]>
Commit | Line | Data |
---|---|---|
a085e527 PK |
1 | commit 24ce7d83ff71aa7102231f41c41aaf44f949751a |
2 | Author: David Gstir <david@sigma-star.at> | |
3 | Date: Sun Nov 15 17:14:41 2015 +0100 | |
4 | ||
5 | crypto: nx - Fix timing leak in GCM and CCM decryption | |
6 | ||
7 | Using non-constant time memcmp() makes the verification of the authentication | |
8 | tag in the decrypt path vulnerable to timing attacks. Fix this by using | |
9 | crypto_memneq() instead. | |
10 | ||
11 | Cc: stable@vger.kernel.org | |
12 | Signed-off-by: David Gstir <david@sigma-star.at> | |
13 | Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | |
14 | ||
15 | drivers/crypto/nx/nx-aes-ccm.c | 2 +- | |
16 | drivers/crypto/nx/nx-aes-gcm.c | 2 +- | |
17 | 2 files changed, 2 insertions(+), 2 deletions(-) | |
18 | ||
19 | commit 5c001f6d281406b32d79cf9b7851413adb658641 | |
20 | Author: David Gstir <david@sigma-star.at> | |
21 | Date: Sun Nov 15 17:14:42 2015 +0100 | |
22 | ||
23 | crypto: talitos - Fix timing leak in ESP ICV verification | |
24 | ||
25 | Using non-constant time memcmp() makes the verification of the authentication | |
26 | tag in the decrypt path vulnerable to timing attacks. Fix this by using | |
27 | crypto_memneq() instead. | |
28 | ||
29 | Cc: stable@vger.kernel.org | |
30 | Signed-off-by: David Gstir <david@sigma-star.at> | |
31 | Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | |
32 | ||
33 | Conflicts: | |
34 | ||
35 | drivers/crypto/talitos.c | |
36 | ||
37 | drivers/crypto/talitos.c | 4 ++-- | |
38 | 1 files changed, 2 insertions(+), 2 deletions(-) | |
39 | ||
40 | commit 66e9fe2d958fcdce01c6dadf415864e8cdeb06cb | |
41 | Author: Brad Spengler <spender@grsecurity.net> | |
42 | Date: Fri Dec 4 23:40:00 2015 -0500 | |
43 | ||
44 | Fix a size_overflow report caused by __get_user not fully initializing a register when | |
45 | reading in less than a register-width from userland, reported by peetaur at: | |
46 | https://forums.grsecurity.net/viewtopic.php?f=3&t=4332 | |
47 | Fix is from the PaX Team | |
48 | ||
49 | arch/x86/include/asm/uaccess.h | 2 +- | |
50 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
51 | ||
52 | commit 8599b6467ba41cf3d4e9a96495b5d71d44e74f6c | |
53 | Author: Eric Dumazet <edumazet@google.com> | |
54 | Date: Thu Nov 26 08:18:14 2015 -0800 | |
55 | ||
56 | tcp: initialize tp->copied_seq in case of cross SYN connection | |
57 | ||
58 | Dmitry provided a syzkaller (http://github.com/google/syzkaller) | |
59 | generated program that triggers the WARNING at | |
60 | net/ipv4/tcp.c:1729 in tcp_recvmsg() : | |
61 | ||
62 | WARN_ON(tp->copied_seq != tp->rcv_nxt && | |
63 | !(flags & (MSG_PEEK | MSG_TRUNC))); | |
64 | ||
65 | His program is specifically attempting a Cross SYN TCP exchange, | |
66 | that we support (for the pleasure of hackers ?), but it looks we | |
67 | lack proper tcp->copied_seq initialization. | |
68 | ||
69 | Thanks again Dmitry for your report and testings. | |
70 | ||
71 | Signed-off-by: Eric Dumazet <edumazet@google.com> | |
72 | Reported-by: Dmitry Vyukov <dvyukov@google.com> | |
73 | Tested-by: Dmitry Vyukov <dvyukov@google.com> | |
74 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
75 | ||
76 | net/ipv4/tcp_input.c | 1 + | |
77 | 1 files changed, 1 insertions(+), 0 deletions(-) | |
78 | ||
79 | commit 73c0ec9194319dc262011dbe7196c55cb450f29a | |
80 | Author: Guillaume Nault <g.nault@alphalink.fr> | |
81 | Date: Thu Dec 3 16:49:32 2015 +0100 | |
82 | ||
83 | pppoe: fix memory corruption in padt work structure | |
84 | ||
85 | pppoe_connect() mustn't touch the padt_work field of pppoe sockets | |
86 | because that work could be already pending. | |
87 | ||
88 | [ 21.473147] BUG: unable to handle kernel NULL pointer dereference at 00000004 | |
