]> git.ipfire.org Git - thirdparty/grsecurity-scrape.git/blame - test/changelog-test.txt
projects / thirdparty / grsecurity-scrape.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Auto commit, 1 new patch{es}.
[thirdparty/grsecurity-scrape.git] / test / changelog-test.txt
CommitLineData
a085e527
PK		 1commit 24ce7d83ff71aa7102231f41c41aaf44f949751a
2Author: David Gstir <david@sigma-star.at>
3Date: Sun Nov 15 17:14:41 2015 +0100
4
5 crypto: nx - Fix timing leak in GCM and CCM decryption
6
7 Using non-constant time memcmp() makes the verification of the authentication
8 tag in the decrypt path vulnerable to timing attacks. Fix this by using
9 crypto_memneq() instead.
10
11 Cc: stable@vger.kernel.org
12 Signed-off-by: David Gstir <david@sigma-star.at>
13 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
14
15 drivers/crypto/nx/nx-aes-ccm.c | 2 +-
16 drivers/crypto/nx/nx-aes-gcm.c | 2 +-
17 2 files changed, 2 insertions(+), 2 deletions(-)
18
19commit 5c001f6d281406b32d79cf9b7851413adb658641
20Author: David Gstir <david@sigma-star.at>
21Date: Sun Nov 15 17:14:42 2015 +0100
22
23 crypto: talitos - Fix timing leak in ESP ICV verification
24
25 Using non-constant time memcmp() makes the verification of the authentication
26 tag in the decrypt path vulnerable to timing attacks. Fix this by using
27 crypto_memneq() instead.
28
29 Cc: stable@vger.kernel.org
30 Signed-off-by: David Gstir <david@sigma-star.at>
31 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
32
33 Conflicts:
34
35 drivers/crypto/talitos.c
36
37 drivers/crypto/talitos.c | 4 ++--
38 1 files changed, 2 insertions(+), 2 deletions(-)
39
40commit 66e9fe2d958fcdce01c6dadf415864e8cdeb06cb
41Author: Brad Spengler <spender@grsecurity.net>
42Date: Fri Dec 4 23:40:00 2015 -0500
43
44 Fix a size_overflow report caused by __get_user not fully initializing a register when
45 reading in less than a register-width from userland, reported by peetaur at:
46 https://forums.grsecurity.net/viewtopic.php?f=3&t=4332
47 Fix is from the PaX Team
48
49 arch/x86/include/asm/uaccess.h | 2 +-
50 1 files changed, 1 insertions(+), 1 deletions(-)
51
52commit 8599b6467ba41cf3d4e9a96495b5d71d44e74f6c
53Author: Eric Dumazet <edumazet@google.com>
54Date: Thu Nov 26 08:18:14 2015 -0800
55
56 tcp: initialize tp->copied_seq in case of cross SYN connection
57
58 Dmitry provided a syzkaller (http://github.com/google/syzkaller)
59 generated program that triggers the WARNING at
60 net/ipv4/tcp.c:1729 in tcp_recvmsg() :
61
62 WARN_ON(tp->copied_seq != tp->rcv_nxt &&
63 !(flags & (MSG_PEEK | MSG_TRUNC)));
64
65 His program is specifically attempting a Cross SYN TCP exchange,
66 that we support (for the pleasure of hackers ?), but it looks we
67 lack proper tcp->copied_seq initialization.
68
69 Thanks again Dmitry for your report and testings.
70
71 Signed-off-by: Eric Dumazet <edumazet@google.com>
72 Reported-by: Dmitry Vyukov <dvyukov@google.com>
73 Tested-by: Dmitry Vyukov <dvyukov@google.com>
74 Signed-off-by: David S. Miller <davem@davemloft.net>
75
76 net/ipv4/tcp_input.c | 1 +
77 1 files changed, 1 insertions(+), 0 deletions(-)
78
79commit 73c0ec9194319dc262011dbe7196c55cb450f29a
80Author: Guillaume Nault <g.nault@alphalink.fr>
81Date: Thu Dec 3 16:49:32 2015 +0100
82
83 pppoe: fix memory corruption in padt work structure
84
85 pppoe_connect() mustn't touch the padt_work field of pppoe sockets
86 because that work could be already pending.
87
88 [ 21.473147] BUG: unable to handle kernel NULL pointer dereference at 00000004
89 [ 21.474523] IP: [<c1043177>] process_one_work+0x29/0x31c
90 [ 21.475164] *pde = 00000000
91 [ 21.475513] Oops: 0000 [#1] SMP
92 [ 21.475910] Modules linked in: pppoe pppox ppp_generic slhc crc32c_intel aesni_intel virtio_net xts aes_i586 lrw gf128mul ablk_helper cryptd evdev acpi_cpufreq processor serio_raw button ext4 crc16 mbcache jbd2 virtio_blk virtio_pci virtio_ring virtio
93 [ 21.476168] CPU: 2 PID: 164 Comm: kworker/2:2 Not tainted 4.4.0-rc1 #1
94 [ 21.476168] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
95 [ 21.476168] task: f5f83c00 ti: f5e28000 task.ti: f5e28000
96 [ 21.476168] EIP: 0060:[<c1043177>] EFLAGS: 00010046 CPU: 2
97 [ 21.476168] EIP is at process_one_work+0x29/0x31c
98 [ 21.484082] EAX: 00000000 EBX: f678b2a0 ECX: 00000004 EDX: 00000000
99 [ 21.484082] ESI: f6c69940 EDI: f5e29ef0 EBP: f5e29f0c ESP: f5e29edc
100 [ 21.484082] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
101 [ 21.484082] CR0: 80050033 CR2: 000000a4 CR3: 317ad000 CR4: 00040690
102 [ 21.484082] Stack:
103 [ 21.484082] 00000000 f6c69950 00000000 f6c69940 c0042338 f5e29f0c c1327945 00000000
104 [ 21.484082] 00000008 f678b2a0 f6c69940 f678b2b8 f5e29f30 c1043984 f5f83c00 f6c69970
105 [ 21.484082] f678b2a0 c10437d3 f6775e80 f678b2a0 c10437d3 f5e29fac c1047059 f5e29f74
106 [ 21.484082] Call Trace:
107 [ 21.484082] [<c1327945>] ? _raw_spin_lock_irq+0x28/0x30
108 [ 21.484082] [<c1043984>] worker_thread+0x1b1/0x244
109 [ 21.484082] [<c10437d3>] ? rescuer_thread+0x229/0x229
110 [ 21.484082] [<c10437d3>] ? rescuer_thread+0x229/0x229
111 [ 21.484082] [<c1047059>] kthread+0x8f/0x94
112 [ 21.484082] [<c1327a32>] ? _raw_spin_unlock_irq+0x22/0x26
113 [ 21.484082] [<c1327ee9>] ret_from_kernel_thread+0x21/0x38
114 [ 21.484082] [<c1046fca>] ? kthread_parkme+0x19/0x19
115 [ 21.496082] Code: 5d c3 55 89 e5 57 56 53 89 c3 83 ec 24 89 d0 89 55 e0 8d 7d e4 e8 6c d8 ff ff b9 04 00 00 00 89 45 d8 8b 43 24 89 45 dc 8b 45 d8 <8b> 40 04 8b 80 e0 00 00 00 c1 e8 05 24 01 88 45 d7 8b 45 e0 8d
116 [ 21.496082] EIP: [<c1043177>] process_one_work+0x29/0x31c SS:ESP 0068:f5e29edc
117 [ 21.496082] CR2: 0000000000000004
118 [ 21.496082] ---[ end trace e362cc9cf10dae89 ]---
119
120 Reported-by: Andrew <nitr0@seti.kr.ua>
121 Fixes: 287f3a943fef ("pppoe: Use workqueue to die properly when a PADT is received")
122 Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
123 Signed-off-by: David S. Miller <davem@davemloft.net>
124
125 drivers/net/ppp/pppoe.c | 14 ++++++++++----
126 1 files changed, 10 insertions(+), 4 deletions(-)
127
128commit 909cb25969d65dbdd08c69486c72cb09cf30131a
129Merge: 2fd6be6 b27a8b0
130Author: Brad Spengler <spender@grsecurity.net>
131Date: Fri Dec 4 19:40:10 2015 -0500
132
133 Merge branch 'pax-test' into grsec-test
134
135 Conflicts:
136 Makefile
137
138commit b27a8b0f99304f0bc3ea3a8e55f04f6bb57bbe8f
139Author: Brad Spengler <spender@grsecurity.net>
140Date: Fri Dec 4 19:38:31 2015 -0500
141
142 Update to pax-linux-4.2.6-test26.patch:
143 - fixed integer truncation check in md introduced by upstream commits 284ae7cab0f7335c9e0aa8992b28415ef1a54c7c and 58c0fed400603a802968b23ddf78f029c5a84e41, reported by BeiKed9o (https://forums.grsecurity.net/viewtopic.php?f=3&t=4328)
144 - gcc plugin compilation problems will now also produce the output of the checking script to make diagnosis easier, reported by hunger
145 - Emese fixed a false positive size overflow report in __vhost_add_used_n, reported by quasar366 (https://forums.grsecurity.net/viewtopic.php?f=3&t=4329)
146 - fixed a potential integer truncation error in the raid1 code caught by the size overflow plugin, reported by d1b (https://forums.grsecurity.net/viewtopic.php?f=3&t=4331)
147
148 Makefile | 5 +++
149 drivers/md/md.c | 5 ++-
150 drivers/md/raid1.c | 2 +-
151 fs/proc/task_mmu.c | 3 ++
152 .../disable_size_overflow_hash.data | 4 ++-
153 .../size_overflow_plugin/intentional_overflow.c | 32 ++++++++++++++++---
154 .../size_overflow_plugin/size_overflow_hash.data | 2 -
155 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
156 8 files changed, 43 insertions(+), 12 deletions(-)
157
158commit 2fd6be640143ad13633518208bb1ba5730bf4949
159Author: Eric Dumazet <edumazet@google.com>
160Date: Tue Dec 1 20:08:51 2015 -0800
161
162 net_sched: fix qdisc_tree_decrease_qlen() races
163
164 qdisc_tree_decrease_qlen() suffers from two problems on multiqueue
165 devices.
166
167 One problem is that it updates sch->q.qlen and sch->qstats.drops
168 on the mq/mqprio root qdisc, while it should not : Daniele
169 reported underflows errors :
170 [ 681.774821] PAX: sch->q.qlen: 0 n: 1
171 [ 681.774825] PAX: size overflow detected in function qdisc_tree_decrease_qlen net/sched/sch_api.c:769 cicus.693_49 min, count: 72, decl: qlen; num: 0; context: sk_buff_head;
172 [ 681.774954] CPU: 2 PID: 19 Comm: ksoftirqd/2 Tainted: G O 4.2.6.201511282239-1-grsec #1
173 [ 681.774955] Hardware name: ASUSTeK COMPUTER INC. X302LJ/X302LJ, BIOS X302LJ.202 03/05/2015
174 [ 681.774956] ffffffffa9a04863 0000000000000000 0000000000000000 ffffffffa990ff7c
175 [ 681.774959] ffffc90000d3bc38 ffffffffa95d2810 0000000000000007 ffffffffa991002b
176 [ 681.774960] ffffc90000d3bc68 ffffffffa91a44f4 0000000000000001 0000000000000001
177 [ 681.774962] Call Trace:
178 [ 681.774967] [<ffffffffa95d2810>] dump_stack+0x4c/0x7f
179 [ 681.774970] [<ffffffffa91a44f4>] report_size_overflow+0x34/0x50
180 [ 681.774972] [<ffffffffa94d17e2>] qdisc_tree_decrease_qlen+0x152/0x160
181 [ 681.774976] [<ffffffffc02694b1>] fq_codel_dequeue+0x7b1/0x820 [sch_fq_codel]
182 [ 681.774978] [<ffffffffc02680a0>] ? qdisc_peek_dequeued+0xa0/0xa0 [sch_fq_codel]
183 [ 681.774980] [<ffffffffa94cd92d>] __qdisc_run+0x4d/0x1d0
184 [ 681.774983] [<ffffffffa949b2b2>] net_tx_action+0xc2/0x160
185 [ 681.774985] [<ffffffffa90664c1>] __do_softirq+0xf1/0x200
186 [ 681.774987] [<ffffffffa90665ee>] run_ksoftirqd+0x1e/0x30
187 [ 681.774989] [<ffffffffa90896b0>] smpboot_thread_fn+0x150/0x260
188 [ 681.774991] [<ffffffffa9089560>] ? sort_range+0x40/0x40
189 [ 681.774992] [<ffffffffa9085fe4>] kthread+0xe4/0x100
190 [ 681.774994] [<ffffffffa9085f00>] ? kthread_worker_fn+0x170/0x170
191 [ 681.774995] [<ffffffffa95d8d1e>] ret_from_fork+0x3e/0x70
192
193 mq/mqprio have their own ways to report qlen/drops by folding stats on
194 all their queues, with appropriate locking.
195
196 A second problem is that qdisc_tree_decrease_qlen() calls qdisc_lookup()
197 without proper locking : concurrent qdisc updates could corrupt the list
198 that qdisc_match_from_root() parses to find a qdisc given its handle.
199
200 Fix first problem adding a TCQ_F_NOPARENT qdisc flag that
201 qdisc_tree_decrease_qlen() can use to abort its tree traversal,
202 as soon as it meets a mq/mqprio qdisc children.
203
204 Second problem can be fixed by RCU protection.
205 Qdisc are already freed after RCU grace period, so qdisc_list_add() and
206 qdisc_list_del() simply have to use appropriate rcu list variants.
207
208 A future patch will add a per struct netdev_queue list anchor, so that
209 qdisc_tree_decrease_qlen() can have more efficient lookups.
210
211 Reported-by: Daniele Fucini <dfucini@gmail.com>
212 Signed-off-by: Eric Dumazet <edumazet@google.com>
213 Cc: Cong Wang <cwang@twopensource.com>
214 Cc: Jamal Hadi Salim <jhs@mojatatu.com>
215 Signed-off-by: David S. Miller <davem@davemloft.net>
216
217 Conflicts:
218
219 net/sched/sch_generic.c
220
221 include/net/sch_generic.h | 3 +++
222 net/sched/sch_api.c | 27 ++++++++++++++++++---------
223 net/sched/sch_generic.c | 2 +-
224 net/sched/sch_mq.c | 4 ++--
225 net/sched/sch_mqprio.c | 4 ++--
226 5 files changed, 26 insertions(+), 14 deletions(-)
227
228commit 47e3db55fb66525b7a769de3e2275b5d75a03f39
229Author: Eric Dumazet <edumazet@google.com>
230Date: Tue Dec 1 07:20:07 2015 -0800
231
232 ipv6: sctp: implement sctp_v6_destroy_sock()
233
234 Dmitry Vyukov reported a memory leak using IPV6 SCTP sockets.
235
236 We need to call inet6_destroy_sock() to properly release
237 inet6 specific fields.
238
239 Reported-by: Dmitry Vyukov <dvyukov@google.com>
240 Signed-off-by: Eric Dumazet <edumazet@google.com>
241 Acked-by: Daniel Borkmann <daniel@iogearbox.net>
242 Signed-off-by: David S. Miller <davem@davemloft.net>
243
244 net/sctp/socket.c | 9 ++++++++-
245 1 files changed, 8 insertions(+), 1 deletions(-)
246
247commit c97f798d6e4fb454a7bfbb39fc073c8f538863c9
248Author: Jan Engelhardt <jengelh@inai.de>
249Date: Mon Nov 23 17:46:32 2015 +0100
250
251 target: fix COMPARE_AND_WRITE non zero SGL offset data corruption
252
253 target_core_sbc's compare_and_write functionality suffers from taking
254 data at the wrong memory location when writing a CAW request to disk
255 when a SGL offset is non-zero.
256
257 This can happen with loopback and vhost-scsi fabric drivers when
258 SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC is used to map existing user-space
259 SGL memory into COMPARE_AND_WRITE READ/WRITE payload buffers.
260
261 Given the following sample LIO subtopology,
262
263 % targetcli ls /loopback/
264 o- loopback ................................. [1 Target]
265 o- naa.6001405ebb8df14a ....... [naa.60014059143ed2b3]
266 o- luns ................................... [2 LUNs]
267 o- lun0 ................ [iblock/ram0 (/dev/ram0)]
268 o- lun1 ................ [iblock/ram1 (/dev/ram1)]
269 % lsscsi -g
270 [3:0:1:0] disk LIO-ORG IBLOCK 4.0 /dev/sdc /dev/sg3
271 [3:0:1:1] disk LIO-ORG IBLOCK 4.0 /dev/sdd /dev/sg4
272
273 the following bug can be observed in Linux 4.3 and 4.4~rc1:
274
275 % perl -e 'print chr$_ for 0..255,reverse 0..255' >rand
276 % perl -e 'print "\0" x 512' >zero
277 % cat rand >/dev/sdd
278 % sg_compare_and_write -i rand -D zero --lba 0 /dev/sdd
279 % sg_compare_and_write -i zero -D rand --lba 0 /dev/sdd
280 Miscompare reported
281 % hexdump -Cn 512 /dev/sdd
282 00000000 0f 0e 0d 0c 0b 0a 09 08 07 06 05 04 03 02 01 00
283 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
284 *
285 00000200
286
287 Rather than writing all-zeroes as instructed with the -D file, it
288 corrupts the data in the sector by splicing some of the original
289 bytes in. The page of the first entry of cmd->t_data_sg includes the
290 CDB, and sg->offset is set to a position past the CDB. I presume that
291 sg->offset is also the right choice to use for subsequent sglist
292 members.
293
294 Signed-off-by: Jan Engelhardt <jengelh@netitwork.de>
295 Tested-by: Douglas Gilbert <dgilbert@interlog.com>
296 Cc: <stable@vger.kernel.org> # v3.12+
297 Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
298
299 drivers/target/target_core_sbc.c | 4 ++--
300 1 files changed, 2 insertions(+), 2 deletions(-)
301
302commit 43aa1ca4268298d8f65be2411d627573f33afb3e
303Author: Nicholas Bellinger <nab@linux-iscsi.org>
304Date: Thu Nov 5 23:37:59 2015 -0800
305
306 target: Fix race for SCF_COMPARE_AND_WRITE_POST checking
307
308 This patch addresses a race + use after free where the first
309 stage of COMPARE_AND_WRITE in compare_and_write_callback()
310 is rescheduled after the backend sends the secondary WRITE,
311 resulting in second stage compare_and_write_post() callback
312 completing in target_complete_ok_work() before the first
313 can return.
314
315 Because current code depends on checking se_cmd->se_cmd_flags
316 after return from se_cmd->transport_complete_callback(),
317 this results in first stage having SCF_COMPARE_AND_WRITE_POST
318 set, which incorrectly falls through into second stage CAW
319 processing code, eventually triggering a NULL pointer
320 dereference due to use after free.
321
322 To address this bug, pass in a new *post_ret parameter into
323 se_cmd->transport_complete_callback(), and depend upon this
324 value instead of ->se_cmd_flags to determine when to return
325 or fall through into ->queue_status() code for CAW.
326
327 Cc: Sagi Grimberg <sagig@mellanox.com>
328 Cc: <stable@vger.kernel.org> # v3.12+
329 Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
330
331 drivers/target/target_core_sbc.c | 13 +++++++++----
332 drivers/target/target_core_transport.c | 14 ++++++++------
333 include/target/target_core_base.h | 2 +-
334 3 files changed, 18 insertions(+), 11 deletions(-)
335
336commit c26b157afe2cbde205fcdd36c0b0cc6ca36c2a6e
337Author: Hannes Frederic Sowa <hannes@stressinduktion.org>
338Date: Thu Nov 26 12:08:18 2015 +0100
339
340 af-unix: passcred support for sendpage
341
342 sendpage did not care about credentials at all. This could lead to
343 situations in which because of fd passing between processes we could
344 append data to skbs with different scm data. It is illegal to splice those
345 skbs together. Instead we have to allocate a new skb and if requested
346 fill out the scm details.
347
348 Fixes: 869e7c62486ec ("net: af_unix: implement stream sendpage support")
349 Reported-by: Al Viro <viro@zeniv.linux.org.uk>
350 Cc: Al Viro <viro@zeniv.linux.org.uk>
351 Cc: Eric Dumazet <edumazet@google.com>
352 Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
353 Signed-off-by: David S. Miller <davem@davemloft.net>
354
355 net/unix/af_unix.c | 79 ++++++++++++++++++++++++++++++++++++++++++----------
356 1 files changed, 64 insertions(+), 15 deletions(-)
357
358commit db1370c0dee2dfc22c3549eff6791afd19aaa365
359Author: Peter Hurley <peter@hurleysoftware.com>
360Date: Fri Nov 27 14:18:39 2015 -0500
361
362 wan/x25: Fix use-after-free in x25_asy_open_tty()
363
364 The N_X25 line discipline may access the previous line discipline's closed
365 and already-freed private data on open [1].
366
367 The tty->disc_data field _never_ refers to valid data on entry to the
368 line discipline's open() method. Rather, the ldisc is expected to
369 initialize that field for its own use for the lifetime of the instance
370 (ie. from open() to close() only).
371
372 [1]
373 [ 634.336761] ==================================================================
374 [ 634.338226] BUG: KASAN: use-after-free in x25_asy_open_tty+0x13d/0x490 at addr ffff8800a743efd0
375 [ 634.339558] Read of size 4 by task syzkaller_execu/8981
376 [ 634.340359] =============================================================================
377 [ 634.341598] BUG kmalloc-512 (Not tainted): kasan: bad access detected
378 ...
379 [ 634.405018] Call Trace:
380 [ 634.405277] dump_stack (lib/dump_stack.c:52)
381 [ 634.405775] print_trailer (mm/slub.c:655)
382 [ 634.406361] object_err (mm/slub.c:662)
383 [ 634.406824] kasan_report_error (mm/kasan/report.c:138 mm/kasan/report.c:236)
384 [ 634.409581] __asan_report_load4_noabort (mm/kasan/report.c:279)
385 [ 634.411355] x25_asy_open_tty (drivers/net/wan/x25_asy.c:559 (discriminator 1))
386 [ 634.413997] tty_ldisc_open.isra.2 (drivers/tty/tty_ldisc.c:447)
387 [ 634.414549] tty_set_ldisc (drivers/tty/tty_ldisc.c:567)
388 [ 634.415057] tty_ioctl (drivers/tty/tty_io.c:2646 drivers/tty/tty_io.c:2879)
389 [ 634.423524] do_vfs_ioctl (fs/ioctl.c:43 fs/ioctl.c:607)
390 [ 634.427491] SyS_ioctl (fs/ioctl.c:622 fs/ioctl.c:613)
391 [ 634.427945] entry_SYSCALL_64_fastpath (arch/x86/entry/entry_64.S:188)
392
393 Reported-and-tested-by: Sasha Levin <sasha.levin@oracle.com>
394 Cc: <stable@vger.kernel.org>
395 Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
396 Signed-off-by: David S. Miller <davem@davemloft.net>
397
398 drivers/net/wan/x25_asy.c | 6 +-----
399 1 files changed, 1 insertions(+), 5 deletions(-)
400
401commit 39f32f33dc362f9704113cc7874238792f8294c9
402Author: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
403Date: Mon Nov 30 14:32:54 2015 -0200
404
405 sctp: use GFP_USER for user-controlled kmalloc
406
407 Dmitry Vyukov reported that the user could trigger a kernel warning by
408 using a large len value for getsockopt SCTP_GET_LOCAL_ADDRS, as that
409 value directly affects the value used as a kmalloc() parameter.
410
411 This patch thus switches the allocation flags from all user-controllable
412 kmalloc size to GFP_USER to put some more restrictions on it and also
413 disables the warn, as they are not necessary.
414
415 Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
416 Acked-by: Daniel Borkmann <daniel@iogearbox.net>
417 Signed-off-by: David S. Miller <davem@davemloft.net>
418
419 net/sctp/socket.c | 4 ++--
420 1 files changed, 2 insertions(+), 2 deletions(-)
421
18e926a4
PK		 422commit 70614db891859ff8474665fc0e982e772c5baf6c
423Merge: 2aa7479 7f57ad4
424Author: Brad Spengler <spender@grsecurity.net>
425Date: Sat Nov 28 21:58:09 2015 -0500
426
427 Merge branch 'pax-test' into grsec-test
428
429commit 7f57ad48fc90cc2c942ef8cad44804ea6cdbfc67
430Author: Brad Spengler <spender@grsecurity.net>
431Date: Sat Nov 28 21:57:41 2015 -0500
432
433 Update to pax-linux-4.2.6-test25.patch:
434 - fixed constify regression, reported by spender
435
436 tools/gcc/constify_plugin.c | 14 +++++++-------
437 tools/gcc/initify_plugin.c | 2 +-
438 .../size_overflow_plugin/size_overflow_transform.c | 13 ++++++-------
439 tools/gcc/structleak_plugin.c | 2 +-
440 4 files changed, 15 insertions(+), 16 deletions(-)
441
442commit 2aa74790571aaea3d90191b1d235f580600d109f
443Merge: e10e76a 0851e20
444Author: Brad Spengler <spender@grsecurity.net>
445Date: Fri Nov 27 21:02:06 2015 -0500
446
447 Merge branch 'pax-test' into grsec-test
448
449commit 0851e206a7d21e18d353984cb3f827158ce4237b
450Author: Brad Spengler <spender@grsecurity.net>
451Date: Fri Nov 27 21:01:41 2015 -0500
452
453 Update to pax-linux-4.2.6-test24.patch:
454 - Emese fixed a few false positive overflow reports due to intentional overflows introduced by gcc, reported by Arnaud, kdave (https://forums.grsecurity.net/viewtopic.php?t=4287&p=15813#p15799) and rfnx (https://forums.grsecurity.net/viewtopic.php?t=4322)
455 - Emese fixed a false positive size overflow report in ext4, reported by saironiq (https://forums.grsecurity.net/viewtopic.php?f=3&t=4324)
456 - fixed a potential integer truncation error in the raid10 code caught by the size overflow plugin, reported by Alexander Tsoy (https://bugs.gentoo.org/show_bug.cgi?id=566316#c10)
457 - fixed a few integer sign conversion errors in the kernel's zlib code caught by the size overflow plugin, reported by audiocricket (https://forums.grsecurity.net/viewtopic.php?f=3&t=4325)
458 - fixed the handling of the no-constify constify plugin parameter
459 - constified kvm_x86_ops
460 - fixed macro param usage in access_ok, reported by gcc-6
461 - turned off ipa-icf on the size overflow plugin as gcc-5 compiles it very slowly
462 - fixed all plugins for gcc-6
463
464 arch/arm/kvm/arm.c | 2 +-
465 arch/mips/kvm/mips.c | 2 +-
466 arch/powerpc/kvm/powerpc.c | 2 +-
467 arch/x86/include/asm/uaccess.h | 2 +-
468 arch/x86/kvm/svm.c | 2 +-
469 arch/x86/kvm/vmx.c | 24 ++++----
470 arch/x86/kvm/x86.c | 2 +-
471 crypto/zlib.c | 8 +-
472 drivers/md/raid10.c | 2 +-
473 include/linux/kvm_host.h | 4 +-
474 scripts/Makefile.host | 6 ++
475 tools/gcc/constify_plugin.c | 27 +++++---
476 tools/gcc/initify_plugin.c | 6 +-
477 tools/gcc/kernexec_plugin.c | 10 +--
478 tools/gcc/size_overflow_plugin/Makefile | 2 +
479 .../disable_size_overflow_hash.data | 3 +
480 .../insert_size_overflow_asm.c | 2 +-
481 .../size_overflow_plugin/intentional_overflow.c | 63 ++++++++++++++++++++
482 tools/gcc/size_overflow_plugin/size_overflow.h | 1 +
483 .../gcc/size_overflow_plugin/size_overflow_debug.c | 2 +-
484 .../size_overflow_plugin/size_overflow_hash.data | 3 -
485 tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 2 +-
486 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
487 .../size_overflow_plugin/size_overflow_transform.c | 14 +++--
488 .../size_overflow_transform_core.c | 2 +
489 virt/kvm/kvm_main.c | 2 +-
490 26 files changed, 140 insertions(+), 57 deletions(-)
491
492commit e10e76a7ca9aab3528a613e91b556fd2f961c446
493Author: Brad Spengler <spender@grsecurity.net>
494Date: Fri Nov 27 20:04:14 2015 -0500
495
496 update RANDSTRUCT for gcc6
497
498 tools/gcc/randomize_layout_plugin.c | 2 +-
499 1 files changed, 1 insertions(+), 1 deletions(-)
500
501commit dd166b8680fdf8a72b44f175630803f33f442428
502Author: Filipe Manana <fdmanana@suse.com>
503Date: Fri Oct 16 12:34:25 2015 +0100
504
505 Btrfs: fix truncation of compressed and inlined extents
506
507 When truncating a file to a smaller size which consists of an inline
508 extent that is compressed, we did not discard (or made unusable) the
509 data between the new file size and the old file size, wasting metadata
510 space and allowing for the truncated data to be leaked and the data
511 corruption/loss mentioned below.
512 We were also not correctly decrementing the number of bytes used by the
513 inode, we were setting it to zero, giving a wrong report for callers of
514 the stat(2) syscall. The fsck tool also reported an error about a mismatch
515 between the nbytes of the file versus the real space used by the file.
516
517 Now because we weren't discarding the truncated region of the file, it
518 was possible for a caller of the clone ioctl to actually read the data
519 that was truncated, allowing for a security breach without requiring root
520 access to the system, using only standard filesystem operations. The
521 scenario is the following:
522
523 1) User A creates a file which consists of an inline and compressed
524 extent with a size of 2000 bytes - the file is not accessible to
525 any other users (no read, write or execution permission for anyone
526 else);
527
528 2) The user truncates the file to a size of 1000 bytes;
529
530 3) User A makes the file world readable;
531
532 4) User B creates a file consisting of an inline extent of 2000 bytes;
533
534 5) User B issues a clone operation from user A's file into its own
535 file (using a length argument of 0, clone the whole range);
536
537 6) User B now gets to see the 1000 bytes that user A truncated from
538 its file before it made its file world readbale. User B also lost
539 the bytes in the range [1000, 2000[ bytes from its own file, but
540 that might be ok if his/her intention was reading stale data from
541 user A that was never supposed to be public.
542
543 Note that this contrasts with the case where we truncate a file from 2000
544 bytes to 1000 bytes and then truncate it back from 1000 to 2000 bytes. In
545 this case reading any byte from the range [1000, 2000[ will return a value
546 of 0x00, instead of the original data.
547
548 This problem exists since the clone ioctl was added and happens both with
549 and without my recent data loss and file corruption fixes for the clone
550 ioctl (patch "Btrfs: fix file corruption and data loss after cloning
551 inline extents").
552
553 So fix this by truncating the compressed inline extents as we do for the
554 non-compressed case, which involves decompressing, if the data isn't already
555 in the page cache, compressing the truncated version of the extent, writing
556 the compressed content into the inline extent and then truncate it.
557
558 The following test case for fstests reproduces the problem. In order for
559 the test to pass both this fix and my previous fix for the clone ioctl
560 that forbids cloning a smaller inline extent into a larger one,
561 which is titled "Btrfs: fix file corruption and data loss after cloning
562 inline extents", are needed. Without that other fix the test fails in a
563 different way that does not leak the truncated data, instead part of
564 destination file gets replaced with zeroes (because the destination file
565 has a larger inline extent than the source).
566
567 seq=`basename $0`
568 seqres=$RESULT_DIR/$seq
569 echo "QA output created by $seq"
570 tmp=/tmp/$$
571 status=1 # failure is the default!
572 trap "_cleanup; exit \$status" 0 1 2 3 15
573
574 _cleanup()
575 {
576 rm -f $tmp.*
577 }
578
579 # get standard environment, filters and checks
580 . ./common/rc
581 . ./common/filter
582
583 # real QA test starts here
584 _need_to_be_root
585 _supported_fs btrfs
586 _supported_os Linux
587 _require_scratch
588 _require_cloner
589
590 rm -f $seqres.full
591
592 _scratch_mkfs >>$seqres.full 2>&1
593 _scratch_mount "-o compress"
594
595 # Create our test files. File foo is going to be the source of a clone operation
596 # and consists of a single inline extent with an uncompressed size of 512 bytes,
597 # while file bar consists of a single inline extent with an uncompressed size of
598 # 256 bytes. For our test's purpose, it's important that file bar has an inline
599 # extent with a size smaller than foo's inline extent.
600 $XFS_IO_PROG -f -c "pwrite -S 0xa1 0 128" \
601 -c "pwrite -S 0x2a 128 384" \
602 $SCRATCH_MNT/foo | _filter_xfs_io
603 $XFS_IO_PROG -f -c "pwrite -S 0xbb 0 256" $SCRATCH_MNT/bar | _filter_xfs_io
604
605 # Now durably persist all metadata and data. We do this to make sure that we get
606 # on disk an inline extent with a size of 512 bytes for file foo.
607 sync
608
609 # Now truncate our file foo to a smaller size. Because it consists of a
610 # compressed and inline extent, btrfs did not shrink the inline extent to the
611 # new size (if the extent was not compressed, btrfs would shrink it to 128
612 # bytes), it only updates the inode's i_size to 128 bytes.
613 $XFS_IO_PROG -c "truncate 128" $SCRATCH_MNT/foo
614
615 # Now clone foo's inline extent into bar.
616 # This clone operation should fail with errno EOPNOTSUPP because the source
617 # file consists only of an inline extent and the file's size is smaller than
618 # the inline extent of the destination (128 bytes < 256 bytes). However the
619 # clone ioctl was not prepared to deal with a file that has a size smaller
620 # than the size of its inline extent (something that happens only for compressed
621 # inline extents), resulting in copying the full inline extent from the source
622 # file into the destination file.
623 #
624 # Note that btrfs' clone operation for inline extents consists of removing the
625 # inline extent from the destination inode and copy the inline extent from the
626 # source inode into the destination inode, meaning that if the destination
627 # inode's inline extent is larger (N bytes) than the source inode's inline
628 # extent (M bytes), some bytes (N - M bytes) will be lost from the destination
629 # file. Btrfs could copy the source inline extent's data into the destination's
630 # inline extent so that we would not lose any data, but that's currently not
631 # done due to the complexity that would be needed to deal with such cases
632 # (specially when one or both extents are compressed), returning EOPNOTSUPP, as
633 # it's normally not a very common case to clone very small files (only case
634 # where we get inline extents) and copying inline extents does not save any
635 # space (unlike for normal, non-inlined extents).
636 $CLONER_PROG -s 0 -d 0 -l 0 $SCRATCH_MNT/foo $SCRATCH_MNT/bar
637
638 # Now because the above clone operation used to succeed, and due to foo's inline
639 # extent not being shinked by the truncate operation, our file bar got the whole
640 # inline extent copied from foo, making us lose the last 128 bytes from bar
641 # which got replaced by the bytes in range [128, 256[ from foo before foo was
642 # truncated - in other words, data loss from bar and being able to read old and
643 # stale data from foo that should not be possible to read anymore through normal
644 # filesystem operations. Contrast with the case where we truncate a file from a
645 # size N to a smaller size M, truncate it back to size N and then read the range
646 # [M, N[, we should always get the value 0x00 for all the bytes in that range.
647
648 # We expected the clone operation to fail with errno EOPNOTSUPP and therefore
649 # not modify our file's bar data/metadata. So its content should be 256 bytes
650 # long with all bytes having the value 0xbb.
651 #
652 # Without the btrfs bug fix, the clone operation succeeded and resulted in
653 # leaking truncated data from foo, the bytes that belonged to its range
654 # [128, 256[, and losing data from bar in that same range. So reading the
655 # file gave us the following content:
656 #
657 # 0000000 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1
658 # *
659 # 0000200 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a
660 # *
661 # 0000400
662 echo "File bar's content after the clone operation:"
663 od -t x1 $SCRATCH_MNT/bar
664
665 # Also because the foo's inline extent was not shrunk by the truncate
666 # operation, btrfs' fsck, which is run by the fstests framework everytime a
667 # test completes, failed reporting the following error:
668 #
669 # root 5 inode 257 errors 400, nbytes wrong
670
671 status=0
672 exit
673
674 Cc: stable@vger.kernel.org
675 Signed-off-by: Filipe Manana <fdmanana@suse.com>
676
677 fs/btrfs/inode.c | 82 ++++++++++++++++++++++++++++++++++++++++++++---------
678 1 files changed, 68 insertions(+), 14 deletions(-)
679
680commit fe6936fd0f41ee2dccce47f5642251649a54e4d4
681Author: Christoph Biedl <linux-kernel.bfrz@manchmal.in-ulm.de>
682Date: Wed Nov 25 07:47:40 2015 +0100
683
684 isdn: Partially revert debug format string usage clean up
685
686 Commit 35a4a57 ("isdn: clean up debug format string usage") introduced
687 a safeguard to avoid accidential format string interpolation of data
688 when calling debugl1 or HiSax_putstatus. This did however not take into
689 account VHiSax_putstatus (called by HiSax_putstatus) does *not* call
690 vsprintf if the head parameter is NULL - the format string is treated
691 as plain text then instead. As a result, the string "%s" is processed
692 literally, and the actual information is lost. This affects the isdnlog
693 userspace program which stopped logging information since that commit.
694
695 So revert the HiSax_putstatus invocations to the previous state.
696
697 Fixes: 35a4a5733b0a ("isdn: clean up debug format string usage")
698 Cc: Kees Cook <keescook@chromium.org>
699 Cc: Karsten Keil <isdn@linux-pingi.de>
700 Signed-off-by: Christoph Biedl <linux-kernel.bfrz@manchmal.in-ulm.de>
701 Signed-off-by: David S. Miller <davem@davemloft.net>
702
703 drivers/isdn/hisax/config.c | 2 +-
704 drivers/isdn/hisax/hfc_pci.c | 2 +-
705 drivers/isdn/hisax/hfc_sx.c | 2 +-
706 drivers/isdn/hisax/q931.c | 6 +++---
707 4 files changed, 6 insertions(+), 6 deletions(-)
708
709commit 574035e44b3d49a71f1c0737b7b49bf60ddf0ce7
710Author: Brad Spengler <spender@grsecurity.net>
711Date: Wed Nov 25 20:24:52 2015 -0500
712
713 future-proof the code against users of VM_NO_GUARD, mark KASAN as an incompatibility with KSTACKOVERFLOW
714
715 lib/Kconfig.kasan | 2 +-
716 mm/vmalloc.c | 2 ++
717 2 files changed, 3 insertions(+), 1 deletions(-)
718
719commit 8a355f2c56ecd40ada14fd16717105ea9a9ac0b5
720Author: Al Viro <viro@zeniv.linux.org.uk>
721Date: Mon Nov 23 21:11:08 2015 -0500
722
723 fix sysvfs symlinks
724
725 The thing got broken back in 2002 - sysvfs does *not* have inline
726 symlinks; even short ones have bodies stored in the first block
727 of file. sysv_symlink() handles that correctly; unfortunately,
728 attempting to look an existing symlink up will end up confusing
729 them for inline symlinks, and interpret the block number containing
730 the body as the body itself.
731
732 Nobody has noticed until now, which says something about the level
733 of testing sysvfs gets ;-/
734
735 Cc: stable@vger.kernel.org # all of them, not that anyone cared
736 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
737
738 fs/sysv/inode.c | 11 ++---------
739 1 files changed, 2 insertions(+), 9 deletions(-)
740
741commit 195f1b816ff4cdcc8defc2dc0424cf25a0d937fb
742Author: Jan Kara <jack@suse.cz>
743Date: Mon Nov 23 13:09:50 2015 +0100
744
745 vfs: Make sendfile(2) killable even better
746
747 Commit 296291cdd162 (mm: make sendfile(2) killable) fixed an issue where
748 sendfile(2) was doing a lot of tiny writes into a filesystem and thus
749 was unkillable for a long time. However sendfile(2) can be (mis)used to
750 issue lots of writes into arbitrary file descriptor such as evenfd or
751 similar special file descriptors which never hit the standard filesystem
752 write path and thus are still unkillable. E.g. the following example
753 from Dmitry burns CPU for ~16s on my test system without possibility to
754 be killed:
755
756 int r1 = eventfd(0, 0);
757 int r2 = memfd_create("", 0);
758 unsigned long n = 1<<30;
759 fallocate(r2, 0, 0, n);
760 sendfile(r1, r2, 0, n);
761
762 There are actually quite a few tests for pending signals in sendfile
763 code however we data to write is always available none of them seems to
764 trigger. So fix the problem by adding a test for pending signal into
765 splice_from_pipe_next() also before the loop waiting for pipe buffers to
766 be available. This should fix all the lockup issues with sendfile of the
767 do-ton-of-tiny-writes nature.
768
769 CC: stable@vger.kernel.org
770 Reported-by: Dmitry Vyukov <dvyukov@google.com>
771 Signed-off-by: Jan Kara <jack@suse.cz>
772 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
773
774 fs/splice.c | 7 +++++++
775 1 files changed, 7 insertions(+), 0 deletions(-)
776
777commit 92470552efa5a49718308238c7da9ba2579a1147
778Author: Jan Kara <jack@suse.cz>
779Date: Mon Nov 23 13:09:51 2015 +0100
780
781 vfs: Avoid softlockups with sendfile(2)
782
783 The following test program from Dmitry can cause softlockups or RCU
784 stalls as it copies 1GB from tmpfs into eventfd and we don't have any
785 scheduling point at that path in sendfile(2) implementation:
786
787 int r1 = eventfd(0, 0);
788 int r2 = memfd_create("", 0);
789 unsigned long n = 1<<30;
790 fallocate(r2, 0, 0, n);
791 sendfile(r1, r2, 0, n);
792
793 Add cond_resched() into __splice_from_pipe() to fix the problem.
794
795 CC: Dmitry Vyukov <dvyukov@google.com>
796 CC: stable@vger.kernel.org
797 Signed-off-by: Jan Kara <jack@suse.cz>
798 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
799
800 fs/splice.c | 1 +
801 1 files changed, 1 insertions(+), 0 deletions(-)
802
803commit 28ab97eb348dca6653eccb40d012103786d03ae6
804Author: Eric Dumazet <edumazet@google.com>
805Date: Tue Nov 24 11:39:54 2015 -0800
806
807 pidns: fix NULL dereference in __task_pid_nr_ns()
808
809 I got a crash during a "perf top" session that was caused by a race in
810 __task_pid_nr_ns() :
811
812 pid_nr_ns() was inlined, but apparently compiler chose to read
813 task->pids[type].pid twice, and the pid->level dereference crashed
814 because we got a NULL pointer at the second read :
815
816 if (pid && ns->level <= pid->level) { // CRASH
817
818 Just use RCU API properly to solve this race, and not worry about "perf
819 top" crashing hosts :(
820
821 get_task_pid() can benefit from same fix.
822
823 Signed-off-by: Eric Dumazet <edumazet@google.com>
824 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
825
826 kernel/pid.c | 4 ++--
827 1 files changed, 2 insertions(+), 2 deletions(-)
828
347ea7b0
PK		 829commit 2545f7485c4676c52855750b992d8c1921e559c4
830Merge: 93a41eb 83df348
831Author: Brad Spengler <spender@grsecurity.net>
832Date: Mon Nov 23 20:30:33 2015 -0500
833
834 Merge branch 'pax-test' into grsec-test
835
836commit 83df3482b33ef4d8192a253a6852e9a9db1f7dca
837Author: Brad Spengler <spender@grsecurity.net>
838Date: Mon Nov 23 20:30:16 2015 -0500
839
840 Update to pax-linux-4.2.6-test23.patch:
841 - fixed gcc-common.h regression under gcc-5, reported by Arnaud and coldhak
842 - fixed ath10k compile error with the size overflow plugin, reported by victor and careta (https://forums.grsecurity.net/viewtopic.php?t=4323)
843
844 drivers/net/wireless/ath/ath10k/ce.c | 4 ++--
845 tools/gcc/gcc-common.h | 13 ++++++-------
846 2 files changed, 8 insertions(+), 9 deletions(-)
847
848commit 93a41eb6e3a7ab9446658b6d2ec4623014b55232
849Author: Brad Spengler <spender@grsecurity.net>
850Date: Sun Nov 22 17:14:38 2015 -0500
851
852 update gcc-common.h
853
854 tools/gcc/gcc-common.h | 13 ++++++-------
855 1 files changed, 6 insertions(+), 7 deletions(-)
856
857commit 7da11be9f025bd8193f03f9b32697bc1ce8ac650
858Author: Andrew Cooper <andrew.cooper3@citrix.com>
859Date: Wed Jun 3 10:31:14 2015 +0100
860
861 x86/cpu: Fix SMAP check in PVOPS environments
862
863 There appears to be no formal statement of what pv_irq_ops.save_fl() is
864 supposed to return precisely. Native returns the full flags, while lguest and
865 Xen only return the Interrupt Flag, and both have comments by the
866 implementations stating that only the Interrupt Flag is looked at. This may
867 have been true when initially implemented, but no longer is.
868
869 To make matters worse, the Xen PVOP leaves the upper bits undefined, making
870 the BUG_ON() undefined behaviour. Experimentally, this now trips for 32bit PV
871 guests on Broadwell hardware. The BUG_ON() is consistent for an individual
872 build, but not consistent for all builds. It has also been a sitting timebomb
873 since SMAP support was introduced.
