spengler <spender@grsecurity.net>
4159 Date: Mon Feb 13 17:47:04 2012 -0500
4161 Merge branch 'pax-test' into grsec-test
4166 commit 1daebf1d623fe5b0efdd329f78562eb7078bc772
4167 Merge: 1413df2 c2db2e2
4168 Author: Brad Spengler <spender@grsecurity.net>
4169 Date: Mon Feb 13 17:45:54 2012 -0500
4171 Merge branch 'linux-3.2.y' into pax-test
4173 commit b1baadf5047ab67cf61cd20bf58c6afb09c37c7d
4174 Author: Brad Spengler <spender@grsecurity.net>
4175 Date: Sun Feb 12 16:44:05 2012 -0500
4177 add missing declaration
4179 commit 3981059c35e8463002517935c28f3d74b8e3703c
4180 Author: Brad Spengler <spender@grsecurity.net>
4181 Date: Sun Feb 12 16:36:04 2012 -0500
4183 Require CAP_SETUID/CAP_SETGID in a subject in order to change roles
4184 in addition to existing checks (this handles the setresuid ruid = euid case)
4186 commit 0beab03263c773f463412c350ad9064b44b6ede0
4187 Author: Brad Spengler <spender@grsecurity.net>
4188 Date: Sun Feb 12 16:13:40 2012 -0500
4190 Revert setreuid changes when RBAC is enabled, breaks freeradius
4191 I'll fix the learning issue Lavish reported a different way through
4194 This reverts commit d54ec64b7078f1dcb71b5d8a29e47d4a0f46c111.
4196 commit 0c61cb1cfbbfec7d07647268c922d51434d22621
4197 Author: Brad Spengler <spender@grsecurity.net>
4198 Date: Sat Feb 11 14:22:46 2012 -0500
4200 copy exec_id on fork
4202 commit 000c08e0890630086b2ed04084050ed856a7ec31
4203 Author: Brad Spengler <spender@grsecurity.net>
4204 Date: Fri Feb 10 20:00:36 2012 -0500
4208 commit 54b8c8f54484e5ee18040657827158bc4b63bccc
4209 Author: Brad Spengler <spender@grsecurity.net>
4210 Date: Fri Feb 10 19:19:52 2012 -0500
4212 Introduce enhancement to CONFIG_GRKERNSEC_PROC_MEMMAP
4213 denies reading of sensitive /proc/pid entries where the file descriptor
4214 was opened in a different task than the one performing the read
4216 commit dd19579049186e2648b9ae5e42af04cfda7ab2dc
4217 Author: Brad Spengler <spender@grsecurity.net>
4218 Date: Fri Feb 10 17:43:24 2012 -0500
4220 Remove duplicate signal check
4222 commit 6ff60c34155bb73a4eec7bbfe6f59e9d35e1c0c6
4223 Merge: 4eba97e 1413df2
4224 Author: Brad Spengler <spender@grsecurity.net>
4225 Date: Wed Feb 8 19:24:34 2012 -0500
4227 Merge branch 'pax-test' into grsec-test
4229 commit 1413df258d4664d928b876ffb57e1bdc1ccd06f6
4230 Author: Brad Spengler <spender@grsecurity.net>
4231 Date: Wed Feb 8 19:24:08 2012 -0500
4233 Merge changes from pax-linux-3.2.4-test11.patch
4235 commit 4eba97eda7f7d25b7ab6ad5c9de094545e749044
4236 Merge: 0e058dd 8dd90a2
4237 Author: Brad Spengler <spender@grsecurity.net>
4238 Date: Mon Feb 6 17:50:12 2012 -0500
4240 Merge branch 'pax-test' into grsec-test
4242 commit 8dd90a21adfeefd86134d1fedf77b958bc59eaa3
4243 Author: Brad Spengler <spender@grsecurity.net>
4244 Date: Mon Feb 6 17:49:07 2012 -0500
4246 Merge changes from pax-linux-3.2.4-test10.patch, fixes BPF JIT double-free
4248 commit a6b5dfed0937a0eb386b4b519a387f8e8177ffdc
4249 Merge: 7e4169c 6133971
4250 Author: Brad Spengler <spender@grsecurity.net>
4251 Date: Mon Feb 6 17:48:57 2012 -0500
4253 Merge branch 'linux-3.2.y' into pax-test
4255 commit 0e058dd6d14e0c67c44dd332a871f1fe1bb06095
4256 Author: Brad Spengler <spender@grsecurity.net>
4257 Date: Sun Feb 5 19:24:45 2012 -0500
4259 We now allow configurations with no PaX markings, giving the system no way to override the defaults
4261 commit 9afb0110287e31c3c56d861b4927f64f8dbd7857
4262 Author: Brad Spengler <spender@grsecurity.net>
4263 Date: Sun Feb 5 10:01:23 2012 -0500
4265 Increase the buffer size of logged TPE reason, otherwise we could truncate the "y" in directory
4267 commit a6a0ad24a5f7bef90236d94c1bdfe21d291fc834
4268 Author: Brad Spengler <spender@grsecurity.net>
4269 Date: Sat Feb 4 21:01:16 2012 -0500
4271 Improve security of ptrace-based monitoring/sandboxing
4273 http://article.gmane.org/gmane.linux.kernel.lsm/15156
4275 commit ca4ca5a1027b41f9528794e52a53ce9c47926101
4276 Author: Brad Spengler <spender@grsecurity.net>
4277 Date: Fri Feb 3 20:42:55 2012 -0500
4281 commit d54ec64b7078f1dcb71b5d8a29e47d4a0f46c111
4282 Author: Brad Spengler <spender@grsecurity.net>
4283 Date: Fri Feb 3 20:25:38 2012 -0500
4285 Reported by lavish on IRC:
4286 If a suid/sgid binary did not learn any setuid/setgid call during learning,
4287 we would not any CAP_SETUID/CAP_SETGID capability to the task, nor
4288 any restrictions on uid/gid changes. uid and gid can however be changed
4289 within a suid/sgid binary via setresuid/setresgid with ruid/rgid set to
4293 POSIX doesn't specify whether unprivileged users can perform the above
4294 setresuid/setresgid as an unprivileged user, though Linux has historically
4295 permitted them. Modify this behavior when RBAC is enabled to require
4296 CAP_SETUID/CAP_SETGID for these operations.
4298 Thanks to Lavish for the report!
4304 commit e55be1f30908f1ad4450cb0558cde71ff5c7247f
4305 Merge: ba586eb 7e4169c
4306 Author: Brad Spengler <spender@grsecurity.net>
4307 Date: Fri Feb 3 20:10:21 2012 -0500
4309 Merge branch 'pax-test' into grsec-test
4311 commit 7e4169c6c880ec9641f1178c88545913c8a21e1f
4312 Author: Brad Spengler <spender@grsecurity.net>
4313 Date: Fri Feb 3 20:10:05 2012 -0500
4315 Merge changes from pax-linux-3.2.4-test9.patch
4317 commit ba586ebbcd0ed781e38a99c580a757a00347c6eb
4318 Author: Christopher Yeoh <cyeoh@au1.ibm.com>
4319 Date: Thu Feb 2 11:34:09 2012 +1030
4321 Fix race in process_vm_rw_core
4323 This fixes the race in process_vm_core found by Oleg (see
4325 http://article.gmane.org/gmane.linux.kernel/1235667/
4329 This has been updated since I last sent it as the creation of the new
4330 mm_access() function did almost exactly the same thing as parts of the
4331 previous version of this patch did.