89 | [ 21.474523] IP: [<c1043177>] process_one_work+0x29/0x31c | |
90 | [ 21.475164] *pde = 00000000 | |
91 | [ 21.475513] Oops: 0000 [#1] SMP | |
92 | [ 21.475910] Modules linked in: pppoe pppox ppp_generic slhc crc32c_intel aesni_intel virtio_net xts aes_i586 lrw gf128mul ablk_helper cryptd evdev acpi_cpufreq processor serio_raw button ext4 crc16 mbcache jbd2 virtio_blk virtio_pci virtio_ring virtio | |
93 | [ 21.476168] CPU: 2 PID: 164 Comm: kworker/2:2 Not tainted 4.4.0-rc1 #1 | |
94 | [ 21.476168] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014 | |
95 | [ 21.476168] task: f5f83c00 ti: f5e28000 task.ti: f5e28000 | |
96 | [ 21.476168] EIP: 0060:[<c1043177>] EFLAGS: 00010046 CPU: 2 | |
97 | [ 21.476168] EIP is at process_one_work+0x29/0x31c | |
98 | [ 21.484082] EAX: 00000000 EBX: f678b2a0 ECX: 00000004 EDX: 00000000 | |
99 | [ 21.484082] ESI: f6c69940 EDI: f5e29ef0 EBP: f5e29f0c ESP: f5e29edc | |
100 | [ 21.484082] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 | |
101 | [ 21.484082] CR0: 80050033 CR2: 000000a4 CR3: 317ad000 CR4: 00040690 | |
102 | [ 21.484082] Stack: | |
103 | [ 21.484082] 00000000 f6c69950 00000000 f6c69940 c0042338 f5e29f0c c1327945 00000000 | |
104 | [ 21.484082] 00000008 f678b2a0 f6c69940 f678b2b8 f5e29f30 c1043984 f5f83c00 f6c69970 | |
105 | [ 21.484082] f678b2a0 c10437d3 f6775e80 f678b2a0 c10437d3 f5e29fac c1047059 f5e29f74 | |
106 | [ 21.484082] Call Trace: | |
107 | [ 21.484082] [<c1327945>] ? _raw_spin_lock_irq+0x28/0x30 | |
108 | [ 21.484082] [<c1043984>] worker_thread+0x1b1/0x244 | |
109 | [ 21.484082] [<c10437d3>] ? rescuer_thread+0x229/0x229 | |
110 | [ 21.484082] [<c10437d3>] ? rescuer_thread+0x229/0x229 | |
111 | [ 21.484082] [<c1047059>] kthread+0x8f/0x94 | |
112 | [ 21.484082] [<c1327a32>] ? _raw_spin_unlock_irq+0x22/0x26 | |
113 | [ 21.484082] [<c1327ee9>] ret_from_kernel_thread+0x21/0x38 | |
114 | [ 21.484082] [<c1046fca>] ? kthread_parkme+0x19/0x19 | |
115 | [ 21.496082] Code: 5d c3 55 89 e5 57 56 53 89 c3 83 ec 24 89 d0 89 55 e0 8d 7d e4 e8 6c d8 ff ff b9 04 00 00 00 89 45 d8 8b 43 24 89 45 dc 8b 45 d8 <8b> 40 04 8b 80 e0 00 00 00 c1 e8 05 24 01 88 45 d7 8b 45 e0 8d | |
116 | [ 21.496082] EIP: [<c1043177>] process_one_work+0x29/0x31c SS:ESP 0068:f5e29edc | |
117 | [ 21.496082] CR2: 0000000000000004 | |
118 | [ 21.496082] ---[ end trace e362cc9cf10dae89 ]--- | |
119 | ||
120 | Reported-by: Andrew <nitr0@seti.kr.ua> | |
121 | Fixes: 287f3a943fef ("pppoe: Use workqueue to die properly when a PADT is received") | |
122 | Signed-off-by: Guillaume Nault <g.nault@alphalink.fr> | |
123 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
124 | ||
125 | drivers/net/ppp/pppoe.c | 14 ++++++++++---- | |
126 | 1 files changed, 10 insertions(+), 4 deletions(-) | |
127 | ||
128 | commit 909cb25969d65dbdd08c69486c72cb09cf30131a | |
129 | Merge: 2fd6be6 b27a8b0 | |
130 | Author: Brad Spengler <spender@grsecurity.net> | |
131 | Date: Fri Dec 4 19:40:10 2015 -0500 | |
132 | ||
133 | Merge branch 'pax-test' into grsec-test | |
134 | ||
135 | Conflicts: | |
136 | Makefile | |
137 | ||
138 | commit b27a8b0f99304f0bc3ea3a8e55f04f6bb57bbe8f | |
139 | Author: Brad Spengler <spender@grsecurity.net> | |
140 | Date: Fri Dec 4 19:38:31 2015 -0500 | |
141 | ||
142 | Update to pax-linux-4.2.6-test26.patch: | |
143 | - fixed integer truncation check in md introduced by upstream commits 284ae7cab0f7335c9e0aa8992b28415ef1a54c7c and 58c0fed400603a802968b23ddf78f029c5a84e41, reported by BeiKed9o (https://forums.grsecurity.net/viewtopic.php?f=3&t=4328) | |
144 | - gcc plugin compilation problems will now also produce the output of the checking script to make diagnosis easier, reported by hunger | |
145 | - Emese fixed a false positive size overflow report in __vhost_add_used_n, reported by quasar366 (https://forums.grsecurity.net/viewtopic.php?f=3&t=4329) | |