874
875 Use native_save_fl() instead, which will obtain an accurate view of the AC
876 flag.
877
878 Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
879 Reviewed-by: David Vrabel <david.vrabel@citrix.com>
880 Tested-by: Rusty Russell <rusty@rustcorp.com.au>
881 Cc: Rusty Russell <rusty@rustcorp.com.au>
882 Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
883 Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
884 Cc: <lguest@lists.ozlabs.org>
885 Cc: Xen-devel <xen-devel@lists.xen.org>
886 CC: stable@vger.kernel.org
887 Link: http://lkml.kernel.org/r/1433323874-6927-1-git-send-email-andrew.cooper3@citrix.com
888 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
889
890 arch/x86/kernel/cpu/common.c | 3 +--
891 1 files changed, 1 insertions(+), 2 deletions(-)
892
893commit 08ce34cf092b9f1b5311f156df4182a282bf7acc
894Author: Dave Hansen <dave.hansen@linux.intel.com>
895Date: Wed Nov 11 10:19:31 2015 -0800
896
897 x86/mpx: Do proper get_user() when running 32-bit binaries on 64-bit kernels
898
899 When you call get_user(foo, bar), you effectively do a
900
901 copy_from_user(&foo, bar, sizeof(*bar));
902
903 Note that the sizeof() is implicit.
904
905 When we reach out to userspace to try to zap an entire "bounds
906 table" we need to go read a "bounds directory entry" in order to
907 locate the table's address. The size of a "directory entry"
908 depends on the binary being run and is always the size of a
909 pointer.
910
911 But, when we have a 64-bit kernel and a 32-bit application, the
912 directory entry is still only 32-bits long, but we fetch it with
913 a 64-bit pointer which makes get_user() does a 64-bit fetch.
914 Reading 4 extra bytes isn't harmful, unless we are at the end of
915 and run off the table. It might also cause the zero page to get
916 faulted in unnecessarily even if you are not at the end.
917
918 Fix it up by doing a special 32-bit get_user() via a cast when
919 we have 32-bit userspace.
920
921 Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
922 Cc: <stable@vger.kernel.org>
923 Cc: Andy Lutomirski <luto@amacapital.net>
924 Cc: Borislav Petkov <bp@alien8.de>
925 Cc: Brian Gerst <brgerst@gmail.com>
926 Cc: Dave Hansen <dave@sr71.net>
927 Cc: Denys Vlasenko <dvlasenk@redhat.com>
928 Cc: H. Peter Anvin <hpa@zytor.com>
929 Cc: Linus Torvalds <torvalds@linux-foundation.org>
930 Cc: Peter Zijlstra <peterz@infradead.org>
931 Cc: Thomas Gleixner <tglx@linutronix.de>
932 Link: http://lkml.kernel.org/r/20151111181931.3ACF6822@viggo.jf.intel.com
933 Signed-off-by: Ingo Molnar <mingo@kernel.org>
934
935 arch/x86/mm/mpx.c | 25 ++++++++++++++++++++++++-
936 1 files changed, 24 insertions(+), 1 deletions(-)
937
938commit 9e1e1d1d6f6f41b13a6e85f25e27aee4410f58bf
939Author: Dave Hansen <dave.hansen@linux.intel.com>
940Date: Wed Nov 11 10:19:34 2015 -0800
941
942 x86/mpx: Fix 32-bit address space calculation
943
944 I received a bug report that running 32-bit MPX binaries on
945 64-bit kernels was broken. I traced it down to this little code
946 snippet. We were switching our "number of bounds directory
947 entries" calculation correctly. But, we didn't switch the other
948 side of the calculation: the virtual space size.
949
950 This meant that we were calculating an absurd size for
951 bd_entry_virt_space() on 32-bit because we used the 64-bit
952 virt_space.
953
954 This was _also_ broken for 32-bit kernels running on 64-bit
955 hardware since boot_cpu_data.x86_virt_bits=48 even when running
956 in 32-bit mode.
957
958 Correct that and properly handle all 3 possible cases:
959
960 1. 32-bit binary on 64-bit kernel
961 2. 64-bit binary on 64-bit kernel
962 3. 32-bit binary on 32-bit kernel
963
964 This manifested in having bounds tables not properly unmapped.
965 It "leaked" memory but had no functional impact otherwise.
966
967 Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
968 Cc: <stable@vger.kernel.org>
969 Cc: Andy Lutomirski <luto@amacapital.net>
970 Cc: Borislav Petkov <bp@alien8.de>
971 Cc: Brian Gerst <brgerst@gmail.com>
972 Cc: Dave Hansen <dave@sr71.net>
973 Cc: Denys Vlasenko <dvlasenk@redhat.com>
974 Cc: H. Peter Anvin <hpa@zytor.com>
975 Cc: Linus Torvalds <torvalds@linux-foundation.org>
976 Cc: Peter Zijlstra <peterz@infradead.org>
977 Cc: Thomas Gleixner <tglx@linutronix.de>
978 Link: http://lkml.kernel.org/r/20151111181934.FA7FAC34@viggo.jf.intel.com
979 Signed-off-by: Ingo Molnar <mingo@kernel.org>
980
981 arch/x86/mm/mpx.c | 22 +++++++++++++++++-----
982 1 files changed, 17 insertions(+), 5 deletions(-)
983
984commit c197eee75054d90aafe695c0edb4f25feb469292
985Author: Huaitong Han <huaitong.han@intel.com>
986Date: Fri Nov 6 17:00:23 2015 +0800
987
988 x86/fpu: Fix get_xsave_addr() behavior under virtualization
989
990 KVM uses the get_xsave_addr() function in a different fashion from
991 the native kernel, in that the 'xsave' parameter belongs to guest vcpu,
992 not the currently running task.
993
994 But 'xsave' is replaced with current task's (host) xsave structure, so
995 get_xsave_addr() will incorrectly return the bad xsave address to KVM.
996
997 Fix it so that the passed in 'xsave' address is used - as intended
998 originally.
999
1000 Signed-off-by: Huaitong Han <huaitong.han@intel.com>
1001 Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
1002 Cc: <stable@vger.kernel.org>
1003 Cc: Andy Lutomirski <luto@amacapital.net>
1004 Cc: Paolo Bonzini <pbonzini@redhat.com>
1005 Cc: Borislav Petkov <bp@alien8.de>
1006 Cc: Fenghua Yu <fenghua.yu@intel.com>
1007 Cc: H. Peter Anvin <hpa@zytor.com>
1008 Cc: Linus Torvalds <torvalds@linux-foundation.org>
1009 Cc: Oleg Nesterov <oleg@redhat.com>
1010 Cc: Peter Zijlstra <peterz@infradead.org>
1011 Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com>
1012 Cc: Thomas Gleixner <tglx@linutronix.de>
1013 Cc: dave.hansen@intel.com
1014 Link: http://lkml.kernel.org/r/1446800423-21622-1-git-send-email-huaitong.han@intel.com
1015 [ Tidied up the changelog. ]
1016 Signed-off-by: Ingo Molnar <mingo@kernel.org>
1017
1018 Conflicts:
1019
1020 arch/x86/kernel/fpu/xstate.c
1021
1022 arch/x86/kernel/fpu/xstate.c | 1 -
1023 1 files changed, 0 insertions(+), 1 deletions(-)
1024
1025commit 460cdd8a9a19731ce27333866943eed81cba1d96
1026Author: Dave Hansen <dave.hansen@linux.intel.com>
1027Date: Tue Nov 10 16:23:54 2015 -0800
1028
1029 x86/fpu: Fix 32-bit signal frame handling
1030
1031 (This should have gone to LKML originally. Sorry for the extra
1032 noise, folks on the cc.)
1033
1034 Background:
1035
1036 Signal frames on x86 have two formats:
1037
1038 1. For 32-bit executables (whether on a real 32-bit kernel or
1039 under 32-bit emulation on a 64-bit kernel) we have a
1040 'fpregset_t' that includes the "FSAVE" registers.
1041
1042 2. For 64-bit executables (on 64-bit kernels obviously), the
1043 'fpregset_t' is smaller and does not contain the "FSAVE"
1044 state.
1045
1046 When creating the signal frame, we have to be aware of whether
1047 we are running a 32 or 64-bit executable so we create the
1048 correct format signal frame.
1049
1050 Problem:
1051
1052 save_xstate_epilog() uses 'fx_sw_reserved_ia32' whenever it is
1053 called for a 32-bit executable. This is for real 32-bit and
1054 ia32 emulation.
1055
1056 But, fpu__init_prepare_fx_sw_frame() only initializes
1057 'fx_sw_reserved_ia32' when emulation is enabled, *NOT* for real
1058 32-bit kernels.
1059
1060 This leads to really wierd situations where 32-bit programs
1061 lose their extended state when returning from a signal handler.
1062 The kernel copies the uninitialized (zero) 'fx_sw_reserved_ia32'
1063 out to userspace in save_xstate_epilog(). But when returning
1064 from the signal, the kernel errors out in check_for_xstate()
1065 when it does not see FP_XSTATE_MAGIC1 present (because it was
1066 zeroed). This leads to the FPU/XSAVE state being initialized.
1067
1068 For MPX, this leads to the most permissive state and means we
1069 silently lose bounds violations. I think this would also mean
1070 that we could lose *ANY* FPU/SSE/AVX state. I'm not sure why
1071 no one has spotted this bug.
1072
1073 I believe this was broken by:
1074
1075 72a671ced66d ("x86, fpu: Unify signal handling code paths for x86 and x86_64 kernels")
1076
1077 way back in 2012.
1078
1079 Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
1080 Cc: <stable@vger.kernel.org>
1081 Cc: Andy Lutomirski <luto@amacapital.net>
1082 Cc: Borislav Petkov <bp@alien8.de>
1083 Cc: Brian Gerst <brgerst@gmail.com>
1084 Cc: Denys Vlasenko <dvlasenk@redhat.com>
1085 Cc: H. Peter Anvin <hpa@zytor.com>
1086 Cc: Linus Torvalds <torvalds@linux-foundation.org>
1087 Cc: Peter Zijlstra <peterz@infradead.org>
1088 Cc: Thomas Gleixner <tglx@linutronix.de>
1089 Cc: dave@sr71.net
1090 Cc: fenghua.yu@intel.com
1091 Cc: yu-cheng.yu@intel.com
1092 Link: http://lkml.kernel.org/r/20151111002354.A0799571@viggo.jf.intel.com
1093 Signed-off-by: Ingo Molnar <mingo@kernel.org>
1094
1095 arch/x86/kernel/fpu/signal.c | 11 +++++------
1096 1 files changed, 5 insertions(+), 6 deletions(-)
1097
a375b63a
PK		 1098commit c3f2cc8921a08fff1fbad9127dd7a30c4a953e88
1099Author: Brad Spengler <spender@grsecurity.net>
1100Date: Sat Nov 21 18:36:58 2015 -0500
1101
1102 Fix gcc 5.x compilation, reported by Arnaud and coldhak
1103
1104 tools/gcc/gcc-common.h | 2 +-
1105 1 files changed, 1 insertions(+), 1 deletions(-)
1106
d53f4099
PK		 1107commit f0ea1bc982c60c1c39d0f95d9f3db0ec799387ca
1108Merge: 3929e88 c692401
1109Author: Brad Spengler <spender@grsecurity.net>
1110Date: Sat Nov 21 15:41:38 2015 -0500
1111
1112 Merge branch 'pax-test' into grsec-test
1113
1114commit c69240179ca6ff101670f4859bb0e9a9deb85359
1115Author: Brad Spengler <spender@grsecurity.net>
1116Date: Sat Nov 21 15:41:06 2015 -0500
1117
1118 Update to pax-linux-4.2.6-test22.patch:
1119 - made the previous READ_ONCE/WRITE_ONCE fix compatible with gcc PR 58145
1120
1121 include/linux/compiler.h | 11 +++++++----
1122 1 files changed, 7 insertions(+), 4 deletions(-)
1123
1124commit 3929e882e451b177af1a615858f0a96a7cd734b1
1125Author: Brad Spengler <spender@grsecurity.net>
1126Date: Sat Nov 21 13:14:25 2015 -0500
1127
1128 remove disable_kill option entirely for the final 4.2 release
1129
1130 fs/exec.c | 11 -----------
1131 security/Kconfig | 5 -----
1132 2 files changed, 0 insertions(+), 16 deletions(-)
1133
1134commit 91633d0eebc41553ea77b5fa7559aa806a60008c
1135Author: Brad Spengler <spender@grsecurity.net>
1136Date: Sat Nov 21 07:38:10 2015 -0500
1137
1138 compile fix
1139
1140 net/unix/af_unix.c | 1 +
1141 1 files changed, 1 insertions(+), 0 deletions(-)
1142
1143commit 0afc2f69e7f948995522f6e1dbb957ed84abd9b9
1144Author: Brad Spengler <spender@grsecurity.net>
1145Date: Sat Nov 21 07:14:43 2015 -0500
1146
1147 Revert previous AF_UNIX fix:
1148 http://www.spinics.net/lists/netdev/msg318826.html
1149 and apply new one by Jason Baron:
1150 https://lkml.org/lkml/2015/9/29/825
1151
1152 include/net/af_unix.h | 1 +
1153 net/unix/af_unix.c | 36 ++++++++++++++++++++++++++++++------
1154 2 files changed, 31 insertions(+), 6 deletions(-)
1155
1156commit 0a3eec2b3d110042af4e0a9f1e87458262fce1eb
1157Merge: 917a60c 8fd74af
1158Author: Brad Spengler <spender@grsecurity.net>
1159Date: Sat Nov 21 06:50:33 2015 -0500
1160
1161 Merge branch 'pax-test' into grsec-test
1162
1163commit 8fd74afe08ee45516a9daf2593f31c176516cb55
1164Author: Brad Spengler <spender@grsecurity.net>
1165Date: Sat Nov 21 06:49:57 2015 -0500
1166
1167 Update to pax-linux-4.2.6-test21.patch:
1168 - fixed a size overflow plugin bug that could cause a compiler error
1169 - Emese fixed a size overflow false positive in xfrm4_mode_tunnel_input, reported by Arnaud <arnaud@drno.eu>
1170 - updated gcc-common.h to support gcc-6
1171 - fixed some undefined behaviour in READ_ONCE/WRITE_ONCE
1172
1173 include/linux/compiler.h | 38 +++----------------
1174 tools/gcc/gcc-common.h | 39 ++++++++++++++++----
1175 tools/gcc/initify_plugin.c | 4 +-
1176 .../disable_size_overflow_hash.data | 7 +++-
1177 .../size_overflow_plugin/intentional_overflow.c | 2 +-
1178 .../size_overflow_plugin/size_overflow_hash.data | 9 +----
1179 .../size_overflow_plugin/size_overflow_transform.c | 4 +-
1180 7 files changed, 50 insertions(+), 53 deletions(-)
1181
6e783cc3
PK		 1182commit 917a60c749d80121229a1752874ff8a606778fc5
1183Merge: 76fc822 77d474f
1184Author: Brad Spengler <spender@grsecurity.net>
1185Date: Wed Nov 18 19:58:31 2015 -0500
1186
1187 Merge branch 'pax-test' into grsec-test
1188
1189commit 77d474f0bcb2e5acafc78c66c456d1aebaac14b3
1190Author: Brad Spengler <spender@grsecurity.net>
1191Date: Wed Nov 18 19:58:08 2015 -0500
1192
1193 Update to pax-linux-4.2.6-test20.patch:
1194 - constified some vdso/vsyscall related code/data
1195
1196 arch/x86/entry/vdso/vdso2c.h | 4 ++--
1197 arch/x86/entry/vsyscall/vsyscall_emu_64.S | 2 +-
1198 arch/x86/mm/ioremap.c | 2 +-
1199 mm/debug.c | 3 +++
1200 4 files changed, 7 insertions(+), 4 deletions(-)
1201
1202commit 76fc8223b2e6b6c950702adfdb055dd5da90657c
1203Author: Brad Spengler <spender@grsecurity.net>
1204Date: Wed Nov 18 17:40:27 2015 -0500
1205
1206 Allow processes with CAP_SYS_PTRACE to ignore /proc/pid restrictions,
1207 as reported by Andrew
1208
1209 fs/proc/base.c | 2 +-
1210 1 files changed, 1 insertions(+), 1 deletions(-)
1211
fb116cbb
PK		 1212commit 708c2e025f8a05b76f319cfa5fa624d37d8ef6f3
1213Author: Brad Spengler <spender@grsecurity.net>
1214Date: Tue Nov 17 18:43:24 2015 -0500
1215
1216 Fix multiple character encodings in patch, reported by IooNag on the forums
1217
1218 grsecurity/Makefile | 2 +-
1219 net/netfilter/xt_gradm.c | 2 +-
1220 2 files changed, 2 insertions(+), 2 deletions(-)
1221
1222commit d1f7534df8687fd05858fd45805b1185eafe38a7
1223Author: Hannes Frederic Sowa <hannes@stressinduktion.org>
1224Date: Tue Nov 17 15:10:59 2015 +0100
1225
1226 af_unix: take receive queue lock while appending new skb
1227
1228 While possibly in future we don't necessarily need to use
1229 sk_buff_head.lock this is a rather larger change, as it affects the
1230 af_unix fd garbage collector, diag and socket cleanups. This is too much
1231 for a stable patch.
1232
1233 For the time being grab sk_buff_head.lock without disabling bh and irqs,
1234 so don't use locked skb_queue_tail.
1235
1236 Fixes: 869e7c62486e ("net: af_unix: implement stream sendpage support")
1237 Cc: Eric Dumazet <edumazet@google.com>
1238 Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
1239 Reported-by: Eric Dumazet <edumazet@google.com>
1240 Acked-by: Eric Dumazet <edumazet@google.com>
1241 Signed-off-by: David S. Miller <davem@davemloft.net>
1242
1243 net/unix/af_unix.c | 5 ++++-
1244 1 files changed, 4 insertions(+), 1 deletions(-)
1245
1246commit 0df914e7a66a4807bac7762ab33ba3020944ef6b
1247Author: Hannes Frederic Sowa <hannes@stressinduktion.org>
1248Date: Mon Nov 16 16:25:56 2015 +0100
1249
1250 af_unix: don't append consumed skbs to sk_receive_queue
1251
1252 In case multiple writes to a unix stream socket race we could end up in a
1253 situation where we pre-allocate a new skb for use in unix_stream_sendpage
1254 but have to free it again in the locked section because another skb
1255 has been appended meanwhile, which we must use. Accidentally we didn't
1256 clear the pointer after consuming it and so we touched freed memory
1257 while appending it to the sk_receive_queue. So, clear the pointer after
1258 consuming the skb.
1259
1260 This bug has been found with syzkaller
1261 (http://github.com/google/syzkaller) by Dmitry Vyukov.
1262
1263 Fixes: 869e7c62486e ("net: af_unix: implement stream sendpage support")
1264 Reported-by: Dmitry Vyukov <dvyukov@google.com>
1265 Cc: Dmitry Vyukov <dvyukov@google.com>
1266 Cc: Eric Dumazet <eric.dumazet@gmail.com>
1267 Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
1268 Acked-by: Eric Dumazet <edumazet@google.com>
1269 Signed-off-by: David S. Miller <davem@davemloft.net>
1270
1271 net/unix/af_unix.c | 1 +
1272 1 files changed, 1 insertions(+), 0 deletions(-)
1273
1274commit ac8466abcd0ae871cd38d868e1a4e903b92ffc48
1275Author: Jason A. Donenfeld <Jason@zx2c4.com>
1276Date: Thu Nov 12 17:35:58 2015 +0100
1277
1278 ip_tunnel: disable preemption when updating per-cpu tstats
1279
1280 Drivers like vxlan use the recently introduced
1281 udp_tunnel_xmit_skb/udp_tunnel6_xmit_skb APIs. udp_tunnel6_xmit_skb
1282 makes use of ip6tunnel_xmit, and ip6tunnel_xmit, after sending the
1283 packet, updates the struct stats using the usual
1284 u64_stats_update_begin/end calls on this_cpu_ptr(dev->tstats).
1285 udp_tunnel_xmit_skb makes use of iptunnel_xmit, which doesn't touch
1286 tstats, so drivers like vxlan, immediately after, call
1287 iptunnel_xmit_stats, which does the same thing - calls
1288 u64_stats_update_begin/end on this_cpu_ptr(dev->tstats).
1289
1290 While vxlan is probably fine (I don't know?), calling a similar function
1291 from, say, an unbound workqueue, on a fully preemptable kernel causes
1292 real issues:
1293
1294 [ 188.434537] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u8:0/6
1295 [ 188.435579] caller is debug_smp_processor_id+0x17/0x20
1296 [ 188.435583] CPU: 0 PID: 6 Comm: kworker/u8:0 Not tainted 4.2.6 #2
1297 [ 188.435607] Call Trace:
1298 [ 188.435611] [<ffffffff8234e936>] dump_stack+0x4f/0x7b
1299 [ 188.435615] [<ffffffff81915f3d>] check_preemption_disabled+0x19d/0x1c0
1300 [ 188.435619] [<ffffffff81915f77>] debug_smp_processor_id+0x17/0x20
1301
1302 The solution would be to protect the whole
1303 this_cpu_ptr(dev->tstats)/u64_stats_update_begin/end blocks with
1304 disabling preemption and then reenabling it.
1305
1306 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
1307 Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
1308 Signed-off-by: David S. Miller <davem@davemloft.net>
1309
1310 include/net/ip6_tunnel.h | 3 ++-
1311 include/net/ip_tunnels.h | 3 ++-
1312 2 files changed, 4 insertions(+), 2 deletions(-)
1313
1314commit 44665148f06b73ea0c253a1a34d15689674d7421
1315Author: Mathias Krause <minipli@googlemail.com>
1316Date: Fri Nov 6 16:30:38 2015 -0800
1317
1318 printk: prevent userland from spoofing kernel messages
1319
1320 The following statement of ABI/testing/dev-kmsg is not quite right:
1321
1322 It is not possible to inject messages from userspace with the
1323 facility number LOG_KERN (0), to make sure that the origin of the
1324 messages can always be reliably determined.
1325
1326 Userland actually can inject messages with a facility of 0 by abusing the
1327 fact that the facility is stored in a u8 data type. By using a facility
1328 which is a multiple of 256 the assignment of msg->facility in log_store()
1329 implicitly truncates it to 0, i.e. LOG_KERN, allowing users of /dev/kmsg
1330 to spoof kernel messages as shown below:
1331
1332 The following call...
1333 # printf '<%d>Kernel panic - not syncing: beer empty\n' 0 >/dev/kmsg
1334 ...leads to the following log entry (dmesg -x | tail -n 1):
1335 user :emerg : [ 66.137758] Kernel panic - not syncing: beer empty
1336
1337 However, this call...
1338 # printf '<%d>Kernel panic - not syncing: beer empty\n' 0x800 >/dev/kmsg
1339 ...leads to the slightly different log entry (note the kernel facility):
1340 kern :emerg : [ 74.177343] Kernel panic - not syncing: beer empty
1341
1342 Fix that by limiting the user provided facility to 8 bit right from the
1343 beginning and catch the truncation early.
1344
1345 Fixes: 7ff9554bb578 ("printk: convert byte-buffer to variable-length...")
1346 Signed-off-by: Mathias Krause <minipli@googlemail.com>
1347 Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1348 Cc: Petr Mladek <pmladek@suse.cz>
1349 Cc: Alex Elder <elder@linaro.org>
1350 Cc: Joe Perches <joe@perches.com>
1351 Cc: Kay Sievers <kay@vrfy.org>
1352 Cc: <stable@vger.kernel.org>
1353 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
1354 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1355
1356 kernel/printk/printk.c | 13 ++++++++-----
1357 1 files changed, 8 insertions(+), 5 deletions(-)
1358
1359commit bef8fb168317597f02c00ab4075ff094dcdfd2c6
1360Author: Borislav Petkov <bp@suse.de>
1361Date: Thu Nov 5 16:57:56 2015 +0100
1362
1363 x86/cpu: Call verify_cpu() after having entered long mode too
1364
1365 When we get loaded by a 64-bit bootloader, kernel entry point is
1366 startup_64 in head_64.S. We don't trust any and all bootloaders because
1367 some will fiddle with CPU configuration so we go ahead and massage each
1368 CPU into sanity again.
1369
1370 For example, some dell BIOSes have this XD disable feature which set
1371 IA32_MISC_ENABLE[34] and disable NX. This might be some dumb workaround
1372 for other OSes but Linux sure doesn't need it.
1373
1374 A similar thing is present in the Surface 3 firmware - see
1375 https://bugzilla.kernel.org/show_bug.cgi?id=106051 - which sets this bit
1376 only on the BSP:
1377
1378 # rdmsr -a 0x1a0
1379 400850089
1380 850089
1381 850089
1382 850089
1383
1384 I know, right?!
1385
1386 There's not even an off switch in there.
1387
1388 So fix all those cases by sanitizing the 64-bit entry point too. For
1389 that, make verify_cpu() callable in 64-bit mode also.
1390
1391 Requested-and-debugged-by: "H. Peter Anvin" <hpa@zytor.com>
1392 Reported-and-tested-by: Bastien Nocera <bugzilla@hadess.net>
1393 Signed-off-by: Borislav Petkov <bp@suse.de>
1394 Cc: Matt Fleming <matt@codeblueprint.co.uk>
1395 Cc: Peter Zijlstra <peterz@infradead.org>
1396 Cc: stable@vger.kernel.org
1397 Link: http://lkml.kernel.org/r/1446739076-21303-1-git-send-email-bp@alien8.de
1398 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
1399
1400 Conflicts:
1401
1402 arch/x86/kernel/head_64.S
1403
1404 arch/x86/kernel/head_64.S | 9 +++++++++
1405 arch/x86/kernel/verify_cpu.S | 12 +++++++-----
1406 2 files changed, 16 insertions(+), 5 deletions(-)
1407
1408commit 9cb084208a9589a6a5be01d2b7df88843f4b01a4
1409Author: Hannes Frederic Sowa <hannes@stressinduktion.org>
1410Date: Tue Nov 10 16:23:15 2015 +0100
1411
1412 af-unix: fix use-after-free with concurrent readers while splicing
1413
1414 During splicing an af-unix socket to a pipe we have to drop all
1415 af-unix socket locks. While doing so we allow another reader to enter
1416 unix_stream_read_generic which can read, copy and finally free another
1417 skb. If exactly this skb is just in process of being spliced we get a
1418 use-after-free report by kasan.
1419
1420 First, we must make sure to not have a free while the skb is used during
1421 the splice operation. We simply increment its use counter before unlocking
1422 the reader lock.
1423
1424 Stream sockets have the nice characteristic that we don't care about
1425 zero length writes and they never reach the peer socket's queue. That
1426 said, we can take the UNIXCB.consumed field as the indicator if the
1427 skb was already freed from the socket's receive queue. If the skb was
1428 fully consumed after we locked the reader side again we know it has been
1429 dropped by a second reader. We indicate a short read to user space and
1430 abort the current splice operation.
1431
1432 This bug has been found with syzkaller
1433 (http://github.com/google/syzkaller) by Dmitry Vyukov.
1434
1435 Fixes: 2b514574f7e8 ("net: af_unix: implement splice for stream af_unix sockets")
1436 Reported-by: Dmitry Vyukov <dvyukov@google.com>
1437 Cc: Dmitry Vyukov <dvyukov@google.com>
1438 Cc: Eric Dumazet <eric.dumazet@gmail.com>
1439 Acked-by: Eric Dumazet <edumazet@google.com>
1440 Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
1441 Signed-off-by: David S. Miller <davem@davemloft.net>
1442
1443 net/unix/af_unix.c | 18 ++++++++++++++++++
1444 1 files changed, 18 insertions(+), 0 deletions(-)
1445
90cab73e
PK		 1446commit 4e75d2b7d6546add44f0951e78410b131a1e660d
1447Author: Brad Spengler <spender@grsecurity.net>
1448Date: Sat Nov 14 15:08:46 2015 -0500
1449
1450 switch the default for SIZE_OVERFLOW_KILL to n, later we'll remove
1451 the option entirely
1452 Distros should make sure their users report all overflows printed to the
1453 kernel logs so the underlying issues can be fixed
1454
1455 security/Kconfig | 2 +-
1456 1 files changed, 1 insertions(+), 1 deletions(-)
1457
1458commit 2e37eb35e0f1ba5a0feac5264a7b24d89376d0a2
1459Author: Brad Spengler <spender@grsecurity.net>
1460Date: Sat Nov 14 15:07:51 2015 -0500
1461
1462 Resync with PaX
1463
1464 fs/btrfs/inode.c | 12 ++++++++++++
1465 1 files changed, 12 insertions(+), 0 deletions(-)
1466
1467commit 2f63d2552f38c700902d17bf9b591d82f39a3fb5
1468Merge: 5e0ec21 823b1bc
1469Author: Brad Spengler <spender@grsecurity.net>
1470Date: Sat Nov 14 14:29:16 2015 -0500
1471
1472 Merge branch 'pax-test' into grsec-test
1473
1474commit 823b1bc5a8e670f7ddfa98ee0d83762bffab28fb
1475Author: Brad Spengler <spender@grsecurity.net>
1476Date: Sat Nov 14 14:28:35 2015 -0500
1477
1478 Update to pax-linux-4.2.6-test19.patch:
1479 - David Sterba updated the fix for one of the previous btrfs problems
1480 - Emese and Rasmus Villemoes <linux@rasmusvillemoes.dk> fixed a few bugs in the initify plugin
1481 - fixed debian package generation to support building out-of-tree modules with plugins, reported by Elie Roudninski <elie.roudninski@gmail.com>
1482
1483 fs/btrfs/delayed-inode.c | 3 +-
1484 fs/btrfs/delayed-inode.h | 2 +-
1485 fs/btrfs/inode.c | 2 +-
1486 scripts/package/builddeb | 2 +-
1487 tools/gcc/initify_plugin.c | 264 ++++++++++++++++++++++++++++++--------------
1488 5 files changed, 188 insertions(+), 85 deletions(-)
1489
76e55d26
PK		 1490commit 5e0ec21349bb3aeead0701ef51df3086ad377979
1491Author: Brad Spengler <spender@grsecurity.net>
1492Date: Thu Nov 12 19:54:21 2015 -0500
1493
1494 Revert https://patchwork.kernel.org/patch/7585611/ for now as it's been reported
1495 to cause userland hangs, similar to previous bugs seen in the past
1496
1497 fs/btrfs/inode.c | 12 ------------
1498 1 files changed, 0 insertions(+), 12 deletions(-)
1499
1500commit 65402b5a6125cc95c3223a0da8f2817e13bf18ec
1501Author: françois romieu <romieu@fr.zoreil.com>
1502Date: Wed Nov 11 23:35:18 2015 +0100
1503
1504 r8169: fix kasan reported skb use-after-free.
1505
1506 Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
1507 Reported-by: Dave Jones <davej@codemonkey.org.uk>
1508 Fixes: d7d2d89d4b0af ("r8169: Add software counter for multicast packages")
1509 Acked-by: Eric Dumazet <edumazet@google.com>
1510 Acked-by: Corinna Vinschen <vinschen@redhat.com>
1511 Signed-off-by: David S. Miller <davem@davemloft.net>
1512
1513 drivers/net/ethernet/realtek/r8169.c | 3 +++
1514 1 files changed, 3 insertions(+), 0 deletions(-)
1515
1516commit bbfcbb7b1e086062aa17358927e14e394830b8a3
1517Author: Anthony Lineham <anthony.lineham@alliedtelesis.co.nz>
1518Date: Thu Oct 22 11:17:03 2015 +1300
1519
1520 netfilter: Fix removal of GRE expectation entries created by PPTP
1521
1522 The uninitialized tuple structure caused incorrect hash calculation
1523 and the lookup failed.
1524
1525 Link: https://bugzilla.kernel.org/show_bug.cgi?id=106441
1526 Signed-off-by: Anthony Lineham <anthony.lineham@alliedtelesis.co.nz>
1527 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
1528
1529 net/ipv4/netfilter/nf_nat_pptp.c | 2 +-
1530 1 files changed, 1 insertions(+), 1 deletions(-)
1531
1532commit d7cb19f37a91603021e2bed6417766ecca315bd0
1533Author: Paolo Bonzini <pbonzini@redhat.com>
1534Date: Tue Nov 10 09:14:39 2015 +0100
1535
1536 KVM: svm: unconditionally intercept #DB
1537
1538 This is needed to avoid the possibility that the guest triggers
1539 an infinite stream of #DB exceptions (CVE-2015-8104).
1540
1541 VMX is not affected: because it does not save DR6 in the VMCS,
1542 it already intercepts #DB unconditionally.
1543
1544 Reported-by: Jan Beulich <jbeulich@suse.com>
1545 Cc: stable@vger.kernel.org
1546 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
1547
1548 arch/x86/kvm/svm.c | 14 +++-----------
1549 1 files changed, 3 insertions(+), 11 deletions(-)
1550
1551commit 5b241ac6551e1675e1cbbc4a74fa1c698ada28f4
1552Author: Eric Northup <digitaleric@google.com>
1553Date: Tue Nov 3 18:03:53 2015 +0100
1554
1555 KVM: x86: work around infinite loop in microcode when #AC is delivered
1556
1557 It was found that a guest can DoS a host by triggering an infinite
1558 stream of "alignment check" (#AC) exceptions. This causes the
1559 microcode to enter an infinite loop where the core never receives
1560 another interrupt. The host kernel panics pretty quickly due to the
1561 effects (CVE-2015-5307).
1562
1563 Signed-off-by: Eric Northup <digitaleric@google.com>
1564 Cc: stable@vger.kernel.org
1565 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
1566
1567 arch/x86/include/uapi/asm/svm.h | 1 +
1568 arch/x86/kvm/svm.c | 8 ++++++++
1569 arch/x86/kvm/vmx.c | 5 ++++-
1570 3 files changed, 13 insertions(+), 1 deletions(-)
1571
1572commit 6113725aaaf6626522b93732f29dd36370695a89
1573Author: Daniel Borkmann <daniel@iogearbox.net>
1574Date: Thu Nov 5 00:01:51 2015 +0100
1575
1576 debugfs: fix refcount imbalance in start_creating
1577
1578 In debugfs' start_creating(), we pin the file system to safely access
1579 its root. When we failed to create a file, we unpin the file system via
1580 failed_creating() to release the mount count and eventually the reference
1581 of the vfsmount.
1582
1583 However, when we run into an error during lookup_one_len() when still
1584 in start_creating(), we only release the parent's mutex but not so the
1585 reference on the mount. Looks like it was done in the past, but after
1586 splitting portions of __create_file() into start_creating() and
1587 end_creating() via 190afd81e4a5 ("debugfs: split the beginning and the
1588 end of __create_file() off"), this seemed missed. Noticed during code
1589 review.
1590
1591 Fixes: 190afd81e4a5 ("debugfs: split the beginning and the end of __create_file() off")
1592 Cc: stable@vger.kernel.org # v4.0+
1593 Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
1594 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
1595
1596 fs/debugfs/inode.c | 6 +++++-
1597 1 files changed, 5 insertions(+), 1 deletions(-)
1598
1599commit e91f8a6717837a8a64b6e86317a1373ec9cd6c04
1600Author: Maciej W. Rozycki <macro@imgtec.com>
1601Date: Mon Oct 26 15:48:19 2015 +0000
1602
1603 binfmt_elf: Don't clobber passed executable's file header
1604
1605 Do not clobber the buffer space passed from `search_binary_handler' and
1606 originally preloaded by `prepare_binprm' with the executable's file
1607 header by overwriting it with its interpreter's file header. Instead
1608 keep the buffer space intact and directly use the data structure locally
1609 allocated for the interpreter's file header, fixing a bug introduced in
1610 2.1.14 with loadable module support (linux-mips.org commit beb11695
1611 [Import of Linux/MIPS 2.1.14], predating kernel.org repo's history).
1612 Adjust the amount of data read from the interpreter's file accordingly.
1613
1614 This was not an issue before loadable module support, because back then
1615 `load_elf_binary' was executed only once for a given ELF executable,
1616 whether the function succeeded or failed.
1617
1618 With loadable module support supported and enabled, upon a failure of
1619 `load_elf_binary' -- which may for example be caused by architecture
1620 code rejecting an executable due to a missing hardware feature requested
1621 in the file header -- a module load is attempted and then the function
1622 reexecuted by `search_binary_handler'. With the executable's file
1623 header replaced with its interpreter's file header the executable can
1624 then be erroneously accepted in this subsequent attempt.
1625
1626 Cc: stable@vger.kernel.org # all the way back
1627 Signed-off-by: Maciej W. Rozycki <macro@imgtec.com>
1628 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
1629
1630 fs/binfmt_elf.c | 10 +++++-----
1631 1 files changed, 5 insertions(+), 5 deletions(-)
1632
2d1b3edc
PK		 1633commit 9c49029fe4cb9a52cb174aebfd5946a9d26b9956
1634Merge: 5482e7e 7033393
1635Author: Brad Spengler <spender@grsecurity.net>
1636Date: Mon Nov 9 19:51:58 2015 -0500
1637
1638 Merge branch 'pax-test' into grsec-test
1639
1640commit 70333935932c9f3eb333a354dd760b4233efcc37
1641Author: Brad Spengler <spender@grsecurity.net>
1642Date: Mon Nov 9 19:51:19 2015 -0500
1643
1644 Update to pax-linux-4.2.6-test18.patch:
1645 - cleaned up the last of the FPU changes, by spender
1646 - fixed a few KERNEXEC regressions (backported from 4.3)
1647 - Emese fixed a few size overflow false positives in kvm, reported by Christian Roessner (https://bugs.gentoo.org/show_bug.cgi?id=558138#c23)
1648 - David Sterba fixed a few integer overflows in btrfs caught by the size overflow plugin (https://patchwork.kernel.org/patch/7585611/ and https://patchwork.kernel.org/patch/7582351/), reported by Victor, Stebalien and alan.d (https://forums.grsecurity.net/viewtopic.php?f=1&t=4284)
1649
1650 arch/x86/include/asm/fpu/internal.h | 2 +-
1651 arch/x86/include/asm/fpu/types.h | 1 -
1652 arch/x86/kernel/apic/apic.c | 4 ++-
1653 arch/x86/kernel/fpu/init.c | 36 --------------------
1654 arch/x86/kernel/process_64.c | 6 +--
1655 arch/x86/kernel/vsmp_64.c | 13 +++++--
1656 drivers/acpi/video_detect.c | 2 +-
1657 drivers/lguest/core.c | 2 +-
1658 fs/btrfs/file.c | 10 ++++--
1659 fs/btrfs/inode.c | 12 ++++++
1660 .../disable_size_overflow_hash.data | 5 ++-
1661 .../size_overflow_plugin/size_overflow_hash.data | 7 +---
1662 12 files changed, 42 insertions(+), 58 deletions(-)
1663
1664commit 5482e7eb4ba3c5cc90472ccdb1bfe2cec64413e2
1665Merge: 81e2642 682ba19
1666Author: Brad Spengler <spender@grsecurity.net>
1667Date: Mon Nov 9 18:19:48 2015 -0500
1668
1669 Merge branch 'pax-test' into grsec-test
1670
1671 Conflicts:
1672 drivers/pci/pci-sysfs.c
1673
1674commit 682ba19ce305f501c9bc5c42a76f2c7442aa22fc
1675Merge: 7755256 1c02865
1676Author: Brad Spengler <spender@grsecurity.net>
1677Date: Mon Nov 9 18:18:24 2015 -0500
1678
1679 Merge branch 'linux-4.2.y' into pax-test
1680
29c15a34
PK		 1681commit 81e26429b7a36f0c75de3ab42754256720c0a159
1682Author: Brad Spengler <spender@grsecurity.net>
1683Date: Mon Nov 9 07:37:30 2015 -0500
1684
1685 btrfs: fix signed overflow in btrfs_sync_file
1686
1687 The calculation of range length in btrfs_sync_file leads to signed
1688 overflow. This was caught by PaX gcc SIZE_OVERFLOW plugin.
1689
1690 https://forums.grsecurity.net/viewtopic.php?f=1&t=4284
1691
1692 The fsync call passes 0 and LLONG_MAX, the range length does not fit to
1693 loff_t and overflows, but the value is converted to u64 so it silently
1694 works as expected.
1695
1696 The minimal fix is a typecast to u64, switching functions to take
1697 (start, end) instead of (start, len) would be more intrusive.
1698
1699 Coccinelle script found that there's one more opencoded calculation of
1700 the length.
1701
1702 <smpl>
1703 @@
1704 loff_t start, end;
1705 @@
1706 * end - start
1707 </smpl>
1708
1709 CC: stable@vger.kernel.org
1710 Signed-off-by: David Sterba <dsterba@suse.com>
1711
1712 fs/btrfs/file.c | 10 +++++++---
1713 1 files changed, 7 insertions(+), 3 deletions(-)
1714
4d865a41
PK		 1715commit 07fd498a96e2d589ad743851c0dec482a92e0429
1716Author: Brad Spengler <spender@grsecurity.net>
1717Date: Sun Nov 8 17:04:31 2015 -0500
1718
1719 Fix an upstream type confusion bug exposed by RANDSTRUCT:
1720 at the beginning of each sem_array/shmid_kernel/msg_queue
1721 struct is an kern_ipc_perm struct. Unlike every other place in the
1722 kernel where some field must be at an explicit location, there's
1723 no documentation at all that the kern_ipc_perm must be at the beginning
1724 of these structs. Previously, shmid_kernel and kern_ipc_perm were both
1725 randomized with RANDSTRUCT. The problem arises due to the show() handler
1726 for /proc for msg/sem/shm -- what it is provided is a pointer to
1727 a kern_ipc_perm struct (as a void *) which each show() handler then
1728 assumes can be implicitly cast to its own particular struct type without
1729 any kind of container_of being performed. Fix this by doing the proper
1730 type conversions for each via container_of, and randomize the sem and msg
1731 structs while we're at it.
1732
1733 include/linux/msg.h | 2 +-
1734 include/linux/sem.h | 2 +-
1735 ipc/msg.c | 3 ++-
1736 ipc/sem.c | 3 ++-
1737 ipc/shm.c | 3 ++-
1738 5 files changed, 8 insertions(+), 5 deletions(-)
1739
1740commit 6591e1a526c544936975cd3515d8def09e8026f0
1741Author: Brad Spengler <spender@grsecurity.net>
1742Date: Tue Nov 3 19:36:05 2015 -0500
1743
1744 Properly fix the PCI sysfs node check that was recently improperly fixed
1745 upstream (it's under CAP_SYS_ADMIN so it's not really serious)
1746 Reported by Mathias Krause
1747
1748 drivers/pci/pci-sysfs.c | 2 +-
1749 1 files changed, 1 insertions(+), 1 deletions(-)
1750
1751commit ece03d4d07f29634687b2ea5edb7cab23888cff3
1752Merge: 715e674 7755256
1753Author: Brad Spengler <spender@grsecurity.net>
1754Date: Mon Nov 2 21:32:10 2015 -0500
1755
1756 Merge branch 'pax-test' into grsec-test
1757
1758commit 775525660a6353feb261ad6232f6acbc23826bf4
1759Author: Brad Spengler <spender@grsecurity.net>
1760Date: Mon Nov 2 21:31:21 2015 -0500
1761
1762 Update to pax-linux-4.2.5-test17.patch:
1763 - Emese fixed a bunch of size overflow reports:
1764 - https://forums.grsecurity.net/viewtopic.php?f=3&t=4290
1765 - https://forums.grsecurity.net/viewtopic.php?f=3&t=4291
1766 - https://forums.grsecurity.net/viewtopic.php?f=3&t=4288
1767 - https://forums.grsecurity.net/viewtopic.php?f=3&t=4285
1768 - https://forums.grsecurity.net/viewtopic.php?f=3&t=4283
1769 - https://forums.grsecurity.net/viewtopic.php?f=3&t=4287
1770 - https://forums.grsecurity.net/viewtopic.php?f=3&t=4289
1771 - https://bugs.archlinux.org/task/46798
1772 - fixed the x86 fpu code some more, reported by spender and others (https://bugs.gentoo.org/show_bug.cgi?id=563804, https://bugs.archlinux.org/task/46764)
1773
1774 arch/x86/include/asm/fpu/internal.h | 4 +-
1775 arch/x86/kernel/fpu/core.c | 2 +-
1776 arch/x86/kernel/process.c | 3 +-
1777 arch/x86/kernel/process_64.c | 6 +-
1778 drivers/usb/class/cdc-acm.h | 2 +-
1779 drivers/video/console/fbcon.c | 2 +-
1780 fs/dlm/lowcomms.c | 2 +-
1781 include/linux/usb.h | 8 +-
1782 .../disable_size_overflow_hash.data | 15 +-
1783 .../size_overflow_plugin/intentional_overflow.c | 3 +
1784 .../size_overflow_plugin/size_overflow_hash.data | 373 ++++++++++++++++----
1785 tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 3 +-
1786 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
1787 13 files changed, 329 insertions(+), 96 deletions(-)
1788
0a2b3309
PK		 1789commit 715e674a838f08748044bce459380762e9c1cd29
1790Author: Sasha Levin <sasha.levin@oracle.com>
1791Date: Wed Oct 7 11:03:28 2015 -0500
1792
1793 PCI: Prevent out of bounds access in numa_node override
1794
1795 63692df103e9 ("PCI: Allow numa_node override via sysfs") didn't check that
1796 the numa node provided by userspace is valid. Passing a node number too
1797 high would attempt to access invalid memory and trigger a kernel panic.
