-commit fb01fbebffb6d1f8210eaa6166edfca5bdde33bb
-Author: Rui Wang <rui.y.wang@intel.com>
-Date: Mon Dec 15 11:28:26 2014 -0800
+commit 3be3bc0f3a7b5164cd3c53a3999d8c3ef3dd1137
+Author: Al Viro <viro@ZenIV.linux.org.uk>
+Date: Fri Mar 20 17:41:43 2015 +0000
+
+ Yet another upstream vulnerablity cover-up. While it seems some sendmsg
+ handlers will end up in memcpy_iovec which will perform the access_ok()
+ Al has added, clearly Al is aware of at least one path where that doesn't
+ happen and this becomes an easy arbitrary kernel read/write. One would think
+ this would warrant more than a single-line commit message, but apparently this
+ is just business as usual in Linux kernel development.
+
+ net: validate the range we feed to iov_iter_init() in sys_sendto/sys_recvfrom
+
+ Cc: stable@vger.kernel.org # v3.19
+ Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+ Signed-off-by: David S. Miller <davem@davemloft.net>
+
+ net/socket.c | 4 ++++
+ 1 files changed, 4 insertions(+), 0 deletions(-)
+
+commit 98399b6d44c4d4ef984b4f00f4cf1926a48728e4
+Merge: 2b322d8 45fce33
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Wed Mar 18 21:10:43 2015 -0400
- drm: fb helper should avoid sleeping in panic context
+ Merge branch 'pax-test' into grsec-test
- There are still some places in the fb helper that need to avoid
- sleeping in panic context. Here's an example:
+ Conflicts:
+ tools/gcc/size_overflow_plugin/size_overflow_hash.data
+
+commit 45fce33b1193db854cf35c70a0c737c2ab245158
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Wed Mar 18 21:09:47 2015 -0400
+
+ Update to pax-linux-3.19.2-test11.patch
+
+ .../size_overflow_plugin/size_overflow_hash.data | 5 ++++-
+ 1 files changed, 4 insertions(+), 1 deletions(-)
+
+commit 2b322d8b6b7db6bafe8e5ae7ba64664ede510204
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Wed Mar 18 20:40:07 2015 -0400
+
+ update size_overflow hash table
+
+ .../size_overflow_plugin/size_overflow_hash.data | 2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+commit 2c2ab6d2b4c3f341c450c6adbcb573c734b6e950
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Wed Mar 18 19:54:15 2015 -0400
+
+ From: Shachar Raindel <raindel () mellanox com>
+ Date: Sun, 04 Jan 2015 18:30:32 +0200
+ Subject: [PATCH] IB/core: Prevent integer overflow in ib_umem_get address arithmetic
- [ 65.615496] bad: scheduling from the idle thread!
- [ 65.620747] CPU: 92 PID: 0 Comm: swapper/92 Tainted: G M E 3.18.0-rc4-7-default+ #20
+ Properly verify that the resulting page aligned end address is larger
+ than both the start address and the length of the memory area
+ requested.
- [ 65.630364] Hardware name: Intel Corporation BRICKLAND/BRICKLAND, BIOS
- BRHSXSD1.86B.0056.R01.1409242327 09/24/2014
- [ 65.641923] ffff88087f693d80 ffff88087f689878 ffffffff81566db9 0000000000000000
- [ 65.650226] ffff88087f693d80 ffff88087f689898 ffffffff810871ff ffff88046eb3e0d0
- [ 65.658527] ffff88087f693d80 ffff88087f6898c8 ffffffff8107c1fa 000000017f6898b8
- [ 65.666830] Call Trace:
- [ 65.669557] <#MC> [<ffffffff81566db9>] dump_stack+0x46/0x58
- [ 65.675994] [<ffffffff810871ff>] dequeue_task_idle+0x2f/0x40
- [ 65.682412] [<ffffffff8107c1fa>] dequeue_task+0x5a/0x80
- [ 65.688345] [<ffffffff810804f3>] deactivate_task+0x23/0x30
- [ 65.694569] [<ffffffff81569050>] __schedule+0x580/0x7f0
- [ 65.700502] [<ffffffff81569739>] schedule_preempt_disabled+0x29/0x70
- [ 65.707696] [<ffffffff8156abb6>] __ww_mutex_lock_slowpath+0xb8/0x162
- [ 65.714891] [<ffffffff8156acb3>] __ww_mutex_lock+0x53/0x85
- [ 65.721125] [<ffffffffa00b3a5d>] drm_modeset_lock+0x3d/0x110 [drm]
- [ 65.728132] [<ffffffffa00b3c2a>] __drm_modeset_lock_all+0x8a/0x120 [drm]
- [ 65.735721] [<ffffffffa00b3cd0>] drm_modeset_lock_all+0x10/0x30 [drm]
- [ 65.743015] [<ffffffffa01af8bf>] drm_fb_helper_pan_display+0x2f/0xf0 [drm_kms_helper]
- [ 65.751857] [<ffffffff8132bd21>] fb_pan_display+0xd1/0x1a0
- [ 65.758081] [<ffffffff81326010>] bit_update_start+0x20/0x50
- [ 65.764400] [<ffffffff813259f2>] fbcon_switch+0x3a2/0x550
- [ 65.770528] [<ffffffff813a01c9>] redraw_screen+0x189/0x240
- [ 65.776750] [<ffffffff81322f8a>] fbcon_blank+0x20a/0x2d0
- [ 65.782778] [<ffffffff8137d359>] ? erst_writer+0x209/0x330
- [ 65.789002] [<ffffffff810ba2f3>] ? internal_add_timer+0x63/0x80
- [ 65.795710] [<ffffffff810bc137>] ? mod_timer+0x127/0x1e0
- [ 65.801740] [<ffffffff813a0cd8>] do_unblank_screen+0xa8/0x1d0
- [ 65.808255] [<ffffffff813a0e10>] unblank_screen+0x10/0x20
- [ 65.814381] [<ffffffff812ca0d9>] bust_spinlocks+0x19/0x40
- [ 65.820508] [<ffffffff81561ca7>] panic+0x106/0x1f5
- [ 65.825955] [<ffffffff8102336c>] mce_panic+0x2ac/0x2e0
- [ 65.831789] [<ffffffff812c796a>] ? delay_tsc+0x4a/0x80
- [ 65.837625] [<ffffffff81024e1f>] do_machine_check+0xbaf/0xbf0
- [ 65.844138] [<ffffffff813365d7>] ? intel_idle+0xc7/0x150
- [ 65.850166] [<ffffffff8156f03f>] machine_check+0x1f/0x30
- [ 65.856195] [<ffffffff813365d7>] ? intel_idle+0xc7/0x150
- [ 65.862222] <<EOE>> [<ffffffff814283d5>] cpuidle_enter_state+0x55/0x170
- [ 65.869823] [<ffffffff814285a7>] cpuidle_enter+0x17/0x20
- [ 65.875852] [<ffffffff81097b08>] cpu_startup_entry+0x2d8/0x370
- [ 65.882467] [<ffffffff8102fe29>] start_secondary+0x159/0x180
+ Both the start and length arguments for ib_umem_get are controlled by
+ the user. A misbehaving user can provide values which will cause an
+ integer overflow when calculating the page aligned end address.
- There's __drm_modeset_lock_all() which Daniel Vetter introduced for this
- purpose. We can leverage that without reinventing anything. This patch
- works with the latest kernel.
+ This overflow can cause also miscalculation of the number of pages
+ mapped, and additional logic issues.
- Reviewed-by: Rob Clark <robdclark@gmail.com>
- Tested-by: Tony Luck <tony.luck@intel.com>
- Signed-off-by: Rui Wang <rui.y.wang@intel.com>
- Signed-off-by: Dave Airlie <airlied@redhat.com>
+ Signed-off-by: Shachar Raindel <raindel () mellanox com>
+ Signed-off-by: Jack Morgenstein <jackm () mellanox com>
+ Signed-off-by: Or Gerlitz <ogerlitz () mellanox com>
- drivers/gpu/drm/drm_fb_helper.c | 8 ++++++--
- 1 files changed, 6 insertions(+), 2 deletions(-)
+ drivers/infiniband/core/umem.c | 8 ++++++++
+ 1 files changed, 8 insertions(+), 0 deletions(-)
-commit 0d88f3760b464fc528b59bf1a6fcf799bacd13c5
-Author: Louis Langholtz <lou_langholtz@me.com>
-Date: Thu Jan 15 22:04:46 2015 -0700
+commit 75e97c11e86afb0a2f30a98e21c365c35d2383f8
+Author: Oliver Hartkopp <socketcan@hartkopp.net>
+Date: Mon Feb 23 20:37:54 2015 +0100
- kernel: avoid overflow in cmp_range
+ can: add missing initialisations in CAN related skbuffs
- Avoid overflow possibility.
+ When accessing CAN network interfaces with AF_PACKET sockets e.g. by dhclient
+ this can lead to a skb_under_panic due to missing skb initialisations.
- [ The overflow is purely theoretical, since this is used for memory
- ranges that aren't even close to using the full 64 bits, but this is
- the right thing to do regardless. - Linus ]
+ Add the missing initialisations at the CAN skbuff creation times on driver
+ level (rx path) and in the network layer (tx path).
- Signed-off-by: Louis Langholtz <lou_langholtz@me.com>
- Cc: Yinghai Lu <yinghai@kernel.org>
- Cc: Peter Anvin <hpa@linux.intel.com>
- Cc: Andrew Morton <akpm@linux-foundation.org>
- Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+ Reported-by: Austin Schuh <austin@peloton-tech.com>
+ Reported-by: Daniel Steer <daniel.steer@mclaren.com>
+ Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
+ Cc: linux-stable <stable@vger.kernel.org>
+ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
- kernel/range.c | 10 +++++-----
- 1 files changed, 5 insertions(+), 5 deletions(-)
+ drivers/net/can/dev.c | 8 ++++++++
+ net/can/af_can.c | 3 +++
+ 2 files changed, 11 insertions(+), 0 deletions(-)
-commit 11f40af0c88fe2d46f29b02ac434033147cfd7a6
-Author: Dan Carpenter <dan.carpenter@oracle.com>
-Date: Mon Jan 19 22:34:51 2015 +0300
+commit 5aa58ea29056fd17fe74f498ede17386d39fbe7d
+Author: Alexey Kodanev <alexey.kodanev@oracle.com>
+Date: Wed Mar 11 14:29:17 2015 +0300
- s2io: use snprintf() as a safety feature
+ net: sysctl_net_core: check SNDBUF and RCVBUF for min length
- "sp->desc[i]" has 25 characters. "dev->name" has 15 characters. If we
- used all 15 characters then the sprintf() would overflow.
+ sysctl has sysctl.net.core.rmem_*/wmem_* parameters which can be
+ set to incorrect values. Given that 'struct sk_buff' allocates from
+ rcvbuf, incorrectly set buffer length could result to memory
+ allocation failures. For example, set them as follows:
- I changed the "sprintf(sp->name, "%s Neterion %s"" to snprintf(), as
- well, even though it can't overflow just to be consistent.
+ # sysctl net.core.rmem_default=64
+ net.core.wmem_default = 64
+ # sysctl net.core.wmem_default=64
+ net.core.wmem_default = 64
+ # ping localhost -s 1024 -i 0 > /dev/null
- Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+ This could result to the following failure:
+
+ skbuff: skb_over_panic: text:ffffffff81628db4 len:-32 put:-32
+ head:ffff88003a1cc200 data:ffff88003a1cc200 tail:0xffffffe0 end:0xc0 dev:<NULL>
+ kernel BUG at net/core/skbuff.c:102!
+ invalid opcode: 0000 [#1] SMP
+ ...
+ task: ffff88003b7f5550 ti: ffff88003ae88000 task.ti: ffff88003ae88000
+ RIP: 0010:[<ffffffff8155fbd1>] [<ffffffff8155fbd1>] skb_put+0xa1/0xb0
+ RSP: 0018:ffff88003ae8bc68 EFLAGS: 00010296
+ RAX: 000000000000008d RBX: 00000000ffffffe0 RCX: 0000000000000000
+ RDX: ffff88003fdcf598 RSI: ffff88003fdcd9c8 RDI: ffff88003fdcd9c8
+ RBP: ffff88003ae8bc88 R08: 0000000000000001 R09: 0000000000000000
+ R10: 0000000000000001 R11: 00000000000002b2 R12: 0000000000000000
+ R13: 0000000000000000 R14: ffff88003d3f7300 R15: ffff88000012a900
+ FS: 00007fa0e2b4a840(0000) GS:ffff88003fc00000(0000) knlGS:0000000000000000
+ CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+ CR2: 0000000000d0f7e0 CR3: 000000003b8fb000 CR4: 00000000000006f0
+ Stack:
+ ffff88003a1cc200 00000000ffffffe0 00000000000000c0 ffffffff818cab1d
+ ffff88003ae8bd68 ffffffff81628db4 ffff88003ae8bd48 ffff88003b7f5550
+ ffff880031a09408 ffff88003b7f5550 ffff88000012aa48 ffff88000012ab00
+ Call Trace:
+ [<ffffffff81628db4>] unix_stream_sendmsg+0x2c4/0x470
+ [<ffffffff81556f56>] sock_write_iter+0x146/0x160
+ [<ffffffff811d9612>] new_sync_write+0x92/0xd0
+ [<ffffffff811d9cd6>] vfs_write+0xd6/0x180
+ [<ffffffff811da499>] SyS_write+0x59/0xd0
+ [<ffffffff81651532>] system_call_fastpath+0x12/0x17
+ Code: 00 00 48 89 44 24 10 8b 87 c8 00 00 00 48 89 44 24 08 48 8b 87 d8 00
+ 00 00 48 c7 c7 30 db 91 81 48 89 04 24 31 c0 e8 4f a8 0e 00 <0f> 0b
+ eb fe 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 48 83
+ RIP [<ffffffff8155fbd1>] skb_put+0xa1/0xb0
+ RSP <ffff88003ae8bc68>
+ Kernel panic - not syncing: Fatal exception
+
+ Moreover, the possible minimum is 1, so we can get another kernel panic:
+ ...
