+commit 7b8d5c5a1477a2b62dc7ad1c28e864d7d250739c
+Merge: ca352cc 013fc76
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Thu Oct 20 07:49:24 2016 -0400
+
+ Merge branch 'pax-test' into grsec-test
+
+commit 013fc7689892902c41d38e31057e4a5686293e40
+Merge: 25eaf06 452063d
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Thu Oct 20 07:48:01 2016 -0400
+
+ Merge branch 'linux-4.7.y' into pax-test
+
+commit ca352cccec60c85fad6dedaf229d51eddfdfea58
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Thu Oct 20 07:06:54 2016 -0400
+
+ compile fix as reported by David Sterba
+
+ include/linux/mm.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+commit 82566bede4206afba0d8b11f58570d588d39586b
+Author: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Thu Oct 13 13:07:36 2016 -0700
+
+ mm: remove gup_flags FOLL_WRITE games from __get_user_pages()
+
+ This is an ancient bug that was actually attempted to be fixed once
+ (badly) by me eleven years ago in commit 4ceb5db9757a ("Fix
+ get_user_pages() race for write access") but that was then undone due to
+ problems on s390 by commit f33ea7f404e5 ("fix get_user_pages bug").
+
+ In the meantime, the s390 situation has long been fixed, and we can now
+ fix it by checking the pte_dirty() bit properly (and do it better). The
+ s390 dirty bit was implemented in abf09bed3cce ("s390/mm: implement
+ software dirty bits") which made it into v3.9. Earlier kernels will
+ have to look at the page state itself.
+
+ Also, the VM has become more scalable, and what used a purely
+ theoretical race back then has become easier to trigger.
+
+ To fix it, we introduce a new internal FOLL_COW flag to mark the "yes,
+ we already did a COW" rather than play racy games with FOLL_WRITE that
+ is very fundamental, and then use the pte dirty flag to validate that
+ the FOLL_COW flag is still valid.
+
+ Reported-and-tested-by: Phil "not Paul" Oester <kernel@linuxace.com>
+ Acked-by: Hugh Dickins <hughd@google.com>
+ Reviewed-by: Michal Hocko <mhocko@suse.com>
+ Cc: Andy Lutomirski <luto@kernel.org>
+ Cc: Kees Cook <keescook@chromium.org>
+ Cc: Oleg Nesterov <oleg@redhat.com>
+ Cc: Willy Tarreau <w@1wt.eu>
+ Cc: Nick Piggin <npiggin@gmail.com>
+ Cc: Greg Thelen <gthelen@google.com>
+ Cc: stable@vger.kernel.org
+ Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+
+ include/linux/mm.h | 2 +-
+ mm/gup.c | 14 ++++++++++++--
+ 2 files changed, 13 insertions(+), 3 deletions(-)
+
+commit d291c94e650da2d8918620e6829e05218755f77b
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Wed Oct 19 17:06:17 2016 -0400
+
+ resync with PaX
+
+ arch/arm/include/asm/atomic.h | 5 -----
+ 1 file changed, 5 deletions(-)
+
+commit 251313cb6e1d5b2ad84c62333ebafa278e861a68
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Wed Oct 19 17:03:14 2016 -0400
+
+ Fix bad ARM REFCOUNT merge with PaX, reported by kdave on the forums:
+ https://forums.grsecurity.net/viewtopic.php?f=3&t=4588
+
+ arch/arm/include/asm/atomic.h | 1 -
+ 1 file changed, 1 deletion(-)
+
+commit b64df18d4160c6d3cd470202bb8d58f38d9acb51
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Mon Oct 17 07:47:53 2016 -0400
+
+ randomize layout of subprocess_info struct
+
+ include/linux/kmod.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+commit 5780e7fb9d334bfa5cc8aef32af631e620dede3f
+Merge: 7c69071 25eaf06
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sun Oct 16 15:28:24 2016 -0400
+
+ Merge branch 'pax-test' into grsec-test
+
+commit 25eaf067f993510e5cd6cc0d9da4413cbbc12c6a
+Merge: afa87ca a0cdc25
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sun Oct 16 15:28:15 2016 -0400
+
+ Merge branch 'linux-4.7.y' into pax-test
+
+commit 7c690715adc3d9236b25ce453b387ef9583b8dda
+Merge: 37e00aa afa87ca