4333 In order to use mm_access() even when /proc isn't enabled, we move it to
4334 kernel/fork.c where other related process mm access functions already
4337 Signed-off-by: Chris Yeoh <yeohc@au1.ibm.com>
4338 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4343 mm/process_vm_access.c
4345 commit b9194d60fb9fe579f5c34817ed822abde18939a0
4346 Author: Oleg Nesterov <oleg@redhat.com>
4347 Date: Tue Jan 31 17:15:11 2012 +0100
4349 proc: make sure mem_open() doesn't pin the target's memory
4351 Once /proc/pid/mem is opened, the memory can't be released until
4352 mem_release() even if its owner exits.
4354 Change mem_open() to do atomic_inc(mm_count) + mmput(), this only
4355 pins mm_struct. Change mem_rw() to do atomic_inc_not_zero(mm_count)
4356 before access_remote_vm(), this verifies that this mm is still alive.
4358 I am not sure what should mem_rw() return if atomic_inc_not_zero()
4359 fails. With this patch it returns zero to match the "mm == NULL" case,
4360 may be it should return -EINVAL like it did before e268337d.
4362 Perhaps it makes sense to add the additional fatal_signal_pending()
4363 check into the main loop, to ensure we do not hold this memory if
4364 the target task was oom-killed.
4366 Cc: stable@kernel.org
4367 Signed-off-by: Oleg Nesterov <oleg@redhat.com>
4368 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4370 commit d4500134f9363bc79556e0e7a1fd811cd8552cc4
4371 Author: Oleg Nesterov <oleg@redhat.com>
4372 Date: Tue Jan 31 17:14:38 2012 +0100
4374 proc: mem_release() should check mm != NULL
4376 mem_release() can hit mm == NULL, add the necessary check.
4378 Cc: stable@kernel.org
4379 Signed-off-by: Oleg Nesterov <oleg@redhat.com>
4380 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4382 commit 5d1c11221a86f233fdbb232312a561f85d0a3a05
4383 Author: Oleg Nesterov <oleg@redhat.com>
4384 Date: Tue Jan 31 17:14:54 2012 +0100
4386 note: redisabled mem_write
4388 proc: unify mem_read() and mem_write()
4390 No functional changes, cleanup and preparation.
4392 mem_read() and mem_write() are very similar. Move this code into the
4393 new common helper, mem_rw(), which takes the additional "int write"
4396 Cc: stable@kernel.org
4397 Signed-off-by: Oleg Nesterov <oleg@redhat.com>
4398 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4404 commit af966b421d9f55ab7e1a8b2741beba44b22bc2e0
4405 Merge: 3903f01 01fee18
4406 Author: Brad Spengler <spender@grsecurity.net>
4407 Date: Fri Feb 3 19:50:40 2012 -0500
4409 Merge branch 'pax-test' into grsec-test
4411 commit 01fee1851aef26b898ccba5312cabf1f919b74cb
4412 Author: Brad Spengler <spender@grsecurity.net>
4413 Date: Fri Feb 3 19:49:46 2012 -0500
4415 Merge changes from pax-linux-3.2.4-test8.patch
4417 commit c2490ddbfc3f5dd664dd0e1b8575856c3be01879
4418 Merge: 201c0db 141936c
4419 Author: Brad Spengler <spender@grsecurity.net>
4420 Date: Fri Feb 3 19:49:01 2012 -0500
4422 Merge branch 'linux-3.2.y' into pax-test
4424 commit 3903f0172ecadf7a575ba3535402a1506133640a
4425 Author: Brad Spengler <spender@grsecurity.net>
4426 Date: Mon Jan 30 23:26:44 2012 -0500
4428 Implement new version of CONFIG_GRKERNSEC_SYSFS_RESTRICT
4430 We'll whitelist required directories for compatibility instead of requiring
4431 that people disable the feature entirely if they use SELinux, fuse, etc
4437 commit e3618feaa7e63807f1b88c199882075b3ec9bd05
4438 Author: Brad Spengler <spender@grsecurity.net>
4439 Date: Sun Jan 29 01:12:19 2012 -0500
4441 perform RBAC check if TPE is on but match fails, matches previous behavior
4443 commit 627b7fe22799a86e2f81a74f0e0c53474bec3100
4444 Author: Brad Spengler <spender@grsecurity.net>
4445 Date: Sat Jan 28 13:17:06 2012 -0500
4447 log more information about the reason for a TPE denial for novice users, requested by a sponsor
4449 commit efefd67008cbad8a8591e2484410966a300a39a5
4450 Author: Brad Spengler <spender@grsecurity.net>
4451 Date: Fri Jan 27 19:58:53 2012 -0500
4453 merge upstream sha512 changes
4455 commit 8a79280377db78fb2091fe01eddb9e24f75d9fe1
4456 Author: Brad Spengler <spender@grsecurity.net>
4457 Date: Fri Jan 27 19:49:07 2012 -0500
4459 drop lock on error in xfs_readlink
4461 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=aaad641eadfd3e74b0fbb68fcf539b9cef0415d0
4463 commit aa5f2f63e37f426bf2211c5fb8f7bc70de14f08a
4464 Author: Li Wang <liwang@nudt.edu.cn>
4465 Date: Thu Jan 19 09:44:36 2012 +0800
4467 eCryptfs: Infinite loop due to overflow in ecryptfs_write()
4469 ecryptfs_write() can enter an infinite loop when truncating a file to a
4470 size larger than 4G. This only happens on architectures where size_t is
4471 represented by 32 bits.
4473 This was caused by a size_t overflow due to it incorrectly being used to
4474 store the result of a calculation which uses potentially large values of
4477 [tyhicks@canonical.com: rewrite subject and commit message]
4478 Signed-off-by: Li Wang <liwang@nudt.edu.cn>
4479 Signed-off-by: Yunchuan Wen <wenyunchuan@kylinos.com.cn>
4480 Reviewed-by: Cong Wang <xiyou.wangcong@gmail.com>
4481 Cc: <stable@vger.kernel.org>
4482 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
4484 commit a7607747d0f74f357d78bb796d70635dd05f46e8
4485 Author: Tyler Hicks <tyhicks@canonical.com>
4486 Date: Thu Jan 19 20:33:44 2012 -0600
4488 eCryptfs: Check inode changes in setattr
4490 Most filesystems call inode_change_ok() very early in ->setattr(), but
4491 eCryptfs didn't call it at all. It allowed the lower filesystem to make
4492 the call in its ->setattr() function. Then, eCryptfs would copy the
4493 appropriate inode attributes from the lower inode to the eCryptfs inode.
4495 This patch changes that and actually calls inode_change_ok() on the
4496 eCryptfs inode, fairly early in ecryptfs_setattr(). Ideally, the call
4497 would happen earlier in ecryptfs_setattr(), but there are some possible
4498 inode initialization steps that must happen first.
4500 Since the call was already being made on the lower inode, the change in
4501 functionality should be minimal, except for the case of a file extending
4502 truncate call. In that case, inode_newsize_ok() was never being
4503 called on the eCryptfs inode. Rather than inode_newsize_ok() catching
4504 maximum file size errors early on, eCryptfs would encrypt zeroed pages
4505 and write them to the lower filesystem until the lower filesystem's
4506 write path caught the error in generic_write_checks(). This patch
4507 introduces a new function, called ecryptfs_inode_newsize_ok(), which
4508 checks if the new lower file size is within the appropriate limits when
4509 the truncate operation will be growing the lower file.
4511 In summary this change prevents eCryptfs truncate operations (and the
4512 resulting page encryptions), which would exceed the lower filesystem
4513 limits or FSIZE rlimits, from ever starting.