+ BUG: unable to handle kernel paging request at ffff88013caee5c0
+ IP: [<ffffffff815604cf>] __alloc_skb+0x12f/0x1f0
+ ...
+
+ Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
- drivers/net/ethernet/neterion/s2io.c | 11 ++++++++---
- 1 files changed, 8 insertions(+), 3 deletions(-)
+ net/core/sysctl_net_core.c | 10 ++++++----
+ 1 files changed, 6 insertions(+), 4 deletions(-)
-commit 539d1710f0ae193679e10ea7df5168db441f2f10
-Author: Willem de Bruijn <willemb@google.com>
-Date: Thu Jan 15 13:18:40 2015 -0500
+commit 5b9ecb5f6bcd7b85cc8b76164719123f8c64da8f
+Author: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Sun Mar 15 13:48:03 2015 +0300
- ip: zero sockaddr returned on error queue
-
- The sockaddr is returned in IP(V6)_RECVERR as part of errhdr. That
- structure is defined and allocated on the stack as
+ isdn: icn: use strlcpy() when parsing setup options
- struct {
- struct sock_extended_err ee;
- struct sockaddr_in(6) offender;
- } errhdr;
+ If you pass an invalid string here then you probably deserve the memory
+ corruption, but it annoys static analysis tools so lets fix it.
- The second part is only initialized for certain SO_EE_ORIGIN values.
- Always initialize it completely.
+ Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+ Signed-off-by: David S. Miller <davem@davemloft.net>
+
+ drivers/isdn/icn/icn.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+commit ede54a5201fcf67ffa2ebfd2e82cc56ee8e337ea
+Author: Eric Dumazet <edumazet@google.com>
+Date: Fri Mar 13 09:49:59 2015 -0700
+
+ inet_diag: fix possible overflow in inet_diag_dump_one_icsk()
- An MTU exceeded error on a SOCK_RAW/IPPROTO_RAW is one example that
- would return uninitialized bytes.
+ inet_diag_dump_one_icsk() allocates too small skb.
- Signed-off-by: Willem de Bruijn <willemb@google.com>
+ Add inet_sk_attr_size() helper right before inet_sk_diag_fill()
+ so that it can be updated if/when new attributes are added.
- ----
+ iproute2/ss currently does not use this dump_one() interface,
+ this might explain nobody noticed this problem yet.
- Also verified that there is no padding between errhdr.ee and
- errhdr.offender that could leak additional kernel data.
- Acked-by: Eric Dumazet <edumazet@google.com>
+ Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-
- Conflicts:
-
- net/ipv4/ip_sockglue.c
- net/ipv6/datagram.c
- net/ipv4/ip_sockglue.c | 9 +++------
- net/ipv6/datagram.c | 10 +++-------
- 2 files changed, 6 insertions(+), 13 deletions(-)
+ net/ipv4/inet_diag.c | 18 +++++++++++++++---
+ 1 files changed, 15 insertions(+), 3 deletions(-)
-commit 56cfaa1524a3db4087952784fb2fdef7ef1132ca
-Author: Hagen Paul Pfeifer <hagen@jauu.net>
-Date: Thu Jan 15 22:34:25 2015 +0100
+commit e2ec5b7531eb5f4f3d4da424e67eca6f4cc89fff
+Author: Arnd Bergmann <arnd@arndb.de>
+Date: Wed Mar 11 22:46:59 2015 +0100
- ipv6: stop sending PTB packets for MTU < 1280
+ rds: avoid potential stack overflow
- Reduce the attack vector and stop generating IPv6 Fragment Header for
- paths with an MTU smaller than the minimum required IPv6 MTU
- size (1280 byte) - called atomic fragments.
+ The rds_iw_update_cm_id function stores a large 'struct rds_sock' object
+ on the stack in order to pass a pair of addresses. This happens to just
+ fit withint the 1024 byte stack size warning limit on x86, but just
+ exceed that limit on ARM, which gives us this warning:
- See IETF I-D "Deprecating the Generation of IPv6 Atomic Fragments" [1]
- for more information and how this "feature" can be misused.
+ net/rds/iw_rdma.c:200:1: warning: the frame size of 1056 bytes is larger than 1024 bytes [-Wframe-larger-than=]
- [1] https://tools.ietf.org/html/draft-ietf-6man-deprecate-atomfrag-generation-00
+ As the use of this large variable is basically bogus, we can rearrange
+ the code to not do that. Instead of passing an rds socket into
+ rds_iw_get_device, we now just pass the two addresses that we have
+ available in rds_iw_update_cm_id, and we change rds_iw_get_mr accordingly,
+ to create two address structures on the stack there.
- Signed-off-by: Fernando Gont <fgont@si6networks.com>
- Signed-off-by: Hagen Paul Pfeifer <hagen@jauu.net>
- Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
+ Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+ Acked-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
- net/ipv6/route.c | 7 ++-----
- 1 files changed, 2 insertions(+), 5 deletions(-)
+ net/rds/iw_rdma.c | 40 ++++++++++++++++++++++------------------
+ 1 files changed, 22 insertions(+), 18 deletions(-)
-commit 6ce03791b81bc4ed4c91b46acaed045992ba07cb
-Merge: 6c35153 d347167
+commit 1677f6c0fb75090ade7f6a112e59dbadeb6d3408
+Merge: 257f3c5 67c007c
Author: Brad Spengler <spender@grsecurity.net>
-Date: Sun Jan 18 21:25:31 2015 -0500
+Date: Wed Mar 18 17:54:21 2015 -0400
Merge branch 'pax-test' into grsec-test
Conflicts:
- mm/mmap.c
+ fs/proc/inode.c
-commit d347167f5cd3ff8035d860791b84bb879db48ce8
-Merge: 211425e 219b188
+commit 67c007c5973ecc721098eacec609e658ebeaef02
+Merge: b92787a 660613d
Author: Brad Spengler <spender@grsecurity.net>
-Date: Sun Jan 18 21:24:22 2015 -0500
+Date: Wed Mar 18 17:51:15 2015 -0400
- Update to pax-linux-3.18.3-test8.patch:
- - fixed early crash of Xen domU when SSP is enabled (e.g., the default Arch kernel), reported by badchemist
-
- Merge branch 'linux-3.18.y' into pax-test
-
- Conflicts:
- mm/memory.c
+ Merge branch 'linux-3.19.y' into pax-test
-commit 6c35153995bdd60b32b70dcfeed600c74263dd2d
+commit 257f3c5bfec90810079bb7d9d7dea8d7d2500d35
+Merge: 8d02e6e b92787a
Author: Brad Spengler <spender@grsecurity.net>
-Date: Wed Jan 14 22:48:11 2015 -0500
+Date: Mon Mar 16 17:47:23 2015 -0400
- Allow the admin role and subjects with ptrace override ability to
- view /proc/pid/mem, /proc/pid/fd, and /proc/pid/cmdline of tasks
- with "d" in their subject mode. Thanks to tjh for the report!
-
- grsecurity/gracl_fs.c | 4 +++-
- 1 files changed, 3 insertions(+), 1 deletions(-)
+ Merge branch 'pax-test' into grsec-test
-commit c2583282e9d195cd171fc594ecc31efe4ef1b72c
+commit b92787ab69f95b55ba4a941838f8b39e94dc37f7
Author: Brad Spengler <spender@grsecurity.net>
-Date: Wed Jan 14 21:47:00 2015 -0500
+Date: Mon Mar 16 17:46:58 2015 -0400
- Fix some instances of dma-on-stack reported by xxterry1xx on the forums
+ Update to pax-linux-3.19.1-test11.patch:
+ - fixed a false positive size overflow report that triggered while resizing an ext4 file system, reported by Mathias Krause <minipli@googlemail.com>
- drivers/staging/line6/driver.c | 16 ++++++++++++----
- drivers/staging/line6/toneport.c | 13 ++++++++++---
- 2 files changed, 22 insertions(+), 7 deletions(-)
+ fs/ext4/resize.c | 16 +++++++++-------
+ 1 files changed, 9 insertions(+), 7 deletions(-)
-commit b7ced885089a10a753947796e99fa10954b83319
-Merge: 4b01fb5 211425e
+commit 8d02e6e58dec394dda0c922709e1d1c096b4a2b6
Author: Brad Spengler <spender@grsecurity.net>
-Date: Tue Jan 13 21:11:01 2015 -0500
+Date: Fri Mar 13 07:36:16 2015 -0400
- Merge branch 'pax-test' into grsec-test
+ Add CAP_AUDIT_READ, as reported by Sverd Johnsen
-commit 211425e153d85eb1cf55c34f55b247ac0c64fed2
-Author: Brad Spengler <spender@grsecurity.net>
-Date: Tue Jan 13 21:09:56 2015 -0500
+ grsecurity/grsec_exec.c | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
- Update to pax-linux-3.18.2-test7.patch:
- - fixed STACKLEAK/SCHED_STACK_END_CHECK interference, reported by Toralf Förster (https://bugs.gentoo.org/show_bug.cgi?id=536514) and KDE (http://forums.grsecurity.net/viewtopic.php?f=3&t=4121)
-
- arch/x86/kernel/entry_32.S | 1 +
- arch/x86/kernel/entry_64.S | 1 +
- arch/x86/kernel/process_32.c | 2 +-
- arch/x86/kernel/process_64.c | 2 +-
- fs/exec.c | 2 +-
- 5 files changed, 5 insertions(+), 3 deletions(-)
-
-commit 4b01fb58d70e5f540f06d567486bb7a93f50b02c
-Merge: 7f3251a fdecfb6
+commit fe273ddc232e8deb8be979eaa952bbe92724faf7
+Merge: 696b99c 52c4efc
Author: Brad Spengler <spender@grsecurity.net>
-Date: Mon Jan 12 18:46:19 2015 -0500
+Date: Thu Mar 12 19:27:04 2015 -0400
Merge branch 'pax-test' into grsec-test
+
+ Conflicts:
+ mm/vmalloc.c
-commit fdecfb6eb46a64d2892df8d36ada0ef1128262bf
+commit 52c4efc327661a90e10d7e54faeb8b9998e27179
Author: Brad Spengler <spender@grsecurity.net>
-Date: Mon Jan 12 18:45:45 2015 -0500
-
- Update to pax-linux-3.18.2-test6.patch:
- - fixed some more REFCOUNT/arm fallout, reported by Michael Tremer <michael.tremer@ipfire.org>
- - fixed some CONSTIFY fallout triggered on arm
+Date: Thu Mar 12 19:23:05 2015 -0400
+
+ Update to pax-linux-3.19.1-test10.patch:
+ - the new size overflow plugin caught kernfs_fop_write incorrectly using an error return value to adjust a file position, reported by jww
+ - fixed some compile regressions on arm, reported by Michael Tremer <michael.tremer@ipfire.org>
+ - fixed module unload regression under KERNEXEC/i386, reported by x14sg1 (https://forums.grsecurity.net/viewtopic.php?f=3&t=4162)
+ - Emese made the handling of cloned functions a bit more robust
+
+ arch/arm/mach-exynos/suspend.c | 7 +++-
+ arch/arm/mach-omap2/omap-smp.c | 1 +
+ arch/arm/mach-tegra/irq.c | 1 +
+ arch/arm/mach-ux500/pm.c | 1 +
+ arch/arm/mach-zynq/platsmp.c | 1 +
+ drivers/of/fdt.c | 4 ++-
+ fs/kernfs/file.c | 2 +-
+ mm/vmalloc.c | 34 +++++++++++++++++---
+ tools/gcc/size_overflow_plugin/misc.c | 4 +-
+ .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
+ 10 files changed, 45 insertions(+), 12 deletions(-)
+
+commit 696b99cacf606e736e59af8de87a071a3f435184
+Merge: f1c8c97 b741487
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Tue Mar 10 22:19:50 2015 -0400
- arch/arm/include/asm/atomic.h | 2 +-
- drivers/base/power/domain.c | 4 +++-
- drivers/gpio/gpio-omap.c | 2 +-
- drivers/irqchip/irq-renesas-intc-irqpin.c | 2 +-
- 4 files changed, 6 insertions(+), 4 deletions(-)
+ Merge branch 'pax-test' into grsec-test
-commit 7f3251a8864fdf56ff6491d8bf2e61e46a469e47
+commit b741487c0b303a2d72c1439c24d91060b42c5ba2
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Tue Mar 10 22:19:32 2015 -0400
+
+ Update to pax-linux-3.19.1-test7.patch:
+ - small cleanup/speedup to the size overflow plugin from Emese
+ - updated size overflow hash table from Emese and spender
+ - fixed a compile regression in gcc plugins under gcc 4.6, reported by Kamil Kaczkowski and spender
+ - fixed a compile regression in the amd xgbe driver, reported by spender
+
+ drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 2 +-
+ tools/gcc/gcc-common.h | 2 +-
+ tools/gcc/size_overflow_plugin/misc.c | 9 +-
+ .../size_overflow_plugin/size_overflow_hash.data | 1779 +++++++++++++++-----
+ .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
+ 5 files changed, 1407 insertions(+), 387 deletions(-)
+
+commit f1c8c9705fb0badde64ae9490529983f37caba81
Author: Brad Spengler <spender@grsecurity.net>
-Date: Mon Jan 12 08:18:02 2015 -0500
+Date: Tue Mar 10 22:17:16 2015 -0400
- don't shadow the 'dentry' variable and cause failures in the recent warning
- fix, thanks to orfheo from the forums for the report
+ Fix module unloading, reported by x14sg1 on the forums:
+ https://forums.grsecurity.net/viewtopic.php?t=4162&p=15072#p15072
+ patch is from the PaX Team
- fs/kernfs/dir.c | 4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