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sat Oct 15 15:25:46 2016 -0400
+
+ Merge branch 'pax-test' into grsec-test
+
+commit afa87cab2bed6b038cd5446a00bf58a71c954b43
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sat Oct 15 15:18:18 2016 -0400
+
+ Update to pax-linux-4.7.6-test7.patch:
+ - backported upstream commit f5beeb1851ea6f8cfcf2657f26cb24c0582b4945 to speed up kcore handling
+ - fixed a size overflow false positive in raid10, reported by eswierk (https://forums.grsecurity.net/viewtopic.php?f=3&t=4575)
+ - fixed an integer overflow in bio handling caught by the size overflow plugin, reported by jotik (https://forums.grsecurity.net/viewtopic.php?f=3&t=4579)
+ - rate limited the logging of refcount overflows and usercopy violations
+ - changed atomic64's underlying type on i386 to be consistent with other archs
+ - sped up the RIP range check in opportunistic sysret on amd64
+
+ arch/x86/entry/entry_64.S | 13 ++-
+ arch/x86/include/asm/atomic64_32.h | 4 +-
+ block/bio.c | 2 +-
+ drivers/md/raid10.c | 6 +-
+ drivers/usb/usbip/vudc_rx.c | 2 +-
+ fs/exec.c | 24 ++++--
+ fs/proc/kcore.c | 40 +++++----
+ include/linux/bio.h | 4 +-
+ scripts/gcc-plugins/size_overflow_plugin/Makefile | 2 +-
+ scripts/gcc-plugins/size_overflow_plugin/aux.data | 97 ----------------------
+ .../gcc-plugins/size_overflow_plugin/disable.data | 12 ++-
+ .../gcc-plugins/size_overflow_plugin/e_aux.data | 97 ++++++++++++++++++++++
+ .../gcc-plugins/size_overflow_plugin/e_fields.data | 14 +---
+ .../size_overflow_plugin_hash.c | 2 +-
+ 14 files changed, 169 insertions(+), 150 deletions(-)
+
+commit 37e00aa150c7861f77e69fe361bf19dee467dc0a
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Mon Oct 10 18:27:38 2016 -0400
+
+ RAP compile fix
+
+ drivers/isdn/hisax/config.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+commit 00736455939143023205fdd8957421c73868e975
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Mon Oct 10 18:09:55 2016 -0400
+
+ Mark initify broken for the time being due to some recent changes
+
+ security/Kconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+commit 64458bae539de9ac5cd2ba7cad0bd0c0510e6f37
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Mon Oct 10 17:11:40 2016 -0400
+
+ compile fix
+
+ scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin_hash.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+commit 9f5f1d1d7f120c1c85b16412e6b75ab221c2cdba
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Mon Oct 10 17:10:22 2016 -0400
+
+ Fix makefiles and .gitignore for new size_overflow plugin
+
+ Makefile | 7 +-
+ .../gcc-plugins/size_overflow_plugin/.gitignore | 5 +-
+ scripts/gcc-plugins/size_overflow_plugin/Makefile | 35 ++++++--
+ scripts/gcc-plugins/size_overflow_plugin/aux.data | 97 ----------------------
+ .../gcc-plugins/size_overflow_plugin/e_aux.data | 97 ++++++++++++++++++++++
+ 5 files changed, 128 insertions(+), 113 deletions(-)
+
+commit cb66e251f9c9880a1365c87b4a42d2885a2fb6ef
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sun Oct 9 09:28:14 2016 -0400
+
+ Enable PAX_SIZE_OVERFLOW_EXTRA by default in auto-config
+
+ security/Kconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+commit cd690739e0fb999002075161a032072cf4e4c458
+Merge: 555de68 0e7a060
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sat Oct 8 18:29:48 2016 -0400
+
+ Merge branch 'pax-test' into grsec-test
+
+commit 0e7a060de797ec4e837533146d38e8793e30f84f
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sat Oct 8 18:01:07 2016 -0400
+
+ Update to pax-linux-4.7.6-test6.patch:
+ - updated the fields hash table of the size overflow plugin to remove a few false positives
+ - fixed SANITIZE/HIBERNATION incompatibility, by Anisse Astier <anisse@astier.eu>