146 | - fixed a potential integer truncation error in the raid1 code caught by the size overflow plugin, reported by d1b (https://forums.grsecurity.net/viewtopic.php?f=3&t=4331) | |
147 | ||
148 | Makefile | 5 +++ | |
149 | drivers/md/md.c | 5 ++- | |
150 | drivers/md/raid1.c | 2 +- | |
151 | fs/proc/task_mmu.c | 3 ++ | |
152 | .../disable_size_overflow_hash.data | 4 ++- | |
153 | .../size_overflow_plugin/intentional_overflow.c | 32 ++++++++++++++++--- | |
154 | .../size_overflow_plugin/size_overflow_hash.data | 2 - | |
155 | .../size_overflow_plugin/size_overflow_plugin.c | 2 +- | |
156 | 8 files changed, 43 insertions(+), 12 deletions(-) | |
157 | ||
158 | commit 2fd6be640143ad13633518208bb1ba5730bf4949 | |
159 | Author: Eric Dumazet <edumazet@google.com> | |
160 | Date: Tue Dec 1 20:08:51 2015 -0800 | |
161 | ||
162 | net_sched: fix qdisc_tree_decrease_qlen() races | |
163 | ||
164 | qdisc_tree_decrease_qlen() suffers from two problems on multiqueue | |
165 | devices. | |
166 | ||
167 | One problem is that it updates sch->q.qlen and sch->qstats.drops | |
168 | on the mq/mqprio root qdisc, while it should not : Daniele | |
169 | reported underflows errors : | |
170 | [ 681.774821] PAX: sch->q.qlen: 0 n: 1 | |
171 | [ 681.774825] PAX: size overflow detected in function qdisc_tree_decrease_qlen net/sched/sch_api.c:769 cicus.693_49 min, count: 72, decl: qlen; num: 0; context: sk_buff_head; | |
172 | [ 681.774954] CPU: 2 PID: 19 Comm: ksoftirqd/2 Tainted: G O 4.2.6.201511282239-1-grsec #1 | |
173 | [ 681.774955] Hardware name: ASUSTeK COMPUTER INC. X302LJ/X302LJ, BIOS X302LJ.202 03/05/2015 | |
174 | [ 681.774956] ffffffffa9a04863 0000000000000000 0000000000000000 ffffffffa990ff7c | |
175 | [ 681.774959] ffffc90000d3bc38 ffffffffa95d2810 0000000000000007 ffffffffa991002b | |
176 | [ 681.774960] ffffc90000d3bc68 ffffffffa91a44f4 0000000000000001 0000000000000001 | |
177 | [ 681.774962] Call Trace: | |
178 | [ 681.774967] [<ffffffffa95d2810>] dump_stack+0x4c/0x7f | |
179 | [ 681.774970] [<ffffffffa91a44f4>] report_size_overflow+0x34/0x50 | |
180 | [ 681.774972] [<ffffffffa94d17e2>] qdisc_tree_decrease_qlen+0x152/0x160 | |
181 | [ 681.774976] [<ffffffffc02694b1>] fq_codel_dequeue+0x7b1/0x820 [sch_fq_codel] | |
182 | [ 681.774978] [<ffffffffc02680a0>] ? qdisc_peek_dequeued+0xa0/0xa0 [sch_fq_codel] | |
183 | [ 681.774980] [<ffffffffa94cd92d>] __qdisc_run+0x4d/0x1d0 | |
184 | [ 681.774983] [<ffffffffa949b2b2>] net_tx_action+0xc2/0x160 | |
185 | [ 681.774985] [<ffffffffa90664c1>] __do_softirq+0xf1/0x200 | |
186 | [ 681.774987] [<ffffffffa90665ee>] run_ksoftirqd+0x1e/0x30 | |
187 | [ 681.774989] [<ffffffffa90896b0>] smpboot_thread_fn+0x150/0x260 | |
188 | [ 681.774991] [<ffffffffa9089560>] ? sort_range+0x40/0x40 | |
189 | [ 681.774992] [<ffffffffa9085fe4>] kthread+0xe4/0x100 | |
190 | [ 681.774994] [<ffffffffa9085f00>] ? kthread_worker_fn+0x170/0x170 | |
191 | [ 681.774995] [<ffffffffa95d8d1e>] ret_from_fork+0x3e/0x70 | |
192 | ||
193 | mq/mqprio have their own ways to report qlen/drops by folding stats on | |
194 | all their queues, with appropriate locking. | |
195 | ||
196 | A second problem is that qdisc_tree_decrease_qlen() calls qdisc_lookup() | |
197 | without proper locking : concurrent qdisc updates could corrupt the list | |
198 | that qdisc_match_from_root() parses to find a qdisc given its handle. | |
199 | ||
200 | Fix first problem adding a TCQ_F_NOPARENT qdisc flag that | |
201 | qdisc_tree_decrease_qlen() can use to abort its tree traversal, | |
202 | as soon as it meets a mq/mqprio qdisc children. | |
203 | ||
204 | Second problem can be fixed by RCU protection. | |
205 | Qdisc are already freed after RCU grace period, so qdisc_list_add() and | |