+ mm/vmalloc.c | 32 +++++++++++++++++++++++++++-----
+ 1 files changed, 27 insertions(+), 5 deletions(-)
-commit 1c6b0f4b4d7b777e36ec7c8a951b89634bcef7df
+commit 502394d685898a6103d7e6b1f534ea97484738af
Author: Brad Spengler <spender@grsecurity.net>
-Date: Sun Jan 11 13:52:30 2015 -0500
+Date: Mon Mar 9 21:31:02 2015 -0400
update size_overflow hash table
- .../size_overflow_plugin/size_overflow_hash.data | 1 +
- 1 files changed, 1 insertions(+), 0 deletions(-)
+ .../size_overflow_plugin/size_overflow_hash.data | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
-commit a39389bb3df907976655f63a5aae0514f4035515
-Merge: e49c726 1a560c4
+commit fb49b8a14b89d7bb0fb56c25caf819ecee9c84db
Author: Brad Spengler <spender@grsecurity.net>
-Date: Sun Jan 11 13:23:31 2015 -0500
-
- Merge branch 'pax-test' into grsec-test
+Date: Mon Mar 9 20:40:34 2015 -0400
-commit 1a560c4208f9be7c01fef67783ba6946150b439b
-Merge: 2c69335 e609d3f
-Author: Brad Spengler <spender@grsecurity.net>
-Date: Sun Jan 11 13:23:06 2015 -0500
+ update size_overflow hash
- Update to pax-linux-3.18.2-test5.patch
-
- Merge branch 'linux-3.18.y' into pax-test
-
- Conflicts:
- arch/x86/kernel/process_64.c
+ .../size_overflow_plugin/size_overflow_hash.data | 9 ++++++++-
+ 1 files changed, 8 insertions(+), 1 deletions(-)
-commit e49c72679aaa6d28e582f8f024b60c9c19873e14
+commit 250eebbb55183ace7d6583ddf05623a8a19a8460
Author: Brad Spengler <spender@grsecurity.net>
-Date: Sun Jan 11 09:46:33 2015 -0500
+Date: Mon Mar 9 19:54:36 2015 -0400
- squelch a harmless compiler warning
+ compile fix
- drivers/iommu/amd_iommu.c | 2 +-
+ drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
-commit 2feaa349b30f65f6e13239347fed280d74313f3f
+commit dc55425f835591e5c498c5209bac3d235e3c7db6
Author: Brad Spengler <spender@grsecurity.net>
-Date: Sun Jan 11 09:36:06 2015 -0500
+Date: Mon Mar 9 18:44:26 2015 -0400
- properly return zero if the kernfs lookup succeeded
+ disable SO_ATTACH_BPF, not that it's likely usable anyway since the bpf syscall is disabled under GRKERNSEC_BPF_HARDEN
- fs/kernfs/dir.c | 6 ++++--
- 1 files changed, 4 insertions(+), 2 deletions(-)
+ net/core/sock.c | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
-commit 3a3020372a34cad35de74c473129acd3a0cc5e79
-Merge: 8dd18fa 2c69335
+commit 4e110acc5e0ed434171d2bb3d5b11a11f3aac138
Author: Brad Spengler <spender@grsecurity.net>
-Date: Sun Jan 4 18:51:47 2015 -0500
+Date: Mon Mar 9 18:26:00 2015 -0400
- Merge branch 'pax-test' into grsec-test
-
- Conflicts:
- arch/x86/kernel/espfix_64.c
-
-commit 2c69335e1b38ad0070e30c8c44f2cc5e809b361e
-Author: Brad Spengler <spender@grsecurity.net>
-Date: Sun Jan 4 18:45:48 2015 -0500
+ Fix compilation with plugins, reported by Kamil Kaczkowski. Apparently the version
+ of gcc 4.6.4 being shipped with some distros is different from that produced by
+ source builds in that it places the c-common.h header file in a different directory.
+ We'll now choose the path used by distros for compatibility reasons.
- Update to pax-linux-3.18.1-test5.patch:
- - fixed compile regression on armv5, reported by iamb (http://forums.grsecurity.net/viewtopic.php?f=3&t=4112)
- - fixed kernel stack corruption in iret fault handling under RANDKSTACK/amd64, triggered by Andy Lutomirski's linux-clock-tests suite (sigreturn_32)
- - removed superfluous section attr on espfix_pud_page, reported by spender
-
- arch/arm/include/asm/atomic.h | 16 +++++++++++-----
- arch/x86/kernel/espfix_64.c | 3 +--
- arch/x86/kernel/traps.c | 3 +++
- 3 files changed, 15 insertions(+), 7 deletions(-)
+ tools/gcc/gcc-common.h | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
-commit 8dd18fa6be65105a316f7987e45526470d8fcf60
-Author: Jan Kara <jack@suse.cz>
-Date: Fri Dec 19 14:27:55 2014 +0100
+commit 6ed2b5850b009bbd58cbc44865698a473ebcadab
+Author: Johan Hovold <johan@kernel.org>
+Date: Wed Mar 4 10:39:05 2015 +0100
- udf: Check component length before reading it
+ USB: serial: fix infinite wait_until_sent timeout
+
+ Make sure to handle an infinite timeout (0).
+
+ Note that wait_until_sent is currently never called with a 0-timeout
+ argument due to a bug in tty_wait_until_sent.
- Check that length specified in a component of a symlink fits in the
- input buffer we are reading. Also properly ignore component length for
- component types that do not use it. Otherwise we read memory after end
- of buffer for corrupted udf image.
+ Fixes: dcf010503966 ("USB: serial: add generic wait_until_sent
+ implementation")
+ Cc: stable <stable@vger.kernel.org> # v3.10
- Reported-by: Carl Henrik Lunde <chlunde@ping.uio.no>
- CC: stable@vger.kernel.org
- Signed-off-by: Jan Kara <jack@suse.cz>
+ Signed-off-by: Johan Hovold <johan@kernel.org>
+ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
- fs/udf/symlink.c | 9 +++++++--
- 1 files changed, 7 insertions(+), 2 deletions(-)
+ drivers/usb/serial/generic.c | 5 +++--
+ 1 files changed, 3 insertions(+), 2 deletions(-)
-commit b6b13f2d5f4bcde6d9470866c94c7beaa54b1a91
-Author: Jan Kara <jack@suse.cz>
-Date: Thu Dec 18 22:37:50 2014 +0100
+commit f2ef089fa057449882dcd5a507b11f7d2660a54f
+Author: Johan Hovold <johan@kernel.org>
+Date: Wed Mar 4 10:39:06 2015 +0100
- udf: Check path length when reading symlink
+ TTY: fix tty_wait_until_sent on 64-bit machines
- Symlink reading code does not check whether the resulting path fits into
- the page provided by the generic code. This isn't as easy as just
- checking the symlink size because of various encoding conversions we
- perform on path. So we have to check whether there is still enough space
- in the buffer on the fly.
+ Fix overflow bug in tty_wait_until_sent on 64-bit machines, where an
+ infinite timeout (0) would be passed to the underlying tty-driver's
+ wait_until_sent-operation as a negative timeout (-1), causing it to
+ return immediately.
- CC: stable@vger.kernel.org
- Reported-by: Carl Henrik Lunde <chlunde@ping.uio.no>
- Signed-off-by: Jan Kara <jack@suse.cz>
-
- fs/udf/dir.c | 3 ++-
- fs/udf/namei.c | 3 ++-
- fs/udf/symlink.c | 31 ++++++++++++++++++++++++++-----
- fs/udf/udfdecl.h | 3 ++-
- fs/udf/unicode.c | 28 ++++++++++++++++------------
- 5 files changed, 48 insertions(+), 20 deletions(-)
-
-commit 81525439cc99a2ee4d87cec702f619d294006212
-Author: Jan Kara <jack@suse.cz>
-Date: Fri Dec 19 12:21:47 2014 +0100
-
- udf: Verify symlink size before loading it
+ This manifests itself for example as tcdrain() returning immediately,
+ drivers not honouring the drain flags when setting terminal attributes,
+ or even dropped data on close as a requested infinite closing-wait
+ timeout would be ignored.
- UDF specification allows arbitrarily large symlinks. However we support
- only symlinks at most one block large. Check the length of the symlink
- so that we don't access memory beyond end of the symlink block.
+ The first symptom was reported by Asier LLANO who noted that tcdrain()
+ returned prematurely when using the ftdi_sio usb-serial driver.
- CC: stable@vger.kernel.org
- Reported-by: Carl Henrik Lunde <chlunde@gmail.com>
- Signed-off-by: Jan Kara <jack@suse.cz>
+ Fix this by passing 0 rather than MAX_SCHEDULE_TIMEOUT (LONG_MAX) to the
+ underlying tty driver.
+
+ Note that the serial-core wait_until_sent-implementation is not affected
+ by this bug due to a lucky chance (comparison to an unsigned maximum
+ timeout), and neither is the cyclades one that had an explicit check for
+ negative timeouts, but all other tty drivers appear to be affected.
+
+ Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+ Cc: stable <stable@vger.kernel.org> # v2.6.12
+ Reported-by: ZIV-Asier Llano Palacios <asier.llano@cgglobal.com>
+ Signed-off-by: Johan Hovold <johan@kernel.org>
+ Reviewed-by: Peter Hurley <peter@hurleysoftware.com>
+ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
- fs/udf/symlink.c | 17 +++++++++++++----
- 1 files changed, 13 insertions(+), 4 deletions(-)
+ drivers/tty/tty_ioctl.c | 12 +++++++++---
+ 1 files changed, 9 insertions(+), 3 deletions(-)
-commit 18cd73a23de8439773bc9c189507cba535a45700
-Author: Jan Kara <jack@suse.cz>
-Date: Fri Dec 19 12:03:53 2014 +0100
+commit e6f835d291e717ea23201cbccbd5d5e4506aa5b5
+Author: Al Viro <viro@ZenIV.linux.org.uk>
+Date: Sat Mar 7 21:08:46 2015 +0000
- udf: Verify i_size when loading inode
+ sunrpc: fix braino in ->poll()
- Verify that inode size is sane when loading inode with data stored in
- ICB. Otherwise we may get confused later when working with the inode and
- inode size is too big.
+ POLL_OUT isn't what callers of ->poll() are expecting to see; it's
+ actually __SI_POLL | 2 and it's a siginfo code, not a poll bitmap
+ bit...
- CC: stable@vger.kernel.org
- Reported-by: Carl Henrik Lunde <chlunde@ping.uio.no>
- Signed-off-by: Jan Kara <jack@suse.cz>
+ Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+ Cc: stable@vger.kernel.org
+ Cc: Bruce Fields <bfields@fieldses.org>
+ Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
- fs/udf/inode.c | 14 ++++++++++++++
- 1 files changed, 14 insertions(+), 0 deletions(-)
+ net/sunrpc/cache.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
-commit 4621a1d5804594d09381f21b05741803da6c647a
-Author: Jan Kara <jack@suse.cz>
-Date: Thu Dec 18 17:26:10 2014 +0100
+commit d4d03577179f074f2ed88c2fe9651c5eea081dce
+Author: Quentin Casasnovas <quentin.casasnovas@oracle.com>
+Date: Tue Mar 3 16:31:38 2015 +0100
- isofs: Fix unchecked printing of ER records
+ Btrfs:__add_inode_ref: out of bounds memory read when looking for extended ref.
- We didn't check length of rock ridge ER records before printing them.
- Thus corrupted isofs image can cause us to access and print some memory
- behind the buffer with obvious consequences.
+ Improper arithmetics when calculting the address of the extended ref could
+ lead to an out of bounds memory read and kernel panic.
- Reported-and-tested-by: Carl Henrik Lunde <chlunde@ping.uio.no>
- CC: stable@vger.kernel.org
- Signed-off-by: Jan Kara <jack@suse.cz>
+ Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
+ Reviewed-by: David Sterba <dsterba@suse.cz>
+ cc: stable@vger.kernel.org # v3.7+
+ Signed-off-by: Chris Mason <clm@fb.com>
- fs/isofs/rock.c | 3 +++
- 1 files changed, 3 insertions(+), 0 deletions(-)
+ fs/btrfs/tree-log.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
-commit 2f5259e11c6ca4b1ec009fcbadd5425351422714
-Author: Sven Eckelmann <sven@narfation.org>
-Date: Sat Dec 20 13:48:55 2014 +0100
+commit 68f8b48ca82d9d9c0b52c6cb5c72da684264e42f
+Author: Jiri Slaby <jslaby@suse.cz>
+Date: Fri Feb 27 18:40:31 2015 +0100
- batman-adv: Calculate extra tail size based on queued fragments
+ tty: fix up atime/mtime mess, take four
- The fragmentation code was replaced in 610bfc6bc99bc83680d190ebc69359a05fc7f605
- ("batman-adv: Receive fragmented packets and merge"). The new code provided a
- mostly unused parameter skb for the merging function. It is used inside the
- function to calculate the additionally needed skb tailroom. But instead of
- increasing its own tailroom, it is only increasing the tailroom of the first
- queued skb. This is not correct in some situations because the first queued
- entry can be a different one than the parameter.