+ - backported a few fixes and cleanups from grsecurity
+ - fixed compile errors on some arm/arm64/powerpc/sparc configs for REFCOUNT, KERNEXEC and CONSTIFY
+ - worked around a compile regression in crc32-pclmul_asm.S on some toolchains that define __i686
+ - updated the size overflow hash table
+ - added pax_size_overflow_report_only to disable the reaction mechanism on size overflows
+ - added a few preemptive buffer size checks
+ - fixed integer signedness mixup in tun_set_headroom, by Mathias Krause <mathias.krause@secunet.com>
+ - Emese changed the size overflow plugin to enable the more risky instrumentation under its own config option
+ - Emese greatly increased the coverage of the initify plugin
+ - added BROKEN_SECURITY to disable upstream features as necessary
+
+ Documentation/dontdiff | 7 +-
+ Documentation/kernel-parameters.txt | 5 +
+ arch/arm/include/asm/atomic.h | 41 +-
+ arch/arm/include/asm/domain.h | 1 +
+ arch/arm/include/asm/string.h | 6 +-
+ arch/arm/kernel/efi.c | 4 +-
+ arch/arm/mach-mvebu/coherency.c | 2 +-
+ arch/arm/mm/alignment.c | 24 +-
+ arch/arm64/Kconfig | 1 +
+ arch/arm64/include/asm/atomic.h | 3 +
+ arch/arm64/include/asm/cache.h | 4 +-
+ arch/arm64/include/asm/pgalloc.h | 5 +
+ arch/arm64/include/asm/pgtable.h | 3 +
+ arch/arm64/include/asm/string.h | 10 +-
+ arch/arm64/kernel/process.c | 9 +-
+ arch/arm64/kernel/stacktrace.c | 4 +-
+ arch/arm64/kernel/traps.c | 2 +-
+ arch/ia64/include/asm/uaccess.h | 11 +-
+ arch/mips/Kconfig | 2 +-
+ arch/parisc/include/asm/uaccess.h | 108 +-
+ arch/powerpc/include/asm/atomic.h | 23 +-
+ arch/powerpc/include/asm/cache.h | 4 +-
+ arch/powerpc/include/asm/spinlock.h | 1 +
+ arch/powerpc/include/asm/string.h | 4 +-
+ arch/powerpc/include/asm/uaccess.h | 15 -
+ arch/powerpc/kernel/traps.c | 2 +-
+ arch/sparc/include/asm/cache.h | 4 +-
+ arch/sparc/include/asm/pgalloc_64.h | 1 +
+ arch/sparc/include/asm/uaccess_32.h | 65 -
+ arch/um/include/asm/cache.h | 3 +-
+ arch/x86/Kconfig | 5 +-
+ arch/x86/crypto/crc32-pclmul_asm.S | 4 +-
+ arch/x86/include/asm/string_32.h | 12 +-
+ arch/x86/include/asm/string_64.h | 4 +-
+ arch/x86/include/asm/uaccess.h | 2 +-
+ arch/x86/kernel/hpet.c | 2 +-
+ arch/x86/kernel/kprobes/opt.c | 8 +-
+ arch/x86/kernel/ptrace.c | 14 +
+ arch/x86/kernel/signal.c | 9 +-
+ arch/x86/lib/Makefile | 4 +
+ arch/x86/platform/efi/efi_64.c | 2 +-
+ drivers/acpi/acpica/acutils.h | 2 +-
+ drivers/acpi/acpica/dbhistry.c | 2 +-
+ drivers/acpi/acpica/dbinput.c | 10 +-
+ drivers/acpi/acpica/dbstats.c | 88 +-
+ drivers/acpi/acpica/utdebug.c | 2 +-
+ drivers/cdrom/cdrom.c | 2 +-
+ drivers/char/genrtc.c | 1 +
+ drivers/char/random.c | 2 +-
+ drivers/firmware/efi/libstub/Makefile | 2 +
+ drivers/gpu/drm/gma500/mdfld_dsi_dpi.c | 7 +-
+ drivers/hid/hid-wiimote-debug.c | 2 +-
+ drivers/iommu/arm-smmu-v3.c | 32 +-
+ drivers/isdn/hisax/hisax.h | 4 +-
+ drivers/media/radio/radio-cadet.c | 5 +-
+ drivers/mmc/host/tmio_mmc_pio.c | 4 +-
+ drivers/net/tun.c | 2 +-
+ drivers/net/wireless/zydas/zd1211rw/zd_usb.c | 2 +-
+ drivers/scsi/esas2r/esas2r_init.c | 2 +-
+ drivers/scsi/esas2r/esas2r_ioctl.c | 2 +-
+ drivers/scsi/esas2r/esas2r_log.h | 4 +-
+ drivers/scsi/esas2r/esas2r_main.c | 4 +-
+ drivers/uio/uio.c | 6 +-
+ drivers/video/fbdev/arcfb.c | 2 +-
+ fs/char_dev.c | 2 +-
+ fs/exec.c | 16 +-
+ fs/ext4/extents.c | 2 +-
+ fs/nfsd/nfscache.c | 2 +-
+ fs/ntfs/debug.h | 6 +-
+ fs/ocfs2/cluster/masklog.h | 2 +-
+ fs/proc/task_mmu.c | 5 +-
+ include/acpi/acpiosxf.h | 3 +-
+ include/acpi/acpixf.h | 2 +-
+ include/asm-generic/atomic-long.h | 4 +
+ include/asm-generic/bug.h | 5 +-
+ include/asm-generic/pgtable-nopmd.h | 1 +
+ include/asm-generic/vmlinux.lds.h | 2 +
+ include/drm/drmP.h | 2 +-
+ include/linux/atomic.h | 21 +
+ include/linux/audit.h | 5 +-