1798
1799 Fixes: 63692df103e9 ("PCI: Allow numa_node override via sysfs")
1800 Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
1801 Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
1802 CC: stable@vger.kernel.org # v3.19+
1803
1804 drivers/pci/pci-sysfs.c | 2 +-
1805 1 files changed, 1 insertions(+), 1 deletions(-)
1806
1807commit 6abe1bb892fe394df80dd4267a8bd2874d537e4e
1808Author: David Howells <dhowells@redhat.com>
1809Date: Fri Sep 18 11:45:12 2015 +0100
1810
1811 ovl: use O_LARGEFILE in ovl_copy_up()
1812
1813 Open the lower file with O_LARGEFILE in ovl_copy_up().
1814
1815 Pass O_LARGEFILE unconditionally in ovl_copy_up_data() as it's purely for
1816 catching 32-bit userspace dealing with a file large enough that it'll be
1817 mishandled if the application isn't aware that there might be an integer
1818 overflow. Inside the kernel, there shouldn't be any problems.
1819
1820 Reported-by: Ulrich Obergfell <uobergfe@redhat.com>
1821 Signed-off-by: David Howells <dhowells@redhat.com>
1822 Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
1823 Cc: <stable@vger.kernel.org> # v3.18+
1824
1825 fs/overlayfs/copy_up.c | 4 ++--
1826 1 files changed, 2 insertions(+), 2 deletions(-)
1827
1828commit bf5e23398e4a82e28fe0801337a4b78ca951a1d9
1829Author: David Howells <dhowells@redhat.com>
1830Date: Fri Sep 18 11:45:22 2015 +0100
1831
1832 ovl: fix dentry reference leak
1833
1834 In ovl_copy_up_locked(), newdentry is leaked if the function exits through
1835 out_cleanup as this just to out after calling ovl_cleanup() - which doesn't
1836 actually release the ref on newdentry.
1837
1838 The out_cleanup segment should instead exit through out2 as certainly
1839 newdentry leaks - and possibly upper does also, though this isn't caught
1840 given the catch of newdentry.
1841
1842 Without this fix, something like the following is seen:
1843
1844 BUG: Dentry ffff880023e9eb20{i=f861,n=#ffff880023e82d90} still in use (1) [unmount of tmpfs tmpfs]
1845 BUG: Dentry ffff880023ece640{i=0,n=bigfile} still in use (1) [unmount of tmpfs tmpfs]
1846
1847 when unmounting the upper layer after an error occurred in copyup.
1848
1849 An error can be induced by creating a big file in a lower layer with
1850 something like:
1851
1852 dd if=/dev/zero of=/lower/a/bigfile bs=65536 count=1 seek=$((0xf000))
1853
1854 to create a large file (4.1G). Overlay an upper layer that is too small
1855 (on tmpfs might do) and then induce a copy up by opening it writably.
1856
1857 Reported-by: Ulrich Obergfell <uobergfe@redhat.com>
1858 Signed-off-by: David Howells <dhowells@redhat.com>
1859 Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
1860 Cc: <stable@vger.kernel.org> # v3.18+
1861
1862 fs/overlayfs/copy_up.c | 2 +-
1863 1 files changed, 1 insertions(+), 1 deletions(-)
1864
1865commit da93976d3355abae09d9fd6a68e7dea77ed619d1
1866Author: Miklos Szeredi <miklos@szeredi.hu>
1867Date: Mon Oct 12 15:56:20 2015 +0200
1868
1869 ovl: fix open in stacked overlay
1870
1871 If two overlayfs filesystems are stacked on top of each other, then we need
1872 recursion in ovl_d_select_inode().
1873
1874 I guess d_backing_inode() is supposed to do that. But currently it doesn't
1875 and that functionality is open coded in vfs_open(). This is now copied
1876 into ovl_d_select_inode() to fix this regression.
1877
1878 Reported-by: Alban Crequy <alban.crequy@gmail.com>
1879 Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
1880 Fixes: 4bacc9c9234c ("overlayfs: Make f_path always point to the overlay...")
1881 Cc: David Howells <dhowells@redhat.com>
1882 Cc: <stable@vger.kernel.org> # v4.2+
1883
1884 fs/overlayfs/inode.c | 3 +++
1885 1 files changed, 3 insertions(+), 0 deletions(-)
1886
1887commit 0ddd9cf6149717882b81c946149bf55332d763ae
1888Author: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
1889Date: Mon Aug 24 15:57:18 2015 +0300
1890
1891 ovl: free stack of paths in ovl_fill_super
1892
1893 This fixes small memory leak after mount.
1894
1895 Kmemleak report:
1896
1897 unreferenced object 0xffff88003683fe00 (size 16):
1898 comm "mount", pid 2029, jiffies 4294909563 (age 33.380s)
1899 hex dump (first 16 bytes):
1900 20 27 1f bb 00 88 ff ff 40 4b 0f 36 02 88 ff ff '......@K.6....
1901 backtrace:
1902 [<ffffffff811f8cd4>] create_object+0x124/0x2c0
1903 [<ffffffff817a059b>] kmemleak_alloc+0x7b/0xc0
1904 [<ffffffff811dffe6>] __kmalloc+0x106/0x340
1905 [<ffffffffa01b7a29>] ovl_fill_super+0x389/0x9a0 [overlay]
1906 [<ffffffff81200ac4>] mount_nodev+0x54/0xa0
1907 [<ffffffffa01b7118>] ovl_mount+0x18/0x20 [overlay]
1908 [<ffffffff81201ab3>] mount_fs+0x43/0x170
1909 [<ffffffff81220d34>] vfs_kern_mount+0x74/0x170
1910 [<ffffffff812233ad>] do_mount+0x22d/0xdf0
1911 [<ffffffff812242cb>] SyS_mount+0x7b/0xc0
1912 [<ffffffff817b6bee>] entry_SYSCALL_64_fastpath+0x12/0x76
1913 [<ffffffffffffffff>] 0xffffffffffffffff
1914
1915 Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
1916 Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
1917 Fixes: a78d9f0d5d5c ("ovl: support multiple lower layers")
1918 Cc: <stable@vger.kernel.org> # v4.0+
1919
1920 fs/overlayfs/super.c | 1 +
1921 1 files changed, 1 insertions(+), 0 deletions(-)
1922
1923commit b86575c9973b9ad55d659fd8a6be8f864435ad0e
1924Author: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
1925Date: Mon Aug 24 15:57:19 2015 +0300
1926
1927 ovl: free lower_mnt array in ovl_put_super
1928
1929 This fixes memory leak after umount.
1930
1931 Kmemleak report:
1932
1933 unreferenced object 0xffff8800ba791010 (size 8):
1934 comm "mount", pid 2394, jiffies 4294996294 (age 53.920s)
1935 hex dump (first 8 bytes):
1936 20 1c 13 02 00 88 ff ff .......
1937 backtrace:
1938 [<ffffffff811f8cd4>] create_object+0x124/0x2c0
1939 [<ffffffff817a059b>] kmemleak_alloc+0x7b/0xc0
1940 [<ffffffff811dffe6>] __kmalloc+0x106/0x340
1941 [<ffffffffa0152bfc>] ovl_fill_super+0x55c/0x9b0 [overlay]
1942 [<ffffffff81200ac4>] mount_nodev+0x54/0xa0
1943 [<ffffffffa0152118>] ovl_mount+0x18/0x20 [overlay]
1944 [<ffffffff81201ab3>] mount_fs+0x43/0x170
1945 [<ffffffff81220d34>] vfs_kern_mount+0x74/0x170
1946 [<ffffffff812233ad>] do_mount+0x22d/0xdf0
1947 [<ffffffff812242cb>] SyS_mount+0x7b/0xc0
1948 [<ffffffff817b6bee>] entry_SYSCALL_64_fastpath+0x12/0x76
1949 [<ffffffffffffffff>] 0xffffffffffffffff
1950
1951 Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
1952 Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
1953 Fixes: dd662667e6d3 ("ovl: add mutli-layer infrastructure")
1954 Cc: <stable@vger.kernel.org> # v4.0+
1955
1956 fs/overlayfs/super.c | 1 +
1957 1 files changed, 1 insertions(+), 0 deletions(-)
1958
1959commit 9f49b5376fae99cd590d13726e2633bc0a53b6db
1960Author: Linus Torvalds <torvalds@linux-foundation.org>
1961Date: Sun Nov 1 17:09:15 2015 -0800
1962
1963 mm: get rid of 'vmalloc_info' from /proc/meminfo
1964
1965 It turns out that at least some versions of glibc end up reading
1966 /proc/meminfo at every single startup, because glibc wants to know the
1967 amount of memory the machine has. And while that's arguably insane,
1968 it's just how things are.
1969
1970 And it turns out that it's not all that expensive most of the time, but
1971 the vmalloc information statistics (amount of virtual memory used in the
1972 vmalloc space, and the biggest remaining chunk) can be rather expensive
1973 to compute.
1974
1975 The 'get_vmalloc_info()' function actually showed up on my profiles as
1976 4% of the CPU usage of "make test" in the git source repository, because
1977 the git tests are lots of very short-lived shell-scripts etc.
1978
1979 It turns out that apparently this same silly vmalloc info gathering
1980 shows up on the facebook servers too, according to Dave Jones. So it's
1981 not just "make test" for git.
1982
1983 We had two patches to just cache the information (one by me, one by
1984 Ingo) to mitigate this issue, but the whole vmalloc information of of
1985 rather dubious value to begin with, and people who *actually* want to
1986 know what the situation is wrt the vmalloc area should just look at the
1987 much more complete /proc/vmallocinfo instead.
1988
1989 In fact, according to my testing - and perhaps more importantly,
1990 according to that big search engine in the sky: Google - there is
1991 nothing out there that actually cares about those two expensive fields:
1992 VmallocUsed and VmallocChunk.
1993
1994 So let's try to just remove them entirely. Actually, this just removes
1995 the computation and reports the numbers as zero for now, just to try to
1996 be minimally intrusive.
1997
1998 If this breaks anything, we'll obviously have to re-introduce the code
1999 to compute this all and add the caching patches on top. But if given
2000 the option, I'd really prefer to just remove this bad idea entirely
2001 rather than add even more code to work around our historical mistake
2002 that likely nobody really cares about.
2003
2004 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2005
2006 fs/proc/meminfo.c | 7 ++-----
2007 include/linux/vmalloc.h | 12 ------------
2008 mm/vmalloc.c | 47 -----------------------------------------------
2009 3 files changed, 2 insertions(+), 64 deletions(-)
2010
2011commit 66425129a550275398f886498d957284539bb331
2012Author: Marek Vasut <marex@denx.de>
2013Date: Fri Oct 30 13:48:19 2015 +0100
2014
2015 can: Use correct type in sizeof() in nla_put()
2016
2017 The sizeof() is invoked on an incorrect variable, likely due to some
2018 copy-paste error, and this might result in memory corruption. Fix this.
2019
2020 Signed-off-by: Marek Vasut <marex@denx.de>
2021 Cc: Wolfgang Grandegger <wg@grandegger.com>
2022 Cc: netdev@vger.kernel.org
2023 Cc: linux-stable <stable@vger.kernel.org>
2024 Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2025
2026 drivers/net/can/dev.c | 2 +-
2027 1 files changed, 1 insertions(+), 1 deletions(-)
2028
2029commit 8c8e802a86f8faf2519710db043339e1cc953bc4
2030Author: Brad Spengler <spender@grsecurity.net>
2031Date: Mon Nov 2 17:20:52 2015 -0500
2032
2033 Fix the FPU code properly by copying the dynamically-sized FPU state on
2034 each clone of the task struct, making it equivalent to the new FPU-in-task-struct code
2035
2036 Fix is from the PaX Team
2037
2038 arch/x86/kernel/process.c | 2 ++
2039 1 files changed, 2 insertions(+), 0 deletions(-)
2040
2041commit 036bc2e2231c76f7eb470bfef67b6bc26187aeae
2042Author: Brad Spengler <spender@grsecurity.net>
2043Date: Mon Nov 2 17:19:43 2015 -0500
2044
2045 Revert the forced eagerfpu since it's now fixed properly
2046
2047 arch/x86/kernel/fpu/init.c | 3 ---
2048 1 files changed, 0 insertions(+), 3 deletions(-)
2049
2050commit a08ab82bcf321704f6a228c7924b860510c6d610
2051Author: Carol L Soto <clsoto@linux.vnet.ibm.com>
2052Date: Tue Oct 27 17:36:20 2015 +0200
2053
2054 net/mlx4: Copy/set only sizeof struct mlx4_eqe bytes
2055
2056 When doing memcpy/memset of EQEs, we should use sizeof struct
2057 mlx4_eqe as the base size and not caps.eqe_size which could be bigger.
2058
2059 If caps.eqe_size is bigger than the struct mlx4_eqe then we corrupt
2060 data in the master context.
2061
2062 When using a 64 byte stride, the memcpy copied over 63 bytes to the
2063 slave_eq structure. This resulted in copying over the entire eqe of
2064 interest, including its ownership bit -- and also 31 bytes of garbage
2065 into the next WQE in the slave EQ -- which did NOT include the ownership
2066 bit (and therefore had no impact).
2067
2068 However, once the stride is increased to 128, we are overwriting the
2069 ownership bits of *three* eqes in the slave_eq struct. This results
2070 in an incorrect ownership bit for those eqes, which causes the eq to
2071 seem to be full. The issue therefore surfaced only once 128-byte EQEs
2072 started being used in SRIOV and (overarchitectures that have 128/256
2073 byte cache-lines such as PPC) - e.g after commit 77507aa249ae
2074 "net/mlx4_core: Enable CQE/EQE stride support".
2075
2076 Fixes: 08ff32352d6f ('mlx4: 64-byte CQE/EQE support')
2077 Signed-off-by: Carol L Soto <clsoto@linux.vnet.ibm.com>
2078 Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
2079 Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
2080 Signed-off-by: David S. Miller <davem@davemloft.net>
2081
2082 drivers/net/ethernet/mellanox/mlx4/cmd.c | 2 +-
2083 drivers/net/ethernet/mellanox/mlx4/eq.c | 2 +-
2084 2 files changed, 2 insertions(+), 2 deletions(-)
2085
2086commit 811ab3b52935612def289efa5e9e2aa973f16f26
2087Author: Hannes Frederic Sowa <hannes@stressinduktion.org>
2088Date: Wed Oct 28 13:21:04 2015 +0100
2089
2090 ipv6: protect mtu calculation of wrap-around and infinite loop by rounding issues
2091
2092 Raw sockets with hdrincl enabled can insert ipv6 extension headers
2093 right into the data stream. In case we need to fragment those packets,
2094 we reparse the options header to find the place where we can insert
2095 the fragment header. If the extension headers exceed the link's MTU we
2096 actually cannot make progress in such a case.
2097
2098 Instead of ending up in broken arithmetic or rounding towards 0 and
2099 entering an endless loop in ip6_fragment, just prevent those cases by
2100 aborting early and signal -EMSGSIZE to user space.
2101
2102 This is the second version of the patch which doesn't use the
2103 overflow_usub function, which got reverted for now.
2104
2105 Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
2106 Cc: Linus Torvalds <torvalds@linux-foundation.org>
2107 Reported-by: Dmitry Vyukov <dvyukov@google.com>
2108 Cc: Dmitry Vyukov <dvyukov@google.com>
2109 Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
2110 Signed-off-by: David S. Miller <davem@davemloft.net>
2111
2112 net/ipv6/ip6_output.c | 2 ++
2113 1 files changed, 2 insertions(+), 0 deletions(-)
2114
2115commit f074980442c7c3ff4a75c711ff18204dfb4131b8
2116Author: Brad Spengler <spender@grsecurity.net>
2117Date: Thu Oct 29 18:19:02 2015 -0400
2118
2119 Revert "ipv6: protect mtu calculation of wrap-around and infinite loop by rounding issues"
2120
2121 This reverts commit 18d5034650b637ec479f41d98e3912398b3e3efc.
2122
2123 net/ipv6/ip6_output.c | 6 +-----
2124 1 files changed, 1 insertions(+), 5 deletions(-)
2125
2126commit 53e629c2d13ed09f4c889925482606f82a65bd1d
2127Author: Brad Spengler <spender@grsecurity.net>
2128Date: Thu Oct 29 18:18:55 2015 -0400
2129
2130 Revert "overflow-arith: begin to add support for overflow builtin functions"
2131
2132 This reverts commit cfd0008de8db38841f7f06b979482900994717b9.
2133
2134 Conflicts:
2135
2136 include/linux/compiler-gcc.h
2137
2138 include/linux/compiler-gcc.h | 4 ----
2139 include/linux/overflow-arith.h | 18 ------------------
2140 2 files changed, 0 insertions(+), 22 deletions(-)
2141
2142commit 225122602b5b7fd58ec5c2a4a1a4a9a29fe7a02a
2143Author: Brad Spengler <spender@grsecurity.net>
2144Date: Thu Oct 29 09:00:11 2015 -0400
2145
2146 Update size_overflow plugin
2147
2148 .../size_overflow_plugin/intentional_overflow.c | 3 +++
2149 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
2150 2 files changed, 4 insertions(+), 1 deletions(-)
2151
c3f73f4b
PK		 2152commit 2bf85cb1c3df45d59d8b59aeacf63cbbee360175
2153Author: Brad Spengler <spender@grsecurity.net>
2154Date: Thu Oct 29 08:52:07 2015 -0400
2155
2156 Temporarily disable the builtin_overflow again as the kernexec plugin also has problems with it
2157
2158 include/linux/compiler-gcc.h | 2 +-
2159 1 files changed, 1 insertions(+), 1 deletions(-)
2160
d60a514c
PK		 2161commit a41c8c4d880b6005e874bf5440e24713da8483cd
2162Author: Brad Spengler <spender@grsecurity.net>
2163Date: Wed Oct 28 19:28:30 2015 -0400
2164
2165 temporarily work around issue with the dynamic FPU state and lazy FPU mode
2166 upstream configures FPU mode based on the eagerfpu variable before it's ever actually
2167 set by the commandline parser (so eagerfpu= on the commandline has no effect)
2168
2169 arch/x86/kernel/fpu/init.c | 3 +++
2170 1 files changed, 3 insertions(+), 0 deletions(-)
2171
2172commit 8452f9d5cfabda9228496050a16bc8728c0ebbb7
2173Author: Brad Spengler <spender@grsecurity.net>
2174Date: Wed Oct 28 19:25:55 2015 -0400
2175
2176 Remove/reorder some code due to the reverting of the FPU-state-in-task_struct code
2177
2178 arch/x86/include/asm/fpu/types.h | 69 ++++++++++++++++++--------------------
2179 arch/x86/include/asm/processor.h | 10 ++----
2180 arch/x86/kernel/fpu/init.c | 20 -----------
2181 include/linux/sched.h | 4 +-
2182 4 files changed, 38 insertions(+), 65 deletions(-)
2183
2184commit c2127bd4215f8f02a1391bef3bde55d0bb1c19bc
2185Author: Brad Spengler <spender@grsecurity.net>
2186Date: Tue Oct 27 23:38:11 2015 -0400
2187
2188 fix typo
2189
2190 tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 2 +-
2191 1 files changed, 1 insertions(+), 1 deletions(-)
2192
2193commit c588def7b5713c31fef2b848bfebf0d727791b82
2194Author: Brad Spengler <spender@grsecurity.net>
2195Date: Tue Oct 27 21:09:04 2015 -0400
2196
2197 remove the PAGE_SIZE padding from fpregs_state since it's not included as part
2198 of the task struct
2199
2200 arch/x86/include/asm/fpu/types.h | 1 -
2201 1 files changed, 0 insertions(+), 1 deletions(-)
2202
2203commit 3bd1e5915353fee1f347577f0e80d925910695f9
2204Author: Herbert Xu <herbert@gondor.apana.org.au>
2205Date: Mon Oct 19 18:23:57 2015 +0800
2206
2207 crypto: api - Only abort operations on fatal signal
2208
2209 Currently a number of Crypto API operations may fail when a signal
2210 occurs. This causes nasty problems as the caller of those operations
2211 are often not in a good position to restart the operation.
2212
2213 In fact there is currently no need for those operations to be
2214 interrupted by user signals at all. All we need is for them to
2215 be killable.
2216
2217 This patch replaces the relevant calls of signal_pending with
2218 fatal_signal_pending, and wait_for_completion_interruptible with
2219 wait_for_completion_killable, respectively.
2220
2221 Cc: stable@vger.kernel.org
2222 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2223
2224 crypto/ablkcipher.c | 2 +-
2225 crypto/algapi.c | 2 +-
2226 crypto/api.c | 6 +++---
2227 crypto/crypto_user.c | 2 +-
2228 4 files changed, 6 insertions(+), 6 deletions(-)
2229
2230commit 2b278f02de77bd3d0ffb4c64bc56b702d4e27e49
2231Author: Brad Spengler <spender@grsecurity.net>
2232Date: Tue Oct 27 18:02:42 2015 -0400
2233
2234 Update a comment
2235
2236 arch/x86/include/asm/fpu/internal.h | 2 +-
2237 1 files changed, 1 insertions(+), 1 deletions(-)
2238
2239commit 66cbab70d87485c22946485bfd375c3e88140213
2240Merge: cad84c5 8610c94
2241Author: Brad Spengler <spender@grsecurity.net>
2242Date: Tue Oct 27 07:44:23 2015 -0400
2243
2244 Merge branch 'pax-test' into grsec-test
2245
2246commit 8610c949a76ac2a09b334f41c35cb8e7a04a0ce8
2247Merge: a851b41 f69d603
2248Author: Brad Spengler <spender@grsecurity.net>
2249Date: Tue Oct 27 07:44:14 2015 -0400
2250
2251 Merge branch 'linux-4.2.y' into pax-test
2252
2253commit cad84c52f547c8ba47ddcf39d1f260f55350f0c2
2254Author: Brad Spengler <spender@grsecurity.net>
2255Date: Mon Oct 26 07:33:21 2015 -0400
2256
2257 re-enable builtin_overflow support
2258
2259 include/linux/compiler-gcc.h | 3 +--
2260 1 files changed, 1 insertions(+), 2 deletions(-)
2261
2262commit 6e281aebbf456c27ce530055d5668bc5829c02a8
2263Author: Brad Spengler <spender@grsecurity.net>
2264Date: Mon Oct 26 07:32:15 2015 -0400
2265
2266 Update the size_overflow plugin from Emese to fix the ICE on builtin_overflow use
2267
2268 tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 3 ++-
2269 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
2270 2 files changed, 3 insertions(+), 2 deletions(-)
2271
2272commit 75ed97df02fc6eb862df511da6ca690de3d0f15c
2273Author: Brad Spengler <spender@grsecurity.net>
2274Date: Mon Oct 26 07:17:00 2015 -0400
2275
2276 Fix from Emese for a size_overflow report in the fbcon code on the
2277 'softback_lines' global variable
2278
2279 drivers/video/console/fbcon.c | 2 +-
2280 1 files changed, 1 insertions(+), 1 deletions(-)
2281
134f4180
PK		 2282commit b088cabd42c6fe825baa27f40ab450ad75e571d3
2283Author: Brad Spengler <spender@grsecurity.net>
2284Date: Sun Oct 25 18:09:55 2015 -0400
2285
2286 Temporarily work around an ICE on GCC >= 5 reported by Daniel Micay due to
2287 backporting of __builtin_usub_overflow
2288
2289 include/linux/compiler-gcc.h | 3 ++-
2290 1 files changed, 2 insertions(+), 1 deletions(-)
2291
2292commit ba858f46865c6751af3ddba03b176e4d5ecf85c1
2293Author: Brad Spengler <spender@grsecurity.net>
2294Date: Sun Oct 25 17:59:17 2015 -0400
2295
2296 Update size_overflow hash table
2297
2298 .../disable_size_overflow_hash.data | 7 +++++++
2299 .../size_overflow_plugin/size_overflow_hash.data | 9 +--------
2300 2 files changed, 8 insertions(+), 8 deletions(-)
2301
2302commit ba803bceaea0283b38e91c1d3176bf0671786269
2303Author: Brad Spengler <spender@grsecurity.net>
2304Date: Sun Oct 25 15:31:17 2015 -0400
2305
2306 Fix oversight in pipacs' removal of FPU state from the task struct:
2307 fpu_copy was performing an OOB copy starting from the address of the 'state'
2308 pointer in the fpu struct instead of starting from the address pointed
2309 to by the state pointer. Reported at:
2310 https://bugs.archlinux.org/task/46764
2311
2312 arch/x86/include/asm/fpu/internal.h | 4 ++--
2313 arch/x86/kernel/fpu/core.c | 2 +-
2314 2 files changed, 3 insertions(+), 3 deletions(-)
2315
46c36e49
PK		 2316commit 26e7d31c5b5c970c50297d2b8be165e9c9ab9d83
2317Merge: 85d8735 a851b41
2318Author: Brad Spengler <spender@grsecurity.net>
2319Date: Sun Oct 25 13:39:21 2015 -0400
2320
2321 Merge branch 'pax-test' into grsec-test
2322
2323commit a851b41415a0402d76f10712b6950ddff3872a22
2324Author: Brad Spengler <spender@grsecurity.net>
2325Date: Sun Oct 25 13:38:25 2015 -0400
2326
2327 Update to latest size_overflow plugin release:
2328 Temporarily ignore bitfield types: https://bugs.archlinux.org/task/46798
2329 Use SI or wider type for the size_overflow type: https://forums.grsecurity.net/viewtopic.php?t=4293&p=15655#p15655
2330
2331 .../size_overflow_plugin/intentional_overflow.c | 3 +++
2332 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
2333 .../size_overflow_plugin/size_overflow_transform.c | 7 +++++++
2334 .../size_overflow_transform_core.c | 2 --
2335 4 files changed, 11 insertions(+), 3 deletions(-)
2336
2337commit 85d8735a1d1190e3ad2e3f032ae88f811090fdfc
2338Author: Brad Spengler <spender@grsecurity.net>
2339Date: Sun Oct 25 13:01:32 2015 -0400
2340
2341 fpu doesn't live on the task_struct with PaX, so don't even bother computing some task_size
2342 variable that isn't used for anything
2343
2344 arch/x86/kernel/fpu/init.c | 14 --------------
2345 1 files changed, 0 insertions(+), 14 deletions(-)
2346
2347commit cfd0008de8db38841f7f06b979482900994717b9
2348Author: Hannes Frederic Sowa <hannes@stressinduktion.org>
2349Date: Fri Oct 16 11:32:42 2015 +0200
2350
2351 overflow-arith: begin to add support for overflow builtin functions
2352
2353 The idea of the overflow-arith.h header is to collect overflow checking
2354 functions in one central place.
2355
2356 If gcc compiler supports the __builtin_overflow_* builtins we use them
2357 because they might give better performance, otherwise the code falls
2358 back to normal overflow checking functions.
2359
2360 The builtin_overflow functions are supported by gcc-5 and clang. The
2361 matter of supporting clang is to just provide a corresponding
2362 CC_HAVE_BUILTIN_OVERFLOW, because the specific overflow checking builtins
2363 don't differ between gcc and clang.
2364
2365 I just provide overflow_usub function here as I intend this to get merged
2366 into net, more functions will definitely follow as they are needed.
2367
2368 Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
2369 Signed-off-by: David S. Miller <davem@davemloft.net>
2370
2371 include/linux/compiler-gcc.h | 4 ++++
2372 include/linux/overflow-arith.h | 18 ++++++++++++++++++
2373 2 files changed, 22 insertions(+), 0 deletions(-)
2374
2375commit 18d5034650b637ec479f41d98e3912398b3e3efc
2376Author: Hannes Frederic Sowa <hannes@stressinduktion.org>
2377Date: Fri Oct 16 11:32:43 2015 +0200
2378
2379 ipv6: protect mtu calculation of wrap-around and infinite loop by rounding issues
2380
2381 Raw sockets with hdrincl enabled can insert ipv6 extension headers
2382 right into the data stream. In case we need to fragment those packets,
2383 we reparse the options header to find the place where we can insert
2384 the fragment header. If the extension headers exceed the link's MTU we
2385 actually cannot make progress in such a case.
2386
2387 Instead of ending up in broken arithmetic or rounding towards 0 and
2388 entering an endless loop in ip6_fragment, just prevent those cases by
2389 aborting early and signal -EMSGSIZE to user space.
2390
2391 Reported-by: Dmitry Vyukov <dvyukov@google.com>
2392 Cc: Dmitry Vyukov <dvyukov@google.com>
2393 Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
2394 Signed-off-by: David S. Miller <davem@davemloft.net>
2395
2396 net/ipv6/ip6_output.c | 6 +++++-
2397 1 files changed, 5 insertions(+), 1 deletions(-)
2398
2399commit 0e1d1c0f1981b4049a70d23dce4c69daf19f020b
2400Merge: c81314c 9470e78
2401Author: Brad Spengler <spender@grsecurity.net>
2402Date: Sun Oct 25 11:51:44 2015 -0400
2403
2404 Merge branch 'pax-test' into grsec-test
2405
2406commit 9470e7893a9a1bf15f9b7d412dc09bebb59105e8
2407Author: Brad Spengler <spender@grsecurity.net>
2408Date: Sun Oct 25 11:50:54 2015 -0400
2409
2410 Temporary squelching of overflow warning on skb_transport_offset(), will be fixed properly after H2HC
2411
2412 include/linux/skbuff.h | 2 +-
2413 1 files changed, 1 insertions(+), 1 deletions(-)
2414
2415commit c81314ce278e9cfa3322881a6133c2c7e53b9430
2416Author: Brad Spengler <spender@grsecurity.net>
2417Date: Sat Oct 24 23:13:36 2015 -0400
2418
2419 Update recordmcount/fixdep paths in RPM spec, from Andrew
2420
2421 scripts/package/mkspec | 4 ++--
2422 1 files changed, 2 insertions(+), 2 deletions(-)
2423
2424commit 798e4296bd55778b5e77f1db69c1bb972419590f
2425Author: Brad Spengler <spender@grsecurity.net>
2426Date: Sat Oct 24 23:11:22 2015 -0400
2427
2428 Update size_overflow hash table
2429
2430 .../disable_size_overflow_hash.data | 3 +++
2431 .../size_overflow_plugin/size_overflow_hash.data | 5 +----
2432 2 files changed, 4 insertions(+), 4 deletions(-)
2433
68b0b791
PK		 2434commit d9ef04f20fc634595883d1c1950c32a8fe04df22
2435Author: Brad Spengler <spender@grsecurity.net>
2436Date: Sat Oct 24 08:27:29 2015 -0400
2437
2438 Fix from Emese for https://forums.grsecurity.net/viewtopic.php?f=3&t=4291
2439
2440 drivers/usb/class/cdc-acm.h | 2 +-
2441 include/linux/usb.h | 8 ++++----
2442 2 files changed, 5 insertions(+), 5 deletions(-)
2443
2444commit eea46f1d247f5f63e3762da91a41cba76567800f
2445Author: Brad Spengler <spender@grsecurity.net>
2446Date: Fri Oct 23 18:24:57 2015 -0400
2447
2448 Update size_overflow hash tables
2449
2450 .../disable_size_overflow_hash.data | 5 ++++-
2451 .../size_overflow_plugin/size_overflow_hash.data | 5 +----
2452 2 files changed, 5 insertions(+), 5 deletions(-)
2453
31a7c07c
PK		 2454commit 8f521b864bd7428f3ad42613416c106d1d619c4d
2455Merge: 26adf00 285f0d1
2456Author: Brad Spengler <spender@grsecurity.net>
2457Date: Thu Oct 22 19:41:57 2015 -0400
2458
2459 Merge branch 'pax-test' into grsec-test
2460
2461 Conflicts:
2462 drivers/gpu/drm/drm_lock.c
2463
2464commit 285f0d1cda31b45ee217b90861677c032cb6550b
2465Merge: d6dc25f 190bd21
2466Author: Brad Spengler <spender@grsecurity.net>
2467Date: Thu Oct 22 19:40:34 2015 -0400
2468
2469 Merge branch 'linux-4.2.y' into pax-test
2470
2471 Conflicts:
2472 arch/x86/kernel/process_64.c
2473
2474commit 26adf00caf8f4ebf155422082d4e8b8e4eb60eef
2475Author: Eric W. Biederman <ebiederm@xmission.com>
2476Date: Sat Aug 15 13:36:12 2015 -0500
2477
2478 dcache: Handle escaped paths in prepend_path
2479
2480 A rename can result in a dentry that by walking up d_parent
2481 will never reach it's mnt_root. For lack of a better term
2482 I call this an escaped path.
2483
2484 prepend_path is called by four different functions __d_path,
2485 d_absolute_path, d_path, and getcwd.
2486
2487 __d_path only wants to see paths are connected to the root it passes
2488 in. So __d_path needs prepend_path to return an error.
2489
2490 d_absolute_path similarly wants to see paths that are connected to
2491 some root. Escaped paths are not connected to any mnt_root so
2492 d_absolute_path needs prepend_path to return an error greater
2493 than 1. So escaped paths will be treated like paths on lazily
2494 unmounted mounts.
2495
2496 getcwd needs to prepend "(unreachable)" so getcwd also needs
2497 prepend_path to return an error.
2498
2499 d_path is the interesting hold out. d_path just wants to print
2500 something, and does not care about the weird cases. Which raises
2501 the question what should be printed?
2502
2503 Given that <escaped_path>/<anything> should result in -ENOENT I
2504 believe it is desirable for escaped paths to be printed as empty
2505 paths. As there are not really any meaninful path components when
2506 considered from the perspective of a mount tree.
2507
2508 So tweak prepend_path to return an empty path with an new error
2509 code of 3 when it encounters an escaped path.
2510
2511 Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2512 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2513
2514 fs/dcache.c | 7 +++++++
2515 1 files changed, 7 insertions(+), 0 deletions(-)
2516
2517commit d402147a7689356c29bfd46a7cfa6594e517ab95
2518Author: Salva Peiró <speirofr@gmail.com>
2519Date: Wed Oct 14 17:48:02 2015 +0200
2520
2521 staging/dgnc: fix info leak in ioctl
2522
2523 The dgnc_mgmt_ioctl() code fails to initialize the 16 _reserved bytes of
2524 struct digi_dinfo after the ->dinfo_nboards member. Add an explicit
2525 memset(0) before filling the structure to avoid the info leak.
2526
2527 Signed-off-by: Salva Peiró <speirofr@gmail.com>
2528 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2529
2530 drivers/staging/dgnc/dgnc_mgmt.c | 1 +
2531 1 files changed, 1 insertions(+), 0 deletions(-)
2532
2533commit bafc510c4fb4e8a5e69531fdc3a733e58c4bbdbf
2534Author: Salva Peiró <speirofr@gmail.com>
2535Date: Wed Oct 7 07:09:26 2015 -0300
2536
2537 [media] media/vivid-osd: fix info leak in ioctl
2538
2539 The vivid_fb_ioctl() code fails to initialize the 16 _reserved bytes of
2540 struct fb_vblank after the ->hcount member. Add an explicit
2541 memset(0) before filling the structure to avoid the info leak.
2542
2543 Signed-off-by: Salva Peiró <speirofr@gmail.com>
2544 Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
2545 Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
2546
2547 drivers/media/platform/vivid/vivid-osd.c | 1 +
2548 1 files changed, 1 insertions(+), 0 deletions(-)
2549
2550commit 980a903796ae06366fd5acbcd179ee2dc57fbabf
2551Author: David Howells <dhowells@redhat.com>
2552Date: Mon Oct 19 11:20:28 2015 +0100
2553
2554 KEYS: Don't permit request_key() to construct a new keyring
2555
2556 If request_key() is used to find a keyring, only do the search part - don't
2557 do the construction part if the keyring was not found by the search. We
2558 don't really want keyrings in the negative instantiated state since the
2559 rejected/negative instantiation error value in the payload is unioned with
2560 keyring metadata.
2561
2562 Now the kernel gives an error:
2563
2564 request_key("keyring", "#selinux,bdekeyring", "keyring", KEY_SPEC_USER_SESSION_KEYRING) = -1 EPERM (Operation not permitted)
2565
2566 Signed-off-by: David Howells <dhowells@redhat.com>
2567
2568 security/keys/request_key.c | 3 +++
2569 1 files changed, 3 insertions(+), 0 deletions(-)
2570
2571commit f705c157ed6f8a9c4c0cf552fd5f054d9d500550
2572Author: Dan Carpenter <dan.carpenter@oracle.com>
2573Date: Mon Oct 19 13:16:49 2015 +0300
2574
2575 irda: precedence bug in irlmp_seq_hb_idx()
2576
2577 This is decrementing the pointer, instead of the value stored in the
2578 pointer. KASan detects it as an out of bounds reference.
2579
2580 Reported-by: "Berry Cheng 程君(成淼)" <chengmiao.cj@alibaba-inc.com>
2581 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
2582 Signed-off-by: David S. Miller <davem@davemloft.net>
2583
2584 net/irda/irlmp.c | 2 +-
2585 1 files changed, 1 insertions(+), 1 deletions(-)
2586
dc085147
PK		 2587commit 4a110451298bfce895ed224e6bbd9201d8605b2b
2588Author: Brad Spengler <spender@grsecurity.net>
2589Date: Tue Oct 20 19:25:13 2015 -0400
2590
2591 Ratelimit the dump_stack as well, both to 15s with a burst of 3, enough not to completely
2592 flood syslog
2593
2594 fs/exec.c | 11 +++++++++--
2595 1 files changed, 9 insertions(+), 2 deletions(-)
2596
2597commit 183fc2ae7d90e077fd27623998d82916260a2223
2598Merge: a240939 d6dc25f
2599Author: Brad Spengler <spender@grsecurity.net>
2600Date: Tue Oct 20 19:16:04 2015 -0400
2601
2602 Merge branch 'pax-test' into grsec-test
2603
2604 Conflicts:
2605 tools/gcc/size_overflow_plugin/size_overflow_plugin.c
2606
2607commit d6dc25f193a832e08d8e7cf097d7f70b3dc24776
2608Author: Brad Spengler <spender@grsecurity.net>
2609Date: Tue Oct 20 19:14:41 2015 -0400
2610
2611 Update to pax-linux-4.2.3-test16.patch:
2612 - fixed undefined integer shift in proc_do_submiturb, reported by Arnaud <arnaud@drno.eu>
2613 - fixed integer underflow in scm_detach_fds (similar to 1ac70e7ad24a88710cf9b6d7ababaefa2b575df0 upstream), reported by kdave (https://forums.grsecurity.net/viewtopic.php?f=1&t=4286)
2614 - Emese added a temporary workaround for miscompiling the ath10k driver, reported by victor
2615 - Emese fixed a false positive that affected the iwlwifi driver among others, reported by victor
2616 - Emese disabled size overflow checking in acpi_ex_do_math_op and on acpi_object_integer, reported by xxterry1xx and rfnx (https://forums.grsecurity.net/viewtopic.php?f=3&t=4287)
2617
2618 drivers/net/wireless/ath/ath10k/ce.c | 2 +-
2619 drivers/usb/core/devio.c | 2 +-
2620 fs/dlm/lowcomms.c | 2 +-
2621 net/core/scm.c | 6 ++-
2622 .../disable_size_overflow_hash.data | 4 +-
2623 .../size_overflow_plugin/intentional_overflow.c | 44 --------------------
2624 tools/gcc/size_overflow_plugin/size_overflow.h | 1 -
2625 .../size_overflow_plugin/size_overflow_hash.data | 4 +-
2626 .../size_overflow_plugin/size_overflow_plugin.c | 4 +-
2627 .../size_overflow_plugin/size_overflow_transform.c | 3 -
2628 .../size_overflow_transform_core.c | 6 +++
2629 11 files changed, 19 insertions(+), 59 deletions(-)
2630
a129fb97
PK		 2631commit a2409394c2b0d97a9f02bf62ca4c0254602e58a6
2632Author: Brad Spengler <spender@grsecurity.net>
2633Date: Tue Oct 20 08:58:25 2015 -0400
2634
2635 set default to y
2636
2637 security/Kconfig | 1 +
2638 1 files changed, 1 insertions(+), 0 deletions(-)
2639
2640commit 3abe24117389419654da44adc87a9a03ad7e3f38
2641Author: Brad Spengler <spender@grsecurity.net>
2642Date: Tue Oct 20 08:08:32 2015 -0400
2643
2644 Add a new config option from Emese to allow SIZE_OVERFLOW to be enabled
2645 while having it not kill the userland process in an overflow condition.
2646 This will help us obtain reports over the next few weeks while not making
2647 some percentage of users' machines unusable.