206 | qdisc_list_del() simply have to use appropriate rcu list variants. | |
207 | ||
208 | A future patch will add a per struct netdev_queue list anchor, so that | |
209 | qdisc_tree_decrease_qlen() can have more efficient lookups. | |
210 | ||
211 | Reported-by: Daniele Fucini <dfucini@gmail.com> | |
212 | Signed-off-by: Eric Dumazet <edumazet@google.com> | |
213 | Cc: Cong Wang <cwang@twopensource.com> | |
214 | Cc: Jamal Hadi Salim <jhs@mojatatu.com> | |
215 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
216 | ||
217 | Conflicts: | |
218 | ||
219 | net/sched/sch_generic.c | |
220 | ||
221 | include/net/sch_generic.h | 3 +++ | |
222 | net/sched/sch_api.c | 27 ++++++++++++++++++--------- | |
223 | net/sched/sch_generic.c | 2 +- | |
224 | net/sched/sch_mq.c | 4 ++-- | |
225 | net/sched/sch_mqprio.c | 4 ++-- | |
226 | 5 files changed, 26 insertions(+), 14 deletions(-) | |
227 | ||
228 | commit 47e3db55fb66525b7a769de3e2275b5d75a03f39 | |
229 | Author: Eric Dumazet <edumazet@google.com> | |
230 | Date: Tue Dec 1 07:20:07 2015 -0800 | |
231 | ||
232 | ipv6: sctp: implement sctp_v6_destroy_sock() | |
233 | ||
234 | Dmitry Vyukov reported a memory leak using IPV6 SCTP sockets. | |
235 | ||
236 | We need to call inet6_destroy_sock() to properly release | |
237 | inet6 specific fields. | |
238 | ||
239 | Reported-by: Dmitry Vyukov <dvyukov@google.com> | |
240 | Signed-off-by: Eric Dumazet <edumazet@google.com> | |
241 | Acked-by: Daniel Borkmann <daniel@iogearbox.net> | |
242 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
243 | ||
244 | net/sctp/socket.c | 9 ++++++++- | |
245 | 1 files changed, 8 insertions(+), 1 deletions(-) | |
246 | ||
247 | commit c97f798d6e4fb454a7bfbb39fc073c8f538863c9 | |
248 | Author: Jan Engelhardt <jengelh@inai.de> | |
249 | Date: Mon Nov 23 17:46:32 2015 +0100 | |
250 | ||
251 | target: fix COMPARE_AND_WRITE non zero SGL offset data corruption | |
252 | ||
253 | target_core_sbc's compare_and_write functionality suffers from taking | |
254 | data at the wrong memory location when writing a CAW request to disk | |
255 | when a SGL offset is non-zero. | |
256 | ||
257 | This can happen with loopback and vhost-scsi fabric drivers when | |
258 | SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC is used to map existing user-space | |
259 | SGL memory into COMPARE_AND_WRITE READ/WRITE payload buffers. | |
260 | ||
261 | Given the following sample LIO subtopology, | |
262 | ||
263 | % targetcli ls /loopback/ | |
264 | o- loopback ................................. [1 Target] | |
265 | o- naa.6001405ebb8df14a ....... [naa.60014059143ed2b3] | |
266 | o- luns ................................... [2 LUNs] | |
267 | o- lun0 ................ [iblock/ram0 (/dev/ram0)] | |
268 | o- lun1 ................ [iblock/ram1 (/dev/ram1)] | |
269 | % lsscsi -g | |
270 | [3:0:1:0] disk LIO-ORG IBLOCK 4.0 /dev/sdc /dev/sg3 | |
271 | [3:0:1:1] disk LIO-ORG IBLOCK 4.0 /dev/sdd /dev/sg4 | |
272 | ||
273 | the following bug can be observed in Linux 4.3 and 4.4~rc1: | |
274 | ||
275 | % perl -e 'print chr$_ for 0..255,reverse 0..255' >rand | |
276 | % perl -e 'print "\0" x 512' >zero | |
277 | % cat rand >/dev/sdd | |
278 | % sg_compare_and_write -i rand -D zero --lba 0 /dev/sdd | |
279 | % sg_compare_and_write -i zero -D rand --lba 0 /dev/sdd | |
280 | Miscompare reported | |
281 | % hexdump -Cn 512 /dev/sdd | |
282 | 00000000 0f 0e 0d 0c 0b 0a 09 08 07 06 05 04 03 02 01 00 | |
283 | 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
284 | * | |
285 | 00000200 | |
286 | ||
287 | Rather than writing all-zeroes as instructed with the -D file, it | |
288 | corrupts the data in the sector by splicing some of the original | |
289 | bytes in. The page of the first entry of cmd->t_data_sg includes the | |