+ include/linux/compiler-gcc.h | 15 +
+ include/linux/compiler.h | 8 +
+ include/linux/fs.h | 2 +-
+ include/linux/gfp.h | 4 +-
+ include/linux/init.h | 4 +-
+ include/linux/mm.h | 2 +-
+ include/linux/printk.h | 2 +-
+ include/linux/random.h | 2 +-
+ include/linux/ratelimit.h | 3 +-
+ include/linux/sched.h | 6 +-
+ include/linux/slab.h | 2 +-
+ include/linux/string.h | 34 +-
+ include/uapi/linux/personality.h | 1 +
+ init/Kconfig | 3 +
+ init/main.c | 11 +
+ kernel/exit.c | 18 +-
+ kernel/power/hibernate.c | 21 +-
+ kernel/power/power.h | 2 +
+ kernel/power/snapshot.c | 22 +
+ lib/Kconfig.debug | 3 +-
+ lib/vsprintf.c | 6 +-
+ mm/Kconfig.debug | 2 -
+ mm/page_alloc.c | 6 +-
+ mm/util.c | 2 +-
+ net/ipv4/ip_sockglue.c | 3 +-
+ net/ipv4/ip_vti.c | 2 +-
+ scripts/Makefile.gcc-plugins | 17 +-
+ scripts/gcc-plugins/initify_plugin.c | 1588 +-
+ scripts/gcc-plugins/size_overflow_plugin/Makefile | 26 +-
+ scripts/gcc-plugins/size_overflow_plugin/aux.data | 97 +
+ .../gcc-plugins/size_overflow_plugin/disable.data | 12453 +++++++++++
+ .../disable_size_overflow_hash.data | 12445 -----------
+ .../gcc-plugins/size_overflow_plugin/e_fields.data | 18898 ++++++++++++++++
+ .../gcc-plugins/size_overflow_plugin/e_fns.data | 4833 ++++
+ .../gcc-plugins/size_overflow_plugin/e_fptrs.data | 56 +
+ .../gcc-plugins/size_overflow_plugin/e_vars.data | 116 +
+ .../insert_size_overflow_asm.c | 2 +-
+ .../size_overflow_plugin/intentional_overflow.c | 2 +-
+ .../size_overflow_plugin/size_overflow.h | 14 +-
+ .../size_overflow_plugin/size_overflow_debug.c | 4 +-
+ .../size_overflow_plugin/size_overflow_hash.data | 22068 -------------------
+ .../size_overflow_hash_aux.data | 97 -
+ .../size_overflow_plugin/size_overflow_ipa.c | 65 +-
+ .../size_overflow_plugin/size_overflow_plugin.c | 25 +-
+ .../size_overflow_plugin_hash.c | 120 +-
+ .../size_overflow_plugin/size_overflow_transform.c | 30 +-
+ security/Kconfig | 78 +-
+ security/integrity/integrity.h | 2 +-
+ security/min_addr.c | 2 +
+ 129 files changed, 38670 insertions(+), 35263 deletions(-)
+
+commit 555de68005b90a38a9e5eee6835130d5d4291030
+Merge: b48dade c3695e4
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Fri Oct 7 17:38:00 2016 -0400
+
+ Merge branch 'pax-test' into grsec-test
+
+commit c3695e458f10605aa5d59e5d16a80156c6aca5f1
+Merge: a16b512 fdf81f0
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Fri Oct 7 17:37:31 2016 -0400
+
+ Merge branch 'linux-4.7.y' into pax-test
+
+commit b48dade7b67aa153367dc38d6f3b513b93da2b07
+Merge: 14d3459 a16b512
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Fri Sep 30 07:56:46 2016 -0400
+
+ Merge branch 'pax-test' into grsec-test
+
+commit a16b51212ca70e45554cecf7d3b67335d4c847ff
+Merge: 674c5b2 f849d45
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Fri Sep 30 07:56:04 2016 -0400
+
+ Merge branch 'linux-4.7.y' into pax-test
+
+commit 14d3459a64f15c168c7783d46f690c0ee1283ef2
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Tue Sep 27 17:07:31 2016 -0400
+
+ Fix arm/MULTI_CACHE incompatibility with RANDSTRUCT, reported by radegand:
+ https://forums.grsecurity.net/viewtopic.php?t=4545&p=1659
+
+ arch/arm/include/asm/cacheflush.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+commit 39d7aa87f8bd225bc3ac099a2046e334191c90b3
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Mon Sep 26 11:28:09 2016 -0400
+
+ Backport upstream commit which allows PAX_MEMORY_SANITIZE to work
+ with hibernation:
+ https://patchwork.kernel.org/patch/9322709/
+
+ kernel/power/Kconfig | 1 -
+ kernel/power/hibernate.c | 4 +++-
+ kernel/power/power.h | 2 ++
+ kernel/power/snapshot.c | 20 ++++++++++++++++++++
+ 4 files changed, 25 insertions(+), 2 deletions(-)
+
+commit e5944827e8a1cb6938ed75cccf05f354344b3fa9
