]> git.ipfire.org Git - thirdparty/grsecurity-scrape.git/blob - test/changelog-test.txt
projects / thirdparty / grsecurity-scrape.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
grsec-scrape autocommit. 1 new patch(es).
[thirdparty/grsecurity-scrape.git] / test / changelog-test.txt
1 commit 44cb11a9470f72157601d0ad4d572d111f90f504
2 Author: Brad Spengler <spender@grsecurity.net>
3 Date: Fri Mar 22 18:11:42 2013 -0400
4
5 use VM_DONTDUMP
6
7 fs/binfmt_elf.c | 2 +-
8 1 files changed, 1 insertions(+), 1 deletions(-)
9
10 commit 92dd7f850ae63e3ddc3d262f2b7134cf54b51abb
11 Author: Brad Spengler <spender@grsecurity.net>
12 Date: Fri Mar 22 17:53:09 2013 -0400
13
14 fix recent RLIMIT_AS changes (due to vm_flags typo)
15
16 Conflicts:
17
18 fs/binfmt_elf.c
19
20 fs/binfmt_elf.c | 2 +-
21 mm/mmap.c | 2 +-
22 2 files changed, 2 insertions(+), 2 deletions(-)
23
24 commit fd5f0d92b0fbec02029dad124501a9c80e527a32
25 Author: Brad Spengler <spender@grsecurity.net>
26 Date: Fri Mar 22 17:08:48 2013 -0400
27
28 complete_walk drops rcu-walk mode, no need for our own dropping
29 method outside of generic_permission
30
31 fs/namei.c | 30 ------------------------------
32 1 files changed, 0 insertions(+), 30 deletions(-)
33
34 commit b49ab1c73edb6442eec609b26bba4d850b3111b6
35 Merge: 5e9a707 783ade9
36 Author: Brad Spengler <spender@grsecurity.net>
37 Date: Thu Mar 21 21:56:28 2013 -0400
38
39 Merge branch 'pax-test' into grsec-test
40
41 commit 783ade9f97f0f736e3c83275b7c9fcb2d6e9d9c4
42 Author: Brad Spengler <spender@grsecurity.net>
43 Date: Thu Mar 21 21:55:31 2013 -0400
44
45 Update to pax-linux-3.8.3-test11.patch:
46 - rewrote the ASLR gap accounting code once again
47 - fixed ptrace compat bug found by the size overflow plugin
48
49 fs/binfmt_elf.c | 25 ++++++++++++-------------
50 fs/exec.c | 7 ++-----
51 include/linux/compat.h | 2 +-
52 include/linux/mm.h | 5 +++++
53 include/linux/mm_types.h | 2 +-
54 kernel/ptrace.c | 2 +-
55 mm/mmap.c | 15 ++++++++++-----
56 7 files changed, 32 insertions(+), 26 deletions(-)
57
58 commit 5e9a7077d935b2279f25428c5d32fd53cbbfb92a
59 Author: Brad Spengler <spender@grsecurity.net>
60 Date: Thu Mar 21 19:37:33 2013 -0400
61
62 Make the constify plugin usage actually depend on the introduced config option
63 (it was still forced on)
64
65 tools/gcc/Makefile | 2 +-
66 1 files changed, 1 insertions(+), 1 deletions(-)
67
68 commit 1974b4f58d9d729c80ac1987785446115304a54c
69 Author: Brad Spengler <spender@grsecurity.net>
70 Date: Thu Mar 21 16:12:38 2013 -0400
71
72 fix failed merge
73
74 arch/arm/mm/fault.c | 15 +++------------
75 1 files changed, 3 insertions(+), 12 deletions(-)
76
77 commit 675a8ab4a8fe8315df348735a37a302a7535224c
78 Author: Brad Spengler <spender@grsecurity.net>
79 Date: Wed Mar 20 23:36:14 2013 -0400
80
81 From c4dab66c31612717f798e1e8ff11b57253a81a31 Mon Sep 17 00:00:00 2001
82 From: Kees Cook <keescook@chromium.org>
83 Date: Sun, 10 Mar 2013 20:09:31 +0000
84 Subject: drm/i915: bounds check execbuffer relocation count
85
86 It is possible to wrap the counter used to allocate the buffer for
87 relocation copies. This could lead to heap writing overflows.
88
89 CVE-2013-0913
90
91 Signed-off-by: Kees Cook <keescook@chromium.org>
92 Reported-by: Pinkie Pie
93 Cc: stable@vger.kernel.org
94
95 drivers/gpu/drm/i915/i915_gem_execbuffer.c | 11 ++++++++---
96 1 files changed, 8 insertions(+), 3 deletions(-)
97
98 commit ddeac12cbb9076bffd51c544e03463f94c9eaa39
99 Author: Andy Honig <ahonig@google.com>
100 Date: Wed Feb 20 14:48:10 2013 -0800
101
102 Upstream commit: 0b79459b482e85cb7426aa7da683a9f2c97aeae1
103
104 KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (CVE-2013-1797)
105
106 There is a potential use after free issue with the handling of
107 MSR_KVM_SYSTEM_TIME. If the guest specifies a GPA in a movable or removable
108 memory such as frame buffers then KVM might continue to write to that
109 address even after it's removed via KVM_SET_USER_MEMORY_REGION. KVM pins
110 the page in memory so it's unlikely to cause an issue, but if the user
111 space component re-purposes the memory previously used for the guest, then
112 the guest will be able to corrupt that memory.
113
114 Tested: Tested against kvmclock unit test
115
116 Signed-off-by: Andrew Honig <ahonig@google.com>
117 Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
118
119 arch/x86/include/asm/kvm_host.h | 4 +-
120 arch/x86/kvm/x86.c | 47 ++++++++++++++++----------------------
121 2 files changed, 22 insertions(+), 29 deletions(-)
122
123 commit 0bcac31b57c381001feb69fd6ec8069e61e03432
124 Author: Andy Honig <ahonig@google.com>
125 Date: Mon Mar 11 09:34:52 2013 -0700
126
127 Upstream commit: c300aa64ddf57d9c5d9c898a64b36877345dd4a9
128
129 KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796)
130
131 If the guest sets the GPA of the time_page so that the request to update the
132 time straddles a page then KVM will write onto an incorrect page. The
133 write is done byusing kmap atomic to get a pointer to the page for the time
134 structure and then performing a memcpy to that page starting at an offset
135 that the guest controls. Well behaved guests always provide a 32-byte aligned
136 address, however a malicious guest could use this to corrupt host kernel
137 memory.
138
139 Tested: Tested against kvmclock unit test.
140
141 Signed-off-by: Andrew Honig <ahonig@google.com>
142 Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
143
144 arch/x86/kvm/x86.c | 5 +++++
145 1 files changed, 5 insertions(+), 0 deletions(-)
146
147 commit 695c59887e4ec10b0b695ab4f645d1226c433be0
148 Author: Andy Honig <ahonig@google.com>
149 Date: Wed Feb 20 14:49:16 2013 -0800
150
151 Upstream commit: a2c118bfab8bc6b8bb213abfc35201e441693d55
152
153 KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798)
154
155 If the guest specifies a IOAPIC_REG_SELECT with an invalid value and follows
156 that with a read of the IOAPIC_REG_WINDOW KVM does not properly validate
157 that request. ioapic_read_indirect contains an
158 ASSERT(redir_index < IOAPIC_NUM_PINS), but the ASSERT has no effect in
159 non-debug builds. In recent kernels this allows a guest to cause a kernel
160 oops by reading invalid memory. In older kernels (pre-3.3) this allows a
161 guest to read from large ranges of host memory.
162
163 Tested: tested against apic unit tests.
164
165 Signed-off-by: Andrew Honig <ahonig@google.com>
166 Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
167
168 virt/kvm/ioapic.c | 7 +++++--
169 1 files changed, 5 insertions(+), 2 deletions(-)
170
171 commit c77e4017f6f372ac09751b6fcd85c35781dc2d9e
172 Merge: aec3cd4 c522e3a
173 Author: Brad Spengler <spender@grsecurity.net>
174 Date: Wed Mar 20 19:38:25 2013 -0400
175
176 Merge branch 'pax-test' into grsec-test
177
178 commit c522e3a2167ff5e18996e55ca8cca5ca6f6d29e3
179 Merge: c57d855 405acc3
180 Author: Brad Spengler <spender@grsecurity.net>
181 Date: Wed Mar 20 19:38:11 2013 -0400
182
183 Merge branch 'linux-3.8.y' into pax-test
184
185 commit aec3cd4d2bd54673b155d9ae3fb9c44becc790d1
186 Author: Brad Spengler <spender@grsecurity.net>
187 Date: Tue Mar 19 19:56:04 2013 -0400
188
189 include linux/compiler.h
190
191 include/linux/zlib.h | 1 +
192 1 files changed, 1 insertions(+), 0 deletions(-)
193
194 commit 1f1109e97bc609218e52e4bb57683d3b23cf2e8e
195 Author: Brad Spengler <spender@grsecurity.net>
196 Date: Tue Mar 19 18:42:20 2013 -0400
197
198 fix missing sock_release()
199
200 net/irda/af_irda.c | 6 ++++--
201 1 files changed, 4 insertions(+), 2 deletions(-)
202
203 commit dd65c05cd24faf8946d4941434a553ee285c35a3
204 Author: Brad Spengler <spender@grsecurity.net>
205 Date: Tue Mar 19 18:36:17 2013 -0400
206
207 fix mpt fusion infoleak
208
209 drivers/message/fusion/mptbase.c | 4 ++++
210 1 files changed, 4 insertions(+), 0 deletions(-)
211
212 commit e297b4f150b769efdc4c547d3caf1e3c0f24735f
213 Author: Brad Spengler <spender@grsecurity.net>
214 Date: Tue Mar 19 18:33:45 2013 -0400
215
216 Fix size_overflow false positive reported by slashbeast
217
218 include/linux/zlib.h | 2 +-
219 1 files changed, 1 insertions(+), 1 deletions(-)
220
221 commit 5b9982733764361c7102c2b1a9cbe42e5bf4f4be
222 Author: Brad Spengler <spender@grsecurity.net>
223 Date: Tue Mar 19 17:35:36 2013 -0400
224
225 fix up failed merge
226
227 arch/arm/mm/fault.c | 9 ++-------
228 1 files changed, 2 insertions(+), 7 deletions(-)
229
230 commit a1bdc34d1d882da3abf47923a760e5b0bbdaf0bd
231 Author: Brad Spengler <spender@grsecurity.net>
232 Date: Tue Mar 19 17:34:36 2013 -0400
233
234 update documentation on consequences of building without gcc plugin support
235
236 Makefile | 2 +-
237 1 files changed, 1 insertions(+), 1 deletions(-)
238
239 commit f49ae0f6c3bbedf6b3817ee2b1b232e0da7fa537
240 Author: Brad Spengler <spender@grsecurity.net>
241 Date: Tue Mar 19 17:18:13 2013 -0400
242
243 fix compilation failure associated with the latent entropy plugin and lack of gcc plugin support reported on the forums
244
245 init/main.c | 4 ++--
246 1 files changed, 2 insertions(+), 2 deletions(-)
247
248 commit f00195c633f91cfbd8c1f530d2c371b713026e20
249 Author: Brad Spengler <spender@grsecurity.net>
250 Date: Mon Mar 18 22:27:33 2013 -0400
251
252 Fix compile error reported by KDE on the forums
253
254 kernel/user_namespace.c | 2 +-
255 1 files changed, 1 insertions(+), 1 deletions(-)
256
257 commit 2979c6ee78aabb4421873ea53581380c6bb6ed05
258 Merge: 0949569 c57d855
259 Author: Brad Spengler <spender@grsecurity.net>
260 Date: Mon Mar 18 22:20:46 2013 -0400
261
262 Merge branch 'pax-test' into grsec-test
263
264 Conflicts:
265 arch/arm/mm/fault.c
266 arch/x86/mm/fault.c
267 fs/exec.c
268
269 commit c57d8557f5f2d77c2c7fa1f58316819a5e1f9293
270 Author: Brad Spengler <spender@grsecurity.net>
271 Date: Mon Mar 18 21:22:03 2013 -0400
272
273 Update to pax-linux-3.8.2-test9.patch:
274 arm changes from spender
275 - removed userland access to the vectors page
276 - removed obsolete sigreturn trampoline handling
277 - added emulation for __kuser_get_tls
278 - fixed missing uderef instrumentation in unaligned memory accessors (failed safe)
279 - fixed recent sysfs/power_supply attr breakage reported by Steven Allen
280 - hopefully fixed the remaining issues with aslr_gap accounting (http://forums.grsecurity.net/viewtopic.php?f=3&t=2960)
281 - changed debian packager rules to include the compiler plugins, from Tyler Coumbes <coumbes@gmail.com>
282 - fixed the sa_restorer leak discovered and reported by Emese Revfy (CVE-2013-0914, google chromium bug #177956)
283 - new size overflow plugin from Emese that instruments a whole lot more code due to tracking function return values
284 and more type casts as well. this found the above mentioned sa_restorer leak and would have protected against CVE-2013-0913.
285
286 arch/arm/kernel/process.c | 5 +-
287 arch/arm/kernel/signal.c | 24 +-
288 arch/arm/kernel/traps.c | 7 -
289 arch/arm/mm/alignment.c | 8 +
290 arch/arm/mm/fault.c | 23 +-
291 arch/arm/mm/mmu.c | 2 +-
292 arch/x86/include/asm/bitops.h | 2 +-
293 arch/x86/include/asm/desc.h | 2 +-
294 arch/x86/include/asm/div64.h | 2 +-
295 arch/x86/include/asm/io.h | 8 +-
296 arch/x86/include/asm/paravirt.h | 2 +-
297 arch/x86/kernel/cpu/perf_event_intel_uncore.c | 16 +-
298 arch/x86/kernel/setup_percpu.c | 2 +-
299 arch/x86/mm/fault.c | 4 +-
300 arch/x86/mm/numa.c | 2 +-
301 arch/x86/mm/physaddr.c | 4 +-
302 drivers/ata/libahci.c | 2 +-
303 drivers/gpu/drm/i915/i915_gem_execbuffer.c | 2 +-
304 drivers/infiniband/hw/mthca/mthca_cmd.c | 2 +-
305 drivers/infiniband/hw/mthca/mthca_mr.c | 2 +-
306 drivers/lguest/page_tables.c | 2 +-
307 drivers/net/wireless/at76c50x-usb.c | 2 +-
308 drivers/oprofile/oprofile_files.c | 2 +-
309 drivers/power/power_supply_core.c | 1 +
310 drivers/usb/core/message.c | 2 +-
311 fs/befs/endian.h | 4 +-
312 fs/binfmt_elf.c | 5 +-
313 fs/exec.c | 4 +-
314 fs/qnx6/qnx6.h | 4 +-
315 fs/sysv/sysv.h | 2 +-
316 fs/ubifs/io.c | 2 +-
317 fs/ufs/swab.h | 4 +-
318 include/linux/compat.h | 4 +-
319 include/linux/completion.h | 6 +-
320 include/linux/cpumask.h | 12 +-
321 include/linux/ctype.h | 2 +-
322 include/linux/err.h | 4 +-
323 include/linux/math64.h | 6 +-
324 include/linux/sched.h | 2 +-
325 include/linux/unaligned/access_ok.h | 12 +-
326 include/linux/usb.h | 2 +-
327 include/uapi/linux/byteorder/little_endian.h | 4 +-
328 include/uapi/linux/swab.h | 6 +-
329 kernel/sched/core.c | 6 +-
330 kernel/signal.c | 3 +
331 kernel/time.c | 2 +-
332 kernel/timer.c | 2 +-
333 lib/div64.c | 4 +-
334 mm/page-writeback.c | 2 +-
335 net/socket.c | 2 +
336 scripts/package/builddeb | 1 +
337 tools/gcc/size_overflow_hash.data | 8869 +++++++++++++++----------
338 tools/gcc/size_overflow_plugin.c | 1072 ++--
339 53 files changed, 6227 insertions(+), 3951 deletions(-)
340
341 commit 09495691bb31f11ec14d9127429f9a0f3f716f22
342 Author: Brad Spengler <spender@grsecurity.net>
343 Date: Sun Mar 17 20:51:50 2013 -0400
344
345 fix typo
346
347 grsecurity/gracl.c | 2 +-
348 1 files changed, 1 insertions(+), 1 deletions(-)
349
350 commit deb85b00d0f9f886e264e116313f298401ec5c59
351 Author: Brad Spengler <spender@grsecurity.net>
352 Date: Sun Mar 17 20:03:33 2013 -0400
353
354 Call update_rlimit_cpu to immediately change RLIMIT_CPU on the task
355 with a subject applied to it with RES_CPU. Otherwise, the limit will only
356 begin to be applied at fork time.
357
358 Thanks to Bjornar Ness for the report.
359
360 grsecurity/gracl.c | 4 ++++
361 1 files changed, 4 insertions(+), 0 deletions(-)
362
363 commit 2126421f123513f604ceef2b23ba9ed516de7e58
364 Author: Brad Spengler <spender@grsecurity.net>
365 Date: Sat Mar 16 22:07:43 2013 -0400
366
367 Move inode auditing prior to our refcnt dropping
368
369 fs/namei.c | 2 +-
370 1 files changed, 1 insertions(+), 1 deletions(-)
371
372 commit 4d4e665885aab4bacfe662ad6d2190fc9d817146
373 Author: Brad Spengler <spender@grsecurity.net>
374 Date: Sat Mar 16 22:00:30 2013 -0400
375
376 Drop reference on completed path walked in RCU mode or when violating
377 the chroot fchdir check inside a chroot -- possible culprit for a reported
378 vfsmount_lock hang during unmount
379
380 fs/namei.c | 8 ++++++--
381 1 files changed, 6 insertions(+), 2 deletions(-)
382
383 commit 53a8a413f45340ee176dd36dd283de3a1ebb7417
384 Author: Brad Spengler <spender@grsecurity.net>
385 Date: Sat Mar 16 16:43:45 2013 -0400
386
387 add user_arg_ptr back to exec.c
388
389 fs/exec.c | 12 ++++++++++++
390 1 files changed, 12 insertions(+), 0 deletions(-)
391
392 commit 83d285953c7e75db388c7f65be5cf1e16fcedec8
393 Author: Brad Spengler <spender@grsecurity.net>
394 Date: Sat Mar 16 11:22:36 2013 -0400
395
396 Don't globally include compat.h -- with the new X32 support it
397 changes some definitions involving ELF binaries resulting in invalid
398 coredumps, as reported by KDE on the forums:
399 http://forums.grsecurity.net/viewtopic.php?f=3&t=3310
400 Thanks to the PaX Team for debugging
401
402 fs/exec.c | 3 +++
403 grsecurity/grsec_exec.c | 13 +++++++++++++
404 include/linux/grsecurity.h | 15 ---------------
405 3 files changed, 16 insertions(+), 15 deletions(-)
406
407 commit 67a94583659cf6c583fbbb023ec2a8ed471ba94a
408 Author: Brad Spengler <spender@grsecurity.net>
409 Date: Thu Mar 14 20:59:26 2013 -0400
410
411 Add peer information to /proc/net/unix from Kenan Kalajdzic:
412 http://marc.info/?l=linux-netdev&m=126745636809191&w=2
413
414 We use a "P" prefix to the inode number instead of "peer=". This
415 additional information can be used, for instance, to find what processes
416 are connected to MySQL's unix domain socket.
417
418 net/unix/af_unix.c | 12 +++++++++---
419 1 files changed, 9 insertions(+), 3 deletions(-)
420
421 commit 1cd623d11a462d151ea8a5cace4521e1724911a3
422 Author: Oliver Neukum <oneukum@suse.de>
423 Date: Tue Mar 12 14:52:42 2013 +0100
424
425 Upstream commit: c0f5ecee4e741667b2493c742b60b6218d40b3aa
426
427 USB: cdc-wdm: fix buffer overflow
428
429 The buffer for responses must not overflow.
430 If this would happen, set a flag, drop the data and return
431 an error after user space has read all remaining data.
432
433 Signed-off-by: Oliver Neukum <oliver@neukum.org>
434 CC: stable@kernel.org
435 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
436
437 drivers/usb/class/cdc-wdm.c | 23 ++++++++++++++++++++---
438 1 files changed, 20 insertions(+), 3 deletions(-)
439
440 commit 3e9e7beb379eaf424d0634c0c556e47c07d367fc
441 Merge: 9cdf9bc db4cb92
442 Author: Brad Spengler <spender@grsecurity.net>
443 Date: Thu Mar 14 20:23:14 2013 -0400
444
445 Merge branch 'pax-test' into grsec-test
446
447 Conflicts:
448 security/keys/compat.c
449
450 commit db4cb924546e3fec3a59f78d056f48176eaf7100
451 Author: Brad Spengler <spender@grsecurity.net>
452 Date: Thu Mar 14 20:22:24 2013 -0400
453
454 Update to pax-linux-3.8.2-test8.patch
455
456 arch/arm/include/asm/cache.h | 2 ++
457 arch/arm/mach-omap2/gpmc.c | 22 ++++++++++++----------
458 arch/arm/mach-omap2/omap_device.c | 4 ++--
459 arch/arm/mach-omap2/omap_device.h | 4 ++--
460 arch/arm/plat-orion/include/plat/addr-map.h | 2 +-
461 5 files changed, 19 insertions(+), 15 deletions(-)
462
463 commit 5e72fcce7c468d29168c64c72c18ff5ff0d3b4ae
464 Merge: 3c865f9 1a45c31
465 Author: Brad Spengler <spender@grsecurity.net>
466 Date: Thu Mar 14 20:20:54 2013 -0400
467
468 Merge branch 'linux-3.8.y' into pax-test
469
470 Conflicts:
471 arch/arm/include/asm/delay.h
472 arch/arm/include/asm/pgtable.h
473 arch/arm/lib/delay.c
474 security/keys/compat.c
475
476 commit 9cdf9bccf22d6a6741e4152bb5d32335beb8caf1
477 Author: Al Viro <viro@ZenIV.linux.org.uk>
478 Date: Tue Mar 12 02:59:49 2013 +0000
479
480 Upstream commit: a930d8790552658140d7d0d2e316af4f0d76a512
481
482 vfs: fix pipe counter breakage
483
484 If you open a pipe for neither read nor write, the pipe code will not
485 add any usage counters to the pipe, causing the 'struct pipe_inode_info"
486 to be potentially released early.
487
488 That doesn't normally matter, since you cannot actually use the pipe,
489 but the pipe release code - particularly fasync handling - still expects
490 the actual pipe infrastructure to all be there. And rather than adding
491 NULL pointer checks, let's just disallow this case, the same way we
492 already do for the named pipe ("fifo") case.
493
494 This is ancient going back to pre-2.4 days, and until trinity, nobody
495 naver noticed.
496
497 Reported-by: Dave Jones <davej@redhat.com>
498 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
499
500 fs/pipe.c | 3 +++
501 1 files changed, 3 insertions(+), 0 deletions(-)
502
503 commit c11fa4be226659a40a6c73f0fa09fee074fba1b2
504 Author: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
505 Date: Mon Feb 25 10:20:36 2013 -0500
506
507 Upstream commit: 8aec0f5d4137532de14e6554fd5dd201ff3a3c49
508
509 Fix: compat_rw_copy_check_uvector() misuse in aio, readv, writev, and security keys
510
511 Looking at mm/process_vm_access.c:process_vm_rw() and comparing it to
512 compat_process_vm_rw() shows that the compatibility code requires an
513 explicit "access_ok()" check before calling
514 compat_rw_copy_check_uvector(). The same difference seems to appear when
515 we compare fs/read_write.c:do_readv_writev() to
516 fs/compat.c:compat_do_readv_writev().
517
518 This subtle difference between the compat and non-compat requirements
519 should probably be debated, as it seems to be error-prone. In fact,
520 there are two others sites that use this function in the Linux kernel,
521 and they both seem to get it wrong:
522
523 Now shifting our attention to fs/aio.c, we see that aio_setup_iocb()
524 also ends up calling compat_rw_copy_check_uvector() through
525 aio_setup_vectored_rw(). Unfortunately, the access_ok() check appears to
526 be missing. Same situation for
527 security/keys/compat.c:compat_keyctl_instantiate_key_iov().
528
529 I propose that we add the access_ok() check directly into
530 compat_rw_copy_check_uvector(), so callers don't have to worry about it,
531 and it therefore makes the compat call code similar to its non-compat
532 counterpart. Place the access_ok() check in the same location where
533 copy_from_user() can trigger a -EFAULT error in the non-compat code, so
534 the ABI behaviors are alike on both compat and non-compat.
535
536 While we are here, fix compat_do_readv_writev() so it checks for
537 compat_rw_copy_check_uvector() negative return values.
538
539 And also, fix a memory leak in compat_keyctl_instantiate_key_iov() error
540 handling.
541
542 Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
543 Acked-by: Al Viro <viro@ZenIV.linux.org.uk>
544 Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
545 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
546
547 Conflicts:
548
549 security/keys/compat.c
550
551 fs/compat.c | 15 +++++++--------
552 mm/process_vm_access.c | 8 --------
553 security/keys/compat.c | 3 ++-
554 3 files changed, 9 insertions(+), 17 deletions(-)
555
556 commit 13487f197ab2d5bc76156224c24c45a44bbd6a11
557 Author: Brad Spengler <spender@grsecurity.net>
558 Date: Mon Mar 11 18:38:38 2013 -0400
559
560 Fix leak of signal handler addresses across execve, found by Emese Revfy
561
562 kernel/signal.c | 3 +++
563 1 files changed, 3 insertions(+), 0 deletions(-)
564
565 commit 79b130c4b11c7940daf2b33d653a17666331c634
566 Merge: 6480ce9 3c865f9
567 Author: Brad Spengler <spender@grsecurity.net>
568 Date: Sun Mar 10 20:04:03 2013 -0400
569
570 Merge branch 'pax-test' into grsec-test
571
572 commit 3c865f9184c6fd56c634bce0096cfc8039d5c43d
573 Author: Brad Spengler <spender@grsecurity.net>
574 Date: Sun Mar 10 20:03:12 2013 -0400
575
576 Update to pax-linux-3.8.2-test7.patch:
577 - fixed gcc asserts reported by KDE (http://forums.grsecurity.net/viewtopic.php?f=3&t=3342)
578 - adjusted RLIMIT_AS accounting for the extra ASLR gap mappings, reported by Alexander Stoll (https://bugs.gentoo.org/show_bug.cgi?id=459268)
579
580 fs/binfmt_elf.c | 3 ++-
581 fs/exec.c | 3 +++
582 include/linux/mm_types.h | 2 +-
583 init/main.c | 4 ++--
584 mm/mmap.c | 2 +-
585 mm/page_alloc.c | 4 ++--
586 tools/gcc/latent_entropy_plugin.c | 11 +++++++----
587 7 files changed, 18 insertions(+), 11 deletions(-)
588
589 commit 6480ce919bd7d68ba14f3194e4bdd7b61bc8e491
590 Merge: 4a5305e 25b3569
591 Author: Brad Spengler <spender@grsecurity.net>
592 Date: Sun Mar 10 10:41:16 2013 -0400
593
594 Merge branch 'pax-test' into grsec-test
595
596 commit 25b356980568bed9958315bb5a551fdc610055ed
597 Author: Brad Spengler <spender@grsecurity.net>
598 Date: Sun Mar 10 10:40:48 2013 -0400
599
600 Update to pax-linux-3.8.2-test6.patch:
601 - fixed a KERNEXEC false positive on arm reported by Gu1
602 - fixed various compile errors reported by x14sg1 (http://forums.grsecurity.net/viewtopic.php?f=3&t=3340)
603 - fixed too strict mmap parameter checking on i386, reported by browndav (http://forums.grsecurity.net/viewtopic.php?f=1&t=3339)
604 - added fix from spender for some namespace breakage reported by zakalwe
605 - small latent entropy improvement: pass pax_extra_latent_entropy to the kernel to extract entropy from RAM content during boot
606
607 Documentation/kernel-parameters.txt | 5 +++++
608 arch/arm/kernel/patch.c | 2 ++
609 arch/x86/kernel/sys_i386_32.c | 5 +++--
610 drivers/acpi/blacklist.c | 2 +-
611 drivers/video/aty/mach64_cursor.c | 1 +
612 init/main.c | 4 ----
613 mm/page_alloc.c | 27 +++++++++++++++++++++++++++
614 net/ipv4/ip_fragment.c | 2 +-
615 security/Kconfig | 5 +++++
616 tools/gcc/latent_entropy_plugin.c | 7 +++++--
617 10 files changed, 50 insertions(+), 10 deletions(-)
618
619 commit 4a5305eb7b6c5e49c332feeca9b6bfead9ab917f
620 Author: Brad Spengler <spender@grsecurity.net>
621 Date: Sat Mar 9 11:19:06 2013 -0500
622
623 From: Mathias Krause <minipli@googlemail.com>
624 To: "David S. Miller" <davem@davemloft.net>
625 Cc: netdev@vger.kernel.org, Mathias Krause <minipli@googlemail.com>,
626 Stephen Hemminger <stephen@networkplumber.org>
627 Subject: [PATCH 1/3] bridge: fix mdb info leaks
628 Date: Sat, 9 Mar 2013 16:52:19 +0100
629
630 The bridging code discloses heap and stack bytes via the RTM_GETMDB
631 netlink interface and via the notify messages send to group RTNLGRP_MDB
632 afer a successful add/del.
633
634 Fix both cases by initializing all unset members/padding bytes with
635 memset(0).
636
637 Cc: Stephen Hemminger <stephen@networkplumber.org>
638 Signed-off-by: Mathias Krause <minipli@googlemail.com>
639
640 From: Mathias Krause <minipli@googlemail.com>
641 To: "David S. Miller" <davem@davemloft.net>
642 Cc: netdev@vger.kernel.org, Mathias Krause <minipli@googlemail.com>
643 Subject: [PATCH 2/3] rtnl: fix info leak on RTM_GETLINK request for VF devices
644 Date: Sat, 9 Mar 2013 16:52:20 +0100
645
646 Initialize the mac address buffer with 0 as the driver specific function
647 will probably not fill the whole buffer. In fact, all in-kernel drivers
648 fill only ETH_ALEN of the MAX_ADDR_LEN bytes, i.e. 6 of the 32 possible
649 bytes. Therefore we currently leak 26 bytes of stack memory to userland
650 via the netlink interface.
651
652 Signed-off-by: Mathias Krause <minipli@googlemail.com>
653
654 From: Mathias Krause <minipli@googlemail.com>
655 To: "David S. Miller" <davem@davemloft.net>
656 Cc: netdev@vger.kernel.org, Mathias Krause <minipli@googlemail.com>
657 Subject: [PATCH 3/3] dcbnl: fix various netlink info leaks
658 Date: Sat, 9 Mar 2013 16:52:21 +0100
659
660 The dcb netlink interface leaks stack memory in various places:
661 * perm_addr[] buffer is only filled at max with 12 of the 32 bytes but
662 copied completely,
663 * no in-kernel driver fills all fields of an IEEE 802.1Qaz subcommand,
664 so we're leaking up to 58 bytes for ieee_ets structs, up to 136 bytes
665 for ieee_pfc structs, etc.,
666 * the same is true for CEE -- no in-kernel driver fills the whole
667 struct,
668
669 Prevent all of the above stack info leaks by properly initializing the
670 buffers/structures involved.
671
672 Signed-off-by: Mathias Krause <minipli@googlemail.com>
673
674 net/bridge/br_mdb.c | 4 ++++
675 net/core/rtnetlink.c | 1 +
676 net/dcb/dcbnl.c | 8 ++++++++
677 3 files changed, 13 insertions(+), 0 deletions(-)
678
679 commit 601dd446f896e3a362f706943df18a68d50420a1
680 Author: Brad Spengler <spender@grsecurity.net>
681 Date: Sat Mar 9 09:35:25 2013 -0500
682
683 add open/close wrappers in __patch_text() as reported by Gu1 on IRC
684
685 arch/arm/kernel/patch.c | 2 ++
686 1 files changed, 2 insertions(+), 0 deletions(-)
687
688 commit ae39966fd85a493e9079b357e3faa62245a41222
689 Author: Peter Hurley <peter@hurleysoftware.com>
690 Date: Fri Mar 8 12:43:27 2013 -0800
691
692 Upstream commit: 88b9e456b1649722673ffa147914299799dc9041
693
694 ipc: don't allocate a copy larger than max
695
696 When MSG_COPY is set, a duplicate message must be allocated for the copy
697 before locking the queue. However, the copy could not be larger than was
698 sent which is limited to msg_ctlmax.
699
700 Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
701 Acked-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
702 Cc: <stable@vger.kernel.org>
703 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
704 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
705
706 ipc/msg.c | 6 ++++--
707 1 files changed, 4 insertions(+), 2 deletions(-)
708
709 commit 61240e99650ea3e540a03a3e994349c5086f166b
710 Author: Peter Hurley <peter@hurleysoftware.com>
711 Date: Fri Mar 8 12:43:26 2013 -0800
712
713 Upstream commit: e1082f45f1e2bbf6e25f6b614fc6616ebf709d19
714
715 ipc: fix potential oops when src msg > 4k w/ MSG_COPY
716
717 If the src msg is > 4k, then dest->next points to the
718 next allocated segment; resetting it just prior to dereferencing
719 is bad.
720
721 Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
722 Acked-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
723 Cc: <stable@vger.kernel.org>
724 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
725 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
726
727 ipc/msgutil.c | 3 ---
728 1 files changed, 0 insertions(+), 3 deletions(-)
729
730 commit 51727f602a267f34fb2e0dc9557f1714028d51a2
731 Author: Brad Spengler <spender@grsecurity.net>
732 Date: Fri Mar 8 22:14:06 2013 -0500
733
734 add missing 'else' in recent constify fixups
735
736 net/ipv4/ip_fragment.c | 2 +-
737 1 files changed, 1 insertions(+), 1 deletions(-)
738
739 commit a38c1a640729b3d8e584d1ab98e908c221bc12cf
740 Merge: 1580bb3 47c3f47
741 Author: Brad Spengler <spender@grsecurity.net>
742 Date: Fri Mar 8 18:18:37 2013 -0500
743
744 Merge branch 'pax-test' into grsec-test
745
746 commit 47c3f47ba4f874f5c72e4c04b76b6b92e44daebe
747 Author: Brad Spengler <spender@grsecurity.net>
748 Date: Fri Mar 8 18:17:22 2013 -0500
749
750 Update to pax-linux-3.8.2-test5.patch:
751 - fixed some fallout after the last round of constification changes, reported by several people
752
753 arch/arm/common/gic.c | 4 ++--
754 arch/arm/include/asm/hardware/gic.h | 3 ++-
755 arch/x86/include/asm/nmi.h | 2 +-
756 arch/x86/kernel/nmi.c | 2 +-
757 arch/x86/pci/irq.c | 2 +-
758 drivers/base/power/domain.c | 4 ++--
759 drivers/cpufreq/cpufreq_governor.c | 4 ++--
760 drivers/mfd/twl4030-irq.c | 1 +
761 drivers/video/vesafb.c | 7 +++++--
762 include/linux/irq.h | 1 +
763 include/linux/pm_domain.h | 2 +-
764 kernel/sched/core.c | 4 ++++
765 lib/Kconfig.debug | 4 ++--
766 net/core/sysctl_net_core.c | 2 +-
767 net/decnet/af_decnet.c | 1 +
768 net/ipv4/devinet.c | 2 +-
769 net/ipv4/ip_fragment.c | 2 +-
770 net/ipv4/route.c | 2 +-
771 net/ipv4/sysctl_net_ipv4.c | 2 +-
772 net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +-
773 net/ipv6/reassembly.c | 2 +-
774 scripts/sortextable.h | 6 +++---
775 22 files changed, 36 insertions(+), 25 deletions(-)
776
777 commit 1580bb38b4db0bf2a46316599815e8b234edad81
778 Author: Brad Spengler <spender@grsecurity.net>
779 Date: Thu Mar 7 22:02:59 2013 -0500
780
781 add an additional open/close wrapper
782
783 kernel/sched/core.c | 2 ++
784 1 files changed, 2 insertions(+), 0 deletions(-)
785
786 commit 21622672d28d58e0d93a805cd1f9650a894a752a
787 Author: Brad Spengler <spender@grsecurity.net>
788 Date: Thu Mar 7 21:58:24 2013 -0500
789
790 fix oops at shutdown with new constify code
791
792 kernel/sched/core.c | 2 ++
793 1 files changed, 2 insertions(+), 0 deletions(-)
794
795 commit f6b9ab9fcc747bb1b14a4857d59e6681936220ec
796 Author: Brad Spengler <spender@grsecurity.net>
797 Date: Thu Mar 7 21:18:44 2013 -0500
798
799 Add PAX_CONSTIFY_PLUGIN, which we previously enabled unconditionally
800 it currently conflicts with some lock debugging options, so made as an
801 option to allow for debugging when necessary
802
803 Makefile | 2 --
804 lib/Kconfig.debug | 6 +++---
805 security/Kconfig | 18 ++++++++++++++++++
806 3 files changed, 21 insertions(+), 5 deletions(-)
807
808 commit 0885b00b8373a1597b69c38032a0c9eee279303b
809 Author: Brad Spengler <spender@grsecurity.net>
810 Date: Thu Mar 7 20:55:19 2013 -0500
811
812 disable DEBUG_LOCK_ALLOC, as it conflicts with the new constify
813
814 lib/Kconfig.debug | 2 +-
815 1 files changed, 1 insertions(+), 1 deletions(-)
816
817 commit c8a2617165e7127a54f293cbf57d22d50dd83abd
818 Author: Brad Spengler <spender@grsecurity.net>
819 Date: Thu Mar 7 20:30:41 2013 -0500
820
821 Fix error:
822 drivers/video/vesafb.c:502:3: error: assignment of member ‘fb_pan_display’ in read-only object
823 with cast and proper kernexec accessors
824
825 drivers/video/vesafb.c | 7 +++++--
826 1 files changed, 5 insertions(+), 2 deletions(-)
827
828 commit 99f2814d3e2a6db25985edc47c7e09c4a2d8c408
829 Author: Brad Spengler <spender@grsecurity.net>
830 Date: Thu Mar 7 20:20:28 2013 -0500
831
832 fix typo
833
834 grsecurity/gracl.c | 2 +-
835 1 files changed, 1 insertions(+), 1 deletions(-)
836
837 commit 399674de6c42bbcae2d01b082d6d9ce9d183b000
838 Author: Brad Spengler <spender@grsecurity.net>
839 Date: Thu Mar 7 20:12:17 2013 -0500
840
841 fix compilation error -- no reason for task_pid_nr to not take a const task ptr
842
843 include/linux/sched.h | 2 +-
844 1 files changed, 1 insertions(+), 1 deletions(-)
845
846 commit a6c239eacf683f9dd2aeebb1b1adb71e5eedbd9f
847 Author: Kees Cook <keescook@chromium.org>
848 Date: Mon Feb 25 21:32:25 2013 +0000
849
850 Upstream commit: e70ab977991964a5a7ad1182799451d067e62669
851
852 proc connector: reject unprivileged listener bumps
853
854 While PROC_CN_MCAST_LISTEN/IGNORE is entirely advisory, it was possible
855 for an unprivileged user to turn off notifications for all listeners by
856 sending PROC_CN_MCAST_IGNORE. Instead, require the same privileges as
857 required for a multicast bind.