4515 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
4516 Reviewed-by: Li Wang <liwang@nudt.edu.cn>
4517 Cc: <stable@vger.kernel.org>
4519 commit 0d96f190a39505254ace4e9330219aaeda9b64e3
4520 Author: Tyler Hicks <tyhicks@canonical.com>
4521 Date: Wed Jan 18 18:30:04 2012 -0600
4523 eCryptfs: Make truncate path killable
4525 ecryptfs_write() handles the truncation of eCryptfs inodes. It grabs a
4526 page, zeroes out the appropriate portions, and then encrypts the page
4527 before writing it to the lower filesystem. It was unkillable and due to
4528 the lack of sparse file support could result in tying up a large portion
4529 of system resources, while encrypting pages of zeros, with no way for
4530 the truncate operation to be stopped from userspace.
4532 This patch adds the ability for ecryptfs_write() to detect a pending
4533 fatal signal and return as gracefully as possible. The intent is to
4534 leave the lower file in a useable state, while still allowing a user to
4535 break out of the encryption loop. If a pending fatal signal is detected,
4536 the eCryptfs inode size is updated to reflect the modified inode size
4537 and then -EINTR is returned.
4539 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
4540 Cc: <stable@vger.kernel.org>
4542 commit a02d0d2516b9e92edffeb8fca87462bca49c1f6f
4543 Author: Tyler Hicks <tyhicks@canonical.com>
4544 Date: Tue Jan 24 10:02:22 2012 -0600
4546 eCryptfs: Fix oops when printing debug info in extent crypto functions
4548 If pages passed to the eCryptfs extent-based crypto functions are not
4549 mapped and the module parameter ecryptfs_verbosity=1 was specified at
4550 loading time, a NULL pointer dereference will occur.
4552 Note that this wouldn't happen on a production system, as you wouldn't
4553 pass ecryptfs_verbosity=1 on a production system. It leaks private
4554 information to the system logs and is for debugging only.
4556 The debugging info printed in these messages is no longer very useful
4557 and rather than doing a kmap() in these debugging paths, it will be
4558 better to simply remove the debugging paths completely.
4560 https://launchpad.net/bugs/913651
4562 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
4563 Reported-by: Daniel DeFreez
4564 Cc: <stable@vger.kernel.org>
4566 commit b1c44d3054dc7f293b2e0a98c0e9e5e03e01f04c
4567 Author: Tyler Hicks <tyhicks@canonical.com>
4568 Date: Thu Jan 12 11:30:44 2012 +0100
4570 eCryptfs: Sanitize write counts of /dev/ecryptfs
4572 A malicious count value specified when writing to /dev/ecryptfs may
4573 result in a a very large kernel memory allocation.
4575 This patch peeks at the specified packet payload size, adds that to the
4576 size of the packet headers and compares the result with the write count
4577 value. The resulting maximum memory allocation size is approximately 532
4580 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
4581 Reported-by: Sasha Levin <levinsasha928@gmail.com>
4582 Cc: <stable@vger.kernel.org>
4584 commit 96dcb7282d323813181a1791f51c0ab7696b675b
4585 Merge: 6c09fa5 201c0db
4586 Author: Brad Spengler <spender@grsecurity.net>
4587 Date: Fri Jan 27 19:44:15 2012 -0500
4589 Merge branch 'pax-test' into grsec-test
4591 commit 201c0dbf177527367676028151e36d340923f033
4592 Author: Brad Spengler <spender@grsecurity.net>
4593 Date: Fri Jan 27 19:43:24 2012 -0500
4595 Merge changes from pax-linux-3.2.2-test6.patch, fixes 0 order vmalloc allocation errors
4596 on loading modules with empty sections
4598 commit 6c09fa566a7c29f00556ca12f343f2db91c4f42b
4599 Author: Brad Spengler <spender@grsecurity.net>
4600 Date: Fri Jan 27 19:42:13 2012 -0500
4604 commit 917ae526b4fcec2b3e1afefa13de9dff7d8a5423
4605 Author: Brad Spengler <spender@grsecurity.net>
4606 Date: Fri Jan 27 19:39:28 2012 -0500
4608 use LSM flags instead of duplicating checks
4610 commit 0cf3be2ea2ae43c9dd4933fb26c0429041b8acb8
4611 Merge: 44b9f11 558718b
4612 Author: Brad Spengler <spender@grsecurity.net>
4613 Date: Fri Jan 27 18:56:23 2012 -0500
4615 Merge branch 'pax-test' into grsec-test
4617 commit 558718b2217beff69edf60f34a6f9893d910e9ac
4618 Author: Brad Spengler <spender@grsecurity.net>
4619 Date: Fri Jan 27 18:56:04 2012 -0500
4621 Merge changes from pax-linux-3.2.2-test6.patch
4623 commit 44b9f1132b2de7cbf5f57525fe0f7f9fb0a76507
4624 Author: Brad Spengler <spender@grsecurity.net>
4625 Date: Fri Jan 27 18:53:55 2012 -0500
4627 don't increase the size of task_struct when unnecessary
4628 change ptrace_readexec log message
4630 commit a9c9626e054adb885883aa64f85506852894dd33
4631 Author: Brad Spengler <spender@grsecurity.net>
4632 Date: Fri Jan 27 18:16:28 2012 -0500
4634 Update documentation for CONFIG_GRKERNSEC_PTRACE_READEXEC --
4635 the protection applies to all unreadable binaries.
4637 commit 98fdf4ab69eba7a72efb2054295daafdbbc2fb8f
4638 Merge: 7b3f3af 05a1349
4639 Author: Brad Spengler <spender@grsecurity.net>
4640 Date: Wed Jan 25 20:52:09 2012 -0500
4642 Merge branch 'pax-test' into grsec-test
4649 commit 05a134966efb9cb9346ad3422888969ffc79ac1d
4650 Author: Brad Spengler <spender@grsecurity.net>
4651 Date: Wed Jan 25 20:47:36 2012 -0500
4653 Resync with pax-linux-3.2.2-test5.patch
4655 commit 5ecaafd81b229aeeb5656df36f9c8da86307f82a
4656 Merge: c6d443d 3499d64
4657 Author: Brad Spengler <spender@grsecurity.net>
4658 Date: Wed Jan 25 20:45:16 2012 -0500
4660 Merge branch 'linux-3.2.y' into pax-test (and pax-linux-3.2.2-test5.patch)
4665 commit 7b3f3afd7444613c759d68ff8c2efaebfae3bab1
4666 Author: Brad Spengler <spender@grsecurity.net>
4667 Date: Tue Jan 24 19:42:01 2012 -0500
4669 Add two new features, one is automatic by enabling CONFIG_GRKERNSEC
4670 (may be changed if it breaks some userland), the other has its own
4673 First feature requires CAP_SYS_ADMIN to write to any sysctl entry via
4674 the syscall or /proc/sys.