+Author: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Tue Sep 20 20:35:55 2016 +0800
+
+ KEYS: Fix skcipher IV clobbering
+
+ The IV must not be modified by the skcipher operation so we need
+ to duplicate it.
+
+ Fixes: c3917fd9dfbc ("KEYS: Use skcipher")
+ Cc: stable@vger.kernel.org
+ Reported-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
+ Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+
+ security/keys/encrypted-keys/encrypted.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+commit 17d91a9781b8c4558433cee3e7de8d44a6c2d89b
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sun Sep 25 18:10:01 2016 -0400
+
+ Make vti_notifier_block read_only
+
+ net/ipv4/ip_vti.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+commit d2eba293dd946c7686080602a2e24ddb5358cfcf
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sun Sep 25 17:30:32 2016 -0400
+
+ compile fix
+
+ net/unix/af_unix.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+commit 47cca6342f665fa1b4b755723b843ac41ebb9178
+Merge: 16919c7 674c5b2
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sun Sep 25 17:25:45 2016 -0400
+
+ Merge branch 'pax-test' into grsec-test
+
+commit 674c5b28e7dfe651caf71d1cdec395205ed9f526
+Merge: 4552781 6c21842
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Sun Sep 25 17:24:44 2016 -0400
+
+ Merge branch 'linux-4.7.y' into pax-test
+
+commit 16919c7208e7ad9bc5f6df2f151b84cede110c15
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Wed Sep 21 18:40:32 2016 -0400
+
+ compile fix
+
+ drivers/net/tun.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+commit bafd12998265ed2c32792e117e4227f757cfa18f
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Wed Sep 21 18:39:39 2016 -0400
+
+ From: Mathias Krause <mathias.krause@secunet.com>
+ Date: Wed, 21 Sep 2016 14:42:43 +0200
+ Subject: [PATCH] pax: net/tun - explicitly test for negative values in tun_set_headroom()
+
+ Because of a type change for the NET_SKB_PAD macro in the PaX patch from
+ (implicit) int to unsigned long, negative values for new_hr will be sign
+ extended and wrongly pass the minimal size test. Such a value will,
+ later on, trigger the size_overflow plugin instrumentation in
+ tun_get_user().
+
+ Fix this by testing new_hr for negative values explicitly to restore the
+ intended minimal size test.
+
+ Signed-off-by: Mathias Krause <mathias.krause@secunet.com>
+
+ drivers/net/tun.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+commit 74fbeac25af78b5f621d8acffb9158dd959078d3
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Tue Sep 20 18:37:08 2016 -0400
+
+ Make CONSTIFY depend on GCC_PLUGINS
+
+ security/Kconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+commit e9e87520569e66d710dadebddac33428c666249a
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Mon Sep 19 18:43:50 2016 -0400
+
+ Fix up atomic64_cmpxchg_unchecked on ARM with REFCOUNT
+
+ arch/arm/include/asm/atomic.h | 39 ++++-----------------------------------
+ include/linux/atomic.h | 9 +++++++++
+ 2 files changed, 13 insertions(+), 35 deletions(-)
+
+commit a1afe597f5731963416233b274144d7c57ce538d
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Mon Sep 19 17:58:58 2016 -0400
+
+ Backport upstream iscsi memory corruption fix:
+ http://marc.info/?l=linux-scsi&m=147394713328707&w=2
+
+ drivers/scsi/arcmsr/arcmsr_hba.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+commit e6e0b270a18e4ee19460f7dc72bb46d441adf3c4
+Author: Chuck Lever <chuck.lever@oracle.com>
+Date: Thu Sep 1 10:50:38 2016 -0400
+
+ svcauth_gss: Revert 64c59a3726f2 ("Remove unnecessary allocation")
+
+ rsc_lookup steals the passed-in memory to avoid doing an allocation of
+ its own, so we can't just pass in a pointer to memory that someone else
+ is using.