858
859 Signed-off-by: Kees Cook <keescook@chromium.org>
860 Cc: Evgeniy Polyakov <zbr@ioremap.net>
861 Cc: Matt Helsley <matthltc@us.ibm.com>
862 Cc: stable@vger.kernel.org
863 Acked-by: Evgeniy Polyakov <zbr@ioremap.net>
864 Acked-by: Matt Helsley <matthltc@us.ibm.com>
865 Signed-off-by: David S. Miller <davem@davemloft.net>
866
867 drivers/connector/cn_proc.c | 8 ++++++++
868 1 files changed, 8 insertions(+), 0 deletions(-)
869
870 commit ac6014ded57101e3e608941555ff507e20c1ece3
871 Author: Dan Carpenter <dan.carpenter@oracle.com>
872 Date: Tue Feb 26 19:15:02 2013 +0000
873
874 Upstream commit: 90c7881ecee1f08e0a49172cf61371cf2509ee4a
875
876 irda: small read beyond end of array in debug code
877
878 charset comes from skb->data. It's a number in the 0-255 range.
879 If we have debugging turned on then this could cause a read beyond
880 the end of the array.
881
882 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
883 Signed-off-by: David S. Miller <davem@davemloft.net>
884
885 net/irda/iriap.c | 7 +++++--
886 1 files changed, 5 insertions(+), 2 deletions(-)
887
888 commit e60bd2aad9bfdb68731cc888eae14a7600bd2ffe
889 Author: Guenter Roeck <linux@roeck-us.net>
890 Date: Wed Feb 27 10:57:31 2013 +0000
891
892 Upstream commit: 726bc6b092da4c093eb74d13c07184b18c1af0f1
893
894 net/sctp: Validate parameter size for SCTP_GET_ASSOC_STATS
895
896 Building sctp may fail with:
897
898 In function ‘copy_from_user’,
899 inlined from ‘sctp_getsockopt_assoc_stats’ at
900 net/sctp/socket.c:5656:20:
901 arch/x86/include/asm/uaccess_32.h:211:26: error: call to
902 ‘copy_from_user_overflow’ declared with attribute error: copy_from_user()
903 buffer size is not provably correct
904
905 if built with W=1 due to a missing parameter size validation
906 before the call to copy_from_user.
907
908 Signed-off-by: Guenter Roeck <linux@roeck-us.net>
909 Acked-by: Vlad Yasevich <vyasevich@gmail.com>
910 Signed-off-by: David S. Miller <davem@davemloft.net>
911
912 net/sctp/socket.c | 6 +++---
913 1 files changed, 3 insertions(+), 3 deletions(-)
914
915 commit be49e0ae9a4d0e8daa831d7d8d6f3a56beda3e3c
916 Author: Guillaume Nault <g.nault@alphalink.fr>
917 Date: Fri Mar 1 05:02:02 2013 +0000
918
919 Upstream commit: 8b82547e33e85fc24d4d172a93c796de1fefa81a
920
921 l2tp: Restore socket refcount when sendmsg succeeds
922
923 The sendmsg() syscall handler for PPPoL2TP doesn't decrease the socket
924 reference counter after successful transmissions. Any successful
925 sendmsg() call from userspace will then increase the reference counter
926 forever, thus preventing the kernel's session and tunnel data from
927 being freed later on.
928
929 The problem only happens when writing directly on L2TP sockets.
930 PPP sockets attached to L2TP are unaffected as the PPP subsystem
931 uses pppol2tp_xmit() which symmetrically increase/decrease reference
932 counters.
933
934 This patch adds the missing call to sock_put() before returning from
935 pppol2tp_sendmsg().
936
937 Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
938 Signed-off-by: David S. Miller <davem@davemloft.net>
939
940 net/l2tp/l2tp_ppp.c | 1 +
941 1 files changed, 1 insertions(+), 0 deletions(-)
942
943 commit 98a9a5f981f5deda4059a255c1196886f2f27e2f
944 Author: Cong Wang <amwang@redhat.com>
945 Date: Sun Mar 3 16:18:11 2013 +0000
946
947 Upstream commit: ece6b0a2b25652d684a7ced4ae680a863af041e0
948
949 rds: limit the size allocated by rds_message_alloc()
950
951 Dave Jones reported the following bug:
952
953 "When fed mangled socket data, rds will trust what userspace gives it,
954 and tries to allocate enormous amounts of memory larger than what
955 kmalloc can satisfy."
956
957 WARNING: at mm/page_alloc.c:2393 __alloc_pages_nodemask+0xa0d/0xbe0()
958 Hardware name: GA-MA78GM-S2H
959 Modules linked in: vmw_vsock_vmci_transport vmw_vmci vsock fuse bnep dlci bridge 8021q garp stp mrp binfmt_misc l2tp_ppp l2tp_core rfcomm s
960 Pid: 24652, comm: trinity-child2 Not tainted 3.8.0+ #65
961 Call Trace:
962 [<ffffffff81044155>] warn_slowpath_common+0x75/0xa0
963 [<ffffffff8104419a>] warn_slowpath_null+0x1a/0x20
964 [<ffffffff811444ad>] __alloc_pages_nodemask+0xa0d/0xbe0
965 [<ffffffff8100a196>] ? native_sched_clock+0x26/0x90
966 [<ffffffff810b2128>] ? trace_hardirqs_off_caller+0x28/0xc0
967 [<ffffffff810b21cd>] ? trace_hardirqs_off+0xd/0x10
968 [<ffffffff811861f8>] alloc_pages_current+0xb8/0x180
969 [<ffffffff8113eaaa>] __get_free_pages+0x2a/0x80
970 [<ffffffff811934fe>] kmalloc_order_trace+0x3e/0x1a0
971 [<ffffffff81193955>] __kmalloc+0x2f5/0x3a0
972 [<ffffffff8104df0c>] ? local_bh_enable_ip+0x7c/0xf0
973 [<ffffffffa0401ab3>] rds_message_alloc+0x23/0xb0 [rds]
974 [<ffffffffa04043a1>] rds_sendmsg+0x2b1/0x990 [rds]
975 [<ffffffff810b21cd>] ? trace_hardirqs_off+0xd/0x10
976 [<ffffffff81564620>] sock_sendmsg+0xb0/0xe0
977 [<ffffffff810b2052>] ? get_lock_stats+0x22/0x70
978 [<ffffffff810b24be>] ? put_lock_stats.isra.23+0xe/0x40
979 [<ffffffff81567f30>] sys_sendto+0x130/0x180
980 [<ffffffff810b872d>] ? trace_hardirqs_on+0xd/0x10
981 [<ffffffff816c547b>] ? _raw_spin_unlock_irq+0x3b/0x60
982 [<ffffffff816cd767>] ? sysret_check+0x1b/0x56
983 [<ffffffff810b8695>] ? trace_hardirqs_on_caller+0x115/0x1a0
984 [<ffffffff81341d8e>] ? trace_hardirqs_on_thunk+0x3a/0x3f
985 [<ffffffff816cd742>] system_call_fastpath+0x16/0x1b
986 ---[ end trace eed6ae990d018c8b ]---
987
988 Reported-by: Dave Jones <davej@redhat.com>
989 Cc: Dave Jones <davej@redhat.com>
990 Cc: David S. Miller <davem@davemloft.net>
991 Cc: Venkat Venkatsubra <venkat.x.venkatsubra@oracle.com>
992 Signed-off-by: Cong Wang <amwang@redhat.com>
993 Acked-by: Venkat Venkatsubra <venkat.x.venkatsubra@oracle.com>
994 Signed-off-by: David S. Miller <davem@davemloft.net>
995
996 net/rds/message.c | 3 +++
997 1 files changed, 3 insertions(+), 0 deletions(-)
998
999 commit b46df323e01c63c62fdb82cf2c47e4386f5a0499
1000 Author: Cong Wang <amwang@redhat.com>
1001 Date: Sun Mar 3 16:28:27 2013 +0000
1002
1003 Upstream commit: 3f736868b47687d1336fe88185560b22bb92021e
1004
1005 sctp: use KMALLOC_MAX_SIZE instead of its own MAX_KMALLOC_SIZE
1006
1007 Don't definite its own MAX_KMALLOC_SIZE, use the one
1008 defined in mm.
1009
1010 Cc: Vlad Yasevich <vyasevich@gmail.com>
1011 Cc: Sridhar Samudrala <sri@us.ibm.com>
1012 Cc: Neil Horman <nhorman@tuxdriver.com>
1013 Cc: David S. Miller <davem@davemloft.net>
1014 Signed-off-by: Cong Wang <amwang@redhat.com>
1015 Acked-by: Neil Horman <nhorman@tuxdriver.com>
1016 Signed-off-by: David S. Miller <davem@davemloft.net>
1017
1018 net/sctp/ssnmap.c | 8 +++-----
1019 1 files changed, 3 insertions(+), 5 deletions(-)
1020
1021 commit 4295a024e812f903fc580c81de5e81cc149503fa
1022 Author: Brad Spengler <spender@grsecurity.net>
1023 Date: Thu Mar 7 17:57:49 2013 -0500
1024
1025 Upstream commit: https://lkml.org/lkml/2013/3/6/535
1026
1027 security/keys/process_keys.c | 2 +-
1028 1 files changed, 1 insertions(+), 1 deletions(-)
1029
1030 commit 33edd486a9899a145a15586d7134636b0300aaee
1031 Merge: 4eeeaf3 a2a2094
1032 Author: Brad Spengler <spender@grsecurity.net>
1033 Date: Thu Mar 7 17:53:00 2013 -0500
1034
1035 Merge branch 'pax-test' into grsec-test
1036
1037 Conflicts:
1038 arch/arm/include/asm/domain.h
1039
1040 commit a2a20947f5e1332e474160a39af520738b3c8c19
1041 Author: Brad Spengler <spender@grsecurity.net>
1042 Date: Thu Mar 7 17:51:04 2013 -0500
1043
1044 Update to pax-linux-3.8.2-test4.patch:
1045 fixed arm compilation problems reported by Michael Tremer
1046 - the constify plugin got smarter that enabled, with some additional patching,
1047 the elimination of about half the static function pointers on amd64/allmod
1048 (up from about 18%), depending on the kernel config it can be even more (70%)
1049
1050 Documentation/dontdiff | 2 +
1051 arch/arm/include/asm/domain.h | 1 +
1052 arch/x86/include/asm/i8259.h | 2 +-
1053 arch/x86/include/asm/nmi.h | 4 +-
1054 arch/x86/kernel/acpi/boot.c | 4 +-
1055 arch/x86/kernel/apic/apic_noop.c | 2 +-
1056 arch/x86/kernel/apic/es7000_32.c | 2 +-
1057 arch/x86/kernel/apic/io_apic.c | 10 +-
1058 arch/x86/kernel/cpu/mcheck/mce.c | 2 +-
1059 arch/x86/kernel/cpu/perf_event.c | 6 +-
1060 arch/x86/kernel/cpu/perf_event_intel_uncore.c | 2 +-
1061 arch/x86/kernel/cpu/perf_event_intel_uncore.h | 2 +-
1062 arch/x86/kernel/i8259.c | 6 +-
1063 arch/x86/kernel/io_delay.c | 2 +-
1064 arch/x86/kernel/nmi.c | 6 +-
1065 arch/x86/kernel/nmi_selftest.c | 4 +-
1066 arch/x86/kernel/pci-swiotlb.c | 2 +-
1067 arch/x86/oprofile/nmi_int.c | 8 +-
1068 arch/x86/oprofile/op_model_amd.c | 8 +-
1069 arch/x86/oprofile/op_model_ppro.c | 7 +-
1070 arch/x86/oprofile/op_x86_model.h | 2 +-
1071 arch/x86/pci/irq.c | 6 +-
1072 drivers/acpi/apei/apei-internal.h | 2 +-
1073 drivers/acpi/bgrt.c | 6 +-
1074 drivers/acpi/blacklist.c | 2 +-
1075 drivers/acpi/processor_idle.c | 2 +-
1076 drivers/acpi/sysfs.c | 4 +-
1077 drivers/base/bus.c | 4 +-
1078 drivers/base/node.c | 2 +-
1079 drivers/base/syscore.c | 4 +-
1080 drivers/block/drbd/drbd_receiver.c | 4 +-
1081 drivers/char/random.c | 2 +-
1082 drivers/cpufreq/acpi-cpufreq.c | 20 ++-
1083 drivers/cpufreq/cpufreq.c | 7 +-
1084 drivers/cpufreq/cpufreq_governor.c | 4 +-
1085 drivers/cpufreq/cpufreq_governor.h | 2 +-
1086 drivers/cpufreq/p4-clockmod.c | 12 +-
1087 drivers/cpufreq/speedstep-centrino.c | 7 +-
1088 drivers/cpuidle/cpuidle.c | 2 +-
1089 drivers/cpuidle/governor.c | 4 +-
1090 drivers/cpuidle/sysfs.c | 2 +-
1091 drivers/devfreq/devfreq.c | 4 +-
1092 drivers/edac/edac_mc_sysfs.c | 2 +-
1093 drivers/edac/edac_pci_sysfs.c | 2 +-
1094 drivers/firewire/core-device.c | 2 +-
1095 drivers/firmware/dmi-id.c | 2 +-
1096 drivers/firmware/efivars.c | 2 +-
1097 drivers/firmware/google/memconsole.c | 4 +-
1098 drivers/gpio/gpio-ich.c | 2 +-
1099 drivers/gpu/drm/drm_drv.c | 2 +-
1100 drivers/gpu/drm/drm_ioc32.c | 9 +-
1101 drivers/gpu/drm/i915/i915_ioc32.c | 11 +-
1102 drivers/gpu/drm/i915/intel_display.c | 26 ++-
1103 drivers/gpu/drm/mga/mga_ioc32.c | 11 +-
1104 drivers/gpu/drm/nouveau/nouveau_ioc32.c | 2 +-
1105 drivers/gpu/drm/r128/r128_ioc32.c | 11 +-
1106 drivers/gpu/drm/radeon/radeon_ioc32.c | 11 +-
1107 drivers/gpu/drm/radeon/radeon_ttm.c | 33 ++--
1108 drivers/gpu/drm/udl/udl_fb.c | 1 -
1109 drivers/hwmon/acpi_power_meter.c | 4 +-
1110 drivers/hwmon/applesmc.c | 2 +-
1111 drivers/hwmon/asus_atk0110.c | 10 +-
1112 drivers/hwmon/ibmaem.c | 2 +-
1113 drivers/hwmon/pmbus/pmbus_core.c | 2 +-
1114 drivers/iio/industrialio-core.c | 2 +-
1115 drivers/input/mouse/psmouse.h | 2 +-
1116 drivers/iommu/iommu.c | 2 +-
1117 drivers/leds/leds-clevo-mail.c | 2 +-
1118 drivers/leds/leds-ss4200.c | 2 +-
1119 drivers/media/v4l2-core/v4l2-ioctl.c | 5 +-
1120 drivers/mfd/twl4030-irq.c | 8 +-
1121 drivers/mfd/twl6030-irq.c | 10 +-
1122 drivers/misc/c2port/core.c | 4 +-
1123 drivers/mtd/sm_ftl.c | 2 +-
1124 drivers/net/bonding/bond_main.c | 2 +-
1125 drivers/net/macvlan.c | 16 +-
1126 drivers/net/vxlan.c | 2 +-
1127 drivers/pci/hotplug/acpiphp_ibm.c | 4 +-
1128 drivers/pci/hotplug/pci_hotplug_core.c | 6 +-
1129 drivers/pci/hotplug/pciehp_core.c | 2 +-
1130 drivers/pci/pci-sysfs.c | 6 +-
1131 drivers/pci/pci.h | 2 +-
1132 drivers/platform/x86/msi-laptop.c | 14 +-
1133 drivers/platform/x86/sony-laptop.c | 2 +-
1134 drivers/power/power_supply.h | 4 +-
1135 drivers/power/power_supply_core.c | 6 +-
1136 drivers/power/power_supply_sysfs.c | 6 +-
1137 drivers/rtc/rtc-cmos.c | 4 +-
1138 drivers/rtc/rtc-ds1307.c | 2 +-
1139 drivers/rtc/rtc-m48t59.c | 4 +-
1140 drivers/scsi/bfa/bfa.h | 2 +-
1141 drivers/staging/iio/iio_hwmon.c | 2 +-
1142 drivers/usb/storage/usb.h | 2 +-
1143 drivers/video/aty/atyfb_base.c | 8 +-
1144 drivers/video/aty/mach64_cursor.c | 4 +-
1145 drivers/video/backlight/kb3886_bl.c | 2 +-
1146 drivers/video/fb_defio.c | 6 +-
1147 drivers/video/mb862xx/mb862xxfb_accel.c | 16 +-
1148 drivers/video/nvidia/nvidia.c | 27 ++-
1149 drivers/video/s1d13xxxfb.c | 6 +-
1150 drivers/video/smscufx.c | 4 +-
1151 drivers/video/udlfb.c | 4 +-
1152 drivers/video/uvesafb.c | 14 +-
1153 fs/exec.c | 6 +-
1154 fs/ext4/super.c | 2 +-
1155 fs/jfs/super.c | 4 +-
1156 fs/nfs/callback_xdr.c | 2 +-
1157 fs/nfsd/nfs4proc.c | 2 +-
1158 fs/nfsd/nfs4xdr.c | 6 +-
1159 fs/nls/nls_base.c | 18 +-
1160 fs/nls/nls_euc-jp.c | 6 +-
1161 fs/nls/nls_koi8-ru.c | 6 +-
1162 fs/proc/proc_sysctl.c | 18 +-
1163 include/drm/drmP.h | 12 +-
1164 include/keys/asymmetric-subtype.h | 2 +-
1165 include/linux/atmdev.h | 2 +-
1166 include/linux/binfmts.h | 2 +-
1167 include/linux/configfs.h | 2 +-
1168 include/linux/cpufreq.h | 3 +-
1169 include/linux/cpuidle.h | 5 +-
1170 include/linux/devfreq.h | 2 +-
1171 include/linux/device.h | 7 +-
1172 include/linux/extcon.h | 2 +-
1173 include/linux/fb.h | 2 +-
1174 include/linux/fscache.h | 2 +-
1175 include/linux/genl_magic_func.h | 2 +-
1176 include/linux/hwmon-sysfs.h | 5 +-
1177 include/linux/iommu.h | 2 +-
1178 include/linux/irq.h | 2 +-
1179 include/linux/key-type.h | 2 +-
1180 include/linux/kobject.h | 1 +
1181 include/linux/kobject_ns.h | 2 +-
1182 include/linux/list.h | 14 +-
1183 include/linux/mod_devicetable.h | 2 +-
1184 include/linux/module.h | 5 +-
1185 include/linux/net.h | 2 +-
1186 include/linux/netfilter.h | 2 +-
1187 include/linux/nls.h | 2 +-
1188 include/linux/pci_hotplug.h | 3 +-
1189 include/linux/platform_data/usb-exynos.h | 2 +-
1190 include/linux/pnp.h | 2 +-
1191 include/linux/ppp-comp.h | 2 +-
1192 include/linux/rculist.h | 16 ++
1193 include/linux/sched.h | 2 +-
1194 include/linux/sock_diag.h | 2 +-
1195 include/linux/sunrpc/clnt.h | 2 +-
1196 include/linux/sunrpc/svc.h | 2 +-
1197 include/linux/sunrpc/svcauth.h | 2 +-
1198 include/linux/swiotlb.h | 3 +-
1199 include/linux/syscore_ops.h | 2 +-
1200 include/linux/sysctl.h | 6 +-
1201 include/linux/sysfs.h | 10 +-
1202 include/linux/sysrq.h | 1 +
1203 include/linux/xattr.h | 2 +-
1204 include/net/9p/transport.h | 2 +-
1205 include/net/bluetooth/l2cap.h | 2 +-
1206 include/net/genetlink.h | 2 +-
1207 include/net/ip.h | 2 +-
1208 include/net/ip_vs.h | 4 +-
1209 include/net/llc_c_ac.h | 2 +-
1210 include/net/llc_c_ev.h | 4 +-
1211 include/net/llc_c_st.h | 2 +-
1212 include/net/llc_s_ac.h | 2 +-
1213 include/net/llc_s_st.h | 2 +-
1214 include/net/mac80211.h | 2 +-
1215 include/net/net_namespace.h | 2 +-
1216 include/net/netns/conntrack.h | 6 +-
1217 include/net/rtnetlink.h | 2 +-
1218 include/net/sctp/sm.h | 4 +-
1219 include/net/sctp/structs.h | 2 +-
1220 include/net/xfrm.h | 4 +-
1221 ipc/ipc_sysctl.c | 10 +-
1222 ipc/mq_sysctl.c | 2 +-
1223 kernel/kmod.c | 2 +-
1224 kernel/ksysfs.c | 2 +-
1225 kernel/module.c | 4 +-
1226 kernel/pid_namespace.c | 2 +-
1227 kernel/rcutree_plugin.h | 2 +-
1228 kernel/sched/core.c | 39 ++--
1229 kernel/smpboot.c | 4 +-
1230 kernel/softirq.c | 2 +-
1231 kernel/sysctl.c | 2 +-
1232 kernel/utsname_sysctl.c | 2 +-
1233 kernel/watchdog.c | 2 +-
1234 lib/Kconfig.debug | 2 +-
1235 lib/kobject.c | 4 +-
1236 lib/list_debug.c | 57 ++++-
1237 lib/swiotlb.c | 2 +-
1238 mm/hugetlb.c | 16 +-
1239 mm/memory-failure.c | 2 +-
1240 mm/slab_common.c | 2 +-
1241 net/9p/mod.c | 4 +-
1242 net/ax25/sysctl_net_ax25.c | 2 +-
1243 net/core/neighbour.c | 2 +-
1244 net/core/net-sysfs.c | 2 +-
1245 net/core/net_namespace.c | 8 +-
1246 net/core/rtnetlink.c | 11 +-
1247 net/core/sock_diag.c | 9 +-
1248 net/core/sysctl_net_core.c | 15 +-
1249 net/ipv4/af_inet.c | 8 +-
1250 net/ipv4/devinet.c | 12 +-
1251 net/ipv4/inet_connection_sock.c | 2 +-
1252 net/ipv4/ip_fragment.c | 9 +-
1253 net/ipv4/ip_gre.c | 6 +-
1254 net/ipv4/ip_vti.c | 4 +-
1255 net/ipv4/ipip.c | 4 +-
1256 net/ipv4/route.c | 14 +-
1257 net/ipv4/sysctl_net_ipv4.c | 43 ++--
1258 net/ipv6/addrconf.c | 4 +-
1259 net/ipv6/icmp.c | 2 +-
1260 net/ipv6/ip6_gre.c | 6 +-
1261 net/ipv6/ip6_tunnel.c | 4 +-
1262 net/ipv6/netfilter/nf_conntrack_reasm.c | 12 +-
1263 net/ipv6/reassembly.c | 11 +-
1264 net/ipv6/route.c | 2 +-
1265 net/ipv6/sit.c | 4 +-
1266 net/ipv6/sysctl_net_ipv6.c | 2 +-
1267 net/netfilter/ipset/ip_set_core.c | 2 +-
1268 net/netfilter/ipvs/ip_vs_ctl.c | 4 +-
1269 net/netfilter/ipvs/ip_vs_lblc.c | 2 +-
1270 net/netfilter/ipvs/ip_vs_lblcr.c | 2 +-
1271 net/netfilter/nf_conntrack_acct.c | 2 +-
1272 net/netfilter/nf_conntrack_ecache.c | 2 +-
1273 net/netfilter/nf_conntrack_helper.c | 2 +-
1274 net/netfilter/nf_conntrack_proto.c | 2 +-
1275 net/netfilter/nf_conntrack_standalone.c | 2 +-
1276 net/netfilter/nf_conntrack_timestamp.c | 2 +-
1277 net/netfilter/nf_log.c | 10 +-
1278 net/netfilter/nf_sockopt.c | 4 +-
1279 net/netlink/genetlink.c | 16 +-
1280 net/phonet/sysctl.c | 2 +-
1281 net/rds/rds.h | 2 +-
1282 net/sctp/ipv6.c | 6 +-
1283 net/sctp/protocol.c | 10 +-
1284 net/sctp/sm_sideeffect.c | 2 +-
1285 net/sctp/sysctl.c | 4 +-
1286 net/sunrpc/clnt.c | 4 +-
1287 net/sunrpc/svc.c | 4 +-
1288 net/unix/sysctl_net_unix.c | 2 +-
1289 net/xfrm/xfrm_policy.c | 11 +-
1290 net/xfrm/xfrm_state.c | 29 ++-
1291 net/xfrm/xfrm_sysctl.c | 2 +-
1292 security/apparmor/lsm.c | 2 +-
1293 security/keys/key.c | 18 +-
1294 security/yama/yama_lsm.c | 22 +-
1295 tools/gcc/Makefile | 4 +-
1296 tools/gcc/constify_plugin.c | 299 +++++++++++++++++++------
1297 tools/gcc/size_overflow_plugin.c | 7 +-
1298 248 files changed, 994 insertions(+), 668 deletions(-)
1299
1300 commit 4eeeaf3a560e25d1685f8973ef676b205efaa81b
1301 Author: Brad Spengler <spender@grsecurity.net>
1302 Date: Wed Mar 6 12:58:21 2013 -0500
1303
1304 Make slab_state __read_only, it's only written to during init
1305
1306 mm/slab_common.c | 2 +-
1307 1 files changed, 1 insertions(+), 1 deletions(-)
1308
1309 commit e7067b68d36fb9e0e8818de5d9ce1b4ba19ce24a
1310 Author: Brad Spengler <spender@grsecurity.net>
1311 Date: Wed Mar 6 12:31:35 2013 -0500
1312
1313 Make two new helper functions:
1314 gr_is_global_root() and gr_is_global_nonroot()
1315
1316 grsecurity/gracl.c | 10 +++++-----
1317 grsecurity/gracl_segv.c | 2 +-
1318 grsecurity/grsec_link.c | 4 ++--
1319 grsecurity/grsec_sig.c | 10 +++++-----
1320 grsecurity/grsec_tpe.c | 6 +++---
1321 include/linux/uidgid.h | 2 ++
1322 6 files changed, 18 insertions(+), 16 deletions(-)
1323
1324 commit d45d88eddd4998b280b1e5b5384289ee11ca7088
1325 Author: Brad Spengler <spender@grsecurity.net>
1326 Date: Wed Mar 6 12:14:41 2013 -0500
1327
1328 convert remaining task->pid to task_pid_nr(task)
1329
1330 grsecurity/gracl.c | 22 +++++++++++-----------
1331 grsecurity/gracl_shm.c | 2 +-
1332 grsecurity/grsec_chroot.c | 4 ++--
1333 grsecurity/grsec_sig.c | 4 ++--
1334 4 files changed, 16 insertions(+), 16 deletions(-)
1335
1336 commit c877f2ece03ee2232dd281c1977ae59507297124
1337 Author: Brad Spengler <spender@grsecurity.net>
1338 Date: Tue Mar 5 17:29:54 2013 -0500
1339
1340 compat-log is only used anymore by vm86-on-64bit and allows unlimited
1341 spamming of the kernel log buffer (and since it includes the changable
1342 process name, can avoid syslog log deduplication)
1343 Turn it off by default
1344
1345 fs/compat.c | 2 +-
1346 1 files changed, 1 insertions(+), 1 deletions(-)
1347
1348 commit 7c1964c4b7276889d7967bee70e46918cdca1b14
1349 Author: Brad Spengler <spender@grsecurity.net>
1350 Date: Mon Mar 4 17:19:10 2013 -0500
1351
1352 fix compilation error reported on IRC and forums when GRKERNSEC_PROC_USERGROUP
1353 is enabled, introduced with recent userns support
1354
1355 init/main.c | 4 ++--
1356 1 files changed, 2 insertions(+), 2 deletions(-)
1357
1358 commit c3ce01b94d8dd42b9c7942c0d513b152613e0656
1359 Author: Brad Spengler <spender@grsecurity.net>
1360 Date: Sun Mar 3 18:46:12 2013 -0500
1361
1362 Prevent TOMOYO from auto-loading modules by unprivileged users
1363 (Only reachable if TOMOYO is actually used)
1364
1365 security/tomoyo/mount.c | 4 ++++
1366 1 files changed, 4 insertions(+), 0 deletions(-)
1367
1368 commit 79e142f9455b398759ff9d93d4963a21b98dddda
1369 Author: Brad Spengler <spender@grsecurity.net>
1370 Date: Sun Mar 3 18:28:45 2013 -0500
1371
1372 For now, don't permit any special access to /proc in a user namespace
1373 Later we can go back and allow a userns-uid0 special access to a /proc
1374 with a non-global pid namespace
1375
1376 fs/proc/base.c | 2 +-
1377 1 files changed, 1 insertions(+), 1 deletions(-)
1378
1379 commit 8b91fb393049ce5f3c0a86f62247409853fd9700
1380 Merge: d931eb8 603ef05
1381 Author: Brad Spengler <spender@grsecurity.net>
1382 Date: Sun Mar 3 17:42:09 2013 -0500
1383
1384 Merge branch 'pax-test' into grsec-test
1385
1386 commit 603ef0579b9c3765d999c1938cb7a120d8c8e00b
1387 Author: Brad Spengler <spender@grsecurity.net>
1388 Date: Sun Mar 3 17:41:31 2013 -0500
1389
1390 Fix compilation error on ARM reported by Michael Tremer
1391
1392 arch/arm/mach-omap2/wd_timer.c | 6 +++---
1393 1 files changed, 3 insertions(+), 3 deletions(-)
1394
1395 commit b4c9ce81fdd7839a150c97873c710c479e788280
1396 Author: Brad Spengler <spender@grsecurity.net>
1397 Date: Sun Mar 3 17:39:53 2013 -0500
1398
1399 Fix compilation error on ARM reported by Michael Tremer
1400
1401 arch/arm/kernel/armksyms.c | 2 +-
1402 1 files changed, 1 insertions(+), 1 deletions(-)
1403
1404 commit d931eb81ab3da46896268fd61373a6aa7bbea930
1405 Merge: bfa7f44 5948f93
1406 Author: Brad Spengler <spender@grsecurity.net>
1407 Date: Sun Mar 3 17:34:36 2013 -0500
1408
1409 Merge branch 'pax-test' into grsec-test
1410
1411 commit 5948f930bc1c2d22138c1c76ca7e1bc94b6a3ce0
1412 Merge: ab30472 19b00d2
1413 Author: Brad Spengler <spender@grsecurity.net>
1414 Date: Sun Mar 3 17:34:08 2013 -0500
1415
1416 Merge branch 'linux-3.8.y' into pax-test
1417
1418 commit bfa7f445c5d484de51a5828b92ad2ff65053cc87
1419 Author: Brad Spengler <spender@grsecurity.net>
1420 Date: Sun Mar 3 15:12:12 2013 -0500
1421
1422 Initial support for user namespaces, as we previously didn't allow
1423 the option to be enabled at all.
1424
1425 RBAC will act on the global uids/gids only, so all uids/gids in user
1426 namespaces will be converted
1427
1428 Because Eric Biederman is insulted that I didn't support his
1429 backdoor prior to it receiving proper review. I still have the CAP_SYS_ADMIN
1430 check in for user namespaces, so this is generally irrelevant.
1431
1432 fs/exec.c | 6 +-
1433 fs/proc/base.c | 2 +-
1434 fs/proc/proc_net.c | 4 +-
1435 grsecurity/gracl.c | 128 +++++++++++++++++++++++++++++-------------
1436 grsecurity/gracl_cap.c | 4 +-
1437 grsecurity/gracl_ip.c | 16 +++---
1438 grsecurity/gracl_segv.c | 12 +++-
1439 grsecurity/gracl_shm.c | 4 +-
1440 grsecurity/grsec_disabled.c | 10 ++--
1441 grsecurity/grsec_fifo.c | 6 +-
1442 grsecurity/grsec_init.c | 24 ++++----
1443 grsecurity/grsec_log.c | 3 -
1444 grsecurity/grsec_tpe.c | 6 +-
1445 include/linux/grinternal.h | 12 ++--
1446 include/linux/grsecurity.h | 12 ++--
1447 include/linux/uidgid.h | 3 +
1448 init/Kconfig | 2 -
1449 ipc/shm.c | 2 +-
1450 kernel/cred.c | 5 +-
1451 kernel/kallsyms.c | 2 +-
1452 kernel/kmod.c | 6 +-
1453 kernel/sys.c | 12 ++--
1454 22 files changed, 166 insertions(+), 115 deletions(-)
1455
1456 commit 27a8cc1a9f22f95de6fe8740bdc900a160274dff
1457 Author: Linus Torvalds <torvalds@linux-foundation.org>
1458 Date: Wed Feb 27 08:36:04 2013 -0800
1459
1460 Upstream commit: 09884964335e85e897876d17783c2ad33cf8a2e0
1461
1462 mm: do not grow the stack vma just because of an overrun on preceding vma
1463
1464 The stack vma is designed to grow automatically (marked with VM_GROWSUP
1465 or VM_GROWSDOWN depending on architecture) when an access is made beyond
1466 the existing boundary. However, particularly if you have not limited
1467 your stack at all ("ulimit -s unlimited"), this can cause the stack to
1468 grow even if the access was really just one past *another* segment.
1469
1470 And that's wrong, especially since we first grow the segment, but then
1471 immediately later enforce the stack guard page on the last page of the
1472 segment. So _despite_ first growing the stack segment as a result of
1473 the access, the kernel will then make the access cause a SIGSEGV anyway!
1474
1475 So do the same logic as the guard page check does, and consider an
1476 access to within one page of the next segment to be a bad access, rather
1477 than growing the stack to abut the next segment.
1478
1479 Reported-and-tested-by: Heiko Carstens <heiko.carstens@de.ibm.com>
1480 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1481
1482 mm/mmap.c | 27 +++++++++++++++++++++++++++
1483 1 files changed, 27 insertions(+), 0 deletions(-)
1484
1485 commit 5596211af754867ca825f58e6e0300a8439950fe
1486 Author: H. Peter Anvin <hpa@linux.intel.com>
1487 Date: Wed Feb 27 12:46:40 2013 -0800
1488
1489 Upstream commit: 7c10093692ed2e6f318387d96b829320aa0ca64c
1490
1491 x86: Make sure we can boot in the case the BDA contains pure garbage
1492
1493 On non-BIOS platforms it is possible that the BIOS data area contains
1494 garbage instead of being zeroed or something equivalent (firmware
1495 people: we are talking of 1.5K here, so please do the sane thing.)
1496
1497 We need on the order of 20-30K of low memory in order to boot, which
1498 may grow up to < 64K in the future. We probably want to avoid the
1499 lowest of the low memory. At the same time, it seems extremely
1500 unlikely that a legitimate EBDA would ever reach down to the 128K
1501 (which would require it to be over half a megabyte in size.) Thus,
1502 pick 128K as the cutoff for "this is insane, ignore." We may still
1503 end up reserving a bunch of extra memory on the low megabyte, but that
1504 is not really a major issue these days. In the worst case we lose
1505 512K of RAM.
1506
1507 This code really should be merged with trim_bios_range() in
1508 arch/x86/kernel/setup.c, but that is a bigger patch for a later merge
1509 window.
1510
1511 Reported-by: Darren Hart <dvhart@linux.intel.com>
1512 Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
1513 Cc: Matt Fleming <matt.fleming@intel.com>
1514 Cc: <stable@vger.kernel.org>
1515 Link: http://lkml.kernel.org/n/tip-oebml055yyfm8yxmria09rja@git.kernel.org
1516
1517 arch/x86/kernel/head.c | 53 ++++++++++++++++++++++++++++++-----------------
1518 1 files changed, 34 insertions(+), 19 deletions(-)
1519
1520 commit 10eb1dabfb743fb22dcbcf186bb8d2192d2d55ea
1521 Author: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
1522 Date: Wed Feb 27 17:05:46 2013 -0800
1523
1524 Upstream commit: 940da353a83e895ea600cb8ab17dceefb1bcb469
1525
1526 memstick: move the dereference below the NULL test
1527
1528 The dereference should be moved below the NULL test.
1529
1530 spatch with a semantic match is used to found this.
1531 (http://coccinelle.lip6.fr/)
1532
1533 Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
1534 Cc: Maxim Levitsky <maximlevitsky@gmail.com>
1535 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
1536 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1537
1538 drivers/memstick/host/r592.c | 3 ++-
1539 1 files changed, 2 insertions(+), 1 deletions(-)
1540
1541 commit 1a63cb1ca50a10748cbf766894ecedf34a89baa3
1542 Author: Xi Wang <xi.wang@gmail.com>
1543 Date: Wed Feb 27 17:05:21 2013 -0800
1544
1545 Upstream commit: df1778be1a33edffa51d094eeda87c858ded6560
1546
1547 sysctl: fix null checking in bin_dn_node_address()
1548
1549 The null check of `strchr() + 1' is broken, which is always non-null,
1550 leading to OOB read. Instead, check the result of strchr().
1551
1552 Signed-off-by: Xi Wang <xi.wang@gmail.com>
1553 Cc: "Eric W. Biederman" <ebiederm@xmission.com>
1554 Cc: <stable@vger.kernel.org>
1555 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
1556 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1557
1558 kernel/sysctl_binary.c | 3 ++-
1559 1 files changed, 2 insertions(+), 1 deletions(-)
1560
1561 commit 7ca96db0817416fd40761e7437d1939fc0731380
1562 Author: Tejun Heo <tj@kernel.org>
1563 Date: Wed Feb 27 17:03:34 2013 -0800
1564
1565 Upstream commit: 6cdae7416a1c45c2ce105a78187d9b7e8feb9e24
1566
1567 idr: fix a subtle bug in idr_get_next()
1568
1569 The iteration logic of idr_get_next() is borrowed mostly verbatim from
1570 idr_for_each(). It walks down the tree looking for the slot matching
1571 the current ID. If the matching slot is not found, the ID is
1572 incremented by the distance of single slot at the given level and
1573 repeats.
1574
1575 The implementation assumes that during the whole iteration id is aligned
1576 to the layer boundaries of the level closest to the leaf, which is true
1577 for all iterations starting from zero or an existing element and thus is
1578 fine for idr_for_each().
1579
1580 However, idr_get_next() may be given any point and if the starting id
1581 hits in the middle of a non-existent layer, increment to the next layer
1582 will end up skipping the same offset into it. For example, an IDR with
1583 IDs filled between [64, 127] would look like the following.
1584
1585 [ 0 64 ... ]
1586 /----/ |
1587 | |
1588 NULL [ 64 ... 127 ]
1589
1590 If idr_get_next() is called with 63 as the starting point, it will try
1591 to follow down the pointer from 0. As it is NULL, it will then try to
1592 proceed to the next slot in the same level by adding the slot distance
1593 at that level which is 64 - making the next try 127. It goes around the
1594 loop and finds and returns 127 skipping [64, 126].