290 | CDB, and sg->offset is set to a position past the CDB. I presume that | |
291 | sg->offset is also the right choice to use for subsequent sglist | |
292 | members. | |
293 | ||
294 | Signed-off-by: Jan Engelhardt <jengelh@netitwork.de> | |
295 | Tested-by: Douglas Gilbert <dgilbert@interlog.com> | |
296 | Cc: <stable@vger.kernel.org> # v3.12+ | |
297 | Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> | |
298 | ||
299 | drivers/target/target_core_sbc.c | 4 ++-- | |
300 | 1 files changed, 2 insertions(+), 2 deletions(-) | |
301 | ||
302 | commit 43aa1ca4268298d8f65be2411d627573f33afb3e | |
303 | Author: Nicholas Bellinger <nab@linux-iscsi.org> | |
304 | Date: Thu Nov 5 23:37:59 2015 -0800 | |
305 | ||
306 | target: Fix race for SCF_COMPARE_AND_WRITE_POST checking | |
307 | ||
308 | This patch addresses a race + use after free where the first | |
309 | stage of COMPARE_AND_WRITE in compare_and_write_callback() | |
310 | is rescheduled after the backend sends the secondary WRITE, | |
311 | resulting in second stage compare_and_write_post() callback | |
312 | completing in target_complete_ok_work() before the first | |
313 | can return. | |
314 | ||
315 | Because current code depends on checking se_cmd->se_cmd_flags | |
316 | after return from se_cmd->transport_complete_callback(), | |
317 | this results in first stage having SCF_COMPARE_AND_WRITE_POST | |
318 | set, which incorrectly falls through into second stage CAW | |
319 | processing code, eventually triggering a NULL pointer | |
320 | dereference due to use after free. | |
321 | ||
322 | To address this bug, pass in a new *post_ret parameter into | |
323 | se_cmd->transport_complete_callback(), and depend upon this | |
324 | value instead of ->se_cmd_flags to determine when to return | |
325 | or fall through into ->queue_status() code for CAW. | |
326 | ||
327 | Cc: Sagi Grimberg <sagig@mellanox.com> | |
328 | Cc: <stable@vger.kernel.org> # v3.12+ | |
329 | Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> | |
330 | ||
331 | drivers/target/target_core_sbc.c | 13 +++++++++---- | |
332 | drivers/target/target_core_transport.c | 14 ++++++++------ | |
333 | include/target/target_core_base.h | 2 +- | |
334 | 3 files changed, 18 insertions(+), 11 deletions(-) | |
335 | ||
336 | commit c26b157afe2cbde205fcdd36c0b0cc6ca36c2a6e | |
337 | Author: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
338 | Date: Thu Nov 26 12:08:18 2015 +0100 | |
339 | ||
340 | af-unix: passcred support for sendpage | |
341 | ||
342 | sendpage did not care about credentials at all. This could lead to | |
343 | situations in which because of fd passing between processes we could | |
344 | append data to skbs with different scm data. It is illegal to splice those | |
345 | skbs together. Instead we have to allocate a new skb and if requested | |
346 | fill out the scm details. | |
347 | ||
348 | Fixes: 869e7c62486ec ("net: af_unix: implement stream sendpage support") | |
349 | Reported-by: Al Viro <viro@zeniv.linux.org.uk> | |
350 | Cc: Al Viro <viro@zeniv.linux.org.uk> | |
351 | Cc: Eric Dumazet <edumazet@google.com> | |
352 | Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
353 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
354 | ||
355 | net/unix/af_unix.c | 79 ++++++++++++++++++++++++++++++++++++++++++---------- | |
356 | 1 files changed, 64 insertions(+), 15 deletions(-) | |
357 | ||
358 | commit db1370c0dee2dfc22c3549eff6791afd19aaa365 | |
359 | Author: Peter Hurley <peter@hurleysoftware.com> | |
360 | Date: Fri Nov 27 14:18:39 2015 -0500 | |
361 | ||
362 | wan/x25: Fix use-after-free in x25_asy_open_tty() | |
363 | ||
364 | The N_X25 line discipline may access the previous line discipline's closed | |