2648
2649 To enable this option, set CONFIG_PAX_SIZE_OVERFLOW_DISABLE_KILL=y in .config
2650
2651 fs/exec.c | 5 +++++
2652 security/Kconfig | 4 ++++
2653 .../size_overflow_plugin/size_overflow_plugin.c | 4 ++--
2654 3 files changed, 11 insertions(+), 2 deletions(-)
2655
07330232
PK		 2656commit bcae982f720ce0b3463a81f2b72a4807cb89048b
2657Merge: 0e55d80 128d3a5
2658Author: Brad Spengler <spender@grsecurity.net>
2659Date: Mon Oct 19 18:56:09 2015 -0400
2660
2661 Merge branch 'pax-test' into grsec-test
2662
2663commit 128d3a5452ab001b29235b05eb0be3334fff3998
2664Author: Brad Spengler <spender@grsecurity.net>
2665Date: Mon Oct 19 18:55:37 2015 -0400
2666
2667 Update to pax-linux-4.2.3-test14.patch:
2668 - Emese fixed a false positive size overflow report, reported by gus (https://forums.grsecurity.net/viewtopic.php?t=4280)
2669 - fixed an integer sign mixup in usb_stor_invoke_transport, reported by Arnaud <arnaud@drno.eu>
2670
2671 drivers/usb/storage/transport.c | 2 +-
2672 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
2673 .../size_overflow_plugin/size_overflow_transform.c | 15 +++-
2674 .../size_overflow_transform_core.c | 90 ++++++++++++++-----
2675 4 files changed, 81 insertions(+), 28 deletions(-)
2676
ed16389b
PK		 2677commit 0e55d80a65998266cab71804131a072fcc8ee558
2678Merge: a61fd15 9c4310f
2679Author: Brad Spengler <spender@grsecurity.net>
2680Date: Sat Oct 17 23:15:36 2015 -0400
2681
2682 Merge branch 'pax-test' into grsec-test
2683
2684commit 9c4310fdb2d19f83affc62eb2698d3763ce8c36b
2685Author: Brad Spengler <spender@grsecurity.net>
2686Date: Sat Oct 17 23:15:13 2015 -0400
2687
2688 Update to pax-linux-4.2.3-test14.patch:
2689 - reverted some page table hardening that caused too much slowdown under virtualization, reported by quasar366 (https://forums.grsecurity.net/viewtopic.php?f=3&t=4275)
2690
2691 arch/x86/include/asm/pgtable-2level.h | 18 ++----------------
2692 arch/x86/include/asm/pgtable-3level.h | 10 ----------
2693 arch/x86/include/asm/pgtable_32.h | 2 ++
2694 arch/x86/include/asm/pgtable_64.h | 18 ++----------------
2695 arch/x86/mm/highmem_32.c | 2 ++
2696 arch/x86/mm/init_64.c | 2 ++
2697 arch/x86/mm/iomap_32.c | 4 ++++
2698 arch/x86/mm/pageattr.c | 4 ++++
2699 arch/x86/mm/pgtable.c | 2 ++
2700 arch/x86/mm/pgtable_32.c | 3 +++
2701 mm/highmem.c | 5 +++++
2702 mm/vmalloc.c | 7 +++++++
2703 12 files changed, 35 insertions(+), 42 deletions(-)
2704
609ac19a
PK		 2705commit a61fd152e87bd3ed91194b07f6b1fcbcd165093b
2706Merge: 00f1afa db7a8e5
2707Author: Brad Spengler <spender@grsecurity.net>
2708Date: Sat Oct 17 18:33:48 2015 -0400
2709
2710 Merge branch 'pax-test' into grsec-test
2711
2712commit db7a8e5c284179889014b5929a40298e1b228fbc
2713Author: Brad Spengler <spender@grsecurity.net>
2714Date: Sat Oct 17 18:33:22 2015 -0400
2715
2716 Update to pax-linux-4.2.3-test13.patch:
2717 - Emese worked around a sign mixup with wiphy.rts_threshold, reported by gus (https://forums.grsecurity.net/viewtopic.php?f=3&t=4278)
2718
2719 .../disable_size_overflow_hash.data | 2 ++
2720 .../size_overflow_plugin/size_overflow_hash.data | 2 --
2721 2 files changed, 2 insertions(+), 2 deletions(-)
2722
5bf3f0b0
PK		 2723commit 00f1afa694317365e9bd6dc77d2e3e96ae3a68ec
2724Merge: 7098385 57dc21d
2725Author: Brad Spengler <spender@grsecurity.net>
2726Date: Sat Oct 17 11:04:56 2015 -0400
2727
2728 Merge branch 'pax-test' into grsec-test
2729
2730commit 57dc21d203a9fa1312a4abc608da5b3644d29078
2731Author: Brad Spengler <spender@grsecurity.net>
2732Date: Sat Oct 17 11:04:34 2015 -0400
2733
2734 Update to pax-linux-4.2.3-test12.patch:
2735 - removed size_overflow_hash.data.prev that was left behind by accident
2736 - Emese fixed a false positive overflow report in the megaraid driver due to a gcc limitation, reported by vortex (https://forums.grsecurity.net/viewtopic.php?f=3&t=4277)
2737
2738 drivers/scsi/megaraid/megaraid_sas.h | 2 +-
2739 1 files changed, 1 insertions(+), 1 deletions(-)
2740
c84fce4e
PK		 2741commit 7098385851c43dea6692508c71cd5fbcce3187b2
2742Merge: bc6d23e 78b0f64
2743Author: Brad Spengler <spender@grsecurity.net>
2744Date: Fri Oct 16 17:45:06 2015 -0400
2745
2746 Merge branch 'pax-test' into grsec-test
2747
2748 Conflicts:
2749 tools/gcc/size_overflow_plugin/intentional_overflow.c
2750
2751commit 78b0f643d8d2b870e8ad5df075d4ab79befa4266
2752Author: Brad Spengler <spender@grsecurity.net>
2753Date: Fri Oct 16 17:44:18 2015 -0400
2754
2755 Update to pax-linux-4.2.3-test11.patch:
2756 - Emese fixed a few false positives caused by error codes
2757 - simplified the switch_mm code on x86 a bit
2758
2759 arch/x86/include/asm/mmu_context.h | 118 +++++--------
2760 include/drm/drm_mm.h | 2 +-
2761 .../size_overflow_plugin/intentional_overflow.c | 11 +-
2762 tools/gcc/size_overflow_plugin/size_overflow.h | 19 ++-
2763 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
2764 .../size_overflow_plugin/size_overflow_transform.c | 178 +++++++++-----------
2765 .../size_overflow_transform_core.c | 31 ++--
2766 7 files changed, 169 insertions(+), 192 deletions(-)
2767
2768commit bc6d23e3408e389f8a96134f6bc915e9fc8b370b
2769Author: Brad Spengler <spender@grsecurity.net>
2770Date: Fri Oct 16 17:28:54 2015 -0400
2771
2772 Update rpm devel spec, thanks to Andrew
2773
2774 scripts/package/mkspec | 3 +++
2775 1 files changed, 3 insertions(+), 0 deletions(-)
2776
2777commit b3f30cb9207a72a6aa4a78f23f8c5353be0bb27b
2778Author: Brad Spengler <spender@grsecurity.net>
2779Date: Thu Oct 15 20:10:56 2015 -0400
2780
2781 disable tracing support with GRKERNSEC_KMEM (it forces debugfs support on)
2782
2783 kernel/trace/Kconfig | 2 +-
2784 1 files changed, 1 insertions(+), 1 deletions(-)
2785
2786commit 82a0c12587f14add438ddf3b558e2278fcb7a387
2787Author: Brad Spengler <spender@grsecurity.net>
2788Date: Thu Oct 15 19:19:43 2015 -0400
2789
2790 Force DEBUG_FS off the hard way, since 'select' can cause it to be
2791 inadvertently enabled. Add a backup check that fails the build if
2792 GRKERNSEC_KMEM is enabled with DEBUG_FS
2793 Ditto for PROC_PAGE_MONITOR
2794
2795 arch/arc/Kconfig | 1 +
2796 arch/arm/Kconfig.debug | 1 +
2797 arch/arm64/Kconfig.debug | 1 +
2798 arch/blackfin/Kconfig.debug | 1 +
2799 arch/s390/Kconfig.debug | 1 +
2800 arch/x86/Kconfig.debug | 2 ++
2801 drivers/iommu/Kconfig | 1 +
2802 drivers/md/bcache/Kconfig | 1 +
2803 drivers/net/wireless/ath/ath9k/Kconfig | 1 -
2804 include/linux/grsecurity.h | 6 ++++++
2805 init/Kconfig | 1 +
2806 kernel/trace/Kconfig | 2 ++
2807 lib/Kconfig.debug | 6 +++++-
2808 mm/Kconfig | 3 +++
2809 net/sunrpc/Kconfig | 1 +
2810 15 files changed, 27 insertions(+), 2 deletions(-)
2811
2812commit 1b6f8fc8b8100292647638c713326776a0865705
2813Author: Brad Spengler <spender@grsecurity.net>
2814Date: Thu Oct 15 17:58:59 2015 -0400
2815
2816 Force DEBUG_FS off in the kernel config, even having it present is a security
2817 risk
2818
2819 Conflicts:
2820
2821 lib/Kconfig.debug
2822
2823 lib/Kconfig.debug | 1 +
2824 1 files changed, 1 insertions(+), 0 deletions(-)
2825
2826commit 21057fc30571f96aa46acf8922417311905d0f2b
2827Author: Brad Spengler <spender@grsecurity.net>
2828Date: Thu Oct 15 08:15:33 2015 -0400
2829
2830 Backport fix from: https://patchwork.kernel.org/patch/6853351/
2831 The debug_read_tlb() uses the sprintf() functions directly on the buffer
2832 allocated by buf = kmalloc(count), without taking into account the size
2833 of the buffer, with the consequence corrupting the heap, depending on
2834 the count requested by the user.
2835
2836 The patch fixes the issue replacing sprintf() by seq_printf().
2837
2838 Signed-off-by: Salva Peiró <speirofr@gmail.com>
2839
2840 drivers/iommu/omap-iommu-debug.c | 26 +++++++-------------------
2841 drivers/iommu/omap-iommu.c | 28 +++++++++++-----------------
2842 drivers/iommu/omap-iommu.h | 3 +--
2843 3 files changed, 19 insertions(+), 38 deletions(-)
2844
2845commit ba936d19274485bad900a69d679878a50faa50aa
2846Author: Joe Perches <joe@perches.com>
2847Date: Wed Oct 14 01:09:40 2015 -0700
2848
2849 ethtool: Use kcalloc instead of kmalloc for ethtool_get_strings
2850
2851 It seems that kernel memory can leak into userspace by a
2852 kmalloc, ethtool_get_strings, then copy_to_user sequence.
2853
2854 Avoid this by using kcalloc to zero fill the copied buffer.
2855
2856 Signed-off-by: Joe Perches <joe@perches.com>
2857 Acked-by: Ben Hutchings <ben@decadent.org.uk>
2858 Signed-off-by: David S. Miller <davem@davemloft.net>
2859
2860 net/core/ethtool.c | 2 +-
2861 1 files changed, 1 insertions(+), 1 deletions(-)
2862
2863commit bae0a8209962cede6a0d486cf2414cac1747f91b
2864Author: Brad Spengler <spender@grsecurity.net>
2865Date: Wed Oct 14 19:54:27 2015 -0400
2866
2867 Update size_overflow hash table
2868
2869 .../size_overflow_plugin/size_overflow_hash.data | 53 +++++++++++++++++--
2870 1 files changed, 47 insertions(+), 6 deletions(-)
2871
2872commit 1d840cc98b8f9b62d3c906ae24385f79c9131e29
2873Author: Brad Spengler <spender@grsecurity.net>
2874Date: Wed Oct 14 19:50:48 2015 -0400
2875
2876 Update size_overflow hash table
2877
2878 .../size_overflow_plugin/size_overflow_hash.data | 1 +
2879 1 files changed, 1 insertions(+), 0 deletions(-)
2880
2881commit fca9b7af6aebd1d80f364d6d849470e917919004
2882Author: Brad Spengler <spender@grsecurity.net>
2883Date: Wed Oct 14 19:47:21 2015 -0400
2884
2885 Update size_overflow hash table
2886
2887 .../size_overflow_plugin/size_overflow_hash.data | 300 ++++++++++++++++----
2888 1 files changed, 244 insertions(+), 56 deletions(-)
2889
2890commit 07cadc277ba83222698c99091c7da2c28275981f
2891Author: Brad Spengler <spender@grsecurity.net>
2892Date: Wed Oct 14 19:39:44 2015 -0400
2893
2894 squelch some informational messages only used by Emese
2895
2896 .../size_overflow_plugin/intentional_overflow.c | 6 +++---
2897 1 files changed, 3 insertions(+), 3 deletions(-)
2898
2899commit 77eeeac20bde1e0ebd72efe0f7b5c52786411bc7
2900Author: Brad Spengler <spender@grsecurity.net>
2901Date: Wed Oct 14 19:15:56 2015 -0400
2902
2903 Re-enable size_overflow
2904
2905 security/Kconfig | 1 -
2906 1 files changed, 0 insertions(+), 1 deletions(-)
2907
2908commit cb8efa1fd63be1bbcf5e585396cc0ed562d0c624
2909Merge: 913cbf6 4c48a7f
2910Author: Brad Spengler <spender@grsecurity.net>
2911Date: Wed Oct 14 17:14:42 2015 -0400
2912
2913 Merge branch 'pax-test' into grsec-test
2914
2915 Conflicts:
2916 tools/gcc/size_overflow_plugin/size_overflow_hash.data
2917
2918commit 4c48a7fc8df9310f994708b42fe1102a2943917c
2919Author: Brad Spengler <spender@grsecurity.net>
2920Date: Wed Oct 14 17:12:54 2015 -0400
2921
2922 Update to pax-linux-4.2.3-test10.patch:
2923 - fixed accidentally dropped csum_partial_copy_generic_to_user entry point for pre-P6 i386 configs, by minipli
2924 - Emese fixed a bunch of false positives with the size overflow plugin, let's see how it goes in the real world :)
2925
2926 arch/x86/include/asm/processor.h | 2 +-
2927 arch/x86/include/asm/ptrace.h | 8 +-
2928 arch/x86/lib/checksum_32.S | 2 +
2929 arch/x86/xen/mmu.c | 2 +-
2930 drivers/ata/libahci.c | 2 +-
2931 drivers/i2c/busses/i2c-diolan-u2c.c | 2 +-
2932 drivers/oprofile/oprofile_files.c | 2 +-
2933 drivers/spi/spidev.c | 2 +-
2934 drivers/tty/n_tty.c | 2 +-
2935 drivers/usb/core/message.c | 6 +-
2936 fs/binfmt_elf.c | 2 +-
2937 fs/ubifs/io.c | 2 +-
2938 include/drm/drm_mm.h | 2 +-
2939 include/linux/completion.h | 12 +-
2940 include/linux/jiffies.h | 10 +-
2941 include/linux/kernel.h | 2 +-
2942 include/linux/mm.h | 2 +-
2943 include/linux/random.h | 4 +-
2944 include/linux/sched.h | 2 +-
2945 include/linux/usb.h | 2 +-
2946 kernel/sched/completion.c | 6 +-
2947 kernel/time/timer.c | 2 +-
2948 lib/bitmap.c | 2 +-
2949 mm/internal.h | 2 +-
2950 net/sunrpc/svcauth_unix.c | 2 +-
2951 .../disable_size_overflow_hash.data |22980 +++++++++++---------
2952 .../insert_size_overflow_asm.c | 7 +
2953 .../size_overflow_plugin/intentional_overflow.c | 10 +-
2954 tools/gcc/size_overflow_plugin/size_overflow.h | 29 +-
2955 .../gcc/size_overflow_plugin/size_overflow_debug.c | 20 +-
2956 .../size_overflow_plugin/size_overflow_hash.data |14092 ++++++++----
2957 tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 252 +-
2958 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
2959 .../size_overflow_plugin_hash.c | 13 +-
2960 .../size_overflow_plugin/size_overflow_transform.c | 205 +-
2961 .../size_overflow_transform_core.c | 4 +-
2962 36 files changed, 21958 insertions(+), 15740 deletions(-)
2963
2964commit 913cbf6a23fcad570b776b1a5a71242b909c5c99
2965Author: Dave Kleikamp <dave.kleikamp@oracle.com>
2966Date: Mon Oct 5 10:08:51 2015 -0500
2967
2968 crypto: sparc - initialize blkcipher.ivsize
2969
2970 Some of the crypto algorithms write to the initialization vector,
2971 but no space has been allocated for it. This clobbers adjacent memory.
2972
2973 Cc: stable@vger.kernel.org
2974 Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
2975 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2976
2977 arch/sparc/crypto/aes_glue.c | 2 ++
2978 arch/sparc/crypto/camellia_glue.c | 1 +
2979 arch/sparc/crypto/des_glue.c | 2 ++
2980 3 files changed, 5 insertions(+), 0 deletions(-)
2981
ebfb31c7
PK		 2982commit 7af7ad1e287067b7ea659dc0dd3e2e355588e246
2983Author: Brad Spengler <spender@grsecurity.net>
2984Date: Tue Oct 13 08:03:51 2015 -0400
2985
2986 Apply fix by Tejun Heo for upstream bug reported on the forums by Fuxino:
2987 https://forums.grsecurity.net/viewtopic.php?f=3&t=4276#p15570
2988
2989 Probably made more easily reproducible via SANITIZE, but we won't know for
2990 sure without a full oops report.
2991
2992 For some reason even though this patch was marked for 4.2+ stable over a month
2993 ago, it still hasn't hit Greg's tree.
2994
2995 block/blk-cgroup.c | 3 +++
2996 1 files changed, 3 insertions(+), 0 deletions(-)
2997
2998commit 8e1f29f9e1af36f71d12213ea6530eb77014c00c
2999Author: Dmitry Vyukov <dvyukov@google.com>
3000Date: Thu Sep 17 17:17:10 2015 +0200
3001
3002 tty: fix data race on tty_buffer.commit
3003
3004 Race on buffer data happens when newly committed data is
3005 picked up by an old flush work in the following scenario:
3006 __tty_buffer_request_room does a plain write of tail->commit,
3007 no barriers were executed before that.
3008 At this point flush_to_ldisc reads this new value of commit,
3009 and reads buffer data, no barriers in between.
3010 The committed buffer data is not necessary visible to flush_to_ldisc.
3011
3012 Similar bug happens when tty_schedule_flip commits data.
3013
3014 Update commit with smp_store_release and read commit with
3015 smp_load_acquire, as it is commit that signals data readiness.
3016 This is orthogonal to the existing synchronization on tty_buffer.next,
3017 which is required to not dismiss a buffer with unconsumed data.
3018
3019 The data race was found with KernelThreadSanitizer (KTSAN).
3020
3021 Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
3022 Reviewed-by: Peter Hurley <peter@hurleysoftware.com>
3023 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
3024
3025 drivers/tty/tty_buffer.c | 15 ++++++++++++---
3026 1 files changed, 12 insertions(+), 3 deletions(-)
3027
3028commit d62db216e7182e24317596471c1a3a2a9fb9d1f5
3029Author: Peter Hurley <peter@hurleysoftware.com>
3030Date: Sun Jul 12 20:50:49 2015 -0400
3031
3032 tty: Replace smp_rmb/smp_wmb with smp_load_acquire/smp_store_release
3033
3034 Clarify flip buffer producer/consumer operation; the use of
3035 smp_load_acquire() and smp_store_release() more clearly indicates
3036 which memory access requires a barrier.
3037
3038 Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
3039 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
3040
3041 drivers/tty/tty_buffer.c | 10 ++++------
3042 1 files changed, 4 insertions(+), 6 deletions(-)
3043
3044commit c6bbe8a6097f869b6a3d3c40d456727180573dd9
3045Author: Kosuke Tatsukawa <tatsu@ab.jp.nec.com>
3046Date: Fri Oct 2 08:27:05 2015 +0000
3047
3048 tty: fix stall caused by missing memory barrier in drivers/tty/n_tty.c
3049
3050 My colleague ran into a program stall on a x86_64 server, where
3051 n_tty_read() was waiting for data even if there was data in the buffer
3052 in the pty. kernel stack for the stuck process looks like below.
3053 #0 [ffff88303d107b58] __schedule at ffffffff815c4b20
3054 #1 [ffff88303d107bd0] schedule at ffffffff815c513e
3055 #2 [ffff88303d107bf0] schedule_timeout at ffffffff815c7818
3056 #3 [ffff88303d107ca0] wait_woken at ffffffff81096bd2
3057 #4 [ffff88303d107ce0] n_tty_read at ffffffff8136fa23
3058 #5 [ffff88303d107dd0] tty_read at ffffffff81368013
3059 #6 [ffff88303d107e20] __vfs_read at ffffffff811a3704
3060 #7 [ffff88303d107ec0] vfs_read at ffffffff811a3a57
3061 #8 [ffff88303d107f00] sys_read at ffffffff811a4306
3062 #9 [ffff88303d107f50] entry_SYSCALL_64_fastpath at ffffffff815c86d7
3063
3064 There seems to be two problems causing this issue.
3065
3066 First, in drivers/tty/n_tty.c, __receive_buf() stores the data and
3067 updates ldata->commit_head using smp_store_release() and then checks
3068 the wait queue using waitqueue_active(). However, since there is no
3069 memory barrier, __receive_buf() could return without calling
3070 wake_up_interactive_poll(), and at the same time, n_tty_read() could
3071 start to wait in wait_woken() as in the following chart.
3072
3073 __receive_buf() n_tty_read()
3074 ------------------------------------------------------------------------
3075 if (waitqueue_active(&tty->read_wait))
3076 /* Memory operations issued after the
3077 RELEASE may be completed before the
3078 RELEASE operation has completed */
3079 add_wait_queue(&tty->read_wait, &wait);
3080 ...
3081 if (!input_available_p(tty, 0)) {
3082 smp_store_release(&ldata->commit_head,
3083 ldata->read_head);
3084 ...
3085 timeout = wait_woken(&wait,
3086 TASK_INTERRUPTIBLE, timeout);
3087 ------------------------------------------------------------------------
3088
3089 The second problem is that n_tty_read() also lacks a memory barrier
3090 call and could also cause __receive_buf() to return without calling
3091 wake_up_interactive_poll(), and n_tty_read() to wait in wait_woken()
3092 as in the chart below.
3093
3094 __receive_buf() n_tty_read()
3095 ------------------------------------------------------------------------
3096 spin_lock_irqsave(&q->lock, flags);
3097 /* from add_wait_queue() */
3098 ...
3099 if (!input_available_p(tty, 0)) {
3100 /* Memory operations issued after the
3101 RELEASE may be completed before the
3102 RELEASE operation has completed */
3103 smp_store_release(&ldata->commit_head,
3104 ldata->read_head);
3105 if (waitqueue_active(&tty->read_wait))
3106 __add_wait_queue(q, wait);
3107 spin_unlock_irqrestore(&q->lock,flags);
3108 /* from add_wait_queue() */
3109 ...
3110 timeout = wait_woken(&wait,
3111 TASK_INTERRUPTIBLE, timeout);
3112 ------------------------------------------------------------------------
3113
3114 There are also other places in drivers/tty/n_tty.c which have similar
3115 calls to waitqueue_active(), so instead of adding many memory barrier
3116 calls, this patch simply removes the call to waitqueue_active(),
3117 leaving just wake_up*() behind.
3118
3119 This fixes both problems because, even though the memory access before
3120 or after the spinlocks in both wake_up*() and add_wait_queue() can
3121 sneak into the critical section, it cannot go past it and the critical
3122 section assures that they will be serialized (please see "INTER-CPU
3123 ACQUIRING BARRIER EFFECTS" in Documentation/memory-barriers.txt for a
3124 better explanation). Moreover, the resulting code is much simpler.
3125
3126 Latency measurement using a ping-pong test over a pty doesn't show any
3127 visible performance drop.
3128
3129 Signed-off-by: Kosuke Tatsukawa <tatsu@ab.jp.nec.com>
3130 Cc: stable@vger.kernel.org
3131 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
3132
3133 drivers/tty/n_tty.c | 15 +++++----------
3134 1 files changed, 5 insertions(+), 10 deletions(-)
3135
3136commit 3af2011ac1a085a3e8c57ca3a840aec393b37db3
3137Author: Dmitry Vyukov <dvyukov@google.com>
3138Date: Thu Sep 17 17:17:08 2015 +0200
3139
3140 tty: fix data race in flush_to_ldisc
3141
3142 flush_to_ldisc reads port->itty and checks that it is not NULL,
3143 concurrently release_tty sets port->itty to NULL. It is possible
3144 that flush_to_ldisc loads port->itty once, ensures that it is
3145 not NULL, but then reloads it again and uses. The second load
3146 can already return NULL, which will cause a crash.
3147
3148 Use READ_ONCE to read port->itty.
3149
3150 The data race was found with KernelThreadSanitizer (KTSAN).
3151
3152 Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
3153 Reviewed-by: Peter Hurley <peter@hurleysoftware.com>
3154 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
3155
3156 drivers/tty/tty_buffer.c | 2 +-
3157 1 files changed, 1 insertions(+), 1 deletions(-)
3158
3159commit 4a433f384b0a5b7e39f969ee8df89c56537d078d
3160Author: Dmitry Vyukov <dvyukov@google.com>
3161Date: Thu Sep 17 17:17:09 2015 +0200
3162
3163 tty: fix data race in tty_buffer_flush
3164
3165 tty_buffer_flush frees not acquired buffers.
3166 As the result, for example, read of b->size in tty_buffer_free
3167 can return garbage value which will lead to a huge buffer
3168 hanging in the freelist. This is just the benignest
3169 manifestation of freeing of a not acquired object.
3170 If the object is passed to kfree, heap can be corrupted.
3171
3172 Acquire visibility over the buffer before freeing it.
3173
3174 The data race was found with KernelThreadSanitizer (KTSAN).
3175
3176 Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
3177 Reviewed-by: Peter Hurley <peter@hurleysoftware.com>
3178 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
3179
3180 drivers/tty/tty_buffer.c | 5 ++++-
3181 1 files changed, 4 insertions(+), 1 deletions(-)
3182
3183commit 1477c439d65debf45ac3164a1615504131fad1ff
3184Author: Jann Horn <jann@thejh.net>
3185Date: Sun Oct 4 19:29:12 2015 +0200
3186
3187 drivers/tty: require read access for controlling terminal
3188
3189 This is mostly a hardening fix, given that write-only access to other
3190 users' ttys is usually only given through setgid tty executables.
3191
3192 Signed-off-by: Jann Horn <jann@thejh.net>
3193 Cc: stable@vger.kernel.org
3194 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
3195
3196 drivers/tty/tty_io.c | 31 +++++++++++++++++++++++++++----
3197 1 files changed, 27 insertions(+), 4 deletions(-)
3198
3199commit c2d51348729aa244b827216715db7734daf07155
3200Author: Brad Spengler <spender@grsecurity.net>
3201Date: Mon Oct 12 07:19:03 2015 -0400
3202
3203 Don't auto-enable UDEREF on x64 with a VirtualBox host
3204
3205 Conflicts:
3206
3207 security/Kconfig
3208
3209 security/Kconfig | 2 +-
3210 1 files changed, 1 insertions(+), 1 deletions(-)
3211
cf7c63af
PK		 3212commit 45ff0fe97624b7133be6f0280ab8fda4610b7937
3213Merge: ca6828e 1c527d2
3214Author: Brad Spengler <spender@grsecurity.net>
3215Date: Sun Oct 11 17:17:58 2015 -0400
3216
3217 Merge branch 'pax-test' into grsec-test
3218
3219 Conflicts:
3220 arch/x86/mm/pgtable.c
3221
3222commit 1c527d25ad2ece4cdb4723047625d96b942a3b91
3223Author: Brad Spengler <spender@grsecurity.net>
3224Date: Sun Oct 11 17:16:49 2015 -0400
3225
3226 Update to pax-linux-4.2.3-test9.patch:
3227 - really fixed vsyscall/pvclock regression caused by the recent page table hardening, reported by kamil (https://forums.grsecurity.net/viewtopic.php?f=3&t=4272) and quasar366 (https://forums.grsecurity.net/viewtopic.php?f=3&t=4275)
3228 - fixed a compilation error caused by the above regression, reported by spender
3229 - fixed an arm compilation error, reported by Emese
3230
3231 arch/arm/kernel/module-plts.c | 7 +------
3232 arch/x86/mm/pgtable.c | 21 +++++++++++++++++++--
3233 2 files changed, 20 insertions(+), 8 deletions(-)
3234
3235commit ca6828e73b10b4a7537b16a37c2c0280523171e1
3236Author: Trond Myklebust <trond.myklebust@primarydata.com>
3237Date: Fri Oct 9 13:44:34 2015 -0400
3238
3239 namei: results of d_is_negative() should be checked after dentry revalidation
3240
3241 Leandro Awa writes:
3242 "After switching to version 4.1.6, our parallelized and distributed
3243 workflows now fail consistently with errors of the form:
3244
3245 T34: ./regex.c:39:22: error: config.h: No such file or directory
3246
3247 From our 'git bisect' testing, the following commit appears to be the
3248 possible cause of the behavior we've been seeing: commit 766c4cbfacd8"
3249
3250 Al Viro says:
3251 "What happens is that 766c4cbfacd8 got the things subtly wrong.
3252
3253 We used to treat d_is_negative() after lookup_fast() as "fall with
3254 ENOENT". That was wrong - checking ->d_flags outside of ->d_seq
3255 protection is unreliable and failing with hard error on what should've
3256 fallen back to non-RCU pathname resolution is a bug.
3257
3258 Unfortunately, we'd pulled the test too far up and ran afoul of
3259 another kind of staleness. The dentry might have been absolutely
3260 stable from the RCU point of view (and we might be on UP, etc), but
3261 stale from the remote fs point of view. If ->d_revalidate() returns
3262 "it's actually stale", dentry gets thrown away and the original code
3263 wouldn't even have looked at its ->d_flags.
3264
3265 What we need is to check ->d_flags where 766c4cbfacd8 does (prior to
3266 ->d_seq validation) but only use the result in cases where we do not
3267 discard this dentry outright"
3268
3269 Reported-by: Leandro Awa <lawa@nvidia.com>
3270 Link: https://bugzilla.kernel.org/show_bug.cgi?id=104911
3271 Fixes: 766c4cbfacd8 ("namei: d_is_negative() should be checked...")
3272 Tested-by: Leandro Awa <lawa@nvidia.com>
3273 Cc: stable@vger.kernel.org # v4.1+
3274 Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
3275 Acked-by: Al Viro <viro@zeniv.linux.org.uk>
3276 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3277
3278 fs/namei.c | 8 ++++++--
3279 1 files changed, 6 insertions(+), 2 deletions(-)
3280
3281commit c0181260ce096a814637ad60e45a64c94840fffa
3282Author: Matt Fleming <matt.fleming@intel.com>
3283Date: Fri Sep 25 23:02:18 2015 +0100
3284
3285 x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime, instead of top-down
3286
3287 Beginning with UEFI v2.5 EFI_PROPERTIES_TABLE was introduced
3288 that signals that the firmware PE/COFF loader supports splitting
3289 code and data sections of PE/COFF images into separate EFI
3290 memory map entries. This allows the kernel to map those regions
3291 with strict memory protections, e.g. EFI_MEMORY_RO for code,
3292 EFI_MEMORY_XP for data, etc.
3293
3294 Unfortunately, an unwritten requirement of this new feature is
3295 that the regions need to be mapped with the same offsets
3296 relative to each other as observed in the EFI memory map. If
3297 this is not done crashes like this may occur,
3298
3299 BUG: unable to handle kernel paging request at fffffffefe6086dd
3300 IP: [<fffffffefe6086dd>] 0xfffffffefe6086dd
3301 Call Trace:
3302 [<ffffffff8104c90e>] efi_call+0x7e/0x100
3303 [<ffffffff81602091>] ? virt_efi_set_variable+0x61/0x90
3304 [<ffffffff8104c583>] efi_delete_dummy_variable+0x63/0x70
3305 [<ffffffff81f4e4aa>] efi_enter_virtual_mode+0x383/0x392
3306 [<ffffffff81f37e1b>] start_kernel+0x38a/0x417
3307 [<ffffffff81f37495>] x86_64_start_reservations+0x2a/0x2c
3308 [<ffffffff81f37582>] x86_64_start_kernel+0xeb/0xef
3309
3310 Here 0xfffffffefe6086dd refers to an address the firmware
3311 expects to be mapped but which the OS never claimed was mapped.
3312 The issue is that included in these regions are relative
3313 addresses to other regions which were emitted by the firmware
3314 toolchain before the "splitting" of sections occurred at
3315 runtime.
3316
3317 Needless to say, we don't satisfy this unwritten requirement on
3318 x86_64 and instead map the EFI memory map entries in reverse
3319 order. The above crash is almost certainly triggerable with any
3320 kernel newer than v3.13 because that's when we rewrote the EFI
3321 runtime region mapping code, in commit d2f7cbe7b26a ("x86/efi:
3322 Runtime services virtual mapping"). For kernel versions before
3323 v3.13 things may work by pure luck depending on the
3324 fragmentation of the kernel virtual address space at the time we
3325 map the EFI regions.
3326
3327 Instead of mapping the EFI memory map entries in reverse order,
3328 where entry N has a higher virtual address than entry N+1, map
3329 them in the same order as they appear in the EFI memory map to
3330 preserve this relative offset between regions.
3331
3332 This patch has been kept as small as possible with the intention
3333 that it should be applied aggressively to stable and
3334 distribution kernels. It is very much a bugfix rather than
3335 support for a new feature, since when EFI_PROPERTIES_TABLE is
3336 enabled we must map things as outlined above to even boot - we
3337 have no way of asking the firmware not to split the code/data
3338 regions.
3339
3340 In fact, this patch doesn't even make use of the more strict
3341 memory protections available in UEFI v2.5. That will come later.
3342
3343 Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
3344 Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
3345 Signed-off-by: Matt Fleming <matt.fleming@intel.com>
3346 Cc: <stable@vger.kernel.org>
3347 Cc: Borislav Petkov <bp@suse.de>
3348 Cc: Chun-Yi <jlee@suse.com>
3349 Cc: Dave Young <dyoung@redhat.com>
3350 Cc: H. Peter Anvin <hpa@zytor.com>
3351 Cc: James Bottomley <JBottomley@Odin.com>
3352 Cc: Lee, Chun-Yi <jlee@suse.com>
3353 Cc: Leif Lindholm <leif.lindholm@linaro.org>
3354 Cc: Linus Torvalds <torvalds@linux-foundation.org>
3355 Cc: Matthew Garrett <mjg59@srcf.ucam.org>
3356 Cc: Mike Galbraith <efault@gmx.de>
3357 Cc: Peter Jones <pjones@redhat.com>
3358 Cc: Peter Zijlstra <peterz@infradead.org>
3359 Cc: Thomas Gleixner <tglx@linutronix.de>
3360 Cc: linux-kernel@vger.kernel.org
3361 Link: http://lkml.kernel.org/r/1443218539-7610-2-git-send-email-matt@codeblueprint.co.uk
3362 Signed-off-by: Ingo Molnar <mingo@kernel.org>
3363
3364 arch/x86/platform/efi/efi.c | 67 ++++++++++++++++++++++++++++++++++++++++++-
3365 1 files changed, 66 insertions(+), 1 deletions(-)
3366
3367commit 9377caab146791c8c587da3750d6eddcd01bdfba
3368Author: Ard Biesheuvel <ard.biesheuvel@linaro.org>
3369Date: Fri Sep 25 23:02:19 2015 +0100
3370
3371 arm64/efi: Fix boot crash by not padding between EFI_MEMORY_RUNTIME regions
3372
3373 The new Properties Table feature introduced in UEFIv2.5 may
3374 split memory regions that cover PE/COFF memory images into
3375 separate code and data regions. Since these regions only differ
3376 in the type (runtime code vs runtime data) and the permission
3377 bits, but not in the memory type attributes (UC/WC/WT/WB), the
3378 spec does not require them to be aligned to 64 KB.
3379
3380 Since the relative offset of PE/COFF .text and .data segments
3381 cannot be changed on the fly, this means that we can no longer
3382 pad out those regions to be mappable using 64 KB pages.
3383 Unfortunately, there is no annotation in the UEFI memory map
3384 that identifies data regions that were split off from a code
3385 region, so we must apply this logic to all adjacent runtime
3386 regions whose attributes only differ in the permission bits.
3387
3388 So instead of rounding each memory region to 64 KB alignment at
3389 both ends, only round down regions that are not directly
3390 preceded by another runtime region with the same type
3391 attributes. Since the UEFI spec does not mandate that the memory
3392 map be sorted, this means we also need to sort it first.
3393
3394 Note that this change will result in all EFI_MEMORY_RUNTIME
3395 regions whose start addresses are not aligned to the OS page
3396 size to be mapped with executable permissions (i.e., on kernels
3397 compiled with 64 KB pages). However, since these mappings are
3398 only active during the time that UEFI Runtime Services are being
3399 invoked, the window for abuse is rather small.
3400
3401 Tested-by: Mark Salter <msalter@redhat.com>
3402 Tested-by: Mark Rutland <mark.rutland@arm.com> [UEFI 2.4 only]
3403 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
3404 Signed-off-by: Matt Fleming <matt.fleming@intel.com>
3405 Reviewed-by: Mark Salter <msalter@redhat.com>
3406 Reviewed-by: Mark Rutland <mark.rutland@arm.com>
3407 Cc: <stable@vger.kernel.org> # v4.0+
3408 Cc: Catalin Marinas <catalin.marinas@arm.com>
3409 Cc: Leif Lindholm <leif.lindholm@linaro.org>
3410 Cc: Linus Torvalds <torvalds@linux-foundation.org>
3411 Cc: Mike Galbraith <efault@gmx.de>
3412 Cc: Peter Zijlstra <peterz@infradead.org>
3413 Cc: Thomas Gleixner <tglx@linutronix.de>
3414 Cc: Will Deacon <will.deacon@arm.com>
3415 Cc: linux-kernel@vger.kernel.org
3416 Link: http://lkml.kernel.org/r/1443218539-7610-3-git-send-email-matt@codeblueprint.co.uk
3417 Signed-off-by: Ingo Molnar <mingo@kernel.org>
3418
3419 arch/arm64/kernel/efi.c | 3 +-
3420 drivers/firmware/efi/libstub/arm-stub.c | 88 +++++++++++++++++++++++++-----
3421 2 files changed, 75 insertions(+), 16 deletions(-)
3422
3423commit 189124f1e733622c44d72060832af3c68d7ee8bc
3424Author: Ralf Baechle <ralf@linux-mips.org>
3425Date: Fri Oct 2 09:48:57 2015 +0200
3426
3427 MIPS: BPF: Fix load delay slots.
3428
3429 The entire bpf_jit_asm.S is written in noreorder mode because "we know
3430 better" according to a comment. This also prevented the assembler from
3431 throwing in the required NOPs for MIPS I processors which have no
3432 load-use interlock, thus the load's consumer might end up using the
3433 old value of the register from prior to the load.
3434
3435 Fixed by putting the assembler in reorder mode for just the affected
3436 load instructions. This is not enough for gas to actually try to be
3437 clever by looking at the next instruction and inserting a nop only
3438 when needed but as the comment said "we know better", so getting gas
3439 to unconditionally emit a NOP is just right in this case and prevents
3440 adding further ifdefery.
3441
3442 Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
3443
3444 arch/mips/net/bpf_jit_asm.S | 4 ++++
3445 1 files changed, 4 insertions(+), 0 deletions(-)
3446
3447commit b4b012d6599fbc3c6e81f0a03cd59eb9f0095ed8
3448Author: Lee, Chun-Yi <joeyli.kernel@gmail.com>
3449Date: Tue Sep 29 20:58:57 2015 +0800
3450
3451 x86/kexec: Fix kexec crash in syscall kexec_file_load()
3452
3453 The original bug is a page fault crash that sometimes happens
3454 on big machines when preparing ELF headers:
3455
3456 BUG: unable to handle kernel paging request at ffffc90613fc9000
3457 IP: [<ffffffff8103d645>] prepare_elf64_ram_headers_callback+0x165/0x260
3458
3459 The bug is caused by us under-counting the number of memory ranges
3460 and subsequently not allocating enough ELF header space for them.
3461 The bug is typically masked on smaller systems, because the ELF header
3462 allocation is rounded up to the next page.
3463
3464 This patch modifies the code in fill_up_crash_elf_data() by using
3465 walk_system_ram_res() instead of walk_system_ram_range() to correctly
3466 count the max number of crash memory ranges. That's because the
3467 walk_system_ram_range() filters out small memory regions that
3468 reside in the same page, but walk_system_ram_res() does not.
3469
3470 Here's how I found the bug:
3471
3472 After tracing prepare_elf64_headers() and prepare_elf64_ram_headers_callback(),
3473 the code uses walk_system_ram_res() to fill-in crash memory regions information
3474 to the program header, so it counts those small memory regions that
3475 reside in a page area.
3476
3477 But, when the kernel was using walk_system_ram_range() in
3478 fill_up_crash_elf_data() to count the number of crash memory regions,
3479 it filters out small regions.
3480
3481 I printed those small memory regions, for example:
3482
3483 kexec: Get nr_ram ranges. vaddr=0xffff880077592258 paddr=0x77592258, sz=0xdc0
3484
3485 Based on the code in walk_system_ram_range(), this memory region
3486 will be filtered out:
3487
3488 pfn = (0x77592258 + 0x1000 - 1) >> 12 = 0x77593
3489 end_pfn = (0x77592258 + 0xfc0 -1 + 1) >> 12 = 0x77593
3490 end_pfn - pfn = 0x77593 - 0x77593 = 0 <=== if (end_pfn > pfn) is FALSE
3491
3492 So, the max_nr_ranges that's counted by the kernel doesn't include
3493 small memory regions - causing us to under-allocate the required space.
3494 That causes the page fault crash that happens in a later code path
3495 when preparing ELF headers.
3496
3497 This bug is not easy to reproduce on small machines that have few
3498 CPUs, because the allocated page aligned ELF buffer has more free
3499 space to cover those small memory regions' PT_LOAD headers.
3500
3501 Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
3502 Cc: Andy Lutomirski <luto@kernel.org>
3503 Cc: Baoquan He <bhe@redhat.com>
3504 Cc: Jiang Liu <jiang.liu@linux.intel.com>
3505 Cc: Linus Torvalds <torvalds@linux-foundation.org>
3506 Cc: Mike Galbraith <efault@gmx.de>
3507 Cc: Peter Zijlstra <peterz@infradead.org>
3508 Cc: Stephen Rothwell <sfr@canb.auug.org.au>
3509 Cc: Takashi Iwai <tiwai@suse.de>
3510 Cc: Thomas Gleixner <tglx@linutronix.de>
3511 Cc: Viresh Kumar <viresh.kumar@linaro.org>
3512 Cc: Vivek Goyal <vgoyal@redhat.com>
3513 Cc: kexec@lists.infradead.org
3514 Cc: linux-kernel@vger.kernel.org
3515 Cc: <stable@vger.kernel.org>
3516 Link: http://lkml.kernel.org/r/1443531537-29436-1-git-send-email-jlee@suse.com
3517 Signed-off-by: Ingo Molnar <mingo@kernel.org>
3518
3519 arch/x86/kernel/crash.c | 7 +++----
3520 1 files changed, 3 insertions(+), 4 deletions(-)
3521
3522commit bf91f1e0162bdd27ebd1411090a81fd9188daa4f
3523Author: Elad Raz <eladr@mellanox.com>
3524Date: Sat Aug 22 08:44:11 2015 +0300
3525
3526 netfilter: ipset: Fixing unnamed union init
3527
3528 In continue to proposed Vinson Lee's post [1], this patch fixes compilation
3529 issues founded at gcc 4.4.7. The initialization of .cidr field of unnamed
3530 unions causes compilation error in gcc 4.4.x.
3531
3532 References
3533
3534 Visible links
3535 [1] https://lkml.org/lkml/2015/7/5/74
3536
3537 Signed-off-by: Elad Raz <eladr@mellanox.com>
3538 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
3539
3540 net/netfilter/ipset/ip_set_hash_netnet.c | 20 ++++++++++++++++++--
3541 net/netfilter/ipset/ip_set_hash_netportnet.c | 20 ++++++++++++++++++--
3542 2 files changed, 36 insertions(+), 4 deletions(-)
3543
40d5ff9e
PK		 3544commit fed13a5012b8d7e87a6f9efa2e40e0be28eaecd9
3545Author: Brad Spengler <spender@grsecurity.net>
3546Date: Fri Oct 9 23:12:43 2015 -0400
3547
3548 compile fix
3549
3550 arch/x86/mm/pgtable.c | 2 ++
3551 1 files changed, 2 insertions(+), 0 deletions(-)
3552
3553commit 58edc15a668a6dd90b3f66abc84b509f8fba7505
3554Author: Daniel Borkmann <daniel@iogearbox.net>
3555Date: Mon Aug 31 19:11:02 2015 +0200
3556
3557 netfilter: conntrack: use nf_ct_tmpl_free in CT/synproxy error paths
3558
3559 Commit 0838aa7fcfcd ("netfilter: fix netns dependencies with conntrack
3560 templates") migrated templates to the new allocator api, but forgot to
3561 update error paths for them in CT and synproxy to use nf_ct_tmpl_free()
3562 instead of nf_conntrack_free().
3563
3564 Due to that, memory is being freed into the wrong kmemcache, but also
3565 we drop the per net reference count of ct objects causing an imbalance.
3566
3567 In Brad's case, this leads to a wrap-around of net->ct.count and thus
3568 lets __nf_conntrack_alloc() refuse to create a new ct object:
3569
3570 [ 10.340913] xt_addrtype: ipv6 does not support BROADCAST matching
3571 [ 10.810168] nf_conntrack: table full, dropping packet
3572 [ 11.917416] r8169 0000:07:00.0 eth0: link up
3573 [ 11.917438] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
3574 [ 12.815902] nf_conntrack: table full, dropping packet
3575 [ 15.688561] nf_conntrack: table full, dropping packet
3576 [ 15.689365] nf_conntrack: table full, dropping packet
3577 [ 15.690169] nf_conntrack: table full, dropping packet
3578 [ 15.690967] nf_conntrack: table full, dropping packet
3579 [...]
3580
3581 With slab debugging, it also reports the wrong kmemcache (kmalloc-512 vs.
3582 nf_conntrack_ffffffff81ce75c0) and reports poison overwrites, etc. Thus,
3583 to fix the problem, export and use nf_ct_tmpl_free() instead.
3584
3585 Fixes: 0838aa7fcfcd ("netfilter: fix netns dependencies with conntrack templates")
3586 Reported-by: Brad Jackson <bjackson0971@gmail.com>
3587 Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
3588 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
3589
3590 include/net/netfilter/nf_conntrack.h | 1 +
3591 net/netfilter/nf_conntrack_core.c | 3 ++-
3592 net/netfilter/nf_synproxy_core.c | 2 +-
3593 net/netfilter/xt_CT.c | 2 +-
3594 4 files changed, 5 insertions(+), 3 deletions(-)
3595
3596commit 37d26e44573aaa9c3b1f0c36ec9d4bddc008fc03
3597Author: Brad Spengler <spender@grsecurity.net>
3598Date: Fri Oct 9 18:22:54 2015 -0400
3599
3600 Fix BUG() in scatterwalk_map_and_copy caused by virt_to_page being
3601 called on the KSTACKOVERFLOW's vmalloc'd stack. Thanks to
3602 Yves-Alexis Perez for the report
3603
3604 crypto/scatterwalk.c | 10 ++++++++--
3605 1 files changed, 8 insertions(+), 2 deletions(-)
3606
3607commit 8137d53d2b60023587a48004f0b67946ed6db4a8
3608Merge: 147420b a9c991f
3609Author: Brad Spengler <spender@grsecurity.net>
3610Date: Fri Oct 9 18:20:32 2015 -0400
3611
3612 Merge branch 'pax-test' into grsec-test
3613
3614commit a9c991f727bb8daf15838296e301683791c17071
3615Author: Brad Spengler <spender@grsecurity.net>
3616Date: Fri Oct 9 18:20:07 2015 -0400
3617
3618 Update to pax-linux-4.2.3-test8.patch:
3619 - fixed vsyscall/pvclock regression caused by the recent page table hardening, reported by kamil (https://forums.grsecurity.net/viewtopic.php?f=3&t=4272)
3620
3621 arch/x86/kernel/espfix_64.c | 4 +---
3622 arch/x86/kernel/kvmclock.c | 20 ++++++--------------
3623 arch/x86/mm/highmem_32.c | 2 ++
3624 arch/x86/mm/pgtable.c | 33 +++++++++++++++++++++++++++++++++
3625 4 files changed, 42 insertions(+), 17 deletions(-)
3626
3627commit 147420b0f00c7f20f354e1dfa460b904a3af432b
3628Author: Brad Spengler <spender@grsecurity.net>
3629Date: Fri Oct 9 08:54:24 2015 -0400
3630
3631 Properly fix the bug reported at:
3632 https://code.google.com/p/android/issues/detail?id=187973
3633
3634 drivers/net/slip/slhc.c | 3 +++
3635 1 files changed, 3 insertions(+), 0 deletions(-)
3636
afe359a8
PK		 3637commit 4918a68ea80e1185ec8f3a94d3a2210552ed0bb5
3638Merge: 4e736d9 7e02f35
0a9c1e67 3639Author: Brad Spengler <spender@grsecurity.net>
afe359a8 3640Date: Wed Oct 7 20:57:21 2015 -0400
0a9c1e67 3641
afe359a8 3642 Merge branch 'pax-test' into grsec-test
ee1b9a5f 3643
da1216b9 3644 Conflicts:
afe359a8 3645 arch/x86/kernel/espfix_64.c
da1216b9 3646
afe359a8
PK		 3647commit 7e02f35880fd6bdb2f4e7ba07a13d6df1d121008
3648Author: Brad Spengler <spender@grsecurity.net>
3649Date: Wed Oct 7 20:54:36 2015 -0400
da1216b9 3650
afe359a8
PK		 3651 Update to pax-linux-4.2.3-test7.patch:
3652 - backported vanilla commits b763ec17ac762470eec5be8ebcc43e4f8b2c2b82 and 176fc2d5770a0990eebff903ba680d2edd32e718
3653 - constified a few more page tables for ESPFIX/amd64
3654 - fixed xen and the recently added level1_modules_pgt page tables on amd64
ee1b9a5f 3655
afe359a8
PK		 3656 arch/x86/include/asm/pgtable_64.h | 1 +
3657 arch/x86/kernel/espfix_64.c | 35 +++++++++++++++++++++++----------
3658 arch/x86/xen/mmu.c | 4 +++
3659 drivers/base/regmap/regmap-debugfs.c | 14 +++++-------
3660 4 files changed, 35 insertions(+), 19 deletions(-)
ee1b9a5f 3661
afe359a8
PK		 3662commit 4e736d9e568f6cc0d08dfe7519abf9a5d58a5418
3663Author: Robin Murphy <robin.murphy@arm.com>
3664Date: Thu Oct 1 15:37:19 2015 -0700
ee1b9a5f 3665
afe359a8 3666 dmapool: fix overflow condition in pool_find_page()
ee1b9a5f 3667
afe359a8
PK		 3668 If a DMA pool lies at the very top of the dma_addr_t range (as may
3669 happen with an IOMMU involved), the calculated end address of the pool
3670 wraps around to zero, and page lookup always fails.
ee1b9a5f 3671
afe359a8 3672 Tweak the relevant calculation to be overflow-proof.
da1216b9 3673
afe359a8
PK		 3674 Signed-off-by: Robin Murphy <robin.murphy@arm.com>
3675 Cc: Arnd Bergmann <arnd@arndb.de>
3676 Cc: Marek Szyprowski <m.szyprowski@samsung.com>
3677 Cc: Sumit Semwal <sumit.semwal@linaro.org>
3678 Cc: Sakari Ailus <sakari.ailus@iki.fi>
3679 Cc: Russell King <rmk+kernel@arm.linux.org.uk>
da1216b9
PK		 3680 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
3681 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
ee1b9a5f 3682
afe359a8 3683 mm/dmapool.c | 2 +-
578d7714
PK		 3684 1 files changed, 1 insertions(+), 1 deletions(-)
3685
afe359a8
PK		 3686commit 96a101a9b4208a6e5f2a0db7599881142e70ba43
3687Author: Greg Thelen <gthelen@google.com>
3688Date: Thu Oct 1 15:37:05 2015 -0700
578d7714 3689
afe359a8 3690 memcg: make mem_cgroup_read_stat() unsigned
da1216b9 3691
afe359a8
PK		 3692 mem_cgroup_read_stat() returns a page count by summing per cpu page
3693 counters. The summing is racy wrt. updates, so a transient negative
3694 sum is possible. Callers don't want negative values:
578d7714 3695
afe359a8
PK		 3696 - mem_cgroup_wb_stats() doesn't want negative nr_dirty or nr_writeback.