1595
1596 Note that this bug also triggers in idr_for_each_entry() loop which
1597 deletes during iteration as deletions can make layers go away leaving
1598 the iteration with unaligned ID into missing layers.
1599
1600 Fix it by ensuring proceeding to the next slot doesn't carry over the
1601 unaligned offset - ie. use round_up(id + 1, slot_distance) instead of
1602 id += slot_distance.
1603
1604 Signed-off-by: Tejun Heo <tj@kernel.org>
1605 Reported-by: David Teigland <teigland@redhat.com>
1606 Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
1607 Cc: <stable@vger.kernel.org>
1608 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
1609 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1610
1611 lib/idr.c | 9 ++++++++-
1612 1 files changed, 8 insertions(+), 1 deletions(-)
1613
1614 commit 745362f28034f54242ba2e64eaa7374ab9869613
1615 Author: Brad Spengler <spender@grsecurity.net>
1616 Date: Fri Mar 1 20:31:42 2013 -0500
1617
1618 Fix dentry use-after-free after failed complete_walk() with RBAC enabled
1619 Many thanks to zakalwe from #grsecurity for the report and debugging help
1620
1621 fs/namei.c | 8 +++-----
1622 1 files changed, 3 insertions(+), 5 deletions(-)
1623
1624 commit b53b3b14330920c6f7cfb74c8508a3026e1be620
1625 Author: Brad Spengler <spender@grsecurity.net>
1626 Date: Thu Feb 28 18:29:26 2013 -0500
1627
1628 Fix bad git merge
1629
1630 fs/namespace.c | 8 --------
1631 1 files changed, 0 insertions(+), 8 deletions(-)
1632
1633 commit 71886f69ea10fa22e593dba1bdbe5c0334c6fede
1634 Merge: 1cce1dd ab30472
1635 Author: Brad Spengler <spender@grsecurity.net>
1636 Date: Thu Feb 28 17:45:14 2013 -0500
1637
1638 Merge branch 'pax-test' into grsec-test
1639
1640 Conflicts:
1641 net/core/sock_diag.c
1642
1643 commit ab3047280e1dfb43f1b301a296123757b4ac4f6e
1644 Merge: 4b61d21 4c91a0e
1645 Author: Brad Spengler <spender@grsecurity.net>
1646 Date: Thu Feb 28 17:43:56 2013 -0500
1647
1648 Merge branch 'linux-3.8.y' into pax-test
1649
1650 commit 1cce1ddd17c584c80465521834c3faf1a7c607d7
1651 Author: Brad Spengler <spender@grsecurity.net>
1652 Date: Wed Feb 27 22:20:22 2013 -0500
1653
1654 add compiler.h to sysrq.h to fix compilation problem reported by micu on forums
1655
1656 include/linux/sysrq.h | 1 +
1657 1 files changed, 1 insertions(+), 0 deletions(-)
1658
1659 commit 9f1e7fe130803fde83eb903b575335f59cd2bd18
1660 Author: Brad Spengler <spender@grsecurity.net>
1661 Date: Wed Feb 27 17:52:31 2013 -0500
1662
1663 declare check_syslog_permissions() earlier in file, fix bug in syslog_action_restricted() in upstream kernel
1664
1665 kernel/printk.c | 12 +++++++-----
1666 1 files changed, 7 insertions(+), 5 deletions(-)
1667
1668 commit 11dd499888fa76f3466821ce4daa5e0c55e43d39
1669 Author: Brad Spengler <spender@grsecurity.net>
1670 Date: Wed Feb 27 17:23:46 2013 -0500
1671
1672 Fix upstream vulnerability from addition of a /dev/kmsg device
1673 while neglecting to add the same set of existing permission checks
1674 from do_syslog. This bit both dmesg_restrict and GRKERNSEC_DMESG.
1675 A temporary workaround without this patch would be to
1676 chmod 0600 /dev/kmsg (and is likely a good idea anyway).
1677
1678 Notified in #grsecurity IRC by Jason A. Donenfeld and Petr Matousek
1679 Initially reported to Redhat bugzilla by Christian Kujau:
1680 https://bugzilla.redhat.com/show_bug.cgi?id=903192
1681
1682 kernel/printk.c | 4 ++++
1683 1 files changed, 4 insertions(+), 0 deletions(-)
1684
1685 commit 66c04806f5660988c3cb4855e60de294e77e3d0e
1686 Author: David Howells <dhowells@redhat.com>
1687 Date: Thu Feb 21 12:00:25 2013 +0000
1688
1689 Upstream commit: fe9453a1dcb5fb146f9653267e78f4a558066f6f
1690
1691 KEYS: Revert one application of "Fix unreachable code" patch
1692
1693 A patch to fix some unreachable code in search_my_process_keyrings() got
1694 applied twice by two different routes upstream as commits e67eab39bee2
1695 and b010520ab3d2 (both "fix unreachable code").
1696
1697 Unfortunately, the second application removed something it shouldn't
1698 have and this wasn't detected by GIT. This is due to the patch not
1699 having sufficient lines of context to distinguish the two places of
1700 application.
1701
1702 The effect of this is relatively minor: inside the kernel, the keyring
1703 search routines may search multiple keyrings and then prioritise the
1704 errors if no keys or negative keys are found in any of them. With the
1705 extra deletion, the presence of a negative key in the thread keyring
1706 (causing ENOKEY) is incorrectly overridden by an error searching the
1707 process keyring.
1708
1709 So revert the second application of the patch.
1710
1711 Signed-off-by: David Howells <dhowells@redhat.com>
1712 Cc: Jiri Kosina <jkosina@suse.cz>
1713 Cc: Andrew Morton <akpm@linux-foundation.org>
1714 Cc: stable@vger.kernel.org
1715 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1716
1717 security/keys/process_keys.c | 2 ++
1718 1 files changed, 2 insertions(+), 0 deletions(-)
1719
1720 commit 954b0c8a95b08c09c3d15ec38106ce403bf714da
1721 Author: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
1722 Date: Thu Feb 21 16:42:43 2013 -0800
1723
1724 Upstream commit: 49deb4bc227cb9db5b8ebf9434367f8bed057c7a
1725
1726 configfs: move the dereference below the NULL test
1727
1728 The dereference should be moved below the NULL test.
1729
1730 spatch with a semantic match is used to found this.
1731 (http://coccinelle.lip6.fr/)
1732
1733 Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
1734 Cc: Joel Becker <jlbec@evilplan.org>
1735 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
1736 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1737
1738 fs/configfs/dir.c | 5 +++--
1739 1 files changed, 3 insertions(+), 2 deletions(-)
1740
1741 commit d16d42c4fdc8baca5816d75b4a115102bf3d3423
1742 Author: Nicolas Pitre <nicolas.pitre@linaro.org>
1743 Date: Sun Feb 24 20:06:09 2013 -0500
1744
1745 Upstream commit: a883b70d8e0a88278c0a1f80753b4dc99962b541
1746
1747 tty vt: fix character insertion overflow
1748
1749 Commit 81732c3b2fed ("tty vt: Fix line garbage in virtual console on
1750 command line edition") broke insert_char() in multiple ways. Then
1751 commit b1a925f44a3a ("tty vt: Fix a regression in command line edition")
1752 partially fixed it. However, the buffer being moved is still too large
1753 and overflowing beyond the end of the current line, corrupting existing
1754 characters on the next line.
1755
1756 Example test case:
1757
1758 echo -e "abc\nde\x1b[A\x1b[4h \x1b[4l\x1b[B"
1759
1760 Expected result:
1761
1762 ab c
1763 de
1764
1765 Current result:
1766
1767 ab c
1768 e
1769
1770 Needless to say that this is very annoying when inserting words in the
1771 middle of paragraphs with certain text editors.
1772
1773 Signed-off-by: Nicolas Pitre <nico@linaro.org>
1774 Cc: Jean-François Moine <moinejf@free.fr>
1775 Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1776 Cc: <stable@vger.kernel.org>
1777 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1778
1779 drivers/tty/vt/vt.c | 2 +-
1780 1 files changed, 1 insertions(+), 1 deletions(-)
1781
1782 commit 6cda35071669b4aabde081bd039e0ffea36f997a
1783 Author: Robin Holt <holt@sgi.com>
1784 Date: Fri Feb 22 16:35:34 2013 -0800
1785
1786 Upstream commit: 751efd8610d3d7d67b7bdf7f62646edea7365dd7
1787
1788 mmu_notifier_unregister NULL Pointer deref and multiple ->release() callouts
1789
1790 There is a race condition between mmu_notifier_unregister() and
1791 __mmu_notifier_release().
1792
1793 Assume two tasks, one calling mmu_notifier_unregister() as a result of a
1794 filp_close() ->flush() callout (task A), and the other calling
1795 mmu_notifier_release() from an mmput() (task B).
1796
1797 A B
1798 t1 srcu_read_lock()
1799 t2 if (!hlist_unhashed())
1800 t3 srcu_read_unlock()
1801 t4 srcu_read_lock()
1802 t5 hlist_del_init_rcu()
1803 t6 synchronize_srcu()
1804 t7 srcu_read_unlock()
1805 t8 hlist_del_rcu() <--- NULL pointer deref.
1806
1807 Additionally, the list traversal in __mmu_notifier_release() is not
1808 protected by the by the mmu_notifier_mm->hlist_lock which can result in
1809 callouts to the ->release() notifier from both mmu_notifier_unregister()
1810 and __mmu_notifier_release().
1811
1812 -stable suggestions:
1813
1814 The stable trees prior to 3.7.y need commits 21a92735f660 and
1815 70400303ce0c cherry-picked in that order prior to cherry-picking this
1816 commit. The 3.7.y tree already has those two commits.
1817
1818 Signed-off-by: Robin Holt <holt@sgi.com>
1819 Cc: Andrea Arcangeli <aarcange@redhat.com>
1820 Cc: Wanpeng Li <liwanp@linux.vnet.ibm.com>
1821 Cc: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
1822 Cc: Avi Kivity <avi@redhat.com>
1823 Cc: Hugh Dickins <hughd@google.com>
1824 Cc: Marcelo Tosatti <mtosatti@redhat.com>
1825 Cc: Sagi Grimberg <sagig@mellanox.co.il>
1826 Cc: Haggai Eran <haggaie@mellanox.com>
1827 Cc: <stable@vger.kernel.org>
1828 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
1829 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1830
1831 mm/mmu_notifier.c | 82 +++++++++++++++++++++++++++--------------------------
1832 1 files changed, 42 insertions(+), 40 deletions(-)
1833
1834 commit bf5167ed78ba6131c6874887f714bda50c2cab83
1835 Author: Mike Galbraith <bitbucket@online.de>
1836 Date: Mon Jan 28 12:19:25 2013 +0100
1837
1838 Upstream commit: e0a79f529d5ba2507486d498b25da40911d95cf6
1839
1840 sched: Fix select_idle_sibling() bouncing cow syndrome
1841
1842 If the previous CPU is cache affine and idle, select it.
1843
1844 The current implementation simply traverses the sd_llc domain,
1845 taking the first idle CPU encountered, which walks buddy pairs
1846 hand in hand over the package, inflicting excruciating pain.
1847
1848 1 tbench pair (worst case) in a 10 core + SMT package:
1849
1850 pre 15.22 MB/sec 1 procs
1851 post 252.01 MB/sec 1 procs
1852
1853 Signed-off-by: Mike Galbraith <bitbucket@online.de>
1854 Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
1855 Link: http://lkml.kernel.org/r/1359371965.5783.127.camel@marge.simpson.net
1856 Signed-off-by: Ingo Molnar <mingo@kernel.org>
1857
1858 kernel/sched/fair.c | 21 +++++++--------------
1859 1 files changed, 7 insertions(+), 14 deletions(-)
1860
1861 commit cf7c2d257836fdcb5d51ad142cbc56ac12f7a37c
1862 Author: Eric W. Biederman <ebiederm@xmission.com>
1863 Date: Fri Dec 28 18:58:39 2012 -0800
1864
1865 Upstream commit: c61a2810a2161986353705b44d9503e6bb079f4f
1866
1867 userns: Avoid recursion in put_user_ns
1868
1869 When freeing a deeply nested user namespace free_user_ns calls
1870 put_user_ns on it's parent which may in turn call free_user_ns again.
1871 When -fno-optimize-sibling-calls is passed to gcc one stack frame per
1872 user namespace is left on the stack, potentially overflowing the
1873 kernel stack. CONFIG_FRAME_POINTER forces -fno-optimize-sibling-calls
1874 so we can't count on gcc to optimize this code.
1875
1876 Remove struct kref and use a plain atomic_t. Making the code more
1877 flexible and easier to comprehend. Make the loop in free_user_ns
1878 explict to guarantee that the stack does not overflow with
1879 CONFIG_FRAME_POINTER enabled.
1880
1881 I have tested this fix with a simple program that uses unshare to
1882 create a deeply nested user namespace structure and then calls exit.
1883 With 1000 nesteuser namespaces before this change running my test
1884 program causes the kernel to die a horrible death. With 10,000,000
1885 nested user namespaces after this change my test program runs to
1886 completion and causes no harm.
1887
1888 Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
1889 Pointed-out-by: Vasily Kulikov <segoon@openwall.com>
1890 Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
1891
1892 include/linux/user_namespace.h | 10 +++++-----
1893 kernel/user.c | 4 +---
1894 kernel/user_namespace.c | 17 +++++++++--------
1895 3 files changed, 15 insertions(+), 16 deletions(-)
1896
1897 commit 81501c7106ccc186c94806f4db954626295b5ebe
1898 Author: Brad Spengler <spender@grsecurity.net>
1899 Date: Tue Feb 26 17:12:30 2013 -0500
1900
1901 Pass the same flags to kern_path_create as the original function
1902
1903 fs/namei.c | 4 ++--
1904 1 files changed, 2 insertions(+), 2 deletions(-)
1905
1906 commit a677c8eee35afe48868f92c7d6745bfe809cd481
1907 Author: Al Viro <viro@zeniv.linux.org.uk>
1908 Date: Fri Feb 22 22:45:42 2013 -0500
1909
1910 Upstream commit: 9b40bc90abd126bcc5da5658059b8e72e285e559
1911
1912 get rid of unprotected dereferencing of mnt->mnt_ns
1913
1914 It's safe only under namespace_sem or vfsmount_lock; all places
1915 in fs/namespace.c that want mnt->mnt_ns->user_ns actually want to use
1916 current->nsproxy->mnt_ns->user_ns (note the calls of check_mnt() in
1917 there).
1918
1919 Cc: stable@vger.kernel.org
1920 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
1921
1922 fs/namespace.c | 29 +++++++++++++++++------------
1923 1 files changed, 17 insertions(+), 12 deletions(-)
1924
1925 commit 89298124d0c96dc34a60377e7a1308f8f532ff75
1926 Author: Greg Thelen <gthelen@google.com>
1927 Date: Fri Feb 22 16:36:01 2013 -0800
1928
1929 Upstream fix: 5f00110f7273f9ff04ac69a5f85bb535a4fd0987
1930
1931 tmpfs: fix use-after-free of mempolicy object
1932
1933 The tmpfs remount logic preserves filesystem mempolicy if the mpol=M
1934 option is not specified in the remount request. A new policy can be
1935 specified if mpol=M is given.
1936
1937 Before this patch remounting an mpol bound tmpfs without specifying
1938 mpol= mount option in the remount request would set the filesystem's
1939 mempolicy object to a freed mempolicy object.
1940
1941 To reproduce the problem boot a DEBUG_PAGEALLOC kernel and run:
1942 # mkdir /tmp/x
1943
1944 # mount -t tmpfs -o size=100M,mpol=interleave nodev /tmp/x
1945
1946 # grep /tmp/x /proc/mounts
1947 nodev /tmp/x tmpfs rw,relatime,size=102400k,mpol=interleave:0-3 0 0
1948
1949 # mount -o remount,size=200M nodev /tmp/x
1950
1951 # grep /tmp/x /proc/mounts
1952 nodev /tmp/x tmpfs rw,relatime,size=204800k,mpol=??? 0 0
1953 # note ? garbage in mpol=... output above
1954
1955 # dd if=/dev/zero of=/tmp/x/f count=1
1956 # panic here
1957
1958 Panic:
1959 BUG: unable to handle kernel NULL pointer dereference at (null)
1960 IP: [< (null)>] (null)
1961 [...]
1962 Oops: 0010 [#1] SMP DEBUG_PAGEALLOC
1963 Call Trace:
1964 mpol_shared_policy_init+0xa5/0x160
1965 shmem_get_inode+0x209/0x270
1966 shmem_mknod+0x3e/0xf0
1967 shmem_create+0x18/0x20
1968 vfs_create+0xb5/0x130
1969 do_last+0x9a1/0xea0
1970 path_openat+0xb3/0x4d0
1971 do_filp_open+0x42/0xa0
1972 do_sys_open+0xfe/0x1e0
1973 compat_sys_open+0x1b/0x20
1974 cstar_dispatch+0x7/0x1f
1975
1976 Non-debug kernels will not crash immediately because referencing the
1977 dangling mpol will not cause a fault. Instead the filesystem will
1978 reference a freed mempolicy object, which will cause unpredictable
1979 behavior.
1980
1981 The problem boils down to a dropped mpol reference below if
1982 shmem_parse_options() does not allocate a new mpol:
1983
1984 config = *sbinfo
1985 shmem_parse_options(data, &config, true)
1986 mpol_put(sbinfo->mpol)
1987 sbinfo->mpol = config.mpol /* BUG: saves unreferenced mpol */
1988
1989 This patch avoids the crash by not releasing the mempolicy if
1990 shmem_parse_options() doesn't create a new mpol.
1991
1992 How far back does this issue go? I see it in both 2.6.36 and 3.3. I did
1993 not look back further.
1994
1995 Signed-off-by: Greg Thelen <gthelen@google.com>
1996 Acked-by: Hugh Dickins <hughd@google.com>
1997 Cc: <stable@vger.kernel.org>
1998 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
1999 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2000
2001 mm/shmem.c | 10 ++++++++--
2002 1 files changed, 8 insertions(+), 2 deletions(-)
2003
2004 commit 614943c76d9e49f12f3e1154f1dea80dc4bb2743
2005 Author: Brad Spengler <spender@grsecurity.net>
2006 Date: Sat Feb 23 11:08:05 2013 -0500
2007
2008 Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY
2009 with a family greater or equal then AF_MAX -- the array size of
2010 sock_diag_handlers[]. The current code does not test for this
2011 condition therefore is vulnerable to an out-of-bound access opening
2012 doors for a privilege escalation.
2013
2014 Signed-off-by: Mathias Krause <minipli@googlemail.com>
2015
2016 The sock_diag_lock_handler() and sock_diag_unlock_handler() actually
2017 make the code less readable. Get rid of them and make the lock usage
2018 and access to sock_diag_handlers[] clear on the first sight.
2019
2020 Signed-off-by: Mathias Krause <minipli@googlemail.com>
2021
2022 net/core/sock_diag.c | 27 ++++++++++-----------------
2023 1 files changed, 10 insertions(+), 17 deletions(-)
2024
2025 commit e8d44970f8ac5ceda7b0e3f2c2ab33cefb800990
2026 Author: Brad Spengler <spender@grsecurity.net>
2027 Date: Sat Feb 23 10:58:52 2013 -0500
2028
2029 Fix compilation failure reported by Hinnerk van Bruinehsen when CPU_USE_DOMAINS is not defined
2030
2031 arch/arm/include/asm/domain.h | 1 +
2032 1 files changed, 1 insertions(+), 0 deletions(-)
2033
2034 commit 7b729586eb81f344fdedf0942fab0acc738a6725
2035 Author: Brad Spengler <spender@grsecurity.net>
2036 Date: Fri Feb 22 19:02:51 2013 -0500
2037
2038 Add back capability check for user namespaces. They have not seen enough proper review and needlessly exposes additional attack surface for all users.
2039
2040 kernel/fork.c | 17 +++++++++++++++++
2041 1 files changed, 17 insertions(+), 0 deletions(-)
2042
2043 commit fadc560d0c486af88da83177735f5515e88acdcc
2044 Author: Brad Spengler <spender@grsecurity.net>
2045 Date: Thu Feb 21 23:06:48 2013 -0500
2046
2047 put is_hugetlbfs_mnt inside ifdefs
2048
2049 grsecurity/gracl.c | 2 ++
2050 1 files changed, 2 insertions(+), 0 deletions(-)
2051
2052 commit 8252176922d405484f986eb2cc350b7cd3ae586e
2053 Author: Brad Spengler <spender@grsecurity.net>
2054 Date: Thu Feb 21 23:02:07 2013 -0500
2055
2056 remove unused label
2057
2058 kernel/module.c | 1 -
2059 1 files changed, 0 insertions(+), 1 deletions(-)
2060
2061 commit dad4a980f0b625059e215d13da728aa7fd02a374
2062 Author: Brad Spengler <spender@grsecurity.net>
2063 Date: Thu Feb 21 23:00:52 2013 -0500
2064
2065 compile fix
2066
2067 fs/open.c | 2 +-
2068 1 files changed, 1 insertions(+), 1 deletions(-)
2069
2070 commit 13e3266c41b98a40f3d8a4a7fb8ee5c0983156b7
2071 Author: Brad Spengler <spender@grsecurity.net>
2072 Date: Thu Feb 21 22:57:49 2013 -0500
2073
2074 remove kmalloc_array_error for the same reasons as kcalloc_error
2075
2076 include/linux/slab.h | 9 ---------
2077 1 files changed, 0 insertions(+), 9 deletions(-)
2078
2079 commit 0c24df0e81ae880c4523cc78ff91609b9aa6133a
2080 Author: Brad Spengler <spender@grsecurity.net>
2081 Date: Thu Feb 21 22:49:35 2013 -0500
2082
2083 Initial port of grsecurity for Linux 3.8
2084
2085 Documentation/kernel-parameters.txt | 4 +
2086 Makefile | 10 +-
2087 arch/alpha/include/asm/cache.h | 4 +-
2088 arch/alpha/kernel/osf_sys.c | 14 +-
2089 arch/arm/include/asm/cache.h | 2 +
2090 arch/arm/include/asm/thread_info.h | 9 +-
2091 arch/arm/kernel/process.c | 4 +-
2092 arch/arm/kernel/ptrace.c | 9 +
2093 arch/arm/kernel/traps.c | 7 +-
2094 arch/arm/mm/fault.c | 27 +-
2095 arch/arm/mm/mmap.c | 6 +-
2096 arch/avr32/include/asm/cache.h | 4 +-
2097 arch/blackfin/include/asm/cache.h | 3 +-
2098 arch/cris/include/arch-v10/arch/cache.h | 3 +-
2099 arch/cris/include/arch-v32/arch/cache.h | 3 +-
2100 arch/frv/include/asm/cache.h | 3 +-
2101 arch/frv/mm/elf-fdpic.c | 7 +-
2102 arch/hexagon/include/asm/cache.h | 6 +-
2103 arch/ia64/include/asm/cache.h | 3 +-
2104 arch/ia64/kernel/sys_ia64.c | 3 +-
2105 arch/ia64/mm/hugetlbpage.c | 3 +-
2106 arch/m32r/include/asm/cache.h | 4 +-
2107 arch/m68k/include/asm/cache.h | 4 +-
2108 arch/microblaze/include/asm/cache.h | 3 +-
2109 arch/mips/include/asm/cache.h | 3 +-
2110 arch/mips/include/asm/thread_info.h | 9 +-
2111 arch/mips/kernel/ptrace.c | 9 +
2112 arch/mips/kernel/scall32-o32.S | 2 +-
2113 arch/mips/kernel/scall64-64.S | 2 +-
2114 arch/mips/kernel/scall64-n32.S | 2 +-
2115 arch/mips/kernel/scall64-o32.S | 2 +-
2116 arch/mips/mm/mmap.c | 3 +-
2117 arch/mn10300/proc-mn103e010/include/proc/cache.h | 4 +-
2118 arch/mn10300/proc-mn2ws0050/include/proc/cache.h | 4 +-
2119 arch/openrisc/include/asm/cache.h | 4 +-
2120 arch/parisc/include/asm/cache.h | 5 +-
2121 arch/parisc/kernel/sys_parisc.c | 19 +-
2122 arch/powerpc/include/asm/cache.h | 3 +-
2123 arch/powerpc/include/asm/thread_info.h | 8 +-
2124 arch/powerpc/kernel/process.c | 10 +-
2125 arch/powerpc/kernel/ptrace.c | 14 +
2126 arch/powerpc/kernel/traps.c | 5 +
2127 arch/powerpc/mm/slice.c | 8 +-
2128 arch/s390/include/asm/cache.h | 4 +-
2129 arch/score/include/asm/cache.h | 4 +-
2130 arch/sh/include/asm/cache.h | 3 +-
2131 arch/sh/mm/mmap.c | 6 +-
2132 arch/sparc/include/asm/cache.h | 4 +-
2133 arch/sparc/include/asm/thread_info_64.h | 9 +-
2134 arch/sparc/kernel/process_32.c | 6 +-
2135 arch/sparc/kernel/process_64.c | 8 +-
2136 arch/sparc/kernel/ptrace_64.c | 14 +
2137 arch/sparc/kernel/sys_sparc_64.c | 6 +-
2138 arch/sparc/kernel/syscalls.S | 8 +-
2139 arch/sparc/kernel/traps_32.c | 8 +-
2140 arch/sparc/kernel/traps_64.c | 28 +-
2141 arch/sparc/kernel/unaligned_64.c | 2 +-
2142 arch/sparc/mm/fault_64.c | 2 +-
2143 arch/sparc/mm/hugetlbpage.c | 3 +-
2144 arch/tile/include/asm/cache.h | 3 +-
2145 arch/um/include/asm/cache.h | 3 +-
2146 arch/unicore32/include/asm/cache.h | 6 +-
2147 arch/x86/Kconfig | 5 +-
2148 arch/x86/Kconfig.debug | 2 +-
2149 arch/x86/ia32/ia32_aout.c | 2 +
2150 arch/x86/include/asm/thread_info.h | 8 +-
2151 arch/x86/kernel/dumpstack.c | 8 +
2152 arch/x86/kernel/entry_32.S | 2 +-
2153 arch/x86/kernel/entry_64.S | 2 +-
2154 arch/x86/kernel/ioport.c | 13 +
2155 arch/x86/kernel/ptrace.c | 14 +
2156 arch/x86/kernel/smpboot.c | 3 +
2157 arch/x86/kernel/sys_i386_32.c | 14 +-
2158 arch/x86/kernel/sys_x86_64.c | 3 +-
2159 arch/x86/kernel/verify_cpu.S | 1 +
2160 arch/x86/kernel/vm86_32.c | 16 +
2161 arch/x86/mm/fault.c | 12 +-
2162 arch/x86/mm/hugetlbpage.c | 3 +-
2163 arch/x86/mm/init.c | 66 +-
2164 arch/x86/net/bpf_jit_comp.c | 126 +-
2165 arch/xtensa/variants/dc232b/include/variant/core.h | 2 +-
2166 arch/xtensa/variants/fsf/include/variant/core.h | 3 +-
2167 arch/xtensa/variants/s6000/include/variant/core.h | 3 +-
2168 crypto/ablkcipher.c | 12 +-
2169 crypto/aead.c | 9 +-
2170 crypto/ahash.c | 2 +-
2171 crypto/blkcipher.c | 6 +-
2172 crypto/crypto_user.c | 38 +-
2173 crypto/pcompress.c | 3 +-
2174 crypto/rng.c | 2 +-
2175 crypto/shash.c | 3 +-
2176 drivers/block/cciss.c | 2 +
2177 drivers/char/Kconfig | 4 +-
2178 drivers/char/genrtc.c | 1 +
2179 drivers/char/mem.c | 17 +
2180 drivers/char/random.c | 12 +
2181 drivers/gpu/drm/drm_info.c | 4 +
2182 drivers/hid/hid-wiimote-debug.c | 2 +-
2183 drivers/media/radio/radio-cadet.c | 2 +-
2184 drivers/message/fusion/mptbase.c | 5 +
2185 drivers/net/phy/mdio-bitbang.c | 1 +
2186 drivers/pci/proc.c | 9 +
2187 drivers/rtc/rtc-dev.c | 3 +
2188 drivers/tty/sysrq.c | 2 +-
2189 drivers/tty/vt/keyboard.c | 22 +-
2190 drivers/video/logo/logo_linux_clut224.ppm | 2721 ++++++--------
2191 drivers/xen/xenfs/xenstored.c | 5 +
2192 fs/attr.c | 1 +
2193 fs/autofs4/waitq.c | 9 +
2194 fs/binfmt_aout.c | 7 +
2195 fs/binfmt_elf.c | 6 +
2196 fs/btrfs/inode.c | 10 +-
2197 fs/btrfs/ioctl.c | 6 +-
2198 fs/compat.c | 18 +
2199 fs/coredump.c | 10 +-
2200 fs/debugfs/inode.c | 4 +
2201 fs/exec.c | 155 +-
2202 fs/ext2/balloc.c | 4 +-
2203 fs/ext3/balloc.c | 4 +-
2204 fs/ext4/balloc.c | 4 +-
2205 fs/fcntl.c | 5 +
2206 fs/file.c | 4 +
2207 fs/filesystems.c | 5 +
2208 fs/fs_struct.c | 26 +-
2209 fs/hugetlbfs/inode.c | 5 +-
2210 fs/namei.c | 269 ++-
2211 fs/namespace.c | 24 +
2212 fs/open.c | 38 +
2213 fs/pipe.c | 2 +-
2214 fs/proc/Kconfig | 10 +-
2215 fs/proc/array.c | 59 +-
2216 fs/proc/base.c | 168 +-
2217 fs/proc/cmdline.c | 4 +
2218 fs/proc/devices.c | 4 +
2219 fs/proc/fd.c | 17 +-
2220 fs/proc/inode.c | 17 +
2221 fs/proc/internal.h | 3 +
2222 fs/proc/kcore.c | 3 +
2223 fs/proc/proc_net.c | 12 +
2224 fs/proc/proc_sysctl.c | 43 +-
2225 fs/proc/root.c | 8 +
2226 fs/proc/task_mmu.c | 75 +-
2227 fs/readdir.c | 19 +
2228 fs/select.c | 2 +
2229 fs/seq_file.c | 12 +-
2230 fs/stat.c | 19 +-
2231 fs/sysfs/dir.c | 12 +
2232 fs/utimes.c | 7 +
2233 fs/xattr.c | 19 +-
2234 grsecurity/Kconfig | 1021 +++++
2235 grsecurity/Makefile | 38 +
2236 grsecurity/gracl.c | 4017 ++++++++++++++++++++
2237 grsecurity/gracl_alloc.c | 105 +
2238 grsecurity/gracl_cap.c | 110 +
2239 grsecurity/gracl_fs.c | 431 +++
2240 grsecurity/gracl_ip.c | 384 ++
2241 grsecurity/gracl_learn.c | 207 +
2242 grsecurity/gracl_res.c | 68 +
2243 grsecurity/gracl_segv.c | 299 ++
2244 grsecurity/gracl_shm.c | 40 +
2245 grsecurity/grsec_chdir.c | 19 +
2246 grsecurity/grsec_chroot.c | 357 ++
2247 grsecurity/grsec_disabled.c | 434 +++
2248 grsecurity/grsec_exec.c | 174 +
2249 grsecurity/grsec_fifo.c | 24 +
2250 grsecurity/grsec_fork.c | 23 +
2251 grsecurity/grsec_init.c | 283 ++
2252 grsecurity/grsec_link.c | 58 +
2253 grsecurity/grsec_log.c | 329 ++
2254 grsecurity/grsec_mem.c | 40 +
2255 grsecurity/grsec_mount.c | 62 +
2256 grsecurity/grsec_pax.c | 36 +
2257 grsecurity/grsec_ptrace.c | 30 +
2258 grsecurity/grsec_sig.c | 222 ++
2259 grsecurity/grsec_sock.c | 244 ++
2260 grsecurity/grsec_sysctl.c | 469 +++
2261 grsecurity/grsec_time.c | 16 +
2262 grsecurity/grsec_tpe.c | 73 +
2263 grsecurity/grsum.c | 61 +
2264 include/linux/capability.h | 5 +
2265 include/linux/cred.h | 3 +
2266 include/linux/fs.h | 10 +
2267 include/linux/fsnotify.h | 6 +
2268 include/linux/gracl.h | 319 ++
2269 include/linux/gralloc.h | 9 +
2270 include/linux/grdefs.h | 140 +
2271 include/linux/grinternal.h | 215 ++
2272 include/linux/grmsg.h | 111 +
2273 include/linux/grsecurity.h | 257 ++
2274 include/linux/grsock.h | 19 +
2275 include/linux/kallsyms.h | 14 +-
2276 include/linux/kmod.h | 2 +
2277 include/linux/netfilter/xt_gradm.h | 9 +
2278 include/linux/printk.h | 3 +-
2279 include/linux/proc_fs.h | 12 +
2280 include/linux/sched.h | 66 +-
2281 include/linux/security.h | 1 +
2282 include/linux/seq_file.h | 3 +
2283 include/linux/shm.h | 4 +
2284 include/linux/sysctl.h | 2 +
2285 include/linux/thread_info.h | 2 +
2286 include/linux/vermagic.h | 9 +-
2287 include/trace/events/fs.h | 53 +
2288 include/uapi/linux/personality.h | 1 +
2289 init/Kconfig | 5 +-
2290 init/main.c | 14 +
2291 ipc/mqueue.c | 1 +
2292 ipc/shm.c | 28 +
2293 kernel/capability.c | 39 +-
2294 kernel/cgroup.c | 2 +-
2295 kernel/compat.c | 1 +
2296 kernel/configs.c | 11 +
2297 kernel/cred.c | 109 +-
2298 kernel/exit.c | 10 +-
2299 kernel/fork.c | 24 +-
2300 kernel/futex.c | 1 +
2301 kernel/kallsyms.c | 9 +
2302 kernel/kcmp.c | 4 +
2303 kernel/kmod.c | 71 +-
2304 kernel/kprobes.c | 4 +-
2305 kernel/ksysfs.c | 2 +
2306 kernel/lockdep_proc.c | 10 +-
2307 kernel/module.c | 80 +-
2308 kernel/panic.c | 4 +-
2309 kernel/pid.c | 19 +-
2310 kernel/posix-timers.c | 8 +
2311 kernel/printk.c | 5 +
2312 kernel/ptrace.c | 20 +-
2313 kernel/resource.c | 10 +
2314 kernel/sched/core.c | 6 +-
2315 kernel/signal.c | 37 +-
2316 kernel/sys.c | 38 +-
2317 kernel/sysctl.c | 39 +-
2318 kernel/taskstats.c | 6 +
2319 kernel/time.c | 5 +
2320 kernel/time/timekeeping.c | 3 +
2321 kernel/time/timer_list.c | 12 +
2322 kernel/time/timer_stats.c | 10 +-
2323 lib/Kconfig.debug | 5 +-
2324 lib/is_single_threaded.c | 3 +
2325 lib/vsprintf.c | 35 +-
2326 localversion-grsec | 1 +
2327 mm/Kconfig | 4 +-
2328 mm/filemap.c | 1 +
2329 mm/kmemleak.c | 4 +-
2330 mm/mempolicy.c | 12 +-
2331 mm/migrate.c | 3 +-
2332 mm/mlock.c | 3 +
2333 mm/mmap.c | 62 +-
2334 mm/mprotect.c | 8 +
2335 mm/page_alloc.c | 6 +
2336 mm/process_vm_access.c | 6 +
2337 mm/shmem.c | 2 +-
2338 mm/slab.c | 2 +-
2339 mm/slub.c | 14 +-
2340 mm/vmalloc.c | 4 +
2341 mm/vmstat.c | 18 +-