365 | and already-freed private data on open [1]. | |
366 | ||
367 | The tty->disc_data field _never_ refers to valid data on entry to the | |
368 | line discipline's open() method. Rather, the ldisc is expected to | |
369 | initialize that field for its own use for the lifetime of the instance | |
370 | (ie. from open() to close() only). | |
371 | ||
372 | [1] | |
373 | [ 634.336761] ================================================================== | |
374 | [ 634.338226] BUG: KASAN: use-after-free in x25_asy_open_tty+0x13d/0x490 at addr ffff8800a743efd0 | |
375 | [ 634.339558] Read of size 4 by task syzkaller_execu/8981 | |
376 | [ 634.340359] ============================================================================= | |
377 | [ 634.341598] BUG kmalloc-512 (Not tainted): kasan: bad access detected | |
378 | ... | |
379 | [ 634.405018] Call Trace: | |
380 | [ 634.405277] dump_stack (lib/dump_stack.c:52) | |
381 | [ 634.405775] print_trailer (mm/slub.c:655) | |
382 | [ 634.406361] object_err (mm/slub.c:662) | |
383 | [ 634.406824] kasan_report_error (mm/kasan/report.c:138 mm/kasan/report.c:236) | |
384 | [ 634.409581] __asan_report_load4_noabort (mm/kasan/report.c:279) | |
385 | [ 634.411355] x25_asy_open_tty (drivers/net/wan/x25_asy.c:559 (discriminator 1)) | |
386 | [ 634.413997] tty_ldisc_open.isra.2 (drivers/tty/tty_ldisc.c:447) | |
387 | [ 634.414549] tty_set_ldisc (drivers/tty/tty_ldisc.c:567) | |
388 | [ 634.415057] tty_ioctl (drivers/tty/tty_io.c:2646 drivers/tty/tty_io.c:2879) | |
389 | [ 634.423524] do_vfs_ioctl (fs/ioctl.c:43 fs/ioctl.c:607) | |
390 | [ 634.427491] SyS_ioctl (fs/ioctl.c:622 fs/ioctl.c:613) | |
391 | [ 634.427945] entry_SYSCALL_64_fastpath (arch/x86/entry/entry_64.S:188) | |
392 | ||
393 | Reported-and-tested-by: Sasha Levin <sasha.levin@oracle.com> | |
394 | Cc: <stable@vger.kernel.org> | |
395 | Signed-off-by: Peter Hurley <peter@hurleysoftware.com> | |
396 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
397 | ||
398 | drivers/net/wan/x25_asy.c | 6 +----- | |
399 | 1 files changed, 1 insertions(+), 5 deletions(-) | |
400 | ||
401 | commit 39f32f33dc362f9704113cc7874238792f8294c9 | |
402 | Author: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> | |
403 | Date: Mon Nov 30 14:32:54 2015 -0200 | |
404 | ||
405 | sctp: use GFP_USER for user-controlled kmalloc | |
406 | ||
407 | Dmitry Vyukov reported that the user could trigger a kernel warning by | |
408 | using a large len value for getsockopt SCTP_GET_LOCAL_ADDRS, as that | |
409 | value directly affects the value used as a kmalloc() parameter. | |
410 | ||
411 | This patch thus switches the allocation flags from all user-controllable | |
412 | kmalloc size to GFP_USER to put some more restrictions on it and also | |
413 | disables the warn, as they are not necessary. | |
414 | ||
415 | Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> | |
416 | Acked-by: Daniel Borkmann <daniel@iogearbox.net> | |
417 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
418 | ||
419 | net/sctp/socket.c | 4 ++-- | |
420 | 1 files changed, 2 insertions(+), 2 deletions(-) | |
421 | ||
18e926a4 PK |
422 | commit 70614db891859ff8474665fc0e982e772c5baf6c |
423 | Merge: 2aa7479 7f57ad4 | |
424 | Author: Brad Spengler <spender@grsecurity.net> | |
425 | Date: Sat Nov 28 21:58:09 2015 -0500 | |
426 | ||
427 | Merge branch 'pax-test' into grsec-test | |
428 | ||
429 | commit 7f57ad48fc90cc2c942ef8cad44804ea6cdbfc67 | |
430 | Author: Brad Spengler <spender@grsecurity.net> | |
431 | Date: Sat Nov 28 21:57:41 2015 -0500 | |
432 | ||
433 | Update to pax-linux-4.2.6-test25.patch: | |
434 | - fixed constify regression, reported by spender | |
435 | ||
436 | tools/gcc/constify_plugin.c | 14 +++++++------- | |
437 | tools/gcc/initify_plugin.c | 2 +- | |