3697 This could confuse dirty throttling.
da1216b9 3698
afe359a8 3699 - oom reports and memory.stat shouldn't show confusing negative usage.
da1216b9 3700
afe359a8 3701 - tree_usage() already avoids negatives.
da1216b9 3702
afe359a8
PK		 3703 Avoid returning negative page counts from mem_cgroup_read_stat() and
3704 convert it to unsigned.
da1216b9 3705
afe359a8
PK		 3706 [akpm@linux-foundation.org: fix old typo while we're in there]
3707 Signed-off-by: Greg Thelen <gthelen@google.com>
3708 Cc: Johannes Weiner <hannes@cmpxchg.org>
3709 Acked-by: Michal Hocko <mhocko@suse.com>
3710 Cc: <stable@vger.kernel.org> [4.2+]
3711 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
3712 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
eeed91c5 3713
afe359a8
PK		 3714 mm/memcontrol.c | 30 ++++++++++++++++++------------
3715 1 files changed, 18 insertions(+), 12 deletions(-)
eeed91c5 3716
afe359a8 3717commit b7808c46650d5f4c09f071566de991af36eb9d37
da1216b9 3718Author: Daniel Borkmann <daniel@iogearbox.net>
afe359a8
PK		 3719Date: Fri Oct 2 12:06:03 2015 +0200
3720
3721 bpf: fix panic in SO_GET_FILTER with native ebpf programs
3722
3723 When sockets have a native eBPF program attached through
3724 setsockopt(sk, SOL_SOCKET, SO_ATTACH_BPF, ...), and then try to
3725 dump these over getsockopt(sk, SOL_SOCKET, SO_GET_FILTER, ...),
3726 the following panic appears:
3727
3728 [49904.178642] BUG: unable to handle kernel NULL pointer dereference at (null)
3729 [49904.178762] IP: [<ffffffff81610fd9>] sk_get_filter+0x39/0x90
3730 [49904.182000] PGD 86fc9067 PUD 531a1067 PMD 0
3731 [49904.185196] Oops: 0000 [#1] SMP
3732 [...]
3733 [49904.224677] Call Trace:
3734 [49904.226090] [<ffffffff815e3d49>] sock_getsockopt+0x319/0x740
3735 [49904.227535] [<ffffffff812f59e3>] ? sock_has_perm+0x63/0x70
3736 [49904.228953] [<ffffffff815e2fc8>] ? release_sock+0x108/0x150
3737 [49904.230380] [<ffffffff812f5a43>] ? selinux_socket_getsockopt+0x23/0x30
3738 [49904.231788] [<ffffffff815dff36>] SyS_getsockopt+0xa6/0xc0
3739 [49904.233267] [<ffffffff8171b9ae>] entry_SYSCALL_64_fastpath+0x12/0x71
3740
3741 The underlying issue is the very same as in commit b382c0865600
3742 ("sock, diag: fix panic in sock_diag_put_filterinfo"), that is,
3743 native eBPF programs don't store an original program since this
3744 is only needed in cBPF ones.
3745
3746 However, sk_get_filter() wasn't updated to test for this at the
3747 time when eBPF could be attached. Just throw an error to the user
3748 to indicate that eBPF cannot be dumped over this interface.
3749 That way, it can also be known that a program _is_ attached (as
3750 opposed to just return 0), and a different (future) method needs
3751 to be consulted for a dump.
3752
3753 Fixes: 89aa075832b0 ("net: sock: allow eBPF programs to be attached to sockets")
da1216b9 3754 Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
afe359a8 3755 Acked-by: Alexei Starovoitov <ast@plumgrid.com>
da1216b9 3756 Signed-off-by: David S. Miller <davem@davemloft.net>
32ca80f1 3757
afe359a8
PK		 3758 net/core/filter.c | 6 +++++-
3759 1 files changed, 5 insertions(+), 1 deletions(-)
32ca80f1 3760
afe359a8
PK		 3761commit 40853c884afb5fc2dcb9f7fc34ef446162566fcc
3762Author: Steve French <smfrench@gmail.com>
3763Date: Mon Sep 28 17:21:07 2015 -0500
32ca80f1 3764
afe359a8 3765 [SMB3] Do not fall back to SMBWriteX in set_file_size error cases
e1f904d0 3766
afe359a8 3767 The error paths in set_file_size for cifs and smb3 are incorrect.
e1f904d0 3768
afe359a8
PK		 3769 In the unlikely event that a server did not support set file info
3770 of the file size, the code incorrectly falls back to trying SMBWriteX
3771 (note that only the original core SMB Write, used for example by DOS,
3772 can set the file size this way - this actually does not work for the more
3773 recent SMBWriteX). The idea was since the old DOS SMB Write could set
3774 the file size if you write zero bytes at that offset then use that if
3775 server rejects the normal set file info call.
da1216b9 3776
afe359a8
PK		 3777 Fortunately the SMBWriteX will never be sent on the wire (except when
3778 file size is zero) since the length and offset fields were reversed
3779 in the two places in this function that call SMBWriteX causing
3780 the fall back path to return an error. It is also important to never call
3781 an SMB request from an SMB2/sMB3 session (which theoretically would
3782 be possible, and can cause a brief session drop, although the client
3783 recovers) so this should be fixed. In practice this path does not happen
3784 with modern servers but the error fall back to SMBWriteX is clearly wrong.
e1f904d0 3785
afe359a8 3786 Removing the calls to SMBWriteX in the error paths in cifs_set_file_size
da1216b9 3787
afe359a8 3788 Pointed out by PaX/grsecurity team
cac6ae42 3789
afe359a8
PK		 3790 Signed-off-by: Steve French <steve.french@primarydata.com>
3791 Reported-by: PaX Team <pageexec@freemail.hu>
3792 CC: Emese Revfy <re.emese@gmail.com>
3793 CC: Brad Spengler <spender@grsecurity.net>
3794 CC: Stable <stable@vger.kernel.org>
3969d2a7 3795
afe359a8
PK		 3796 fs/cifs/inode.c | 34 ----------------------------------
3797 1 files changed, 0 insertions(+), 34 deletions(-)
3969d2a7 3798
afe359a8 3799commit f5fad97c967a08f4a89513969598b1d3c8232a38
3969d2a7 3800Author: Brad Spengler <spender@grsecurity.net>
afe359a8 3801Date: Wed Oct 7 18:22:40 2015 -0400
3969d2a7 3802
afe359a8
PK		 3803 Initial import of grsecurity for Linux 4.2.3
3804 Note that size_overflow is currently marked BROKEN
76e7c0f9 3805
6090327c 3806 Documentation/dontdiff | 2 +
e8242a6d 3807 Documentation/kernel-parameters.txt | 7 +
afe359a8 3808 Documentation/sysctl/kernel.txt | 15 +
a8b227b4 3809 Makefile | 18 +-
6090327c
PK		 3810 arch/alpha/include/asm/cache.h | 4 +-
3811 arch/alpha/kernel/osf_sys.c | 12 +-
3812 arch/arm/Kconfig | 1 +
3813 arch/arm/include/asm/thread_info.h | 9 +-
3814 arch/arm/kernel/process.c | 4 +-
3815 arch/arm/kernel/ptrace.c | 9 +
3816 arch/arm/kernel/traps.c | 7 +-
3817 arch/arm/mm/Kconfig | 2 +-
3818 arch/arm/mm/fault.c | 40 +-
3819 arch/arm/mm/mmap.c | 8 +-
afe359a8 3820 arch/arm/net/bpf_jit_32.c | 51 +-
6090327c
PK		 3821 arch/avr32/include/asm/cache.h | 4 +-
3822 arch/blackfin/include/asm/cache.h | 3 +-
3823 arch/cris/include/arch-v10/arch/cache.h | 3 +-
3824 arch/cris/include/arch-v32/arch/cache.h | 3 +-
3825 arch/frv/include/asm/cache.h | 3 +-
3826 arch/frv/mm/elf-fdpic.c | 4 +-
3827 arch/hexagon/include/asm/cache.h | 6 +-
3828 arch/ia64/Kconfig | 1 +
3829 arch/ia64/include/asm/cache.h | 3 +-
3830 arch/ia64/kernel/sys_ia64.c | 2 +
3831 arch/ia64/mm/hugetlbpage.c | 2 +
3832 arch/m32r/include/asm/cache.h | 4 +-
3833 arch/m68k/include/asm/cache.h | 4 +-
3834 arch/metag/mm/hugetlbpage.c | 1 +
3835 arch/microblaze/include/asm/cache.h | 3 +-
3836 arch/mips/Kconfig | 1 +
3837 arch/mips/include/asm/cache.h | 3 +-
3838 arch/mips/include/asm/thread_info.h | 11 +-
da1216b9 3839 arch/mips/kernel/irq.c | 3 +
6090327c
PK		 3840 arch/mips/kernel/ptrace.c | 9 +
3841 arch/mips/mm/mmap.c | 4 +-
3842 arch/mn10300/proc-mn103e010/include/proc/cache.h | 4 +-
3843 arch/mn10300/proc-mn2ws0050/include/proc/cache.h | 4 +-
3844 arch/openrisc/include/asm/cache.h | 4 +-
3845 arch/parisc/include/asm/cache.h | 5 +-
3846 arch/parisc/kernel/sys_parisc.c | 4 +
3847 arch/powerpc/Kconfig | 1 +
3848 arch/powerpc/include/asm/cache.h | 3 +-
3849 arch/powerpc/include/asm/thread_info.h | 5 +-
3850 arch/powerpc/kernel/Makefile | 2 +
3851 arch/powerpc/kernel/irq.c | 3 +
3852 arch/powerpc/kernel/process.c | 10 +-
3853 arch/powerpc/kernel/ptrace.c | 14 +
3854 arch/powerpc/kernel/traps.c | 5 +
6090327c 3855 arch/powerpc/mm/slice.c | 2 +-
6090327c
PK		 3856 arch/s390/include/asm/cache.h | 4 +-
3857 arch/score/include/asm/cache.h | 4 +-
3858 arch/sh/include/asm/cache.h | 3 +-
3859 arch/sh/mm/mmap.c | 6 +-
3860 arch/sparc/include/asm/cache.h | 4 +-
0986ccbe
PK		 3861 arch/sparc/include/asm/pgalloc_64.h | 1 +
3862 arch/sparc/include/asm/thread_info_64.h | 8 +-
6090327c
PK		 3863 arch/sparc/kernel/process_32.c | 6 +-
3864 arch/sparc/kernel/process_64.c | 8 +-
3865 arch/sparc/kernel/ptrace_64.c | 14 +
3866 arch/sparc/kernel/sys_sparc_64.c | 8 +-
3867 arch/sparc/kernel/syscalls.S | 8 +-
3868 arch/sparc/kernel/traps_32.c | 8 +-
3869 arch/sparc/kernel/traps_64.c | 28 +-
3870 arch/sparc/kernel/unaligned_64.c | 2 +-
3871 arch/sparc/mm/fault_64.c | 2 +-
3872 arch/sparc/mm/hugetlbpage.c | 15 +-
3873 arch/tile/Kconfig | 1 +
3874 arch/tile/include/asm/cache.h | 3 +-
3875 arch/tile/mm/hugetlbpage.c | 2 +
3876 arch/um/include/asm/cache.h | 3 +-
3877 arch/unicore32/include/asm/cache.h | 6 +-
afe359a8
PK		 3878 arch/x86/Kconfig | 21 +
3879 arch/x86/entry/entry_32.S | 2 +-
3880 arch/x86/entry/entry_64.S | 2 +-
6090327c
PK		 3881 arch/x86/ia32/ia32_aout.c | 2 +
3882 arch/x86/include/asm/floppy.h | 20 +-
3883 arch/x86/include/asm/io.h | 2 +-
3884 arch/x86/include/asm/page.h | 12 +-
3885 arch/x86/include/asm/paravirt_types.h | 23 +-
3886 arch/x86/include/asm/processor.h | 2 +-
3887 arch/x86/include/asm/thread_info.h | 8 +-
a8b227b4 3888 arch/x86/kernel/dumpstack.c | 10 +-
6090327c
PK		 3889 arch/x86/kernel/dumpstack_32.c | 2 +-
3890 arch/x86/kernel/dumpstack_64.c | 2 +-
8cf17962 3891 arch/x86/kernel/espfix_64.c | 2 +-
afe359a8 3892 arch/x86/kernel/fpu/init.c | 4 +-
6090327c
PK		 3893 arch/x86/kernel/ioport.c | 13 +
3894 arch/x86/kernel/irq_32.c | 3 +
3895 arch/x86/kernel/irq_64.c | 4 +
afe359a8 3896 arch/x86/kernel/ldt.c | 18 +
6090327c
PK		 3897 arch/x86/kernel/msr.c | 10 +
3898 arch/x86/kernel/ptrace.c | 28 +
3899 arch/x86/kernel/signal.c | 9 +-
3900 arch/x86/kernel/sys_i386_32.c | 9 +-
3901 arch/x86/kernel/sys_x86_64.c | 8 +-
3902 arch/x86/kernel/traps.c | 5 +
3903 arch/x86/kernel/verify_cpu.S | 1 +
3904 arch/x86/kernel/vm86_32.c | 16 +
3905 arch/x86/mm/fault.c | 12 +-
3906 arch/x86/mm/hugetlbpage.c | 15 +-
3907 arch/x86/mm/init.c | 66 +-
3908 arch/x86/mm/init_32.c | 6 +-
0986ccbe 3909 arch/x86/net/bpf_jit_comp.c | 4 +
a8b227b4 3910 arch/x86/platform/efi/efi_64.c | 2 +-
6090327c
PK		 3911 arch/x86/xen/Kconfig | 1 +
3912 arch/xtensa/variants/dc232b/include/variant/core.h | 2 +-
3913 arch/xtensa/variants/fsf/include/variant/core.h | 3 +-
6090327c
PK		 3914 drivers/acpi/acpica/hwxfsleep.c | 11 +-
3915 drivers/acpi/custom_method.c | 4 +
3916 drivers/block/cciss.h | 30 +-
6090327c
PK		 3917 drivers/block/smart1,2.h | 40 +-
3918 drivers/cdrom/cdrom.c | 2 +-
3919 drivers/char/Kconfig | 4 +-
3920 drivers/char/genrtc.c | 1 +
3921 drivers/char/mem.c | 17 +
3922 drivers/char/random.c | 5 +-
3923 drivers/cpufreq/sparc-us3-cpufreq.c | 2 -
3924 drivers/firewire/ohci.c | 4 +
da1216b9
PK		 3925 drivers/gpu/drm/drm_context.c | 50 +-
3926 drivers/gpu/drm/drm_drv.c | 11 +-
3927 drivers/gpu/drm/drm_lock.c | 18 +-
3928 drivers/gpu/drm/i915/i915_dma.c | 2 +
3929 drivers/gpu/drm/nouveau/nouveau_drm.c | 3 +-
6090327c
PK		 3930 drivers/gpu/drm/nouveau/nouveau_ttm.c | 30 +-
3931 drivers/gpu/drm/ttm/ttm_bo_manager.c | 10 +-
afe359a8 3932 drivers/gpu/drm/virtio/virtgpu_ttm.c | 10 +-
6090327c 3933 drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c | 10 +-
6090327c
PK		 3934 drivers/hid/hid-wiimote-debug.c | 2 +-
3935 drivers/infiniband/hw/nes/nes_cm.c | 22 +-
0986ccbe 3936 drivers/iommu/amd_iommu.c | 14 +-
6090327c
PK		 3937 drivers/isdn/gigaset/bas-gigaset.c | 32 +-
3938 drivers/isdn/gigaset/ser-gigaset.c | 32 +-
3939 drivers/isdn/gigaset/usb-gigaset.c | 32 +-
3940 drivers/isdn/i4l/isdn_concap.c | 6 +-
3941 drivers/isdn/i4l/isdn_x25iface.c | 16 +-
a8b227b4
PK		 3942 drivers/md/raid5.c | 8 +
3943 drivers/media/pci/solo6x10/solo6x10-g723.c | 2 +-
6090327c 3944 drivers/media/radio/radio-cadet.c | 5 +-
a8b227b4
PK		 3945 drivers/media/usb/dvb-usb/cinergyT2-core.c | 91 +-
3946 drivers/media/usb/dvb-usb/cinergyT2-fe.c | 182 +-
6090327c
PK		 3947 drivers/media/usb/dvb-usb/dvb-usb-firmware.c | 37 +-
3948 drivers/media/usb/dvb-usb/technisat-usb2.c | 75 +-
3949 drivers/message/fusion/mptbase.c | 9 +
3950 drivers/misc/sgi-xp/xp_main.c | 12 +-
6090327c
PK		 3951 drivers/net/ethernet/brocade/bna/bna_enet.c | 8 +-
3952 drivers/net/wan/lmc/lmc_media.c | 97 +-
3953 drivers/net/wan/z85230.c | 24 +-
3954 drivers/net/wireless/zd1211rw/zd_usb.c | 2 +-
3955 drivers/pci/proc.c | 9 +
3956 drivers/platform/x86/asus-wmi.c | 12 +
3957 drivers/rtc/rtc-dev.c | 3 +
3958 drivers/scsi/bfa/bfa_fcs.c | 19 +-
3959 drivers/scsi/bfa/bfa_fcs_lport.c | 29 +-
3960 drivers/scsi/bfa/bfa_modules.h | 12 +-
e8242a6d 3961 drivers/scsi/hpsa.h | 40 +-
6090327c
PK		 3962 drivers/staging/lustre/lustre/ldlm/ldlm_flock.c | 2 +-
3963 drivers/staging/lustre/lustre/libcfs/module.c | 10 +-
afe359a8
PK		 3964 drivers/staging/sm750fb/sm750.c | 3 +
3965 drivers/tty/serial/uartlite.c | 4 +-
6090327c
PK		 3966 drivers/tty/sysrq.c | 2 +-
3967 drivers/tty/vt/keyboard.c | 22 +-
3968 drivers/uio/uio.c | 6 +-
3969 drivers/usb/core/hub.c | 5 +
a8b227b4
PK		 3970 drivers/usb/gadget/function/f_uac1.c | 1 +
3971 drivers/usb/gadget/function/u_uac1.c | 1 +
6090327c 3972 drivers/usb/host/hwa-hc.c | 9 +-
afe359a8 3973 drivers/usb/usbip/vhci_sysfs.c | 2 +-
6090327c
PK		 3974 drivers/video/fbdev/arcfb.c | 2 +-
3975 drivers/video/fbdev/matrox/matroxfb_DAC1064.c | 10 +-
3976 drivers/video/fbdev/matrox/matroxfb_Ti3026.c | 5 +-
3977 drivers/video/fbdev/sh_mobile_lcdcfb.c | 6 +-
da1216b9 3978 drivers/video/logo/logo_linux_clut224.ppm | 2720 ++++-----
6090327c 3979 drivers/xen/xenfs/xenstored.c | 5 +
afe359a8
PK		 3980 firmware/Makefile | 2 +
3981 firmware/WHENCE | 20 +-
3982 firmware/bnx2/bnx2-mips-06-6.2.3.fw.ihex | 5804 +++++++++++++++++
da1216b9 3983 firmware/bnx2/bnx2-mips-09-6.2.1b.fw.ihex | 6496 ++++++++++++++++++++
6090327c
PK		 3984 fs/attr.c | 1 +
3985 fs/autofs4/waitq.c | 9 +
3986 fs/binfmt_aout.c | 7 +
3987 fs/binfmt_elf.c | 40 +-
6090327c
PK		 3988 fs/compat.c | 20 +-
3989 fs/coredump.c | 17 +-
8cf17962 3990 fs/dcache.c | 3 +
da1216b9
PK		 3991 fs/debugfs/inode.c | 11 +-
3992 fs/exec.c | 218 +-
6090327c 3993 fs/ext2/balloc.c | 4 +-
0986ccbe 3994 fs/ext2/super.c | 8 +-
6090327c 3995 fs/ext3/balloc.c | 4 +-
0986ccbe 3996 fs/ext3/super.c | 8 +-
6090327c 3997 fs/ext4/balloc.c | 4 +-
0986ccbe 3998 fs/fcntl.c | 4 +
da1216b9 3999 fs/fhandle.c | 3 +-
6090327c
PK		 4000 fs/file.c | 4 +
4001 fs/filesystems.c | 4 +
e8242a6d 4002 fs/fs_struct.c | 20 +-
6090327c 4003 fs/hugetlbfs/inode.c | 5 +-
afe359a8 4004 fs/inode.c | 8 +-
8cf17962 4005 fs/kernfs/dir.c | 6 +
6090327c 4006 fs/mount.h | 4 +-
afe359a8 4007 fs/namei.c | 285 +-
8cf17962 4008 fs/namespace.c | 24 +
a8b227b4 4009 fs/nfsd/nfscache.c | 2 +-
6090327c 4010 fs/open.c | 38 +
afe359a8 4011 fs/overlayfs/inode.c | 3 +
da1216b9 4012 fs/overlayfs/super.c | 6 +-
6090327c
PK		 4013 fs/pipe.c | 2 +-
4014 fs/posix_acl.c | 15 +-
4015 fs/proc/Kconfig | 10 +-
0986ccbe 4016 fs/proc/array.c | 66 +-
afe359a8 4017 fs/proc/base.c | 168 +-
6090327c
PK		 4018 fs/proc/cmdline.c | 4 +
4019 fs/proc/devices.c | 4 +
4020 fs/proc/fd.c | 17 +-
e8242a6d 4021 fs/proc/generic.c | 64 +
6090327c 4022 fs/proc/inode.c | 17 +
0986ccbe 4023 fs/proc/internal.h | 11 +-
6090327c
PK		 4024 fs/proc/interrupts.c | 4 +
4025 fs/proc/kcore.c | 3 +
4026 fs/proc/proc_net.c | 31 +
4027 fs/proc/proc_sysctl.c | 52 +-
4028 fs/proc/root.c | 8 +
4029 fs/proc/stat.c | 69 +-
e8242a6d 4030 fs/proc/task_mmu.c | 66 +-
6090327c
PK		 4031 fs/readdir.c | 19 +
4032 fs/reiserfs/item_ops.c | 24 +-
0986ccbe 4033 fs/reiserfs/super.c | 4 +
6090327c 4034 fs/select.c | 2 +
afe359a8 4035 fs/seq_file.c | 30 +-
6090327c 4036 fs/stat.c | 20 +-
e8242a6d 4037 fs/sysfs/dir.c | 30 +-
6090327c 4038 fs/utimes.c | 7 +
8cf17962 4039 fs/xattr.c | 26 +-
da1216b9 4040 grsecurity/Kconfig | 1182 ++++
6090327c 4041 grsecurity/Makefile | 54 +
da1216b9 4042 grsecurity/gracl.c | 2757 +++++++++
6090327c 4043 grsecurity/gracl_alloc.c | 105 +
a8b227b4 4044 grsecurity/gracl_cap.c | 127 +
da1216b9 4045 grsecurity/gracl_compat.c | 269 +
afe359a8 4046 grsecurity/gracl_fs.c | 448 ++
da1216b9
PK		 4047 grsecurity/gracl_ip.c | 386 ++
4048 grsecurity/gracl_learn.c | 207 +
4049 grsecurity/gracl_policy.c | 1786 ++++++
6090327c 4050 grsecurity/gracl_res.c | 68 +
da1216b9 4051 grsecurity/gracl_segv.c | 304 +
6090327c
PK		 4052 grsecurity/gracl_shm.c | 40 +
4053 grsecurity/grsec_chdir.c | 19 +
da1216b9
PK		 4054 grsecurity/grsec_chroot.c | 467 ++
4055 grsecurity/grsec_disabled.c | 445 ++
4056 grsecurity/grsec_exec.c | 189 +
4057 grsecurity/grsec_fifo.c | 26 +
6090327c 4058 grsecurity/grsec_fork.c | 23 +
da1216b9 4059 grsecurity/grsec_init.c | 290 +
6090327c 4060 grsecurity/grsec_ipc.c | 48 +
afe359a8
PK		 4061 grsecurity/grsec_link.c | 65 +
4062 grsecurity/grsec_log.c | 340 +
6090327c
PK		 4063 grsecurity/grsec_mem.c | 48 +
4064 grsecurity/grsec_mount.c | 65 +
afe359a8 4065 grsecurity/grsec_pax.c | 47 +
6090327c
PK		 4066 grsecurity/grsec_proc.c | 20 +
4067 grsecurity/grsec_ptrace.c | 30 +
da1216b9
PK		 4068 grsecurity/grsec_sig.c | 236 +
4069 grsecurity/grsec_sock.c | 244 +
4070 grsecurity/grsec_sysctl.c | 488 ++
6090327c
PK		 4071 grsecurity/grsec_time.c | 16 +
4072 grsecurity/grsec_tpe.c | 78 +
4073 grsecurity/grsec_usb.c | 15 +
4074 grsecurity/grsum.c | 64 +
da1216b9 4075 include/drm/drmP.h | 23 +-
6090327c 4076 include/linux/binfmts.h | 5 +-
afe359a8
PK		 4077 include/linux/capability.h | 13 +
4078 include/linux/compiler-gcc.h | 5 +
6090327c
PK		 4079 include/linux/compiler.h | 8 +
4080 include/linux/cred.h | 8 +-
8cf17962 4081 include/linux/dcache.h | 5 +-
6090327c
PK		 4082 include/linux/fs.h | 24 +-
4083 include/linux/fs_struct.h | 2 +-
4084 include/linux/fsnotify.h | 6 +
da1216b9
PK		 4085 include/linux/gracl.h | 342 +
4086 include/linux/gracl_compat.h | 156 +
6090327c
PK		 4087 include/linux/gralloc.h | 9 +
4088 include/linux/grdefs.h | 140 +
da1216b9 4089 include/linux/grinternal.h | 230 +
8cf17962 4090 include/linux/grmsg.h | 118 +
afe359a8 4091 include/linux/grsecurity.h | 249 +
6090327c 4092 include/linux/grsock.h | 19 +
afe359a8 4093 include/linux/ipc.h | 2 +-
6090327c
PK		 4094 include/linux/ipc_namespace.h | 2 +-
4095 include/linux/kallsyms.h | 18 +-
4096 include/linux/kmod.h | 5 +
4097 include/linux/kobject.h | 2 +-
afe359a8 4098 include/linux/lsm_hooks.h | 4 +-
8cf17962 4099 include/linux/mm.h | 12 +
6090327c 4100 include/linux/mm_types.h | 4 +-
afe359a8 4101 include/linux/module.h | 5 +-
6090327c
PK		 4102 include/linux/mount.h | 2 +-
4103 include/linux/netfilter/xt_gradm.h | 9 +
4104 include/linux/path.h | 4 +-
4105 include/linux/perf_event.h | 13 +-
4106 include/linux/pid_namespace.h | 2 +-
8cf17962 4107 include/linux/printk.h | 2 +-
6090327c
PK		 4108 include/linux/proc_fs.h | 22 +-
4109 include/linux/proc_ns.h | 2 +-
4110 include/linux/random.h | 2 +-
4111 include/linux/rbtree_augmented.h | 4 +-
da1216b9 4112 include/linux/scatterlist.h | 12 +-
afe359a8 4113 include/linux/sched.h | 110 +-
6090327c
PK		 4114 include/linux/security.h | 3 +-
4115 include/linux/seq_file.h | 5 +
afe359a8 4116 include/linux/shm.h | 6 +-
6090327c
PK		 4117 include/linux/skbuff.h | 3 +
4118 include/linux/slab.h | 9 -
afe359a8 4119 include/linux/sysctl.h | 8 +-
6090327c
PK		 4120 include/linux/thread_info.h | 6 +-
4121 include/linux/tty.h | 2 +-
4122 include/linux/tty_driver.h | 4 +-
4123 include/linux/uidgid.h | 5 +
4124 include/linux/user_namespace.h | 2 +-
4125 include/linux/utsname.h | 2 +-
4126 include/linux/vermagic.h | 16 +-
afe359a8 4127 include/linux/vmalloc.h | 8 +
6090327c
PK		 4128 include/net/af_unix.h | 2 +-
4129 include/net/ip.h | 2 +-
4130 include/net/neighbour.h | 2 +-
4131 include/net/net_namespace.h | 2 +-
e8242a6d 4132 include/net/sock.h | 2 +-
6090327c 4133 include/trace/events/fs.h | 53 +
da1216b9 4134 include/uapi/drm/i915_drm.h | 1 +
6090327c
PK		 4135 include/uapi/linux/personality.h | 1 +
4136 init/Kconfig | 3 +-
e8242a6d 4137 init/main.c | 35 +-
6090327c 4138 ipc/mqueue.c | 1 +
afe359a8
PK		 4139 ipc/msg.c | 14 +-
4140 ipc/shm.c | 36 +-
4141 ipc/util.c | 14 +-
da1216b9 4142 kernel/auditsc.c | 2 +-
0986ccbe 4143 kernel/bpf/syscall.c | 8 +-
6090327c 4144 kernel/capability.c | 41 +-
0986ccbe 4145 kernel/cgroup.c | 5 +-
6090327c
PK		 4146 kernel/compat.c | 1 +
4147 kernel/configs.c | 11 +
afe359a8 4148 kernel/cred.c | 112 +-
6090327c
PK		 4149 kernel/events/core.c | 14 +-
4150 kernel/exit.c | 10 +-
4151 kernel/fork.c | 86 +-
4152 kernel/futex.c | 4 +-
4153 kernel/kallsyms.c | 9 +
4154 kernel/kcmp.c | 4 +
afe359a8 4155 kernel/kexec.c | 2 +-
e8242a6d 4156 kernel/kmod.c | 95 +-
6090327c
PK		 4157 kernel/kprobes.c | 7 +-
4158 kernel/ksysfs.c | 2 +
4159 kernel/locking/lockdep_proc.c | 10 +-
afe359a8 4160 kernel/module.c | 108 +-
6090327c
PK		 4161 kernel/panic.c | 4 +-
4162 kernel/pid.c | 19 +-
6090327c 4163 kernel/power/Kconfig | 2 +
afe359a8 4164 kernel/printk/printk.c | 7 +-
6090327c 4165 kernel/ptrace.c | 20 +-
6090327c
PK		 4166 kernel/resource.c | 10 +
4167 kernel/sched/core.c | 11 +-
4168 kernel/signal.c | 37 +-
a8b227b4 4169 kernel/sys.c | 64 +-
afe359a8 4170 kernel/sysctl.c | 180 +-
6090327c 4171 kernel/taskstats.c | 6 +
a8b227b4
PK		 4172 kernel/time/posix-timers.c | 8 +
4173 kernel/time/time.c | 5 +
6090327c 4174 kernel/time/timekeeping.c | 3 +
afe359a8 4175 kernel/time/timer_list.c | 13 +-
6090327c 4176 kernel/time/timer_stats.c | 10 +-
0986ccbe 4177 kernel/trace/trace_syscalls.c | 8 +
6090327c
PK		 4178 kernel/user_namespace.c | 15 +
4179 lib/Kconfig.debug | 7 +-
4180 lib/is_single_threaded.c | 3 +
4181 lib/list_debug.c | 65 +-
e8242a6d 4182 lib/nlattr.c | 2 +
6090327c 4183 lib/rbtree.c | 4 +-
afe359a8 4184 lib/vsprintf.c | 39 +-
6090327c
PK		 4185 localversion-grsec | 1 +
4186 mm/Kconfig | 5 +-
e8242a6d 4187 mm/Kconfig.debug | 1 +
6090327c 4188 mm/filemap.c | 1 +
afe359a8 4189 mm/hugetlb.c | 8 +
6090327c 4190 mm/kmemleak.c | 4 +-
da1216b9 4191 mm/memory.c | 2 +-
6090327c
PK		 4192 mm/mempolicy.c | 12 +-
4193 mm/migrate.c | 3 +-
4194 mm/mlock.c | 6 +-
e8242a6d 4195 mm/mmap.c | 93 +-
6090327c 4196 mm/mprotect.c | 8 +
e8242a6d 4197 mm/page_alloc.c | 2 +-
6090327c
PK		 4198 mm/process_vm_access.c | 6 +
4199 mm/shmem.c | 2 +-
afe359a8 4200 mm/slab.c | 27 +-
6090327c 4201 mm/slab_common.c | 2 +-
afe359a8
PK		 4202 mm/slob.c | 12 +
4203 mm/slub.c | 33 +-
6090327c 4204 mm/util.c | 3 +
afe359a8 4205 mm/vmalloc.c | 80 +-
6090327c
PK		 4206 mm/vmstat.c | 29 +-
4207 net/appletalk/atalk_proc.c | 2 +-
4208 net/atm/lec.c | 6 +-
4209 net/atm/mpoa_caches.c | 42 +-
4210 net/can/bcm.c | 2 +-
4211 net/can/proc.c | 2 +-
0986ccbe 4212 net/core/dev_ioctl.c | 7 +-
6090327c
PK		 4213 net/core/filter.c | 8 +-
4214 net/core/net-procfs.c | 17 +-
4215 net/core/pktgen.c | 2 +-
e8242a6d 4216 net/core/sock.c | 3 +-
0986ccbe 4217 net/core/sysctl_net_core.c | 2 +-
6090327c 4218 net/decnet/dn_dev.c | 2 +-
0986ccbe 4219 net/ipv4/devinet.c | 6 +-
6090327c 4220 net/ipv4/inet_hashtables.c | 5 +
a8b227b4 4221 net/ipv4/ip_input.c | 7 +
6090327c
PK		 4222 net/ipv4/ip_sockglue.c | 3 +-
4223 net/ipv4/netfilter/ipt_CLUSTERIP.c | 2 +-
4224 net/ipv4/route.c | 6 +-
da1216b9 4225 net/ipv4/tcp_input.c | 4 +-
6090327c
PK		 4226 net/ipv4/tcp_ipv4.c | 24 +-
4227 net/ipv4/tcp_minisocks.c | 9 +-
4228 net/ipv4/tcp_timer.c | 11 +
4229 net/ipv4/udp.c | 24 +
e8242a6d 4230 net/ipv6/addrconf.c | 13 +-
6090327c
PK		 4231 net/ipv6/proc.c | 2 +-
4232 net/ipv6/tcp_ipv6.c | 23 +-
4233 net/ipv6/udp.c | 7 +
4234 net/ipx/ipx_proc.c | 2 +-
4235 net/irda/irproc.c | 2 +-
4236 net/llc/llc_proc.c | 2 +-
4237 net/netfilter/Kconfig | 10 +
4238 net/netfilter/Makefile | 1 +
4239 net/netfilter/nf_conntrack_core.c | 8 +
4240 net/netfilter/xt_gradm.c | 51 +
4241 net/netfilter/xt_hashlimit.c | 4 +-
4242 net/netfilter/xt_recent.c | 2 +-
8cf17962 4243 net/socket.c | 71 +-
6090327c
PK		 4244 net/sunrpc/cache.c | 2 +-
4245 net/sunrpc/stats.c | 2 +-
4246 net/sysctl_net.c | 2 +-
e8242a6d 4247 net/unix/af_unix.c | 52 +-
6090327c
PK		 4248 net/vmw_vsock/vmci_transport_notify.c | 30 +-
4249 net/vmw_vsock/vmci_transport_notify_qstate.c | 30 +-
4250 net/x25/sysctl_net_x25.c | 2 +-
4251 net/x25/x25_proc.c | 2 +-
0986ccbe
PK		 4252 scripts/package/Makefile | 2 +-
4253 scripts/package/mkspec | 38 +-
afe359a8 4254 security/Kconfig | 370 +-
6090327c
PK		 4255 security/apparmor/file.c | 4 +-
4256 security/apparmor/lsm.c | 8 +-
4257 security/commoncap.c | 29 +
4258 security/min_addr.c | 2 +
4259 security/tomoyo/file.c | 12 +-
4260 security/tomoyo/mount.c | 4 +
da1216b9 4261 security/tomoyo/tomoyo.c | 20 +-
6090327c 4262 security/yama/Kconfig | 2 +-
6090327c 4263 sound/synth/emux/emux_seq.c | 14 +-
e8242a6d
PK		 4264 sound/usb/line6/driver.c | 40 +-
4265 sound/usb/line6/toneport.c | 12 +-
6090327c
PK		 4266 tools/gcc/.gitignore | 1 +
4267 tools/gcc/Makefile | 12 +
4268 tools/gcc/gen-random-seed.sh | 8 +
afe359a8
PK		 4269 tools/gcc/randomize_layout_plugin.c | 930 +++
4270 tools/gcc/size_overflow_plugin/.gitignore | 1 +
4271 .../size_overflow_plugin/size_overflow_hash.data | 320 +-
4272 466 files changed, 32295 insertions(+), 2907 deletions(-)
4273
4274commit fc19197ab5a42069863a7d88f1d41eb687697fe9
4275Author: Brad Spengler <spender@grsecurity.net>
4276Date: Sun Oct 4 20:43:51 2015 -0400
4277
4278 Update to pax-linux-4.2.3-test6.patch:
4279 - fixed a KERNEXEC/x86 and early ioremap regression, reported by spender
4280 - sanitized a few more top level page table entries on amd64
76e7c0f9 4281
afe359a8
PK		 4282 arch/x86/kernel/espfix_64.c | 2 +-
4283 arch/x86/kernel/head_64.S | 8 ++++----
4284 arch/x86/mm/ioremap.c | 6 +++++-
4285 3 files changed, 10 insertions(+), 6 deletions(-)
4286
4287commit 23ac5415b9ef394e10b1516d3b314c742c6a3e59
4288Author: Brad Spengler <spender@grsecurity.net>
4289Date: Sun Oct 4 17:47:37 2015 -0400
4290
4291 Resync with pax-linux-4.2.3-test5.patch
4292
4293 arch/x86/include/asm/pgtable-2level.h | 20 ++++++++++++++++----
4294 arch/x86/include/asm/pgtable-3level.h | 8 ++++++++
4295 arch/x86/include/asm/pgtable_32.h | 2 --
4296 arch/x86/include/asm/pgtable_64.h | 20 ++++++++++++++++----
4297 arch/x86/mm/highmem_32.c | 2 --
4298 arch/x86/mm/init_64.c | 2 --
4299 arch/x86/mm/iomap_32.c | 4 ----
4300 arch/x86/mm/ioremap.c | 2 +-
4301 arch/x86/mm/pgtable.c | 2 --
4302 arch/x86/mm/pgtable_32.c | 3 ---
4303 mm/highmem.c | 6 +-----
4304 mm/vmalloc.c | 12 +-----------
4305 .../size_overflow_plugin/size_overflow_hash.data | 2 --
4306 13 files changed, 43 insertions(+), 42 deletions(-)
4307
4308commit 25f4bed80f0d87783793a70d6c20080031a1fd38
4309Author: Brad Spengler <spender@grsecurity.net>
4310Date: Sun Oct 4 13:06:32 2015 -0400
4311
4312 Update to pax-linux-4.2.3-test5.patch:
4313 - forward port to 4.2.3
4314 - fixed integer sign conversion errors caused by ieee80211_tx_rate_control.max_rate_idx, caught by the size overflow plugin
4315 - fixed a bug in try_preserve_large_page that caused unnecessary large page split ups
4316 - increased the number of statically allocated kernel page tables under KERNEXEC/amd64
4317
4318 arch/x86/include/asm/pgtable-2level.h | 2 ++
4319 arch/x86/include/asm/pgtable-3level.h | 5 +++++
4320 arch/x86/include/asm/pgtable_64.h | 2 ++
4321 arch/x86/kernel/cpu/bugs_64.c | 2 ++
4322 arch/x86/kernel/head_64.S | 28 +++++++++++++++++++++++-----
4323 arch/x86/kernel/vmlinux.lds.S | 8 +++++++-
4324 arch/x86/mm/init.c | 18 ++++++++++++++----
4325 arch/x86/mm/ioremap.c | 8 ++++++--
4326 arch/x86/mm/pageattr.c | 5 ++---
4327 arch/x86/mm/pgtable.c | 2 ++
4328 include/asm-generic/sections.h | 1 +
4329 include/asm-generic/vmlinux.lds.h | 2 ++
4330 include/net/mac80211.h | 2 +-
4331 mm/vmalloc.c | 7 ++++++-
4332 14 files changed, 75 insertions(+), 17 deletions(-)
4333
4334commit a2dce7cb2e3c389b7ef6c76c15ccdbf506007ddd
4335Merge: d113ff6 fcba09f
4336Author: Brad Spengler <spender@grsecurity.net>
4337Date: Sat Oct 3 09:12:31 2015 -0400
4338
4339 Merge branch 'linux-4.2.y' into pax-test
4340
4341commit d113ff6e7835e89e2b954503b1a100750ddb43c7
4342Author: Brad Spengler <spender@grsecurity.net>
4343Date: Thu Oct 1 21:34:12 2015 -0400
4344
4345 Update to pax-linux-4.2.2-test5.patch:
4346 - fixed a RANDKSTACK regression, reported by spender
4347 - fixed some more compiler warnings due to the ktla_ktva changes, reported by spender
4348
4349 arch/x86/entry/entry_64.S | 2 ++
4350 arch/x86/kernel/process.c | 1 +
4351 drivers/hv/hv.c | 2 +-
4352 drivers/lguest/x86/core.c | 4 ++--
4353 drivers/misc/kgdbts.c | 4 ++--
4354 drivers/video/fbdev/uvesafb.c | 4 ++--
4355 fs/binfmt_elf_fdpic.c | 2 +-
4356 7 files changed, 11 insertions(+), 8 deletions(-)
4357
4358commit 149e32a4dddfae46e2490f011870cd4492ca946c
4359Author: Brad Spengler <spender@grsecurity.net>
4360Date: Tue Sep 29 16:31:50 2015 -0400
4361
4362 Update to pax-linux-4.2.2-test4.patch:
4363 - fixed a few compiler warnings caused by the recently reworked ktla_ktva/ktva_ktla functions, reported by spender
4364 - Emese fixed a size overflow false positive in the IDE driver, reported by spender
4365
4366 arch/x86/lib/insn.c | 2 +-
4367 drivers/ide/ide-disk.c | 2 +-
4368 drivers/video/fbdev/vesafb.c | 4 ++--
4369 fs/binfmt_elf.c | 2 +-
4370 .../size_overflow_plugin/size_overflow_plugin.c | 4 ++--
4371 .../size_overflow_transform_core.c | 11 +++++------
4372 6 files changed, 12 insertions(+), 13 deletions(-)