2342 net/core/dev.c | 9 +
2343 net/core/sock_diag.c | 7 +
2344 net/ipv4/inet_hashtables.c | 5 +
2345 net/ipv4/ip_sockglue.c | 3 +-
2346 net/ipv4/tcp_input.c | 4 +-
2347 net/ipv4/tcp_ipv4.c | 24 +-
2348 net/ipv4/tcp_minisocks.c | 9 +-
2349 net/ipv4/tcp_timer.c | 11 +
2350 net/ipv4/udp.c | 24 +
2351 net/ipv6/tcp_ipv6.c | 23 +-
2352 net/ipv6/udp.c | 7 +
2353 net/netfilter/Kconfig | 10 +
2354 net/netfilter/Makefile | 1 +
2355 net/netfilter/nf_conntrack_core.c | 8 +
2356 net/netfilter/xt_gradm.c | 51 +
2357 net/netrom/af_netrom.c | 2 +-
2358 net/phonet/af_phonet.c | 4 +-
2359 net/sctp/proc.c | 3 +-
2360 net/socket.c | 62 +-
2361 net/sysctl_net.c | 2 +-
2362 net/unix/af_unix.c | 19 +
2363 security/Kconfig | 320 ++-
2364 security/apparmor/lsm.c | 2 +-
2365 security/commoncap.c | 29 +
2366 security/min_addr.c | 2 +
2367 security/security.c | 2 -
2368 security/selinux/hooks.c | 2 -
2369 security/yama/Kconfig | 2 +-
2370 tools/gcc/Makefile | 2 +-
2371 286 files changed, 15083 insertions(+), 2067 deletions(-)
2372
2373 commit 4b61d2188de70da9dc9b3e67fc0565077370eb27
2374 Author: Brad Spengler <spender@grsecurity.net>
2375 Date: Wed Feb 20 21:00:42 2013 -0500
2376
2377 Initial import of pax-linux-3.8-test3.patch
2378
2379 Documentation/dontdiff | 43 +-
2380 Documentation/kernel-parameters.txt | 7 +
2381 Makefile | 97 +-
2382 arch/alpha/include/asm/atomic.h | 10 +
2383 arch/alpha/include/asm/elf.h | 7 +
2384 arch/alpha/include/asm/pgalloc.h | 6 +
2385 arch/alpha/include/asm/pgtable.h | 11 +
2386 arch/alpha/kernel/module.c | 2 +-
2387 arch/alpha/kernel/osf_sys.c | 10 +-
2388 arch/alpha/mm/fault.c | 141 +-
2389 arch/arm/Kconfig | 2 +-
2390 arch/arm/include/asm/atomic.h | 421 +++-
2391 arch/arm/include/asm/cache.h | 3 +-
2392 arch/arm/include/asm/cacheflush.h | 2 +-
2393 arch/arm/include/asm/checksum.h | 14 +-
2394 arch/arm/include/asm/cmpxchg.h | 2 +
2395 arch/arm/include/asm/delay.h | 8 +-
2396 arch/arm/include/asm/domain.h | 32 +-
2397 arch/arm/include/asm/elf.h | 13 +-
2398 arch/arm/include/asm/fncpy.h | 2 +
2399 arch/arm/include/asm/futex.h | 10 +
2400 arch/arm/include/asm/kmap_types.h | 2 +-
2401 arch/arm/include/asm/mach/dma.h | 2 +-
2402 arch/arm/include/asm/mach/map.h | 7 +-
2403 arch/arm/include/asm/outercache.h | 2 +-
2404 arch/arm/include/asm/page.h | 2 +-
2405 arch/arm/include/asm/pgalloc.h | 22 +-
2406 arch/arm/include/asm/pgtable-2level-hwdef.h | 5 +
2407 arch/arm/include/asm/pgtable-2level.h | 1 +
2408 arch/arm/include/asm/pgtable-3level-hwdef.h | 4 +
2409 arch/arm/include/asm/pgtable-3level.h | 2 +
2410 arch/arm/include/asm/pgtable.h | 56 +-
2411 arch/arm/include/asm/proc-fns.h | 2 +-
2412 arch/arm/include/asm/processor.h | 5 +-
2413 arch/arm/include/asm/smp.h | 2 +-
2414 arch/arm/include/asm/thread_info.h | 6 +-
2415 arch/arm/include/asm/uaccess.h | 92 +-
2416 arch/arm/include/uapi/asm/ptrace.h | 2 +-
2417 arch/arm/kernel/armksyms.c | 4 +-
2418 arch/arm/kernel/entry-armv.S | 107 +-
2419 arch/arm/kernel/entry-common.S | 41 +-
2420 arch/arm/kernel/entry-header.S | 60 +
2421 arch/arm/kernel/fiq.c | 2 +
2422 arch/arm/kernel/head.S | 6 +-
2423 arch/arm/kernel/hw_breakpoint.c | 2 +-
2424 arch/arm/kernel/module.c | 29 +-
2425 arch/arm/kernel/perf_event_cpu.c | 2 +-
2426 arch/arm/kernel/process.c | 10 +-
2427 arch/arm/kernel/setup.c | 22 +-
2428 arch/arm/kernel/smp.c | 2 +-
2429 arch/arm/kernel/traps.c | 8 +-
2430 arch/arm/kernel/vmlinux.lds.S | 20 +-
2431 arch/arm/lib/clear_user.S | 6 +-
2432 arch/arm/lib/copy_from_user.S | 6 +-
2433 arch/arm/lib/copy_page.S | 1 +
2434 arch/arm/lib/copy_to_user.S | 6 +-
2435 arch/arm/lib/csumpartialcopyuser.S | 4 +-
2436 arch/arm/lib/delay.c | 14 +-
2437 arch/arm/lib/uaccess_with_memcpy.c | 2 +-
2438 arch/arm/mach-kirkwood/common.c | 19 +-
2439 arch/arm/mach-omap2/board-n8x0.c | 2 +-
2440 arch/arm/mach-omap2/omap-wakeupgen.c | 2 +-
2441 arch/arm/mach-omap2/omap_hwmod.c | 4 +-
2442 arch/arm/mach-ux500/include/mach/setup.h | 7 -
2443 arch/arm/mm/Kconfig | 3 +-
2444 arch/arm/mm/fault.c | 78 +
2445 arch/arm/mm/fault.h | 12 +
2446 arch/arm/mm/init.c | 41 +
2447 arch/arm/mm/ioremap.c | 4 +-
2448 arch/arm/mm/mmap.c | 36 +-
2449 arch/arm/mm/mmu.c | 186 +-
2450 arch/arm/mm/proc-v7-2level.S | 3 +
2451 arch/arm/plat-omap/sram.c | 2 +
2452 arch/arm/plat-orion/include/plat/addr-map.h | 2 +-
2453 arch/arm/plat-samsung/include/plat/dma-ops.h | 2 +-
2454 arch/arm64/kernel/debug-monitors.c | 2 +-
2455 arch/arm64/kernel/hw_breakpoint.c | 2 +-
2456 arch/avr32/include/asm/elf.h | 8 +-
2457 arch/avr32/include/asm/kmap_types.h | 4 +-
2458 arch/avr32/mm/fault.c | 27 +
2459 arch/frv/include/asm/atomic.h | 10 +
2460 arch/frv/include/asm/kmap_types.h | 2 +-
2461 arch/frv/mm/elf-fdpic.c | 7 +-
2462 arch/ia64/include/asm/atomic.h | 10 +
2463 arch/ia64/include/asm/elf.h | 7 +
2464 arch/ia64/include/asm/pgalloc.h | 12 +
2465 arch/ia64/include/asm/pgtable.h | 13 +-
2466 arch/ia64/include/asm/spinlock.h | 2 +-
2467 arch/ia64/include/asm/uaccess.h | 28 +-
2468 arch/ia64/kernel/err_inject.c | 2 +-
2469 arch/ia64/kernel/mca.c | 2 +-
2470 arch/ia64/kernel/module.c | 48 +-
2471 arch/ia64/kernel/palinfo.c | 2 +-
2472 arch/ia64/kernel/salinfo.c | 2 +-
2473 arch/ia64/kernel/sys_ia64.c | 13 +-
2474 arch/ia64/kernel/topology.c | 2 +-
2475 arch/ia64/kernel/vmlinux.lds.S | 2 +-
2476 arch/ia64/mm/fault.c | 32 +-
2477 arch/ia64/mm/hugetlbpage.c | 2 +-
2478 arch/ia64/mm/init.c | 13 +
2479 arch/m32r/lib/usercopy.c | 6 +
2480 arch/mips/include/asm/atomic.h | 14 +
2481 arch/mips/include/asm/elf.h | 11 +-
2482 arch/mips/include/asm/exec.h | 2 +-
2483 arch/mips/include/asm/page.h | 2 +-
2484 arch/mips/include/asm/pgalloc.h | 5 +
2485 arch/mips/kernel/binfmt_elfn32.c | 7 +
2486 arch/mips/kernel/binfmt_elfo32.c | 7 +
2487 arch/mips/kernel/process.c | 12 -
2488 arch/mips/mm/fault.c | 17 +
2489 arch/mips/mm/mmap.c | 51 +-
2490 arch/parisc/include/asm/atomic.h | 10 +
2491 arch/parisc/include/asm/elf.h | 7 +
2492 arch/parisc/include/asm/pgalloc.h | 6 +
2493 arch/parisc/include/asm/pgtable.h | 11 +
2494 arch/parisc/include/asm/uaccess.h | 4 +-
2495 arch/parisc/kernel/module.c | 50 +-
2496 arch/parisc/kernel/sys_parisc.c | 6 +-
2497 arch/parisc/kernel/traps.c | 4 +-
2498 arch/parisc/mm/fault.c | 140 +-
2499 arch/powerpc/include/asm/atomic.h | 10 +
2500 arch/powerpc/include/asm/elf.h | 19 +-
2501 arch/powerpc/include/asm/exec.h | 2 +-
2502 arch/powerpc/include/asm/kmap_types.h | 2 +-
2503 arch/powerpc/include/asm/mman.h | 2 +-
2504 arch/powerpc/include/asm/page.h | 8 +-
2505 arch/powerpc/include/asm/page_64.h | 7 +-
2506 arch/powerpc/include/asm/pgalloc-64.h | 7 +
2507 arch/powerpc/include/asm/pgtable.h | 1 +
2508 arch/powerpc/include/asm/pte-hash32.h | 1 +
2509 arch/powerpc/include/asm/reg.h | 1 +
2510 arch/powerpc/include/asm/uaccess.h | 142 +-
2511 arch/powerpc/kernel/exceptions-64e.S | 4 +-
2512 arch/powerpc/kernel/exceptions-64s.S | 2 +-
2513 arch/powerpc/kernel/module_32.c | 13 +-
2514 arch/powerpc/kernel/process.c | 55 -
2515 arch/powerpc/kernel/signal_32.c | 2 +-
2516 arch/powerpc/kernel/signal_64.c | 2 +-
2517 arch/powerpc/kernel/sysfs.c | 2 +-
2518 arch/powerpc/kernel/vdso.c | 5 +-
2519 arch/powerpc/lib/usercopy_64.c | 18 -
2520 arch/powerpc/mm/fault.c | 54 +-
2521 arch/powerpc/mm/mmap_64.c | 16 +
2522 arch/powerpc/mm/mmu_context_nohash.c | 2 +-
2523 arch/powerpc/mm/numa.c | 2 +-
2524 arch/powerpc/mm/slice.c | 23 +-
2525 arch/powerpc/platforms/powermac/smp.c | 2 +-
2526 arch/s390/include/asm/atomic.h | 10 +
2527 arch/s390/include/asm/elf.h | 13 +-
2528 arch/s390/include/asm/exec.h | 2 +-
2529 arch/s390/include/asm/uaccess.h | 15 +-
2530 arch/s390/kernel/module.c | 22 +-
2531 arch/s390/kernel/process.c | 36 -
2532 arch/s390/mm/mmap.c | 24 +
2533 arch/score/include/asm/exec.h | 2 +-
2534 arch/score/kernel/process.c | 5 -
2535 arch/sh/kernel/cpu/sh4a/smp-shx3.c | 2 +-
2536 arch/sh/mm/mmap.c | 22 +-
2537 arch/sparc/include/asm/atomic_64.h | 106 +-
2538 arch/sparc/include/asm/cache.h | 2 +-
2539 arch/sparc/include/asm/elf_32.h | 7 +
2540 arch/sparc/include/asm/elf_64.h | 7 +
2541 arch/sparc/include/asm/pgalloc_32.h | 1 +
2542 arch/sparc/include/asm/pgalloc_64.h | 1 +
2543 arch/sparc/include/asm/pgtable_32.h | 15 +-
2544 arch/sparc/include/asm/pgtsrmmu.h | 5 +
2545 arch/sparc/include/asm/spinlock_64.h | 35 +-
2546 arch/sparc/include/asm/thread_info_32.h | 2 +
2547 arch/sparc/include/asm/thread_info_64.h | 2 +
2548 arch/sparc/include/asm/uaccess.h | 8 +
2549 arch/sparc/include/asm/uaccess_32.h | 27 +-
2550 arch/sparc/include/asm/uaccess_64.h | 19 +-
2551 arch/sparc/kernel/Makefile | 2 +-
2552 arch/sparc/kernel/sys_sparc_32.c | 2 +-
2553 arch/sparc/kernel/sys_sparc_64.c | 48 +-
2554 arch/sparc/kernel/sysfs.c | 2 +-
2555 arch/sparc/kernel/traps_64.c | 13 +-
2556 arch/sparc/lib/Makefile | 2 +-
2557 arch/sparc/lib/atomic_64.S | 136 +-
2558 arch/sparc/lib/ksyms.c | 6 +
2559 arch/sparc/mm/Makefile | 2 +-
2560 arch/sparc/mm/fault_32.c | 292 ++
2561 arch/sparc/mm/fault_64.c | 486 +++
2562 arch/sparc/mm/hugetlbpage.c | 21 +-
2563 arch/tile/include/asm/atomic_64.h | 10 +
2564 arch/tile/include/asm/uaccess.h | 4 +-
2565 arch/um/Makefile | 4 +
2566 arch/um/include/asm/kmap_types.h | 2 +-
2567 arch/um/include/asm/page.h | 3 +
2568 arch/um/include/asm/pgtable-3level.h | 1 +
2569 arch/um/kernel/process.c | 16 -
2570 arch/x86/Kconfig | 10 +-
2571 arch/x86/Kconfig.cpu | 6 +-
2572 arch/x86/Kconfig.debug | 6 +-
2573 arch/x86/Makefile | 10 +
2574 arch/x86/boot/Makefile | 3 +
2575 arch/x86/boot/bitops.h | 4 +-
2576 arch/x86/boot/boot.h | 4 +-
2577 arch/x86/boot/compressed/Makefile | 3 +
2578 arch/x86/boot/compressed/eboot.c | 2 -
2579 arch/x86/boot/compressed/head_32.S | 7 +-
2580 arch/x86/boot/compressed/head_64.S | 4 +-
2581 arch/x86/boot/compressed/misc.c | 4 +-
2582 arch/x86/boot/cpucheck.c | 28 +-
2583 arch/x86/boot/header.S | 6 +-
2584 arch/x86/boot/memory.c | 2 +-
2585 arch/x86/boot/video-vesa.c | 1 +
2586 arch/x86/boot/video.c | 2 +-
2587 arch/x86/crypto/aes-x86_64-asm_64.S | 4 +
2588 arch/x86/crypto/aesni-intel_asm.S | 31 +
2589 arch/x86/crypto/blowfish-x86_64-asm_64.S | 8 +
2590 arch/x86/crypto/camellia-x86_64-asm_64.S | 8 +
2591 arch/x86/crypto/cast5-avx-x86_64-asm_64.S | 8 +
2592 arch/x86/crypto/cast6-avx-x86_64-asm_64.S | 8 +
2593 arch/x86/crypto/salsa20-x86_64-asm_64.S | 5 +
2594 arch/x86/crypto/serpent-avx-x86_64-asm_64.S | 8 +
2595 arch/x86/crypto/serpent-sse2-x86_64-asm_64.S | 5 +
2596 arch/x86/crypto/sha1_ssse3_asm.S | 3 +
2597 arch/x86/crypto/twofish-avx-x86_64-asm_64.S | 8 +
2598 arch/x86/crypto/twofish-x86_64-asm_64-3way.S | 5 +
2599 arch/x86/crypto/twofish-x86_64-asm_64.S | 3 +
2600 arch/x86/ia32/ia32_signal.c | 14 +-
2601 arch/x86/ia32/ia32entry.S | 141 +-
2602 arch/x86/ia32/sys_ia32.c | 12 +-
2603 arch/x86/include/asm/alternative-asm.h | 39 +
2604 arch/x86/include/asm/alternative.h | 4 +-
2605 arch/x86/include/asm/apic.h | 2 +-
2606 arch/x86/include/asm/apm.h | 4 +-
2607 arch/x86/include/asm/atomic.h | 307 ++-
2608 arch/x86/include/asm/atomic64_32.h | 100 +
2609 arch/x86/include/asm/atomic64_64.h | 202 ++-
2610 arch/x86/include/asm/bitops.h | 2 +-
2611 arch/x86/include/asm/boot.h | 7 +-
2612 arch/x86/include/asm/cache.h | 5 +-
2613 arch/x86/include/asm/cacheflush.h | 2 +-
2614 arch/x86/include/asm/checksum_32.h | 12 +-
2615 arch/x86/include/asm/cmpxchg.h | 35 +
2616 arch/x86/include/asm/cpufeature.h | 4 +-
2617 arch/x86/include/asm/desc.h | 65 +-
2618 arch/x86/include/asm/desc_defs.h | 6 +
2619 arch/x86/include/asm/elf.h | 31 +-
2620 arch/x86/include/asm/emergency-restart.h | 2 +-
2621 arch/x86/include/asm/fpu-internal.h | 6 +-
2622 arch/x86/include/asm/futex.h | 16 +-
2623 arch/x86/include/asm/hw_irq.h | 4 +-
2624 arch/x86/include/asm/io.h | 13 +-
2625 arch/x86/include/asm/irqflags.h | 5 +
2626 arch/x86/include/asm/kprobes.h | 9 +-
2627 arch/x86/include/asm/local.h | 142 +-
2628 arch/x86/include/asm/mman.h | 15 +
2629 arch/x86/include/asm/mmu.h | 16 +-
2630 arch/x86/include/asm/mmu_context.h | 76 +-
2631 arch/x86/include/asm/module.h | 17 +-
2632 arch/x86/include/asm/page_64_types.h | 2 +-
2633 arch/x86/include/asm/paravirt.h | 44 +-
2634 arch/x86/include/asm/paravirt_types.h | 17 +-
2635 arch/x86/include/asm/pgalloc.h | 23 +
2636 arch/x86/include/asm/pgtable-2level.h | 2 +
2637 arch/x86/include/asm/pgtable-3level.h | 4 +
2638 arch/x86/include/asm/pgtable.h | 110 +-
2639 arch/x86/include/asm/pgtable_32.h | 14 +-
2640 arch/x86/include/asm/pgtable_32_types.h | 15 +-
2641 arch/x86/include/asm/pgtable_64.h | 19 +-
2642 arch/x86/include/asm/pgtable_64_types.h | 5 +
2643 arch/x86/include/asm/pgtable_types.h | 36 +-
2644 arch/x86/include/asm/processor.h | 39 +-
2645 arch/x86/include/asm/ptrace.h | 26 +-
2646 arch/x86/include/asm/realmode.h | 4 +-
2647 arch/x86/include/asm/reboot.h | 10 +-
2648 arch/x86/include/asm/rwsem.h | 60 +-
2649 arch/x86/include/asm/segment.h | 24 +-
2650 arch/x86/include/asm/smp.h | 14 +-
2651 arch/x86/include/asm/spinlock.h | 36 +-
2652 arch/x86/include/asm/stackprotector.h | 4 +-
2653 arch/x86/include/asm/stacktrace.h | 32 +-
2654 arch/x86/include/asm/switch_to.h | 4 +-
2655 arch/x86/include/asm/thread_info.h | 83 +-
2656 arch/x86/include/asm/uaccess.h | 96 +-
2657 arch/x86/include/asm/uaccess_32.h | 106 +-
2658 arch/x86/include/asm/uaccess_64.h | 232 +-
2659 arch/x86/include/asm/word-at-a-time.h | 2 +-
2660 arch/x86/include/asm/x86_init.h | 10 +-
2661 arch/x86/include/asm/xsave.h | 10 +-
2662 arch/x86/include/uapi/asm/e820.h | 2 +-
2663 arch/x86/kernel/Makefile | 2 +-
2664 arch/x86/kernel/acpi/sleep.c | 4 +
2665 arch/x86/kernel/acpi/wakeup_32.S | 6 +-
2666 arch/x86/kernel/alternative.c | 65 +-
2667 arch/x86/kernel/apic/apic.c | 6 +-
2668 arch/x86/kernel/apic/apic_flat_64.c | 4 +-
2669 arch/x86/kernel/apic/bigsmp_32.c | 2 +-
2670 arch/x86/kernel/apic/es7000_32.c | 5 +-
2671 arch/x86/kernel/apic/io_apic.c | 8 +-
2672 arch/x86/kernel/apic/numaq_32.c | 3 +-
2673 arch/x86/kernel/apic/probe_32.c | 2 +-
2674 arch/x86/kernel/apic/summit_32.c | 2 +-
2675 arch/x86/kernel/apic/x2apic_cluster.c | 4 +-
2676 arch/x86/kernel/apic/x2apic_phys.c | 2 +-
2677 arch/x86/kernel/apic/x2apic_uv_x.c | 2 +-
2678 arch/x86/kernel/apm_32.c | 19 +-
2679 arch/x86/kernel/asm-offsets.c | 20 +
2680 arch/x86/kernel/asm-offsets_64.c | 1 +
2681 arch/x86/kernel/cpu/Makefile | 4 -
2682 arch/x86/kernel/cpu/amd.c | 2 +-
2683 arch/x86/kernel/cpu/common.c | 75 +-
2684 arch/x86/kernel/cpu/intel.c | 2 +-
2685 arch/x86/kernel/cpu/intel_cacheinfo.c | 50 +-
2686 arch/x86/kernel/cpu/mcheck/mce.c | 29 +-
2687 arch/x86/kernel/cpu/mcheck/p5.c | 3 +
2688 arch/x86/kernel/cpu/mcheck/therm_throt.c | 2 +-
2689 arch/x86/kernel/cpu/mcheck/winchip.c | 3 +
2690 arch/x86/kernel/cpu/mtrr/main.c | 2 +-
2691 arch/x86/kernel/cpu/mtrr/mtrr.h | 2 +-
2692 arch/x86/kernel/cpu/perf_event.c | 4 +-
2693 arch/x86/kernel/cpu/perf_event_intel.c | 6 +-
2694 arch/x86/kernel/cpu/perf_event_intel_uncore.c | 2 +-
2695 arch/x86/kernel/cpuid.c | 2 +-
2696 arch/x86/kernel/crash.c | 4 +-
2697 arch/x86/kernel/doublefault_32.c | 8 +-
2698 arch/x86/kernel/dumpstack.c | 30 +-
2699 arch/x86/kernel/dumpstack_32.c | 34 +-
2700 arch/x86/kernel/dumpstack_64.c | 63 +-
2701 arch/x86/kernel/early_printk.c | 1 +
2702 arch/x86/kernel/entry_32.S | 354 ++-
2703 arch/x86/kernel/entry_64.S | 512 +++-
2704 arch/x86/kernel/ftrace.c | 14 +-
2705 arch/x86/kernel/head32.c | 4 +-
2706 arch/x86/kernel/head_32.S | 237 ++-
2707 arch/x86/kernel/head_64.S | 158 +-
2708 arch/x86/kernel/i386_ksyms_32.c | 8 +
2709 arch/x86/kernel/i387.c | 2 +-
2710 arch/x86/kernel/i8259.c | 2 +-
2711 arch/x86/kernel/ioport.c | 2 +-
2712 arch/x86/kernel/irq.c | 10 +-
2713 arch/x86/kernel/irq_32.c | 69 +-
2714 arch/x86/kernel/irq_64.c | 2 +-
2715 arch/x86/kernel/kdebugfs.c | 2 +-
2716 arch/x86/kernel/kgdb.c | 25 +-
2717 arch/x86/kernel/kprobes-opt.c | 12 +-
2718 arch/x86/kernel/kprobes.c | 30 +-
2719 arch/x86/kernel/kvm.c | 2 +-
2720 arch/x86/kernel/ldt.c | 31 +-
2721 arch/x86/kernel/machine_kexec_32.c | 6 +-
2722 arch/x86/kernel/microcode_core.c | 2 +-
2723 arch/x86/kernel/microcode_intel.c | 4 +-
2724 arch/x86/kernel/module.c | 76 +-
2725 arch/x86/kernel/msr.c | 2 +-
2726 arch/x86/kernel/nmi.c | 11 +
2727 arch/x86/kernel/paravirt-spinlocks.c | 2 +-
2728 arch/x86/kernel/paravirt.c | 43 +-
2729 arch/x86/kernel/pci-iommu_table.c | 2 +-
2730 arch/x86/kernel/process.c | 57 +-
2731 arch/x86/kernel/process_32.c | 29 +-
2732 arch/x86/kernel/process_64.c | 15 +-
2733 arch/x86/kernel/ptrace.c | 25 +-
2734 arch/x86/kernel/pvclock.c | 8 +-
2735 arch/x86/kernel/reboot.c | 44 +-
2736 arch/x86/kernel/relocate_kernel_64.S | 4 +-
2737 arch/x86/kernel/setup.c | 14 +-
2738 arch/x86/kernel/setup_percpu.c | 27 +-
2739 arch/x86/kernel/signal.c | 15 +-
2740 arch/x86/kernel/smp.c | 2 +-
2741 arch/x86/kernel/smpboot.c | 15 +-
2742 arch/x86/kernel/step.c | 10 +-
2743 arch/x86/kernel/sys_i386_32.c | 247 ++
2744 arch/x86/kernel/sys_x86_64.c | 19 +-
2745 arch/x86/kernel/tboot.c | 14 +-
2746 arch/x86/kernel/time.c | 10 +-
2747 arch/x86/kernel/tls.c | 7 +-
2748 arch/x86/kernel/traps.c | 64 +-
2749 arch/x86/kernel/uprobes.c | 2 +-
2750 arch/x86/kernel/vm86_32.c | 6 +-
2751 arch/x86/kernel/vmlinux.lds.S | 148 +-
2752 arch/x86/kernel/vsyscall_64.c | 12 +-
2753 arch/x86/kernel/x8664_ksyms_64.c | 2 -
2754 arch/x86/kernel/x86_init.c | 8 +-
2755 arch/x86/kernel/xsave.c | 2 +
2756 arch/x86/kvm/cpuid.c | 21 +-
2757 arch/x86/kvm/emulate.c | 4 +-
2758 arch/x86/kvm/lapic.c | 2 +-
2759 arch/x86/kvm/paging_tmpl.h | 2 +-
2760 arch/x86/kvm/svm.c | 8 +
2761 arch/x86/kvm/vmx.c | 47 +-
2762 arch/x86/kvm/x86.c | 10 +-
2763 arch/x86/lguest/boot.c | 3 +-
2764 arch/x86/lib/atomic64_386_32.S | 164 +
2765 arch/x86/lib/atomic64_cx8_32.S | 103 +-
2766 arch/x86/lib/checksum_32.S | 100 +-
2767 arch/x86/lib/clear_page_64.S | 5 +-
2768 arch/x86/lib/cmpxchg16b_emu.S | 2 +
2769 arch/x86/lib/copy_page_64.S | 24 +-
2770 arch/x86/lib/copy_user_64.S | 47 +-
2771 arch/x86/lib/copy_user_nocache_64.S | 20 +-
2772 arch/x86/lib/csum-copy_64.S | 2 +
2773 arch/x86/lib/csum-wrappers_64.c | 4 +-
2774 arch/x86/lib/getuser.S | 68 +-
2775 arch/x86/lib/insn.c | 6 +-
2776 arch/x86/lib/iomap_copy_64.S | 2 +
2777 arch/x86/lib/memcpy_64.S | 18 +-
2778 arch/x86/lib/memmove_64.S | 34 +-
2779 arch/x86/lib/memset_64.S | 7 +-
2780 arch/x86/lib/mmx_32.c | 243 +-
2781 arch/x86/lib/msr-reg.S | 18 +-
2782 arch/x86/lib/putuser.S | 90 +-
2783 arch/x86/lib/rwlock.S | 42 +
2784 arch/x86/lib/rwsem.S | 6 +-
2785 arch/x86/lib/thunk_64.S | 2 +
2786 arch/x86/lib/usercopy_32.c | 376 ++-
2787 arch/x86/lib/usercopy_64.c | 25 +-
2788 arch/x86/mm/extable.c | 25 +-
2789 arch/x86/mm/fault.c | 555 +++-
2790 arch/x86/mm/gup.c | 2 +-
2791 arch/x86/mm/highmem_32.c | 4 +
2792 arch/x86/mm/hugetlbpage.c | 30 +-
2793 arch/x86/mm/init.c | 92 +-
2794 arch/x86/mm/init_32.c | 122 +-
2795 arch/x86/mm/init_64.c | 48 +-
2796 arch/x86/mm/iomap_32.c | 4 +
2797 arch/x86/mm/ioremap.c | 12 +-
2798 arch/x86/mm/kmemcheck/kmemcheck.c | 4 +-
2799 arch/x86/mm/mmap.c | 41 +-
2800 arch/x86/mm/mmio-mod.c | 10 +-
2801 arch/x86/mm/pageattr-test.c | 2 +-
2802 arch/x86/mm/pageattr.c | 33 +-
2803 arch/x86/mm/pat.c | 12 +-
2804 arch/x86/mm/pf_in.c | 10 +-
2805 arch/x86/mm/pgtable.c | 137 +-
2806 arch/x86/mm/pgtable_32.c | 3 +
2807 arch/x86/mm/setup_nx.c | 7 +
2808 arch/x86/mm/tlb.c | 4 +
2809 arch/x86/net/bpf_jit.S | 14 +
2810 arch/x86/net/bpf_jit_comp.c | 37 +-
2811 arch/x86/oprofile/backtrace.c | 8 +-
2812 arch/x86/pci/amd_bus.c | 2 +-
2813 arch/x86/pci/mrst.c | 4 +-
2814 arch/x86/pci/pcbios.c | 144 +-
2815 arch/x86/platform/efi/efi_32.c | 19 +
2816 arch/x86/platform/efi/efi_stub_32.S | 64 +-
2817 arch/x86/platform/efi/efi_stub_64.S | 8 +
2818 arch/x86/platform/mrst/mrst.c | 6 +-
2819 arch/x86/platform/olpc/olpc_dt.c | 2 +-
2820 arch/x86/power/cpu.c | 4 +-
2821 arch/x86/realmode/init.c | 8 +-
2822 arch/x86/realmode/rm/Makefile | 3 +
2823 arch/x86/realmode/rm/header.S | 4 +-
2824 arch/x86/realmode/rm/trampoline_32.S | 12 +-
2825 arch/x86/realmode/rm/trampoline_64.S | 2 +-
2826 arch/x86/tools/relocs.c | 95 +-
2827 arch/x86/vdso/Makefile | 2 +-
2828 arch/x86/vdso/vdso32-setup.c | 23 +-
2829 arch/x86/vdso/vma.c | 29 +-
2830 arch/x86/xen/enlighten.c | 47 +-
2831 arch/x86/xen/mmu.c | 9 +
2832 arch/x86/xen/smp.c | 18 +-
2833 arch/x86/xen/xen-asm_32.S | 12 +-
2834 arch/x86/xen/xen-head.S | 11 +
2835 arch/x86/xen/xen-ops.h | 2 -
2836 block/blk-iopoll.c | 4 +-
2837 block/blk-map.c | 2 +-
2838 block/blk-softirq.c | 4 +-
2839 block/bsg.c | 12 +-
2840 block/compat_ioctl.c | 2 +-
2841 block/partitions/efi.c | 8 +-
2842 block/scsi_ioctl.c | 27 +-
2843 crypto/cryptd.c | 4 +-
2844 drivers/acpi/apei/cper.c | 8 +-
2845 drivers/acpi/ec_sys.c | 12 +-
2846 drivers/acpi/processor_driver.c | 2 +-
2847 drivers/ata/libata-core.c | 8 +-
2848 drivers/ata/pata_arasan_cf.c | 4 +-
2849 drivers/atm/adummy.c | 2 +-
2850 drivers/atm/ambassador.c | 8 +-
2851 drivers/atm/atmtcp.c | 14 +-
2852 drivers/atm/eni.c | 10 +-
2853 drivers/atm/firestream.c | 8 +-
2854 drivers/atm/fore200e.c | 14 +-
2855 drivers/atm/he.c | 18 +-
2856 drivers/atm/horizon.c | 4 +-
2857 drivers/atm/idt77252.c | 36 +-
2858 drivers/atm/iphase.c | 34 +-
2859 drivers/atm/lanai.c | 12 +-
2860 drivers/atm/nicstar.c | 46 +-
2861 drivers/atm/solos-pci.c | 4 +-
2862 drivers/atm/suni.c | 4 +-
2863 drivers/atm/uPD98402.c | 16 +-
2864 drivers/atm/zatm.c | 6 +-
2865 drivers/base/devtmpfs.c | 2 +-
2866 drivers/base/power/wakeup.c | 8 +-
2867 drivers/block/cciss.c | 28 +-
2868 drivers/block/cciss.h | 2 +-
2869 drivers/block/cpqarray.c | 28 +-
2870 drivers/block/cpqarray.h | 2 +-
2871 drivers/block/drbd/drbd_int.h | 6 +-
2872 drivers/block/drbd/drbd_main.c | 8 +-
2873 drivers/block/drbd/drbd_receiver.c | 18 +-
2874 drivers/block/loop.c | 2 +-
2875 drivers/cdrom/cdrom.c | 9 +-
2876 drivers/cdrom/gdrom.c | 1 -
2877 drivers/char/agp/frontend.c | 2 +-
2878 drivers/char/hpet.c | 2 +-
2879 drivers/char/ipmi/ipmi_msghandler.c | 8 +-
2880 drivers/char/ipmi/ipmi_si_intf.c | 8 +-
2881 drivers/char/mem.c | 41 +-
2882 drivers/char/nvram.c | 2 +-
2883 drivers/char/pcmcia/synclink_cs.c | 18 +-
2884 drivers/char/random.c | 8 +-
2885 drivers/char/sonypi.c | 9 +-
2886 drivers/char/tpm/tpm.c | 2 +-
2887 drivers/char/tpm/tpm_acpi.c | 3 +-
2888 drivers/char/tpm/tpm_eventlog.c | 7 +-
2889 drivers/char/virtio_console.c | 4 +-
2890 drivers/clocksource/arm_generic.c | 2 +-
2891 drivers/cpufreq/cpufreq.c | 2 +-
2892 drivers/cpufreq/cpufreq_stats.c | 2 +-
2893 drivers/dma/sh/shdma.c | 2 +-
2894 drivers/edac/edac_pci_sysfs.c | 20 +-
2895 drivers/edac/mce_amd.h | 2 +-
2896 drivers/firewire/core-card.c | 2 +-
2897 drivers/firewire/core-cdev.c | 3 +-
2898 drivers/firewire/core-transaction.c | 1 +
2899 drivers/firewire/core.h | 1 +
2900 drivers/firmware/dmi_scan.c | 7 +-
2901 drivers/firmware/efivars.c | 2 +-
2902 drivers/gpio/gpio-vr41xx.c | 2 +-
2903 drivers/gpu/drm/drm_crtc_helper.c | 2 +-
2904 drivers/gpu/drm/drm_drv.c | 4 +-
2905 drivers/gpu/drm/drm_fops.c | 18 +-
2906 drivers/gpu/drm/drm_global.c | 14 +-
2907 drivers/gpu/drm/drm_info.c | 14 +-
2908 drivers/gpu/drm/drm_ioc32.c | 4 +-
2909 drivers/gpu/drm/drm_ioctl.c | 2 +-
2910 drivers/gpu/drm/drm_lock.c | 4 +-
2911 drivers/gpu/drm/drm_stub.c | 2 +-
2912 drivers/gpu/drm/i810/i810_dma.c | 8 +-
2913 drivers/gpu/drm/i810/i810_drv.h | 4 +-
2914 drivers/gpu/drm/i915/i915_debugfs.c | 2 +-
2915 drivers/gpu/drm/i915/i915_dma.c | 2 +-
2916 drivers/gpu/drm/i915/i915_drv.h | 6 +-
2917 drivers/gpu/drm/i915/i915_gem_execbuffer.c | 6 +-
2918 drivers/gpu/drm/i915/i915_irq.c | 22 +-
2919 drivers/gpu/drm/i915/intel_display.c | 9 +-
2920 drivers/gpu/drm/mga/mga_drv.h | 4 +-
2921 drivers/gpu/drm/mga/mga_irq.c | 8 +-
2922 drivers/gpu/drm/nouveau/nouveau_bios.c | 2 +-
2923 drivers/gpu/drm/nouveau/nouveau_drm.h | 2 +-
2924 drivers/gpu/drm/nouveau/nouveau_fence.h | 2 +-
2925 drivers/gpu/drm/nouveau/nouveau_gem.c | 2 +-
2926 drivers/gpu/drm/nouveau/nouveau_vga.c | 2 +-
2927 drivers/gpu/drm/r128/r128_cce.c | 2 +-
2928 drivers/gpu/drm/r128/r128_drv.h | 4 +-
2929 drivers/gpu/drm/r128/r128_irq.c | 4 +-
2930 drivers/gpu/drm/r128/r128_state.c | 4 +-
2931 drivers/gpu/drm/radeon/mkregtable.c | 4 +-
2932 drivers/gpu/drm/radeon/radeon_device.c | 2 +-
2933 drivers/gpu/drm/radeon/radeon_drv.h | 2 +-
2934 drivers/gpu/drm/radeon/radeon_ioc32.c | 2 +-
2935 drivers/gpu/drm/radeon/radeon_irq.c | 6 +-
2936 drivers/gpu/drm/radeon/radeon_state.c | 4 +-
2937 drivers/gpu/drm/radeon/radeon_ttm.c | 4 +-
2938 drivers/gpu/drm/radeon/rs690.c | 4 +-
2939 drivers/gpu/drm/ttm/ttm_page_alloc.c | 4 +-
2940 drivers/gpu/drm/via/via_drv.h | 4 +-
2941 drivers/gpu/drm/via/via_irq.c | 18 +-
2942 drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 2 +-
2943 drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c | 8 +-
2944 drivers/gpu/drm/vmwgfx/vmwgfx_irq.c | 4 +-
2945 drivers/gpu/drm/vmwgfx/vmwgfx_marker.c | 2 +-
2946 drivers/hid/hid-core.c | 4 +-
2947 drivers/hv/channel.c | 4 +-
2948 drivers/hv/hv.c | 2 +-
2949 drivers/hv/hyperv_vmbus.h | 2 +-
2950 drivers/hv/vmbus_drv.c | 4 +-
2951 drivers/hwmon/coretemp.c | 2 +-
2952 drivers/hwmon/sht15.c | 12 +-
2953 drivers/hwmon/via-cputemp.c | 2 +-
2954 drivers/i2c/busses/i2c-amd756-s4882.c | 2 +-
2955 drivers/i2c/busses/i2c-nforce2-s4985.c | 2 +-
2956 drivers/ide/ide-cd.c | 2 +-
2957 drivers/infiniband/core/cm.c | 32 +-
2958 drivers/infiniband/core/fmr_pool.c | 20 +-
2959 drivers/infiniband/hw/cxgb4/mem.c | 4 +-
2960 drivers/infiniband/hw/ipath/ipath_rc.c | 6 +-
2961 drivers/infiniband/hw/ipath/ipath_ruc.c | 6 +-
2962 drivers/infiniband/hw/nes/nes.c | 4 +-
2963 drivers/infiniband/hw/nes/nes.h | 40 +-
2964 drivers/infiniband/hw/nes/nes_cm.c | 62 +-
2965 drivers/infiniband/hw/nes/nes_mgt.c | 8 +-
2966 drivers/infiniband/hw/nes/nes_nic.c | 40 +-
2967 drivers/infiniband/hw/nes/nes_verbs.c | 10 +-
2968 drivers/infiniband/hw/qib/qib.h | 1 +
2969 drivers/input/gameport/gameport.c | 4 +-
2970 drivers/input/input.c | 4 +-
2971 drivers/input/joystick/sidewinder.c | 1 +
2972 drivers/input/joystick/xpad.c | 4 +-
2973 drivers/input/mousedev.c | 2 +-
2974 drivers/input/serio/serio.c | 4 +-
2975 drivers/isdn/capi/capi.c | 10 +-
2976 drivers/isdn/gigaset/interface.c | 8 +-
2977 drivers/isdn/hardware/avm/b1.c | 4 +-
2978 drivers/isdn/i4l/isdn_tty.c | 22 +-
2979 drivers/isdn/icn/icn.c | 2 +-
2980 drivers/lguest/core.c | 10 +-
2981 drivers/lguest/x86/core.c | 12 +-
2982 drivers/lguest/x86/switcher_32.S | 27 +-
2983 drivers/md/bitmap.c | 2 +-
2984 drivers/md/dm-ioctl.c | 2 +-
2985 drivers/md/dm-raid1.c | 16 +-
2986 drivers/md/dm-stripe.c | 10 +-
2987 drivers/md/dm-table.c | 2 +-
2988 drivers/md/dm-thin-metadata.c | 4 +-
2989 drivers/md/dm.c | 16 +-
2990 drivers/md/md.c | 26 +-
2991 drivers/md/md.h | 6 +-
2992 drivers/md/persistent-data/dm-space-map.h | 1 +
2993 drivers/md/raid1.c | 4 +-
2994 drivers/md/raid10.c | 16 +-
2995 drivers/md/raid5.c | 10 +-
2996 drivers/media/dvb-core/dvbdev.c | 2 +-
2997 drivers/media/dvb-frontends/dib3000.h | 2 +-
2998 drivers/media/platform/omap/omap_vout.c | 11 +-
2999 drivers/media/platform/s5p-tv/mixer.h | 2 +-
3000 drivers/media/platform/s5p-tv/mixer_grp_layer.c | 2 +-
3001 drivers/media/platform/s5p-tv/mixer_reg.c | 2 +-
3002 drivers/media/platform/s5p-tv/mixer_video.c | 24 +-
3003 drivers/media/platform/s5p-tv/mixer_vp_layer.c | 2 +-
3004 drivers/media/radio/radio-cadet.c | 2 +
3005 drivers/media/usb/dvb-usb/cxusb.c | 2 +-
3006 drivers/media/usb/dvb-usb/dw2102.c | 2 +-
3007 drivers/message/fusion/mptsas.c | 34 +-
3008 drivers/message/fusion/mptscsih.c | 19 +-
3009 drivers/message/i2o/i2o_proc.c | 51 +-
3010 drivers/message/i2o/iop.c | 8 +-
3011 drivers/mfd/janz-cmodio.c | 1 +
3012 drivers/misc/kgdbts.c | 4 +-
3013 drivers/misc/lis3lv02d/lis3lv02d.c | 8 +-
3014 drivers/misc/lis3lv02d/lis3lv02d.h | 2 +-
3015 drivers/misc/sgi-gru/gruhandles.c | 4 +-
3016 drivers/misc/sgi-gru/gruprocfs.c | 8 +-
3017 drivers/misc/sgi-gru/grutables.h | 154 +-
3018 drivers/misc/sgi-xp/xp.h | 2 +-
3019 drivers/misc/sgi-xp/xpc.h | 3 +-
3020 drivers/misc/sgi-xp/xpc_main.c | 4 +-