438 | .../size_overflow_plugin/size_overflow_transform.c | 13 ++++++------- | |
439 | tools/gcc/structleak_plugin.c | 2 +- | |
440 | 4 files changed, 15 insertions(+), 16 deletions(-) | |
441 | ||
442 | commit 2aa74790571aaea3d90191b1d235f580600d109f | |
443 | Merge: e10e76a 0851e20 | |
444 | Author: Brad Spengler <spender@grsecurity.net> | |
445 | Date: Fri Nov 27 21:02:06 2015 -0500 | |
446 | ||
447 | Merge branch 'pax-test' into grsec-test | |
448 | ||
449 | commit 0851e206a7d21e18d353984cb3f827158ce4237b | |
450 | Author: Brad Spengler <spender@grsecurity.net> | |
451 | Date: Fri Nov 27 21:01:41 2015 -0500 | |
452 | ||
453 | Update to pax-linux-4.2.6-test24.patch: | |
454 | - Emese fixed a few false positive overflow reports due to intentional overflows introduced by gcc, reported by Arnaud, kdave (https://forums.grsecurity.net/viewtopic.php?t=4287&p=15813#p15799) and rfnx (https://forums.grsecurity.net/viewtopic.php?t=4322) | |
455 | - Emese fixed a false positive size overflow report in ext4, reported by saironiq (https://forums.grsecurity.net/viewtopic.php?f=3&t=4324) | |
456 | - fixed a potential integer truncation error in the raid10 code caught by the size overflow plugin, reported by Alexander Tsoy (https://bugs.gentoo.org/show_bug.cgi?id=566316#c10) | |
457 | - fixed a few integer sign conversion errors in the kernel's zlib code caught by the size overflow plugin, reported by audiocricket (https://forums.grsecurity.net/viewtopic.php?f=3&t=4325) | |
458 | - fixed the handling of the no-constify constify plugin parameter | |
459 | - constified kvm_x86_ops | |
460 | - fixed macro param usage in access_ok, reported by gcc-6 | |
461 | - turned off ipa-icf on the size overflow plugin as gcc-5 compiles it very slowly | |
462 | - fixed all plugins for gcc-6 | |
463 | ||
464 | arch/arm/kvm/arm.c | 2 +- | |
465 | arch/mips/kvm/mips.c | 2 +- | |
466 | arch/powerpc/kvm/powerpc.c | 2 +- | |
467 | arch/x86/include/asm/uaccess.h | 2 +- | |
468 | arch/x86/kvm/svm.c | 2 +- | |
469 | arch/x86/kvm/vmx.c | 24 ++++---- | |
470 | arch/x86/kvm/x86.c | 2 +- | |
471 | crypto/zlib.c | 8 +- | |
472 | drivers/md/raid10.c | 2 +- | |
473 | include/linux/kvm_host.h | 4 +- | |
474 | scripts/Makefile.host | 6 ++ | |
475 | tools/gcc/constify_plugin.c | 27 +++++--- | |
476 | tools/gcc/initify_plugin.c | 6 +- | |
477 | tools/gcc/kernexec_plugin.c | 10 +-- | |
478 | tools/gcc/size_overflow_plugin/Makefile | 2 + | |
479 | .../disable_size_overflow_hash.data | 3 + | |
480 | .../insert_size_overflow_asm.c | 2 +- | |
481 | .../size_overflow_plugin/intentional_overflow.c | 63 ++++++++++++++++++++ | |
482 | tools/gcc/size_overflow_plugin/size_overflow.h | 1 + | |
483 | .../gcc/size_overflow_plugin/size_overflow_debug.c | 2 +- | |
484 | .../size_overflow_plugin/size_overflow_hash.data | 3 - | |
485 | tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 2 +- | |
486 | .../size_overflow_plugin/size_overflow_plugin.c | 2 +- | |
487 | .../size_overflow_plugin/size_overflow_transform.c | 14 +++-- | |
488 | .../size_overflow_transform_core.c | 2 + | |
489 | virt/kvm/kvm_main.c | 2 +- | |
490 | 26 files changed, 140 insertions(+), 57 deletions(-) | |
491 | ||
492 | commit e10e76a7ca9aab3528a613e91b556fd2f961c446 | |
493 | Author: Brad Spengler <spender@grsecurity.net> | |
494 | Date: Fri Nov 27 20:04:14 2015 -0500 | |
495 | ||
496 | update RANDSTRUCT for gcc6 | |
497 | ||
498 | tools/gcc/randomize_layout_plugin.c | 2 +- | |
499 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
500 | ||
501 | commit dd166b8680fdf8a72b44f175630803f33f442428 | |
502 | Author: Filipe Manana <fdmanana@suse.com> | |
503 | Date: Fri Oct 16 12:34:25 2015 +0100 | |
504 | ||
505 | Btrfs: fix truncation of compressed and inlined extents | |
506 | ||