4373
4374commit 02c41b848fbaddf82ce98690b23d3d85a94d55fe
4375Merge: b8b2f5b 7659db3
6090327c 4376Author: Brad Spengler <spender@grsecurity.net>
afe359a8 4377Date: Tue Sep 29 15:50:40 2015 -0400
76e7c0f9 4378
afe359a8
PK		 4379 Merge branch 'linux-4.2.y' into pax-test
4380
4381 Conflicts:
4382 fs/nfs/inode.c
4383
4384commit b8b2f5bc93ced0ca9a8366d0f3fa09abd1ca7ac6
4385Author: Brad Spengler <spender@grsecurity.net>
4386Date: Tue Sep 29 09:13:54 2015 -0400
4387
4388 Initial import of pax-linux-4.2.1-test3.patch
76e7c0f9 4389
6090327c 4390 Documentation/dontdiff | 47 +-
a8b227b4 4391 Documentation/kbuild/makefiles.txt | 39 +-
0986ccbe 4392 Documentation/kernel-parameters.txt | 28 +
da1216b9 4393 Makefile | 108 +-
6090327c
PK		 4394 arch/alpha/include/asm/atomic.h | 10 +
4395 arch/alpha/include/asm/elf.h | 7 +
4396 arch/alpha/include/asm/pgalloc.h | 6 +
4397 arch/alpha/include/asm/pgtable.h | 11 +
4398 arch/alpha/kernel/module.c | 2 +-
4399 arch/alpha/kernel/osf_sys.c | 8 +-
4400 arch/alpha/mm/fault.c | 141 +-
4401 arch/arm/Kconfig | 2 +-
8cf17962 4402 arch/arm/include/asm/atomic.h | 319 +-
6090327c
PK		 4403 arch/arm/include/asm/barrier.h | 2 +-
4404 arch/arm/include/asm/cache.h | 5 +-
4405 arch/arm/include/asm/cacheflush.h | 2 +-
4406 arch/arm/include/asm/checksum.h | 14 +-
afe359a8
PK		 4407 arch/arm/include/asm/cmpxchg.h | 4 +
4408 arch/arm/include/asm/cpuidle.h | 2 +-
6090327c 4409 arch/arm/include/asm/domain.h | 33 +-
da1216b9 4410 arch/arm/include/asm/elf.h | 9 +-
6090327c
PK		 4411 arch/arm/include/asm/fncpy.h | 2 +
4412 arch/arm/include/asm/futex.h | 10 +
4413 arch/arm/include/asm/kmap_types.h | 2 +-
4414 arch/arm/include/asm/mach/dma.h | 2 +-
4415 arch/arm/include/asm/mach/map.h | 16 +-
4416 arch/arm/include/asm/outercache.h | 2 +-
4417 arch/arm/include/asm/page.h | 3 +-
8cf17962
PK		 4418 arch/arm/include/asm/pgalloc.h | 20 +
4419 arch/arm/include/asm/pgtable-2level-hwdef.h | 4 +-
6090327c 4420 arch/arm/include/asm/pgtable-2level.h | 3 +
0986ccbe 4421 arch/arm/include/asm/pgtable-3level.h | 3 +
6090327c
PK		 4422 arch/arm/include/asm/pgtable.h | 54 +-
4423 arch/arm/include/asm/psci.h | 2 +-
4424 arch/arm/include/asm/smp.h | 2 +-
4425 arch/arm/include/asm/thread_info.h | 6 +-
a8b227b4 4426 arch/arm/include/asm/tls.h | 3 +
afe359a8 4427 arch/arm/include/asm/uaccess.h | 100 +-
6090327c
PK		 4428 arch/arm/include/uapi/asm/ptrace.h | 2 +-
4429 arch/arm/kernel/armksyms.c | 8 +-
afe359a8 4430 arch/arm/kernel/cpuidle.c | 2 +-
6090327c
PK		 4431 arch/arm/kernel/entry-armv.S | 110 +-
4432 arch/arm/kernel/entry-common.S | 40 +-
4433 arch/arm/kernel/entry-header.S | 60 +
4434 arch/arm/kernel/fiq.c | 3 +
4435 arch/arm/kernel/head.S | 2 +-
afe359a8 4436 arch/arm/kernel/module.c | 38 +-
6090327c 4437 arch/arm/kernel/patch.c | 2 +
da1216b9 4438 arch/arm/kernel/process.c | 90 +-
6090327c 4439 arch/arm/kernel/psci.c | 2 +-
da1216b9 4440 arch/arm/kernel/reboot.c | 1 +
6090327c
PK		 4441 arch/arm/kernel/setup.c | 20 +-
4442 arch/arm/kernel/signal.c | 35 +-
4443 arch/arm/kernel/smp.c | 2 +-
4444 arch/arm/kernel/tcm.c | 4 +-
a8b227b4 4445 arch/arm/kernel/traps.c | 6 +-
8cf17962 4446 arch/arm/kernel/vmlinux.lds.S | 6 +-
a8b227b4 4447 arch/arm/kvm/arm.c | 10 +-
6090327c
PK		 4448 arch/arm/lib/clear_user.S | 6 +-
4449 arch/arm/lib/copy_from_user.S | 6 +-
4450 arch/arm/lib/copy_page.S | 1 +
4451 arch/arm/lib/copy_to_user.S | 6 +-
4452 arch/arm/lib/csumpartialcopyuser.S | 4 +-
4453 arch/arm/lib/delay.c | 2 +-
afe359a8 4454 arch/arm/lib/uaccess_with_memcpy.c | 8 +-
da1216b9 4455 arch/arm/mach-exynos/suspend.c | 6 +-
a8b227b4 4456 arch/arm/mach-mvebu/coherency.c | 4 +-
6090327c 4457 arch/arm/mach-omap2/board-n8x0.c | 2 +-
6090327c 4458 arch/arm/mach-omap2/omap-mpuss-lowpower.c | 4 +-
e8242a6d 4459 arch/arm/mach-omap2/omap-smp.c | 1 +
6090327c
PK		 4460 arch/arm/mach-omap2/omap-wakeupgen.c | 2 +-
4461 arch/arm/mach-omap2/omap_device.c | 4 +-
4462 arch/arm/mach-omap2/omap_device.h | 4 +-
4463 arch/arm/mach-omap2/omap_hwmod.c | 4 +-
4464 arch/arm/mach-omap2/powerdomains43xx_data.c | 5 +-
4465 arch/arm/mach-omap2/wd_timer.c | 6 +-
afe359a8
PK		 4466 arch/arm/mach-shmobile/platsmp-apmu.c | 5 +-
4467 arch/arm/mach-shmobile/pm-r8a7740.c | 5 +-
4468 arch/arm/mach-shmobile/pm-sh73a0.c | 5 +-
6090327c 4469 arch/arm/mach-tegra/cpuidle-tegra20.c | 2 +-
e8242a6d
PK		 4470 arch/arm/mach-tegra/irq.c | 1 +
4471 arch/arm/mach-ux500/pm.c | 1 +
e8242a6d 4472 arch/arm/mach-zynq/platsmp.c | 1 +
0986ccbe 4473 arch/arm/mm/Kconfig | 6 +-
6090327c
PK		 4474 arch/arm/mm/alignment.c | 8 +
4475 arch/arm/mm/cache-l2x0.c | 2 +-
4476 arch/arm/mm/context.c | 10 +-
0986ccbe 4477 arch/arm/mm/fault.c | 146 +
6090327c 4478 arch/arm/mm/fault.h | 12 +
8cf17962 4479 arch/arm/mm/init.c | 39 +
6090327c
PK		 4480 arch/arm/mm/ioremap.c | 4 +-
4481 arch/arm/mm/mmap.c | 30 +-
4482 arch/arm/mm/mmu.c | 182 +-
0986ccbe 4483 arch/arm/net/bpf_jit_32.c | 3 +
6090327c
PK		 4484 arch/arm/plat-iop/setup.c | 2 +-
4485 arch/arm/plat-omap/sram.c | 2 +
e8242a6d 4486 arch/arm64/include/asm/atomic.h | 10 +
6090327c 4487 arch/arm64/include/asm/barrier.h | 2 +-
8cf17962 4488 arch/arm64/include/asm/percpu.h | 8 +-
e8242a6d 4489 arch/arm64/include/asm/pgalloc.h | 5 +
6090327c 4490 arch/arm64/include/asm/uaccess.h | 1 +
e8242a6d 4491 arch/arm64/mm/dma-mapping.c | 2 +-
6090327c
PK		 4492 arch/avr32/include/asm/elf.h | 8 +-
4493 arch/avr32/include/asm/kmap_types.h | 4 +-
4494 arch/avr32/mm/fault.c | 27 +
4495 arch/frv/include/asm/atomic.h | 10 +
4496 arch/frv/include/asm/kmap_types.h | 2 +-
4497 arch/frv/mm/elf-fdpic.c | 3 +-
a8b227b4 4498 arch/ia64/Makefile | 1 +
6090327c
PK		 4499 arch/ia64/include/asm/atomic.h | 10 +
4500 arch/ia64/include/asm/barrier.h | 2 +-
4501 arch/ia64/include/asm/elf.h | 7 +
4502 arch/ia64/include/asm/pgalloc.h | 12 +
4503 arch/ia64/include/asm/pgtable.h | 13 +-
4504 arch/ia64/include/asm/spinlock.h | 2 +-
4505 arch/ia64/include/asm/uaccess.h | 27 +-
8cf17962 4506 arch/ia64/kernel/module.c | 45 +-
6090327c
PK		 4507 arch/ia64/kernel/palinfo.c | 2 +-
4508 arch/ia64/kernel/sys_ia64.c | 7 +
4509 arch/ia64/kernel/vmlinux.lds.S | 2 +-
4510 arch/ia64/mm/fault.c | 32 +-
a8b227b4 4511 arch/ia64/mm/init.c | 15 +-
6090327c
PK		 4512 arch/m32r/lib/usercopy.c | 6 +
4513 arch/metag/include/asm/barrier.h | 2 +-
4514 arch/mips/cavium-octeon/dma-octeon.c | 2 +-
e8242a6d 4515 arch/mips/include/asm/atomic.h | 355 +-
6090327c 4516 arch/mips/include/asm/barrier.h | 2 +-
da1216b9 4517 arch/mips/include/asm/elf.h | 7 +
6090327c
PK		 4518 arch/mips/include/asm/exec.h | 2 +-
4519 arch/mips/include/asm/hw_irq.h | 2 +-
4520 arch/mips/include/asm/local.h | 57 +
4521 arch/mips/include/asm/page.h | 2 +-
4522 arch/mips/include/asm/pgalloc.h | 5 +
4523 arch/mips/include/asm/pgtable.h | 3 +
4524 arch/mips/include/asm/uaccess.h | 1 +
4525 arch/mips/kernel/binfmt_elfn32.c | 7 +
4526 arch/mips/kernel/binfmt_elfo32.c | 7 +
4527 arch/mips/kernel/i8259.c | 2 +-
4528 arch/mips/kernel/irq-gt641xx.c | 2 +-
4529 arch/mips/kernel/irq.c | 6 +-
4530 arch/mips/kernel/pm-cps.c | 2 +-
4531 arch/mips/kernel/process.c | 12 -
6090327c
PK		 4532 arch/mips/kernel/sync-r4k.c | 24 +-
4533 arch/mips/kernel/traps.c | 13 +-
a8b227b4 4534 arch/mips/kvm/mips.c | 2 +-
6090327c
PK		 4535 arch/mips/mm/fault.c | 25 +
4536 arch/mips/mm/mmap.c | 51 +-
6090327c
PK		 4537 arch/mips/sgi-ip27/ip27-nmi.c | 6 +-
4538 arch/mips/sni/rm200.c | 2 +-
4539 arch/mips/vr41xx/common/icu.c | 2 +-
4540 arch/mips/vr41xx/common/irq.c | 4 +-
4541 arch/parisc/include/asm/atomic.h | 10 +
4542 arch/parisc/include/asm/elf.h | 7 +
4543 arch/parisc/include/asm/pgalloc.h | 6 +
4544 arch/parisc/include/asm/pgtable.h | 11 +
4545 arch/parisc/include/asm/uaccess.h | 4 +-
4546 arch/parisc/kernel/module.c | 50 +-
4547 arch/parisc/kernel/sys_parisc.c | 15 +
4548 arch/parisc/kernel/traps.c | 4 +-
4549 arch/parisc/mm/fault.c | 140 +-
0986ccbe 4550 arch/powerpc/include/asm/atomic.h | 329 +-
6090327c 4551 arch/powerpc/include/asm/barrier.h | 2 +-
da1216b9 4552 arch/powerpc/include/asm/elf.h | 12 +
6090327c
PK		 4553 arch/powerpc/include/asm/exec.h | 2 +-
4554 arch/powerpc/include/asm/kmap_types.h | 2 +-
0986ccbe 4555 arch/powerpc/include/asm/local.h | 46 +
6090327c
PK		 4556 arch/powerpc/include/asm/mman.h | 2 +-
4557 arch/powerpc/include/asm/page.h | 8 +-
4558 arch/powerpc/include/asm/page_64.h | 7 +-
4559 arch/powerpc/include/asm/pgalloc-64.h | 7 +
4560 arch/powerpc/include/asm/pgtable.h | 1 +
4561 arch/powerpc/include/asm/pte-hash32.h | 1 +
4562 arch/powerpc/include/asm/reg.h | 1 +
4563 arch/powerpc/include/asm/smp.h | 2 +-
0986ccbe 4564 arch/powerpc/include/asm/spinlock.h | 42 +-
6090327c 4565 arch/powerpc/include/asm/uaccess.h | 141 +-
8cf17962 4566 arch/powerpc/kernel/Makefile | 5 +
6090327c
PK		 4567 arch/powerpc/kernel/exceptions-64e.S | 4 +-
4568 arch/powerpc/kernel/exceptions-64s.S | 2 +-
4569 arch/powerpc/kernel/module_32.c | 15 +-
8cf17962 4570 arch/powerpc/kernel/process.c | 46 -
6090327c
PK		 4571 arch/powerpc/kernel/signal_32.c | 2 +-
4572 arch/powerpc/kernel/signal_64.c | 2 +-
0986ccbe 4573 arch/powerpc/kernel/traps.c | 21 +
6090327c
PK		 4574 arch/powerpc/kernel/vdso.c | 5 +-
4575 arch/powerpc/kvm/powerpc.c | 2 +-
4576 arch/powerpc/lib/usercopy_64.c | 18 -
e8242a6d 4577 arch/powerpc/mm/fault.c | 56 +-
da1216b9 4578 arch/powerpc/mm/mmap.c | 16 +
6090327c
PK		 4579 arch/powerpc/mm/slice.c | 13 +-
4580 arch/powerpc/platforms/cell/spufs/file.c | 4 +-
4581 arch/s390/include/asm/atomic.h | 10 +
4582 arch/s390/include/asm/barrier.h | 2 +-
da1216b9 4583 arch/s390/include/asm/elf.h | 7 +
6090327c
PK		 4584 arch/s390/include/asm/exec.h | 2 +-
4585 arch/s390/include/asm/uaccess.h | 13 +-
4586 arch/s390/kernel/module.c | 22 +-
e8242a6d 4587 arch/s390/kernel/process.c | 24 -
da1216b9 4588 arch/s390/mm/mmap.c | 16 +
6090327c
PK		 4589 arch/score/include/asm/exec.h | 2 +-
4590 arch/score/kernel/process.c | 5 -
4591 arch/sh/mm/mmap.c | 22 +-
0986ccbe 4592 arch/sparc/include/asm/atomic_64.h | 110 +-
6090327c
PK		 4593 arch/sparc/include/asm/barrier_64.h | 2 +-
4594 arch/sparc/include/asm/cache.h | 2 +-
4595 arch/sparc/include/asm/elf_32.h | 7 +
4596 arch/sparc/include/asm/elf_64.h | 7 +
4597 arch/sparc/include/asm/pgalloc_32.h | 1 +
4598 arch/sparc/include/asm/pgalloc_64.h | 1 +
4599 arch/sparc/include/asm/pgtable.h | 4 +
4600 arch/sparc/include/asm/pgtable_32.h | 15 +-
4601 arch/sparc/include/asm/pgtsrmmu.h | 5 +
4602 arch/sparc/include/asm/setup.h | 4 +-
4603 arch/sparc/include/asm/spinlock_64.h | 35 +-
e8242a6d 4604 arch/sparc/include/asm/thread_info_32.h | 1 +
6090327c
PK		 4605 arch/sparc/include/asm/thread_info_64.h | 2 +
4606 arch/sparc/include/asm/uaccess.h | 1 +
e8242a6d
PK		 4607 arch/sparc/include/asm/uaccess_32.h | 28 +-
4608 arch/sparc/include/asm/uaccess_64.h | 24 +-
6090327c
PK		 4609 arch/sparc/kernel/Makefile | 2 +-
4610 arch/sparc/kernel/prom_common.c | 2 +-
4611 arch/sparc/kernel/smp_64.c | 8 +-
4612 arch/sparc/kernel/sys_sparc_32.c | 2 +-
4613 arch/sparc/kernel/sys_sparc_64.c | 52 +-
4614 arch/sparc/kernel/traps_64.c | 27 +-
4615 arch/sparc/lib/Makefile | 2 +-
0986ccbe
PK		 4616 arch/sparc/lib/atomic_64.S | 57 +-
4617 arch/sparc/lib/ksyms.c | 6 +-
6090327c
PK		 4618 arch/sparc/mm/Makefile | 2 +-
4619 arch/sparc/mm/fault_32.c | 292 +
8cf17962 4620 arch/sparc/mm/fault_64.c | 486 +
6090327c
PK		 4621 arch/sparc/mm/hugetlbpage.c | 22 +-
4622 arch/sparc/mm/init_64.c | 10 +-
4623 arch/tile/include/asm/atomic_64.h | 10 +
4624 arch/tile/include/asm/uaccess.h | 4 +-
4625 arch/um/Makefile | 4 +
4626 arch/um/include/asm/kmap_types.h | 2 +-
4627 arch/um/include/asm/page.h | 3 +
4628 arch/um/include/asm/pgtable-3level.h | 1 +
4629 arch/um/kernel/process.c | 16 -
afe359a8 4630 arch/x86/Kconfig | 15 +-
6090327c
PK		 4631 arch/x86/Kconfig.cpu | 6 +-
4632 arch/x86/Kconfig.debug | 4 +-
a8b227b4 4633 arch/x86/Makefile | 13 +-
6090327c
PK		 4634 arch/x86/boot/Makefile | 3 +
4635 arch/x86/boot/bitops.h | 4 +-
4636 arch/x86/boot/boot.h | 2 +-
4637 arch/x86/boot/compressed/Makefile | 3 +
4638 arch/x86/boot/compressed/efi_stub_32.S | 16 +-
8cf17962 4639 arch/x86/boot/compressed/efi_thunk_64.S | 4 +-
6090327c
PK		 4640 arch/x86/boot/compressed/head_32.S | 4 +-
4641 arch/x86/boot/compressed/head_64.S | 12 +-
4642 arch/x86/boot/compressed/misc.c | 11 +-
4643 arch/x86/boot/cpucheck.c | 16 +-
4644 arch/x86/boot/header.S | 6 +-
4645 arch/x86/boot/memory.c | 2 +-
4646 arch/x86/boot/video-vesa.c | 1 +
4647 arch/x86/boot/video.c | 2 +-
4648 arch/x86/crypto/aes-x86_64-asm_64.S | 4 +
4649 arch/x86/crypto/aesni-intel_asm.S | 106 +-
4650 arch/x86/crypto/blowfish-x86_64-asm_64.S | 7 +
4651 arch/x86/crypto/camellia-aesni-avx-asm_64.S | 10 +
4652 arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 10 +
4653 arch/x86/crypto/camellia-x86_64-asm_64.S | 7 +
4654 arch/x86/crypto/cast5-avx-x86_64-asm_64.S | 51 +-
4655 arch/x86/crypto/cast6-avx-x86_64-asm_64.S | 25 +-
da1216b9 4656 arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 4 +-
6090327c
PK		 4657 arch/x86/crypto/ghash-clmulni-intel_asm.S | 4 +
4658 arch/x86/crypto/salsa20-x86_64-asm_64.S | 4 +
4659 arch/x86/crypto/serpent-avx-x86_64-asm_64.S | 9 +
4660 arch/x86/crypto/serpent-avx2-asm_64.S | 9 +
4661 arch/x86/crypto/serpent-sse2-x86_64-asm_64.S | 4 +
4662 arch/x86/crypto/sha1_ssse3_asm.S | 10 +-
4663 arch/x86/crypto/sha256-avx-asm.S | 2 +
4664 arch/x86/crypto/sha256-avx2-asm.S | 2 +
4665 arch/x86/crypto/sha256-ssse3-asm.S | 2 +
4666 arch/x86/crypto/sha512-avx-asm.S | 2 +
4667 arch/x86/crypto/sha512-avx2-asm.S | 2 +
4668 arch/x86/crypto/sha512-ssse3-asm.S | 2 +
4669 arch/x86/crypto/twofish-avx-x86_64-asm_64.S | 25 +-
4670 arch/x86/crypto/twofish-x86_64-asm_64-3way.S | 4 +
4671 arch/x86/crypto/twofish-x86_64-asm_64.S | 3 +
afe359a8
PK		 4672 arch/x86/entry/calling.h | 92 +-
4673 arch/x86/entry/entry_32.S | 360 +-
4674 arch/x86/entry/entry_64.S | 636 +-
4675 arch/x86/entry/entry_64_compat.S | 159 +-
4676 arch/x86/entry/thunk_64.S | 2 +
4677 arch/x86/entry/vdso/Makefile | 2 +-
4678 arch/x86/entry/vdso/vdso2c.h | 4 +-
4679 arch/x86/entry/vdso/vma.c | 41 +-
4680 arch/x86/entry/vsyscall/vsyscall_64.c | 16 +-
0986ccbe 4681 arch/x86/ia32/ia32_signal.c | 23 +-
afe359a8 4682 arch/x86/ia32/sys_ia32.c | 42 +-
da1216b9 4683 arch/x86/include/asm/alternative-asm.h | 43 +-
6090327c
PK		 4684 arch/x86/include/asm/alternative.h | 4 +-
4685 arch/x86/include/asm/apic.h | 2 +-
4686 arch/x86/include/asm/apm.h | 4 +-
8cf17962 4687 arch/x86/include/asm/atomic.h | 269 +-
6090327c 4688 arch/x86/include/asm/atomic64_32.h | 100 +
0986ccbe 4689 arch/x86/include/asm/atomic64_64.h | 164 +-
6090327c
PK		 4690 arch/x86/include/asm/barrier.h | 4 +-
4691 arch/x86/include/asm/bitops.h | 18 +-
afe359a8 4692 arch/x86/include/asm/boot.h | 2 +-
6090327c 4693 arch/x86/include/asm/cache.h | 5 +-
6090327c
PK		 4694 arch/x86/include/asm/checksum_32.h | 12 +-
4695 arch/x86/include/asm/cmpxchg.h | 39 +
4696 arch/x86/include/asm/compat.h | 2 +-
afe359a8 4697 arch/x86/include/asm/cpufeature.h | 17 +-
6090327c
PK		 4698 arch/x86/include/asm/desc.h | 78 +-
4699 arch/x86/include/asm/desc_defs.h | 6 +
4700 arch/x86/include/asm/div64.h | 2 +-
da1216b9 4701 arch/x86/include/asm/elf.h | 33 +-
6090327c 4702 arch/x86/include/asm/emergency-restart.h | 2 +-
afe359a8
PK		 4703 arch/x86/include/asm/fpu/internal.h | 36 +-
4704 arch/x86/include/asm/fpu/types.h | 5 +-
6090327c
PK		 4705 arch/x86/include/asm/futex.h | 14 +-
4706 arch/x86/include/asm/hw_irq.h | 4 +-
4707 arch/x86/include/asm/i8259.h | 2 +-
afe359a8 4708 arch/x86/include/asm/io.h | 22 +-
6090327c
PK		 4709 arch/x86/include/asm/irqflags.h | 5 +
4710 arch/x86/include/asm/kprobes.h | 9 +-
4711 arch/x86/include/asm/local.h | 106 +-
4712 arch/x86/include/asm/mman.h | 15 +
afe359a8
PK		 4713 arch/x86/include/asm/mmu.h | 14 +-
4714 arch/x86/include/asm/mmu_context.h | 138 +-
6090327c
PK		 4715 arch/x86/include/asm/module.h | 17 +-
4716 arch/x86/include/asm/nmi.h | 19 +-
4717 arch/x86/include/asm/page.h | 1 +
afe359a8
PK		 4718 arch/x86/include/asm/page_32.h | 12 +-
4719 arch/x86/include/asm/page_64.h | 14 +-
6090327c
PK		 4720 arch/x86/include/asm/paravirt.h | 46 +-
4721 arch/x86/include/asm/paravirt_types.h | 15 +-
4722 arch/x86/include/asm/pgalloc.h | 23 +
4723 arch/x86/include/asm/pgtable-2level.h | 2 +
4724 arch/x86/include/asm/pgtable-3level.h | 4 +
da1216b9 4725 arch/x86/include/asm/pgtable.h | 128 +-
6090327c 4726 arch/x86/include/asm/pgtable_32.h | 14 +-
afe359a8 4727 arch/x86/include/asm/pgtable_32_types.h | 24 +-
da1216b9 4728 arch/x86/include/asm/pgtable_64.h | 22 +-
6090327c
PK		 4729 arch/x86/include/asm/pgtable_64_types.h | 5 +
4730 arch/x86/include/asm/pgtable_types.h | 26 +-
4731 arch/x86/include/asm/preempt.h | 2 +-
afe359a8
PK		 4732 arch/x86/include/asm/processor.h | 59 +-
4733 arch/x86/include/asm/ptrace.h | 21 +-
6090327c
PK		 4734 arch/x86/include/asm/qrwlock.h | 4 +-
4735 arch/x86/include/asm/realmode.h | 4 +-
4736 arch/x86/include/asm/reboot.h | 10 +-
4737 arch/x86/include/asm/rmwcc.h | 84 +-
4738 arch/x86/include/asm/rwsem.h | 60 +-
da1216b9
PK		 4739 arch/x86/include/asm/segment.h | 27 +-
4740 arch/x86/include/asm/smap.h | 43 +
6090327c 4741 arch/x86/include/asm/smp.h | 14 +-
6090327c
PK		 4742 arch/x86/include/asm/stackprotector.h | 4 +-
4743 arch/x86/include/asm/stacktrace.h | 32 +-
4744 arch/x86/include/asm/switch_to.h | 4 +-
afe359a8
PK		 4745 arch/x86/include/asm/sys_ia32.h | 6 +-
4746 arch/x86/include/asm/thread_info.h | 27 +-
4747 arch/x86/include/asm/tlbflush.h | 77 +-
e8242a6d 4748 arch/x86/include/asm/uaccess.h | 192 +-
8cf17962
PK		 4749 arch/x86/include/asm/uaccess_32.h | 28 +-
4750 arch/x86/include/asm/uaccess_64.h | 169 +-
6090327c
PK		 4751 arch/x86/include/asm/word-at-a-time.h | 2 +-
4752 arch/x86/include/asm/x86_init.h | 10 +-
4753 arch/x86/include/asm/xen/page.h | 2 +-
6090327c 4754 arch/x86/include/uapi/asm/e820.h | 2 +-
6090327c
PK		 4755 arch/x86/kernel/Makefile | 2 +-
4756 arch/x86/kernel/acpi/boot.c | 4 +-
4757 arch/x86/kernel/acpi/sleep.c | 4 +
4758 arch/x86/kernel/acpi/wakeup_32.S | 6 +-
afe359a8 4759 arch/x86/kernel/alternative.c | 124 +-
6090327c
PK		 4760 arch/x86/kernel/apic/apic.c | 4 +-
4761 arch/x86/kernel/apic/apic_flat_64.c | 4 +-
4762 arch/x86/kernel/apic/apic_noop.c | 2 +-
4763 arch/x86/kernel/apic/bigsmp_32.c | 2 +-
e8242a6d 4764 arch/x86/kernel/apic/io_apic.c | 8 +-
afe359a8 4765 arch/x86/kernel/apic/msi.c | 2 +-
6090327c 4766 arch/x86/kernel/apic/probe_32.c | 2 +-
8cf17962 4767 arch/x86/kernel/apic/vector.c | 4 +-
6090327c
PK		 4768 arch/x86/kernel/apic/x2apic_cluster.c | 4 +-
4769 arch/x86/kernel/apic/x2apic_phys.c | 2 +-
4770 arch/x86/kernel/apic/x2apic_uv_x.c | 2 +-
e8242a6d 4771 arch/x86/kernel/apm_32.c | 21 +-
6090327c
PK		 4772 arch/x86/kernel/asm-offsets.c | 20 +
4773 arch/x86/kernel/asm-offsets_64.c | 1 +
4774 arch/x86/kernel/cpu/Makefile | 4 -
4775 arch/x86/kernel/cpu/amd.c | 2 +-
afe359a8 4776 arch/x86/kernel/cpu/common.c | 202 +-
da1216b9 4777 arch/x86/kernel/cpu/intel_cacheinfo.c | 14 +-
6090327c
PK		 4778 arch/x86/kernel/cpu/mcheck/mce.c | 31 +-
4779 arch/x86/kernel/cpu/mcheck/p5.c | 3 +
4780 arch/x86/kernel/cpu/mcheck/winchip.c | 3 +
4781 arch/x86/kernel/cpu/microcode/core.c | 2 +-
4782 arch/x86/kernel/cpu/microcode/intel.c | 4 +-
4783 arch/x86/kernel/cpu/mtrr/main.c | 2 +-
4784 arch/x86/kernel/cpu/mtrr/mtrr.h | 2 +-
afe359a8 4785 arch/x86/kernel/cpu/perf_event.c | 10 +-
6090327c
PK		 4786 arch/x86/kernel/cpu/perf_event_amd_iommu.c | 2 +-
4787 arch/x86/kernel/cpu/perf_event_intel.c | 6 +-
da1216b9
PK		 4788 arch/x86/kernel/cpu/perf_event_intel_bts.c | 6 +-
4789 arch/x86/kernel/cpu/perf_event_intel_cqm.c | 4 +-
4790 arch/x86/kernel/cpu/perf_event_intel_pt.c | 44 +-
6090327c
PK		 4791 arch/x86/kernel/cpu/perf_event_intel_rapl.c | 2 +-
4792 arch/x86/kernel/cpu/perf_event_intel_uncore.c | 2 +-
4793 arch/x86/kernel/cpu/perf_event_intel_uncore.h | 2 +-
4794 arch/x86/kernel/cpuid.c | 2 +-
6090327c
PK		 4795 arch/x86/kernel/crash_dump_64.c | 2 +-
4796 arch/x86/kernel/doublefault.c | 8 +-
da1216b9
PK		 4797 arch/x86/kernel/dumpstack.c | 24 +-
4798 arch/x86/kernel/dumpstack_32.c | 25 +-
8cf17962 4799 arch/x86/kernel/dumpstack_64.c | 62 +-
6090327c
PK		 4800 arch/x86/kernel/e820.c | 4 +-
4801 arch/x86/kernel/early_printk.c | 1 +
8cf17962 4802 arch/x86/kernel/espfix_64.c | 13 +-
afe359a8
PK		 4803 arch/x86/kernel/fpu/core.c | 22 +-
4804 arch/x86/kernel/fpu/init.c | 8 +-
4805 arch/x86/kernel/fpu/regset.c | 22 +-
4806 arch/x86/kernel/fpu/signal.c | 20 +-
4807 arch/x86/kernel/fpu/xstate.c | 8 +-
da1216b9 4808 arch/x86/kernel/ftrace.c | 18 +-
afe359a8
PK		 4809 arch/x86/kernel/head64.c | 14 +-
4810 arch/x86/kernel/head_32.S | 235 +-
da1216b9 4811 arch/x86/kernel/head_64.S | 149 +-
6090327c 4812 arch/x86/kernel/i386_ksyms_32.c | 12 +
6090327c
PK		 4813 arch/x86/kernel/i8259.c | 10 +-
4814 arch/x86/kernel/io_delay.c | 2 +-
4815 arch/x86/kernel/ioport.c | 2 +-
4816 arch/x86/kernel/irq.c | 8 +-
da1216b9 4817 arch/x86/kernel/irq_32.c | 45 +-
afe359a8 4818 arch/x86/kernel/jump_label.c | 10 +-
da1216b9
PK		 4819 arch/x86/kernel/kgdb.c | 21 +-
4820 arch/x86/kernel/kprobes/core.c | 28 +-
6090327c
PK		 4821 arch/x86/kernel/kprobes/opt.c | 16 +-
4822 arch/x86/kernel/ksysfs.c | 2 +-
afe359a8 4823 arch/x86/kernel/ldt.c | 25 +
e8242a6d 4824 arch/x86/kernel/livepatch.c | 12 +-
6090327c 4825 arch/x86/kernel/machine_kexec_32.c | 6 +-
a8b227b4 4826 arch/x86/kernel/mcount_64.S | 19 +-
6090327c
PK		 4827 arch/x86/kernel/module.c | 78 +-
4828 arch/x86/kernel/msr.c | 2 +-
4829 arch/x86/kernel/nmi.c | 34 +-
4830 arch/x86/kernel/nmi_selftest.c | 4 +-
4831 arch/x86/kernel/paravirt-spinlocks.c | 2 +-
4832 arch/x86/kernel/paravirt.c | 45 +-
8cf17962 4833 arch/x86/kernel/paravirt_patch_64.c | 8 +
6090327c
PK		 4834 arch/x86/kernel/pci-calgary_64.c | 2 +-
4835 arch/x86/kernel/pci-iommu_table.c | 2 +-
4836 arch/x86/kernel/pci-swiotlb.c | 2 +-
afe359a8
PK		 4837 arch/x86/kernel/process.c | 71 +-
4838 arch/x86/kernel/process_32.c | 30 +-
4839 arch/x86/kernel/process_64.c | 19 +-
6090327c
PK		 4840 arch/x86/kernel/ptrace.c | 20 +-
4841 arch/x86/kernel/pvclock.c | 8 +-
e8242a6d 4842 arch/x86/kernel/reboot.c | 44 +-
6090327c
PK		 4843 arch/x86/kernel/reboot_fixups_32.c | 2 +-
4844 arch/x86/kernel/relocate_kernel_64.S | 3 +-
afe359a8 4845 arch/x86/kernel/setup.c | 29 +-
6090327c
PK		 4846 arch/x86/kernel/setup_percpu.c | 29 +-
4847 arch/x86/kernel/signal.c | 17 +-
4848 arch/x86/kernel/smp.c | 2 +-
afe359a8
PK		 4849 arch/x86/kernel/smpboot.c | 29 +-
4850 arch/x86/kernel/step.c | 6 +-
6090327c
PK		 4851 arch/x86/kernel/sys_i386_32.c | 184 +
4852 arch/x86/kernel/sys_x86_64.c | 22 +-
da1216b9
PK		 4853 arch/x86/kernel/tboot.c | 14 +-
4854 arch/x86/kernel/time.c | 8 +-
6090327c
PK		 4855 arch/x86/kernel/tls.c | 7 +-
4856 arch/x86/kernel/tracepoint.c | 4 +-
da1216b9 4857 arch/x86/kernel/traps.c | 53 +-
6090327c 4858 arch/x86/kernel/tsc.c | 2 +-
da1216b9 4859 arch/x86/kernel/uprobes.c | 2 +-
6090327c
PK		 4860 arch/x86/kernel/vm86_32.c | 6 +-
4861 arch/x86/kernel/vmlinux.lds.S | 147 +-
6090327c
PK		 4862 arch/x86/kernel/x8664_ksyms_64.c | 6 +-
4863 arch/x86/kernel/x86_init.c | 6 +-
6090327c 4864 arch/x86/kvm/cpuid.c | 21 +-
8cf17962 4865 arch/x86/kvm/emulate.c | 2 +-
6090327c
PK		 4866 arch/x86/kvm/lapic.c | 2 +-
4867 arch/x86/kvm/paging_tmpl.h | 2 +-
4868 arch/x86/kvm/svm.c | 8 +
e8242a6d 4869 arch/x86/kvm/vmx.c | 82 +-
afe359a8 4870 arch/x86/kvm/x86.c | 44 +-
6090327c
PK		 4871 arch/x86/lguest/boot.c | 3 +-
4872 arch/x86/lib/atomic64_386_32.S | 164 +
afe359a8
PK		 4873 arch/x86/lib/atomic64_cx8_32.S | 98 +-
4874 arch/x86/lib/checksum_32.S | 97 +-
da1216b9 4875 arch/x86/lib/clear_page_64.S | 3 +
0986ccbe 4876 arch/x86/lib/cmpxchg16b_emu.S | 3 +
afe359a8
PK		 4877 arch/x86/lib/copy_page_64.S | 14 +-
4878 arch/x86/lib/copy_user_64.S | 66 +-
4879 arch/x86/lib/csum-copy_64.S | 14 +-
6090327c
PK		 4880 arch/x86/lib/csum-wrappers_64.c | 8 +-
4881 arch/x86/lib/getuser.S | 74 +-
8cf17962 4882 arch/x86/lib/insn.c | 8 +-
6090327c 4883 arch/x86/lib/iomap_copy_64.S | 2 +
da1216b9
PK		 4884 arch/x86/lib/memcpy_64.S | 6 +
4885 arch/x86/lib/memmove_64.S | 3 +-
4886 arch/x86/lib/memset_64.S | 3 +
6090327c
PK		 4887 arch/x86/lib/mmx_32.c | 243 +-
4888 arch/x86/lib/msr-reg.S | 2 +
afe359a8 4889 arch/x86/lib/putuser.S | 87 +-
6090327c 4890 arch/x86/lib/rwsem.S | 6 +-
afe359a8 4891 arch/x86/lib/usercopy_32.c | 359 +-
da1216b9 4892 arch/x86/lib/usercopy_64.c | 20 +-
afe359a8
PK		 4893 arch/x86/math-emu/fpu_aux.c | 2 +-
4894 arch/x86/math-emu/fpu_entry.c | 4 +-
4895 arch/x86/math-emu/fpu_system.h | 2 +-
6090327c 4896 arch/x86/mm/Makefile | 4 +
afe359a8 4897 arch/x86/mm/extable.c | 26 +-
da1216b9 4898 arch/x86/mm/fault.c | 570 +-
6090327c
PK		 4899 arch/x86/mm/gup.c | 6 +-
4900 arch/x86/mm/highmem_32.c | 4 +
4901 arch/x86/mm/hugetlbpage.c | 24 +-
4902 arch/x86/mm/init.c | 101 +-
4903 arch/x86/mm/init_32.c | 111 +-
8cf17962 4904 arch/x86/mm/init_64.c | 46 +-
6090327c 4905 arch/x86/mm/iomap_32.c | 4 +
afe359a8 4906 arch/x86/mm/ioremap.c | 44 +-
6090327c 4907 arch/x86/mm/kmemcheck/kmemcheck.c | 4 +-
da1216b9 4908 arch/x86/mm/mmap.c | 40 +-
6090327c
PK		 4909 arch/x86/mm/mmio-mod.c | 10 +-
4910 arch/x86/mm/numa.c | 2 +-
4911 arch/x86/mm/pageattr.c | 33 +-
afe359a8 4912 arch/x86/mm/pat.c | 12 +-
6090327c
PK		 4913 arch/x86/mm/pat_rbtree.c | 2 +-
4914 arch/x86/mm/pf_in.c | 10 +-
e8242a6d 4915 arch/x86/mm/pgtable.c | 162 +-
6090327c 4916 arch/x86/mm/pgtable_32.c | 3 +
6090327c
PK		 4917 arch/x86/mm/setup_nx.c | 7 +
4918 arch/x86/mm/tlb.c | 4 +
4919 arch/x86/mm/uderef_64.c | 37 +
4920 arch/x86/net/bpf_jit.S | 11 +
8cf17962 4921 arch/x86/net/bpf_jit_comp.c | 13 +-
da1216b9 4922 arch/x86/oprofile/backtrace.c | 6 +-
6090327c
PK		 4923 arch/x86/oprofile/nmi_int.c | 8 +-
4924 arch/x86/oprofile/op_model_amd.c | 8 +-
4925 arch/x86/oprofile/op_model_ppro.c | 7 +-
4926 arch/x86/oprofile/op_x86_model.h | 2 +-
4927 arch/x86/pci/intel_mid_pci.c | 2 +-
4928 arch/x86/pci/irq.c | 8 +-
4929 arch/x86/pci/pcbios.c | 144 +-
4930 arch/x86/platform/efi/efi_32.c | 24 +
da1216b9 4931 arch/x86/platform/efi/efi_64.c | 26 +-
6090327c 4932 arch/x86/platform/efi/efi_stub_32.S | 64 +-
8cf17962 4933 arch/x86/platform/efi/efi_stub_64.S | 2 +
e8242a6d 4934 arch/x86/platform/intel-mid/intel-mid.c | 5 +-
a8b227b4
PK		 4935 arch/x86/platform/intel-mid/intel_mid_weak_decls.h | 6 +-
4936 arch/x86/platform/intel-mid/mfld.c | 4 +-
4937 arch/x86/platform/intel-mid/mrfl.c | 2 +-
e8242a6d 4938 arch/x86/platform/intel-quark/imr_selftest.c | 2 +-
6090327c
PK		 4939 arch/x86/platform/olpc/olpc_dt.c | 2 +-
4940 arch/x86/power/cpu.c | 11 +-
4941 arch/x86/realmode/init.c | 10 +-
4942 arch/x86/realmode/rm/Makefile | 3 +
4943 arch/x86/realmode/rm/header.S | 4 +-
da1216b9 4944 arch/x86/realmode/rm/reboot.S | 4 +
6090327c
PK		 4945 arch/x86/realmode/rm/trampoline_32.S | 12 +-
4946 arch/x86/realmode/rm/trampoline_64.S | 3 +-
4947 arch/x86/realmode/rm/wakeup_asm.S | 5 +-
4948 arch/x86/tools/Makefile | 2 +-
afe359a8 4949 arch/x86/tools/relocs.c | 96 +-
6090327c
PK		 4950 arch/x86/um/mem_32.c | 2 +-
4951 arch/x86/um/tls_32.c | 2 +-
da1216b9
PK		 4952 arch/x86/xen/enlighten.c | 50 +-
4953 arch/x86/xen/mmu.c | 17 +-
4954 arch/x86/xen/smp.c | 16 +-
6090327c
PK		 4955 arch/x86/xen/xen-asm_32.S | 2 +-
4956 arch/x86/xen/xen-head.S | 11 +
4957 arch/x86/xen/xen-ops.h | 2 -
e8242a6d 4958 block/bio.c | 4 +-
6090327c
PK		 4959 block/blk-iopoll.c | 2 +-
4960 block/blk-map.c | 2 +-
4961 block/blk-softirq.c | 2 +-
4962 block/bsg.c | 12 +-
4963 block/compat_ioctl.c | 4 +-
4964 block/genhd.c | 9 +-
4965 block/partitions/efi.c | 8 +-
4966 block/scsi_ioctl.c | 29 +-
4967 crypto/cryptd.c | 4 +-
4968 crypto/pcrypt.c | 2 +-
e8242a6d 4969 crypto/zlib.c | 4 +-
afe359a8 4970 drivers/acpi/acpi_video.c | 2 +-
6090327c
PK		 4971 drivers/acpi/apei/apei-internal.h | 2 +-
4972 drivers/acpi/apei/ghes.c | 4 +-
4973 drivers/acpi/bgrt.c | 6 +-
4974 drivers/acpi/blacklist.c | 4 +-
e8242a6d 4975 drivers/acpi/bus.c | 4 +-
0986ccbe 4976 drivers/acpi/device_pm.c | 4 +-
e8242a6d
PK		 4977 drivers/acpi/ec.c | 2 +-
4978 drivers/acpi/pci_slot.c | 2 +-
4979 drivers/acpi/processor_driver.c | 2 +-
6090327c 4980 drivers/acpi/processor_idle.c | 2 +-
e8242a6d
PK		 4981 drivers/acpi/processor_pdc.c | 2 +-
4982 drivers/acpi/sleep.c | 2 +-
6090327c 4983 drivers/acpi/sysfs.c | 4 +-
e8242a6d 4984 drivers/acpi/thermal.c | 2 +-
afe359a8 4985 drivers/acpi/video_detect.c | 7 +-
6090327c
PK		 4986 drivers/ata/libahci.c | 2 +-
4987 drivers/ata/libata-core.c | 12 +-
4988 drivers/ata/libata-scsi.c | 2 +-
4989 drivers/ata/libata.h | 2 +-
4990 drivers/ata/pata_arasan_cf.c | 4 +-
4991 drivers/atm/adummy.c | 2 +-
4992 drivers/atm/ambassador.c | 8 +-
4993 drivers/atm/atmtcp.c | 14 +-
4994 drivers/atm/eni.c | 10 +-
4995 drivers/atm/firestream.c | 8 +-
4996 drivers/atm/fore200e.c | 14 +-
4997 drivers/atm/he.c | 18 +-
4998 drivers/atm/horizon.c | 4 +-
4999 drivers/atm/idt77252.c | 36 +-
5000 drivers/atm/iphase.c | 34 +-
5001 drivers/atm/lanai.c | 12 +-
5002 drivers/atm/nicstar.c | 46 +-
5003 drivers/atm/solos-pci.c | 4 +-
5004 drivers/atm/suni.c | 4 +-
5005 drivers/atm/uPD98402.c | 16 +-
5006 drivers/atm/zatm.c | 6 +-
5007 drivers/base/bus.c | 4 +-
5008 drivers/base/devtmpfs.c | 8 +-