+
+ If we really want to avoid allocation there then maybe we should
+ preallocate somwhere, or reference count these handles.
+
+ For now we should revert.
+
+ On occasion I see this on my server:
+
+ kernel: kernel BUG at /home/cel/src/linux/linux-2.6/mm/slub.c:3851!
+ kernel: invalid opcode: 0000 [#1] SMP
+ kernel: Modules linked in: cts rpcsec_gss_krb5 sb_edac edac_core x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel lrw gf128mul glue_helper ablk_helper cryptd btrfs xor iTCO_wdt iTCO_vendor_support raid6_pq pcspkr i2c_i801 i2c_smbus lpc_ich mfd_core mei_me sg mei shpchp wmi ioatdma ipmi_si ipmi_msghandler acpi_pad acpi_power_meter rpcrdma ib_ipoib rdma_ucm ib_ucm ib_uverbs ib_umad rdma_cm ib_cm iw_cm nfsd nfs_acl lockd grace auth_rpcgss sunrpc ip_tables xfs libcrc32c mlx4_ib mlx4_en ib_core sr_mod cdrom sd_mod ast drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm crc32c_intel igb mlx4_core ahci libahci libata ptp pps_core dca i2c_algo_bit i2c_core dm_mirror dm_region_hash dm_log dm_mod
+ kernel: CPU: 7 PID: 145 Comm: kworker/7:2 Not tainted 4.8.0-rc4-00006-g9d06b0b #15
+ kernel: Hardware name: Supermicro Super Server/X10SRL-F, BIOS 1.0c 09/09/2015
+ kernel: Workqueue: events do_cache_clean [sunrpc]
+ kernel: task: ffff8808541d8000 task.stack: ffff880854344000
+ kernel: RIP: 0010:[<ffffffff811e7075>] [<ffffffff811e7075>] kfree+0x155/0x180
+ kernel: RSP: 0018:ffff880854347d70 EFLAGS: 00010246
+ kernel: RAX: ffffea0020fe7660 RBX: ffff88083f9db064 RCX: 146ff0f9d5ec5600
+ kernel: RDX: 000077ff80000000 RSI: ffff880853f01500 RDI: ffff88083f9db064
+ kernel: RBP: ffff880854347d88 R08: ffff8808594ee000 R09: ffff88087fdd8780
+ kernel: R10: 0000000000000000 R11: ffffea0020fe76c0 R12: ffff880853f01500
+ kernel: R13: ffffffffa013cf76 R14: ffffffffa013cff0 R15: ffffffffa04253a0
+ kernel: FS: 0000000000000000(0000) GS:ffff88087fdc0000(0000) knlGS:0000000000000000
+ kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+ kernel: CR2: 00007fed60b020c3 CR3: 0000000001c06000 CR4: 00000000001406e0
+ kernel: Stack:
+ kernel: ffff8808589f2f00 ffff880853f01500 0000000000000001 ffff880854347da0
+ kernel: ffffffffa013cf76 ffff8808589f2f00 ffff880854347db8 ffffffffa013d006
+ kernel: ffff8808589f2f20 ffff880854347e00 ffffffffa0406f60 0000000057c7044f
+ kernel: Call Trace:
+ kernel: [<ffffffffa013cf76>] rsc_free+0x16/0x90 [auth_rpcgss]
+ kernel: [<ffffffffa013d006>] rsc_put+0x16/0x30 [auth_rpcgss]
+ kernel: [<ffffffffa0406f60>] cache_clean+0x2e0/0x300 [sunrpc]
+ kernel: [<ffffffffa04073ee>] do_cache_clean+0xe/0x70 [sunrpc]
+ kernel: [<ffffffff8109a70f>] process_one_work+0x1ff/0x3b0
+ kernel: [<ffffffff8109b15c>] worker_thread+0x2bc/0x4a0
+ kernel: [<ffffffff8109aea0>] ? rescuer_thread+0x3a0/0x3a0
+ kernel: [<ffffffff810a0ba4>] kthread+0xe4/0xf0
+ kernel: [<ffffffff8169c47f>] ret_from_fork+0x1f/0x40
+ kernel: [<ffffffff810a0ac0>] ? kthread_stop+0x110/0x110
+ kernel: Code: f7 ff ff eb 3b 65 8b 05 da 30 e2 7e 89 c0 48 0f a3 05 a0 38 b8 00 0f 92 c0 84 c0 0f 85 d1 fe ff ff 0f 1f 44 00 00 e9 f5 fe ff ff <0f> 0b 49 8b 03 31 f6 f6 c4 40 0f 85 62 ff ff ff e9 61 ff ff ff
+ kernel: RIP [<ffffffff811e7075>] kfree+0x155/0x180
+ kernel: RSP <ffff880854347d70>
+ kernel: ---[ end trace 3fdec044969def26 ]---
+
+ It seems to be most common after a server reboot where a client has been
+ using a Kerberos mount, and reconnects to continue its workload.