+ This problem was taken care of three times already in
+ * b0de59b5733d18b0d1974a060860a8b5c1b36a2e (TTY: do not update
+ atime/mtime on read/write),
+ * 37b7f3c76595e23257f61bd80b223de8658617ee (TTY: fix atime/mtime
+ regression), and
+ * b0b885657b6c8ef63a46bc9299b2a7715d19acde (tty: fix up atime/mtime
+ mess, take three)
- An observed problem was:
+ But it still misses one point. As John Paul correctly points out, we
+ do not care about setting date. If somebody ever changes wall
+ time backwards (by mistake for example), tty timestamps are never
+ updated until the original wall time passes.
- 1. packet with size 104, total_size 1464, fragno 1 was received
- - packet is queued
- 2. packet with size 1400, total_size 1464, fragno 0 was received
- - packet is queued at the end of the list
- 3. enough data was received and can be given to the merge function
- (1464 == (1400 - 20) + (104 - 20))
- - merge functions gets 1400 byte large packet as skb argument
- 4. merge function gets first entry in queue (104 byte)
- - stored as skb_out
- 5. merge function calculates the required extra tail as total_size - skb->len
- - pskb_expand_head tail of skb_out with 64 bytes
- 6. merge function tries to squeeze the extra 1380 bytes from the second queued
- skb (1400 byte aka skb parameter) in the 64 extra tail bytes of skb_out
+ So check the absolute difference of times and if it large than "8
+ seconds or so", always update the time. That means we will update
+ immediatelly when changing time. Ergo, CAP_SYS_TIME can foul the
+ check, but it was always that way.
- Instead calculate the extra required tail bytes for skb_out also using skb_out
- instead of using the parameter skb. The skb parameter is only used to get the
- total_size from the last received packet. This is also the total_size used to
- decide that all fragments were received.
+ Thanks John for serving me this so nicely debugged.
- Reported-by: Philipp Psurek <philipp.psurek@gmail.com>
- Signed-off-by: Sven Eckelmann <sven@narfation.org>
- Acked-by: Martin Hundebøll <martin@hundeboll.net>
- Signed-off-by: David S. Miller <davem@davemloft.net>
-
- net/batman-adv/fragmentation.c | 2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
-commit f7db3dfa3af9c1961edc38ad733be47ddeb50ced
-Author: Brad Spengler <spender@grsecurity.net>
-Date: Wed Dec 31 00:05:28 2014 -0500
+ Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+ Reported-by: John Paul Perry <john_paul.perry@alcatel-lucent.com>
+ Cc: <stable@vger.kernel.org> # all, as b0b885657 was backported
+ Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
+ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
- force kernfs to initialize the dentry before returning from mkdir
- It's different behavior than every other filesystem in existence, I reported
- it to upstream but they were uninterested in fixing it, even though the fsnotify
- code uses the dentry struct that is improperly initialized immediately after
- mkdir return.
+ drivers/tty/tty_io.c | 4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
- fs/kernfs/dir.c | 4 ++++
- 1 files changed, 4 insertions(+), 0 deletions(-)
+commit 1c6f718f3b8e462897f316ac167e31e9d6843a19
+Author: Peter Hurley <peter@hurleysoftware.com>
+Date: Sun Mar 1 10:11:05 2015 -0500
-commit 312541de06f54e26053a0e9464d79b90d46f545d
-Merge: e1d9042 b17fed7
-Author: Brad Spengler <spender@grsecurity.net>
-Date: Tue Dec 30 23:43:21 2014 -0500
-
- Merge branch 'pax-test' into grsec-test
+ console: Fix console name size mismatch
- Conflicts:
- arch/x86/kernel/espfix_64.c
- arch/x86/kernel/paravirt_patch_64.c
- drivers/cpufreq/cpufreq-dt.c
+ commit 6ae9200f2cab7 ("enlarge console.name") increased the storage
+ for the console name to 16 bytes, but not the corresponding
+ struct console_cmdline::name storage. Console names longer than
+ 8 bytes cause read beyond end-of-string and failure to match
+ console; I'm not sure if there are other unexpected consequences.
+
+ Cc: <stable@vger.kernel.org> # 2.6.22+
+ Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
+ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-commit b17fed7d4c5657f71060a50f62169d9aadc8bf7e
-Author: Brad Spengler <spender@grsecurity.net>
-Date: Tue Dec 30 23:40:01 2014 -0500
-
- Update to pax-linux-3.18.1-test4.patch:
- - fixed REFCOUNT/arm compilation, by N8Fear
- - fixed LOAD_ARGS on amd64 that broke seccomp, reported by many
- - fixed BPF JIT regression under KERNEXEC
- - spender finally figured out and fixed the UDEREF/PCID/PARAVIRT problem, reported by Marcin Mirosław (https://bugs.gentoo.org/show_bug.cgi?id=522252)
- - fixed wrong refcount operation in uart_open, by Rogelio M. Serrano Jr <rogelios664@gmail.com>
- - fixed ESPFIX crash under per-cpu PGD configs (KERNEXEC/UDEREF on amd64), reported by Andy Lutomirski <luto@amacapital.net>
- - spender fixed a KERNEXEC compile error in cpufreq-dt.c
- - constified a few variables
-
- arch/arm/include/asm/atomic.h | 13 +++++++------
- arch/x86/include/asm/calling.h | 2 +-
- arch/x86/kernel/entry_64.S | 12 ++++++------
- arch/x86/kernel/espfix_64.c | 13 ++++++++-----
- arch/x86/kernel/paravirt_patch_64.c | 8 ++++++++
- arch/x86/kvm/emulate.c | 2 +-
- arch/x86/net/bpf_jit_comp.c | 7 ++-----
- drivers/cpufreq/cpufreq-dt.c | 4 +++-
- drivers/tty/serial/serial_core.c | 2 +-
- kernel/bpf/core.c | 3 +++
- 10 files changed, 40 insertions(+), 26 deletions(-)
-
-commit e1d90424b9df1471cbf16ca54d1877a22f7f35bb
+ kernel/printk/console_cmdline.h | 2 +-
+ kernel/printk/printk.c | 1 +
+ 2 files changed, 2 insertions(+), 1 deletions(-)
+
+commit 005e4f9bd0c38d00fdd1b33fbb75f1919c2840d8
Author: Brad Spengler <spender@grsecurity.net>
-Date: Sun Dec 28 11:47:06 2014 -0500
+Date: Mon Mar 9 17:10:45 2015 -0400
- Fix a direct userland dereference introduced in the 3.18 port due
- to a variable changing behind the scenes to a userland pointer.
- Caught by UDEREF, reported by slashbeast on IRC
+ update size_overflow hash table
- fs/namespace.c | 4 ++--
- grsecurity/grsec_mount.c | 4 ++--
- include/linux/grsecurity.h | 2 +-
- 3 files changed, 5 insertions(+), 5 deletions(-)
+ .../size_overflow_plugin/size_overflow_hash.data | 1770 +++++++++++++++-----
+ 1 files changed, 1392 insertions(+), 378 deletions(-)
-commit 0b8c733a613966fc2eb68cbb21b0f1ab3d7c2109
+commit f6264b28f27df3b10c90a5949f105a9bd21c6e94
Author: Brad Spengler <spender@grsecurity.net>
-Date: Sun Dec 28 08:27:25 2014 -0500
+Date: Sun Mar 8 21:11:47 2015 -0400
- update size_overflow hash
+ fix typo
- .../size_overflow_plugin/size_overflow_hash.data | 158 +++++++++++++++++---
- 1 files changed, 137 insertions(+), 21 deletions(-)
+ mm/vmalloc.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
-commit cfc17367ad633cf59b51e8770648f433e5291ace
+commit 64d2ad17cbb21f643d7061cd150feb9895a771ac
Author: Brad Spengler <spender@grsecurity.net>
-Date: Sat Dec 27 21:49:48 2014 -0500
+Date: Sun Mar 8 21:06:55 2015 -0400
- compile fix when building with the constify plugin
+ fix KSTACKOVERFLOW compile error
- drivers/cpufreq/cpufreq-dt.c | 6 +++++-
- 1 files changed, 5 insertions(+), 1 deletions(-)
+ mm/vmalloc.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
-commit 50c8201bd5ad953107babef76a103c049d1940f3
+commit 7a94802d193b97df8184c2b3847376c8c21dc925
Author: Brad Spengler <spender@grsecurity.net>
-Date: Sat Dec 27 21:30:59 2014 -0500
+Date: Sun Mar 8 20:58:49 2015 -0400
- compile fix
+ fix compilation error under RANDSTRUCT
- kernel/kmod.c | 2 +-
+ mm/page_alloc.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
-commit cca21c02a2fbd37d799d02a8d22621b772999a58
-Author: Brad Spengler <spender@grsecurity.net>
-Date: Sat Dec 27 21:26:45 2014 -0500
+commit 919cdaba24b7efeaf4da14a09a14eff3f643efa3
+Author: Johannes Weiner <hannes@cmpxchg.org>
+Date: Fri Feb 27 15:52:09 2015 -0800
- compile fix
+ mm: page_alloc: revert inadvertent !__GFP_FS retry behavior change
+
+ Historically, !__GFP_FS allocations were not allowed to invoke the OOM
+ killer once reclaim had failed, but nevertheless kept looping in the
+ allocator.
+
+ Commit 9879de7373fc ("mm: page_alloc: embed OOM killing naturally into
+ allocation slowpath"), which should have been a simple cleanup patch,
+ accidentally changed the behavior to aborting the allocation at that
+ point. This creates problems with filesystem callers (?) that currently
+ rely on the allocator waiting for other tasks to intervene.
+
+ Revert the behavior as it shouldn't have been changed as part of a
+ cleanup patch.