3021 drivers/mmc/core/mmc_ops.c | 2 +-
3022 drivers/mmc/host/dw_mmc.h | 2 +-
3023 drivers/mmc/host/sdhci-s3c.c | 8 +-
3024 drivers/mtd/devices/doc2000.c | 2 +-
3025 drivers/mtd/nand/denali.c | 1 +
3026 drivers/mtd/nftlmount.c | 1 +
3027 drivers/net/ethernet/8390/ax88796.c | 4 +-
3028 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h | 2 +-
3029 drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c | 11 +-
3030 drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h | 3 +-
3031 drivers/net/ethernet/broadcom/tg3.h | 1 +
3032 drivers/net/ethernet/chelsio/cxgb3/l2t.h | 2 +-
3033 drivers/net/ethernet/dec/tulip/de4x5.c | 4 +-
3034 drivers/net/ethernet/emulex/benet/be_main.c | 2 +-
3035 drivers/net/ethernet/faraday/ftgmac100.c | 2 +
3036 drivers/net/ethernet/faraday/ftmac100.c | 2 +
3037 drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c | 2 +-
3038 drivers/net/ethernet/neterion/vxge/vxge-config.c | 7 +-
3039 drivers/net/ethernet/realtek/r8169.c | 8 +-
3040 drivers/net/ethernet/sfc/ptp.c | 2 +-
3041 drivers/net/ethernet/stmicro/stmmac/mmc_core.c | 4 +-
3042 drivers/net/hyperv/hyperv_net.h | 2 +-
3043 drivers/net/hyperv/rndis_filter.c | 4 +-
3044 drivers/net/ieee802154/fakehard.c | 2 +-
3045 drivers/net/macvlan.c | 2 +-
3046 drivers/net/macvtap.c | 2 +-
3047 drivers/net/ppp/ppp_generic.c | 4 +-
3048 drivers/net/team/team.c | 2 +-
3049 drivers/net/tun.c | 5 +-
3050 drivers/net/usb/hso.c | 23 +-
3051 drivers/net/wireless/ath/ath9k/ar9002_mac.c | 30 +-
3052 drivers/net/wireless/ath/ath9k/ar9003_mac.c | 58 +-
3053 drivers/net/wireless/ath/ath9k/hw.h | 4 +-
3054 drivers/net/wireless/iwlegacy/3945-mac.c | 4 +-
3055 drivers/net/wireless/iwlwifi/dvm/debugfs.c | 26 +-
3056 drivers/net/wireless/iwlwifi/pcie/trans.c | 4 +-
3057 drivers/net/wireless/mac80211_hwsim.c | 32 +-
3058 drivers/net/wireless/rndis_wlan.c | 2 +-
3059 drivers/net/wireless/rt2x00/rt2x00.h | 2 +-
3060 drivers/net/wireless/rt2x00/rt2x00queue.c | 4 +-
3061 drivers/net/wireless/ti/wl1251/sdio.c | 12 +-
3062 drivers/net/wireless/ti/wl12xx/main.c | 8 +-
3063 drivers/net/wireless/ti/wl18xx/main.c | 6 +-
3064 drivers/oprofile/buffer_sync.c | 8 +-
3065 drivers/oprofile/event_buffer.c | 2 +-
3066 drivers/oprofile/oprof.c | 2 +-
3067 drivers/oprofile/oprofile_stats.c | 10 +-
3068 drivers/oprofile/oprofile_stats.h | 10 +-
3069 drivers/oprofile/oprofilefs.c | 2 +-
3070 drivers/oprofile/timer_int.c | 2 +-
3071 drivers/parport/procfs.c | 4 +-
3072 drivers/pci/hotplug/cpcihp_generic.c | 6 +-
3073 drivers/pci/hotplug/cpcihp_zt5550.c | 14 +-
3074 drivers/pci/hotplug/cpqphp_nvram.c | 4 +
3075 drivers/pci/pcie/aspm.c | 6 +-
3076 drivers/pci/probe.c | 2 +-
3077 drivers/platform/x86/thinkpad_acpi.c | 70 +-
3078 drivers/pnp/pnpbios/bioscalls.c | 14 +-
3079 drivers/pnp/resource.c | 4 +-
3080 drivers/power/pda_power.c | 7 +-
3081 drivers/regulator/max8660.c | 6 +-
3082 drivers/regulator/max8973-regulator.c | 8 +-
3083 drivers/regulator/mc13892-regulator.c | 6 +-
3084 drivers/scsi/bfa/bfa.h | 2 +-
3085 drivers/scsi/bfa/bfa_fcpim.h | 2 +-
3086 drivers/scsi/bfa/bfa_ioc.h | 4 +-
3087 drivers/scsi/hosts.c | 4 +-
3088 drivers/scsi/hpsa.c | 30 +-
3089 drivers/scsi/hpsa.h | 2 +-
3090 drivers/scsi/libfc/fc_exch.c | 50 +-
3091 drivers/scsi/libsas/sas_ata.c | 2 +-
3092 drivers/scsi/lpfc/lpfc.h | 8 +-
3093 drivers/scsi/lpfc/lpfc_debugfs.c | 18 +-
3094 drivers/scsi/lpfc/lpfc_init.c | 6 +-
3095 drivers/scsi/lpfc/lpfc_scsi.c | 16 +-
3096 drivers/scsi/pmcraid.c | 20 +-
3097 drivers/scsi/pmcraid.h | 8 +-
3098 drivers/scsi/qla2xxx/qla_attr.c | 4 +-
3099 drivers/scsi/qla2xxx/qla_gbl.h | 4 +-
3100 drivers/scsi/qla2xxx/qla_os.c | 6 +-
3101 drivers/scsi/qla4xxx/ql4_def.h | 2 +-
3102 drivers/scsi/qla4xxx/ql4_os.c | 6 +-
3103 drivers/scsi/scsi.c | 2 +-
3104 drivers/scsi/scsi_lib.c | 6 +-
3105 drivers/scsi/scsi_sysfs.c | 2 +-
3106 drivers/scsi/scsi_tgt_lib.c | 2 +-
3107 drivers/scsi/scsi_transport_fc.c | 8 +-
3108 drivers/scsi/scsi_transport_iscsi.c | 6 +-
3109 drivers/scsi/scsi_transport_srp.c | 6 +-
3110 drivers/scsi/sd.c | 2 +-
3111 drivers/scsi/sg.c | 2 +-
3112 drivers/spi/spi.c | 2 +-
3113 drivers/staging/octeon/ethernet-rx.c | 12 +-
3114 drivers/staging/octeon/ethernet.c | 8 +-
3115 drivers/staging/ramster/tmem.c | 54 +-
3116 drivers/staging/rtl8712/rtl871x_io.h | 2 +-
3117 drivers/staging/sbe-2t3e3/netdev.c | 2 +-
3118 drivers/staging/usbip/vhci.h | 2 +-
3119 drivers/staging/usbip/vhci_hcd.c | 6 +-
3120 drivers/staging/usbip/vhci_rx.c | 2 +-
3121 drivers/staging/vt6655/hostap.c | 7 +-
3122 drivers/staging/vt6656/hostap.c | 7 +-
3123 drivers/staging/zcache/tmem.c | 4 +-
3124 drivers/staging/zcache/tmem.h | 2 +
3125 drivers/target/target_core_device.c | 2 +-
3126 drivers/target/target_core_transport.c | 2 +-
3127 drivers/tty/cyclades.c | 6 +-
3128 drivers/tty/hvc/hvc_console.c | 14 +-
3129 drivers/tty/hvc/hvcs.c | 21 +-
3130 drivers/tty/ipwireless/tty.c | 27 +-
3131 drivers/tty/moxa.c | 2 +-
3132 drivers/tty/n_gsm.c | 4 +-
3133 drivers/tty/n_tty.c | 3 +-
3134 drivers/tty/pty.c | 4 +-
3135 drivers/tty/rocket.c | 6 +-
3136 drivers/tty/serial/kgdboc.c | 32 +-
3137 drivers/tty/serial/samsung.c | 9 +-
3138 drivers/tty/serial/serial_core.c | 8 +-
3139 drivers/tty/synclink.c | 34 +-
3140 drivers/tty/synclink_gt.c | 28 +-
3141 drivers/tty/synclinkmp.c | 34 +-
3142 drivers/tty/tty_io.c | 2 +-
3143 drivers/tty/tty_ldisc.c | 10 +-
3144 drivers/tty/tty_port.c | 22 +-
3145 drivers/uio/uio.c | 21 +-
3146 drivers/usb/atm/cxacru.c | 2 +-
3147 drivers/usb/atm/usbatm.c | 24 +-
3148 drivers/usb/core/devices.c | 6 +-
3149 drivers/usb/core/hcd.c | 4 +-
3150 drivers/usb/core/sysfs.c | 2 +-
3151 drivers/usb/core/usb.c | 2 +-
3152 drivers/usb/early/ehci-dbgp.c | 16 +-
3153 drivers/usb/gadget/u_serial.c | 22 +-
3154 drivers/usb/serial/console.c | 6 +-
3155 drivers/usb/wusbcore/wa-hc.h | 4 +-
3156 drivers/usb/wusbcore/wa-xfer.c | 2 +-
3157 drivers/video/aty/aty128fb.c | 2 +-
3158 drivers/video/fbcmap.c | 3 +-
3159 drivers/video/fbmem.c | 6 +-
3160 drivers/video/i810/i810_accel.c | 1 +
3161 drivers/video/udlfb.c | 32 +-
3162 drivers/video/uvesafb.c | 39 +-
3163 drivers/video/vesafb.c | 51 +-
3164 drivers/video/via/via_clock.h | 2 +-
3165 fs/9p/vfs_inode.c | 2 +-
3166 fs/Kconfig.binfmt | 2 +-
3167 fs/aio.c | 11 +-
3168 fs/autofs4/waitq.c | 2 +-
3169 fs/befs/linuxvfs.c | 2 +-
3170 fs/binfmt_aout.c | 23 +-
3171 fs/binfmt_elf.c | 604 ++++-
3172 fs/binfmt_flat.c | 6 +
3173 fs/bio.c | 6 +-
3174 fs/block_dev.c | 2 +-
3175 fs/btrfs/ctree.c | 9 +-
3176 fs/btrfs/relocation.c | 2 +-
3177 fs/btrfs/super.c | 2 +-
3178 fs/cachefiles/bind.c | 6 +-
3179 fs/cachefiles/daemon.c | 8 +-
3180 fs/cachefiles/internal.h | 12 +-
3181 fs/cachefiles/namei.c | 2 +-
3182 fs/cachefiles/proc.c | 12 +-
3183 fs/cachefiles/rdwr.c | 2 +-
3184 fs/ceph/dir.c | 2 +-
3185 fs/cifs/cifs_debug.c | 12 +-
3186 fs/cifs/cifsfs.c | 8 +-
3187 fs/cifs/cifsglob.h | 54 +-
3188 fs/cifs/link.c | 2 +-
3189 fs/cifs/misc.c | 4 +-
3190 fs/cifs/smb1ops.c | 80 +-
3191 fs/cifs/smb2ops.c | 84 +-
3192 fs/cifs/smb2pdu.c | 3 +-
3193 fs/coda/cache.c | 10 +-
3194 fs/compat.c | 6 +-
3195 fs/compat_binfmt_elf.c | 2 +
3196 fs/compat_ioctl.c | 8 +-
3197 fs/configfs/dir.c | 10 +-
3198 fs/coredump.c | 24 +-
3199 fs/dcache.c | 2 +-
3200 fs/ecryptfs/inode.c | 4 +-
3201 fs/ecryptfs/miscdev.c | 2 +-
3202 fs/ecryptfs/read_write.c | 4 +-
3203 fs/exec.c | 356 ++-
3204 fs/ext4/ext4.h | 20 +-
3205 fs/ext4/mballoc.c | 44 +-
3206 fs/fhandle.c | 3 +-
3207 fs/fifo.c | 22 +-
3208 fs/fs_struct.c | 8 +-
3209 fs/fscache/cookie.c | 36 +-
3210 fs/fscache/internal.h | 196 +-
3211 fs/fscache/object.c | 28 +-
3212 fs/fscache/operation.c | 30 +-
3213 fs/fscache/page.c | 110 +-
3214 fs/fscache/stats.c | 344 +-
3215 fs/fuse/cuse.c | 10 +-
3216 fs/fuse/dev.c | 2 +-
3217 fs/fuse/dir.c | 2 +-
3218 fs/gfs2/inode.c | 2 +-
3219 fs/hugetlbfs/inode.c | 13 +-
3220 fs/inode.c | 4 +-
3221 fs/jffs2/erase.c | 3 +-
3222 fs/jffs2/wbuf.c | 3 +-
3223 fs/jfs/super.c | 2 +-
3224 fs/libfs.c | 10 +-
3225 fs/lockd/clntproc.c | 4 +-
3226 fs/locks.c | 8 +-
3227 fs/namei.c | 15 +-
3228 fs/namespace.c | 2 +-
3229 fs/nfs/inode.c | 6 +-
3230 fs/nfsd/vfs.c | 6 +-
3231 fs/notify/fanotify/fanotify_user.c | 4 +-
3232 fs/notify/notification.c | 4 +-
3233 fs/ntfs/dir.c | 2 +-
3234 fs/ntfs/file.c | 4 +-
3235 fs/ocfs2/localalloc.c | 2 +-
3236 fs/ocfs2/ocfs2.h | 10 +-
3237 fs/ocfs2/suballoc.c | 12 +-
3238 fs/ocfs2/super.c | 20 +-
3239 fs/pipe.c | 33 +-
3240 fs/proc/array.c | 20 +
3241 fs/proc/kcore.c | 32 +-
3242 fs/proc/meminfo.c | 2 +-
3243 fs/proc/nommu.c | 2 +-
3244 fs/proc/self.c | 2 +-
3245 fs/proc/task_mmu.c | 39 +-
3246 fs/proc/task_nommu.c | 4 +-
3247 fs/quota/netlink.c | 4 +-
3248 fs/readdir.c | 2 +-
3249 fs/reiserfs/do_balan.c | 2 +-
3250 fs/reiserfs/procfs.c | 2 +-
3251 fs/reiserfs/reiserfs.h | 4 +-
3252 fs/seq_file.c | 2 +-
3253 fs/splice.c | 36 +-
3254 fs/sysfs/file.c | 10 +-
3255 fs/sysfs/symlink.c | 2 +-
3256 fs/udf/misc.c | 2 +-
3257 fs/xattr_acl.c | 4 +-
3258 fs/xfs/xfs_bmap.c | 2 +-
3259 fs/xfs/xfs_dir2_sf.c | 10 +-
3260 fs/xfs/xfs_ioctl.c | 2 +-
3261 fs/xfs/xfs_iops.c | 2 +-
3262 include/asm-generic/4level-fixup.h | 2 +
3263 include/asm-generic/atomic-long.h | 210 ++
3264 include/asm-generic/atomic.h | 2 +-
3265 include/asm-generic/atomic64.h | 12 +
3266 include/asm-generic/cache.h | 4 +-
3267 include/asm-generic/emergency-restart.h | 2 +-
3268 include/asm-generic/kmap_types.h | 4 +-
3269 include/asm-generic/local.h | 13 +
3270 include/asm-generic/pgtable-nopmd.h | 18 +-
3271 include/asm-generic/pgtable-nopud.h | 15 +-
3272 include/asm-generic/pgtable.h | 8 +
3273 include/asm-generic/vmlinux.lds.h | 10 +-
3274 include/crypto/algapi.h | 2 +-
3275 include/drm/drmP.h | 5 +-
3276 include/drm/drm_crtc_helper.h | 2 +-
3277 include/drm/ttm/ttm_memory.h | 2 +-
3278 include/linux/atmdev.h | 2 +-
3279 include/linux/binfmts.h | 1 +
3280 include/linux/blkdev.h | 2 +-
3281 include/linux/blktrace_api.h | 2 +-
3282 include/linux/cache.h | 4 +
3283 include/linux/cdrom.h | 1 -
3284 include/linux/cleancache.h | 2 +-
3285 include/linux/compiler-gcc4.h | 20 +
3286 include/linux/compiler.h | 72 +-
3287 include/linux/cpu.h | 2 +-
3288 include/linux/crypto.h | 6 +-
3289 include/linux/decompress/mm.h | 2 +-
3290 include/linux/dma-mapping.h | 2 +-
3291 include/linux/dmaengine.h | 4 +-
3292 include/linux/efi.h | 1 +
3293 include/linux/elf.h | 2 +
3294 include/linux/filter.h | 4 +
3295 include/linux/frontswap.h | 2 +-
3296 include/linux/fs.h | 3 +-
3297 include/linux/fs_struct.h | 2 +-
3298 include/linux/fscache-cache.h | 4 +-
3299 include/linux/fsnotify.h | 2 +-
3300 include/linux/ftrace_event.h | 2 +-
3301 include/linux/genhd.h | 2 +-
3302 include/linux/gfp.h | 12 +-
3303 include/linux/highmem.h | 12 +
3304 include/linux/i2c.h | 1 +
3305 include/linux/i2o.h | 2 +-
3306 include/linux/if_pppox.h | 2 +-
3307 include/linux/init.h | 33 +-
3308 include/linux/init_task.h | 7 +
3309 include/linux/interrupt.h | 8 +-
3310 include/linux/kgdb.h | 6 +-
3311 include/linux/kobject.h | 2 +-
3312 include/linux/kref.h | 2 +-
3313 include/linux/kvm_host.h | 4 +-
3314 include/linux/libata.h | 2 +-
3315 include/linux/list.h | 3 +
3316 include/linux/mm.h | 91 +-
3317 include/linux/mm_types.h | 22 +-
3318 include/linux/mmiotrace.h | 4 +-
3319 include/linux/mmzone.h | 2 +-
3320 include/linux/mod_devicetable.h | 4 +-
3321 include/linux/module.h | 55 +-
3322 include/linux/moduleloader.h | 18 +-
3323 include/linux/moduleparam.h | 4 +-
3324 include/linux/namei.h | 6 +-
3325 include/linux/netdevice.h | 3 +-
3326 include/linux/netfilter/ipset/ip_set.h | 2 +-
3327 include/linux/netfilter/nfnetlink.h | 2 +-
3328 include/linux/notifier.h | 3 +-
3329 include/linux/oprofile.h | 4 +-
3330 include/linux/perf_event.h | 10 +-
3331 include/linux/pipe_fs_i.h | 6 +-
3332 include/linux/platform_data/usb-ehci-s5p.h | 2 +-
3333 include/linux/pm_runtime.h | 2 +-
3334 include/linux/poison.h | 4 +-
3335 include/linux/power/smartreflex.h | 2 +-
3336 include/linux/random.h | 5 +
3337 include/linux/reboot.h | 14 +-
3338 include/linux/regset.h | 3 +-
3339 include/linux/relay.h | 2 +-
3340 include/linux/rio.h | 2 +-
3341 include/linux/rmap.h | 4 +-
3342 include/linux/sched.h | 64 +-
3343 include/linux/seq_file.h | 1 +
3344 include/linux/skbuff.h | 12 +-
3345 include/linux/slab.h | 36 +-
3346 include/linux/slab_def.h | 33 +-
3347 include/linux/slob_def.h | 4 +-
3348 include/linux/slub_def.h | 10 +-
3349 include/linux/sonet.h | 2 +-
3350 include/linux/sunrpc/clnt.h | 8 +-
3351 include/linux/sunrpc/svc_rdma.h | 18 +-
3352 include/linux/sysrq.h | 2 +-
3353 include/linux/thread_info.h | 7 +
3354 include/linux/tty.h | 4 +-
3355 include/linux/tty_driver.h | 2 +-
3356 include/linux/tty_ldisc.h | 2 +-
3357 include/linux/types.h | 16 +
3358 include/linux/uaccess.h | 6 +-
3359 include/linux/unaligned/access_ok.h | 12 +-
3360 include/linux/usb.h | 2 +-
3361 include/linux/usb/renesas_usbhs.h | 2 +-
3362 include/linux/vermagic.h | 21 +-
3363 include/linux/vmalloc.h | 11 +-
3364 include/linux/vmstat.h | 20 +-
3365 include/media/v4l2-dev.h | 2 +-
3366 include/media/v4l2-ioctl.h | 1 -
3367 include/net/caif/cfctrl.h | 6 +-
3368 include/net/flow.h | 2 +-
3369 include/net/gro_cells.h | 6 +-
3370 include/net/inet_connection_sock.h | 2 +-
3371 include/net/inetpeer.h | 8 +-
3372 include/net/ip_fib.h | 2 +-
3373 include/net/ip_vs.h | 4 +-
3374 include/net/irda/ircomm_tty.h | 1 +
3375 include/net/iucv/af_iucv.h | 2 +-
3376 include/net/neighbour.h | 2 +-
3377 include/net/net_namespace.h | 6 +-
3378 include/net/netdma.h | 2 +-
3379 include/net/netlink.h | 2 +-
3380 include/net/netns/ipv4.h | 2 +-
3381 include/net/protocol.h | 4 +-
3382 include/net/sctp/sctp.h | 6 +-
3383 include/net/sctp/structs.h | 4 +-
3384 include/net/sock.h | 6 +-
3385 include/net/tcp.h | 8 +-
3386 include/net/xfrm.h | 4 +-
3387 include/rdma/iw_cm.h | 2 +-
3388 include/scsi/libfc.h | 3 +-
3389 include/scsi/scsi_device.h | 6 +-
3390 include/scsi/scsi_transport_fc.h | 3 +-
3391 include/sound/soc.h | 4 +-
3392 include/target/target_core_base.h | 2 +-
3393 include/trace/events/irq.h | 4 +-
3394 include/uapi/linux/a.out.h | 8 +
3395 include/uapi/linux/byteorder/little_endian.h | 24 +-
3396 include/uapi/linux/elf.h | 28 +
3397 include/uapi/linux/screen_info.h | 3 +-
3398 include/uapi/linux/sysctl.h | 6 +-
3399 include/uapi/linux/xattr.h | 4 +
3400 include/video/udlfb.h | 8 +-
3401 include/video/uvesafb.h | 1 +
3402 init/Kconfig | 2 +-
3403 init/Makefile | 3 +
3404 init/do_mounts.c | 14 +-
3405 init/do_mounts.h | 8 +-
3406 init/do_mounts_initrd.c | 22 +-
3407 init/do_mounts_md.c | 6 +-
3408 init/init_task.c | 4 +
3409 init/initramfs.c | 40 +-
3410 init/main.c | 78 +-
3411 ipc/msg.c | 11 +-
3412 ipc/sem.c | 11 +-
3413 ipc/shm.c | 17 +-
3414 kernel/acct.c | 2 +-
3415 kernel/audit.c | 8 +-
3416 kernel/auditsc.c | 4 +-
3417 kernel/capability.c | 3 +
3418 kernel/compat.c | 40 +-
3419 kernel/debug/debug_core.c | 16 +-
3420 kernel/debug/kdb/kdb_main.c | 4 +-
3421 kernel/events/core.c | 28 +-
3422 kernel/exit.c | 4 +-
3423 kernel/fork.c | 167 +-
3424 kernel/futex.c | 9 +
3425 kernel/gcov/base.c | 7 +-
3426 kernel/hrtimer.c | 4 +-
3427 kernel/jump_label.c | 5 +
3428 kernel/kallsyms.c | 39 +-
3429 kernel/kexec.c | 3 +-
3430 kernel/kmod.c | 2 +-
3431 kernel/kprobes.c | 8 +-
3432 kernel/lockdep.c | 7 +-
3433 kernel/module.c | 333 ++-
3434 kernel/mutex-debug.c | 12 +-
3435 kernel/mutex-debug.h | 4 +-
3436 kernel/mutex.c | 7 +-
3437 kernel/notifier.c | 17 +-
3438 kernel/panic.c | 3 +-
3439 kernel/pid.c | 2 +-
3440 kernel/posix-cpu-timers.c | 4 +-
3441 kernel/posix-timers.c | 20 +-
3442 kernel/power/process.c | 12 +-
3443 kernel/profile.c | 14 +-
3444 kernel/ptrace.c | 6 +-
3445 kernel/rcutiny.c | 4 +-
3446 kernel/rcutiny_plugin.h | 2 +-
3447 kernel/rcutorture.c | 56 +-
3448 kernel/rcutree.c | 72 +-
3449 kernel/rcutree.h | 24 +-
3450 kernel/rcutree_plugin.h | 18 +-
3451 kernel/rcutree_trace.c | 22 +-
3452 kernel/rtmutex-tester.c | 24 +-
3453 kernel/sched/auto_group.c | 4 +-
3454 kernel/sched/core.c | 2 +-
3455 kernel/sched/fair.c | 4 +-
3456 kernel/signal.c | 12 +-
3457 kernel/smp.c | 2 +-
3458 kernel/softirq.c | 16 +-
3459 kernel/srcu.c | 6 +-
3460 kernel/stop_machine.c | 2 +-
3461 kernel/sys.c | 12 +-
3462 kernel/sysctl.c | 37 +-
3463 kernel/sysctl_binary.c | 14 +-
3464 kernel/time/alarmtimer.c | 2 +-
3465 kernel/time/tick-broadcast.c | 2 +-
3466 kernel/time/timer_stats.c | 10 +-
3467 kernel/timer.c | 4 +-
3468 kernel/trace/blktrace.c | 6 +-
3469 kernel/trace/ftrace.c | 20 +-
3470 kernel/trace/ring_buffer.c | 76 +-
3471 kernel/trace/trace.c | 6 +-
3472 kernel/trace/trace_events.c | 25 +-
3473 kernel/trace/trace_mmiotrace.c | 8 +-
3474 kernel/trace/trace_output.c | 12 +-
3475 kernel/trace/trace_stack.c | 2 +-
3476 lib/Makefile | 2 +-
3477 lib/bitmap.c | 8 +-
3478 lib/bug.c | 2 +
3479 lib/debugobjects.c | 2 +-
3480 lib/devres.c | 4 +-
3481 lib/dma-debug.c | 4 +-
3482 lib/inflate.c | 2 +-
3483 lib/ioremap.c | 4 +-
3484 lib/list_debug.c | 89 +-
3485 lib/radix-tree.c | 2 +-
3486 lib/strncpy_from_user.c | 2 +-
3487 lib/strnlen_user.c | 2 +-
3488 lib/vsprintf.c | 12 +-
3489 mm/Kconfig | 6 +-
3490 mm/filemap.c | 2 +-
3491 mm/fremap.c | 5 +
3492 mm/highmem.c | 7 +-
3493 mm/hugetlb.c | 54 +
3494 mm/internal.h | 1 +
3495 mm/maccess.c | 4 +-
3496 mm/madvise.c | 41 +
3497 mm/memory-failure.c | 18 +-
3498 mm/memory.c | 404 ++-
3499 mm/mempolicy.c | 26 +
3500 mm/mlock.c | 16 +-
3501 mm/mmap.c | 573 +++-
3502 mm/mprotect.c | 138 +-
3503 mm/mremap.c | 44 +-
3504 mm/nommu.c | 11 +-
3505 mm/page-writeback.c | 2 +-
3506 mm/page_alloc.c | 14 +-
3507 mm/percpu.c | 2 +-
3508 mm/process_vm_access.c | 14 +-
3509 mm/rmap.c | 38 +-
3510 mm/shmem.c | 19 +-
3511 mm/slab.c | 104 +-
3512 mm/slab.h | 5 +-
3513 mm/slab_common.c | 9 +-
3514 mm/slob.c | 200 +-
3515 mm/slub.c | 98 +-
3516 mm/sparse-vmemmap.c | 4 +-
3517 mm/sparse.c | 2 +-
3518 mm/swap.c | 3 +
3519 mm/swapfile.c | 12 +-
3520 mm/util.c | 6 +
3521 mm/vmalloc.c | 82 +-
3522 mm/vmstat.c | 12 +-
3523 net/8021q/vlan.c | 5 +-
3524 net/9p/trans_fd.c | 2 +-
3525 net/atm/atm_misc.c | 8 +-
3526 net/atm/lec.h | 2 +-
3527 net/atm/proc.c | 6 +-
3528 net/atm/resources.c | 4 +-
3529 net/batman-adv/bat_iv_ogm.c | 8 +-
3530 net/batman-adv/hard-interface.c | 4 +-
3531 net/batman-adv/soft-interface.c | 4 +-
3532 net/batman-adv/types.h | 6 +-
3533 net/batman-adv/unicast.c | 2 +-
3534 net/bluetooth/hci_sock.c | 2 +-
3535 net/bluetooth/l2cap_core.c | 6 +-
3536 net/bluetooth/l2cap_sock.c | 12 +-
3537 net/bluetooth/rfcomm/sock.c | 4 +-
3538 net/bluetooth/rfcomm/tty.c | 10 +-
3539 net/bridge/netfilter/ebtables.c | 6 +-
3540 net/caif/cfctrl.c | 11 +-
3541 net/can/af_can.c | 2 +-
3542 net/can/gw.c | 6 +-
3543 net/compat.c | 34 +-
3544 net/core/datagram.c | 2 +-
3545 net/core/dev.c | 16 +-
3546 net/core/flow.c | 8 +-
3547 net/core/iovec.c | 4 +-
3548 net/core/rtnetlink.c | 2 +-
3549 net/core/scm.c | 8 +-
3550 net/core/sock.c | 24 +-
3551 net/decnet/sysctl_net_decnet.c | 4 +-
3552 net/ipv4/ah4.c | 2 +-
3553 net/ipv4/esp4.c | 2 +-
3554 net/ipv4/fib_frontend.c | 6 +-
3555 net/ipv4/fib_semantics.c | 2 +-
3556 net/ipv4/inetpeer.c | 4 +-
3557 net/ipv4/ip_fragment.c | 2 +-
3558 net/ipv4/ip_sockglue.c | 2 +-
3559 net/ipv4/ipcomp.c | 2 +-
3560 net/ipv4/ipconfig.c | 6 +-
3561 net/ipv4/netfilter/arp_tables.c | 12 +-
3562 net/ipv4/netfilter/ip_tables.c | 12 +-
3563 net/ipv4/ping.c | 2 +-
3564 net/ipv4/raw.c | 14 +-
3565 net/ipv4/route.c | 2 +-
3566 net/ipv4/tcp_input.c | 2 +-
3567 net/ipv4/tcp_probe.c | 2 +-
3568 net/ipv4/udp.c | 10 +-
3569 net/ipv6/addrconf.c | 2 +-
3570 net/ipv6/ip6_gre.c | 2 +-
3571 net/ipv6/ipv6_sockglue.c | 2 +-
3572 net/ipv6/netfilter/ip6_tables.c | 12 +-
3573 net/ipv6/raw.c | 19 +-
3574 net/ipv6/udp.c | 8 +-
3575 net/irda/ircomm/ircomm_tty.c | 18 +-
3576 net/iucv/af_iucv.c | 4 +-
3577 net/iucv/iucv.c | 2 +-
3578 net/key/af_key.c | 4 +-
3579 net/mac80211/cfg.c | 4 +-
3580 net/mac80211/ieee80211_i.h | 3 +-
3581 net/mac80211/iface.c | 14 +-
3582 net/mac80211/main.c | 2 +-
3583 net/mac80211/pm.c | 6 +-
3584 net/mac80211/rate.c | 2 +-
3585 net/mac80211/rc80211_pid_debugfs.c | 2 +-
3586 net/mac80211/util.c | 2 +-
3587 net/netfilter/ipvs/ip_vs_conn.c | 6 +-
3588 net/netfilter/ipvs/ip_vs_core.c | 4 +-
3589 net/netfilter/ipvs/ip_vs_ctl.c | 10 +-
3590 net/netfilter/ipvs/ip_vs_sync.c | 6 +-
3591 net/netfilter/ipvs/ip_vs_xmit.c | 4 +-
3592 net/netfilter/nfnetlink_log.c | 4 +-
3593 net/netfilter/xt_statistic.c | 8 +-
3594 net/netlink/af_netlink.c | 4 +-
3595 net/packet/af_packet.c | 12 +-
3596 net/phonet/pep.c | 6 +-
3597 net/phonet/socket.c | 2 +-
3598 net/rds/cong.c | 6 +-
3599 net/rds/ib.h | 2 +-
3600 net/rds/ib_cm.c | 2 +-
3601 net/rds/ib_recv.c | 4 +-
3602 net/rds/iw.h | 2 +-
3603 net/rds/iw_cm.c | 2 +-
3604 net/rds/iw_recv.c | 4 +-
3605 net/rds/tcp.c | 2 +-
3606 net/rds/tcp_send.c | 2 +-
3607 net/rxrpc/af_rxrpc.c | 2 +-
3608 net/rxrpc/ar-ack.c | 14 +-
3609 net/rxrpc/ar-call.c | 2 +-
3610 net/rxrpc/ar-connection.c | 2 +-
3611 net/rxrpc/ar-connevent.c | 2 +-
3612 net/rxrpc/ar-input.c | 4 +-
3613 net/rxrpc/ar-internal.h | 8 +-
3614 net/rxrpc/ar-local.c | 2 +-
3615 net/rxrpc/ar-output.c | 4 +-
3616 net/rxrpc/ar-peer.c | 2 +-
3617 net/rxrpc/ar-proc.c | 4 +-
3618 net/rxrpc/ar-transport.c | 2 +-
3619 net/rxrpc/rxkad.c | 4 +-
3620 net/sctp/ipv6.c | 2 +-
3621 net/sctp/protocol.c | 8 +-
3622 net/sctp/socket.c | 2 +
3623 net/socket.c | 34 +-
3624 net/sunrpc/sched.c | 4 +-
3625 net/sunrpc/xprtrdma/svc_rdma.c | 38 +-
3626 net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 6 +-
3627 net/sunrpc/xprtrdma/svc_rdma_sendto.c | 2 +-
3628 net/sunrpc/xprtrdma/svc_rdma_transport.c | 10 +-
3629 net/tipc/link.c | 6 +-
3630 net/tipc/msg.c | 2 +-
3631 net/tipc/subscr.c | 2 +-
3632 net/wireless/wext-core.c | 19 +-
3633 net/xfrm/xfrm_policy.c | 16 +-
3634 net/xfrm/xfrm_state.c | 4 +-
3635 scripts/Makefile.build | 2 +-
3636 scripts/Makefile.clean | 3 +-
3637 scripts/Makefile.host | 28 +-
3638 scripts/basic/fixdep.c | 12 +-
3639 scripts/gcc-plugin.sh | 17 +
3640 scripts/link-vmlinux.sh | 2 +-
3641 scripts/mod/file2alias.c | 14 +-
3642 scripts/mod/modpost.c | 25 +-
3643 scripts/mod/modpost.h | 6 +-
3644 scripts/mod/sumversion.c | 2 +-
3645 scripts/pnmtologo.c | 6 +-
3646 security/Kconfig | 654 ++++-
3647 security/integrity/ima/ima.h | 4 +-
3648 security/integrity/ima/ima_api.c | 2 +-
3649 security/integrity/ima/ima_fs.c | 4 +-
3650 security/integrity/ima/ima_queue.c | 2 +-
3651 security/keys/compat.c | 2 +-
3652 security/keys/keyctl.c | 8 +-
3653 security/keys/keyring.c | 6 +-
3654 security/security.c | 9 +-
3655 security/selinux/hooks.c | 2 +-
3656 security/selinux/include/xfrm.h | 2 +-
3657 security/smack/smack_lsm.c | 2 +-
3658 security/tomoyo/tomoyo.c | 2 +-
3659 sound/aoa/codecs/onyx.c | 7 +-
3660 sound/aoa/codecs/onyx.h | 1 +
3661 sound/core/oss/pcm_oss.c | 18 +-
3662 sound/core/pcm_compat.c | 2 +-
3663 sound/core/pcm_native.c | 4 +-
3664 sound/core/seq/seq_device.c | 8 +-
3665 sound/drivers/mts64.c | 14 +-
3666 sound/drivers/opl4/opl4_lib.c | 2 +-
3667 sound/drivers/portman2x4.c | 3 +-
3668 sound/firewire/amdtp.c | 4 +-
3669 sound/firewire/amdtp.h | 2 +-
3670 sound/firewire/isight.c | 10 +-
3671 sound/firewire/scs1x.c | 8 +-
3672 sound/oss/sb_audio.c | 2 +-
3673 sound/oss/swarm_cs4297a.c | 6 +-
3674 sound/pci/ymfpci/ymfpci.h | 2 +-
3675 sound/pci/ymfpci/ymfpci_main.c | 12 +-
3676 tools/gcc/.gitignore | 1 +
3677 tools/gcc/Makefile | 43 +
3678 tools/gcc/checker_plugin.c | 171 +
3679 tools/gcc/colorize_plugin.c | 151 +
3680 tools/gcc/constify_plugin.c | 359 +++
3681 tools/gcc/generate_size_overflow_hash.sh | 94 +
3682 tools/gcc/kallocstat_plugin.c | 170 +
3683 tools/gcc/kernexec_plugin.c | 465 +++
3684 tools/gcc/latent_entropy_plugin.c | 321 ++
3685 tools/gcc/size_overflow_hash.data | 3713 ++++++++++++++++++++++
3686 tools/gcc/size_overflow_plugin.c | 1941 +++++++++++
3687 tools/gcc/stackleak_plugin.c | 327 ++
3688 tools/perf/util/include/asm/alternative-asm.h | 3 +
3689 virt/kvm/kvm_main.c | 32 +-
3690 1311 files changed, 26668 insertions(+), 6394 deletions(-)
3691 commit a00016a11e35e91aec8e2d9b6ec4c6fbb11d6d2b
3692 Merge: 0949bd4 fc53d63
3693 Author: Brad Spengler <spender@grsecurity.net>
3694 Date: Thu Mar 22 19:03:44 2012 -0400
3695
3696 Merge branch 'pax-test' into grsec-test
3697
3698 commit fc53d6338964741b368070ec5c935bc579b8c2a6
3699 Author: Brad Spengler <spender@grsecurity.net>
3700 Date: Thu Mar 22 19:02:45 2012 -0400
3701
3702 Update to pax-linux-3.2.12-test33.patch
3703
3704 commit 0949bd46a6455b308f66ad7c993bfee62412db35
3705 Author: Brad Spengler <spender@grsecurity.net>
3706 Date: Thu Mar 22 16:56:09 2012 -0400
3707
3708 Use current_umask() instead of current->fs->umask
3709
3710 commit 22f6432d0fe733619cfcb523782ed7d80c46d645
3711 Author: Brad Spengler <spender@grsecurity.net>
3712 Date: Wed Mar 21 19:42:42 2012 -0400
3713
3714 compile fix
3715
3716 commit 0cad49d6b8fbb32395da924c1665a1110a9a9eef
3717 Author: Brad Spengler <spender@grsecurity.net>
3718 Date: Wed Mar 21 19:34:56 2012 -0400
3719
3720 Resolve some very tricky hash table manipulations that resulted in an infinite loop in certain
3721 uses of domains with particular hash collisions
3722
3723 commit 47fc52e0a068a29d6cca2f809daf0679cba33c44
3724 Author: Brad Spengler <spender@grsecurity.net>
3725 Date: Tue Mar 20 20:25:49 2012 -0400
3726
3727 zero kernel_role
3728
3729 commit b00953b43c69238d181d21121ef1577c988d5f6b
3730 Author: Brad Spengler <spender@grsecurity.net>
3731 Date: Tue Mar 20 19:29:34 2012 -0400
3732
3733 zero real_root after releasing it
3734
3735 commit 0b3ab73ce5d34a2c3206955cd65eddd6bdfd32a1
3736 Merge: b724f59 273f98e
3737 Author: Brad Spengler <spender@grsecurity.net>
3738 Date: Tue Mar 20 19:11:26 2012 -0400
3739
3740 Merge branch 'pax-test' into grsec-test
3741
3742 commit 273f98e58cdac555d3b5dce5c1ca168349f95878
3743 Author: Brad Spengler <spender@grsecurity.net>
3744 Date: Tue Mar 20 19:10:52 2012 -0400
3745
3746 Temporary workaround for (most) size_overflow plugin false-positives
3747 Increase randomization for brk-managed heap to 21 bits
3748 Update to pax-linux-3.2.12-test32.patch
3749
3750 commit b724f59125304460c2af8bd4b02921993afbb5d3
3751 Author: Brad Spengler <spender@grsecurity.net>
3752 Date: Tue Mar 20 18:58:53 2012 -0400
3753
3754 compile fix
3755
3756 commit 329f1a9d0f137d0a973316c53bbec18a6eeecd4f
3757 Author: Brad Spengler <spender@grsecurity.net>
3758 Date: Tue Mar 20 18:52:23 2012 -0400
3759
3760 Require default and kernel role
3761
3762 commit a7c5c4f55bdd61cfcd0fb1be7a67160429409878
3763 Author: Brad Spengler <spender@grsecurity.net>
3764 Date: Tue Mar 20 18:47:28 2012 -0400
3765
3766 Allow policies without special roles
3767 don't call free_variables in error path of copy_user_acl, we'll call it later (triggered by a policy without special roles)
3768
3769 commit 402ec3d24d66d38403dc543c84851f5e72d39e22
3770 Merge: 8e012dc f14661a
3771 Author: Brad Spengler <spender@grsecurity.net>
3772 Date: Mon Mar 19 18:06:59 2012 -0400
3773
3774 Merge branch 'pax-test' into grsec-test
3775
3776 Conflicts:
3777 fs/namei.c
3778
3779 commit f14661aaf202155c97f66626cea0269017bb7775
3780 Merge: eae671f 058b017
3781 Author: Brad Spengler <spender@grsecurity.net>
3782 Date: Mon Mar 19 18:05:44 2012 -0400
3783
3784 Merge branch 'linux-3.2.y' into pax-test
3785
3786 commit 8e012dcf7a50b7cde34c2cec93ecedd049123b75
3787 Author: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
3788 Date: Fri Mar 16 17:08:39 2012 -0700
3789
3790 nilfs2: fix NULL pointer dereference in nilfs_load_super_block()
3791
3792 According to the report from Slicky Devil, nilfs caused kernel oops at
3793 nilfs_load_super_block function during mount after he shrank the
3794 partition without resizing the filesystem:
3795
3796 BUG: unable to handle kernel NULL pointer dereference at 00000048
3797 IP: [<d0d7a08e>] nilfs_load_super_block+0x17e/0x280 [nilfs2]
3798 *pde = 00000000
3799 Oops: 0000 [#1] PREEMPT SMP
3800 ...