5009 drivers/base/node.c | 2 +-
da1216b9 5010 drivers/base/power/domain.c | 11 +-
6090327c
PK		 5011 drivers/base/power/sysfs.c | 2 +-
5012 drivers/base/power/wakeup.c | 8 +-
5013 drivers/base/syscore.c | 4 +-
5014 drivers/block/cciss.c | 28 +-
5015 drivers/block/cciss.h | 2 +-
5016 drivers/block/cpqarray.c | 28 +-
5017 drivers/block/cpqarray.h | 2 +-
a8b227b4 5018 drivers/block/drbd/drbd_bitmap.c | 2 +-
8cf17962 5019 drivers/block/drbd/drbd_int.h | 8 +-
a8b227b4 5020 drivers/block/drbd/drbd_main.c | 12 +-
6090327c 5021 drivers/block/drbd/drbd_nl.c | 4 +-
a8b227b4
PK		 5022 drivers/block/drbd/drbd_receiver.c | 34 +-
5023 drivers/block/drbd/drbd_worker.c | 8 +-
6090327c 5024 drivers/block/pktcdvd.c | 4 +-
8cf17962 5025 drivers/block/rbd.c | 2 +-
6090327c
PK		 5026 drivers/bluetooth/btwilink.c | 2 +-
5027 drivers/cdrom/cdrom.c | 11 +-
5028 drivers/cdrom/gdrom.c | 1 -
5029 drivers/char/agp/compat_ioctl.c | 2 +-
5030 drivers/char/agp/frontend.c | 4 +-
afe359a8 5031 drivers/char/agp/intel-gtt.c | 4 +-
6090327c 5032 drivers/char/hpet.c | 2 +-
6090327c
PK		 5033 drivers/char/ipmi/ipmi_msghandler.c | 8 +-
5034 drivers/char/ipmi/ipmi_si_intf.c | 8 +-
8cf17962 5035 drivers/char/mem.c | 47 +-
6090327c 5036 drivers/char/nvram.c | 2 +-
a8b227b4
PK		 5037 drivers/char/pcmcia/synclink_cs.c | 16 +-
5038 drivers/char/random.c | 12 +-
e8242a6d 5039 drivers/char/sonypi.c | 11 +-
6090327c
PK		 5040 drivers/char/tpm/tpm_acpi.c | 3 +-
5041 drivers/char/tpm/tpm_eventlog.c | 7 +-
5042 drivers/char/virtio_console.c | 4 +-
5043 drivers/clk/clk-composite.c | 2 +-
da1216b9 5044 drivers/clk/samsung/clk.h | 2 +-
6090327c
PK		 5045 drivers/clk/socfpga/clk-gate.c | 9 +-
5046 drivers/clk/socfpga/clk-pll.c | 9 +-
5047 drivers/cpufreq/acpi-cpufreq.c | 17 +-
8cf17962 5048 drivers/cpufreq/cpufreq-dt.c | 4 +-
6090327c 5049 drivers/cpufreq/cpufreq.c | 26 +-
afe359a8 5050 drivers/cpufreq/cpufreq_governor.c | 2 +-
6090327c
PK		 5051 drivers/cpufreq/cpufreq_governor.h | 4 +-
5052 drivers/cpufreq/cpufreq_ondemand.c | 10 +-
0986ccbe 5053 drivers/cpufreq/intel_pstate.c | 33 +-
6090327c
PK		 5054 drivers/cpufreq/p4-clockmod.c | 12 +-
5055 drivers/cpufreq/sparc-us3-cpufreq.c | 67 +-
5056 drivers/cpufreq/speedstep-centrino.c | 7 +-
5057 drivers/cpuidle/driver.c | 2 +-
afe359a8 5058 drivers/cpuidle/dt_idle_states.c | 2 +-
6090327c
PK		 5059 drivers/cpuidle/governor.c | 2 +-
5060 drivers/cpuidle/sysfs.c | 2 +-
5061 drivers/crypto/hifn_795x.c | 4 +-
5062 drivers/devfreq/devfreq.c | 4 +-
5063 drivers/dma/sh/shdma-base.c | 4 +-
5064 drivers/dma/sh/shdmac.c | 2 +-
5065 drivers/edac/edac_device.c | 4 +-
da1216b9 5066 drivers/edac/edac_mc_sysfs.c | 2 +-
6090327c
PK		 5067 drivers/edac/edac_pci.c | 4 +-
5068 drivers/edac/edac_pci_sysfs.c | 22 +-
5069 drivers/edac/mce_amd.h | 2 +-
5070 drivers/firewire/core-card.c | 6 +-
5071 drivers/firewire/core-device.c | 2 +-
5072 drivers/firewire/core-transaction.c | 1 +
5073 drivers/firewire/core.h | 1 +
5074 drivers/firmware/dmi-id.c | 2 +-
afe359a8 5075 drivers/firmware/dmi_scan.c | 12 +-
6090327c
PK		 5076 drivers/firmware/efi/cper.c | 8 +-
5077 drivers/firmware/efi/efi.c | 12 +-
5078 drivers/firmware/efi/efivars.c | 2 +-
e8242a6d
PK		 5079 drivers/firmware/efi/runtime-map.c | 2 +-
5080 drivers/firmware/google/gsmi.c | 2 +-
5081 drivers/firmware/google/memconsole.c | 7 +-
5082 drivers/firmware/memmap.c | 2 +-
afe359a8 5083 drivers/gpio/gpio-davinci.c | 6 +-
6090327c
PK		 5084 drivers/gpio/gpio-em.c | 2 +-
5085 drivers/gpio/gpio-ich.c | 2 +-
afe359a8 5086 drivers/gpio/gpio-omap.c | 4 +-
6090327c
PK		 5087 drivers/gpio/gpio-rcar.c | 2 +-
5088 drivers/gpio/gpio-vr41xx.c | 2 +-
a8b227b4 5089 drivers/gpio/gpiolib.c | 13 +-
afe359a8
PK		 5090 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +-
5091 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 2 +-
5092 drivers/gpu/drm/amd/amdkfd/kfd_device.c | 6 +-
5093 .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 90 +-
5094 .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.h | 8 +-
5095 .../drm/amd/amdkfd/kfd_device_queue_manager_cik.c | 14 +-
5096 .../drm/amd/amdkfd/kfd_device_queue_manager_vi.c | 14 +-
5097 drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c | 4 +-
5098 drivers/gpu/drm/amd/amdkfd/kfd_kernel_queue.c | 2 +-
e8242a6d 5099 drivers/gpu/drm/amd/amdkfd/kfd_kernel_queue.h | 2 +-
afe359a8 5100 .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 16 +-
6090327c 5101 drivers/gpu/drm/drm_crtc.c | 2 +-
a8b227b4 5102 drivers/gpu/drm/drm_drv.c | 2 +-
6090327c
PK		 5103 drivers/gpu/drm/drm_fops.c | 12 +-
5104 drivers/gpu/drm/drm_global.c | 14 +-
5105 drivers/gpu/drm/drm_info.c | 13 +-
5106 drivers/gpu/drm/drm_ioc32.c | 13 +-
a8b227b4 5107 drivers/gpu/drm/drm_ioctl.c | 2 +-
e8242a6d 5108 drivers/gpu/drm/gma500/mdfld_dsi_dpi.c | 10 +-
6090327c 5109 drivers/gpu/drm/i810/i810_drv.h | 4 +-
afe359a8 5110 drivers/gpu/drm/i915/i915_debugfs.c | 2 +-
6090327c
PK		 5111 drivers/gpu/drm/i915/i915_dma.c | 2 +-
5112 drivers/gpu/drm/i915/i915_gem_execbuffer.c | 4 +-
afe359a8
PK		 5113 drivers/gpu/drm/i915/i915_gem_gtt.c | 32 +-
5114 drivers/gpu/drm/i915/i915_gem_gtt.h | 16 +-
5115 drivers/gpu/drm/i915/i915_gem_stolen.c | 2 +-
da1216b9 5116 drivers/gpu/drm/i915/i915_ioc32.c | 16 +-
6090327c 5117 drivers/gpu/drm/i915/intel_display.c | 26 +-
8cf17962 5118 drivers/gpu/drm/imx/imx-drm-core.c | 2 +-
6090327c 5119 drivers/gpu/drm/mga/mga_drv.h | 4 +-
da1216b9 5120 drivers/gpu/drm/mga/mga_ioc32.c | 10 +-
6090327c
PK		 5121 drivers/gpu/drm/mga/mga_irq.c | 8 +-
5122 drivers/gpu/drm/nouveau/nouveau_bios.c | 2 +-
5123 drivers/gpu/drm/nouveau/nouveau_drm.h | 1 -
5124 drivers/gpu/drm/nouveau/nouveau_ioc32.c | 2 +-
5125 drivers/gpu/drm/nouveau/nouveau_vga.c | 2 +-
afe359a8 5126 drivers/gpu/drm/omapdrm/Makefile | 2 +-
6090327c
PK		 5127 drivers/gpu/drm/qxl/qxl_cmd.c | 12 +-
5128 drivers/gpu/drm/qxl/qxl_debugfs.c | 8 +-
5129 drivers/gpu/drm/qxl/qxl_drv.h | 8 +-
5130 drivers/gpu/drm/qxl/qxl_ioctl.c | 10 +-
5131 drivers/gpu/drm/qxl/qxl_irq.c | 16 +-
5132 drivers/gpu/drm/qxl/qxl_ttm.c | 38 +-
5133 drivers/gpu/drm/r128/r128_cce.c | 2 +-
5134 drivers/gpu/drm/r128/r128_drv.h | 4 +-
da1216b9 5135 drivers/gpu/drm/r128/r128_ioc32.c | 10 +-
6090327c
PK		 5136 drivers/gpu/drm/r128/r128_irq.c | 4 +-
5137 drivers/gpu/drm/r128/r128_state.c | 4 +-
5138 drivers/gpu/drm/radeon/mkregtable.c | 4 +-
5139 drivers/gpu/drm/radeon/radeon_device.c | 2 +-
5140 drivers/gpu/drm/radeon/radeon_drv.h | 2 +-
da1216b9 5141 drivers/gpu/drm/radeon/radeon_ioc32.c | 12 +-
6090327c
PK		 5142 drivers/gpu/drm/radeon/radeon_irq.c | 6 +-
5143 drivers/gpu/drm/radeon/radeon_state.c | 4 +-
5144 drivers/gpu/drm/radeon/radeon_ttm.c | 4 +-
5145 drivers/gpu/drm/tegra/dc.c | 2 +-
5146 drivers/gpu/drm/tegra/dsi.c | 2 +-
5147 drivers/gpu/drm/tegra/hdmi.c | 2 +-
afe359a8
PK		 5148 drivers/gpu/drm/tegra/sor.c | 7 +-
5149 drivers/gpu/drm/tilcdc/Makefile | 6 +-
6090327c 5150 drivers/gpu/drm/ttm/ttm_memory.c | 4 +-
0986ccbe
PK		 5151 drivers/gpu/drm/ttm/ttm_page_alloc.c | 18 +-
5152 drivers/gpu/drm/ttm/ttm_page_alloc_dma.c | 18 +-
6090327c
PK		 5153 drivers/gpu/drm/udl/udl_fb.c | 1 -
5154 drivers/gpu/drm/via/via_drv.h | 4 +-
5155 drivers/gpu/drm/via/via_irq.c | 18 +-
afe359a8
PK		 5156 drivers/gpu/drm/virtio/virtgpu_debugfs.c | 2 +-
5157 drivers/gpu/drm/virtio/virtgpu_fence.c | 2 +-
6090327c
PK		 5158 drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 2 +-
5159 drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c | 8 +-
5160 drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c | 4 +-
5161 drivers/gpu/drm/vmwgfx/vmwgfx_irq.c | 4 +-
5162 drivers/gpu/drm/vmwgfx/vmwgfx_marker.c | 2 +-
5163 drivers/gpu/vga/vga_switcheroo.c | 4 +-
5164 drivers/hid/hid-core.c | 4 +-
afe359a8 5165 drivers/hid/hid-sensor-custom.c | 2 +-
e8242a6d 5166 drivers/hv/channel.c | 2 +-
6090327c
PK		 5167 drivers/hv/hv.c | 4 +-
5168 drivers/hv/hv_balloon.c | 18 +-
5169 drivers/hv/hyperv_vmbus.h | 2 +-
e8242a6d 5170 drivers/hwmon/acpi_power_meter.c | 6 +-
6090327c
PK		 5171 drivers/hwmon/applesmc.c | 2 +-
5172 drivers/hwmon/asus_atk0110.c | 10 +-
5173 drivers/hwmon/coretemp.c | 2 +-
afe359a8 5174 drivers/hwmon/dell-smm-hwmon.c | 2 +-
6090327c
PK		 5175 drivers/hwmon/ibmaem.c | 2 +-
5176 drivers/hwmon/iio_hwmon.c | 2 +-
a8b227b4 5177 drivers/hwmon/nct6683.c | 6 +-
6090327c
PK		 5178 drivers/hwmon/nct6775.c | 6 +-
5179 drivers/hwmon/pmbus/pmbus_core.c | 10 +-
5180 drivers/hwmon/sht15.c | 12 +-
5181 drivers/hwmon/via-cputemp.c | 2 +-
5182 drivers/i2c/busses/i2c-amd756-s4882.c | 2 +-
5183 drivers/i2c/busses/i2c-diolan-u2c.c | 2 +-
5184 drivers/i2c/busses/i2c-nforce2-s4985.c | 2 +-
5185 drivers/i2c/i2c-dev.c | 2 +-
5186 drivers/ide/ide-cd.c | 2 +-
5187 drivers/iio/industrialio-core.c | 2 +-
afe359a8 5188 drivers/iio/magnetometer/ak8975.c | 2 +-
6090327c
PK		 5189 drivers/infiniband/core/cm.c | 32 +-
5190 drivers/infiniband/core/fmr_pool.c | 20 +-
e8242a6d 5191 drivers/infiniband/core/uverbs_cmd.c | 3 +
6090327c
PK		 5192 drivers/infiniband/hw/cxgb4/mem.c | 4 +-
5193 drivers/infiniband/hw/ipath/ipath_rc.c | 6 +-
5194 drivers/infiniband/hw/ipath/ipath_ruc.c | 6 +-
5195 drivers/infiniband/hw/mlx4/mad.c | 2 +-
5196 drivers/infiniband/hw/mlx4/mcg.c | 2 +-
5197 drivers/infiniband/hw/mlx4/mlx4_ib.h | 2 +-
5198 drivers/infiniband/hw/mthca/mthca_cmd.c | 8 +-
5199 drivers/infiniband/hw/mthca/mthca_main.c | 2 +-
5200 drivers/infiniband/hw/mthca/mthca_mr.c | 6 +-
5201 drivers/infiniband/hw/mthca/mthca_provider.c | 2 +-
5202 drivers/infiniband/hw/nes/nes.c | 4 +-
5203 drivers/infiniband/hw/nes/nes.h | 40 +-
5204 drivers/infiniband/hw/nes/nes_cm.c | 62 +-
5205 drivers/infiniband/hw/nes/nes_mgt.c | 8 +-
5206 drivers/infiniband/hw/nes/nes_nic.c | 40 +-
5207 drivers/infiniband/hw/nes/nes_verbs.c | 10 +-
5208 drivers/infiniband/hw/qib/qib.h | 1 +
0986ccbe 5209 drivers/infiniband/ulp/ipoib/ipoib_netlink.c | 2 +-
6090327c
PK		 5210 drivers/input/gameport/gameport.c | 4 +-
5211 drivers/input/input.c | 4 +-
5212 drivers/input/joystick/sidewinder.c | 1 +
5213 drivers/input/joystick/xpad.c | 4 +-
5214 drivers/input/misc/ims-pcu.c | 4 +-
5215 drivers/input/mouse/psmouse.h | 2 +-
5216 drivers/input/mousedev.c | 2 +-
5217 drivers/input/serio/serio.c | 4 +-
5218 drivers/input/serio/serio_raw.c | 4 +-
e8242a6d 5219 drivers/input/touchscreen/htcpen.c | 2 +-
da1216b9
PK		 5220 drivers/iommu/arm-smmu.c | 43 +-
5221 drivers/iommu/io-pgtable-arm.c | 101 +-
5222 drivers/iommu/io-pgtable.c | 11 +-
5223 drivers/iommu/io-pgtable.h | 19 +-
0986ccbe 5224 drivers/iommu/iommu.c | 2 +-
da1216b9 5225 drivers/iommu/ipmmu-vmsa.c | 13 +-
afe359a8 5226 drivers/iommu/irq_remapping.c | 2 +-
da1216b9 5227 drivers/irqchip/irq-gic.c | 2 +-
8cf17962 5228 drivers/irqchip/irq-renesas-intc-irqpin.c | 2 +-
6090327c
PK		 5229 drivers/irqchip/irq-renesas-irqc.c | 2 +-
5230 drivers/isdn/capi/capi.c | 10 +-
5231 drivers/isdn/gigaset/interface.c | 8 +-
5232 drivers/isdn/gigaset/usb-gigaset.c | 2 +-
5233 drivers/isdn/hardware/avm/b1.c | 4 +-
5234 drivers/isdn/i4l/isdn_common.c | 2 +
5235 drivers/isdn/i4l/isdn_tty.c | 22 +-
5236 drivers/isdn/icn/icn.c | 2 +-
5237 drivers/isdn/mISDN/dsp_cmx.c | 2 +-
6090327c
PK		 5238 drivers/lguest/core.c | 10 +-
5239 drivers/lguest/page_tables.c | 2 +-
5240 drivers/lguest/x86/core.c | 12 +-
5241 drivers/lguest/x86/switcher_32.S | 27 +-
5242 drivers/md/bcache/closure.h | 2 +-
5243 drivers/md/bitmap.c | 2 +-
5244 drivers/md/dm-ioctl.c | 2 +-
afe359a8 5245 drivers/md/dm-raid1.c | 18 +-
6090327c
PK		 5246 drivers/md/dm-stats.c | 6 +-
5247 drivers/md/dm-stripe.c | 10 +-
0986ccbe 5248 drivers/md/dm-table.c | 2 +-
6090327c
PK		 5249 drivers/md/dm-thin-metadata.c | 4 +-
5250 drivers/md/dm.c | 16 +-
5251 drivers/md/md.c | 26 +-
5252 drivers/md/md.h | 6 +-
5253 drivers/md/persistent-data/dm-space-map-metadata.c | 4 +-
5254 drivers/md/persistent-data/dm-space-map.h | 1 +
5255 drivers/md/raid1.c | 4 +-
5256 drivers/md/raid10.c | 16 +-
e8242a6d 5257 drivers/md/raid5.c | 22 +-
6090327c
PK		 5258 drivers/media/dvb-core/dvbdev.c | 2 +-
5259 drivers/media/dvb-frontends/af9033.h | 2 +-
5260 drivers/media/dvb-frontends/dib3000.h | 2 +-
a8b227b4
PK		 5261 drivers/media/dvb-frontends/dib7000p.h | 2 +-
5262 drivers/media/dvb-frontends/dib8000.h | 2 +-
6090327c
PK		 5263 drivers/media/pci/cx88/cx88-video.c | 6 +-
5264 drivers/media/pci/ivtv/ivtv-driver.c | 2 +-
a8b227b4
PK		 5265 drivers/media/pci/solo6x10/solo6x10-core.c | 2 +-
5266 drivers/media/pci/solo6x10/solo6x10-p2m.c | 2 +-
5267 drivers/media/pci/solo6x10/solo6x10.h | 2 +-
0986ccbe 5268 drivers/media/pci/tw68/tw68-core.c | 2 +-
6090327c
PK		 5269 drivers/media/platform/omap/omap_vout.c | 11 +-
5270 drivers/media/platform/s5p-tv/mixer.h | 2 +-
5271 drivers/media/platform/s5p-tv/mixer_grp_layer.c | 2 +-
5272 drivers/media/platform/s5p-tv/mixer_reg.c | 2 +-
5273 drivers/media/platform/s5p-tv/mixer_video.c | 24 +-
5274 drivers/media/platform/s5p-tv/mixer_vp_layer.c | 2 +-
6090327c
PK		 5275 drivers/media/radio/radio-cadet.c | 2 +
5276 drivers/media/radio/radio-maxiradio.c | 2 +-
5277 drivers/media/radio/radio-shark.c | 2 +-
5278 drivers/media/radio/radio-shark2.c | 2 +-
5279 drivers/media/radio/radio-si476x.c | 2 +-
8cf17962 5280 drivers/media/radio/wl128x/fmdrv_common.c | 2 +-
0986ccbe 5281 drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 12 +-
6090327c
PK		 5282 drivers/media/v4l2-core/v4l2-device.c | 4 +-
5283 drivers/media/v4l2-core/v4l2-ioctl.c | 13 +-
8cf17962 5284 drivers/memory/omap-gpmc.c | 21 +-
6090327c 5285 drivers/message/fusion/mptsas.c | 34 +-
6090327c 5286 drivers/mfd/ab8500-debugfs.c | 2 +-
e8242a6d 5287 drivers/mfd/kempld-core.c | 2 +-
6090327c
PK		 5288 drivers/mfd/max8925-i2c.c | 2 +-
5289 drivers/mfd/tps65910.c | 2 +-
5290 drivers/mfd/twl4030-irq.c | 9 +-
5291 drivers/misc/c2port/core.c | 4 +-
5292 drivers/misc/eeprom/sunxi_sid.c | 4 +-
5293 drivers/misc/kgdbts.c | 4 +-
5294 drivers/misc/lis3lv02d/lis3lv02d.c | 8 +-
5295 drivers/misc/lis3lv02d/lis3lv02d.h | 2 +-
afe359a8 5296 drivers/misc/mic/scif/scif_rb.c | 8 +-
6090327c
PK		 5297 drivers/misc/sgi-gru/gruhandles.c | 4 +-
5298 drivers/misc/sgi-gru/gruprocfs.c | 8 +-
5299 drivers/misc/sgi-gru/grutables.h | 154 +-
5300 drivers/misc/sgi-xp/xp.h | 2 +-
5301 drivers/misc/sgi-xp/xpc.h | 3 +-
da1216b9 5302 drivers/misc/sgi-xp/xpc_main.c | 2 +-
6090327c 5303 drivers/mmc/card/block.c | 2 +-
6090327c
PK		 5304 drivers/mmc/host/dw_mmc.h | 2 +-
5305 drivers/mmc/host/mmci.c | 4 +-
0986ccbe 5306 drivers/mmc/host/omap_hsmmc.c | 4 +-
6090327c
PK		 5307 drivers/mmc/host/sdhci-esdhc-imx.c | 7 +-
5308 drivers/mmc/host/sdhci-s3c.c | 8 +-
5309 drivers/mtd/chips/cfi_cmdset_0020.c | 2 +-
5310 drivers/mtd/nand/denali.c | 1 +
0986ccbe 5311 drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 2 +-
6090327c
PK		 5312 drivers/mtd/nftlmount.c | 1 +
5313 drivers/mtd/sm_ftl.c | 2 +-
5314 drivers/net/bonding/bond_netlink.c | 2 +-
0986ccbe 5315 drivers/net/caif/caif_hsi.c | 2 +-
6090327c 5316 drivers/net/can/Kconfig | 2 +-
0986ccbe
PK		 5317 drivers/net/can/dev.c | 2 +-
5318 drivers/net/can/vcan.c | 2 +-
5319 drivers/net/dummy.c | 2 +-
6090327c
PK		 5320 drivers/net/ethernet/8390/ax88796.c | 4 +-
5321 drivers/net/ethernet/altera/altera_tse_main.c | 4 +-
a8b227b4 5322 drivers/net/ethernet/amd/xgbe/xgbe-common.h | 4 +-
0986ccbe 5323 drivers/net/ethernet/amd/xgbe/xgbe-dcb.c | 4 +-
e8242a6d 5324 drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 27 +-
afe359a8
PK		 5325 drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 143 +-
5326 drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 64 +-
5327 drivers/net/ethernet/amd/xgbe/xgbe-ethtool.c | 10 +-
5328 drivers/net/ethernet/amd/xgbe/xgbe-main.c | 15 +-
5329 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 27 +-
a8b227b4 5330 drivers/net/ethernet/amd/xgbe/xgbe-ptp.c | 4 +-
afe359a8 5331 drivers/net/ethernet/amd/xgbe/xgbe.h | 10 +-
6090327c
PK		 5332 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h | 2 +-
5333 drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c | 11 +-
5334 drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h | 3 +-
5335 drivers/net/ethernet/broadcom/tg3.h | 1 +
afe359a8
PK		 5336 drivers/net/ethernet/cavium/liquidio/lio_ethtool.c | 6 +-
5337 drivers/net/ethernet/cavium/liquidio/lio_main.c | 11 +-
6090327c 5338 drivers/net/ethernet/chelsio/cxgb3/l2t.h | 2 +-
6090327c
PK		 5339 drivers/net/ethernet/dec/tulip/de4x5.c | 4 +-
5340 drivers/net/ethernet/emulex/benet/be_main.c | 2 +-
5341 drivers/net/ethernet/faraday/ftgmac100.c | 2 +
5342 drivers/net/ethernet/faraday/ftmac100.c | 2 +
5343 drivers/net/ethernet/intel/i40e/i40e_ptp.c | 2 +-
5344 drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c | 2 +-
0986ccbe 5345 drivers/net/ethernet/mellanox/mlx4/en_tx.c | 4 +-
afe359a8 5346 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 +-
6090327c
PK		 5347 drivers/net/ethernet/neterion/vxge/vxge-config.c | 7 +-
5348 .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c | 4 +-
5349 .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c | 12 +-
5350 .../net/ethernet/qlogic/qlcnic/qlcnic_minidump.c | 2 +-
5351 drivers/net/ethernet/realtek/r8169.c | 8 +-
5352 drivers/net/ethernet/sfc/ptp.c | 2 +-
5353 drivers/net/ethernet/stmicro/stmmac/mmc_core.c | 4 +-
e8242a6d 5354 drivers/net/ethernet/via/via-rhine.c | 2 +-
6090327c
PK		 5355 drivers/net/hyperv/hyperv_net.h | 2 +-
5356 drivers/net/hyperv/rndis_filter.c | 4 +-
0986ccbe 5357 drivers/net/ifb.c | 2 +-
afe359a8 5358 drivers/net/ipvlan/ipvlan_core.c | 2 +-
6090327c 5359 drivers/net/macvlan.c | 20 +-
0986ccbe
PK		 5360 drivers/net/macvtap.c | 6 +-
5361 drivers/net/nlmon.c | 2 +-
8cf17962 5362 drivers/net/phy/phy_device.c | 6 +-
6090327c
PK		 5363 drivers/net/ppp/ppp_generic.c | 4 +-
5364 drivers/net/slip/slhc.c | 2 +-
0986ccbe
PK		 5365 drivers/net/team/team.c | 4 +-
5366 drivers/net/tun.c | 7 +-
6090327c
PK		 5367 drivers/net/usb/hso.c | 23 +-
5368 drivers/net/usb/r8152.c | 2 +-
5369 drivers/net/usb/sierra_net.c | 4 +-
5370 drivers/net/virtio_net.c | 2 +-
5371 drivers/net/vxlan.c | 4 +-
5372 drivers/net/wimax/i2400m/rx.c | 2 +-
5373 drivers/net/wireless/airo.c | 2 +-
5374 drivers/net/wireless/at76c50x-usb.c | 2 +-
5375 drivers/net/wireless/ath/ath10k/htc.c | 7 +-
5376 drivers/net/wireless/ath/ath10k/htc.h | 4 +-
a8b227b4
PK		 5377 drivers/net/wireless/ath/ath9k/ar9002_mac.c | 36 +-
5378 drivers/net/wireless/ath/ath9k/ar9003_mac.c | 64 +-
6090327c 5379 drivers/net/wireless/ath/ath9k/hw.h | 4 +-
a8b227b4 5380 drivers/net/wireless/ath/ath9k/main.c | 22 +-
6090327c
PK		 5381 drivers/net/wireless/b43/phy_lp.c | 2 +-
5382 drivers/net/wireless/iwlegacy/3945-mac.c | 4 +-
5383 drivers/net/wireless/iwlwifi/dvm/debugfs.c | 34 +-
5384 drivers/net/wireless/iwlwifi/pcie/trans.c | 4 +-
5385 drivers/net/wireless/mac80211_hwsim.c | 28 +-
5386 drivers/net/wireless/rndis_wlan.c | 2 +-
5387 drivers/net/wireless/rt2x00/rt2x00.h | 2 +-
5388 drivers/net/wireless/rt2x00/rt2x00queue.c | 4 +-
5389 drivers/net/wireless/ti/wl1251/sdio.c | 12 +-
5390 drivers/net/wireless/ti/wl12xx/main.c | 8 +-
5391 drivers/net/wireless/ti/wl18xx/main.c | 6 +-
5392 drivers/nfc/nfcwilink.c | 2 +-
e8242a6d 5393 drivers/of/fdt.c | 4 +-
6090327c
PK		 5394 drivers/oprofile/buffer_sync.c | 8 +-
5395 drivers/oprofile/event_buffer.c | 2 +-
5396 drivers/oprofile/oprof.c | 2 +-
5397 drivers/oprofile/oprofile_files.c | 2 +-
5398 drivers/oprofile/oprofile_stats.c | 10 +-
5399 drivers/oprofile/oprofile_stats.h | 10 +-
5400 drivers/oprofile/oprofilefs.c | 6 +-
5401 drivers/oprofile/timer_int.c | 2 +-
5402 drivers/parport/procfs.c | 4 +-
e8242a6d 5403 drivers/pci/host/pci-host-generic.c | 24 +-
6090327c
PK		 5404 drivers/pci/hotplug/acpiphp_ibm.c | 4 +-
5405 drivers/pci/hotplug/cpcihp_generic.c | 6 +-
5406 drivers/pci/hotplug/cpcihp_zt5550.c | 14 +-
0986ccbe 5407 drivers/pci/hotplug/cpqphp_nvram.c | 2 +
6090327c
PK		 5408 drivers/pci/hotplug/pci_hotplug_core.c | 6 +-
5409 drivers/pci/hotplug/pciehp_core.c | 2 +-
afe359a8 5410 drivers/pci/msi.c | 21 +-
6090327c
PK		 5411 drivers/pci/pci-sysfs.c | 6 +-
5412 drivers/pci/pci.h | 2 +-
5413 drivers/pci/pcie/aspm.c | 6 +-
e8242a6d 5414 drivers/pci/pcie/portdrv_pci.c | 2 +-
6090327c 5415 drivers/pci/probe.c | 2 +-
afe359a8 5416 drivers/pinctrl/pinctrl-at91.c | 5 +-
e8242a6d 5417 drivers/platform/chrome/chromeos_pstore.c | 2 +-
6090327c 5418 drivers/platform/x86/alienware-wmi.c | 4 +-
e8242a6d
PK		 5419 drivers/platform/x86/compal-laptop.c | 2 +-
5420 drivers/platform/x86/hdaps.c | 2 +-
5421 drivers/platform/x86/ibm_rtl.c | 2 +-
5422 drivers/platform/x86/intel_oaktrail.c | 2 +-
5423 drivers/platform/x86/msi-laptop.c | 16 +-
6090327c 5424 drivers/platform/x86/msi-wmi.c | 2 +-
e8242a6d
PK		 5425 drivers/platform/x86/samsung-laptop.c | 2 +-
5426 drivers/platform/x86/samsung-q10.c | 2 +-
5427 drivers/platform/x86/sony-laptop.c | 14 +-
da1216b9 5428 drivers/platform/x86/thinkpad_acpi.c | 2 +-
6090327c 5429 drivers/pnp/pnpbios/bioscalls.c | 14 +-
e8242a6d 5430 drivers/pnp/pnpbios/core.c | 2 +-
6090327c
PK		 5431 drivers/power/pda_power.c | 7 +-
5432 drivers/power/power_supply.h | 4 +-
5433 drivers/power/power_supply_core.c | 7 +-
5434 drivers/power/power_supply_sysfs.c | 6 +-
afe359a8 5435 drivers/power/reset/at91-reset.c | 9 +-
6090327c
PK		 5436 drivers/powercap/powercap_sys.c | 136 +-
5437 drivers/ptp/ptp_private.h | 2 +-
5438 drivers/ptp/ptp_sysfs.c | 2 +-
5439 drivers/regulator/core.c | 4 +-
5440 drivers/regulator/max8660.c | 6 +-
afe359a8 5441 drivers/regulator/max8973-regulator.c | 16 +-
8cf17962 5442 drivers/regulator/mc13892-regulator.c | 8 +-
afe359a8 5443 drivers/rtc/rtc-armada38x.c | 7 +-
6090327c
PK		 5444 drivers/rtc/rtc-cmos.c | 4 +-
5445 drivers/rtc/rtc-ds1307.c | 2 +-
5446 drivers/rtc/rtc-m48t59.c | 4 +-
afe359a8
PK		 5447 drivers/rtc/rtc-test.c | 6 +-
5448 drivers/scsi/be2iscsi/be_main.c | 2 +-
6090327c
PK		 5449 drivers/scsi/bfa/bfa_fcpim.h | 2 +-
5450 drivers/scsi/bfa/bfa_ioc.h | 4 +-
5451 drivers/scsi/fcoe/fcoe_sysfs.c | 12 +-
5452 drivers/scsi/hosts.c | 4 +-
afe359a8 5453 drivers/scsi/hpsa.c | 38 +-
6090327c
PK		 5454 drivers/scsi/hpsa.h | 2 +-
5455 drivers/scsi/libfc/fc_exch.c | 50 +-
5456 drivers/scsi/libsas/sas_ata.c | 2 +-
5457 drivers/scsi/lpfc/lpfc.h | 8 +-
5458 drivers/scsi/lpfc/lpfc_debugfs.c | 18 +-
5459 drivers/scsi/lpfc/lpfc_init.c | 6 +-
5460 drivers/scsi/lpfc/lpfc_scsi.c | 10 +-
5461 drivers/scsi/mpt2sas/mpt2sas_scsih.c | 8 +-
5462 drivers/scsi/pmcraid.c | 20 +-
5463 drivers/scsi/pmcraid.h | 8 +-
5464 drivers/scsi/qla2xxx/qla_attr.c | 4 +-
5465 drivers/scsi/qla2xxx/qla_gbl.h | 4 +-
5466 drivers/scsi/qla2xxx/qla_os.c | 6 +-
5467 drivers/scsi/qla4xxx/ql4_def.h | 2 +-
5468 drivers/scsi/qla4xxx/ql4_os.c | 6 +-
da1216b9 5469 drivers/scsi/scsi.c | 2 +-
8cf17962 5470 drivers/scsi/scsi_lib.c | 8 +-
6090327c 5471 drivers/scsi/scsi_sysfs.c | 2 +-
6090327c
PK		 5472 drivers/scsi/scsi_transport_fc.c | 8 +-
5473 drivers/scsi/scsi_transport_iscsi.c | 6 +-
5474 drivers/scsi/scsi_transport_srp.c | 6 +-
da1216b9 5475 drivers/scsi/sd.c | 6 +-
6090327c 5476 drivers/scsi/sg.c | 2 +-
afe359a8 5477 drivers/scsi/sr.c | 21 +-
0986ccbe 5478 drivers/soc/tegra/fuse/fuse-tegra.c | 2 +-
6090327c 5479 drivers/spi/spi.c | 2 +-
afe359a8 5480 drivers/spi/spidev.c | 2 +-
6090327c 5481 drivers/staging/android/timed_output.c | 6 +-
8cf17962 5482 drivers/staging/comedi/comedi_fops.c | 8 +-
e8242a6d
PK		 5483 drivers/staging/fbtft/fbtft-core.c | 2 +-
5484 drivers/staging/fbtft/fbtft.h | 2 +-
6090327c 5485 drivers/staging/gdm724x/gdm_tty.c | 2 +-
afe359a8
PK		 5486 drivers/staging/iio/accel/lis3l02dq_ring.c | 2 +-
5487 drivers/staging/iio/adc/ad7280a.c | 4 +-
6090327c
PK		 5488 drivers/staging/lustre/lnet/selftest/brw_test.c | 12 +-
5489 drivers/staging/lustre/lnet/selftest/framework.c | 4 -
5490 drivers/staging/lustre/lnet/selftest/ping_test.c | 14 +-
5491 drivers/staging/lustre/lustre/include/lustre_dlm.h | 2 +-
5492 drivers/staging/lustre/lustre/include/obd.h | 2 +-
da1216b9 5493 drivers/staging/lustre/lustre/libcfs/module.c | 6 +-
6090327c
PK		 5494 drivers/staging/octeon/ethernet-rx.c | 12 +-
5495 drivers/staging/octeon/ethernet.c | 8 +-
5496 drivers/staging/rtl8188eu/include/hal_intf.h | 2 +-
6090327c 5497 drivers/staging/rtl8712/rtl871x_io.h | 2 +-
afe359a8
PK		 5498 drivers/staging/sm750fb/sm750.c | 14 +-
5499 drivers/staging/unisys/visorbus/visorbus_private.h | 4 +-
6090327c
PK		 5500 drivers/target/sbp/sbp_target.c | 4 +-
5501 drivers/target/target_core_device.c | 2 +-
5502 drivers/target/target_core_transport.c | 2 +-
afe359a8 5503 drivers/thermal/cpu_cooling.c | 9 +-
0986ccbe 5504 drivers/thermal/int340x_thermal/int3400_thermal.c | 6 +-
8cf17962 5505 drivers/thermal/of-thermal.c | 17 +-
e8242a6d 5506 drivers/thermal/x86_pkg_temp_thermal.c | 2 +-
6090327c
PK		 5507 drivers/tty/cyclades.c | 6 +-
5508 drivers/tty/hvc/hvc_console.c | 14 +-
5509 drivers/tty/hvc/hvcs.c | 21 +-
5510 drivers/tty/hvc/hvsi.c | 22 +-
5511 drivers/tty/hvc/hvsi_lib.c | 4 +-
5512 drivers/tty/ipwireless/tty.c | 27 +-
5513 drivers/tty/moxa.c | 2 +-
5514 drivers/tty/n_gsm.c | 4 +-
5515 drivers/tty/n_tty.c | 5 +-
5516 drivers/tty/pty.c | 4 +-
5517 drivers/tty/rocket.c | 6 +-
afe359a8
PK		 5518 drivers/tty/serial/8250/8250_core.c | 10 +-
5519 drivers/tty/serial/ifx6x60.c | 2 +-
6090327c
PK		 5520 drivers/tty/serial/ioc4_serial.c | 6 +-
5521 drivers/tty/serial/kgdb_nmi.c | 4 +-
5522 drivers/tty/serial/kgdboc.c | 32 +-
5523 drivers/tty/serial/msm_serial.c | 4 +-
5524 drivers/tty/serial/samsung.c | 9 +-
5525 drivers/tty/serial/serial_core.c | 8 +-
5526 drivers/tty/synclink.c | 34 +-
5527 drivers/tty/synclink_gt.c | 28 +-
5528 drivers/tty/synclinkmp.c | 34 +-
5529 drivers/tty/tty_io.c | 2 +-
5530 drivers/tty/tty_ldisc.c | 8 +-
5531 drivers/tty/tty_port.c | 22 +-
0986ccbe 5532 drivers/uio/uio.c | 13 +-
6090327c
PK		 5533 drivers/usb/atm/cxacru.c | 2 +-
5534 drivers/usb/atm/usbatm.c | 24 +-
5535 drivers/usb/core/devices.c | 6 +-
5536 drivers/usb/core/devio.c | 10 +-
5537 drivers/usb/core/hcd.c | 4 +-
5538 drivers/usb/core/message.c | 6 +-
5539 drivers/usb/core/sysfs.c | 2 +-
5540 drivers/usb/core/usb.c | 2 +-
6090327c 5541 drivers/usb/early/ehci-dbgp.c | 16 +-
a8b227b4 5542 drivers/usb/gadget/function/u_serial.c | 22 +-
afe359a8
PK		 5543 drivers/usb/gadget/udc/dummy_hcd.c | 2 +-
5544 drivers/usb/host/ehci-hcd.c | 2 +-
6090327c 5545 drivers/usb/host/ehci-hub.c | 4 +-
afe359a8
PK		 5546 drivers/usb/host/ehci-q.c | 4 +-
5547 drivers/usb/host/fotg210-hcd.c | 2 +-
5548 drivers/usb/host/fusbh200-hcd.c | 2 +-
5549 drivers/usb/host/hwa-hc.c | 2 +-
5550 drivers/usb/host/ohci-hcd.c | 2 +-
5551 drivers/usb/host/r8a66597.h | 2 +-
5552 drivers/usb/host/uhci-hcd.c | 2 +-
5553 drivers/usb/host/xhci-pci.c | 2 +-
5554 drivers/usb/host/xhci.c | 2 +-
6090327c
PK		 5555 drivers/usb/misc/appledisplay.c | 4 +-
5556 drivers/usb/serial/console.c | 8 +-
afe359a8 5557 drivers/usb/storage/usb.c | 2 +-
6090327c 5558 drivers/usb/storage/usb.h | 2 +-
a8b227b4
PK		 5559 drivers/usb/usbip/vhci.h | 2 +-
5560 drivers/usb/usbip/vhci_hcd.c | 6 +-
5561 drivers/usb/usbip/vhci_rx.c | 2 +-
6090327c
PK		 5562 drivers/usb/wusbcore/wa-hc.h | 4 +-
5563 drivers/usb/wusbcore/wa-xfer.c | 2 +-
5564 drivers/vfio/vfio.c | 2 +-
5565 drivers/vhost/vringh.c | 20 +-
5566 drivers/video/backlight/kb3886_bl.c | 2 +-
5567 drivers/video/fbdev/aty/aty128fb.c | 2 +-
5568 drivers/video/fbdev/aty/atyfb_base.c | 8 +-
5569 drivers/video/fbdev/aty/mach64_cursor.c | 5 +-
5570 drivers/video/fbdev/core/fb_defio.c | 6 +-
5571 drivers/video/fbdev/core/fbmem.c | 2 +-
5572 drivers/video/fbdev/hyperv_fb.c | 4 +-
5573 drivers/video/fbdev/i810/i810_accel.c | 1 +
afe359a8 5574 drivers/video/fbdev/matrox/matroxfb_base.c | 2 +-
6090327c
PK		 5575 drivers/video/fbdev/mb862xx/mb862xxfb_accel.c | 16 +-
5576 drivers/video/fbdev/nvidia/nvidia.c | 27 +-
5577 drivers/video/fbdev/omap2/dss/display.c | 8 +-
5578 drivers/video/fbdev/s1d13xxxfb.c | 6 +-
5579 drivers/video/fbdev/smscufx.c | 4 +-
5580 drivers/video/fbdev/udlfb.c | 36 +-
5581 drivers/video/fbdev/uvesafb.c | 52 +-
5582 drivers/video/fbdev/vesafb.c | 58 +-
5583 drivers/video/fbdev/via/via_clock.h | 2 +-
e8242a6d 5584 drivers/xen/events/events_base.c | 6 +-
afe359a8 5585 drivers/xen/evtchn.c | 4 +-
6090327c
PK		 5586 fs/Kconfig.binfmt | 2 +-
5587 fs/afs/inode.c | 4 +-
5588 fs/aio.c | 2 +-
5589 fs/autofs4/waitq.c | 2 +-
5590 fs/befs/endian.h | 6 +-
5591 fs/binfmt_aout.c | 23 +-
afe359a8
PK		 5592 fs/binfmt_elf.c | 672 +-
5593 fs/binfmt_elf_fdpic.c | 2 +-
6090327c
PK		 5594 fs/block_dev.c | 2 +-
5595 fs/btrfs/ctree.c | 9 +-
5596 fs/btrfs/delayed-inode.c | 6 +-
5597 fs/btrfs/delayed-inode.h | 4 +-
5598 fs/btrfs/super.c | 2 +-
5599 fs/btrfs/sysfs.c | 2 +-
0986ccbe 5600 fs/btrfs/tests/free-space-tests.c | 8 +-
6090327c
PK		 5601 fs/btrfs/tree-log.h | 2 +-
5602 fs/buffer.c | 2 +-
5603 fs/cachefiles/bind.c | 6 +-
5604 fs/cachefiles/daemon.c | 8 +-
5605 fs/cachefiles/internal.h | 12 +-
5606 fs/cachefiles/namei.c | 2 +-
5607 fs/cachefiles/proc.c | 12 +-
afe359a8 5608 fs/ceph/dir.c | 12 +-
6090327c
PK		 5609 fs/ceph/super.c | 4 +-
5610 fs/cifs/cifs_debug.c | 12 +-
5611 fs/cifs/cifsfs.c | 8 +-
5612 fs/cifs/cifsglob.h | 54 +-
5613 fs/cifs/file.c | 10 +-
5614 fs/cifs/misc.c | 4 +-
5615 fs/cifs/smb1ops.c | 80 +-