+
+ Fixes: 9879de7373fc ("mm: page_alloc: embed OOM killing naturally into allocation slowpath")
+ Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
+ Acked-by: Michal Hocko <mhocko@suse.cz>
+ Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+ Cc: Theodore Ts'o <tytso@mit.edu>
+ Cc: Dave Chinner <david@fromorbit.com>
+ Acked-by: David Rientjes <rientjes@google.com>
+ Cc: Oleg Nesterov <oleg@redhat.com>
+ Cc: Mel Gorman <mgorman@suse.de>
+ Cc: <stable@vger.kernel.org> [3.19.x]
+ Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+ Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
- include/linux/grsecurity.h | 10 ----------
- include/linux/mm.h | 10 ++++++++++
- 2 files changed, 10 insertions(+), 10 deletions(-)
+ mm/page_alloc.c | 9 ++++++++-
+ 1 files changed, 8 insertions(+), 1 deletions(-)
-commit b32189fdf83a7d458c6bb636faf4a9829efa5844
+commit f919bc076b7cb55755ea2c6463bc4ae07b34605c
Author: Brad Spengler <spender@grsecurity.net>
-Date: Sat Dec 27 21:19:27 2014 -0500
+Date: Sun Mar 8 20:54:46 2015 -0400
- Initial import of grsecurity for 3.18.1
+ Initial import of grsecurity 3.1 for 3.19.1
Documentation/dontdiff | 2 +
Documentation/kernel-parameters.txt | 4 +
arch/x86/ia32/ia32_aout.c | 2 +
arch/x86/include/asm/floppy.h | 20 +-
arch/x86/include/asm/io.h | 2 +-
- arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/include/asm/page.h | 12 +-
arch/x86/include/asm/paravirt_types.h | 23 +-
arch/x86/include/asm/processor.h | 2 +-
arch/x86/include/asm/thread_info.h | 8 +-
- arch/x86/include/uapi/asm/ldt.h | 7 +
+ arch/x86/kernel/cpu/microcode/intel.c | 5 +
+ arch/x86/kernel/cpu/microcode/intel_early.c | 6 +-
arch/x86/kernel/dumpstack.c | 10 +-
arch/x86/kernel/dumpstack_32.c | 2 +-
arch/x86/kernel/dumpstack_64.c | 2 +-
arch/x86/kernel/entry_32.S | 2 +-
- arch/x86/kernel/entry_64.S | 2 +-
- arch/x86/kernel/espfix_64.c | 14 +-
+ arch/x86/kernel/entry_64.S | 15 +-
+ arch/x86/kernel/espfix_64.c | 2 +-
arch/x86/kernel/ioport.c | 13 +
arch/x86/kernel/irq_32.c | 3 +
arch/x86/kernel/irq_64.c | 4 +
- arch/x86/kernel/kvm.c | 9 +-
- arch/x86/kernel/kvmclock.c | 1 -
arch/x86/kernel/msr.c | 10 +
- arch/x86/kernel/paravirt_patch_64.c | 4 +
arch/x86/kernel/ptrace.c | 28 +
arch/x86/kernel/signal.c | 9 +-
arch/x86/kernel/sys_i386_32.c | 9 +-
arch/x86/kernel/sys_x86_64.c | 8 +-
- arch/x86/kernel/tls.c | 39 +
arch/x86/kernel/traps.c | 5 +
arch/x86/kernel/verify_cpu.S | 1 +
arch/x86/kernel/vm86_32.c | 16 +
- arch/x86/kvm/emulate.c | 2 +-
- arch/x86/kvm/x86.c | 2 +
arch/x86/mm/fault.c | 12 +-
arch/x86/mm/hugetlbpage.c | 15 +-
arch/x86/mm/init.c | 66 +-
arch/x86/xen/Kconfig | 1 +
arch/xtensa/variants/dc232b/include/variant/core.h | 2 +-
arch/xtensa/variants/fsf/include/variant/core.h | 3 +-
- arch/xtensa/variants/s6000/include/variant/core.h | 3 +-
drivers/acpi/acpica/hwxfsleep.c | 11 +-
drivers/acpi/custom_method.c | 4 +
drivers/block/cciss.h | 30 +-
drivers/gpu/drm/ttm/ttm_bo_manager.c | 10 +-
drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c | 10 +-
drivers/hid/hid-logitech-dj.c | 6 +
- drivers/hid/hid-sony.c | 147 +-
drivers/hid/hid-wiimote-debug.c | 2 +-
drivers/infiniband/hw/nes/nes_cm.c | 22 +-
drivers/iommu/amd_iommu.c | 14 +-
drivers/message/fusion/mptbase.c | 9 +
drivers/misc/sgi-xp/xp_main.c | 12 +-
drivers/net/ethernet/brocade/bna/bna_enet.c | 8 +-
+ drivers/net/macvtap.c | 7 +-
drivers/net/wan/lmc/lmc_media.c | 97 +-
drivers/net/wan/z85230.c | 24 +-
drivers/net/wireless/zd1211rw/zd_usb.c | 2 +-
drivers/scsi/bfa/bfa_fcs_lport.c | 29 +-
drivers/scsi/bfa/bfa_modules.h | 12 +-
drivers/scsi/hpsa.h | 50 +-
- drivers/staging/line6/driver.c | 17 +-
+ drivers/staging/line6/driver.c | 33 +-
+ drivers/staging/line6/toneport.c | 13 +-
drivers/staging/lustre/lustre/ldlm/ldlm_flock.c | 2 +-
drivers/staging/lustre/lustre/libcfs/module.c | 10 +-
- drivers/staging/lustre/lustre/llite/dir.c | 2 +-
drivers/tty/sysrq.c | 2 +-
drivers/tty/vt/keyboard.c | 22 +-
drivers/uio/uio.c | 6 +-
drivers/usb/gadget/function/f_uac1.c | 1 +
drivers/usb/gadget/function/u_uac1.c | 1 +
drivers/usb/host/hwa-hc.c | 9 +-
+ drivers/vhost/net.c | 4 +-
drivers/video/fbdev/arcfb.c | 2 +-
drivers/video/fbdev/matrox/matroxfb_DAC1064.c | 10 +-
drivers/video/fbdev/matrox/matroxfb_Ti3026.c | 5 +-
drivers/video/logo/logo_linux_clut224.ppm | 2720 ++++++++------------
drivers/xen/xenfs/xenstored.c | 5 +
fs/attr.c | 1 +
+ fs/autofs4/dev-ioctl.c | 8 +-
fs/autofs4/waitq.c | 9 +
fs/binfmt_aout.c | 7 +
fs/binfmt_elf.c | 40 +-
fs/btrfs/ioctl.c | 6 +-
fs/compat.c | 20 +-
fs/coredump.c | 17 +-
- fs/debugfs/inode.c | 4 +
- fs/exec.c | 216 ++-
+ fs/dcache.c | 3 +
+ fs/debugfs/inode.c | 38 +-
+ fs/exec.c | 218 ++-
fs/ext2/balloc.c | 4 +-
fs/ext2/super.c | 8 +-
fs/ext3/balloc.c | 4 +-
fs/ext3/super.c | 8 +-
fs/ext4/balloc.c | 4 +-
fs/fcntl.c | 4 +
- fs/fhandle.c | 3 +-
+ fs/fhandle.c | 8 +-
fs/file.c | 4 +
fs/filesystems.c | 4 +
- fs/fs_struct.c | 13 +-
+ fs/fs_struct.c | 19 +-
fs/hugetlbfs/inode.c | 5 +-
fs/inode.c | 6 +-
- fs/isofs/rock.c | 6 +
+ fs/kernfs/dir.c | 6 +
fs/mount.h | 4 +-
- fs/namei.c | 235 ++-
- fs/namespace.c | 26 +
+ fs/namei.c | 243 ++-
+ fs/namespace.c | 24 +
fs/nfsd/nfscache.c | 2 +-
fs/open.c | 38 +
fs/pipe.c | 2 +-
fs/posix_acl.c | 15 +-
fs/proc/Kconfig | 10 +-
fs/proc/array.c | 66 +-
- fs/proc/base.c | 161 ++-
+ fs/proc/base.c | 163 ++-
fs/proc/cmdline.c | 4 +
fs/proc/devices.c | 4 +
fs/proc/fd.c | 17 +-
fs/reiserfs/item_ops.c | 24 +-
fs/reiserfs/super.c | 4 +
fs/select.c | 2 +
- fs/seq_file.c | 33 +-
+ fs/seq_file.c | 37 +-
fs/stat.c | 20 +-
fs/sysfs/dir.c | 24 +-
fs/utimes.c | 7 +
- fs/xattr.c | 34 +-
- grsecurity/Kconfig | 1166 +++++++++
+ fs/xattr.c | 26 +-
+ grsecurity/Kconfig | 1182 +++++++++
grsecurity/Makefile | 54 +
- grsecurity/gracl.c | 2703 +++++++++++++++++++
+ grsecurity/gracl.c | 2749 ++++++++++++++++++++
grsecurity/gracl_alloc.c | 105 +
grsecurity/gracl_cap.c | 127 +
- grsecurity/gracl_compat.c | 270 ++
- grsecurity/gracl_fs.c | 445 ++++
+ grsecurity/gracl_compat.c | 269 ++
+ grsecurity/gracl_fs.c | 447 ++++
grsecurity/gracl_ip.c | 386 +++
grsecurity/gracl_learn.c | 207 ++
- grsecurity/gracl_policy.c | 1782 +++++++++++++
+ grsecurity/gracl_policy.c | 1781 +++++++++++++
grsecurity/gracl_res.c | 68 +
- grsecurity/gracl_segv.c | 313 +++
+ grsecurity/gracl_segv.c | 324 +++
grsecurity/gracl_shm.c | 40 +
grsecurity/grsec_chdir.c | 19 +
- grsecurity/grsec_chroot.c | 385 +++
- grsecurity/grsec_disabled.c | 440 ++++
+ grsecurity/grsec_chroot.c | 467 ++++
+ grsecurity/grsec_disabled.c | 445 ++++
grsecurity/grsec_exec.c | 188 ++
grsecurity/grsec_fifo.c | 24 +
grsecurity/grsec_fork.c | 23 +
- grsecurity/grsec_init.c | 286 ++
+ grsecurity/grsec_init.c | 290 ++
grsecurity/grsec_ipc.c | 48 +
grsecurity/grsec_link.c | 58 +
grsecurity/grsec_log.c | 341 +++
grsecurity/grsec_ptrace.c | 30 +
grsecurity/grsec_sig.c | 236 ++
grsecurity/grsec_sock.c | 244 ++
- grsecurity/grsec_sysctl.c | 479 ++++
+ grsecurity/grsec_sysctl.c | 488 ++++
grsecurity/grsec_time.c | 16 +
grsecurity/grsec_tpe.c | 78 +
grsecurity/grsec_usb.c | 15 +
grsecurity/grsum.c | 64 +
- include/asm-generic/io.h | 2 +-
include/linux/binfmts.h | 5 +-
include/linux/capability.h | 5 +
include/linux/compiler-gcc4.h | 5 +
include/linux/compiler.h | 8 +
include/linux/cred.h | 8 +-
- include/linux/dcache.h | 2 +-
+ include/linux/dcache.h | 5 +-
include/linux/fs.h | 24 +-
include/linux/fs_struct.h | 2 +-
include/linux/fsnotify.h | 6 +
- include/linux/gracl.h | 340 +++
+ include/linux/gracl.h | 342 +++
include/linux/gracl_compat.h | 156 ++
include/linux/gralloc.h | 9 +
include/linux/grdefs.h | 140 +
- include/linux/grinternal.h | 229 ++
- include/linux/grmsg.h | 117 +
- include/linux/grsecurity.h | 254 ++
+ include/linux/grinternal.h | 230 ++
+ include/linux/grmsg.h | 118 +
+ include/linux/grsecurity.h | 250 ++
include/linux/grsock.h | 19 +
include/linux/ipc_namespace.h | 2 +-
include/linux/kallsyms.h | 18 +-
include/linux/kmod.h | 5 +
include/linux/kobject.h | 2 +-
- include/linux/mm.h | 2 +
+ include/linux/mm.h | 12 +
include/linux/mm_types.h | 4 +-
include/linux/module.h | 4 +-
include/linux/mount.h | 2 +-
include/linux/path.h | 4 +-
include/linux/perf_event.h | 13 +-
include/linux/pid_namespace.h | 2 +-
- include/linux/printk.h | 3 +-
+ include/linux/printk.h | 2 +-
include/linux/proc_fs.h | 22 +-
include/linux/proc_ns.h | 2 +-
include/linux/random.h | 2 +-
kernel/ptrace.c | 20 +-
kernel/resource.c | 10 +
kernel/sched/core.c | 11 +-
+ kernel/seccomp.c | 4 +-
kernel/signal.c | 37 +-
kernel/sys.c | 64 +-
kernel/sysctl.c | 71 +-
mm/mempolicy.c | 12 +-
mm/migrate.c | 3 +-
mm/mlock.c | 6 +-
- mm/mmap.c | 93 +-
+ mm/mmap.c | 97 +-
mm/mprotect.c | 8 +
+ mm/nommu.c | 4 +-
mm/process_vm_access.c | 6 +
mm/shmem.c | 2 +-
mm/slab.c | 2 +-
net/appletalk/atalk_proc.c | 2 +-
net/atm/lec.c | 6 +-
net/atm/mpoa_caches.c | 42 +-
- net/bluetooth/6lowpan.c | 1 -
- net/bluetooth/bnep/core.c | 3 +
- net/bluetooth/cmtp/core.c | 3 +
- net/bluetooth/hidp/core.c | 3 +-
+ net/bridge/br.c | 2 +
net/can/bcm.c | 2 +-
net/can/proc.c | 2 +-
net/core/dev_ioctl.c | 7 +-
net/core/filter.c | 8 +-
net/core/net-procfs.c | 17 +-
net/core/pktgen.c | 2 +-
+ net/core/rtnetlink.c | 4 +