+
+ Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+ Cc: stable@vger.kernel.org
+ Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+
+ net/sunrpc/auth_gss/svcauth_gss.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+commit 6e83144022a8e3cd00a7d0ca3916354ea3336f5e
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Mon Sep 19 17:44:04 2016 -0400
+
+ fix whitespace
+
+ mm/mmap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+commit ffb1a4cfdce65f581265612878fd136d76b132ae
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Mon Sep 19 17:07:34 2016 -0400
+
+ Remove optional dependency on USERCOPY for pax_check_alloca
+
+ arch/x86/kernel/dumpstack_32.c | 2 +-
+ arch/x86/kernel/dumpstack_64.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+commit 01ca858fb54c3406db13ace327798610b1cdec10
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Thu Sep 15 21:28:25 2016 -0400
+
+ compile fixes
+
+ arch/x86/crypto/crc32-pclmul_asm.S | 4 ++--
+ arch/x86/include/asm/uaccess.h | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+commit aeed418bbabf465cfa2bd5463b4ee26ddfdee99c
+Author: Al Viro <viro@ZenIV.linux.org.uk>
+Date: Thu Sep 15 02:35:29 2016 +0100
+
+ fix minor infoleak in get_user_ex()
+
+ get_user_ex(x, ptr) should zero x on failure. It's not a lot of a leak
+ (at most we are leaking uninitialized 64bit value off the kernel stack,
+ and in a fairly constrained situation, at that), but the fix is trivial,
+ so...
+
+ Cc: stable@vger.kernel.org
+ Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+ [ This sat in different branch from the uaccess fixes since mid-August ]
+ Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+
+ arch/x86/include/asm/uaccess.h | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+commit 4ec72305c579df587c9c31f18fbc3ceba14045a5
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Thu Sep 15 20:02:01 2016 -0400
+
+ compile fix
+
+ fs/proc/task_mmu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+commit ed3d3716625f0c04c9a07dc6c6c7537be22cee07
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Thu Sep 15 20:01:31 2016 -0400
+
+ Resync with PaX
+
+ fs/proc/task_mmu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+commit 36300fe10dd78430f8e84c42b665c0154f88dd5a
+Merge: 14e5235 4552781
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Thu Sep 15 18:36:02 2016 -0400
+
+ Merge branch 'pax-test' into grsec-test
+
+commit 4552781643cf8a01376539bf0bf469c8dbc69701
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Thu Sep 15 18:35:49 2016 -0400
+
+ Resync with PaX
+
+ fs/proc/task_mmu.c | 5 +++--
+ include/linux/init.h | 4 +++-
+ include/linux/mm.h | 2 +-
+ mm/util.c | 2 +-
+ 4 files changed, 8 insertions(+), 5 deletions(-)
+
+commit 14e523564a0a84ece93b04a2b375f33cce806c8b
+Merge: 402a024 6740d15
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Thu Sep 15 18:18:19 2016 -0400
+
+ Merge branch 'pax-test' into grsec-test
+
+commit 6740d1535fb0208f329eda7aeeee2c6f0fbe09d3
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Thu Sep 15 18:16:18 2016 -0400
+
+ Update to pax-linux-4.7.3-test4.patch:
+ - fixed atomic_xchg_unchecked on arm, reported by wizzup
+ - temporary workaround for cloned functions in the initify plugin, prevents an ICE-from-assertion reported by xeaforz and gg
+ - fixed hugetlb compile error on arm64