3801 Call Trace:
3802 [<d0d7a87b>] init_nilfs+0x4b/0x2e0 [nilfs2]
3803 [<d0d6f707>] nilfs_mount+0x447/0x5b0 [nilfs2]
3804 [<c0226636>] mount_fs+0x36/0x180
3805 [<c023d961>] vfs_kern_mount+0x51/0xa0
3806 [<c023ddae>] do_kern_mount+0x3e/0xe0
3807 [<c023f189>] do_mount+0x169/0x700
3808 [<c023fa9b>] sys_mount+0x6b/0xa0
3809 [<c04abd1f>] sysenter_do_call+0x12/0x28
3810 Code: 53 18 8b 43 20 89 4b 18 8b 4b 24 89 53 1c 89 43 24 89 4b 20 8b 43
3811 20 c7 43 2c 00 00 00 00 23 75 e8 8b 50 68 89 53 28 8b 54 b3 20 <8b> 72
3812 48 8b 7a 4c 8b 55 08 89 b3 84 00 00 00 89 bb 88 00 00 00
3813 EIP: [<d0d7a08e>] nilfs_load_super_block+0x17e/0x280 [nilfs2] SS:ESP 0068:ca9bbdcc
3814 CR2: 0000000000000048
3815
3816 This turned out due to a defect in an error path which runs if the
3817 calculated location of the secondary super block was invalid.
3818
3819 This patch fixes it and eliminates the reported oops.
3820
3821 Reported-by: Slicky Devil <slicky.dvl@gmail.com>
3822 Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
3823 Tested-by: Slicky Devil <slicky.dvl@gmail.com>
3824 Cc: <stable@vger.kernel.org> [2.6.30+]
3825 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
3826 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3827
3828 commit 8067d7f69bf27dc08057a771cf125e71e4575bf2
3829 Author: Haogang Chen <haogangchen@gmail.com>
3830 Date: Fri Mar 16 17:08:38 2012 -0700
3831
3832 nilfs2: clamp ns_r_segments_percentage to [1, 99]
3833
3834 ns_r_segments_percentage is read from the disk. Bogus or malicious
3835 value could cause integer overflow and malfunction due to meaningless
3836 disk usage calculation. This patch reports error when mounting such
3837 bogus volumes.
3838
3839 Signed-off-by: Haogang Chen <haogangchen@gmail.com>
3840 Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
3841 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
3842 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3843
3844 commit e1a90645643f9b0194a5984ec8febd06360d5c8b
3845 Author: Eric Dumazet <eric.dumazet@gmail.com>
3846 Date: Sat Mar 10 09:20:21 2012 +0000
3847
3848 tcp: fix syncookie regression
3849
3850 commit ea4fc0d619 (ipv4: Don't use rt->rt_{src,dst} in ip_queue_xmit())
3851 added a serious regression on synflood handling.
3852
3853 Simon Kirby discovered a successful connection was delayed by 20 seconds
3854 before being responsive.
3855
3856 In my tests, I discovered that xmit frames were lost, and needed ~4
3857 retransmits and a socket dst rebuild before being really sent.
3858
3859 In case of syncookie initiated connection, we use a different path to
3860 initialize the socket dst, and inet->cork.fl.u.ip4 is left cleared.
3861
3862 As ip_queue_xmit() now depends on inet flow being setup, fix this by
3863 copying the temp flowi4 we use in cookie_v4_check().
3864
3865 Reported-by: Simon Kirby <sim@netnation.com>
3866 Bisected-by: Simon Kirby <sim@netnation.com>
3867 Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
3868 Tested-by: Eric Dumazet <eric.dumazet@gmail.com>
3869 Signed-off-by: David S. Miller <davem@davemloft.net>
3870
3871 commit 06c6c8628bf38b08b4d97f4c55cde9fdecfb5d65
3872 Author: Stanislav Kinsbursky <skinsbursky@parallels.com>
3873 Date: Mon Mar 12 02:59:41 2012 +0000
3874
3875 tun: don't hold network namespace by tun sockets
3876
3877 v3: added previously removed sock_put() to the tun_release() callback, because
3878 sk_release_kernel() doesn't drop the socket reference.
3879
3880 v2: sk_release_kernel() used for socket release. Dummy tun_release() is
3881 required for sk_release_kernel() ---> sock_release() ---> sock->ops->release()
3882 call.
3883
3884 TUN was designed to destroy it's socket on network namesapce shutdown. But this
3885 will never happen for persistent device, because it's socket holds network
3886 namespace.
3887 This patch removes of holding network namespace by TUN socket and replaces it
3888 by creating socket in init_net and then changing it's net it to desired one. On
3889 shutdown socket is moved back to init_net prior to final put.
3890
3891 Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
3892 Signed-off-by: David S. Miller <davem@davemloft.net>
3893
3894 commit 46ae7374bd387c58d673a9e58852a9fd31042c5c
3895 Author: Tyler Hicks <tyhicks@canonical.com>
3896 Date: Mon Dec 12 10:02:30 2011 -0600
3897
3898 vfs: Correctly set the dir i_mutex lockdep class
3899
3900 9a7aa12f3911853a introduced additional logic around setting the i_mutex
3901 lockdep class for directory inodes. The idea was that some filesystems
3902 may want their own special lockdep class for different directory
3903 inodes and calling unlock_new_inode() should not clobber one of
3904 those special classes.
3905
3906 I believe that the added conditional, around the *negated* return value
3907 of lockdep_match_class(), caused directory inodes to be placed in the
3908 wrong lockdep class.
3909
3910 inode_init_always() sets the i_mutex lockdep class with i_mutex_key for
3911 all inodes. If the filesystem did not change the class during inode
3912 initialization, then the conditional mentioned above was false and the
3913 directory inode was incorrectly left in the non-directory lockdep class.
3914 If the filesystem did set a special lockdep class, then the conditional
3915 mentioned above was true and that class was clobbered with
3916 i_mutex_dir_key.
3917
3918 This patch removes the negation from the conditional so that the i_mutex
3919 lockdep class is properly set for directory inodes. Special classes are
3920 preserved and directory inodes with unmodified classes are set with
3921 i_mutex_dir_key.
3922
3923 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
3924 Reviewed-by: Jan Kara <jack@suse.cz>
3925 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3926
3927 commit 603590b0d2eca61ce26499eac9c563bc567a18c9
3928 Author: Jan Kara <jack@suse.cz>
3929 Date: Mon Feb 20 17:54:00 2012 +0100
3930
3931 udf: Fix deadlock in udf_release_file()
3932
3933 udf_release_file() can be called from munmap() path with mmap_sem held. Thus
3934 we cannot take i_mutex there because that ranks above mmap_sem. Luckily,
3935 i_mutex is not needed in udf_release_file() anymore since protection by
3936 i_data_sem is enough to protect from races with write and truncate.
3937
3938 Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
3939 Reviewed-by: Namjae Jeon <linkinjeon@gmail.com>
3940 Signed-off-by: Jan Kara <jack@suse.cz>
3941 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3942
3943 commit ca79ab9034f3c2f7e3f65c35e0d9ed3ecea529bf
3944 Author: Miklos Szeredi <mszeredi@suse.cz>
3945 Date: Tue Mar 6 13:56:33 2012 +0100
3946
3947 vfs: fix double put after complete_walk()
3948
3949 complete_walk() already puts nd->path, no need to do it again at cleanup time.
3950
3951 This would result in Oopses if triggered, apparently the codepath is not too
3952 well exercised.
3953
3954 Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
3955 CC: stable@vger.kernel.org
3956 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3957
3958 commit 13885ba2b18400f3ef6540497d30f1af896605e5
3959 Author: Miklos Szeredi <mszeredi@suse.cz>
3960 Date: Tue Mar 6 13:56:34 2012 +0100
3961
3962 vfs: fix return value from do_last()
3963
3964 complete_walk() returns either ECHILD or ESTALE. do_last() turns this into
3965 ECHILD unconditionally. If not in RCU mode, this error will reach userspace
3966 which is complete nonsense.
3967
3968 Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
3969 CC: stable@vger.kernel.org
3970 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3971
3972 Conflicts:
3973
3974 fs/namei.c
3975
3976 commit f5ab7572c99ffb58953eb1070622307e904c3b7f
3977 Author: Al Viro <viro@zeniv.linux.org.uk>
3978 Date: Sat Mar 10 17:07:28 2012 -0500
3979
3980 restore smp_mb() in unlock_new_inode()
3981
3982 wait_on_inode() doesn't have ->i_lock
3983
3984 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
3985
3986 commit f3e758cd08e3881982d4b78eb72fe8a1ead6b872
3987 Author: David S. Miller <davem@davemloft.net>
3988 Date: Tue Mar 13 18:19:51 2012 -0700
3989
3990 sparc32: Add -Av8 to assembler command line.
3991
3992 Newer version of binutils are more strict about specifying the
3993 correct options to enable certain classes of instructions.
3994
3995 The sparc32 build is done for v7 in order to support sun4c systems
3996 which lack hardware integer multiply and divide instructions.
3997
3998 So we have to pass -Av8 when building the assembler routines that
3999 use these instructions and get patched into the kernel when we find
4000 out that we have a v8 capable cpu.
4001
4002 Reported-by: Paul Gortmaker <paul.gortmaker@windriver.com>
4003 Signed-off-by: David S. Miller <davem@davemloft.net>
4004
4005 commit 66276ec78b2a971d2e704e5ef963cdc8b6a049a4
4006 Author: Thomas Gleixner <tglx@linutronix.de>
4007 Date: Fri Mar 9 20:55:10 2012 +0100
4008
4009 x86: Derandom delay_tsc for 64 bit
4010
4011 Commit f0fbf0abc093 ("x86: integrate delay functions") converted
4012 delay_tsc() into a random delay generator for 64 bit. The reason is
4013 that it merged the mostly identical versions of delay_32.c and
4014 delay_64.c. Though the subtle difference of the result was:
4015
4016 static void delay_tsc(unsigned long loops)
4017 {
4018 - unsigned bclock, now;
4019 + unsigned long bclock, now;
4020
4021 Now the function uses rdtscl() which returns the lower 32bit of the
4022 TSC. On 32bit that's not problematic as unsigned long is 32bit. On 64
4023 bit this fails when the lower 32bit are close to wrap around when
4024 bclock is read, because the following check
4025
4026 if ((now - bclock) >= loops)
4027 break;
4028
4029 evaluated to true on 64bit for e.g. bclock = 0xffffffff and now = 0
4030 because the unsigned long (now - bclock) of these values results in
4031 0xffffffff00000001 which is definitely larger than the loops
4032 value. That explains Tvortkos observation:
4033
4034 "Because I am seeing udelay(500) (_occasionally_) being short, and
4035 that by delaying for some duration between 0us (yep) and 491us."
4036
4037 Make those variables explicitely u32 again, so this works for both 32
4038 and 64 bit.
4039
4040 Reported-by: Tvrtko Ursulin <tvrtko.ursulin@onelan.co.uk>
4041 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
4042 Cc: stable@vger.kernel.org # >= 2.6.27
4043 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4044
4045 commit 2d0ddb60f5031bdf79b4d51225f9f2d5856255bf
4046 Author: Al Viro <viro@ZenIV.linux.org.uk>
4047 Date: Thu Mar 8 17:51:19 2012 +0000
4048
4049 aio: fix the "too late munmap()" race
4050
4051 Current code has put_ioctx() called asynchronously from aio_fput_routine();
4052 that's done *after* we have killed the request that used to pin ioctx,
4053 so there's nothing to stop io_destroy() waiting in wait_for_all_aios()
4054 from progressing. As the result, we can end up with async call of
4055 put_ioctx() being the last one and possibly happening during exit_mmap()
4056 or elf_core_dump(), neither of which expects stray munmap() being done
4057 to them...
4058
4059 We do need to prevent _freeing_ ioctx until aio_fput_routine() is done
4060 with that, but that's all we care about - neither io_destroy() nor
4061 exit_aio() will progress past wait_for_all_aios() until aio_fput_routine()
4062 does really_put_req(), so the ioctx teardown won't be done until then
4063 and we don't care about the contents of ioctx past that point.
4064
4065 Since actual freeing of these suckers is RCU-delayed, we don't need to
4066 bump ioctx refcount when request goes into list for async removal.
4067 All we need is rcu_read_lock held just over the ->ctx_lock-protected
4068 area in aio_fput_routine().
4069
4070 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
4071 Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
4072 Acked-by: Benjamin LaHaise <bcrl@kvack.org>
4073 Cc: stable@vger.kernel.org
4074 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4075
4076 commit 002124c055afbf09b52226af65621999e8316448
4077 Author: Al Viro <viro@ZenIV.linux.org.uk>
4078 Date: Wed Mar 7 05:16:35 2012 +0000
4079
4080 aio: fix io_setup/io_destroy race
4081
4082 Have ioctx_alloc() return an extra reference, so that caller would drop it
4083 on success and not bother with re-grabbing it on failure exit. The current
4084 code is obviously broken - io_destroy() from another thread that managed
4085 to guess the address io_setup() would've returned would free ioctx right
4086 under us; gets especially interesting if aio_context_t * we pass to
4087 io_setup() points to PROT_READ mapping, so put_user() fails and we end
4088 up doing io_destroy() on kioctx another thread has just got freed...
4089
4090 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
4091 Acked-by: Benjamin LaHaise <bcrl@kvack.org>
4092 Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
4093 Cc: stable@vger.kernel.org
4094 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4095
4096 commit a1cd2719b8ed8e40dbd98c87713ac23a2169f6d8
4097 Author: Dan Carpenter <dan.carpenter@oracle.com>
4098 Date: Thu Mar 15 15:17:12 2012 -0700
4099
4100 drivers/video/backlight/s6e63m0.c: fix corruption storing gamma mode
4101
4102 strict_strtoul() writes a long but ->gamma_mode only has space to store an
4103 int, so on 64 bit systems we end up scribbling over ->gamma_table_count as
4104 well. I've changed it to use kstrtouint() instead.
4105
4106 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
4107 Acked-by: Inki Dae <inki.dae@samsung.com>
4108 Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
4109 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
4110 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4111
4112 commit cf83f735a5571f4341ee6eab947a1f7d833cea6e
4113 Merge: e4b05b6 eae671f
4114 Author: Brad Spengler <spender@grsecurity.net>
4115 Date: Fri Mar 16 21:04:27 2012 -0400
4116
4117 Merge branch 'pax-test' into grsec-test
4118
4119 Conflicts:
4120 security/Kconfig
4121
4122 commit eae671fafe93f04685c04a089cc13efebc05d600
4123 Author: Brad Spengler <spender@grsecurity.net>
4124 Date: Fri Mar 16 20:58:01 2012 -0400
4125
4126 Update to pax-linux-3.2.11-test31.patch
4127 Introduction of the size_overflow plugin from Emese Revfy
4128 Many thanks to Emese for her hard work :)
4129
4130 commit e4b05b65c645c412eceb9c950ee7b4771627e6b1
4131 Merge: e55aa68 258c015
4132 Author: Brad Spengler <spender@grsecurity.net>
4133 Date: Thu Mar 15 20:59:19 2012 -0400
4134
4135 Merge branch 'pax-test' into grsec-test
4136
4137 commit 258c0159fa6dd5044ca984eeaad57bb6e21bacea
4138 Author: Brad Spengler <spender@grsecurity.net>
4139 Date: Thu Mar 15 20:59:05 2012 -0400
4140
4141 fix ARM compilation
4142
4143 commit e55aa68f4bb20e75cd7423123aa612c2a69590c0
4144 Merge: 8f95ea9 55b7573
4145 Author: Brad Spengler <spender@grsecurity.net>
4146 Date: Wed Mar 14 19:33:41 2012 -0400
4147
4148 Merge branch 'pax-test' into grsec-test
4149
4150 commit 55b7573f6c2f3be26fb39c7bd6a9d742d02811ca
4151 Author: Brad Spengler <spender@grsecurity.net>
4152 Date: Wed Mar 14 19:33:15 2012 -0400
4153
4154 Update to pax-linux-3.2.10-test28.patch
4155
4156 commit 8f95ea9f718c293794a1f6bdd2a5f5f336f7bd64
4157 Merge: c8786a2 886ac5e
4158 Author: Brad Spengler <spender@grsecurity.net>
4159 Date: Tue Mar 13 17:38:13 2012 -0400
4160
4161 Merge branch 'pax-test' into grsec-test
4162
4163 Greets and thanks to snq for his assistance in testing/debugging REFCOUNT on ARM :)
4164
4165 commit 886ac5eeb1835e87cf7398b8aae9e9ba6b36bf77
4166 Author: Brad Spengler <spender@grsecurity.net>
4167 Date: Tue Mar 13 17:37:44 2012 -0400
4168
4169 Update to pax-linux-3.2.10-test26.patch
4170
4171 commit c8786a2abed5e5327f68efa520c04db99bb6a63a
4172 Merge: 219c982 c061fcf
4173 Author: Brad Spengler <spender@grsecurity.net>
4174 Date: Tue Mar 13 17:25:06 2012 -0400
4175
4176 Merge branch 'pax-test' into grsec-test
4177
4178 commit c061fcfa6b78f3774800821144d8ac2d94d7da3e
4179 Merge: 89373d2 3f4b3b2
4180 Author: Brad Spengler <spender@grsecurity.net>
4181 Date: Tue Mar 13 17:25:02 2012 -0400
4182
4183 Merge branch 'linux-3.2.y' into pax-test
4184
4185 commit 219c982a05abe47be4ea7d749e1b408e0cb86f1f
4186 Merge: 54e19a3 89373d2
4187 Author: Brad Spengler <spender@grsecurity.net>
4188 Date: Mon Mar 12 17:23:57 2012 -0400
4189
4190 Merge branch 'pax-test' into grsec-test
4191
4192 commit 89373d2abafb9bda97f78bdb157d1d05cf21e008
4193 Merge: a778588 7459f11
4194 Author: Brad Spengler <spender@grsecurity.net>
4195 Date: Mon Mar 12 17:23:49 2012 -0400
4196
4197 Merge branch 'linux-3.2.y' into pax-test
4198
4199 commit 54e19a3979978fca902b14ae25125f26fbbbc7a7
4200 Merge: c4650f1 a778588
4201 Author: Brad Spengler <spender@grsecurity.net>
4202 Date: Mon Mar 12 16:51:25 2012 -0400
4203
4204 Merge branch 'pax-test' into grsec-test
4205
4206 commit a778588c9d1b75c48c1f09aac98c1b28bd87a749
4207 Author: Brad Spengler <spender@grsecurity.net>
4208 Date: Mon Mar 12 16:51:12 2012 -0400
4209
4210 Update to pax-linux-3.2.9-test24.patch
4211
4212 commit c4650f14b13f84735fe3de06a1f3ff5776473eff
4213 Merge: fb2abee 1015790
4214 Author: Brad Spengler <spender@grsecurity.net>
4215 Date: Sun Mar 11 21:08:28 2012 -0400
4216
4217 Merge branch 'pax-test' into grsec-test
4218
4219 Conflicts:
4220 security/Kconfig
4221
4222 commit 101579028a736c224e590c7e12a7357018c424e1
4223 Author: Brad Spengler <spender@grsecurity.net>
4224 Date: Sun Mar 11 21:07:27 2012 -0400
4225
4226 Update to pax-linux-3.2.9-test22.patch
4227
4228 commit fb2abee4b9b49f5f18342a8cdf7aa3ba2b7c9100
4229 Author: Brad Spengler <spender@grsecurity.net>
4230 Date: Sun Mar 11 11:02:17 2012 -0400
4231
4232 Allow 4096 CPUs
4233
4234 commit 96bae28cbe6a41d48e3b56e5904814096e956000
4235 Author: Brad Spengler <spender@grsecurity.net>
4236 Date: Sun Mar 11 10:25:58 2012 -0400
4237
4238 Use a per-cpu 48-bit counter instead of a global atomic64
4239 Initialize each counter to have the cpu number in the lower 16 bits
4240 instead of incrementing the counter each time by 1, perform the increments
4241 above the cpu number so that wrapping/exhausting the counter doesn't corrupt
4242 any state
4243 idea from PaX Team
4244
4245 commit b975688101da6e966aebb1bc6b8c5c5983974f9c
4246 Author: Brad Spengler <spender@grsecurity.net>
4247 Date: Sat Mar 10 20:33:12 2012 -0500
4248
4249 Special vnsec edition! :)
4250 Further reduce argv/env allowance for suid/sgid apps to 512KB
4251 Clamp suid/sgid stack resource limit to 8MB (preventing compat mmap layout fallback/too large stack gap)
4252 Clear 3GB personality on suid/sgid binaries
4253 Restore 4 bits entropy in the lowest bits of arg/env strings (now 28 bits on x86, 39 bits on x64)
4254 with the main purpose of throwing off program stack -> arg/env alignment
4255 Update documentation
4256
4257 commit e5cfa902c4e891d11dd2086543d2555aa0c27d33
4258 Author: Brad Spengler <spender@grsecurity.net>
4259 Date: Sat Mar 10 19:54:47 2012 -0500
4260
4261 Resolve skbuff.h warnings that turn into errors during compilation in
4262 the grsecurity directory with -Werror
4263
4264 commit 2023210ad43a944033fcacc660ce410888f562ee
4265 Merge: ece4383 5f66adf
4266 Author: Brad Spengler <spender@grsecurity.net>
4267 Date: Fri Mar 9 19:48:01 2012 -0500
4268
4269 Merge branch 'pax-test' into grsec-test
4270
4271 commit 5f66adf72f83730a07bc79a2fab56afed6dbbd0e
4272 Author: Brad Spengler <spender@grsecurity.net>
4273 Date: Fri Mar 9 19:47:06 2012 -0500
4274
4275 Add colorize plugin
4276
4277 commit ece4383e5e91c92d138c4df84225a70b552f4d69
4278 Merge: a366d0e ab4a5a1
4279 Author: Brad Spengler <spender@grsecurity.net>
4280 Date: Fri Mar 9 17:56:46 2012 -0500
4281
4282 Merge branch 'pax-test' into grsec-test
4283
4284 commit ab4a5a1a67289c3585e2ff8aa64ecece7bd17eea
4285 Author: Brad Spengler <spender@grsecurity.net>
4286 Date: Fri Mar 9 17:56:26 2012 -0500
4287
4288 Update to pax-linux-3.2.9-test21.patch
4289
4290 commit a366d0ed963ce93fce10121c1100989d5f064e75
4291 Author: Mikulas Patocka <mpatocka@redhat.com>
4292 Date: Sun Mar 4 19:52:03 2012 -0500
4293
4294 mm: fix find_vma_prev
4295
4296 Commit 6bd4837de96e ("mm: simplify find_vma_prev()") broke memory
4297 management on PA-RISC.
4298
4299 After application of the patch, programs that allocate big arrays on the
4300 stack crash with segfault, for example, this will crash if compiled
4301 without optimization:
4302
4303 int main()
4304 {
4305 char array[200000];
4306 array[199999] = 0;
4307 return 0;
4308 }
4309
4310 The reason is that PA-RISC has up-growing stack and the stack is usually
4311 the last memory area. In the above example, a page fault happens above
4312 the stack.
4313
4314 Previously, if we passed too high address to find_vma_prev, it returned
4315 NULL and stored the last VMA in *pprev. After "simplify find_vma_prev"
4316 change, it stores NULL in *pprev. Consequently, the stack area is not
4317 found and it is not expanded, as it used to be before the change.
4318
4319 This patch restores the old behavior and makes it return the last VMA in
4320 *pprev if the requested address is higher than address of any other VMA.
4321
4322 Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
4323 Acked-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
4324 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4325
4326 commit 9cd8dd4d56051099f11563f72fcd91cd0ce19604
4327 Author: Hugh Dickins <hughd@google.com>
4328 Date: Tue Mar 6 12:28:52 2012 -0800
4329
4330 mmap: EINVAL not ENOMEM when rejecting VM_GROWS
4331
4332 Currently error is -ENOMEM when rejecting VM_GROWSDOWN|VM_GROWSUP
4333 from shared anonymous: hoist the file case's -EINVAL up for both.
4334
4335 Signed-off-by: Hugh Dickins <hughd@google.com>
4336 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4337
4338 commit 97745dce6c87f9d9ca5b4be9bd4c2fc1684ca04c
4339 Author: Al Viro <viro@ZenIV.linux.org.uk>
4340 Date: Mon Mar 5 06:38:42 2012 +0000
4341
4342 aout: move setup_arg_pages() prior to reading/mapping the binary
4343
4344 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
4345 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4346
4347 commit 3b20ce55ae8cffee43cb4afdf5be438b5ac4fef0
4348 Author: Jan Beulich <JBeulich@suse.com>
4349 Date: Mon Mar 5 16:49:24 2012 +0000
4350
4351 vsprintf: make %pV handling compatible with kasprintf()
4352
4353 kasprintf() (and potentially other functions that I didn't run across so
4354 far) want to evaluate argument lists twice. Caring to do so for the
4355 primary list is obviously their job, but they can't reasonably be
4356 expected to check the format string for instances of %pV, which however
4357 need special handling too: On architectures like x86-64 (as opposed to
4358 e.g. ix86), using the same argument list twice doesn't produce the
4359 expected results, as an internally managed cursor gets updated during
4360 the first run.
4361
4362 Fix the problem by always acting on a copy of the original list when
4363 handling %pV.
4364
4365 Signed-off-by: Jan Beulich <jbeulich@suse.com>
4366 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4367
4368 commit 4146896ab9674f51d4909f3a52bc7fe80f04e4cb
4369 Author: Al Viro <viro@ZenIV.linux.org.uk>
4370 Date: Mon Mar 5 06:39:47 2012 +0000
4371
4372 VM_GROWS{UP,DOWN} shouldn't be set on shmem VMAs
4373
4374 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
4375 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4376
4377 commit a831bd53764695ea680cc1fa3c98759a610ed2ac
4378 Author: Christian König <deathsimple@vodafone.de>
4379 Date: Tue Feb 28 23:19:20 2012 +0100
4380
4381 drm/radeon: fix uninitialized variable
4382
4383 Without this fix the driver randomly treats
4384 textures as arrays and I'm really wondering
4385 why gcc isn't complaining about it.
4386
4387 Signed-off-by: Christian König <deathsimple@vodafone.de>
4388 Reviewed-by: Jerome Glisse <jglisse@redhat.com>
4389 Signed-off-by: Dave Airlie <airlied@redhat.com>
4390
4391 commit aa2cd55f97f3cc03bdd895b6e8ba99619ee69dfc
4392 Author: H. Peter Anvin <hpa@zytor.com>
4393 Date: Fri Mar 2 10:43:48 2012 -0800
4394
4395 regset: Prevent null pointer reference on readonly regsets
4396
4397 The regset common infrastructure assumed that regsets would always
4398 have .get and .set methods, but not necessarily .active methods.
4399 Unfortunately people have since written regsets without .set methods.
4400
4401 Rather than putting in stub functions everywhere, handle regsets with
4402 null .get or .set methods explicitly.
4403
4404 Signed-off-by: H. Peter Anvin <hpa@zytor.com>
4405 Reviewed-by: Oleg Nesterov <oleg@redhat.com>
4406 Acked-by: Roland McGrath <roland@hack.frob.com>
4407 Cc: <stable@vger.kernel.org>
4408 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4409
4410 commit 072ddd99401c79b53c6bf6bff9deb93022124c79
4411 Author: Brad Spengler <spender@grsecurity.net>
4412 Date: Mon Mar 5 18:12:57 2012 -0500
4413
4414 Fix compiler errors reported on forums
4415
4416 commit 1606774b48af24e6f99d99c624c0e447d4b66474
4417 Merge: 3127bd5 4ca2ffd
4418 Author: Brad Spengler <spender@grsecurity.net>
4419 Date: Mon Mar 5 17:31:35 2012 -0500
4420
4421 Merge branch 'pax-test' into grsec-test
4422
4423 commit 4ca2ffd9da024f4ba2d0cb6245ba1b2726169452
4424 Author: Brad Spengler <spender@grsecurity.net>
4425 Date: Mon Mar 5 17:31:21 2012 -0500
4426
4427 Update to pax-linux-3.2.9-test20.patch
4428
4429 commit 3127bd581a292966b1057c7433219dac188c3720
4430 Author: Brad Spengler <spender@grsecurity.net>
4431 Date: Fri Mar 2 21:30:37 2012 -0500
4432
4433 Fix memory leak on logged exec_id check failure in /proc/pid/statm
4434 Thanks to Djalal Harouni for the report
4435
4436 commit d9f1a3be0e97e0632f97379322712d8deeb3ce23
4437 Merge: 0a56be8 9aa8288
4438 Author: Brad Spengler <spender@grsecurity.net>
4439 Date: Fri Mar 2 18:38:22 2012 -0500
4440
4441 Merge branch 'pax-test' into grsec-test
4442
4443 commit 9aa8288a09e6e03ce37c08136b26bff17a093b5c
4444 Author: Brad Spengler <spender@grsecurity.net>
4445 Date: Fri Mar 2 18:37:43 2012 -0500
4446
4447 Update to pax-linux-3.2.9-test19.patch
4448
4449 commit 0a56be884bbd7ce733cac0b879c45383494d73b0
4450 Merge: 9e66745 3f5c52a
4451 Author: Brad Spengler <spender@grsecurity.net>
4452 Date: Thu Mar 1 20:18:01 2012 -0500
4453
4454 Merge branch 'pax-test' into grsec-test
4455
4456 commit 3f5c52aba100b3bb252980f9d363aafde52da1a2
4457 Author: Brad Spengler <spender@grsecurity.net>
4458 Date: Thu Mar 1 20:16:56 2012 -0500
4459
4460 Update to pax-linux-3.2.9-test18.patch
4461
4462 commit ae53ec231d12719a36bf871f8c5841020ed692ee
4463 Merge: b255baf 44fb317
4464 Author: Brad Spengler <spender@grsecurity.net>
4465 Date: Thu Mar 1 20:15:31 2012 -0500
4466
4467 Merge branch 'linux-3.2.y' into pax-test
4468
4469 commit 9e667456c03eadea2f305be761abe4de9a5877a3
4470 Merge: 5e4e200 b255baf
4471 Author: Brad Spengler <spender@grsecurity.net>
4472 Date: Mon Feb 27 20:53:59 2012 -0500
4473
4474 Merge branch 'pax-test' into grsec-test
4475
4476 commit b255baf50365d39b406f43aab2c64745607baaa2
4477 Merge: 340ce90 1de504e
4478 Author: Brad Spengler <spender@grsecurity.net>
4479 Date: Mon Feb 27 20:53:29 2012 -0500
4480
4481 Merge branch 'linux-3.2.y' into pax-test
4482 Update to pax-linux-3.2.8-test17.patch
4483
4484 Conflicts:
4485 arch/x86/include/asm/i387.h
4486 arch/x86/kernel/process_32.c
4487 arch/x86/kernel/traps.c
4488
4489 commit 5e4e200ac530452884b625cb75de240e1e98c731
4490 Merge: 44306d7 340ce90
4491 Author: Brad Spengler <spender@grsecurity.net>
4492 Date: Mon Feb 27 18:02:13 2012 -0500
4493
4494 Merge branch 'pax-test' into grsec-test
4495
4496 commit 340ce90d98a043fa8e4ed9ffc229d4c1f86e2fec
4497 Author: Brad Spengler <spender@grsecurity.net>
4498 Date: Mon Feb 27 18:01:48 2012 -0500
4499
4500 Update to pax-linux-3.2.7-test17.patch
4501
4502 commit 44306d7b3097f77e73040dd25f4f6750751bae7a
4503 Merge: 29d0b07 521c411
4504 Author: Brad Spengler <spender@grsecurity.net>
4505 Date: Sun Feb 26 19:04:15 2012 -0500
4506
4507 Merge branch 'pax-test' into grsec-test
4508
4509 Conflicts:
4510 Makefile
4511
4512 commit 521c411bb4ca66ce01146fde8bac9dd22414076d
4513 Author: Brad Spengler <spender@grsecurity.net>
4514 Date: Sun Feb 26 19:03:33 2012 -0500
4515
4516 Update to pax-linux-3.2.7-test16.patch
4517
4518 commit 29d0b07290bb9a10cdfcc3c30058e16265330dea
4519 Author: Brad Spengler <spender@grsecurity.net>
4520 Date: Sun Feb 26 17:12:44 2012 -0500
4521
4522 fix typo
4523
4524 commit 344f6d84e5d3fdc6ec40a078fc2f5861d340b2ef
4525 Merge: f45b3be caa8f83
4526 Author: Brad Spengler <spender@grsecurity.net>
4527 Date: Sat Feb 25 20:59:27 2012 -0500
4528
4529 Merge branch 'pax-test' into grsec-test
4530
4531 commit caa8f83456c4d0b204beefffaa1d1993f2348d08
4532 Author: Brad Spengler <spender@grsecurity.net>
4533 Date: Sat Feb 25 20:59:12 2012 -0500
4534
4535 Update to pax-linux-3.2.7-test15.patch
4536
4537 commit f45b3be34a345502a302e736af9a65742ddef7cb
4538 Merge: 62f35fd 9f1309b
4539 Author: Brad Spengler <spender@grsecurity.net>
4540 Date: Sat Feb 25 11:40:15 2012 -0500
4541
4542 Merge branch 'pax-test' into grsec-test
4543
4544 commit 9f1309b0b935e3b30fc87a9e3009b84cf943ef47
4545 Author: Brad Spengler <spender@grsecurity.net>
4546 Date: Sat Feb 25 11:39:57 2012 -0500
4547
4548 Update to pax-linux-3.2.7-test14.patch
4549
4550 commit 62f35fdbecc58f2988fe13638d907b87a15776bb
4551 Author: Brad Spengler <spender@grsecurity.net>
4552 Date: Sat Feb 25 09:08:55 2012 -0500
4553
4554 We could log on attempted exploits of writing /proc/self/mem, but the current
4555 log function declares the access a read, so just swap the ordering for now
4556
4557 commit 066ee8f9c26f1549b4ad893508777b549c8d4b79
4558 Author: Brad Spengler <spender@grsecurity.net>
4559 Date: Sat Feb 25 08:46:14 2012 -0500
4560
4561 Log /proc/pid/mem attempts
4562
4563 commit 674471e581893a94d475acac3e3c4496209b3ac9
4564 Author: Brad Spengler <spender@grsecurity.net>
4565 Date: Sat Feb 25 08:15:00 2012 -0500
4566
4567 Make use of f_version for protecting /proc file structs (fine since we're not a directory
4568 or seq_file)
4569
4570 commit eab42cfdd237ffcdd8ec24bedecc275a3a9e987f
4571 Author: Brad Spengler <spender@grsecurity.net>
4572 Date: Fri Feb 24 20:02:19 2012 -0500
4573
4574 Fix ia64 compilation
4575
4576 commit 50dfea412fd395e0183c2ade368efa525d38b267
4577 Merge: 12db845 4c6f99b
4578 Author: Brad Spengler <spender@grsecurity.net>
4579 Date: Fri Feb 24 19:00:53 2012 -0500
4580
4581 Merge branch 'pax-test' into grsec-test
4582
4583 commit 4c6f99bf338e03966356b147d0360cb3b522a44f
4584 Author: Brad Spengler <spender@grsecurity.net>
4585 Date: Fri Feb 24 19:00:36 2012 -0500
4586
4587 (6:57:09 PM) pipacs: but you can be proactive
4588 (Fix other-arch atomic64/REFCOUNT compilation failures)
4589
4590 commit 12db8453f6bb0a756f369c9151668ba1249bc478
4591 Author: Brad Spengler <spender@grsecurity.net>
4592 Date: Thu Feb 23 21:10:12 2012 -0500
4593
4594 Remove unnecessary copies, as suggested by solar
4595
4596 commit cc02cab84368467ea03cb35f861a8a7092d91ab4
4597 Author: Brad Spengler <spender@grsecurity.net>
4598 Date: Thu Feb 23 20:59:35 2012 -0500
4599
4600 Make global_exec_counter static, as suggested by solar
4601
4602 commit e642091a475ebb3a30e81f85e7751233d0c2af43
4603 Author: Brad Spengler <spender@grsecurity.net>
4604 Date: Thu Feb 23 19:00:26 2012 -0500
4605
4606 sync with stable tree
4607
4608 commit 6df09c3d8e371905b7b8fe90c4188f23614c6be5
4609 Author: Brad Spengler <spender@grsecurity.net>
4610 Date: Thu Feb 23 18:48:47 2012 -0500
4611
4612 Remove unneeded gr_acl_handle_fchmod, as the code is shared now by gr_acl_handle_chmod
4613 Remove handling of old kludge in chmod/fchmod
4614
4615 commit 815cb62f2ca7b58efc39778b3a855feb675ab56c
4616 Author: Brad Spengler <spender@grsecurity.net>
4617 Date: Thu Feb 23 18:18:49 2012 -0500
4618
4619 Apply umask checks to chmod/fchmod as well, as requested by sponsor
4620 Union the enforced umask with the existing one to produce minimal privilege
4621 Change umask type to u16
4622
4623 commit 0e7668c6abbdbcd3f7f9759e3994d6f4bc9953f0
4624 Author: Brad Spengler <spender@grsecurity.net>
4625 Date: Wed Feb 22 18:16:11 2012 -0500
4626
4627 Add per-role umask enforcement to RBAC, requested by a sponsor
4628
4629 commit ad5ac943fe58199f1cc475912a39edb157acb77b
4630 Merge: dda0bb5 41722e3
4631 Author: Brad Spengler <spender@grsecurity.net>
4632 Date: Mon Feb 20 20:04:42 2012 -0500
4633
4634 Merge branch 'pax-test' into grsec-test
4635
4636 commit 41722e342e116d95f3d3556d66c97c888d752d39
4637 Author: Brad Spengler <spender@grsecurity.net>
4638 Date: Mon Feb 20 20:04:00 2012 -0500
4639
4640 Merge changes from pax-linux-3.2.7-test12.patch, fixes KVM incompatibility with
4641 KERNEXEC plugin
4642
4643 commit dda0bb57137846a476a866c60db2681aaf6052c0
4644 Merge: 4fd554e d70927a
4645 Author: Brad Spengler <spender@grsecurity.net>
4646 Date: Mon Feb 20 20:01:41 2012 -0500
4647
4648 Merge branch 'pax-test' into grsec-test
4649
4650 commit d70927afec977d489a54c106a3c3ddc32e953050
4651 Merge: 1daebf1 9d0231c
4652 Author: Brad Spengler <spender@grsecurity.net>
4653 Date: Mon Feb 20 20:01:33 2012 -0500
4654
4655 Merge branch 'linux-3.2.y' into pax-test
4656
4657 commit 4fd554e3a097b22c5049fcdc423897477deff5ef
4658 Author: Brad Spengler <spender@grsecurity.net>
4659 Date: Mon Feb 20 09:17:57 2012 -0500
4660
4661 Fix wrong logic on capability checks for switching roles, broke policies
4662 Thanks to Richard Kojedzinszky for reporting
4663
4664 commit 12f97d52ac603f24344f8d71569c412a307e9422
4665 Author: Brad Spengler <spender@grsecurity.net>
4666 Date: Thu Feb 16 21:20:10 2012 -0500
4667
4668 sparc64 compile fix
4669
4670 commit 07af3d8e76a6a47ce1836e5b20ed8c0f879c8201
4671 Author: Brad Spengler <spender@grsecurity.net>
4672 Date: Thu Feb 16 18:38:32 2012 -0500
4673
4674 Update configuration help and name for GRKERNSEC_PROC_MEMMAP
4675
4676 commit 5ced6f8def06c2176b40b5fa07345fc723dc4dcb
4677 Author: Brad Spengler <spender@grsecurity.net>
4678 Date: Thu Feb 16 18:18:01 2012 -0500
4679
4680 optimize the check a bit
4681
4682 commit 03159050f64989be44ae03be769cbed62a7cd2e5
4683 Author: Brad Spengler <spender@grsecurity.net>
4684 Date: Thu Feb 16 18:00:45 2012 -0500
4685
4686 smile VUPEN :D
4687 (limit argv+env to 1MB for suid/sgid binaries)
4688
4689 commit dd759d8800d225a397e4de49fe729c7d601298d2
4690 Author: Brad Spengler <spender@grsecurity.net>
4691 Date: Thu Feb 16 17:49:33 2012 -0500
4692
4693 Address Space Protection -> Memory Protections (suggested on IRC for consistency)
4694
4695 commit 4de635bda8ebfb85312e3bf851bdbff93de400da
4696 Author: Brad Spengler <spender@grsecurity.net>
4697 Date: Thu Feb 16 17:45:06 2012 -0500
4698
4699 Change the long long type for exec_id to the proper u64
4700
4701 commit 4feb07e7cb64b3d0f0f8cca1aef70bc725cae6fa
4702 Author: Dan Carpenter <dan.carpenter@oracle.com>
4703 Date: Thu Feb 9 00:46:47 2012 +0000
4704
4705 isdn: type bug in isdn_net_header()
4706
4707 We use len to store the return value from eth_header(). eth_header()
4708 can return -ETH_HLEN (-14). We want to pass this back instead of
4709 truncating it to 65522 and returning that.