net/core/sock_diag.c | 7 +
net/core/sysctl_net_core.c | 2 +-
net/decnet/dn_dev.c | 2 +-
net/ipv4/ip_input.c | 7 +
net/ipv4/ip_sockglue.c | 3 +-
net/ipv4/netfilter/ipt_CLUSTERIP.c | 2 +-
+ net/ipv4/ping.c | 12 +-
net/ipv4/route.c | 6 +-
net/ipv4/tcp_input.c | 4 +-
net/ipv4/tcp_ipv4.c | 24 +-
net/ipv4/tcp_minisocks.c | 9 +-
net/ipv4/tcp_timer.c | 11 +
net/ipv4/udp.c | 24 +
- net/ipv6/addrconf.c | 13 +-
+ net/ipv6/addrconf.c | 30 +-
+ net/ipv6/ping.c | 5 +-
net/ipv6/proc.c | 2 +-
net/ipv6/tcp_ipv6.c | 23 +-
net/ipv6/udp.c | 7 +
net/ipx/ipx_proc.c | 2 +-
net/irda/irproc.c | 2 +-
net/llc/llc_proc.c | 2 +-
+ net/mac80211/tx.c | 1 +
net/netfilter/Kconfig | 10 +
net/netfilter/Makefile | 1 +
net/netfilter/nf_conntrack_core.c | 8 +
net/netfilter/xt_gradm.c | 51 +
net/netfilter/xt_hashlimit.c | 4 +-
net/netfilter/xt_recent.c | 2 +-
- net/socket.c | 72 +-
+ net/socket.c | 71 +-
net/sunrpc/cache.c | 2 +-
net/sunrpc/stats.c | 2 +-
net/sysctl_net.c | 2 +-
security/apparmor/file.c | 4 +-
security/apparmor/lsm.c | 8 +-
security/commoncap.c | 29 +
+ security/keys/request_key.c | 1 +
security/min_addr.c | 2 +
security/tomoyo/file.c | 12 +-
security/tomoyo/mount.c | 4 +
tools/gcc/gen-random-seed.sh | 8 +
tools/gcc/randomize_layout_plugin.c | 915 +++++++
tools/gcc/size_overflow_plugin/.gitignore | 2 +
- .../size_overflow_plugin/size_overflow_hash.data | 1 +
- 459 files changed, 19226 insertions(+), 2801 deletions(-)
+ 457 files changed, 19347 insertions(+), 2802 deletions(-)
-commit 0f40ebc1077b768d5ae559097efe5666b219ded5
+commit 1581aba992dd565de5ddc87c87477b4da9883a84
Author: Brad Spengler <spender@grsecurity.net>
-Date: Sat Dec 27 18:26:26 2014 -0500
+Date: Sun Mar 8 19:57:15 2015 -0400
- Initial import of PaX for 3.18.1
+ Initial import of pax-linux-3.19.1-test6.patch
Documentation/dontdiff | 47 +-
Documentation/kbuild/makefiles.txt | 39 +-
arch/alpha/kernel/osf_sys.c | 8 +-
arch/alpha/mm/fault.c | 141 +-
arch/arm/Kconfig | 2 +-
- arch/arm/include/asm/atomic.h | 296 +-
+ arch/arm/include/asm/atomic.h | 319 +-
arch/arm/include/asm/barrier.h | 2 +-
arch/arm/include/asm/cache.h | 5 +-
arch/arm/include/asm/cacheflush.h | 2 +-
arch/arm/include/asm/mach/map.h | 16 +-
arch/arm/include/asm/outercache.h | 2 +-
arch/arm/include/asm/page.h | 3 +-
- arch/arm/include/asm/pgalloc.h | 22 +-
- arch/arm/include/asm/pgtable-2level-hwdef.h | 5 +
+ arch/arm/include/asm/pgalloc.h | 20 +
+ arch/arm/include/asm/pgtable-2level-hwdef.h | 4 +-
arch/arm/include/asm/pgtable-2level.h | 3 +
- arch/arm/include/asm/pgtable-3level-hwdef.h | 1 +
arch/arm/include/asm/pgtable-3level.h | 3 +
arch/arm/include/asm/pgtable.h | 54 +-
arch/arm/include/asm/psci.h | 2 +-
arch/arm/kernel/smp.c | 2 +-
arch/arm/kernel/tcm.c | 4 +-
arch/arm/kernel/traps.c | 6 +-
- arch/arm/kernel/vmlinux.lds.S | 24 +-
+ arch/arm/kernel/vmlinux.lds.S | 6 +-
arch/arm/kvm/arm.c | 10 +-
arch/arm/lib/clear_user.S | 6 +-
arch/arm/lib/copy_from_user.S | 6 +-
arch/arm/mach-keystone/keystone.c | 2 +-
arch/arm/mach-mvebu/coherency.c | 4 +-
arch/arm/mach-omap2/board-n8x0.c | 2 +-
- arch/arm/mach-omap2/gpmc.c | 22 +-
arch/arm/mach-omap2/omap-mpuss-lowpower.c | 4 +-
arch/arm/mach-omap2/omap-wakeupgen.c | 2 +-
arch/arm/mach-omap2/omap_device.c | 4 +-
arch/arm/mm/context.c | 10 +-
arch/arm/mm/fault.c | 146 +
arch/arm/mm/fault.h | 12 +
- arch/arm/mm/init.c | 41 +
+ arch/arm/mm/init.c | 39 +
arch/arm/mm/ioremap.c | 4 +-
arch/arm/mm/mmap.c | 30 +-
arch/arm/mm/mmu.c | 182 +-
arch/arm/plat-omap/sram.c | 2 +
arch/arm/plat-samsung/include/plat/dma-ops.h | 2 +-
arch/arm64/include/asm/barrier.h | 2 +-
+ arch/arm64/include/asm/percpu.h | 8 +-
arch/arm64/include/asm/uaccess.h | 1 +
arch/avr32/include/asm/elf.h | 8 +-
arch/avr32/include/asm/kmap_types.h | 4 +-
arch/ia64/include/asm/pgtable.h | 13 +-
arch/ia64/include/asm/spinlock.h | 2 +-
arch/ia64/include/asm/uaccess.h | 27 +-
- arch/ia64/kernel/module.c | 48 +-
+ arch/ia64/kernel/module.c | 45 +-
arch/ia64/kernel/palinfo.c | 2 +-
arch/ia64/kernel/sys_ia64.c | 7 +
arch/ia64/kernel/vmlinux.lds.S | 2 +-
arch/m32r/lib/usercopy.c | 6 +
arch/metag/include/asm/barrier.h | 2 +-
arch/mips/cavium-octeon/dma-octeon.c | 2 +-
- arch/mips/include/asm/atomic.h | 346 +-
+ arch/mips/include/asm/atomic.h | 351 +-
arch/mips/include/asm/barrier.h | 2 +-
arch/mips/include/asm/elf.h | 11 +-
arch/mips/include/asm/exec.h | 2 +-
arch/parisc/mm/fault.c | 140 +-
arch/powerpc/include/asm/atomic.h | 329 +-
arch/powerpc/include/asm/barrier.h | 2 +-
- arch/powerpc/include/asm/elf.h | 19 +-
+ arch/powerpc/include/asm/elf.h | 16 +-
arch/powerpc/include/asm/exec.h | 2 +-
arch/powerpc/include/asm/kmap_types.h | 2 +-
arch/powerpc/include/asm/local.h | 46 +
arch/powerpc/include/asm/smp.h | 2 +-
arch/powerpc/include/asm/spinlock.h | 42 +-
arch/powerpc/include/asm/uaccess.h | 141 +-
+ arch/powerpc/kernel/Makefile | 5 +
arch/powerpc/kernel/exceptions-64e.S | 4 +-
arch/powerpc/kernel/exceptions-64s.S | 2 +-
arch/powerpc/kernel/module_32.c | 15 +-
- arch/powerpc/kernel/process.c | 55 -
+ arch/powerpc/kernel/process.c | 46 -
arch/powerpc/kernel/signal_32.c | 2 +-
arch/powerpc/kernel/signal_64.c | 2 +-
arch/powerpc/kernel/traps.c | 21 +
arch/sparc/lib/ksyms.c | 6 +-
arch/sparc/mm/Makefile | 2 +-
arch/sparc/mm/fault_32.c | 292 +
- arch/sparc/mm/fault_64.c | 486 ++
+ arch/sparc/mm/fault_64.c | 486 +
arch/sparc/mm/hugetlbpage.c | 22 +-
arch/sparc/mm/init_64.c | 10 +-
arch/tile/include/asm/atomic_64.h | 10 +
arch/x86/boot/boot.h | 2 +-
arch/x86/boot/compressed/Makefile | 3 +
arch/x86/boot/compressed/efi_stub_32.S | 16 +-
+ arch/x86/boot/compressed/efi_thunk_64.S | 4 +-
arch/x86/boot/compressed/head_32.S | 4 +-
arch/x86/boot/compressed/head_64.S | 12 +-
arch/x86/boot/compressed/misc.c | 11 +-
arch/x86/include/asm/alternative.h | 4 +-
arch/x86/include/asm/apic.h | 2 +-
arch/x86/include/asm/apm.h | 4 +-
- arch/x86/include/asm/atomic.h | 271 +-
+ arch/x86/include/asm/atomic.h | 269 +-
arch/x86/include/asm/atomic64_32.h | 100 +
arch/x86/include/asm/atomic64_64.h | 164 +-
arch/x86/include/asm/barrier.h | 4 +-
arch/x86/include/asm/bitops.h | 18 +-
arch/x86/include/asm/boot.h | 7 +-
arch/x86/include/asm/cache.h | 5 +-
- arch/x86/include/asm/cacheflush.h | 2 +-
arch/x86/include/asm/calling.h | 120 +-
arch/x86/include/asm/checksum_32.h | 12 +-
arch/x86/include/asm/cmpxchg.h | 39 +
arch/x86/include/asm/io.h | 21 +-
arch/x86/include/asm/irqflags.h | 5 +
arch/x86/include/asm/kprobes.h | 9 +-
+ arch/x86/include/asm/kvm_host.h | 2 +-
arch/x86/include/asm/local.h | 106 +-
arch/x86/include/asm/mman.h | 15 +
arch/x86/include/asm/mmu.h | 16 +-
arch/x86/include/asm/switch_to.h | 4 +-
arch/x86/include/asm/thread_info.h | 31 +-
arch/x86/include/asm/tlbflush.h | 73 +-
- arch/x86/include/asm/uaccess.h | 182 +-
- arch/x86/include/asm/uaccess_32.h | 24 +-
- arch/x86/include/asm/uaccess_64.h | 173 +-
+ arch/x86/include/asm/uaccess.h | 184 +-
+ arch/x86/include/asm/uaccess_32.h | 28 +-
+ arch/x86/include/asm/uaccess_64.h | 169 +-
arch/x86/include/asm/word-at-a-time.h | 2 +-
arch/x86/include/asm/x86_init.h | 10 +-
arch/x86/include/asm/xen/page.h | 2 +-
arch/x86/kernel/apic/apic_flat_64.c | 4 +-
arch/x86/kernel/apic/apic_noop.c | 2 +-
arch/x86/kernel/apic/bigsmp_32.c | 2 +-
- arch/x86/kernel/apic/io_apic.c | 8 +-
+ arch/x86/kernel/apic/io_apic.c | 4 +-
arch/x86/kernel/apic/probe_32.c | 2 +-
+ arch/x86/kernel/apic/vector.c | 4 +-
arch/x86/kernel/apic/x2apic_cluster.c | 4 +-
arch/x86/kernel/apic/x2apic_phys.c | 2 +-
arch/x86/kernel/apic/x2apic_uv_x.c | 2 +-
arch/x86/kernel/doublefault.c | 8 +-
arch/x86/kernel/dumpstack.c | 30 +-
arch/x86/kernel/dumpstack_32.c | 29 +-
- arch/x86/kernel/dumpstack_64.c | 60 +-
+ arch/x86/kernel/dumpstack_64.c | 62 +-
arch/x86/kernel/e820.c | 4 +-
arch/x86/kernel/early_printk.c | 1 +
- arch/x86/kernel/entry_32.S | 358 +-
- arch/x86/kernel/entry_64.S | 735 +++-
- arch/x86/kernel/espfix_64.c | 2 +-
+ arch/x86/kernel/entry_32.S | 359 +-
+ arch/x86/kernel/entry_64.S | 748 +-
+ arch/x86/kernel/espfix_64.c | 13 +-
arch/x86/kernel/ftrace.c | 8 +-
arch/x86/kernel/head64.c | 13 +-
arch/x86/kernel/head_32.S | 228 +-
arch/x86/kernel/nmi_selftest.c | 4 +-
arch/x86/kernel/paravirt-spinlocks.c | 2 +-
arch/x86/kernel/paravirt.c | 45 +-
+ arch/x86/kernel/paravirt_patch_64.c | 8 +
arch/x86/kernel/pci-calgary_64.c | 2 +-
arch/x86/kernel/pci-iommu_table.c | 2 +-
arch/x86/kernel/pci-swiotlb.c | 2 +-
arch/x86/kernel/process.c | 55 +-
arch/x86/kernel/process_32.c | 32 +-
- arch/x86/kernel/process_64.c | 20 +-
+ arch/x86/kernel/process_64.c | 21 +-
arch/x86/kernel/ptrace.c | 20 +-
arch/x86/kernel/pvclock.c | 8 +-
arch/x86/kernel/reboot.c | 42 +-
arch/x86/kernel/time.c | 10 +-
arch/x86/kernel/tls.c | 7 +-
arch/x86/kernel/tracepoint.c | 4 +-
- arch/x86/kernel/traps.c | 64 +-
+ arch/x86/kernel/traps.c | 67 +-
arch/x86/kernel/tsc.c | 2 +-
arch/x86/kernel/uprobes.c | 4 +-
arch/x86/kernel/vm86_32.c | 6 +-
arch/x86/kernel/vmlinux.lds.S | 147 +-
- arch/x86/kernel/vsyscall_64.c | 12 +-
+ arch/x86/kernel/vsyscall_64.c | 16 +-
arch/x86/kernel/x8664_ksyms_64.c | 6 +-
arch/x86/kernel/x86_init.c | 6 +-
arch/x86/kernel/xsave.c | 10 +-
arch/x86/kvm/cpuid.c | 21 +-
+ arch/x86/kvm/emulate.c | 2 +-