4676 Second feature requires read access to a suid/sgid binary in order
4677 to ptrace it, preventing infoleaking of binaries in situations where
4678 the admin has specified 4711 or 2711 perms. Feature has been
4679 given the config option CONFIG_GRKERNSEC_PTRACE_READEXEC and
4680 a sysctl entry of ptrace_readexec
4682 commit 11a7bb25c411c9dccfdca5718639b4becdffd388
4683 Author: Brad Spengler <spender@grsecurity.net>
4684 Date: Sun Jan 22 14:37:10 2012 -0500
4688 commit cd400e21c7c352baba47d6f375297a7847afb33a
4689 Author: Brad Spengler <spender@grsecurity.net>
4690 Date: Sun Jan 22 14:20:27 2012 -0500
4692 Initial port of grsecurity 2.2.2 for Linux 3.2.1
4693 Note that the new syscalls added to this kernel for remote process read/write
4694 are subject to ptrace hardening/other relevant RBAC features
4695 /proc/slabinfo is S_IRUSR via mainline now, so I made slab_allocators S_IRUSR by default
4697 pax_track_stack has been removed from support for this kernel -- if you're running this kernel
4698 you should be using a version of gcc with plugin support
4700 commit c6d443d1270f455c56a4ffe0f1dd3d3e7ec12a2f
4701 Author: Brad Spengler <spender@grsecurity.net>
4702 Date: Sun Jan 22 11:47:31 2012 -0500
4704 Import pax-linux-3.2.1-test5.patch
4705 commit bfd7db842f835f9837cd43644459b3a95b0b488d
4706 Author: Brad Spengler <spender@grsecurity.net>
4707 Date: Sun Jan 22 11:02:02 2012 -0500
4709 Allow processes to access others' /proc/pid/maps files (subject to the normal modification of data)
4710 instead of returning -EACCES
4711 thanks to Wraith from irc for the report
4713 commit 873ac13576506cd48ddb527c2540f274e249da50
4714 Merge: 34083dd 8a44fcc
4715 Author: Brad Spengler <spender@grsecurity.net>
4716 Date: Fri Jan 20 18:04:02 2012 -0500
4718 Merge branch 'pax-test' into grsec-test
4720 commit 8a44fcc90cf3368003dc84e1ed013b2e4248c9b2
4721 Author: Brad Spengler <spender@grsecurity.net>
4722 Date: Fri Jan 20 18:02:15 2012 -0500
4724 Merge the diff between pax-linux-3.2.1-test4.patch and pax-linux-3.2.1-test5.patch
4725 Denies executable shared memory when MPROTECT is active
4726 Fixes ia32 emulation crash on 64bit host introduced in a recent patch
4728 commit 34083ddf5c0b2b1c0f5e9f7d9e32ddcba223446b
4729 Author: Brad Spengler <spender@grsecurity.net>
4730 Date: Thu Jan 19 20:23:14 2012 -0500
4732 Introduce new GRKERNSEC_SETXID implementation
4733 We're not able to change the credentials of other threads in the process until at most
4734 one syscall after the first thread does it, since we mark the threads as needing rescheduling
4735 and such work occurs on syscall exit.
4736 This does however ensure that we're only modifying the current task's credentials
4737 which upholds RCU expectations
4739 Many thanks to corsac for testing
4741 commit 5f900ad54d3992a4e1cda88273acc2f897a42e71
4742 Author: Brad Spengler <spender@grsecurity.net>
4743 Date: Thu Jan 19 17:42:48 2012 -0500
4747 commit f02e444f7b2fb286f99d3b4031ff4e44a4606c37
4748 Author: Brad Spengler <spender@grsecurity.net>
4749 Date: Thu Jan 19 17:08:16 2012 -0500
4751 Commit the latest silent fix for a local privilege escalation from Linus
4752 Also disable writing to /proc/pid/mem
4753 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e268337dfe26dfc7efd422a804dbb27977a3cccc
4755 commit 814d38c72b1ee3338294576a05af4f6ca9cffa6c
4756 Merge: 0394a3f 7e6299b
4757 Author: Brad Spengler <spender@grsecurity.net>
4758 Date: Wed Jan 18 20:22:09 2012 -0500
4760 Merge branch 'pax-test' into grsec-test
4762 commit 7e6299b4733c082dde930375dd207b63237751ec
4763 Merge: 83555fb 9bb1282
4764 Author: Brad Spengler <spender@grsecurity.net>
4765 Date: Wed Jan 18 20:21:37 2012 -0500
4767 Merge branch 'linux-3.1.y' into pax-test
4769 commit 0394a3f36c6195dcaf22e265c94d11bb7338c6f7
4770 Author: Jesper Juhl <jj@chaosbits.net>
4771 Date: Sun Jan 8 22:44:29 2012 +0100
4773 audit: always follow va_copy() with va_end()
4775 A call to va_copy() should always be followed by a call to va_end() in
4776 the same function. In kernel/autit.c::audit_log_vformat() this is not
4777 always done. This patch makes sure va_end() is always called.
4779 Signed-off-by: Jesper Juhl <jj@chaosbits.net>
4780 Cc: Al Viro <viro@zeniv.linux.org.uk>
4781 Cc: Eric Paris <eparis@redhat.com>
4782 Cc: Andrew Morton <akpm@linux-foundation.org>
4783 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4785 commit fcbb39319e88bfdf70efe3931cf80a9f23b1a4d9
4786 Author: Andi Kleen <ak@linux.intel.com>
4787 Date: Thu Jan 12 17:20:30 2012 -0800
4789 panic: don't print redundant backtraces on oops
4791 When an oops causes a panic and panic prints another backtrace it's pretty
4792 common to have the original oops data be scrolled away on a 80x50 screen.
4794 The second backtrace is quite redundant and not needed anyways.
4796 So don't print the panic backtrace when oops_in_progress is true.
4798 [akpm@linux-foundation.org: add comment]
4799 Signed-off-by: Andi Kleen <ak@linux.intel.com>
4800 Cc: Michael Holzheu <holzheu@linux.vnet.ibm.com>
4801 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
4802 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4804 commit 22e4717d04333e2aff6d5d1b2c1b16045f367a1f
4805 Author: Miklos Szeredi <mszeredi@suse.cz>
4806 Date: Thu Jan 12 17:59:46 2012 +0100
4808 fsnotify: don't BUG in fsnotify_destroy_mark()
4810 Removing the parent of a watched file results in "kernel BUG at
4811 fs/notify/mark.c:139".
4815 add "-w /tmp/audit/dir/watched_file" to audit.rules
4816 rm -rf /tmp/audit/dir
4818 This is caused by fsnotify_destroy_mark() being called without an
4819 extra reference taken by the caller.
4821 Reported by Francesco Cosoleto here:
4823 https://bugzilla.novell.com/show_bug.cgi?id=689860
4825 Fix by removing the BUG_ON and adding a comment about not accessing mark after
4828 Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
4829 CC: stable@vger.kernel.org
4830 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4832 commit 1a90cff66ed00cd57bf00a990d13e95060fa362c
4833 Author: Paolo Bonzini <pbonzini@redhat.com>
4834 Date: Thu Jan 12 16:01:28 2012 +0100
4836 block: fail SCSI passthrough ioctls on partition devices
4838 Linux allows executing the SG_IO ioctl on a partition or LVM volume, and
4839 will pass the command to the underlying block device. This is
4840 well-known, but it is also a large security problem when (via Unix
4841 permissions, ACLs, SELinux or a combination thereof) a program or user
4842 needs to be granted access only to part of the disk.
4844 This patch lets partitions forward a small set of harmless ioctls;
4845 others are logged with printk so that we can see which ioctls are
4846 actually sent. In my tests only CDROM_GET_CAPABILITY actually occurred.
4847 Of course it was being sent to a (partition on a) hard disk, so it would
4848 have failed with ENOTTY and the patch isn't changing anything in
4849 practice. Still, I'm treating it specially to avoid spamming the logs.
4851 In principle, this restriction should include programs running with
4852 CAP_SYS_RAWIO. If for example I let a program access /dev/sda2 and
4853 /dev/sdb, it still should not be able to read/write outside the
4854 boundaries of /dev/sda2 independent of the capabilities. However, for
4855 now programs with CAP_SYS_RAWIO will still be allowed to send the
4856 ioctls. Their actions will still be logged.
4858 This patch does not affect the non-libata IDE driver. That driver
4859 however already tests for bd != bd->bd_contains before issuing some
4860 ioctl; it could be restricted further to forbid these ioctls even for
4861 programs running with CAP_SYS_ADMIN/CAP_SYS_RAWIO.
4863 Cc: linux-scsi@vger.kernel.org
4864 Cc: Jens Axboe <axboe@kernel.dk>
4865 Cc: James Bottomley <JBottomley@parallels.com>
4866 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4867 [ Make it also print the command name when warning - Linus ]
4868 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4870 commit b41a1178caa15bd7d6d5b36c04c7b1ead05717e2
4871 Author: Paolo Bonzini <pbonzini@redhat.com>
4872 Date: Thu Jan 12 16:01:27 2012 +0100
4874 block: add and use scsi_blk_cmd_ioctl
4876 Introduce a wrapper around scsi_cmd_ioctl that takes a block device.
4878 The function will then be enhanced to detect partition block devices
4879 and, in that case, subject the ioctls to whitelisting.