+ - fixed branch prediction hints in copy*user on x86, by spender
+ - fixed the invocation of gcc-plugin.sh while reporting errors, by spender
+ - fixed long-standing regression in non-exec page support on powerpc32/book3s
+ - fixed inefficient PIC in crc32_pclmul* on i386 to also work under KERNEXEC, reported by minipli
+ - fixed pfn/physical address mixup in static_protections on amd64, by Mathias Krause <mathias.krause@secunet.com>
+ - fixed latent bug on module loading exposed by the fix for static_protections, reported by minipli
+ - fixed two USERCOPY violations in iucv and netlink, by Mathias Krause <minipli@ld-linux.so>
+ - fixed a xen boot regression with ssp-strong, reported by biergaizi and d-u (https://forums.grsecurity.net/viewtopic.php?f=3&t=4441)
+ - fixed module symbol resolution and extable handling on i386/KERNEXEC when KASLR is enabled
+
+ arch/arm/include/asm/atomic.h | 12 +++--------
+ arch/arm/include/asm/cmpxchg.h | 3 ++-
+ arch/arm64/mm/dma-mapping.c | 2 +-
+ arch/mips/cavium-octeon/dma-octeon.c | 2 +-
+ arch/powerpc/include/asm/book3s/32/hash.h | 2 +-
+ arch/powerpc/include/asm/book3s/32/pgtable.h | 2 +-
+ arch/powerpc/include/asm/pte-common.h | 30 +++++++++++++---------------
+ arch/x86/crypto/crc32-pclmul_asm.S | 19 +++++++++++-------
+ arch/x86/include/asm/setup.h | 3 ++-
+ arch/x86/include/asm/uaccess.h | 4 ++--
+ arch/x86/kernel/module.c | 2 +-
+ arch/x86/kernel/pci-swiotlb.c | 2 +-
+ arch/x86/kvm/x86.c | 2 +-
+ arch/x86/mm/extable.c | 18 ++---------------
+ arch/x86/mm/pageattr.c | 5 +++--
+ arch/x86/xen/enlighten.c | 18 ++++++++---------
+ arch/x86/xen/pmu.c | 1 +
+ include/asm-generic/atomic-long.h | 2 ++
+ include/asm-generic/atomic64.h | 1 +
+ include/linux/atomic.h | 4 ++++
+ include/linux/llist.h | 9 +++++++++
+ include/linux/swiotlb.h | 3 +--
+ kernel/extable.c | 17 ++++++++++++++--
+ kernel/module.c | 9 ++++++++-
+ lib/extable.c | 11 +---------
+ lib/llist.c | 17 ++++++++++++++++
+ lib/swiotlb.c | 2 +-
+ mm/hugetlb.c | 12 +++++++++++
+ mm/vmalloc.c | 2 +-
+ net/iucv/af_iucv.c | 7 +++----
+ net/netlink/af_netlink.c | 5 +++--
+ scripts/Makefile.gcc-plugins | 2 +-
+ scripts/gcc-plugins/initify_plugin.c | 4 +++-
+ 33 files changed, 139 insertions(+), 95 deletions(-)
+
+commit 402a02454512e83be868e83529b04c0ccde687a9
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Thu Sep 15 08:25:18 2016 -0400
+
+ Update size_overflow hash
+
+ scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash.data | 1 +
+ 1 file changed, 1 insertion(+)
+
+commit e1d3996c7486a0985846423711dd5c05401144c1
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Thu Sep 15 07:48:33 2016 -0400
+
+ compile fix
+
+ kernel/capability.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+commit a668b9edff65c3c2eb134e1c7edfbc4142f1e678
+Merge: f2ceab4 4f9be5c
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Thu Sep 15 07:24:15 2016 -0400
+
+ Rename our existing ns_capable_nolog to suit upstream's bikeshedded ns_capable_noaudit
+
+ Merge branch 'pax-test' into grsec-test
+
+commit 4f9be5c8326f08df59ef7df521acac91e9e6c3d5
+Merge: 168b0e3 bd333da
+Author: Brad Spengler <spender@grsecurity.net>
+Date: Thu Sep 15 07:12:12 2016 -0400
+
+ Merge branch 'linux-4.7.y' into pax-test
+
commit f2ceab4fbaec0cd5c127345dbce3e033b74fe826
Author: WANG Cong <xiyou.wangcong@gmail.com>
Date: Sun Aug 28 21:28:26 2016 -0700