arch/x86/kvm/lapic.c | 2 +-
arch/x86/kvm/paging_tmpl.h | 2 +-
arch/x86/kvm/svm.c | 8 +
arch/x86/lib/csum-copy_64.S | 18 +-
arch/x86/lib/csum-wrappers_64.c | 8 +-
arch/x86/lib/getuser.S | 74 +-
- arch/x86/lib/insn.c | 6 +-
+ arch/x86/lib/insn.c | 8 +-
arch/x86/lib/iomap_copy_64.S | 2 +
arch/x86/lib/memcpy_64.S | 10 +-
arch/x86/lib/memmove_64.S | 4 +-
arch/x86/lib/usercopy_64.c | 18 +-
arch/x86/mm/Makefile | 4 +
arch/x86/mm/extable.c | 25 +-
- arch/x86/mm/fault.c | 568 ++-
+ arch/x86/mm/fault.c | 568 +-
arch/x86/mm/gup.c | 6 +-
arch/x86/mm/highmem_32.c | 4 +
arch/x86/mm/hugetlbpage.c | 24 +-
arch/x86/mm/init.c | 101 +-
arch/x86/mm/init_32.c | 111 +-
- arch/x86/mm/init_64.c | 50 +-
+ arch/x86/mm/init_64.c | 46 +-
arch/x86/mm/iomap_32.c | 4 +
- arch/x86/mm/ioremap.c | 17 +-
+ arch/x86/mm/ioremap.c | 28 +-
arch/x86/mm/kmemcheck/kmemcheck.c | 4 +-
arch/x86/mm/mmap.c | 36 +-
arch/x86/mm/mmio-mod.c | 10 +-
arch/x86/mm/numa.c | 2 +-
arch/x86/mm/pageattr.c | 33 +-
- arch/x86/mm/pat.c | 12 +-
+ arch/x86/mm/pat.c | 20 +-
arch/x86/mm/pat_rbtree.c | 2 +-
arch/x86/mm/pf_in.c | 10 +-
arch/x86/mm/pgtable.c | 151 +-
arch/x86/mm/tlb.c | 4 +
arch/x86/mm/uderef_64.c | 37 +
arch/x86/net/bpf_jit.S | 11 +
- arch/x86/net/bpf_jit_comp.c | 6 +-
+ arch/x86/net/bpf_jit_comp.c | 13 +-
arch/x86/oprofile/backtrace.c | 8 +-
arch/x86/oprofile/nmi_int.c | 8 +-
arch/x86/oprofile/op_model_amd.c | 8 +-
arch/x86/platform/efi/efi_32.c | 24 +
arch/x86/platform/efi/efi_64.c | 27 +-
arch/x86/platform/efi/efi_stub_32.S | 64 +-
- arch/x86/platform/efi/efi_stub_64.S | 6 +-
+ arch/x86/platform/efi/efi_stub_64.S | 2 +
arch/x86/platform/intel-mid/intel-mid.c | 3 +-
arch/x86/platform/intel-mid/intel_mid_weak_decls.h | 6 +-
arch/x86/platform/intel-mid/mfld.c | 4 +-
arch/x86/vdso/Makefile | 2 +-
arch/x86/vdso/vdso2c.h | 2 +-
arch/x86/vdso/vdso32-setup.c | 1 +
- arch/x86/vdso/vma.c | 39 +-
- arch/x86/xen/enlighten.c | 45 +-
+ arch/x86/vdso/vma.c | 41 +-
+ arch/x86/xen/enlighten.c | 52 +-
arch/x86/xen/mmu.c | 13 +-
arch/x86/xen/smp.c | 21 +-
arch/x86/xen/xen-asm_32.S | 2 +-
drivers/base/bus.c | 4 +-
drivers/base/devtmpfs.c | 8 +-
drivers/base/node.c | 2 +-
- drivers/base/power/domain.c | 4 +-
+ drivers/base/power/domain.c | 9 +-
drivers/base/power/sysfs.c | 2 +-
drivers/base/power/wakeup.c | 8 +-
drivers/base/syscore.c | 4 +-
drivers/block/cpqarray.c | 28 +-
drivers/block/cpqarray.h | 2 +-
drivers/block/drbd/drbd_bitmap.c | 2 +-
- drivers/block/drbd/drbd_int.h | 10 +-
+ drivers/block/drbd/drbd_int.h | 8 +-
drivers/block/drbd/drbd_main.c | 12 +-
drivers/block/drbd/drbd_nl.c | 4 +-
drivers/block/drbd/drbd_receiver.c | 34 +-
drivers/block/drbd/drbd_worker.c | 8 +-
drivers/block/loop.c | 2 +-
- drivers/block/nvme-core.c | 6 +-
+ drivers/block/nvme-core.c | 2 -
drivers/block/pktcdvd.c | 4 +-
+ drivers/block/rbd.c | 2 +-
drivers/bluetooth/btwilink.c | 2 +-
drivers/cdrom/cdrom.c | 11 +-
drivers/cdrom/gdrom.c | 1 -
drivers/char/hpet.c | 2 +-
drivers/char/ipmi/ipmi_msghandler.c | 8 +-
drivers/char/ipmi/ipmi_si_intf.c | 8 +-
- drivers/char/mem.c | 43 +-
+ drivers/char/mem.c | 47 +-
drivers/char/nvram.c | 2 +-
drivers/char/pcmcia/synclink_cs.c | 16 +-
drivers/char/random.c | 12 +-
drivers/clk/socfpga/clk-gate.c | 9 +-
drivers/clk/socfpga/clk-pll.c | 9 +-
drivers/cpufreq/acpi-cpufreq.c | 17 +-
+ drivers/cpufreq/cpufreq-dt.c | 4 +-
drivers/cpufreq/cpufreq.c | 26 +-
drivers/cpufreq/cpufreq_governor.c | 6 +-
drivers/cpufreq/cpufreq_governor.h | 4 +-
drivers/firmware/google/memconsole.c | 5 +-
drivers/gpio/gpio-em.c | 2 +-
drivers/gpio/gpio-ich.c | 2 +-
+ drivers/gpio/gpio-omap.c | 2 +-
drivers/gpio/gpio-rcar.c | 2 +-
drivers/gpio/gpio-vr41xx.c | 2 +-
drivers/gpio/gpiolib.c | 13 +-
drivers/gpu/drm/i915/i915_gem_execbuffer.c | 4 +-
drivers/gpu/drm/i915/i915_ioc32.c | 11 +-
drivers/gpu/drm/i915/intel_display.c | 26 +-
+ drivers/gpu/drm/imx/imx-drm-core.c | 2 +-
drivers/gpu/drm/mga/mga_drv.h | 4 +-
drivers/gpu/drm/mga/mga_ioc32.c | 11 +-
drivers/gpu/drm/mga/mga_irq.c | 8 +-
drivers/iommu/iommu.c | 2 +-
drivers/iommu/irq_remapping.c | 12 +-
drivers/irqchip/irq-gic.c | 4 +-
+ drivers/irqchip/irq-renesas-intc-irqpin.c | 2 +-
drivers/irqchip/irq-renesas-irqc.c | 2 +-
drivers/isdn/capi/capi.c | 10 +-
drivers/isdn/gigaset/interface.c | 8 +-
drivers/media/radio/radio-shark.c | 2 +-
drivers/media/radio/radio-shark2.c | 2 +-
drivers/media/radio/radio-si476x.c | 2 +-
+ drivers/media/radio/wl128x/fmdrv_common.c | 2 +-
drivers/media/usb/dvb-usb/dw2102.c | 2 +-
drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 12 +-
drivers/media/v4l2-core/v4l2-device.c | 4 +-
drivers/media/v4l2-core/v4l2-ioctl.c | 13 +-
+ drivers/memory/omap-gpmc.c | 21 +-
drivers/message/fusion/mptsas.c | 34 +-
drivers/message/i2o/i2o_proc.c | 67 +-
drivers/message/i2o/iop.c | 8 +-
drivers/misc/sgi-xp/xpc.h | 3 +-
drivers/misc/sgi-xp/xpc_main.c | 4 +-
drivers/mmc/card/block.c | 2 +-
- drivers/mmc/core/mmc_ops.c | 2 +-
drivers/mmc/host/dw_mmc.h | 2 +-
drivers/mmc/host/mmci.c | 4 +-
drivers/mmc/host/omap_hsmmc.c | 4 +-
drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 2 +-
drivers/mtd/nftlmount.c | 1 +
drivers/mtd/sm_ftl.c | 2 +-
- drivers/net/bonding/bond_main.c | 2 +-
drivers/net/bonding/bond_netlink.c | 2 +-
drivers/net/caif/caif_hsi.c | 2 +-
drivers/net/can/Kconfig | 2 +-
drivers/net/ethernet/amd/xgbe/xgbe-common.h | 4 +-
drivers/net/ethernet/amd/xgbe/xgbe-dcb.c | 4 +-
drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 29 +-
- drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 137 +-
+ drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 147 +-
drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 60 +-
drivers/net/ethernet/amd/xgbe/xgbe-ethtool.c | 6 +-
drivers/net/ethernet/amd/xgbe/xgbe-main.c | 11 +-
drivers/net/ethernet/stmicro/stmmac/mmc_core.c | 4 +-
drivers/net/hyperv/hyperv_net.h | 2 +-
drivers/net/hyperv/rndis_filter.c | 4 +-
- drivers/net/ieee802154/fakehard.c | 2 +-
drivers/net/ifb.c | 2 +-
drivers/net/macvlan.c | 20 +-
drivers/net/macvtap.c | 6 +-
drivers/net/nlmon.c | 2 +-
+ drivers/net/phy/phy_device.c | 6 +-
drivers/net/ppp/ppp_generic.c | 4 +-
drivers/net/slip/slhc.c | 2 +-
drivers/net/team/team.c | 4 +-
drivers/net/wireless/ti/wl12xx/main.c | 8 +-
drivers/net/wireless/ti/wl18xx/main.c | 6 +-
drivers/nfc/nfcwilink.c | 2 +-
+ drivers/nfc/st21nfca/st21nfca.c | 2 +-
drivers/oprofile/buffer_sync.c | 8 +-
drivers/oprofile/event_buffer.c | 2 +-
drivers/oprofile/oprof.c | 2 +-
drivers/regulator/core.c | 4 +-
drivers/regulator/max8660.c | 6 +-
drivers/regulator/max8973-regulator.c | 8 +-
- drivers/regulator/mc13892-regulator.c | 6 +-
+ drivers/regulator/mc13892-regulator.c | 8 +-
drivers/rtc/rtc-cmos.c | 4 +-
drivers/rtc/rtc-ds1307.c | 2 +-
drivers/rtc/rtc-m48t59.c | 4 +-
drivers/scsi/qla2xxx/qla_os.c | 6 +-
drivers/scsi/qla4xxx/ql4_def.h | 2 +-
drivers/scsi/qla4xxx/ql4_os.c | 6 +-
- drivers/scsi/scsi.c | 2 +-
- drivers/scsi/scsi_lib.c | 6 +-
+ drivers/scsi/scsi_lib.c | 8 +-
drivers/scsi/scsi_sysfs.c | 2 +-
drivers/scsi/scsi_transport_fc.c | 8 +-
drivers/scsi/scsi_transport_iscsi.c | 6 +-
drivers/soc/tegra/fuse/fuse-tegra.c | 2 +-
drivers/spi/spi.c | 2 +-
drivers/staging/android/timed_output.c | 6 +-
+ drivers/staging/comedi/comedi_fops.c | 8 +-
drivers/staging/gdm724x/gdm_tty.c | 2 +-
- drivers/staging/imx-drm/imx-drm-core.c | 2 +-
drivers/staging/lustre/lnet/selftest/brw_test.c | 12 +-
drivers/staging/lustre/lnet/selftest/framework.c | 4 -
drivers/staging/lustre/lnet/selftest/ping_test.c | 14 +-
drivers/staging/rtl8188eu/include/hal_intf.h | 2 +-
drivers/staging/rtl8712/rtl871x_io.h | 2 +-
drivers/staging/unisys/visorchipset/visorchipset.h | 4 +-
- drivers/staging/vt6655/hostap.c | 7 +-
drivers/target/sbp/sbp_target.c | 4 +-
drivers/target/target_core_device.c | 2 +-
drivers/target/target_core_transport.c | 2 +-
drivers/thermal/int340x_thermal/int3400_thermal.c | 6 +-
- drivers/thermal/of-thermal.c | 13 +-
+ drivers/thermal/of-thermal.c | 17 +-
drivers/tty/cyclades.c | 6 +-
drivers/tty/hvc/hvc_console.c | 14 +-
drivers/tty/hvc/hvcs.c | 21 +-
fs/autofs4/waitq.c | 2 +-
fs/befs/endian.h | 6 +-
fs/binfmt_aout.c | 23 +-
- fs/binfmt_elf.c | 674 +++-
+ fs/binfmt_elf.c | 665 +-
fs/block_dev.c | 2 +-
fs/btrfs/ctree.c | 9 +-
fs/btrfs/delayed-inode.c | 6 +-
fs/dcache.c | 43 +-
fs/ecryptfs/inode.c | 2 +-
fs/ecryptfs/miscdev.c | 2 +-
- fs/exec.c | 362 ++-
+ fs/exec.c | 362 +-
fs/ext2/xattr.c | 5 +-
fs/ext3/xattr.c | 5 +-
fs/ext4/ext4.h | 20 +-
fs/libfs.c | 12 +-
fs/lockd/clntproc.c | 4 +-
fs/locks.c | 8 +-
- fs/namei.c | 16 +-
+ fs/namei.c | 22 +-
fs/namespace.c | 16 +-
fs/nfs/callback_xdr.c | 2 +-
fs/nfs/inode.c | 6 +-
include/drm/ttm/ttm_page_alloc.h | 1 +
include/keys/asymmetric-subtype.h | 2 +-
include/linux/atmdev.h | 4 +-
+ include/linux/atomic.h | 2 +-
include/linux/audit.h | 2 +-
include/linux/binfmts.h | 3 +-
+ include/linux/bitmap.h | 2 +-
include/linux/bitops.h | 6 +-
include/linux/blkdev.h | 2 +-
include/linux/blktrace_api.h | 2 +-
include/linux/clk-provider.h | 1 +
include/linux/compat.h | 4 +-
include/linux/compiler-gcc4.h | 20 +
- include/linux/compiler.h | 65 +-
+ include/linux/compiler-gcc5.h | 22 +
+ include/linux/compiler.h | 87 +-
include/linux/completion.h | 12 +-