4881 Cc: linux-scsi@vger.kernel.org
4882 Cc: Jens Axboe <axboe@kernel.dk>
4883 Cc: James Bottomley <JBottomley@parallels.com>
4884 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4885 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4887 commit 97a79814903fc350e1d13704ea31528a42705401
4888 Author: Kees Cook <keescook@chromium.org>
4889 Date: Sat Jan 7 10:41:04 2012 -0800
4891 audit: treat s_id as an untrusted string
4893 The use of s_id should go through the untrusted string path, just to be
4896 Signed-off-by: Kees Cook <keescook@chromium.org>
4897 Acked-by: Mimi Zohar <zohar@us.ibm.com>
4898 Signed-off-by: Eric Paris <eparis@redhat.com>
4900 commit 2d3f39e9dd73f26a8248fd4442f110d983c5b419
4901 Author: Xi Wang <xi.wang@gmail.com>
4902 Date: Tue Dec 20 18:39:41 2011 -0500
4904 audit: fix signedness bug in audit_log_execve_info()
4906 In the loop, a size_t "len" is used to hold the return value of
4907 audit_log_single_execve_arg(), which returns -1 on error. In that
4908 case the error handling (len <= 0) will be bypassed since "len" is
4909 unsigned, and the loop continues with (p += len) being wrapped.
4910 Change the type of "len" to signed int to fix the error handling.
4915 len = audit_log_single_execve_arg(...);
4921 Signed-off-by: Xi Wang <xi.wang@gmail.com>
4922 Signed-off-by: Eric Paris <eparis@redhat.com>
4924 commit 1b3dc2ea3204fb22b9d0d30b2b7953991f5be594
4925 Author: Dan Carpenter <dan.carpenter@oracle.com>
4926 Date: Tue Jan 17 03:28:51 2012 -0300
4928 [media] ds3000: using logical && instead of bitwise &
4930 The intent here was to test if the FE_HAS_LOCK was set. The current
4931 test is equivalent to "if (status) { ..."
4933 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
4934 Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
4936 commit 36522330dc59d2fc70c042f3f081d75c32b6259a
4937 Author: Brad Spengler <spender@grsecurity.net>
4938 Date: Mon Jan 16 13:10:38 2012 -0500
4940 Ignore the 0 signal for protected task RBAC checks
4942 commit d513acd55f7a683f6e146a4f570cdb63300479ab
4943 Author: Brad Spengler <spender@grsecurity.net>
4944 Date: Mon Jan 16 11:56:13 2012 -0500
4948 commit ced261c4b82818c700aff8487f647f6f3e5b5122
4949 Merge: d48751f 83555fb
4950 Author: Brad Spengler <spender@grsecurity.net>
4951 Date: Fri Jan 13 20:12:54 2012 -0500
4953 Merge branch 'pax-test' into grsec-test
4955 commit 83555fb431e5be6c0e09687ff3bdc583f0caf9d9
4956 Merge: fcd8129 93dad39
4957 Author: Brad Spengler <spender@grsecurity.net>
4958 Date: Fri Jan 13 20:12:43 2012 -0500
4960 Merge branch 'linux-3.1.y' into pax-test
4962 commit d48751f3919ae855fda0ff6c149db82442329253
4963 Author: Brad Spengler <spender@grsecurity.net>
4964 Date: Wed Jan 11 19:05:47 2012 -0500
4966 Call our own set_user when forcing change to new id
4968 commit 26d9d497f6b926bc1699980aa18c360a3d3c52a0
4969 Merge: e6578ff fcd8129
4970 Author: Brad Spengler <spender@grsecurity.net>
4971 Date: Tue Jan 10 16:00:10 2012 -0500
4973 Merge branch 'pax-test' into grsec-test
4975 commit fcd8129277601f2e2d5a2066120cf8b2472d7d1f
4976 Author: Brad Spengler <spender@grsecurity.net>
4977 Date: Tue Jan 10 15:58:43 2012 -0500
4979 Merge changes from pax-linux-3.1.8-test23.patch
4981 commit e6578ff3e7629c432ed9b99bde6af2a1c00279b5
4982 Merge: 8859ec3 a120549
4983 Author: Brad Spengler <spender@grsecurity.net>
4984 Date: Fri Jan 6 21:45:56 2012 -0500
4986 Merge branch 'pax-test' into grsec-test
4988 commit a12054967a77090de1caa07c41e694a77db4e237
4989 Author: Brad Spengler <spender@grsecurity.net>
4990 Date: Fri Jan 6 21:45:30 2012 -0500
4992 Merge changes from pax-linux-3.1.8-test22.patch
4994 commit 8859ec32f9815c274df65448f9f2960176c380d3
4995 Merge: a5016b4 ddd4114
4996 Author: Brad Spengler <spender@grsecurity.net>
4997 Date: Fri Jan 6 21:26:08 2012 -0500
4999 Merge branch 'pax-test' into grsec-test
5005 commit ddd41147e158a79704983a409b7433eba797cf66
5006 Author: Brad Spengler <spender@grsecurity.net>
5007 Date: Fri Jan 6 21:12:42 2012 -0500
5009 Resync with PaX patch (whitespace difference)
5011 commit 29e569df8205c5f0e043fe4803aa984406c8b118
5012 Author: Brad Spengler <spender@grsecurity.net>
5013 Date: Fri Jan 6 21:09:47 2012 -0500
5015 Merge changes from pax-linux-3.1.8-test21.patch
5017 commit a5016b4f9c09c337b17e063a7f369af1e86d944d
5018 Merge: 0124c92 04231d5
5019 Author: Brad Spengler <spender@grsecurity.net>
5020 Date: Fri Jan 6 18:52:20 2012 -0500
5022 Merge branch 'pax-test' into grsec-test
5024 commit 04231d52dc8d0d6788a6bc6709dc046d3eb37097
5025 Merge: 7bdddeb a919904
5026 Author: Brad Spengler <spender@grsecurity.net>
5027 Date: Fri Jan 6 18:51:50 2012 -0500
5029 Merge branch 'linux-3.1.y' into pax-test
5034 commit 0124c9264234c450904a0a5fa2f8c608ab8e3796
5035 Author: Brad Spengler <spender@grsecurity.net>
5036 Date: Fri Jan 6 18:33:05 2012 -0500
5038 Make GRKERNSEC_SETXID option compatible with credential debugging
5040 commit 69919c6da7cf8a781439da15b597a7d6bc9b3abe
5041 Author: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
5042 Date: Wed Dec 28 15:57:11 2011 -0800
5044 mm/mempolicy.c: refix mbind_range() vma issue
5046 commit 8aacc9f550 ("mm/mempolicy.c: fix pgoff in mbind vma merge") is the
5047 slightly incorrect fix.
5049 Why? Think following case.
5051 1. map 4 pages of a file at offset 0
5055 2. map 2 pages just after the first mapping of the same file but with
5060 3. mbind() 2 pages from the first mapping at offset 2.
5061 mbind_range() should treat new vma is,
5073 Oops. then, it makes wrong vma merge and splitting ([01][0123] or similar).
5075 This patch fixes it.
5078 test result - before the patch
5080 case4: 126: test failed. expect '2,4', actual '2,2,2'
5085 case_n: 246: test failed. expect '4,2', actual '1,4'
5087 ------------[ cut here ]------------
5088 kernel BUG at mm/filemap.c:135!