4710
4711 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
4712 Acked-by: Neil Horman <nhorman@tuxdriver.com>
4713 Signed-off-by: David S. Miller <davem@davemloft.net>
4714
4715 commit 134ac8545b47f0f27d550ea6e1edb3a1ed7a9748
4716 Author: Heiko Carstens <heiko.carstens@de.ibm.com>
4717 Date: Sat Feb 4 10:47:10 2012 +0100
4718
4719 exec: fix use-after-free bug in setup_new_exec()
4720
4721 Setting the task name is done within setup_new_exec() by accessing
4722 bprm->filename. However this happens after flush_old_exec().
4723 This may result in a use after free bug, flush_old_exec() may
4724 "complete" vfork_done, which will wake up the parent which in turn
4725 may free the passed in filename.
4726 To fix this add a new tcomm field in struct linux_binprm which
4727 contains the now early generated task name until it is used.
4728
4729 Fixes this bug on s390:
4730
4731 Unable to handle kernel pointer dereference at virtual kernel address 0000000039768000
4732 Process kworker/u:3 (pid: 245, task: 000000003a3dc840, ksp: 0000000039453818)
4733 Krnl PSW : 0704000180000000 0000000000282e94 (setup_new_exec+0xa0/0x374)
4734 Call Trace:
4735 ([<0000000000282e2c>] setup_new_exec+0x38/0x374)
4736 [<00000000002dd12e>] load_elf_binary+0x402/0x1bf4
4737 [<0000000000280a42>] search_binary_handler+0x38e/0x5bc
4738 [<0000000000282b6c>] do_execve_common+0x410/0x514
4739 [<0000000000282cb6>] do_execve+0x46/0x58
4740 [<00000000005bce58>] kernel_execve+0x28/0x70
4741 [<000000000014ba2e>] ____call_usermodehelper+0x102/0x140
4742 [<00000000005bc8da>] kernel_thread_starter+0x6/0xc
4743 [<00000000005bc8d4>] kernel_thread_starter+0x0/0xc
4744 Last Breaking-Event-Address:
4745 [<00000000002830f0>] setup_new_exec+0x2fc/0x374
4746
4747 Kernel panic - not syncing: Fatal exception: panic_on_oops
4748
4749 Reported-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
4750 Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
4751 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4752
4753 commit d758ee9f5230893dabb5aab737b3109684bde196
4754 Author: Dan Carpenter <dan.carpenter@oracle.com>
4755 Date: Fri Feb 10 09:03:58 2012 +0100
4756
4757 relay: prevent integer overflow in relay_open()
4758
4759 "subbuf_size" and "n_subbufs" come from the user and they need to be
4760 capped to prevent an integer overflow.
4761
4762 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
4763 Cc: stable@kernel.org
4764 Signed-off-by: Jens Axboe <axboe@kernel.dk>
4765
4766 commit 40ed7b34848b8e0d7bf9a3fc21a7c75ce1ae507c
4767 Merge: b1baadf 1daebf1
4768 Author: Brad Spengler <spender@grsecurity.net>
4769 Date: Mon Feb 13 17:47:04 2012 -0500
4770
4771 Merge branch 'pax-test' into grsec-test
4772
4773 Conflicts:
4774 fs/proc/base.c
4775
4776 commit 1daebf1d623fe5b0efdd329f78562eb7078bc772
4777 Merge: 1413df2 c2db2e2
4778 Author: Brad Spengler <spender@grsecurity.net>
4779 Date: Mon Feb 13 17:45:54 2012 -0500
4780
4781 Merge branch 'linux-3.2.y' into pax-test
4782
4783 commit b1baadf5047ab67cf61cd20bf58c6afb09c37c7d
4784 Author: Brad Spengler <spender@grsecurity.net>
4785 Date: Sun Feb 12 16:44:05 2012 -0500
4786
4787 add missing declaration
4788
4789 commit 3981059c35e8463002517935c28f3d74b8e3703c
4790 Author: Brad Spengler <spender@grsecurity.net>
4791 Date: Sun Feb 12 16:36:04 2012 -0500
4792
4793 Require CAP_SETUID/CAP_SETGID in a subject in order to change roles
4794 in addition to existing checks (this handles the setresuid ruid = euid case)
4795
4796 commit 0beab03263c773f463412c350ad9064b44b6ede0
4797 Author: Brad Spengler <spender@grsecurity.net>
4798 Date: Sun Feb 12 16:13:40 2012 -0500
4799
4800 Revert setreuid changes when RBAC is enabled, breaks freeradius
4801 I'll fix the learning issue Lavish reported a different way through
4802 gradm modifications
4803
4804 This reverts commit d54ec64b7078f1dcb71b5d8a29e47d4a0f46c111.
4805
4806 commit 0c61cb1cfbbfec7d07647268c922d51434d22621
4807 Author: Brad Spengler <spender@grsecurity.net>
4808 Date: Sat Feb 11 14:22:46 2012 -0500
4809
4810 copy exec_id on fork
4811
4812 commit 000c08e0890630086b2ed04084050ed856a7ec31
4813 Author: Brad Spengler <spender@grsecurity.net>
4814 Date: Fri Feb 10 20:00:36 2012 -0500
4815
4816 compile fix
4817
4818 commit 54b8c8f54484e5ee18040657827158bc4b63bccc
4819 Author: Brad Spengler <spender@grsecurity.net>
4820 Date: Fri Feb 10 19:19:52 2012 -0500
4821
4822 Introduce enhancement to CONFIG_GRKERNSEC_PROC_MEMMAP
4823 denies reading of sensitive /proc/pid entries where the file descriptor
4824 was opened in a different task than the one performing the read
4825
4826 commit dd19579049186e2648b9ae5e42af04cfda7ab2dc
4827 Author: Brad Spengler <spender@grsecurity.net>
4828 Date: Fri Feb 10 17:43:24 2012 -0500
4829
4830 Remove duplicate signal check
4831
4832 commit 6ff60c34155bb73a4eec7bbfe6f59e9d35e1c0c6
4833 Merge: 4eba97e 1413df2
4834 Author: Brad Spengler <spender@grsecurity.net>
4835 Date: Wed Feb 8 19:24:34 2012 -0500
4836
4837 Merge branch 'pax-test' into grsec-test
4838
4839 commit 1413df258d4664d928b876ffb57e1bdc1ccd06f6
4840 Author: Brad Spengler <spender@grsecurity.net>
4841 Date: Wed Feb 8 19:24:08 2012 -0500
4842
4843 Merge changes from pax-linux-3.2.4-test11.patch
4844
4845 commit 4eba97eda7f7d25b7ab6ad5c9de094545e749044
4846 Merge: 0e058dd 8dd90a2
4847 Author: Brad Spengler <spender@grsecurity.net>
4848 Date: Mon Feb 6 17:50:12 2012 -0500
4849
4850 Merge branch 'pax-test' into grsec-test
4851
4852 commit 8dd90a21adfeefd86134d1fedf77b958bc59eaa3
4853 Author: Brad Spengler <spender@grsecurity.net>
4854 Date: Mon Feb 6 17:49:07 2012 -0500
4855
4856 Merge changes from pax-linux-3.2.4-test10.patch, fixes BPF JIT double-free
4857
4858 commit a6b5dfed0937a0eb386b4b519a387f8e8177ffdc
4859 Merge: 7e4169c 6133971
4860 Author: Brad Spengler <spender@grsecurity.net>
4861 Date: Mon Feb 6 17:48:57 2012 -0500
4862
4863 Merge branch 'linux-3.2.y' into pax-test
4864
4865 commit 0e058dd6d14e0c67c44dd332a871f1fe1bb06095
4866 Author: Brad Spengler <spender@grsecurity.net>
4867 Date: Sun Feb 5 19:24:45 2012 -0500
4868
4869 We now allow configurations with no PaX markings, giving the system no way to override the defaults
4870
4871 commit 9afb0110287e31c3c56d861b4927f64f8dbd7857
4872 Author: Brad Spengler <spender@grsecurity.net>
4873 Date: Sun Feb 5 10:01:23 2012 -0500
4874
4875 Increase the buffer size of logged TPE reason, otherwise we could truncate the "y" in directory
4876
4877 commit a6a0ad24a5f7bef90236d94c1bdfe21d291fc834
4878 Author: Brad Spengler <spender@grsecurity.net>
4879 Date: Sat Feb 4 21:01:16 2012 -0500
4880
4881 Improve security of ptrace-based monitoring/sandboxing
4882 See:
4883 http://article.gmane.org/gmane.linux.kernel.lsm/15156
4884
4885 commit ca4ca5a1027b41f9528794e52a53ce9c47926101
4886 Author: Brad Spengler <spender@grsecurity.net>
4887 Date: Fri Feb 3 20:42:55 2012 -0500
4888
4889 fix typo
4890
4891 commit d54ec64b7078f1dcb71b5d8a29e47d4a0f46c111
4892 Author: Brad Spengler <spender@grsecurity.net>
4893 Date: Fri Feb 3 20:25:38 2012 -0500
4894
4895 Reported by lavish on IRC:
4896 If a suid/sgid binary did not learn any setuid/setgid call during learning,
4897 we would not any CAP_SETUID/CAP_SETGID capability to the task, nor
4898 any restrictions on uid/gid changes. uid and gid can however be changed
4899 within a suid/sgid binary via setresuid/setresgid with ruid/rgid set to
4900 euid/egid.
4901
4902 My fix:
4903 POSIX doesn't specify whether unprivileged users can perform the above
4904 setresuid/setresgid as an unprivileged user, though Linux has historically
4905 permitted them. Modify this behavior when RBAC is enabled to require
4906 CAP_SETUID/CAP_SETGID for these operations.
4907
4908 Thanks to Lavish for the report!
4909
4910 Conflicts:
4911
4912 kernel/sys.c
4913
4914 commit e55be1f30908f1ad4450cb0558cde71ff5c7247f
4915 Merge: ba586eb 7e4169c
4916 Author: Brad Spengler <spender@grsecurity.net>
4917 Date: Fri Feb 3 20:10:21 2012 -0500
4918
4919 Merge branch 'pax-test' into grsec-test
4920
4921 commit 7e4169c6c880ec9641f1178c88545913c8a21e1f
4922 Author: Brad Spengler <spender@grsecurity.net>
4923 Date: Fri Feb 3 20:10:05 2012 -0500
4924
4925 Merge changes from pax-linux-3.2.4-test9.patch
4926
4927 commit ba586ebbcd0ed781e38a99c580a757a00347c6eb
4928 Author: Christopher Yeoh <cyeoh@au1.ibm.com>
4929 Date: Thu Feb 2 11:34:09 2012 +1030
4930
4931 Fix race in process_vm_rw_core
4932
4933 This fixes the race in process_vm_core found by Oleg (see
4934
4935 http://article.gmane.org/gmane.linux.kernel/1235667/
4936
4937 for details).
4938
4939 This has been updated since I last sent it as the creation of the new
4940 mm_access() function did almost exactly the same thing as parts of the
4941 previous version of this patch did.
4942
4943 In order to use mm_access() even when /proc isn't enabled, we move it to
4944 kernel/fork.c where other related process mm access functions already
4945 are.
4946
4947 Signed-off-by: Chris Yeoh <yeohc@au1.ibm.com>
4948 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4949
4950 Conflicts:
4951
4952 fs/proc/base.c
4953 mm/process_vm_access.c
4954
4955 commit b9194d60fb9fe579f5c34817ed822abde18939a0
4956 Author: Oleg Nesterov <oleg@redhat.com>
4957 Date: Tue Jan 31 17:15:11 2012 +0100
4958
4959 proc: make sure mem_open() doesn't pin the target's memory
4960
4961 Once /proc/pid/mem is opened, the memory can't be released until
4962 mem_release() even if its owner exits.
4963
4964 Change mem_open() to do atomic_inc(mm_count) + mmput(), this only
4965 pins mm_struct. Change mem_rw() to do atomic_inc_not_zero(mm_count)
4966 before access_remote_vm(), this verifies that this mm is still alive.
4967
4968 I am not sure what should mem_rw() return if atomic_inc_not_zero()
4969 fails. With this patch it returns zero to match the "mm == NULL" case,
4970 may be it should return -EINVAL like it did before e268337d.
4971
4972 Perhaps it makes sense to add the additional fatal_signal_pending()
4973 check into the main loop, to ensure we do not hold this memory if
4974 the target task was oom-killed.
4975
4976 Cc: stable@kernel.org
4977 Signed-off-by: Oleg Nesterov <oleg@redhat.com>
4978 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4979
4980 commit d4500134f9363bc79556e0e7a1fd811cd8552cc4
4981 Author: Oleg Nesterov <oleg@redhat.com>
4982 Date: Tue Jan 31 17:14:38 2012 +0100
4983
4984 proc: mem_release() should check mm != NULL
4985
4986 mem_release() can hit mm == NULL, add the necessary check.
4987
4988 Cc: stable@kernel.org
4989 Signed-off-by: Oleg Nesterov <oleg@redhat.com>
4990 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
4991
4992 commit 5d1c11221a86f233fdbb232312a561f85d0a3a05
4993 Author: Oleg Nesterov <oleg@redhat.com>
4994 Date: Tue Jan 31 17:14:54 2012 +0100
4995
4996 note: redisabled mem_write
4997
4998 proc: unify mem_read() and mem_write()
4999
5000 No functional changes, cleanup and preparation.
5001
5002 mem_read() and mem_write() are very similar. Move this code into the
5003 new common helper, mem_rw(), which takes the additional "int write"
5004 argument.
5005
5006 Cc: stable@kernel.org
5007 Signed-off-by: Oleg Nesterov <oleg@redhat.com>
5008 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
5009
5010 Conflicts:
5011
5012 fs/proc/base.c
5013
5014 commit af966b421d9f55ab7e1a8b2741beba44b22bc2e0
5015 Merge: 3903f01 01fee18
5016 Author: Brad Spengler <spender@grsecurity.net>
5017 Date: Fri Feb 3 19:50:40 2012 -0500
5018
5019 Merge branch 'pax-test' into grsec-test
5020
5021 commit 01fee1851aef26b898ccba5312cabf1f919b74cb
5022 Author: Brad Spengler <spender@grsecurity.net>
5023 Date: Fri Feb 3 19:49:46 2012 -0500
5024
5025 Merge changes from pax-linux-3.2.4-test8.patch
5026
5027 commit c2490ddbfc3f5dd664dd0e1b8575856c3be01879
5028 Merge: 201c0db 141936c
5029 Author: Brad Spengler <spender@grsecurity.net>
5030 Date: Fri Feb 3 19:49:01 2012 -0500
5031
5032 Merge branch 'linux-3.2.y' into pax-test
5033
5034 commit 3903f0172ecadf7a575ba3535402a1506133640a
5035 Author: Brad Spengler <spender@grsecurity.net>
5036 Date: Mon Jan 30 23:26:44 2012 -0500
5037
5038 Implement new version of CONFIG_GRKERNSEC_SYSFS_RESTRICT
5039
5040 We'll whitelist required directories for compatibility instead of requiring
5041 that people disable the feature entirely if they use SELinux, fuse, etc
5042
5043 Conflicts:
5044
5045 fs/sysfs/mount.c
5046
5047 commit e3618feaa7e63807f1b88c199882075b3ec9bd05
5048 Author: Brad Spengler <spender@grsecurity.net>
5049 Date: Sun Jan 29 01:12:19 2012 -0500
5050
5051 perform RBAC check if TPE is on but match fails, matches previous behavior
5052
5053 commit 627b7fe22799a86e2f81a74f0e0c53474bec3100
5054 Author: Brad Spengler <spender@grsecurity.net>
5055 Date: Sat Jan 28 13:17:06 2012 -0500
5056
5057 log more information about the reason for a TPE denial for novice users, requested by a sponsor
5058
5059 commit efefd67008cbad8a8591e2484410966a300a39a5
5060 Author: Brad Spengler <spender@grsecurity.net>
5061 Date: Fri Jan 27 19:58:53 2012 -0500
5062
5063 merge upstream sha512 changes
5064
5065 commit 8a79280377db78fb2091fe01eddb9e24f75d9fe1
5066 Author: Brad Spengler <spender@grsecurity.net>
5067 Date: Fri Jan 27 19:49:07 2012 -0500
5068
5069 drop lock on error in xfs_readlink
5070
5071 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=aaad641eadfd3e74b0fbb68fcf539b9cef0415d0
5072
5073 commit aa5f2f63e37f426bf2211c5fb8f7bc70de14f08a
5074 Author: Li Wang <liwang@nudt.edu.cn>
5075 Date: Thu Jan 19 09:44:36 2012 +0800
5076
5077 eCryptfs: Infinite loop due to overflow in ecryptfs_write()
5078
5079 ecryptfs_write() can enter an infinite loop when truncating a file to a
5080 size larger than 4G. This only happens on architectures where size_t is
5081 represented by 32 bits.
5082
5083 This was caused by a size_t overflow due to it incorrectly being used to
5084 store the result of a calculation which uses potentially large values of
5085 type loff_t.
5086
5087 [tyhicks@canonical.com: rewrite subject and commit message]
5088 Signed-off-by: Li Wang <liwang@nudt.edu.cn>
5089 Signed-off-by: Yunchuan Wen <wenyunchuan@kylinos.com.cn>
5090 Reviewed-by: Cong Wang <xiyou.wangcong@gmail.com>
5091 Cc: <stable@vger.kernel.org>
5092 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
5093
5094 commit a7607747d0f74f357d78bb796d70635dd05f46e8
5095 Author: Tyler Hicks <tyhicks@canonical.com>
5096 Date: Thu Jan 19 20:33:44 2012 -0600
5097
5098 eCryptfs: Check inode changes in setattr
5099
5100 Most filesystems call inode_change_ok() very early in ->setattr(), but
5101 eCryptfs didn't call it at all. It allowed the lower filesystem to make
5102 the call in its ->setattr() function. Then, eCryptfs would copy the
5103 appropriate inode attributes from the lower inode to the eCryptfs inode.
5104
5105 This patch changes that and actually calls inode_change_ok() on the
5106 eCryptfs inode, fairly early in ecryptfs_setattr(). Ideally, the call
5107 would happen earlier in ecryptfs_setattr(), but there are some possible
5108 inode initialization steps that must happen first.
5109
5110 Since the call was already being made on the lower inode, the change in
5111 functionality should be minimal, except for the case of a file extending
5112 truncate call. In that case, inode_newsize_ok() was never being
5113 called on the eCryptfs inode. Rather than inode_newsize_ok() catching
5114 maximum file size errors early on, eCryptfs would encrypt zeroed pages
5115 and write them to the lower filesystem until the lower filesystem's
5116 write path caught the error in generic_write_checks(). This patch
5117 introduces a new function, called ecryptfs_inode_newsize_ok(), which
5118 checks if the new lower file size is within the appropriate limits when
5119 the truncate operation will be growing the lower file.
5120
5121 In summary this change prevents eCryptfs truncate operations (and the
5122 resulting page encryptions), which would exceed the lower filesystem
5123 limits or FSIZE rlimits, from ever starting.
5124
5125 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
5126 Reviewed-by: Li Wang <liwang@nudt.edu.cn>
5127 Cc: <stable@vger.kernel.org>
5128
5129 commit 0d96f190a39505254ace4e9330219aaeda9b64e3
5130 Author: Tyler Hicks <tyhicks@canonical.com>
5131 Date: Wed Jan 18 18:30:04 2012 -0600
5132
5133 eCryptfs: Make truncate path killable
5134
5135 ecryptfs_write() handles the truncation of eCryptfs inodes. It grabs a
5136 page, zeroes out the appropriate portions, and then encrypts the page
5137 before writing it to the lower filesystem. It was unkillable and due to
5138 the lack of sparse file support could result in tying up a large portion
5139 of system resources, while encrypting pages of zeros, with no way for
5140 the truncate operation to be stopped from userspace.
5141
5142 This patch adds the ability for ecryptfs_write() to detect a pending
5143 fatal signal and return as gracefully as possible. The intent is to
5144 leave the lower file in a useable state, while still allowing a user to
5145 break out of the encryption loop. If a pending fatal signal is detected,
5146 the eCryptfs inode size is updated to reflect the modified inode size
5147 and then -EINTR is returned.
5148
5149 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
5150 Cc: <stable@vger.kernel.org>
5151
5152 commit a02d0d2516b9e92edffeb8fca87462bca49c1f6f
5153 Author: Tyler Hicks <tyhicks@canonical.com>
5154 Date: Tue Jan 24 10:02:22 2012 -0600
5155
5156 eCryptfs: Fix oops when printing debug info in extent crypto functions
5157
5158 If pages passed to the eCryptfs extent-based crypto functions are not
5159 mapped and the module parameter ecryptfs_verbosity=1 was specified at
5160 loading time, a NULL pointer dereference will occur.
5161
5162 Note that this wouldn't happen on a production system, as you wouldn't
5163 pass ecryptfs_verbosity=1 on a production system. It leaks private
5164 information to the system logs and is for debugging only.
5165
5166 The debugging info printed in these messages is no longer very useful
5167 and rather than doing a kmap() in these debugging paths, it will be
5168 better to simply remove the debugging paths completely.
5169
5170 https://launchpad.net/bugs/913651
5171
5172 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
5173 Reported-by: Daniel DeFreez
5174 Cc: <stable@vger.kernel.org>
5175
5176 commit b1c44d3054dc7f293b2e0a98c0e9e5e03e01f04c
5177 Author: Tyler Hicks <tyhicks@canonical.com>
5178 Date: Thu Jan 12 11:30:44 2012 +0100
5179
5180 eCryptfs: Sanitize write counts of /dev/ecryptfs
5181
5182 A malicious count value specified when writing to /dev/ecryptfs may
5183 result in a a very large kernel memory allocation.
5184
5185 This patch peeks at the specified packet payload size, adds that to the
5186 size of the packet headers and compares the result with the write count
5187 value. The resulting maximum memory allocation size is approximately 532
5188 bytes.
5189
5190 Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
5191 Reported-by: Sasha Levin <levinsasha928@gmail.com>
5192 Cc: <stable@vger.kernel.org>
5193
5194 commit 96dcb7282d323813181a1791f51c0ab7696b675b
5195 Merge: 6c09fa5 201c0db
5196 Author: Brad Spengler <spender@grsecurity.net>
5197 Date: Fri Jan 27 19:44:15 2012 -0500
5198
5199 Merge branch 'pax-test' into grsec-test
5200
5201 commit 201c0dbf177527367676028151e36d340923f033
5202 Author: Brad Spengler <spender@grsecurity.net>
5203 Date: Fri Jan 27 19:43:24 2012 -0500
5204
5205 Merge changes from pax-linux-3.2.2-test6.patch, fixes 0 order vmalloc allocation errors
5206 on loading modules with empty sections
5207
5208 commit 6c09fa566a7c29f00556ca12f343f2db91c4f42b
5209 Author: Brad Spengler <spender@grsecurity.net>
5210 Date: Fri Jan 27 19:42:13 2012 -0500
5211
5212 compile fix
5213
5214 commit 917ae526b4fcec2b3e1afefa13de9dff7d8a5423
5215 Author: Brad Spengler <spender@grsecurity.net>
5216 Date: Fri Jan 27 19:39:28 2012 -0500
5217
5218 use LSM flags instead of duplicating checks
5219
5220 commit 0cf3be2ea2ae43c9dd4933fb26c0429041b8acb8
5221 Merge: 44b9f11 558718b
5222 Author: Brad Spengler <spender@grsecurity.net>
5223 Date: Fri Jan 27 18:56:23 2012 -0500
5224
5225 Merge branch 'pax-test' into grsec-test
5226
5227 commit 558718b2217beff69edf60f34a6f9893d910e9ac
5228 Author: Brad Spengler <spender@grsecurity.net>
5229 Date: Fri Jan 27 18:56:04 2012 -0500
5230
5231 Merge changes from pax-linux-3.2.2-test6.patch
5232
5233 commit 44b9f1132b2de7cbf5f57525fe0f7f9fb0a76507
5234 Author: Brad Spengler <spender@grsecurity.net>
5235 Date: Fri Jan 27 18:53:55 2012 -0500
5236
5237 don't increase the size of task_struct when unnecessary
5238 change ptrace_readexec log message
5239
5240 commit a9c9626e054adb885883aa64f85506852894dd33
5241 Author: Brad Spengler <spender@grsecurity.net>
5242 Date: Fri Jan 27 18:16:28 2012 -0500
5243
5244 Update documentation for CONFIG_GRKERNSEC_PTRACE_READEXEC --
5245 the protection applies to all unreadable binaries.
5246
5247 commit 98fdf4ab69eba7a72efb2054295daafdbbc2fb8f
5248 Merge: 7b3f3af 05a1349
5249 Author: Brad Spengler <spender@grsecurity.net>
5250 Date: Wed Jan 25 20:52:09 2012 -0500
5251
5252 Merge branch 'pax-test' into grsec-test
5253
5254 Conflicts:
5255 block/scsi_ioctl.c
5256 drivers/scsi/sd.c
5257 fs/proc/base.c
5258
5259 commit 05a134966efb9cb9346ad3422888969ffc79ac1d
5260 Author: Brad Spengler <spender@grsecurity.net>
5261 Date: Wed Jan 25 20:47:36 2012 -0500
5262
5263 Resync with pax-linux-3.2.2-test5.patch
5264
5265 commit 5ecaafd81b229aeeb5656df36f9c8da86307f82a
5266 Merge: c6d443d 3499d64
5267 Author: Brad Spengler <spender@grsecurity.net>
5268 Date: Wed Jan 25 20:45:16 2012 -0500
5269
5270 Merge branch 'linux-3.2.y' into pax-test (and pax-linux-3.2.2-test5.patch)
5271
5272 Conflicts:
5273 ipc/shm.c
5274
5275 commit 7b3f3afd7444613c759d68ff8c2efaebfae3bab1
5276 Author: Brad Spengler <spender@grsecurity.net>
5277 Date: Tue Jan 24 19:42:01 2012 -0500
5278
5279 Add two new features, one is automatic by enabling CONFIG_GRKERNSEC
5280 (may be changed if it breaks some userland), the other has its own
5281 config option
5282
5283 First feature requires CAP_SYS_ADMIN to write to any sysctl entry via
5284 the syscall or /proc/sys.
5285
5286 Second feature requires read access to a suid/sgid binary in order
5287 to ptrace it, preventing infoleaking of binaries in situations where
5288 the admin has specified 4711 or 2711 perms. Feature has been
5289 given the config option CONFIG_GRKERNSEC_PTRACE_READEXEC and
5290 a sysctl entry of ptrace_readexec
5291
5292 commit 11a7bb25c411c9dccfdca5718639b4becdffd388
5293 Author: Brad Spengler <spender@grsecurity.net>
5294 Date: Sun Jan 22 14:37:10 2012 -0500
5295
5296 Compilation fixes
5297
5298 commit cd400e21c7c352baba47d6f375297a7847afb33a
5299 Author: Brad Spengler <spender@grsecurity.net>
5300 Date: Sun Jan 22 14:20:27 2012 -0500
5301
5302 Initial port of grsecurity 2.2.2 for Linux 3.2.1
5303 Note that the new syscalls added to this kernel for remote process read/write
5304 are subject to ptrace hardening/other relevant RBAC features
5305 /proc/slabinfo is S_IRUSR via mainline now, so I made slab_allocators S_IRUSR by default
5306 as well
5307 pax_track_stack has been removed from support for this kernel -- if you're running this kernel
5308 you should be using a version of gcc with plugin support
5309
5310 commit c6d443d1270f455c56a4ffe0f1dd3d3e7ec12a2f
5311 Author: Brad Spengler <spender@grsecurity.net>
5312 Date: Sun Jan 22 11:47:31 2012 -0500
5313
5314 Import pax-linux-3.2.1-test5.patch
5315 commit bfd7db842f835f9837cd43644459b3a95b0b488d
5316 Author: Brad Spengler <spender@grsecurity.net>
5317 Date: Sun Jan 22 11:02:02 2012 -0500
5318
5319 Allow processes to access others' /proc/pid/maps files (subject to the normal modification of data)
5320 instead of returning -EACCES
5321 thanks to Wraith from irc for the report
5322
5323 commit 873ac13576506cd48ddb527c2540f274e249da50
5324 Merge: 34083dd 8a44fcc
5325 Author: Brad Spengler <spender@grsecurity.net>
5326 Date: Fri Jan 20 18:04:02 2012 -0500
5327
5328 Merge branch 'pax-test' into grsec-test
5329
5330 commit 8a44fcc90cf3368003dc84e1ed013b2e4248c9b2
5331 Author: Brad Spengler <spender@grsecurity.net>
5332 Date: Fri Jan 20 18:02:15 2012 -0500
5333
5334 Merge the diff between pax-linux-3.2.1-test4.patch and pax-linux-3.2.1-test5.patch
5335 Denies executable shared memory when MPROTECT is active
5336 Fixes ia32 emulation crash on 64bit host introduced in a recent patch
5337
5338 commit 34083ddf5c0b2b1c0f5e9f7d9e32ddcba223446b
5339 Author: Brad Spengler <spender@grsecurity.net>
5340 Date: Thu Jan 19 20:23:14 2012 -0500
5341
5342 Introduce new GRKERNSEC_SETXID implementation
5343 We're not able to change the credentials of other threads in the process until at most
5344 one syscall after the first thread does it, since we mark the threads as needing rescheduling
5345 and such work occurs on syscall exit.
5346 This does however ensure that we're only modifying the current task's credentials
5347 which upholds RCU expectations
5348
5349 Many thanks to corsac for testing
5350
5351 commit 5f900ad54d3992a4e1cda88273acc2f897a42e71
5352 Author: Brad Spengler <spender@grsecurity.net>
5353 Date: Thu Jan 19 17:42:48 2012 -0500
5354
5355 Simplify backport
5356
5357 commit f02e444f7b2fb286f99d3b4031ff4e44a4606c37
5358 Author: Brad Spengler <spender@grsecurity.net>
5359 Date: Thu Jan 19 17:08:16 2012 -0500
5360
5361 Commit the latest silent fix for a local privilege escalation from Linus
5362 Also disable writing to /proc/pid/mem
5363 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e268337dfe26dfc7efd422a804dbb27977a3cccc
5364
5365 commit 814d38c72b1ee3338294576a05af4f6ca9cffa6c
5366 Merge: 0394a3f 7e6299b
5367 Author: Brad Spengler <spender@grsecurity.net>
5368 Date: Wed Jan 18 20:22:09 2012 -0500
5369
5370 Merge branch 'pax-test' into grsec-test
5371
5372 commit 7e6299b4733c082dde930375dd207b63237751ec
5373 Merge: 83555fb 9bb1282
5374 Author: Brad Spengler <spender@grsecurity.net>
5375 Date: Wed Jan 18 20:21:37 2012 -0500
5376
5377 Merge branch 'linux-3.1.y' into pax-test
5378
5379 commit 0394a3f36c6195dcaf22e265c94d11bb7338c6f7
5380 Author: Jesper Juhl <jj@chaosbits.net>
5381 Date: Sun Jan 8 22:44:29 2012 +0100
5382
5383 audit: always follow va_copy() with va_end()
5384
5385 A call to va_copy() should always be followed by a call to va_end() in
5386 the same function. In kernel/autit.c::audit_log_vformat() this is not
5387 always done. This patch makes sure va_end() is always called.
5388
5389 Signed-off-by: Jesper Juhl <jj@chaosbits.net>
5390 Cc: Al Viro <viro@zeniv.linux.org.uk>
5391 Cc: Eric Paris <eparis@redhat.com>
5392 Cc: Andrew Morton <akpm@linux-foundation.org>
5393 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
5394
5395 commit fcbb39319e88bfdf70efe3931cf80a9f23b1a4d9
5396 Author: Andi Kleen <ak@linux.intel.com>
5397 Date: Thu Jan 12 17:20:30 2012 -0800
5398
5399 panic: don't print redundant backtraces on oops
5400
5401 When an oops causes a panic and panic prints another backtrace it's pretty
5402 common to have the original oops data be scrolled away on a 80x50 screen.
5403
5404 The second backtrace is quite redundant and not needed anyways.
5405
5406 So don't print the panic backtrace when oops_in_progress is true.
5407
5408 [akpm@linux-foundation.org: add comment]
5409 Signed-off-by: Andi Kleen <ak@linux.intel.com>
5410 Cc: Michael Holzheu <holzheu@linux.vnet.ibm.com>
5411 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
5412 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
5413
5414 commit 22e4717d04333e2aff6d5d1b2c1b16045f367a1f
5415 Author: Miklos Szeredi <mszeredi@suse.cz>
5416 Date: Thu Jan 12 17:59:46 2012 +0100
5417
5418 fsnotify: don't BUG in fsnotify_destroy_mark()
5419
5420 Removing the parent of a watched file results in "kernel BUG at
5421 fs/notify/mark.c:139".