5616 fs/cifs/smb2ops.c | 84 +-
5617 fs/cifs/smb2pdu.c | 3 +-
5618 fs/coda/cache.c | 10 +-
5619 fs/compat.c | 4 +-
5620 fs/compat_binfmt_elf.c | 2 +
5621 fs/compat_ioctl.c | 12 +-
5622 fs/configfs/dir.c | 10 +-
5623 fs/coredump.c | 16 +-
e8242a6d 5624 fs/dcache.c | 51 +-
6090327c
PK		 5625 fs/ecryptfs/inode.c | 2 +-
5626 fs/ecryptfs/miscdev.c | 2 +-
8cf17962 5627 fs/exec.c | 362 +-
6090327c
PK		 5628 fs/ext2/xattr.c | 5 +-
5629 fs/ext3/xattr.c | 5 +-
5630 fs/ext4/ext4.h | 20 +-
5631 fs/ext4/mballoc.c | 44 +-
5632 fs/ext4/mmp.c | 2 +-
e8242a6d 5633 fs/ext4/resize.c | 16 +-
6090327c
PK		 5634 fs/ext4/super.c | 4 +-
5635 fs/ext4/xattr.c | 5 +-
5636 fs/fhandle.c | 3 +-
5637 fs/file.c | 4 +-
5638 fs/fs_struct.c | 8 +-
5639 fs/fscache/cookie.c | 40 +-
afe359a8 5640 fs/fscache/internal.h | 202 +-
6090327c 5641 fs/fscache/object.c | 26 +-
afe359a8 5642 fs/fscache/operation.c | 38 +-
6090327c 5643 fs/fscache/page.c | 110 +-
afe359a8 5644 fs/fscache/stats.c | 348 +-
6090327c
PK		 5645 fs/fuse/cuse.c | 10 +-
5646 fs/fuse/dev.c | 4 +-
e8242a6d
PK		 5647 fs/gfs2/glock.c | 22 +-
5648 fs/gfs2/glops.c | 4 +-
5649 fs/gfs2/quota.c | 6 +-
6090327c
PK		 5650 fs/hugetlbfs/inode.c | 13 +-
5651 fs/inode.c | 4 +-
5652 fs/jffs2/erase.c | 3 +-
5653 fs/jffs2/wbuf.c | 3 +-
5654 fs/jfs/super.c | 2 +-
5655 fs/kernfs/dir.c | 2 +-
e8242a6d 5656 fs/kernfs/file.c | 20 +-
afe359a8 5657 fs/libfs.c | 10 +-
6090327c 5658 fs/lockd/clntproc.c | 4 +-
afe359a8 5659 fs/namei.c | 16 +-
6090327c
PK		 5660 fs/namespace.c | 16 +-
5661 fs/nfs/callback_xdr.c | 2 +-
5662 fs/nfs/inode.c | 6 +-
5663 fs/nfsd/nfs4proc.c | 2 +-
5664 fs/nfsd/nfs4xdr.c | 2 +-
a8b227b4 5665 fs/nfsd/nfscache.c | 11 +-
6090327c 5666 fs/nfsd/vfs.c | 6 +-
a8b227b4 5667 fs/nls/nls_base.c | 26 +-
6090327c
PK		 5668 fs/nls/nls_euc-jp.c | 6 +-
5669 fs/nls/nls_koi8-ru.c | 6 +-
5670 fs/notify/fanotify/fanotify_user.c | 4 +-
5671 fs/notify/notification.c | 4 +-
5672 fs/ntfs/dir.c | 2 +-
6090327c
PK		 5673 fs/ntfs/super.c | 6 +-
5674 fs/ocfs2/localalloc.c | 2 +-
5675 fs/ocfs2/ocfs2.h | 10 +-
5676 fs/ocfs2/suballoc.c | 12 +-
5677 fs/ocfs2/super.c | 20 +-
da1216b9 5678 fs/pipe.c | 72 +-
6090327c
PK		 5679 fs/posix_acl.c | 4 +-
5680 fs/proc/array.c | 20 +
5681 fs/proc/base.c | 4 +-
e8242a6d 5682 fs/proc/kcore.c | 34 +-
6090327c
PK		 5683 fs/proc/meminfo.c | 2 +-
5684 fs/proc/nommu.c | 2 +-
afe359a8 5685 fs/proc/proc_sysctl.c | 26 +-
6090327c
PK		 5686 fs/proc/task_mmu.c | 39 +-
5687 fs/proc/task_nommu.c | 4 +-
5688 fs/proc/vmcore.c | 16 +-
5689 fs/qnx6/qnx6.h | 4 +-
5690 fs/quota/netlink.c | 4 +-
5691 fs/read_write.c | 2 +-
5692 fs/reiserfs/do_balan.c | 2 +-
5693 fs/reiserfs/procfs.c | 2 +-
5694 fs/reiserfs/reiserfs.h | 4 +-
5695 fs/seq_file.c | 4 +-
5696 fs/splice.c | 43 +-
da1216b9 5697 fs/squashfs/xattr.c | 12 +-
6090327c 5698 fs/sysv/sysv.h | 2 +-
afe359a8 5699 fs/tracefs/inode.c | 8 +-
6090327c
PK		 5700 fs/ubifs/io.c | 2 +-
5701 fs/udf/misc.c | 2 +-
5702 fs/ufs/swab.h | 4 +-
5703 fs/xattr.c | 21 +
a8b227b4 5704 fs/xfs/libxfs/xfs_bmap.c | 2 +-
6090327c
PK		 5705 fs/xfs/xfs_dir2_readdir.c | 7 +-
5706 fs/xfs/xfs_ioctl.c | 2 +-
0986ccbe 5707 fs/xfs/xfs_linux.h | 4 +-
6090327c 5708 include/asm-generic/4level-fixup.h | 2 +
0986ccbe 5709 include/asm-generic/atomic-long.h | 214 +-
6090327c
PK		 5710 include/asm-generic/atomic64.h | 12 +
5711 include/asm-generic/barrier.h | 2 +-
5712 include/asm-generic/bitops/__fls.h | 2 +-
5713 include/asm-generic/bitops/fls.h | 2 +-
5714 include/asm-generic/bitops/fls64.h | 4 +-
da1216b9 5715 include/asm-generic/bug.h | 6 +-
6090327c
PK		 5716 include/asm-generic/cache.h | 4 +-
5717 include/asm-generic/emergency-restart.h | 2 +-
5718 include/asm-generic/kmap_types.h | 4 +-
5719 include/asm-generic/local.h | 13 +
5720 include/asm-generic/pgtable-nopmd.h | 18 +-
5721 include/asm-generic/pgtable-nopud.h | 15 +-
5722 include/asm-generic/pgtable.h | 16 +
5723 include/asm-generic/uaccess.h | 16 +
da1216b9 5724 include/asm-generic/vmlinux.lds.h | 13 +-
6090327c
PK		 5725 include/crypto/algapi.h | 2 +-
5726 include/drm/drmP.h | 16 +-
5727 include/drm/drm_crtc_helper.h | 2 +-
afe359a8 5728 include/drm/drm_mm.h | 2 +-
6090327c 5729 include/drm/i915_pciids.h | 2 +-
afe359a8 5730 include/drm/intel-gtt.h | 4 +-
6090327c
PK		 5731 include/drm/ttm/ttm_memory.h | 2 +-
5732 include/drm/ttm/ttm_page_alloc.h | 1 +
5733 include/keys/asymmetric-subtype.h | 2 +-
5734 include/linux/atmdev.h | 4 +-
8cf17962 5735 include/linux/atomic.h | 2 +-
6090327c
PK		 5736 include/linux/audit.h | 2 +-
5737 include/linux/binfmts.h | 3 +-
8cf17962 5738 include/linux/bitmap.h | 2 +-
afe359a8 5739 include/linux/bitops.h | 8 +-
6090327c
PK		 5740 include/linux/blkdev.h | 2 +-
5741 include/linux/blktrace_api.h | 2 +-
5742 include/linux/cache.h | 8 +
5743 include/linux/cdrom.h | 1 -
5744 include/linux/cleancache.h | 2 +-
5745 include/linux/clk-provider.h | 1 +
da1216b9 5746 include/linux/compat.h | 6 +-
afe359a8
PK		 5747 include/linux/compiler-gcc.h | 28 +-
5748 include/linux/compiler.h | 95 +-
6090327c
PK		 5749 include/linux/completion.h | 12 +-
5750 include/linux/configfs.h | 2 +-
5751 include/linux/cpufreq.h | 3 +-
5752 include/linux/cpuidle.h | 5 +-
8cf17962 5753 include/linux/cpumask.h | 14 +-
afe359a8 5754 include/linux/crypto.h | 4 +-
6090327c 5755 include/linux/ctype.h | 2 +-
e8242a6d 5756 include/linux/dcache.h | 4 +-
6090327c
PK		 5757 include/linux/decompress/mm.h | 2 +-
5758 include/linux/devfreq.h | 2 +-
5759 include/linux/device.h | 7 +-
5760 include/linux/dma-mapping.h | 2 +-
6090327c
PK		 5761 include/linux/efi.h | 1 +
5762 include/linux/elf.h | 2 +
5763 include/linux/err.h | 4 +-
5764 include/linux/extcon.h | 2 +-
e8242a6d 5765 include/linux/fb.h | 3 +-
6090327c 5766 include/linux/fdtable.h | 2 +-
da1216b9 5767 include/linux/fs.h | 5 +-
6090327c 5768 include/linux/fs_struct.h | 2 +-
afe359a8 5769 include/linux/fscache-cache.h | 2 +-
6090327c
PK		 5770 include/linux/fscache.h | 2 +-
5771 include/linux/fsnotify.h | 2 +-
5772 include/linux/genhd.h | 4 +-
5773 include/linux/genl_magic_func.h | 2 +-
5774 include/linux/gfp.h | 12 +-
6090327c
PK		 5775 include/linux/highmem.h | 12 +
5776 include/linux/hwmon-sysfs.h | 6 +-
5777 include/linux/i2c.h | 1 +
6090327c
PK		 5778 include/linux/if_pppox.h | 2 +-
5779 include/linux/init.h | 12 +-
5780 include/linux/init_task.h | 7 +
5781 include/linux/interrupt.h | 6 +-
5782 include/linux/iommu.h | 2 +-
5783 include/linux/ioport.h | 2 +-
afe359a8
PK		 5784 include/linux/ipc.h | 2 +-
5785 include/linux/irq.h | 5 +-
8cf17962 5786 include/linux/irqdesc.h | 2 +-
afe359a8
PK		 5787 include/linux/irqdomain.h | 3 +
5788 include/linux/jiffies.h | 30 +-
8cf17962 5789 include/linux/kernel.h | 2 +-
6090327c
PK		 5790 include/linux/key-type.h | 2 +-
5791 include/linux/kgdb.h | 6 +-
8cf17962 5792 include/linux/kmemleak.h | 4 +-
6090327c
PK		 5793 include/linux/kobject.h | 3 +-
5794 include/linux/kobject_ns.h | 2 +-
5795 include/linux/kref.h | 2 +-
5796 include/linux/kvm_host.h | 4 +-
5797 include/linux/libata.h | 2 +-
5798 include/linux/linkage.h | 1 +
5799 include/linux/list.h | 15 +
e8242a6d 5800 include/linux/lockref.h | 26 +-
6090327c
PK		 5801 include/linux/math64.h | 10 +-
5802 include/linux/mempolicy.h | 7 +
0986ccbe 5803 include/linux/mm.h | 104 +-
6090327c
PK		 5804 include/linux/mm_types.h | 20 +
5805 include/linux/mmiotrace.h | 4 +-
5806 include/linux/mmzone.h | 2 +-
5807 include/linux/mod_devicetable.h | 4 +-
afe359a8 5808 include/linux/module.h | 69 +-
6090327c
PK		 5809 include/linux/moduleloader.h | 16 +
5810 include/linux/moduleparam.h | 4 +-
6090327c
PK		 5811 include/linux/net.h | 2 +-
5812 include/linux/netdevice.h | 7 +-
5813 include/linux/netfilter.h | 2 +-
5814 include/linux/netfilter/nfnetlink.h | 2 +-
a8b227b4 5815 include/linux/nls.h | 4 +-
6090327c
PK		 5816 include/linux/notifier.h | 3 +-
5817 include/linux/oprofile.h | 4 +-
5818 include/linux/padata.h | 2 +-
5819 include/linux/pci_hotplug.h | 3 +-
8cf17962 5820 include/linux/percpu.h | 2 +-
da1216b9 5821 include/linux/perf_event.h | 12 +-
6090327c
PK		 5822 include/linux/pipe_fs_i.h | 8 +-
5823 include/linux/pm.h | 1 +
5824 include/linux/pm_domain.h | 4 +-
5825 include/linux/pm_runtime.h | 2 +-
5826 include/linux/pnp.h | 2 +-
5827 include/linux/poison.h | 4 +-
5828 include/linux/power/smartreflex.h | 2 +-
5829 include/linux/ppp-comp.h | 2 +-
5830 include/linux/preempt.h | 21 +
5831 include/linux/proc_ns.h | 2 +-
5832 include/linux/quota.h | 2 +-
5833 include/linux/random.h | 23 +-
afe359a8 5834 include/linux/rculist.h | 16 +
6090327c
PK		 5835 include/linux/reboot.h | 14 +-
5836 include/linux/regset.h | 3 +-
5837 include/linux/relay.h | 2 +-
5838 include/linux/rio.h | 2 +-
5839 include/linux/rmap.h | 4 +-
afe359a8 5840 include/linux/sched.h | 74 +-
6090327c 5841 include/linux/sched/sysctl.h | 1 +
6090327c
PK		 5842 include/linux/semaphore.h | 2 +-
5843 include/linux/seq_file.h | 1 +
5844 include/linux/signal.h | 2 +-
8cf17962 5845 include/linux/skbuff.h | 10 +-
da1216b9 5846 include/linux/slab.h | 47 +-
6090327c
PK		 5847 include/linux/slab_def.h | 14 +-
5848 include/linux/slub_def.h | 2 +-
5849 include/linux/smp.h | 2 +
5850 include/linux/sock_diag.h | 2 +-
5851 include/linux/sonet.h | 2 +-
5852 include/linux/sunrpc/addr.h | 8 +-
5853 include/linux/sunrpc/clnt.h | 2 +-
5854 include/linux/sunrpc/svc.h | 2 +-
5855 include/linux/sunrpc/svc_rdma.h | 18 +-
5856 include/linux/sunrpc/svcauth.h | 2 +-
5857 include/linux/swiotlb.h | 3 +-
da1216b9 5858 include/linux/syscalls.h | 21 +-
6090327c 5859 include/linux/syscore_ops.h | 2 +-
a8b227b4 5860 include/linux/sysctl.h | 3 +-
6090327c
PK		 5861 include/linux/sysfs.h | 9 +-
5862 include/linux/sysrq.h | 3 +-
afe359a8 5863 include/linux/tcp.h | 14 +-
6090327c
PK		 5864 include/linux/thread_info.h | 7 +
5865 include/linux/tty.h | 4 +-
5866 include/linux/tty_driver.h | 2 +-
5867 include/linux/tty_ldisc.h | 2 +-
5868 include/linux/types.h | 16 +
5869 include/linux/uaccess.h | 6 +-
0986ccbe 5870 include/linux/uio_driver.h | 2 +-
6090327c 5871 include/linux/unaligned/access_ok.h | 24 +-
afe359a8
PK		 5872 include/linux/usb.h | 6 +-
5873 include/linux/usb/hcd.h | 1 +
6090327c
PK		 5874 include/linux/usb/renesas_usbhs.h | 2 +-
5875 include/linux/vermagic.h | 21 +-
5876 include/linux/vga_switcheroo.h | 8 +-
5877 include/linux/vmalloc.h | 7 +-
5878 include/linux/vmstat.h | 24 +-
5879 include/linux/xattr.h | 5 +-
5880 include/linux/zlib.h | 3 +-
5881 include/media/v4l2-dev.h | 2 +-
5882 include/media/v4l2-device.h | 2 +-
5883 include/net/9p/transport.h | 2 +-
5884 include/net/bluetooth/l2cap.h | 2 +-
8cf17962 5885 include/net/bonding.h | 2 +-
6090327c
PK		 5886 include/net/caif/cfctrl.h | 6 +-
5887 include/net/flow.h | 2 +-
5888 include/net/genetlink.h | 2 +-
5889 include/net/gro_cells.h | 2 +-
5890 include/net/inet_connection_sock.h | 2 +-
afe359a8 5891 include/net/inet_sock.h | 2 +-
6090327c
PK		 5892 include/net/inetpeer.h | 2 +-
5893 include/net/ip_fib.h | 2 +-
5894 include/net/ip_vs.h | 8 +-
5895 include/net/irda/ircomm_tty.h | 1 +
5896 include/net/iucv/af_iucv.h | 2 +-
5897 include/net/llc_c_ac.h | 2 +-
5898 include/net/llc_c_ev.h | 4 +-
5899 include/net/llc_c_st.h | 2 +-
5900 include/net/llc_s_ac.h | 2 +-
5901 include/net/llc_s_st.h | 2 +-
5902 include/net/mac80211.h | 2 +-
5903 include/net/neighbour.h | 2 +-
afe359a8 5904 include/net/net_namespace.h | 18 +-
6090327c
PK		 5905 include/net/netlink.h | 2 +-
5906 include/net/netns/conntrack.h | 6 +-
5907 include/net/netns/ipv4.h | 4 +-
5908 include/net/netns/ipv6.h | 4 +-
5909 include/net/netns/xfrm.h | 2 +-
5910 include/net/ping.h | 2 +-
5911 include/net/protocol.h | 4 +-
5912 include/net/rtnetlink.h | 2 +-
5913 include/net/sctp/checksum.h | 4 +-
5914 include/net/sctp/sm.h | 4 +-
5915 include/net/sctp/structs.h | 2 +-
afe359a8 5916 include/net/sock.h | 12 +-
6090327c
PK		 5917 include/net/tcp.h | 8 +-
5918 include/net/xfrm.h | 13 +-
5919 include/rdma/iw_cm.h | 2 +-
5920 include/scsi/libfc.h | 3 +-
5921 include/scsi/scsi_device.h | 6 +-
da1216b9 5922 include/scsi/scsi_driver.h | 2 +-
6090327c 5923 include/scsi/scsi_transport_fc.h | 3 +-
afe359a8 5924 include/scsi/sg.h | 2 +-
6090327c
PK		 5925 include/sound/compress_driver.h | 2 +-
5926 include/sound/soc.h | 4 +-
5927 include/target/target_core_base.h | 2 +-
5928 include/trace/events/irq.h | 4 +-
5929 include/uapi/linux/a.out.h | 8 +
5930 include/uapi/linux/bcache.h | 5 +-
5931 include/uapi/linux/byteorder/little_endian.h | 28 +-
afe359a8 5932 include/uapi/linux/connector.h | 2 +-
6090327c
PK		 5933 include/uapi/linux/elf.h | 28 +
5934 include/uapi/linux/screen_info.h | 3 +-
5935 include/uapi/linux/swab.h | 6 +-
6090327c
PK		 5936 include/uapi/linux/xattr.h | 4 +
5937 include/video/udlfb.h | 8 +-
5938 include/video/uvesafb.h | 1 +
5939 init/Kconfig | 2 +-
5940 init/Makefile | 3 +
5941 init/do_mounts.c | 14 +-
5942 init/do_mounts.h | 8 +-
5943 init/do_mounts_initrd.c | 30 +-
5944 init/do_mounts_md.c | 6 +-
5945 init/init_task.c | 4 +
a8b227b4 5946 init/initramfs.c | 38 +-
afe359a8 5947 init/main.c | 30 +-
da1216b9 5948 ipc/compat.c | 4 +-
8cf17962 5949 ipc/ipc_sysctl.c | 8 +-
6090327c 5950 ipc/mq_sysctl.c | 4 +-
da1216b9 5951 ipc/sem.c | 4 +-
6090327c 5952 ipc/shm.c | 6 +
6090327c
PK		 5953 kernel/audit.c | 8 +-
5954 kernel/auditsc.c | 4 +-
8cf17962 5955 kernel/bpf/core.c | 7 +-
6090327c
PK		 5956 kernel/capability.c | 3 +
5957 kernel/compat.c | 38 +-
5958 kernel/debug/debug_core.c | 16 +-
5959 kernel/debug/kdb/kdb_main.c | 4 +-
da1216b9 5960 kernel/events/core.c | 26 +-
6090327c
PK		 5961 kernel/events/internal.h | 10 +-
5962 kernel/events/uprobes.c | 2 +-
5963 kernel/exit.c | 2 +-
afe359a8 5964 kernel/fork.c | 165 +-
6090327c
PK		 5965 kernel/futex.c | 11 +-
5966 kernel/futex_compat.c | 2 +-
5967 kernel/gcov/base.c | 7 +-
8cf17962 5968 kernel/irq/manage.c | 2 +-
afe359a8 5969 kernel/irq/msi.c | 20 +-
8cf17962 5970 kernel/irq/spurious.c | 2 +-
6090327c 5971 kernel/jump_label.c | 5 +
0986ccbe 5972 kernel/kallsyms.c | 37 +-
6090327c
PK		 5973 kernel/kexec.c | 3 +-
5974 kernel/kmod.c | 8 +-
5975 kernel/kprobes.c | 4 +-
5976 kernel/ksysfs.c | 2 +-
5977 kernel/locking/lockdep.c | 7 +-
6090327c
PK		 5978 kernel/locking/mutex-debug.c | 12 +-
5979 kernel/locking/mutex-debug.h | 4 +-
5980 kernel/locking/mutex.c | 6 +-
5981 kernel/locking/rtmutex-tester.c | 24 +-
afe359a8 5982 kernel/module.c | 422 +-
6090327c
PK		 5983 kernel/notifier.c | 17 +-
5984 kernel/padata.c | 4 +-
5985 kernel/panic.c | 5 +-
5986 kernel/pid.c | 2 +-
5987 kernel/pid_namespace.c | 2 +-
6090327c
PK		 5988 kernel/power/process.c | 12 +-
5989 kernel/profile.c | 14 +-
5990 kernel/ptrace.c | 8 +-
0986ccbe 5991 kernel/rcu/rcutorture.c | 60 +-
6090327c 5992 kernel/rcu/tiny.c | 4 +-
afe359a8 5993 kernel/rcu/tree.c | 66 +-
6090327c 5994 kernel/rcu/tree.h | 26 +-
afe359a8 5995 kernel/rcu/tree_plugin.h | 14 +-
6090327c 5996 kernel/rcu/tree_trace.c | 22 +-
6090327c
PK		 5997 kernel/sched/auto_group.c | 4 +-
5998 kernel/sched/completion.c | 6 +-
5999 kernel/sched/core.c | 45 +-
afe359a8 6000 kernel/sched/fair.c | 2 +-
6090327c
PK		 6001 kernel/sched/sched.h | 2 +-
6002 kernel/signal.c | 12 +-
6003 kernel/smpboot.c | 4 +-
6004 kernel/softirq.c | 12 +-
6005 kernel/sys.c | 10 +-
6006 kernel/sysctl.c | 34 +-
6007 kernel/time/alarmtimer.c | 2 +-
a8b227b4
PK		 6008 kernel/time/posix-cpu-timers.c | 4 +-
6009 kernel/time/posix-timers.c | 24 +-
6010 kernel/time/timer.c | 4 +-
6090327c 6011 kernel/time/timer_stats.c | 10 +-
6090327c 6012 kernel/trace/blktrace.c | 6 +-
0986ccbe 6013 kernel/trace/ftrace.c | 15 +-
e8242a6d 6014 kernel/trace/ring_buffer.c | 96 +-
6090327c
PK		 6015 kernel/trace/trace.c | 2 +-
6016 kernel/trace/trace.h | 2 +-
6017 kernel/trace/trace_clock.c | 4 +-
6018 kernel/trace/trace_events.c | 1 -
0986ccbe 6019 kernel/trace/trace_functions_graph.c | 4 +-
6090327c 6020 kernel/trace/trace_mmiotrace.c | 8 +-
a8b227b4
PK		 6021 kernel/trace/trace_output.c | 10 +-
6022 kernel/trace/trace_seq.c | 2 +-
6090327c
PK		 6023 kernel/trace/trace_stack.c | 2 +-
6024 kernel/user_namespace.c | 2 +-
6025 kernel/utsname_sysctl.c | 2 +-
6026 kernel/watchdog.c | 2 +-
afe359a8 6027 kernel/workqueue.c | 4 +-
6090327c
PK		 6028 lib/Kconfig.debug | 8 +-
6029 lib/Makefile | 2 +-
6030 lib/average.c | 2 +-
8cf17962 6031 lib/bitmap.c | 10 +-
6090327c
PK		 6032 lib/bug.c | 2 +
6033 lib/debugobjects.c | 2 +-
da1216b9
PK		 6034 lib/decompress_bunzip2.c | 3 +-
6035 lib/decompress_unlzma.c | 4 +-
6090327c
PK		 6036 lib/div64.c | 4 +-
6037 lib/dma-debug.c | 4 +-
6090327c
PK		 6038 lib/inflate.c | 2 +-
6039 lib/ioremap.c | 4 +-
6040 lib/kobject.c | 4 +-
6041 lib/list_debug.c | 126 +-
e8242a6d 6042 lib/lockref.c | 44 +-
6090327c
PK		 6043 lib/percpu-refcount.c | 2 +-
6044 lib/radix-tree.c | 2 +-
6045 lib/random32.c | 2 +-
6046 lib/show_mem.c | 2 +-
6047 lib/strncpy_from_user.c | 2 +-
6048 lib/strnlen_user.c | 2 +-
6049 lib/swiotlb.c | 2 +-
6050 lib/usercopy.c | 6 +
6051 lib/vsprintf.c | 12 +-
6052 mm/Kconfig | 6 +-
6053 mm/backing-dev.c | 4 +-
6054 mm/filemap.c | 2 +-
6090327c
PK		 6055 mm/gup.c | 13 +-
6056 mm/highmem.c | 7 +-
6057 mm/hugetlb.c | 70 +-
6058 mm/internal.h | 3 +-
6090327c 6059 mm/maccess.c | 4 +-
e8242a6d 6060 mm/madvise.c | 37 +
afe359a8
PK		 6061 mm/memory-failure.c | 34 +-
6062 mm/memory.c | 425 +-
6090327c
PK		 6063 mm/mempolicy.c | 25 +
6064 mm/mlock.c | 15 +-
e8242a6d 6065 mm/mm_init.c | 2 +-
da1216b9 6066 mm/mmap.c | 582 +-
0986ccbe 6067 mm/mprotect.c | 137 +-
6090327c
PK		 6068 mm/mremap.c | 44 +-
6069 mm/nommu.c | 21 +-
6070 mm/page-writeback.c | 2 +-
afe359a8 6071 mm/page_alloc.c | 49 +-
6090327c
PK		 6072 mm/percpu.c | 2 +-
6073 mm/process_vm_access.c | 14 +-
8cf17962 6074 mm/rmap.c | 45 +-
6090327c 6075 mm/shmem.c | 19 +-
8cf17962 6076 mm/slab.c | 109 +-
0986ccbe 6077 mm/slab.h | 22 +-
8cf17962
PK		 6078 mm/slab_common.c | 86 +-
6079 mm/slob.c | 218 +-
afe359a8 6080 mm/slub.c | 102 +-
6090327c
PK		 6081 mm/sparse-vmemmap.c | 4 +-
6082 mm/sparse.c | 2 +-
da1216b9 6083 mm/swap.c | 2 +
6090327c
PK		 6084 mm/swapfile.c | 12 +-
6085 mm/util.c | 6 +
e8242a6d 6086 mm/vmalloc.c | 112 +-
6090327c
PK		 6087 mm/vmstat.c | 12 +-
6088 net/8021q/vlan.c | 5 +-
0986ccbe 6089 net/8021q/vlan_netlink.c | 2 +-
6090327c
PK		 6090 net/9p/mod.c | 4 +-
6091 net/9p/trans_fd.c | 2 +-
6092 net/atm/atm_misc.c | 8 +-
6093 net/atm/lec.h | 2 +-
6094 net/atm/proc.c | 6 +-
6095 net/atm/resources.c | 4 +-
6096 net/ax25/sysctl_net_ax25.c | 2 +-
6097 net/batman-adv/bat_iv_ogm.c | 8 +-
6098 net/batman-adv/fragmentation.c | 2 +-
0986ccbe 6099 net/batman-adv/soft-interface.c | 8 +-
6090327c
PK		 6100 net/batman-adv/types.h | 6 +-
6101 net/bluetooth/hci_sock.c | 2 +-
6102 net/bluetooth/l2cap_core.c | 6 +-
6103 net/bluetooth/l2cap_sock.c | 12 +-
6104 net/bluetooth/rfcomm/sock.c | 4 +-
6105 net/bluetooth/rfcomm/tty.c | 4 +-
0986ccbe 6106 net/bridge/br_netlink.c | 2 +-
6090327c
PK		 6107 net/bridge/netfilter/ebtables.c | 6 +-
6108 net/caif/cfctrl.c | 11 +-
0986ccbe 6109 net/caif/chnl_net.c | 2 +-
6090327c
PK		 6110 net/can/af_can.c | 2 +-
6111 net/can/gw.c | 6 +-
6112 net/ceph/messenger.c | 4 +-
8cf17962 6113 net/compat.c | 24 +-
6090327c 6114 net/core/datagram.c | 2 +-
da1216b9 6115 net/core/dev.c | 16 +-
6090327c 6116 net/core/filter.c | 2 +-
e8242a6d 6117 net/core/flow.c | 6 +-
6090327c
PK		 6118 net/core/neighbour.c | 4 +-
6119 net/core/net-sysfs.c | 2 +-
6120 net/core/net_namespace.c | 8 +-
6121 net/core/netpoll.c | 4 +-
6122 net/core/rtnetlink.c | 15 +-
6123 net/core/scm.c | 8 +-
6124 net/core/skbuff.c | 8 +-
afe359a8
PK		 6125 net/core/sock.c | 28 +-
6126 net/core/sock_diag.c | 15 +-
8cf17962 6127 net/core/sysctl_net_core.c | 22 +-
6090327c
PK		 6128 net/decnet/af_decnet.c | 1 +
6129 net/decnet/sysctl_net_decnet.c | 4 +-
afe359a8 6130 net/dsa/dsa.c | 2 +-
0986ccbe 6131 net/hsr/hsr_netlink.c | 2 +-
e8242a6d
PK		 6132 net/ieee802154/6lowpan/core.c | 2 +-
6133 net/ieee802154/6lowpan/reassembly.c | 14 +-
0986ccbe 6134 net/ipv4/af_inet.c | 2 +-
6090327c
PK		 6135 net/ipv4/devinet.c | 18 +-
6136 net/ipv4/fib_frontend.c | 6 +-
6137 net/ipv4/fib_semantics.c | 2 +-
afe359a8
PK		 6138 net/ipv4/inet_connection_sock.c | 4 +-
6139 net/ipv4/inet_timewait_sock.c | 2 +-
6090327c
PK		 6140 net/ipv4/inetpeer.c | 2 +-
6141 net/ipv4/ip_fragment.c | 15 +-
6142 net/ipv4/ip_gre.c | 6 +-
6143 net/ipv4/ip_sockglue.c | 2 +-
6144 net/ipv4/ip_vti.c | 4 +-
6145 net/ipv4/ipconfig.c | 6 +-
6146 net/ipv4/ipip.c | 4 +-
6147 net/ipv4/netfilter/arp_tables.c | 12 +-
6148 net/ipv4/netfilter/ip_tables.c | 12 +-
0986ccbe 6149 net/ipv4/ping.c | 14 +-
6090327c
PK		 6150 net/ipv4/raw.c | 14 +-
6151 net/ipv4/route.c | 32 +-
6152 net/ipv4/sysctl_net_ipv4.c | 22 +-
afe359a8 6153 net/ipv4/tcp_input.c | 6 +-
6090327c
PK		 6154 net/ipv4/tcp_probe.c | 2 +-
6155 net/ipv4/udp.c | 10 +-
6156 net/ipv4/xfrm4_policy.c | 18 +-
da1216b9 6157 net/ipv6/addrconf.c | 16 +-
6090327c
PK		 6158 net/ipv6/af_inet6.c | 2 +-
6159 net/ipv6/datagram.c | 2 +-
6160 net/ipv6/icmp.c | 2 +-
0986ccbe 6161 net/ipv6/ip6_fib.c | 4 +-
6090327c
PK		 6162 net/ipv6/ip6_gre.c | 10 +-
6163 net/ipv6/ip6_tunnel.c | 4 +-
6164 net/ipv6/ip6_vti.c | 4 +-
6165 net/ipv6/ipv6_sockglue.c | 2 +-
6166 net/ipv6/netfilter/ip6_tables.c | 12 +-
6167 net/ipv6/netfilter/nf_conntrack_reasm.c | 14 +-
6168 net/ipv6/ping.c | 33 +-
6169 net/ipv6/raw.c | 17 +-
6170 net/ipv6/reassembly.c | 13 +-
6171 net/ipv6/route.c | 2 +-
6172 net/ipv6/sit.c | 4 +-
6173 net/ipv6/sysctl_net_ipv6.c | 2 +-
6174 net/ipv6/udp.c | 6 +-
afe359a8 6175 net/ipv6/xfrm6_policy.c | 23 +-
6090327c
PK		 6176 net/irda/ircomm/ircomm_tty.c | 18 +-
6177 net/iucv/af_iucv.c | 4 +-
6178 net/iucv/iucv.c | 2 +-
6179 net/key/af_key.c | 4 +-
6180 net/l2tp/l2tp_eth.c | 38 +-
e8242a6d
PK		 6181 net/l2tp/l2tp_ip.c | 2 +-
6182 net/l2tp/l2tp_ip6.c | 2 +-
6090327c
PK		 6183 net/mac80211/cfg.c | 8 +-
6184 net/mac80211/ieee80211_i.h | 3 +-
afe359a8 6185 net/mac80211/iface.c | 20 +-
6090327c 6186 net/mac80211/main.c | 2 +-
da1216b9 6187 net/mac80211/pm.c | 4 +-
6090327c 6188 net/mac80211/rate.c | 2 +-
da1216b9 6189 net/mac80211/sta_info.c | 2 +-
e8242a6d 6190 net/mac80211/util.c | 8 +-
da1216b9 6191 net/mpls/af_mpls.c | 6 +-
6090327c
PK		 6192 net/netfilter/ipset/ip_set_core.c | 2 +-
6193 net/netfilter/ipvs/ip_vs_conn.c | 6 +-
6194 net/netfilter/ipvs/ip_vs_core.c | 4 +-
6195 net/netfilter/ipvs/ip_vs_ctl.c | 14 +-
6196 net/netfilter/ipvs/ip_vs_lblc.c | 2 +-
6197 net/netfilter/ipvs/ip_vs_lblcr.c | 2 +-
6198 net/netfilter/ipvs/ip_vs_sync.c | 6 +-
6199 net/netfilter/ipvs/ip_vs_xmit.c | 4 +-
6200 net/netfilter/nf_conntrack_acct.c | 2 +-
6201 net/netfilter/nf_conntrack_ecache.c | 2 +-
6202 net/netfilter/nf_conntrack_helper.c | 2 +-
6203 net/netfilter/nf_conntrack_proto.c | 2 +-
6204 net/netfilter/nf_conntrack_standalone.c | 2 +-
6205 net/netfilter/nf_conntrack_timestamp.c | 2 +-
6206 net/netfilter/nf_log.c | 10 +-
6207 net/netfilter/nf_sockopt.c | 4 +-
6208 net/netfilter/nfnetlink_log.c | 4 +-
e8242a6d 6209 net/netfilter/nft_compat.c | 9 +-
6090327c
PK		 6210 net/netfilter/xt_statistic.c | 8 +-
6211 net/netlink/af_netlink.c | 4 +-
0986ccbe
PK		 6212 net/openvswitch/vport-internal_dev.c | 2 +-
6213 net/openvswitch/vport.c | 16 +-
6214 net/openvswitch/vport.h | 8 +-
da1216b9 6215 net/packet/af_packet.c | 8 +-
6090327c
PK		 6216 net/phonet/pep.c | 6 +-
6217 net/phonet/socket.c | 2 +-
6218 net/phonet/sysctl.c | 2 +-
6219 net/rds/cong.c | 6 +-
6220 net/rds/ib.h | 2 +-
6221 net/rds/ib_cm.c | 2 +-
6222 net/rds/ib_recv.c | 4 +-
6223 net/rds/iw.h | 2 +-
6224 net/rds/iw_cm.c | 2 +-
6225 net/rds/iw_recv.c | 4 +-
6226 net/rds/rds.h | 2 +-
6227 net/rds/tcp.c | 2 +-
6228 net/rds/tcp_send.c | 2 +-
6229 net/rxrpc/af_rxrpc.c | 2 +-
6230 net/rxrpc/ar-ack.c | 14 +-
6231 net/rxrpc/ar-call.c | 2 +-
6232 net/rxrpc/ar-connection.c | 2 +-
6233 net/rxrpc/ar-connevent.c | 2 +-
6234 net/rxrpc/ar-input.c | 4 +-
6235 net/rxrpc/ar-internal.h | 8 +-
6236 net/rxrpc/ar-local.c | 2 +-
6237 net/rxrpc/ar-output.c | 4 +-
6238 net/rxrpc/ar-peer.c | 2 +-
6239 net/rxrpc/ar-proc.c | 4 +-
6240 net/rxrpc/ar-transport.c | 2 +-
6241 net/rxrpc/rxkad.c | 4 +-
6242 net/sched/sch_generic.c | 4 +-
6243 net/sctp/ipv6.c | 6 +-
6244 net/sctp/protocol.c | 10 +-
6245 net/sctp/sm_sideeffect.c | 2 +-
6246 net/sctp/socket.c | 21 +-
6247 net/sctp/sysctl.c | 10 +-
8cf17962 6248 net/socket.c | 18 +-
6090327c
PK		 6249 net/sunrpc/auth_gss/svcauth_gss.c | 4 +-
6250 net/sunrpc/clnt.c | 4 +-
6251 net/sunrpc/sched.c | 4 +-
6252 net/sunrpc/svc.c | 4 +-
6253 net/sunrpc/svcauth_unix.c | 4 +-
6254 net/sunrpc/xprtrdma/svc_rdma.c | 38 +-
6255 net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 8 +-
6256 net/sunrpc/xprtrdma/svc_rdma_sendto.c | 2 +-
6257 net/sunrpc/xprtrdma/svc_rdma_transport.c | 10 +-
e8242a6d 6258 net/tipc/netlink_compat.c | 12 +-
6090327c 6259 net/tipc/subscr.c | 2 +-
8cf17962 6260 net/unix/af_unix.c | 7 +-
6090327c
PK		 6261 net/unix/sysctl_net_unix.c | 2 +-
6262 net/wireless/wext-core.c | 19 +-
6263 net/xfrm/xfrm_policy.c | 16 +-
6264 net/xfrm/xfrm_state.c | 33 +-
6265 net/xfrm/xfrm_sysctl.c | 2 +-
8cf17962 6266 scripts/Kbuild.include | 2 +-
6090327c
PK		 6267 scripts/Makefile.build | 2 +-
6268 scripts/Makefile.clean | 3 +-
0986ccbe 6269 scripts/Makefile.host | 63 +-
6090327c 6270 scripts/basic/fixdep.c | 12 +-
afe359a8
PK		 6271 scripts/dtc/checks.c | 14 +-
6272 scripts/dtc/data.c | 6 +-
6273 scripts/dtc/flattree.c | 8 +-
6274 scripts/dtc/livetree.c | 4 +-
a8b227b4 6275 scripts/gcc-plugin.sh | 51 +
6090327c 6276 scripts/headers_install.sh | 1 +
afe359a8
PK		 6277 scripts/kallsyms.c | 4 +-
6278 scripts/kconfig/lkc.h | 5 +-
6279 scripts/kconfig/menu.c | 2 +-
6280 scripts/kconfig/symbol.c | 6 +-
6090327c
PK		 6281 scripts/link-vmlinux.sh | 2 +-
6282 scripts/mod/file2alias.c | 14 +-
6283 scripts/mod/modpost.c | 25 +-
6284 scripts/mod/modpost.h | 6 +-
6285 scripts/mod/sumversion.c | 2 +-
6286 scripts/module-common.lds | 4 +
6287 scripts/package/builddeb | 1 +
6288 scripts/pnmtologo.c | 6 +-
6289 scripts/sortextable.h | 6 +-
a8b227b4 6290 scripts/tags.sh | 2 +-
afe359a8 6291 security/Kconfig | 691 +-
6090327c
PK		 6292 security/integrity/ima/ima.h | 4 +-
6293 security/integrity/ima/ima_api.c | 2 +-
6294 security/integrity/ima/ima_fs.c | 4 +-
6295 security/integrity/ima/ima_queue.c | 2 +-
6090327c 6296 security/keys/key.c | 18 +-
6090327c 6297 security/selinux/avc.c | 6 +-
6090327c 6298 security/selinux/include/xfrm.h | 2 +-
afe359a8 6299 security/yama/yama_lsm.c | 2 +-
6090327c
PK		 6300 sound/aoa/codecs/onyx.c | 7 +-
6301 sound/aoa/codecs/onyx.h | 1 +
6302 sound/core/oss/pcm_oss.c | 18 +-
6303 sound/core/pcm_compat.c | 2 +-
6304 sound/core/pcm_native.c | 4 +-
6090327c
PK		 6305 sound/core/sound.c | 2 +-
6306 sound/drivers/mts64.c | 14 +-
6307 sound/drivers/opl4/opl4_lib.c | 2 +-
6308 sound/drivers/portman2x4.c | 3 +-
6309 sound/firewire/amdtp.c | 4 +-
6310 sound/firewire/amdtp.h | 4 +-
6311 sound/firewire/isight.c | 10 +-
6312 sound/firewire/scs1x.c | 8 +-
6313 sound/oss/sb_audio.c | 2 +-
6314 sound/oss/swarm_cs4297a.c | 6 +-
8cf17962 6315 sound/pci/hda/hda_codec.c | 2 +-
6090327c
PK		 6316 sound/pci/ymfpci/ymfpci.h | 2 +-
6317 sound/pci/ymfpci/ymfpci_main.c | 12 +-
8cf17962 6318 sound/soc/soc-ac97.c | 6 +-
e8242a6d 6319 sound/soc/xtensa/xtfpga-i2s.c | 2 +-
da1216b9 6320 tools/gcc/Makefile | 42 +
6090327c 6321 tools/gcc/checker_plugin.c | 150 +
e8242a6d 6322 tools/gcc/colorize_plugin.c | 215 +
da1216b9 6323 tools/gcc/constify_plugin.c | 564 +
afe359a8 6324 tools/gcc/gcc-common.h | 790 +
da1216b9 6325 tools/gcc/initify_plugin.c | 450 +
e8242a6d 6326 tools/gcc/kallocstat_plugin.c | 188 +
afe359a8
PK		 6327 tools/gcc/kernexec_plugin.c | 551 +
6328 tools/gcc/latent_entropy_plugin.c | 470 +
6329 tools/gcc/size_overflow_plugin/.gitignore | 2 +
6330 tools/gcc/size_overflow_plugin/Makefile | 26 +
6331 .../disable_size_overflow_hash.data |11008 ++++++++++++++
6332 .../generate_size_overflow_hash.sh | 103 +
e8242a6d 6333 .../insert_size_overflow_asm.c | 409 +
afe359a8 6334 .../size_overflow_plugin/intentional_overflow.c | 980 ++
8cf17962 6335 .../size_overflow_plugin/remove_unnecessary_dup.c | 137 +
afe359a8
PK		 6336 tools/gcc/size_overflow_plugin/size_overflow.h | 329 +
6337 .../gcc/size_overflow_plugin/size_overflow_debug.c | 192 +
6338 .../size_overflow_plugin/size_overflow_hash.data |15719 ++++++++++++++++++++
6090327c 6339 .../size_overflow_hash_aux.data | 92 +
afe359a8
PK		 6340 tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 1373 ++
6341 .../gcc/size_overflow_plugin/size_overflow_misc.c | 505 +
6342 .../size_overflow_plugin/size_overflow_plugin.c | 318 +
6343 .../size_overflow_plugin_hash.c | 353 +
6344 .../size_overflow_plugin/size_overflow_transform.c | 576 +
6345 .../size_overflow_transform_core.c | 962 ++
6346 tools/gcc/stackleak_plugin.c | 436 +
e8242a6d 6347 tools/gcc/structleak_plugin.c | 287 +
6090327c
PK		 6348 tools/include/linux/compiler.h | 8 +
6349 tools/lib/api/Makefile | 2 +-
6350 tools/perf/util/include/asm/alternative-asm.h | 3 +
6351 tools/virtio/linux/uaccess.h | 2 +-
6352 virt/kvm/kvm_main.c | 44 +-
afe359a8 6353 1963 files changed, 60342 insertions(+), 8946 deletions(-)
Unofficial grsecurity patch archive (https://github.com/slashbeast/grsecurity-scrape)