5089 invalid opcode: 0000 [#4] SMP DEBUG_PAGEALLOC
5091 (snip long bug on messages)
5093 test result - after the patch
5102 source: mbind_vma_test.c
5103 ============================================================
5106 #include <sys/mman.h>
5112 static unsigned long pagesize;
5114 struct bitmask *nmask;
5117 char retbuf[10240] = "";
5120 char *rubysrc = "ruby -e '\
5124 s = `pmap -q #{pid}`; \
5126 s.each_line {|line|; \
5127 ary=line.split(\" \"); \
5128 addr = ary[0].to_i(16); \
5129 if(vstart <= addr && addr < vend) then \
5130 rary.push(ary[1].to_i()/4); \
5133 print rary.join(\",\"); \
5141 nmask = numa_allocate_nodemask();
5142 numa_bitmask_setbit(nmask, 0);
5144 pagesize = getpagesize();
5146 sprintf(buf, "%s", "mbind_vma_XXXXXX");
5147 mapped_fd = mkstemp(buf);
5148 if (mapped_fd == -1)
5149 perror("mkstemp "), exit(1);
5152 if (lseek(mapped_fd, pagesize*8, SEEK_SET) < 0)
5153 perror("lseek "), exit(1);
5154 if (write(mapped_fd, "\0", 1) < 0)
5155 perror("write "), exit(1);
5157 addr = mmap(NULL, pagesize*8, PROT_NONE,
5158 MAP_SHARED, mapped_fd, 0);
5159 if (addr == MAP_FAILED)
5160 perror("mmap "), exit(1);
5162 if (mprotect(addr+pagesize, pagesize*6, PROT_READ|PROT_WRITE) < 0)
5163 perror("mprotect "), exit(1);
5165 mmap_addr = addr + pagesize;
5167 /* make page populate */
5168 memset(mmap_addr, 0, pagesize*6);
5173 void* addr = mmap_addr - pagesize;
5174 munmap(addr, pagesize*8);
5176 memset(buf, 0, sizeof(buf));
5177 memset(retbuf, 0, sizeof(retbuf));
5180 void mem_bind(int index, int len)
5184 err = mbind(mmap_addr+pagesize*index, pagesize*len,
5185 MPOL_BIND, nmask->maskp, nmask->size, 0);
5187 perror("mbind "), exit(err);
5190 void mem_interleave(int index, int len)
5194 err = mbind(mmap_addr+pagesize*index, pagesize*len,
5195 MPOL_INTERLEAVE, nmask->maskp, nmask->size, 0);
5197 perror("mbind "), exit(err);
5200 void mem_unbind(int index, int len)
5204 err = mbind(mmap_addr+pagesize*index, pagesize*len,
5205 MPOL_DEFAULT, NULL, 0, 0);
5207 perror("mbind "), exit(err);
5210 void Assert(char *expected, char *value, char *name, int line)
5212 if (strcmp(expected, value) == 0) {
5213 fprintf(stderr, "%s: passed\n", name);
5217 fprintf(stderr, "%s: %d: test failed. expect '%s', actual '%s'\n",
5234 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5239 file = popen(buf, "r");
5240 fread(retbuf, sizeof(retbuf), 1, file);
5241 Assert("2,4", retbuf, "case4", __LINE__);
5256 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5261 file = popen(buf, "r");
5262 fread(retbuf, sizeof(retbuf), 1, file);
5263 Assert("4,2", retbuf, "case5", __LINE__);
5277 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5283 file = popen(buf, "r");
5284 fread(retbuf, sizeof(retbuf), 1, file);
5285 Assert("6", retbuf, "case6", __LINE__);
5299 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5302 mem_interleave(4, 2);
5305 file = popen(buf, "r");
5306 fread(retbuf, sizeof(retbuf), 1, file);
5307 Assert("4,2", retbuf, "case7", __LINE__);
5321 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5324 mem_interleave(4, 2);
5325 mem_interleave(2, 2);
5327 file = popen(buf, "r");
5328 fread(retbuf, sizeof(retbuf), 1, file);
5329 Assert("2,4", retbuf, "case8", __LINE__);
5337 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5339 /* make redundunt mappings [0][1234][34][7] */
5340 mmap(mmap_addr + pagesize*4, pagesize*2, PROT_READ|PROT_WRITE,
5341 MAP_FIXED|MAP_SHARED, mapped_fd, pagesize*3);
5343 /* Expect to do nothing. */
5346 file = popen(buf, "r");
5347 fread(retbuf, sizeof(retbuf), 1, file);
5348 Assert("4,2", retbuf, "case_n", __LINE__);
5353 int main(int argc, char** argv)
5364 =============================================================
5366 Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
5367 Acked-by: Johannes Weiner <hannes@cmpxchg.org>
5368 Cc: Minchan Kim <minchan.kim@gmail.com>
5369 Cc: Caspar Zhang <caspar@casparzhang.com>
5370 Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
5371 Cc: Christoph Lameter <cl@linux.com>
5372 Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
5373 Cc: Mel Gorman <mel@csn.ul.ie>
5374 Cc: Lee Schermerhorn <lee.schermerhorn@hp.com>
5375 Cc: <stable@vger.kernel.org> [3.1.x]
5376 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
5377 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
5379 commit f3a1082005781777086df235049f8c0b7efe524e
5380 Author: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
5381 Date: Tue Dec 27 22:32:41 2011 -0500
5383 packet: fix possible dev refcnt leak when bind fail
5385 If bind is fail when bind is called after set PACKET_FANOUT
5386 sock option, the dev refcnt will leak.
5388 Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
5389 Signed-off-by: David S. Miller <davem@davemloft.net>
5391 commit 915f8b08dac68839dc7204ee81cf9852fda16d24
5392 Author: Haogang Chen <haogangchen@gmail.com>
5393 Date: Mon Dec 19 17:11:56 2011 -0800
5395 nilfs2: potential integer overflow in nilfs_ioctl_clean_segments()
5397 There is a potential integer overflow in nilfs_ioctl_clean_segments().
5398 When a large argv[n].v_nmembs is passed from the userspace, the subsequent
5399 call to vmalloc() will allocate a buffer smaller than expected, which
5400 leads to out-of-bound access in nilfs_ioctl_move_blocks() and
5401 lfs_clean_segments().
5403 The following check does not prevent the overflow because nsegs is also
5404 controlled by the userspace and could be very large.
5406 if (argv[n].v_nmembs > nsegs * nilfs->ns_blocks_per_segment)
5409 This patch clamps argv[n].v_nmembs to UINT_MAX / argv[n].v_size, and
5410 returns -EINVAL when overflow.
5412 Signed-off-by: Haogang Chen <haogangchen@gmail.com>
5413 Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
5414 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
5415 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
5417 commit 006afb6eb7a7398edc0068c3a7b9510ffaf80f72
5418 Author: Kautuk Consul <consul.kautuk@gmail.com>
5419 Date: Mon Dec 19 17:12:04 2011 -0800
5421 mm/vmalloc.c: remove static declaration of va from __get_vm_area_node
5423 Static storage is not required for the struct vmap_area in
5426 Removing "static" to store this variable on the stack instead.
5428 Signed-off-by: Kautuk Consul <consul.kautuk@gmail.com>
5429 Acked-by: David Rientjes <rientjes@google.com>
5430 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
5431 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
5433 commit 461ecdf221edb089e5fa0d5563e1688cd0a36f66
5434 Author: Michel Lespinasse <walken@google.com>
5435 Date: Mon Dec 19 17:12:06 2011 -0800
5437 binary_sysctl(): fix memory leak
5439 binary_sysctl() calls sysctl_getname() which allocates from names_cache
5440 slab usin __getname()
5442 The matching function to free the name is __putname(), and not putname()
5443 which should be used only to match getname() allocations.