5422
5423 To reproduce
5424
5425 add "-w /tmp/audit/dir/watched_file" to audit.rules
5426 rm -rf /tmp/audit/dir
5427
5428 This is caused by fsnotify_destroy_mark() being called without an
5429 extra reference taken by the caller.
5430
5431 Reported by Francesco Cosoleto here:
5432
5433 https://bugzilla.novell.com/show_bug.cgi?id=689860
5434
5435 Fix by removing the BUG_ON and adding a comment about not accessing mark after
5436 the iput.
5437
5438 Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
5439 CC: stable@vger.kernel.org
5440 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
5441
5442 commit 1a90cff66ed00cd57bf00a990d13e95060fa362c
5443 Author: Paolo Bonzini <pbonzini@redhat.com>
5444 Date: Thu Jan 12 16:01:28 2012 +0100
5445
5446 block: fail SCSI passthrough ioctls on partition devices
5447
5448 Linux allows executing the SG_IO ioctl on a partition or LVM volume, and
5449 will pass the command to the underlying block device. This is
5450 well-known, but it is also a large security problem when (via Unix
5451 permissions, ACLs, SELinux or a combination thereof) a program or user
5452 needs to be granted access only to part of the disk.
5453
5454 This patch lets partitions forward a small set of harmless ioctls;
5455 others are logged with printk so that we can see which ioctls are
5456 actually sent. In my tests only CDROM_GET_CAPABILITY actually occurred.
5457 Of course it was being sent to a (partition on a) hard disk, so it would
5458 have failed with ENOTTY and the patch isn't changing anything in
5459 practice. Still, I'm treating it specially to avoid spamming the logs.
5460
5461 In principle, this restriction should include programs running with
5462 CAP_SYS_RAWIO. If for example I let a program access /dev/sda2 and
5463 /dev/sdb, it still should not be able to read/write outside the
5464 boundaries of /dev/sda2 independent of the capabilities. However, for
5465 now programs with CAP_SYS_RAWIO will still be allowed to send the
5466 ioctls. Their actions will still be logged.
5467
5468 This patch does not affect the non-libata IDE driver. That driver
5469 however already tests for bd != bd->bd_contains before issuing some
5470 ioctl; it could be restricted further to forbid these ioctls even for
5471 programs running with CAP_SYS_ADMIN/CAP_SYS_RAWIO.
5472
5473 Cc: linux-scsi@vger.kernel.org
5474 Cc: Jens Axboe <axboe@kernel.dk>
5475 Cc: James Bottomley <JBottomley@parallels.com>
5476 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5477 [ Make it also print the command name when warning - Linus ]
5478 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
5479
5480 commit b41a1178caa15bd7d6d5b36c04c7b1ead05717e2
5481 Author: Paolo Bonzini <pbonzini@redhat.com>
5482 Date: Thu Jan 12 16:01:27 2012 +0100
5483
5484 block: add and use scsi_blk_cmd_ioctl
5485
5486 Introduce a wrapper around scsi_cmd_ioctl that takes a block device.
5487
5488 The function will then be enhanced to detect partition block devices
5489 and, in that case, subject the ioctls to whitelisting.
5490
5491 Cc: linux-scsi@vger.kernel.org
5492 Cc: Jens Axboe <axboe@kernel.dk>
5493 Cc: James Bottomley <JBottomley@parallels.com>
5494 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5495 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
5496
5497 commit 97a79814903fc350e1d13704ea31528a42705401
5498 Author: Kees Cook <keescook@chromium.org>
5499 Date: Sat Jan 7 10:41:04 2012 -0800
5500
5501 audit: treat s_id as an untrusted string
5502
5503 The use of s_id should go through the untrusted string path, just to be
5504 extra careful.
5505
5506 Signed-off-by: Kees Cook <keescook@chromium.org>
5507 Acked-by: Mimi Zohar <zohar@us.ibm.com>
5508 Signed-off-by: Eric Paris <eparis@redhat.com>
5509
5510 commit 2d3f39e9dd73f26a8248fd4442f110d983c5b419
5511 Author: Xi Wang <xi.wang@gmail.com>
5512 Date: Tue Dec 20 18:39:41 2011 -0500
5513
5514 audit: fix signedness bug in audit_log_execve_info()
5515
5516 In the loop, a size_t "len" is used to hold the return value of
5517 audit_log_single_execve_arg(), which returns -1 on error. In that
5518 case the error handling (len <= 0) will be bypassed since "len" is
5519 unsigned, and the loop continues with (p += len) being wrapped.
5520 Change the type of "len" to signed int to fix the error handling.
5521
5522 size_t len;
5523 ...
5524 for (...) {
5525 len = audit_log_single_execve_arg(...);
5526 if (len <= 0)
5527 break;
5528 p += len;
5529 }
5530
5531 Signed-off-by: Xi Wang <xi.wang@gmail.com>
5532 Signed-off-by: Eric Paris <eparis@redhat.com>
5533
5534 commit 1b3dc2ea3204fb22b9d0d30b2b7953991f5be594
5535 Author: Dan Carpenter <dan.carpenter@oracle.com>
5536 Date: Tue Jan 17 03:28:51 2012 -0300
5537
5538 [media] ds3000: using logical && instead of bitwise &
5539
5540 The intent here was to test if the FE_HAS_LOCK was set. The current
5541 test is equivalent to "if (status) { ..."
5542
5543 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
5544 Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
5545
5546 commit 36522330dc59d2fc70c042f3f081d75c32b6259a
5547 Author: Brad Spengler <spender@grsecurity.net>
5548 Date: Mon Jan 16 13:10:38 2012 -0500
5549
5550 Ignore the 0 signal for protected task RBAC checks
5551
5552 commit d513acd55f7a683f6e146a4f570cdb63300479ab
5553 Author: Brad Spengler <spender@grsecurity.net>
5554 Date: Mon Jan 16 11:56:13 2012 -0500
5555
5556 whitespace cleanup
5557
5558 commit ced261c4b82818c700aff8487f647f6f3e5b5122
5559 Merge: d48751f 83555fb
5560 Author: Brad Spengler <spender@grsecurity.net>
5561 Date: Fri Jan 13 20:12:54 2012 -0500
5562
5563 Merge branch 'pax-test' into grsec-test
5564
5565 commit 83555fb431e5be6c0e09687ff3bdc583f0caf9d9
5566 Merge: fcd8129 93dad39
5567 Author: Brad Spengler <spender@grsecurity.net>
5568 Date: Fri Jan 13 20:12:43 2012 -0500
5569
5570 Merge branch 'linux-3.1.y' into pax-test
5571
5572 commit d48751f3919ae855fda0ff6c149db82442329253
5573 Author: Brad Spengler <spender@grsecurity.net>
5574 Date: Wed Jan 11 19:05:47 2012 -0500
5575
5576 Call our own set_user when forcing change to new id
5577
5578 commit 26d9d497f6b926bc1699980aa18c360a3d3c52a0
5579 Merge: e6578ff fcd8129
5580 Author: Brad Spengler <spender@grsecurity.net>
5581 Date: Tue Jan 10 16:00:10 2012 -0500
5582
5583 Merge branch 'pax-test' into grsec-test
5584
5585 commit fcd8129277601f2e2d5a2066120cf8b2472d7d1f
5586 Author: Brad Spengler <spender@grsecurity.net>
5587 Date: Tue Jan 10 15:58:43 2012 -0500
5588
5589 Merge changes from pax-linux-3.1.8-test23.patch
5590
5591 commit e6578ff3e7629c432ed9b99bde6af2a1c00279b5
5592 Merge: 8859ec3 a120549
5593 Author: Brad Spengler <spender@grsecurity.net>
5594 Date: Fri Jan 6 21:45:56 2012 -0500
5595
5596 Merge branch 'pax-test' into grsec-test
5597
5598 commit a12054967a77090de1caa07c41e694a77db4e237
5599 Author: Brad Spengler <spender@grsecurity.net>
5600 Date: Fri Jan 6 21:45:30 2012 -0500
5601
5602 Merge changes from pax-linux-3.1.8-test22.patch
5603
5604 commit 8859ec32f9815c274df65448f9f2960176c380d3
5605 Merge: a5016b4 ddd4114
5606 Author: Brad Spengler <spender@grsecurity.net>
5607 Date: Fri Jan 6 21:26:08 2012 -0500
5608
5609 Merge branch 'pax-test' into grsec-test
5610
5611 Conflicts:
5612 fs/binfmt_elf.c
5613 security/Kconfig
5614
5615 commit ddd41147e158a79704983a409b7433eba797cf66
5616 Author: Brad Spengler <spender@grsecurity.net>
5617 Date: Fri Jan 6 21:12:42 2012 -0500
5618
5619 Resync with PaX patch (whitespace difference)
5620
5621 commit 29e569df8205c5f0e043fe4803aa984406c8b118
5622 Author: Brad Spengler <spender@grsecurity.net>
5623 Date: Fri Jan 6 21:09:47 2012 -0500
5624
5625 Merge changes from pax-linux-3.1.8-test21.patch
5626
5627 commit a5016b4f9c09c337b17e063a7f369af1e86d944d
5628 Merge: 0124c92 04231d5
5629 Author: Brad Spengler <spender@grsecurity.net>
5630 Date: Fri Jan 6 18:52:20 2012 -0500
5631
5632 Merge branch 'pax-test' into grsec-test
5633
5634 commit 04231d52dc8d0d6788a6bc6709dc046d3eb37097
5635 Merge: 7bdddeb a919904
5636 Author: Brad Spengler <spender@grsecurity.net>
5637 Date: Fri Jan 6 18:51:50 2012 -0500
5638
5639 Merge branch 'linux-3.1.y' into pax-test
5640
5641 Conflicts:
5642 include/net/flow.h
5643
5644 commit 0124c9264234c450904a0a5fa2f8c608ab8e3796
5645 Author: Brad Spengler <spender@grsecurity.net>
5646 Date: Fri Jan 6 18:33:05 2012 -0500
5647
5648 Make GRKERNSEC_SETXID option compatible with credential debugging
5649
5650 commit 69919c6da7cf8a781439da15b597a7d6bc9b3abe
5651 Author: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
5652 Date: Wed Dec 28 15:57:11 2011 -0800
5653
5654 mm/mempolicy.c: refix mbind_range() vma issue
5655
5656 commit 8aacc9f550 ("mm/mempolicy.c: fix pgoff in mbind vma merge") is the
5657 slightly incorrect fix.
5658
5659 Why? Think following case.
5660
5661 1. map 4 pages of a file at offset 0
5662
5663 [0123]
5664
5665 2. map 2 pages just after the first mapping of the same file but with
5666 page offset 2
5667
5668 [0123][23]
5669
5670 3. mbind() 2 pages from the first mapping at offset 2.
5671 mbind_range() should treat new vma is,
5672
5673 [0123][23]
5674 |23|
5675 mbind vma
5676
5677 but it does
5678
5679 [0123][23]
5680 |01|
5681 mbind vma
5682
5683 Oops. then, it makes wrong vma merge and splitting ([01][0123] or similar).
5684
5685 This patch fixes it.
5686
5687 [testcase]
5688 test result - before the patch
5689
5690 case4: 126: test failed. expect '2,4', actual '2,2,2'
5691 case5: passed
5692 case6: passed
5693 case7: passed
5694 case8: passed
5695 case_n: 246: test failed. expect '4,2', actual '1,4'
5696
5697 ------------[ cut here ]------------
5698 kernel BUG at mm/filemap.c:135!
5699 invalid opcode: 0000 [#4] SMP DEBUG_PAGEALLOC
5700
5701 (snip long bug on messages)
5702
5703 test result - after the patch
5704
5705 case4: passed
5706 case5: passed
5707 case6: passed
5708 case7: passed
5709 case8: passed
5710 case_n: passed
5711
5712 source: mbind_vma_test.c
5713 ============================================================
5714 #include <numaif.h>
5715 #include <numa.h>
5716 #include <sys/mman.h>
5717 #include <stdio.h>
5718 #include <unistd.h>
5719 #include <stdlib.h>
5720 #include <string.h>
5721
5722 static unsigned long pagesize;
5723 void* mmap_addr;
5724 struct bitmask *nmask;
5725 char buf[1024];
5726 FILE *file;
5727 char retbuf[10240] = "";
5728 int mapped_fd;
5729
5730 char *rubysrc = "ruby -e '\
5731 pid = %d; \
5732 vstart = 0x%llx; \
5733 vend = 0x%llx; \
5734 s = `pmap -q #{pid}`; \
5735 rary = []; \
5736 s.each_line {|line|; \
5737 ary=line.split(\" \"); \
5738 addr = ary[0].to_i(16); \
5739 if(vstart <= addr && addr < vend) then \
5740 rary.push(ary[1].to_i()/4); \
5741 end; \
5742 }; \
5743 print rary.join(\",\"); \
5744 '";
5745
5746 void init(void)
5747 {
5748 void* addr;
5749 char buf[128];
5750
5751 nmask = numa_allocate_nodemask();
5752 numa_bitmask_setbit(nmask, 0);
5753
5754 pagesize = getpagesize();
5755
5756 sprintf(buf, "%s", "mbind_vma_XXXXXX");
5757 mapped_fd = mkstemp(buf);
5758 if (mapped_fd == -1)
5759 perror("mkstemp "), exit(1);
5760 unlink(buf);
5761
5762 if (lseek(mapped_fd, pagesize*8, SEEK_SET) < 0)
5763 perror("lseek "), exit(1);
5764 if (write(mapped_fd, "\0", 1) < 0)
5765 perror("write "), exit(1);
5766
5767 addr = mmap(NULL, pagesize*8, PROT_NONE,
5768 MAP_SHARED, mapped_fd, 0);
5769 if (addr == MAP_FAILED)
5770 perror("mmap "), exit(1);
5771
5772 if (mprotect(addr+pagesize, pagesize*6, PROT_READ|PROT_WRITE) < 0)
5773 perror("mprotect "), exit(1);
5774
5775 mmap_addr = addr + pagesize;
5776
5777 /* make page populate */
5778 memset(mmap_addr, 0, pagesize*6);
5779 }
5780
5781 void fin(void)
5782 {
5783 void* addr = mmap_addr - pagesize;
5784 munmap(addr, pagesize*8);
5785
5786 memset(buf, 0, sizeof(buf));
5787 memset(retbuf, 0, sizeof(retbuf));
5788 }
5789
5790 void mem_bind(int index, int len)
5791 {
5792 int err;
5793
5794 err = mbind(mmap_addr+pagesize*index, pagesize*len,
5795 MPOL_BIND, nmask->maskp, nmask->size, 0);
5796 if (err)
5797 perror("mbind "), exit(err);
5798 }
5799
5800 void mem_interleave(int index, int len)
5801 {
5802 int err;
5803
5804 err = mbind(mmap_addr+pagesize*index, pagesize*len,
5805 MPOL_INTERLEAVE, nmask->maskp, nmask->size, 0);
5806 if (err)
5807 perror("mbind "), exit(err);
5808 }
5809
5810 void mem_unbind(int index, int len)
5811 {
5812 int err;
5813
5814 err = mbind(mmap_addr+pagesize*index, pagesize*len,
5815 MPOL_DEFAULT, NULL, 0, 0);
5816 if (err)
5817 perror("mbind "), exit(err);
5818 }
5819
5820 void Assert(char *expected, char *value, char *name, int line)
5821 {
5822 if (strcmp(expected, value) == 0) {
5823 fprintf(stderr, "%s: passed\n", name);
5824 return;
5825 }
5826 else {
5827 fprintf(stderr, "%s: %d: test failed. expect '%s', actual '%s'\n",
5828 name, line,
5829 expected, value);
5830 // exit(1);
5831 }
5832 }
5833
5834 /*
5835 AAAA
5836 PPPPPPNNNNNN
5837 might become
5838 PPNNNNNNNNNN
5839 case 4 below
5840 */
5841 void case4(void)
5842 {
5843 init();
5844 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5845
5846 mem_bind(0, 4);
5847 mem_unbind(2, 2);
5848
5849 file = popen(buf, "r");
5850 fread(retbuf, sizeof(retbuf), 1, file);
5851 Assert("2,4", retbuf, "case4", __LINE__);
5852
5853 fin();
5854 }
5855
5856 /*
5857 AAAA
5858 PPPPPPNNNNNN
5859 might become
5860 PPPPPPPPPPNN
5861 case 5 below
5862 */
5863 void case5(void)
5864 {
5865 init();
5866 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5867
5868 mem_bind(0, 2);
5869 mem_bind(2, 2);
5870
5871 file = popen(buf, "r");
5872 fread(retbuf, sizeof(retbuf), 1, file);
5873 Assert("4,2", retbuf, "case5", __LINE__);
5874
5875 fin();
5876 }
5877
5878 /*
5879 AAAA
5880 PPPPNNNNXXXX
5881 might become
5882 PPPPPPPPPPPP 6
5883 */
5884 void case6(void)
5885 {
5886 init();
5887 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5888
5889 mem_bind(0, 2);
5890 mem_bind(4, 2);
5891 mem_bind(2, 2);
5892
5893 file = popen(buf, "r");
5894 fread(retbuf, sizeof(retbuf), 1, file);
5895 Assert("6", retbuf, "case6", __LINE__);
5896
5897 fin();
5898 }
5899
5900 /*
5901 AAAA
5902 PPPPNNNNXXXX
5903 might become
5904 PPPPPPPPXXXX 7
5905 */
5906 void case7(void)
5907 {
5908 init();
5909 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5910
5911 mem_bind(0, 2);
5912 mem_interleave(4, 2);
5913 mem_bind(2, 2);
5914
5915 file = popen(buf, "r");
5916 fread(retbuf, sizeof(retbuf), 1, file);
5917 Assert("4,2", retbuf, "case7", __LINE__);
5918
5919 fin();
5920 }
5921
5922 /*
5923 AAAA
5924 PPPPNNNNXXXX
5925 might become
5926 PPPPNNNNNNNN 8
5927 */
5928 void case8(void)
5929 {
5930 init();
5931 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5932
5933 mem_bind(0, 2);
5934 mem_interleave(4, 2);
5935 mem_interleave(2, 2);
5936
5937 file = popen(buf, "r");
5938 fread(retbuf, sizeof(retbuf), 1, file);
5939 Assert("2,4", retbuf, "case8", __LINE__);
5940
5941 fin();
5942 }
5943
5944 void case_n(void)
5945 {
5946 init();
5947 sprintf(buf, rubysrc, getpid(), mmap_addr, mmap_addr+pagesize*6);
5948
5949 /* make redundunt mappings [0][1234][34][7] */
5950 mmap(mmap_addr + pagesize*4, pagesize*2, PROT_READ|PROT_WRITE,
5951 MAP_FIXED|MAP_SHARED, mapped_fd, pagesize*3);
5952
5953 /* Expect to do nothing. */
5954 mem_unbind(2, 2);
5955
5956 file = popen(buf, "r");
5957 fread(retbuf, sizeof(retbuf), 1, file);
5958 Assert("4,2", retbuf, "case_n", __LINE__);
5959
5960 fin();
5961 }
5962
5963 int main(int argc, char** argv)
5964 {
5965 case4();
5966 case5();
5967 case6();
5968 case7();
5969 case8();
5970 case_n();
5971
5972 return 0;
5973 }
5974 =============================================================
5975
5976 Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
5977 Acked-by: Johannes Weiner <hannes@cmpxchg.org>
5978 Cc: Minchan Kim <minchan.kim@gmail.com>
5979 Cc: Caspar Zhang <caspar@casparzhang.com>
5980 Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
5981 Cc: Christoph Lameter <cl@linux.com>
5982 Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
5983 Cc: Mel Gorman <mel@csn.ul.ie>
5984 Cc: Lee Schermerhorn <lee.schermerhorn@hp.com>
5985 Cc: <stable@vger.kernel.org> [3.1.x]
5986 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
5987 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
5988
5989 commit f3a1082005781777086df235049f8c0b7efe524e
5990 Author: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
5991 Date: Tue Dec 27 22:32:41 2011 -0500
5992
5993 packet: fix possible dev refcnt leak when bind fail
5994
5995 If bind is fail when bind is called after set PACKET_FANOUT
5996 sock option, the dev refcnt will leak.
5997
5998 Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
5999 Signed-off-by: David S. Miller <davem@davemloft.net>
6000
6001 commit 915f8b08dac68839dc7204ee81cf9852fda16d24
6002 Author: Haogang Chen <haogangchen@gmail.com>
6003 Date: Mon Dec 19 17:11:56 2011 -0800
6004
6005 nilfs2: potential integer overflow in nilfs_ioctl_clean_segments()
6006
6007 There is a potential integer overflow in nilfs_ioctl_clean_segments().
6008 When a large argv[n].v_nmembs is passed from the userspace, the subsequent
6009 call to vmalloc() will allocate a buffer smaller than expected, which
6010 leads to out-of-bound access in nilfs_ioctl_move_blocks() and
6011 lfs_clean_segments().
6012
6013 The following check does not prevent the overflow because nsegs is also
6014 controlled by the userspace and could be very large.
6015
6016 if (argv[n].v_nmembs > nsegs * nilfs->ns_blocks_per_segment)
6017 goto out_free;
6018
6019 This patch clamps argv[n].v_nmembs to UINT_MAX / argv[n].v_size, and
6020 returns -EINVAL when overflow.
6021
6022 Signed-off-by: Haogang Chen <haogangchen@gmail.com>
6023 Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
6024 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
6025 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
6026
6027 commit 006afb6eb7a7398edc0068c3a7b9510ffaf80f72
6028 Author: Kautuk Consul <consul.kautuk@gmail.com>
6029 Date: Mon Dec 19 17:12:04 2011 -0800
6030
6031 mm/vmalloc.c: remove static declaration of va from __get_vm_area_node
6032
6033 Static storage is not required for the struct vmap_area in
6034 __get_vm_area_node.
6035
6036 Removing "static" to store this variable on the stack instead.
6037
6038 Signed-off-by: Kautuk Consul <consul.kautuk@gmail.com>
6039 Acked-by: David Rientjes <rientjes@google.com>
6040 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
6041 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
6042
6043 commit 461ecdf221edb089e5fa0d5563e1688cd0a36f66
6044 Author: Michel Lespinasse <walken@google.com>
6045 Date: Mon Dec 19 17:12:06 2011 -0800
6046
6047 binary_sysctl(): fix memory leak
6048
6049 binary_sysctl() calls sysctl_getname() which allocates from names_cache
6050 slab usin __getname()
6051
6052 The matching function to free the name is __putname(), and not putname()
6053 which should be used only to match getname() allocations.
6054
6055 This is because when auditing is enabled, putname() calls audit_putname
6056 *instead* (not in addition) to __putname(). Then, if a syscall is in
6057 progress, audit_putname does not release the name - instead, it expects
6058 the name to get released when the syscall completes, but that will happen
6059 only if audit_getname() was called previously, i.e. if the name was
6060 allocated with getname() rather than the naked __getname(). So,
6061 __getname() followed by putname() ends up leaking memory.
6062
6063 Signed-off-by: Michel Lespinasse <walken@google.com>
6064 Acked-by: Al Viro <viro@zeniv.linux.org.uk>
6065 Cc: Christoph Hellwig <hch@infradead.org>
6066 Cc: Eric Paris <eparis@redhat.com>
6067 Cc: <stable@vger.kernel.org>
6068 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
6069 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
6070
6071 commit 0a2cd3ef50c0bae70d59c74a77db0455d26fde56
6072 Author: Sean Hefty <sean.hefty@intel.com>
6073 Date: Tue Dec 6 21:17:11 2011 +0000
6074
6075 RDMA/cma: Verify private data length
6076
6077 private_data_len is defined as a u8. If the user specifies a large
6078 private_data size (> 220 bytes), we will calculate a total length that
6079 exceeds 255, resulting in private_data_len wrapping back to 0. This
6080 can lead to overwriting random kernel memory. Avoid this by verifying
6081 that the resulting size fits into a u8.
6082
6083 Reported-by: B. Thery <benjamin.thery@bull.net>
6084 Addresses: <http://bugs.openfabrics.org/bugzilla/show_bug.cgi?id=2335>
6085 Signed-off-by: Sean Hefty <sean.hefty@intel.com>
6086 Signed-off-by: Roland Dreier <roland@purestorage.com>
6087
6088 commit 6b618c54aaec99078629ec5b9575cb7d6fc31176
6089 Author: Xi Wang <xi.wang@gmail.com>
6090 Date: Sun Dec 11 23:40:56 2011 -0800
6091
6092 Input: cma3000_d0x - fix signedness bug in cma3000_thread_irq()
6093
6094 The error check (intr_status < 0) didn't work because intr_status is
6095 a u8. Change its type to signed int.
6096
6097 Signed-off-by: Xi Wang <xi.wang@gmail.com>
6098 Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
6099
6100 commit e27f34e383d7863b2528a63b81b23db09781f6b6
6101 Author: Xi Wang <xi.wang@gmail.com>
6102 Date: Fri Dec 16 12:44:15 2011 +0000
6103
6104 sctp: fix incorrect overflow check on autoclose
6105
6106 Commit 8ffd3208 voids the previous patches f6778aab and 810c0719 for
6107 limiting the autoclose value. If userspace passes in -1 on 32-bit
6108 platform, the overflow check didn't work and autoclose would be set
6109 to 0xffffffff.
6110
6111 This patch defines a max_autoclose (in seconds) for limiting the value
6112 and exposes it through sysctl, with the following intentions.
6113
6114 1) Avoid overflowing autoclose * HZ.
6115
6116 2) Keep the default autoclose bound consistent across 32- and 64-bit
6117 platforms (INT_MAX / HZ in this patch).
6118
6119 3) Keep the autoclose value consistent between setsockopt() and
6120 getsockopt() calls.
6121
6122 Suggested-by: Vlad Yasevich <vladislav.yasevich@hp.com>
6123 Signed-off-by: Xi Wang <xi.wang@gmail.com>
6124 Signed-off-by: David S. Miller <davem@davemloft.net>
6125
6126 commit 8ebdfaad2f46ff0ac9fef9858e436bcc712a1ac8
6127 Author: Xi Wang <xi.wang@gmail.com>
6128 Date: Wed Dec 21 05:18:33 2011 -0500
6129
6130 vmwgfx: fix incorrect VRAM size check in vmw_kms_fb_create()
6131
6132 Commit e133e737 didn't correctly fix the integer overflow issue.
6133
6134 - unsigned int required_size;
6135 + u64 required_size;
6136 ...
6137 required_size = mode_cmd->pitch * mode_cmd->height;
6138 - if (unlikely(required_size > dev_priv->vram_size)) {
6139 + if (unlikely(required_size > (u64) dev_priv->vram_size)) {
6140
6141 Note that both pitch and height are u32. Their product is still u32 and
6142 would overflow before being assigned to required_size. A correct way is
6143 to convert pitch and height to u64 before the multiplication.
6144
6145 required_size = (u64)mode_cmd->pitch * (u64)mode_cmd->height;
6146
6147 This patch calls the existing vmw_kms_validate_mode_vram() for
6148 validation.
6149
6150 Signed-off-by: Xi Wang <xi.wang@gmail.com>
6151 Reviewed-and-tested-by: Thomas Hellstrom <thellstrom@vmware.com>
6152 Signed-off-by: Dave Airlie <airlied@redhat.com>
6153
6154 Conflicts:
6155
6156 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
6157
6158 commit eb8f0bd01fb994c9abc77dc84729794cd841753d
6159 Author: Xi Wang <xi.wang@gmail.com>
6160 Date: Thu Dec 22 13:35:22 2011 +0000
6161
6162 rps: fix insufficient bounds checking in store_rps_dev_flow_table_cnt()
6163
6164 Setting a large rps_flow_cnt like (1 << 30) on 32-bit platform will
6165 cause a kernel oops due to insufficient bounds checking.
6166
6167 if (count > 1<<30) {
6168 /* Enforce a limit to prevent overflow */
6169 return -EINVAL;
6170 }
6171 count = roundup_pow_of_two(count);
6172 table = vmalloc(RPS_DEV_FLOW_TABLE_SIZE(count));
6173
6174 Note that the macro RPS_DEV_FLOW_TABLE_SIZE(count) is defined as:
6175
6176 ... + (count * sizeof(struct rps_dev_flow))
6177
6178 where sizeof(struct rps_dev_flow) is 8. (1 << 30) * 8 will overflow
6179 32 bits.
6180
6181 This patch replaces the magic number (1 << 30) with a symbolic bound.
6182
6183 Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
6184 Signed-off-by: Xi Wang <xi.wang@gmail.com>
6185 Signed-off-by: David S. Miller <davem@davemloft.net>
6186
6187 commit 648188958672024b616c42c1f6c98c8cfc85619d
6188 Author: Xi Wang <xi.wang@gmail.com>
6189 Date: Fri Dec 30 10:40:17 2011 -0500
6190
6191 netfilter: ctnetlink: fix timeout calculation
6192
6193 The sanity check (timeout < 0) never works; the dividend is unsigned
6194 and so is the division, which should have been a signed division.
6195
6196 long timeout = (ct->timeout.expires - jiffies) / HZ;
6197 if (timeout < 0)
6198 timeout = 0;
6199
6200 This patch converts the time values to signed for the division.
6201
6202 Signed-off-by: Xi Wang <xi.wang@gmail.com>
6203 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
6204
6205 commit ab03a0973cee73f88655ff4981812ad316a6cd59
6206 Merge: 76f82df 7bdddeb
6207 Author: Brad Spengler <spender@grsecurity.net>
6208 Date: Tue Jan 3 17:42:50 2012 -0500
6209
6210 Merge branch 'pax-test' into grsec-test
6211
6212 commit 7bdddebd9d274a344a1c57a561152160c9e9a32a
6213 Merge: 3e59cb5 55cc81a
6214 Author: Brad Spengler <spender@grsecurity.net>
6215 Date: Tue Jan 3 17:42:36 2012 -0500
6216
6217 Merge branch 'linux-3.1.y' into pax-test
6218
6219 commit 76f82df18ba181687f454426fa9ced7a92b2ac1f
6220 Author: Brad Spengler <spender@grsecurity.net>
6221 Date: Thu Dec 22 20:15:02 2011 -0500
6222
6223 Only further restrict futex targeting another process -- our modified
6224 permission check also happened to allow a case where a process retaining
6225 uid 0 could issue futex syscalls against other uid 0 tasks, despite the euid
6226 being non-zero (reported on forums by ben_w)
6227
6228 commit 6b235a4450a5fea41663ec35fa0608988b6078c6
6229 Merge: 97c16f0 3e59cb5
6230 Author: Brad Spengler <spender@grsecurity.net>
6231 Date: Thu Dec 22 19:11:06 2011 -0500
6232
6233 Merge branch 'pax-test' into grsec-test
6234
6235 Conflicts:
6236 fs/hfs/btree.c
6237
6238 commit 3e59cb503d4ca6ce0954b8d3eb508cf7d1a31f50
6239 Merge: 285eb4e c26f60b
6240 Author: Brad Spengler <spender@grsecurity.net>
6241 Date: Thu Dec 22 19:09:57 2011 -0500
6242
6243 Merge branch 'linux-3.1.y' into pax-test
6244
6245 Conflicts:
6246 arch/x86/kernel/process.c
6247
6248 commit 97c16f0fcff592160c1787bd1c56ae7ad070ac17
6249 Author: Brad Spengler <spender@grsecurity.net>
6250 Date: Mon Dec 19 21:54:01 2011 -0500
6251
6252 Add new option: "Enforce consistent multithreaded privileges"
6253
6254 commit 7d125a16a5245b2bafc9184b8f93e864394ba1cb
6255 Author: Brad Spengler <spender@grsecurity.net>
6256 Date: Wed Dec 7 19:58:31 2011 -0500
6257
6258 Remove harmless duplicate code -- exec_file would be null already so the
6259 second check would never pass.
6260
6261 commit 4e3304e94aa72737810bc50169519af157dce4ce
6262 Author: Brad Spengler <spender@grsecurity.net>
6263 Date: Wed Dec 7 19:50:39 2011 -0500
6264
6265 Revert back to (possibly?) undocumented /proc/pid behavior that gdb
6266 depended on for attaching to a thread. Entries exist in /proc for
6267 threads, but are not visible in a readdir.
6268
6269 commit 1bd899335f23815cfe8deac44c6b346398f3b95e
6270 Author: Brad Spengler <spender@grsecurity.net>
6271 Date: Sun Dec 4 18:03:28 2011 -0500
6272
6273 Put the already-walked path if in RCU-walk mode
6274
6275 commit ec7ae36b7159f10649709779443a988662965d66
6276 Author: Brad Spengler <spender@grsecurity.net>
6277 Date: Sun Dec 4 17:35:21 2011 -0500
6278
6279 Fix memory leak introduced by recent (unpublished) commit
6280 75ab998b94a29d464518d6d501bdde3fbfcbfa14
6281
6282 commit 1e2318a8ea2e67eaf17236be374b5da8a5ba5e04
6283 Author: Brad Spengler <spender@grsecurity.net>
6284 Date: Sun Dec 4 13:56:10 2011 -0500
6285
6286 Explicitly check size copied to userland in override_release to silence gcc
6287
6288 commit c30a85d0fff67e0724e726febb934c0b6fa01c6c
6289 Author: Brad Spengler <spender@grsecurity.net>
6290 Date: Sun Dec 4 13:54:02 2011 -0500
6291
6292 Initialize variable to silence erroneous gcc warning
6293
6294 commit 2cf8e7a3bf4e97b2cd3de9ebc453bc505dc7eb78
6295 Author: Brad Spengler <spender@grsecurity.net>
6296 Date: Sun Dec 4 13:47:47 2011 -0500
6297
6298 Future-proof other potential RCU-aware locations where we can log.
6299
6300 commit 0c904e8c7ea0338c47c7ae825e093a152dc8f8a8
6301 Author: Brad Spengler <spender@grsecurity.net>
6302 Date: Sun Dec 4 13:02:54 2011 -0500
6303
6304 Fix freeze reported by 'vs' on the forums. Bug occurred due to
6305 MAY_NOT_BLOCK added to Linux 3.1. Our logging code, when a capability used
6306 in generic_permission() was in the task's effective set but disallowed by
6307 RBAC, would block when acquiring locks resulting in the freeze.
6308
6309 Also update the ordering of checks so that CAP_DAC_READ_SEARCH isn't logged
6310 as being required when CAP_DAC_OVERRIDE is present (consistent with
6311 older patches).
6312
6313 commit ab694e5eccfbc369baa593ebc1269d1908cf16dc
6314 Author: Xi Wang <xi.wang@gmail.com>
6315 Date: Tue Nov 29 09:26:30 2011 +0000
6316
6317 sctp: better integer overflow check in sctp_auth_create_key()
6318
6319 The check from commit 30c2235c is incomplete and cannot prevent
6320 cases like key_len = 0x80000000 (INT_MAX + 1). In that case, the
6321 left-hand side of the check (INT_MAX - key_len), which is unsigned,
6322 becomes 0xffffffff (UINT_MAX) and bypasses the check.
6323
6324 However this shouldn't be a security issue. The function is called
6325 from the following two code paths:
6326
6327 1) setsockopt()
6328
6329 2) sctp_auth_asoc_set_secret()
6330
6331 In case (1), sca_keylength is never going to exceed 65535 since it's
6332 bounded by a u16 from the user API. As such, the key length will
6333 never overflow.
6334
6335 In case (2), sca_keylength is computed based on the user key (1 short)
6336 and 2 * key_vector (3 shorts) for a total of 7 * USHRT_MAX, which still
6337 will not overflow.
6338
6339 In other words, this overflow check is not really necessary. Just
6340 make it more correct.
6341
6342 Signed-off-by: Xi Wang <xi.wang@gmail.com>
6343 Cc: Vlad Yasevich <vladislav.yasevich@hp.com>
6344 Signed-off-by: David S. Miller <davem@davemloft.net>
6345
6346 commit e565e28c3635a1d50f80541fbf6b606d742fec76
6347 Author: Josh Boyer <jwboyer@redhat.com>
6348 Date: Fri Aug 19 14:50:26 2011 -0400
6349
6350 fs/minix: Verify bitmap block counts before mounting
6351
6352 Newer versions of MINIX can create filesystems that allocate an extra
6353 bitmap block. Mounting of this succeeds, but doing a statfs call will
6354 result in an oops in count_free because of a negative number being used
6355 for the bh index.
6356
6357 Avoid this by verifying the number of allocated blocks at mount time,
6358 erroring out if there are not enough and make statfs ignore the extras
6359 if there are too many.
6360
6361 This fixes https://bugzilla.kernel.org/show_bug.cgi?id=18792
6362
6363 Signed-off-by: Josh Boyer <jwboyer@redhat.com>
6364 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
6365
6366 commit 6e134e398ec1a3f428261680e83df4319e64bed9
6367 Author: Julia Lawall <julia@diku.dk>
6368 Date: Tue Nov 15 14:53:11 2011 -0800
6369
6370 drivers/gpu/vga/vgaarb.c: add missing kfree
6371
6372 kbuf is a buffer that is local to this function, so all of the error paths
6373 leaving the function should release it.
6374
6375 Signed-off-by: Julia Lawall <julia@diku.dk>
6376 Cc: Jesper Juhl <jj@chaosbits.net>
6377 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
6378 Signed-off-by: Dave Airlie <airlied@redhat.com>
6379
6380 commit 2b9057b321e36860e8d63985b5c4e496f254b717
6381 Author: Brad Spengler <spender@grsecurity.net>
6382 Date: Sat Dec 3 21:33:28 2011 -0500
6383
6384 Import changes between pax-linux-3.1.4-test18.patch and grsecurity-2.2.2-3.1.4-201112021740.patch
6385
6386 commit 5dfe6091dca281a456eaff5e7b4692d768a05cfd
6387 Author: Brad Spengler <spender@grsecurity.net>
6388 Date: Sat Dec 3 21:29:37 2011 -0500
6389
6390 Import pax-linux-3.1.4-test18.patch
6391
6392 commit 285eb4ea45d853ae00426b3315a61c1368080dad
6393 Author: Brad Spengler <spender@grsecurity.net>
6394 Date: Sat Dec 10 18:33:46 2011 -0500
6395
6396 Import changes from pax-linux-3.1.5-test20.patch
6397
6398 commit a6bda918fc90ec1d5c387e978d147ad2044153f1
6399 Author: Brad Spengler <spender@grsecurity.net>
6400 Date: Thu Dec 8 20:55:54 2011 -0500
6401
6402 Import changes from pax-linux-3.1.4-test19.patch
6403
6404 commit e6d987bdb782b280f882cc20055e3d9cb28ad3a5
6405 Author: Brad Spengler <spender@grsecurity.net>
6406 Date: Sat Dec 3 21:29:37 2011 -0500
6407
6408 Import pax-linux-3.1.4-test18.patch
Unofficial grsecurity patch archive (https://github.com/slashbeast/grsecurity-scrape)