include/linux/configfs.h | 2 +-
include/linux/cpufreq.h | 3 +-
include/linux/cpuidle.h | 5 +-
- include/linux/cpumask.h | 12 +-
+ include/linux/cpumask.h | 14 +-
include/linux/crypto.h | 6 +-
include/linux/ctype.h | 2 +-
include/linux/decompress/mm.h | 2 +-
include/linux/genhd.h | 4 +-
include/linux/genl_magic_func.h | 2 +-
include/linux/gfp.h | 12 +-
- include/linux/hash.h | 2 +-
include/linux/highmem.h | 12 +
include/linux/hwmon-sysfs.h | 6 +-
include/linux/i2c.h | 1 +
include/linux/iommu.h | 2 +-
include/linux/ioport.h | 2 +-
include/linux/irq.h | 3 +-
- include/linux/irqchip/arm-gic.h | 4 +-
+ include/linux/irqchip/arm-gic.h | 2 +-
+ include/linux/irqdesc.h | 2 +-
include/linux/jiffies.h | 14 +-
+ include/linux/kernel.h | 2 +-
include/linux/key-type.h | 2 +-
include/linux/kgdb.h | 6 +-
+ include/linux/kmemleak.h | 4 +-
include/linux/kobject.h | 3 +-
include/linux/kobject_ns.h | 2 +-
include/linux/kref.h | 2 +-
include/linux/module.h | 60 +-
include/linux/moduleloader.h | 16 +
include/linux/moduleparam.h | 4 +-
- include/linux/namei.h | 6 +-
+ include/linux/namei.h | 4 +-
include/linux/net.h | 2 +-
include/linux/netdevice.h | 7 +-
include/linux/netfilter.h | 2 +-
include/linux/oprofile.h | 4 +-
include/linux/padata.h | 2 +-
include/linux/pci_hotplug.h | 3 +-
+ include/linux/percpu.h | 2 +-
include/linux/perf_event.h | 10 +-
include/linux/pipe_fs_i.h | 8 +-
include/linux/pm.h | 1 +
include/linux/semaphore.h | 2 +-
include/linux/seq_file.h | 1 +
include/linux/signal.h | 2 +-
- include/linux/skbuff.h | 8 +-
- include/linux/slab.h | 46 +-
+ include/linux/skbuff.h | 10 +-
+ include/linux/slab.h | 48 +-
include/linux/slab_def.h | 14 +-
include/linux/slub_def.h | 2 +-
include/linux/smp.h | 2 +
include/media/v4l2-device.h | 2 +-
include/net/9p/transport.h | 2 +-
include/net/bluetooth/l2cap.h | 2 +-
+ include/net/bonding.h | 2 +-
include/net/caif/cfctrl.h | 6 +-
include/net/flow.h | 2 +-
include/net/genetlink.h | 2 +-
include/uapi/linux/elf.h | 28 +
include/uapi/linux/screen_info.h | 3 +-
include/uapi/linux/swab.h | 6 +-
- include/uapi/linux/sysctl.h | 2 -
include/uapi/linux/xattr.h | 4 +
include/video/udlfb.h | 8 +-
include/video/uvesafb.h | 1 +
init/initramfs.c | 38 +-
init/main.c | 78 +-
ipc/compat.c | 2 +-
- ipc/ipc_sysctl.c | 10 +-
+ ipc/ipc_sysctl.c | 8 +-
ipc/mq_sysctl.c | 4 +-
ipc/shm.c | 6 +
kernel/audit.c | 8 +-
kernel/auditsc.c | 4 +-
- kernel/bpf/core.c | 4 +-
+ kernel/bpf/core.c | 7 +-
kernel/capability.c | 3 +
kernel/compat.c | 38 +-
kernel/debug/debug_core.c | 16 +-
kernel/events/internal.h | 10 +-
kernel/events/uprobes.c | 2 +-
kernel/exit.c | 2 +-
- kernel/fork.c | 166 +-
+ kernel/fork.c | 168 +-
kernel/futex.c | 11 +-
kernel/futex_compat.c | 2 +-
kernel/gcov/base.c | 7 +-
+ kernel/irq/manage.c | 2 +-
+ kernel/irq/spurious.c | 2 +-
kernel/jump_label.c | 5 +
kernel/kallsyms.c | 37 +-
kernel/kexec.c | 3 +-
kernel/locking/mutex-debug.h | 4 +-
kernel/locking/mutex.c | 6 +-
kernel/locking/rtmutex-tester.c | 24 +-
- kernel/module.c | 334 +-
+ kernel/module.c | 350 +-
kernel/notifier.c | 17 +-
kernel/padata.c | 4 +-
kernel/panic.c | 5 +-
kernel/rcu/rcutorture.c | 60 +-
kernel/rcu/tiny.c | 4 +-
kernel/rcu/tiny_plugin.h | 6 +-
- kernel/rcu/tree.c | 106 +-
+ kernel/rcu/tree.c | 108 +-
kernel/rcu/tree.h | 26 +-
kernel/rcu/tree_plugin.h | 46 +-
kernel/rcu/tree_trace.c | 22 +-
lib/Kconfig.debug | 8 +-
lib/Makefile | 2 +-
lib/average.c | 2 +-
- lib/bitmap.c | 8 +-
+ lib/bitmap.c | 10 +-
lib/bug.c | 2 +
lib/debugobjects.c | 2 +-
lib/div64.c | 4 +-
lib/dma-debug.c | 4 +-
- lib/hash.c | 2 +-
lib/inflate.c | 2 +-
lib/ioremap.c | 4 +-
lib/kobject.c | 4 +-
mm/highmem.c | 7 +-
mm/hugetlb.c | 70 +-
mm/internal.h | 3 +-
- mm/iov_iter.c | 6 +-
mm/maccess.c | 4 +-
mm/madvise.c | 41 +
mm/memory-failure.c | 30 +-
- mm/memory.c | 410 ++-
+ mm/memory.c | 410 +-
mm/mempolicy.c | 25 +
mm/mlock.c | 15 +-
- mm/mmap.c | 579 ++-
+ mm/mmap.c | 581 +-
mm/mprotect.c | 137 +-
mm/mremap.c | 44 +-
mm/nommu.c | 21 +-
mm/page_alloc.c | 48 +-
mm/percpu.c | 2 +-
mm/process_vm_access.c | 14 +-
- mm/rmap.c | 44 +-
+ mm/rmap.c | 45 +-
mm/shmem.c | 19 +-
- mm/slab.c | 105 +-
+ mm/slab.c | 109 +-
mm/slab.h | 22 +-
- mm/slab_common.c | 84 +-
- mm/slob.c | 214 +-
- mm/slub.c | 97 +-
+ mm/slab_common.c | 86 +-
+ mm/slob.c | 218 +-
+ mm/slub.c | 101 +-
mm/sparse-vmemmap.c | 4 +-
mm/sparse.c | 2 +-
mm/swap.c | 3 +
mm/swapfile.c | 12 +-
mm/util.c | 6 +
- mm/vmalloc.c | 75 +-
+ mm/vmalloc.c | 77 +-
mm/vmstat.c | 12 +-
net/8021q/vlan.c | 5 +-
net/8021q/vlan_netlink.c | 2 +-
net/can/af_can.c | 2 +-
net/can/gw.c | 6 +-
net/ceph/messenger.c | 4 +-
- net/compat.c | 34 +-
+ net/compat.c | 24 +-
net/core/datagram.c | 2 +-
net/core/dev.c | 18 +-
net/core/filter.c | 2 +-
- net/core/flow.c | 6 +-
- net/core/iovec.c | 4 +-
+ net/core/flow.c | 8 +-
net/core/neighbour.c | 4 +-
net/core/net-sysfs.c | 2 +-
net/core/net_namespace.c | 8 +-
net/core/skbuff.c | 8 +-
net/core/sock.c | 28 +-
net/core/sock_diag.c | 9 +-
- net/core/sysctl_net_core.c | 20 +-
+ net/core/sysctl_net_core.c | 22 +-
net/decnet/af_decnet.c | 1 +
net/decnet/sysctl_net_decnet.c | 4 +-
net/hsr/hsr_netlink.c | 2 +-
net/ipv6/sit.c | 4 +-
net/ipv6/sysctl_net_ipv6.c | 2 +-
net/ipv6/udp.c | 6 +-
- net/ipv6/xfrm6_policy.c | 19 +-
+ net/ipv6/xfrm6_policy.c | 17 +-
net/irda/ircomm/ircomm_tty.c | 18 +-
net/iucv/af_iucv.c | 4 +-
net/iucv/iucv.c | 2 +-
net/sctp/sm_sideeffect.c | 2 +-
net/sctp/socket.c | 21 +-
net/sctp/sysctl.c | 10 +-
- net/socket.c | 20 +-
+ net/socket.c | 18 +-
net/sunrpc/auth_gss/svcauth_gss.c | 4 +-
net/sunrpc/clnt.c | 4 +-
net/sunrpc/sched.c | 4 +-
net/sunrpc/xprtrdma/svc_rdma_sendto.c | 2 +-
net/sunrpc/xprtrdma/svc_rdma_transport.c | 10 +-
net/tipc/subscr.c | 2 +-
+ net/unix/af_unix.c | 7 +-
net/unix/sysctl_net_unix.c | 2 +-
net/wireless/wext-core.c | 19 +-
net/xfrm/xfrm_policy.c | 16 +-
net/xfrm/xfrm_state.c | 33 +-
net/xfrm/xfrm_sysctl.c | 2 +-
+ scripts/Kbuild.include | 2 +-
scripts/Makefile.build | 2 +-
scripts/Makefile.clean | 3 +-
scripts/Makefile.host | 63 +-
scripts/pnmtologo.c | 6 +-
scripts/sortextable.h | 6 +-
scripts/tags.sh | 2 +-
- security/Kconfig | 691 +++-
+ security/Kconfig | 692 +-
security/apparmor/lsm.c | 2 +-
security/integrity/ima/ima.h | 4 +-
security/integrity/ima/ima_api.c | 2 +-
security/keys/keyctl.c | 8 +-
security/security.c | 9 +-
security/selinux/avc.c | 6 +-
- security/selinux/hooks.c | 11 +-
+ security/selinux/hooks.c | 10 +-
security/selinux/include/xfrm.h | 2 +-
security/smack/smack_lsm.c | 2 +-
security/tomoyo/tomoyo.c | 2 +-
sound/firewire/scs1x.c | 8 +-
sound/oss/sb_audio.c | 2 +-
sound/oss/swarm_cs4297a.c | 6 +-
- sound/pci/hda/hda_codec.c | 10 +-
+ sound/pci/hda/hda_codec.c | 2 +-
sound/pci/ymfpci/ymfpci.h | 2 +-
sound/pci/ymfpci/ymfpci_main.c | 12 +-
- sound/soc/soc-core.c | 6 +-
+ sound/soc/soc-ac97.c | 6 +-
tools/gcc/Makefile | 40 +
tools/gcc/checker_plugin.c | 150 +
tools/gcc/colorize_plugin.c | 210 +
- tools/gcc/constify_plugin.c | 557 ++
- tools/gcc/gcc-common.h | 295 +
+ tools/gcc/constify_plugin.c | 558 +
+ tools/gcc/gcc-common.h | 375 +
tools/gcc/kallocstat_plugin.c | 183 +
- tools/gcc/kernexec_plugin.c | 522 ++
- tools/gcc/latent_entropy_plugin.c | 466 ++
+ tools/gcc/kernexec_plugin.c | 522 +
+ tools/gcc/latent_entropy_plugin.c | 466 +
tools/gcc/size_overflow_plugin/.gitignore | 1 +
tools/gcc/size_overflow_plugin/Makefile | 20 +
.../generate_size_overflow_hash.sh | 102 +
- .../insert_size_overflow_asm.c | 748 +++
- .../insert_size_overflow_check_core.c | 943 ++++
- .../insert_size_overflow_check_ipa.c | 1141 ++++
- .../size_overflow_plugin/intentional_overflow.c | 736 +++
- tools/gcc/size_overflow_plugin/misc.c | 203 +
- .../size_overflow_plugin/remove_unnecessary_dup.c | 138 +
- tools/gcc/size_overflow_plugin/size_overflow.h | 127 +
- .../gcc/size_overflow_plugin/size_overflow_debug.c | 116 +
- .../size_overflow_plugin/size_overflow_hash.data | 5911 ++++++++++++++++++++
+ .../insert_size_overflow_asm.c | 404 +
+ .../size_overflow_plugin/intentional_overflow.c | 951 +
+ tools/gcc/size_overflow_plugin/misc.c | 427 +
+ .../size_overflow_plugin/remove_unnecessary_dup.c | 137 +
+ tools/gcc/size_overflow_plugin/size_overflow.h | 226 +
+ .../gcc/size_overflow_plugin/size_overflow_debug.c | 164 +
+ .../size_overflow_plugin/size_overflow_hash.data |26684 ++++++++++++++++++++
.../size_overflow_hash_aux.data | 92 +
- .../size_overflow_plugin/size_overflow_plugin.c | 259 +
- .../size_overflow_plugin_hash.c | 364 ++
- tools/gcc/stackleak_plugin.c | 395 ++
+ tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 908 +
+ .../size_overflow_plugin/size_overflow_plugin.c | 231 +
+ .../size_overflow_plugin_hash.c | 345 +
+ .../size_overflow_plugin/size_overflow_transform.c | 430 +
+ .../size_overflow_transform_core.c | 956 +
+ tools/gcc/stackleak_plugin.c | 395 +
tools/gcc/structleak_plugin.c | 274 +
tools/include/linux/compiler.h | 8 +
tools/lib/api/Makefile | 2 +-
tools/perf/util/include/asm/alternative-asm.h | 3 +
tools/virtio/linux/uaccess.h | 2 +-
virt/kvm/kvm_main.c | 44 +-
- 1834 files changed, 36315 insertions(+), 8522 deletions(-)
+ 1850 files changed, 57698 insertions(+), 8590 deletions(-)