5445 This is because when auditing is enabled, putname() calls audit_putname
5446 *instead* (not in addition) to __putname(). Then, if a syscall is in
5447 progress, audit_putname does not release the name - instead, it expects
5448 the name to get released when the syscall completes, but that will happen
5449 only if audit_getname() was called previously, i.e. if the name was
5450 allocated with getname() rather than the naked __getname(). So,
5451 __getname() followed by putname() ends up leaking memory.
5453 Signed-off-by: Michel Lespinasse <walken@google.com>
5454 Acked-by: Al Viro <viro@zeniv.linux.org.uk>
5455 Cc: Christoph Hellwig <hch@infradead.org>
5456 Cc: Eric Paris <eparis@redhat.com>
5457 Cc: <stable@vger.kernel.org>
5458 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
5459 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
5461 commit 0a2cd3ef50c0bae70d59c74a77db0455d26fde56
5462 Author: Sean Hefty <sean.hefty@intel.com>
5463 Date: Tue Dec 6 21:17:11 2011 +0000
5465 RDMA/cma: Verify private data length
5467 private_data_len is defined as a u8. If the user specifies a large
5468 private_data size (> 220 bytes), we will calculate a total length that
5469 exceeds 255, resulting in private_data_len wrapping back to 0. This
5470 can lead to overwriting random kernel memory. Avoid this by verifying
5471 that the resulting size fits into a u8.
5473 Reported-by: B. Thery <benjamin.thery@bull.net>
5474 Addresses: <http://bugs.openfabrics.org/bugzilla/show_bug.cgi?id=2335>
5475 Signed-off-by: Sean Hefty <sean.hefty@intel.com>
5476 Signed-off-by: Roland Dreier <roland@purestorage.com>
5478 commit 6b618c54aaec99078629ec5b9575cb7d6fc31176
5479 Author: Xi Wang <xi.wang@gmail.com>
5480 Date: Sun Dec 11 23:40:56 2011 -0800
5482 Input: cma3000_d0x - fix signedness bug in cma3000_thread_irq()
5484 The error check (intr_status < 0) didn't work because intr_status is
5485 a u8. Change its type to signed int.
5487 Signed-off-by: Xi Wang <xi.wang@gmail.com>
5488 Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
5490 commit e27f34e383d7863b2528a63b81b23db09781f6b6
5491 Author: Xi Wang <xi.wang@gmail.com>
5492 Date: Fri Dec 16 12:44:15 2011 +0000
5494 sctp: fix incorrect overflow check on autoclose
5496 Commit 8ffd3208 voids the previous patches f6778aab and 810c0719 for
5497 limiting the autoclose value. If userspace passes in -1 on 32-bit
5498 platform, the overflow check didn't work and autoclose would be set
5501 This patch defines a max_autoclose (in seconds) for limiting the value
5502 and exposes it through sysctl, with the following intentions.
5504 1) Avoid overflowing autoclose * HZ.
5506 2) Keep the default autoclose bound consistent across 32- and 64-bit
5507 platforms (INT_MAX / HZ in this patch).
5509 3) Keep the autoclose value consistent between setsockopt() and
5512 Suggested-by: Vlad Yasevich <vladislav.yasevich@hp.com>
5513 Signed-off-by: Xi Wang <xi.wang@gmail.com>
5514 Signed-off-by: David S. Miller <davem@davemloft.net>
5516 commit 8ebdfaad2f46ff0ac9fef9858e436bcc712a1ac8
5517 Author: Xi Wang <xi.wang@gmail.com>
5518 Date: Wed Dec 21 05:18:33 2011 -0500
5520 vmwgfx: fix incorrect VRAM size check in vmw_kms_fb_create()
5522 Commit e133e737 didn't correctly fix the integer overflow issue.
5524 - unsigned int required_size;
5525 + u64 required_size;
5527 required_size = mode_cmd->pitch * mode_cmd->height;
5528 - if (unlikely(required_size > dev_priv->vram_size)) {
5529 + if (unlikely(required_size > (u64) dev_priv->vram_size)) {
5531 Note that both pitch and height are u32. Their product is still u32 and
5532 would overflow before being assigned to required_size. A correct way is
5533 to convert pitch and height to u64 before the multiplication.
5535 required_size = (u64)mode_cmd->pitch * (u64)mode_cmd->height;
5537 This patch calls the existing vmw_kms_validate_mode_vram() for
5540 Signed-off-by: Xi Wang <xi.wang@gmail.com>
5541 Reviewed-and-tested-by: Thomas Hellstrom <thellstrom@vmware.com>
5542 Signed-off-by: Dave Airlie <airlied@redhat.com>
5546 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
5548 commit eb8f0bd01fb994c9abc77dc84729794cd841753d
5549 Author: Xi Wang <xi.wang@gmail.com>
5550 Date: Thu Dec 22 13:35:22 2011 +0000
5552 rps: fix insufficient bounds checking in store_rps_dev_flow_table_cnt()
5554 Setting a large rps_flow_cnt like (1 << 30) on 32-bit platform will
5555 cause a kernel oops due to insufficient bounds checking.
5557 if (count > 1<<30) {
5558 /* Enforce a limit to prevent overflow */
5561 count = roundup_pow_of_two(count);
5562 table = vmalloc(RPS_DEV_FLOW_TABLE_SIZE(count));
5564 Note that the macro RPS_DEV_FLOW_TABLE_SIZE(count) is defined as:
5566 ... + (count * sizeof(struct rps_dev_flow))
5568 where sizeof(struct rps_dev_flow) is 8. (1 << 30) * 8 will overflow
5571 This patch replaces the magic number (1 << 30) with a symbolic bound.
5573 Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
5574 Signed-off-by: Xi Wang <xi.wang@gmail.com>
5575 Signed-off-by: David S. Miller <davem@davemloft.net>
5577 commit 648188958672024b616c42c1f6c98c8cfc85619d
5578 Author: Xi Wang <xi.wang@gmail.com>
5579 Date: Fri Dec 30 10:40:17 2011 -0500
5581 netfilter: ctnetlink: fix timeout calculation
5583 The sanity check (timeout < 0) never works; the dividend is unsigned
5584 and so is the division, which should have been a signed division.
5586 long timeout = (ct->timeout.expires - jiffies) / HZ;
5590 This patch converts the time values to signed for the division.
5592 Signed-off-by: Xi Wang <xi.wang@gmail.com>
5593 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
5595 commit ab03a0973cee73f88655ff4981812ad316a6cd59
5596 Merge: 76f82df 7bdddeb
5597 Author: Brad Spengler <spender@grsecurity.net>
5598 Date: Tue Jan 3 17:42:50 2012 -0500
5600 Merge branch 'pax-test' into grsec-test
5602 commit 7bdddebd9d274a344a1c57a561152160c9e9a32a
5603 Merge: 3e59cb5 55cc81a
5604 Author: Brad Spengler <spender@grsecurity.net>
5605 Date: Tue Jan 3 17:42:36 2012 -0500
5607 Merge branch 'linux-3.1.y' into pax-test
5609 commit 76f82df18ba181687f454426fa9ced7a92b2ac1f
5610 Author: Brad Spengler <spender@grsecurity.net>
5611 Date: Thu Dec 22 20:15:02 2011 -0500
5613 Only further restrict futex targeting another process -- our modified
5614 permission check also happened to allow a case where a process retaining
5615 uid 0 could issue futex syscalls against other uid 0 tasks, despite the euid
5616 being non-zero (reported on forums by ben_w)
5618 commit 6b235a4450a5fea41663ec35fa0608988b6078c6
5619 Merge: 97c16f0 3e59cb5
5620 Author: Brad Spengler <spender@grsecurity.net>
5621 Date: Thu Dec 22 19:11:06 2011 -0500
5623 Merge branch 'pax-test' into grsec-test
5628 commit 3e59cb503d4ca6ce0954b8d3eb508cf7d1a31f50
5629 Merge: 285eb4e c26f60b
5630 Author: Brad Spengler <spender@grsecurity.net>
5631 Date: Thu Dec 22 19:09:57 2011 -0500
5633 Merge branch 'linux-3.1.y' into pax-test
5636 arch/x86/kernel/process.c
5638 commit 97c16f0fcff592160c1787bd1c56ae7ad070ac17
5639 Author: Brad Spengler <spender@grsecurity.net>
5640 Date: Mon Dec 19 21:54:01 2011 -0500
5642 Add new option: "Enforce consistent multithreaded privileges"
5644 commit 7d125a16a5245b2bafc9184b8f93e864394ba1cb
5645 Author: Brad Spengler <spender@grsecurity.net>
5646 Date: Wed Dec 7 19:58:31 2011 -0500
5648 Remove harmless duplicate code -- exec_file would be null already so the
5649 second check would never pass.
5651 commit 4e3304e94aa72737810bc50169519af157dce4ce
5652 Author: Brad Spengler <spender@grsecurity.net>
5653 Date: Wed Dec 7 19:50:39 2011 -0500
5655 Revert back to (possibly?) undocumented /proc/pid behavior that gdb
5656 depended on for attaching to a thread. Entries exist in /proc for
5657 threads, but are not visible in a readdir.
5659 commit 1bd899335f23815cfe8deac44c6b346398f3b95e
5660 Author: Brad Spengler <spender@grsecurity.net>
5661 Date: Sun Dec 4 18:03:28 2011 -0500
5663 Put the already-walked path if in RCU-walk mode
5665 commit ec7ae36b7159f10649709779443a988662965d66
5666 Author: Brad Spengler <spender@grsecurity.net>
5667 Date: Sun Dec 4 17:35:21 2011 -0500
5669 Fix memory leak introduced by recent (unpublished) commit
5670 75ab998b94a29d464518d6d501bdde3fbfcbfa14
5672 commit 1e2318a8ea2e67eaf17236be374b5da8a5ba5e04
5673 Author: Brad Spengler <spender@grsecurity.net>
5674 Date: Sun Dec 4 13:56:10 2011 -0500
5676 Explicitly check size copied to userland in override_release to silence gcc
5678 commit c30a85d0fff67e0724e726febb934c0b6fa01c6c
5679 Author: Brad Spengler <spender@grsecurity.net>
5680 Date: Sun Dec 4 13:54:02 2011 -0500
5682 Initialize variable to silence erroneous gcc warning
5684 commit 2cf8e7a3bf4e97b2cd3de9ebc453bc505dc7eb78
5685 Author: Brad Spengler <spender@grsecurity.net>
5686 Date: Sun Dec 4 13:47:47 2011 -0500
5688 Future-proof other potential RCU-aware locations where we can log.
5690 commit 0c904e8c7ea0338c47c7ae825e093a152dc8f8a8
5691 Author: Brad Spengler <spender@grsecurity.net>
5692 Date: Sun Dec 4 13:02:54 2011 -0500
5694 Fix freeze reported by 'vs' on the forums. Bug occurred due to
5695 MAY_NOT_BLOCK added to Linux 3.1. Our logging code, when a capability used
5696 in generic_permission() was in the task's effective set but disallowed by
5697 RBAC, would block when acquiring locks resulting in the freeze.
5699 Also update the ordering of checks so that CAP_DAC_READ_SEARCH isn't logged
5700 as being required when CAP_DAC_OVERRIDE is present (consistent with
5703 commit ab694e5eccfbc369baa593ebc1269d1908cf16dc
5704 Author: Xi Wang <xi.wang@gmail.com>
5705 Date: Tue Nov 29 09:26:30 2011 +0000
5707 sctp: better integer overflow check in sctp_auth_create_key()
5709 The check from commit 30c2235c is incomplete and cannot prevent
5710 cases like key_len = 0x80000000 (INT_MAX + 1). In that case, the
5711 left-hand side of the check (INT_MAX - key_len), which is unsigned,
5712 becomes 0xffffffff (UINT_MAX) and bypasses the check.
5714 However this shouldn't be a security issue. The function is called
5715 from the following two code paths:
5719 2) sctp_auth_asoc_set_secret()
5721 In case (1), sca_keylength is never going to exceed 65535 since it's
5722 bounded by a u16 from the user API. As such, the key length will
5725 In case (2), sca_keylength is computed based on the user key (1 short)
5726 and 2 * key_vector (3 shorts) for a total of 7 * USHRT_MAX, which still
5729 In other words, this overflow check is not really necessary. Just
5730 make it more correct.
5732 Signed-off-by: Xi Wang <xi.wang@gmail.com>
5733 Cc: Vlad Yasevich <vladislav.yasevich@hp.com>
5734 Signed-off-by: David S. Miller <davem@davemloft.net>
5736 commit e565e28c3635a1d50f80541fbf6b606d742fec76
5737 Author: Josh Boyer <jwboyer@redhat.com>
5738 Date: Fri Aug 19 14:50:26 2011 -0400
5740 fs/minix: Verify bitmap block counts before mounting
5742 Newer versions of MINIX can create filesystems that allocate an extra
5743 bitmap block. Mounting of this succeeds, but doing a statfs call will
5744 result in an oops in count_free because of a negative number being used
5747 Avoid this by verifying the number of allocated blocks at mount time,
5748 erroring out if there are not enough and make statfs ignore the extras
5749 if there are too many.
5751 This fixes https://bugzilla.kernel.org/show_bug.cgi?id=18792
5753 Signed-off-by: Josh Boyer <jwboyer@redhat.com>
5754 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
5756 commit 6e134e398ec1a3f428261680e83df4319e64bed9
5757 Author: Julia Lawall <julia@diku.dk>
5758 Date: Tue Nov 15 14:53:11 2011 -0800
5760 drivers/gpu/vga/vgaarb.c: add missing kfree
5762 kbuf is a buffer that is local to this function, so all of the error paths
5763 leaving the function should release it.
5765 Signed-off-by: Julia Lawall <julia@diku.dk>
5766 Cc: Jesper Juhl <jj@chaosbits.net>
5767 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
5768 Signed-off-by: Dave Airlie <airlied@redhat.com>
5770 commit 2b9057b321e36860e8d63985b5c4e496f254b717
5771 Author: Brad Spengler <spender@grsecurity.net>
5772 Date: Sat Dec 3 21:33:28 2011 -0500
5774 Import changes between pax-linux-3.1.4-test18.patch and grsecurity-2.2.2-3.1.4-201112021740.patch
5776 commit 5dfe6091dca281a456eaff5e7b4692d768a05cfd
5777 Author: Brad Spengler <spender@grsecurity.net>
5778 Date: Sat Dec 3 21:29:37 2011 -0500
5780 Import pax-linux-3.1.4-test18.patch
5782 commit 285eb4ea45d853ae00426b3315a61c1368080dad
5783 Author: Brad Spengler <spender@grsecurity.net>
5784 Date: Sat Dec 10 18:33:46 2011 -0500
5786 Import changes from pax-linux-3.1.5-test20.patch
5788 commit a6bda918fc90ec1d5c387e978d147ad2044153f1
5789 Author: Brad Spengler <spender@grsecurity.net>
5790 Date: Thu Dec 8 20:55:54 2011 -0500
5792 Import changes from pax-linux-3.1.4-test19.patch
5794 commit e6d987bdb782b280f882cc20055e3d9cb28ad3a5
5795 Author: Brad Spengler <spender@grsecurity.net>
5796 Date: Sat Dec 3 21:29:37 2011 -0500
5798 Import pax-linux-3.1.4-test18.patch