507 | When truncating a file to a smaller size which consists of an inline | |
508 | extent that is compressed, we did not discard (or made unusable) the | |
509 | data between the new file size and the old file size, wasting metadata | |
510 | space and allowing for the truncated data to be leaked and the data | |
511 | corruption/loss mentioned below. | |
512 | We were also not correctly decrementing the number of bytes used by the | |
513 | inode, we were setting it to zero, giving a wrong report for callers of | |
514 | the stat(2) syscall. The fsck tool also reported an error about a mismatch | |
515 | between the nbytes of the file versus the real space used by the file. | |
516 | ||
517 | Now because we weren't discarding the truncated region of the file, it | |
518 | was possible for a caller of the clone ioctl to actually read the data | |
519 | that was truncated, allowing for a security breach without requiring root | |
520 | access to the system, using only standard filesystem operations. The | |
521 | scenario is the following: | |
522 | ||
523 | 1) User A creates a file which consists of an inline and compressed | |
524 | extent with a size of 2000 bytes - the file is not accessible to | |
525 | any other users (no read, write or execution permission for anyone | |
526 | else); | |
527 | ||
528 | 2) The user truncates the file to a size of 1000 bytes; | |
529 | ||
530 | 3) User A makes the file world readable; | |
531 | ||
532 | 4) User B creates a file consisting of an inline extent of 2000 bytes; | |
533 | ||
534 | 5) User B issues a clone operation from user A's file into its own | |
535 | file (using a length argument of 0, clone the whole range); | |
536 | ||
537 | 6) User B now gets to see the 1000 bytes that user A truncated from | |
538 | its file before it made its file world readbale. User B also lost | |
539 | the bytes in the range [1000, 2000[ bytes from its own file, but | |
540 | that might be ok if his/her intention was reading stale data from | |
541 | user A that was never supposed to be public. | |
542 | ||
543 | Note that this contrasts with the case where we truncate a file from 2000 | |
544 | bytes to 1000 bytes and then truncate it back from 1000 to 2000 bytes. In | |
545 | this case reading any byte from the range [1000, 2000[ will return a value | |
546 | of 0x00, instead of the original data. | |
547 | ||
548 | This problem exists since the clone ioctl was added and happens both with | |
549 | and without my recent data loss and file corruption fixes for the clone | |
550 | ioctl (patch "Btrfs: fix file corruption and data loss after cloning | |
551 | inline extents"). | |
552 | ||
553 | So fix this by truncating the compressed inline extents as we do for the | |
554 | non-compressed case, which involves decompressing, if the data isn't already | |
555 | in the page cache, compressing the truncated version of the extent, writing | |
556 | the compressed content into the inline extent and then truncate it. | |
557 | ||
558 | The following test case for fstests reproduces the problem. In order for | |
559 | the test to pass both this fix and my previous fix for the clone ioctl | |
560 | that forbids cloning a smaller inline extent into a larger one, | |
561 | which is titled "Btrfs: fix file corruption and data loss after cloning | |
562 | inline extents", are needed. Without that other fix the test fails in a | |
563 | different way that does not leak the truncated data, instead part of | |
564 | destination file gets replaced with zeroes (because the destination file | |
565 | has a larger inline extent than the source). | |
566 | ||
567 | seq=`basename $0` | |
568 | seqres=$RESULT_DIR/$seq | |
569 | echo "QA output created by $seq" | |
570 | tmp=/tmp/$$ | |
571 | status=1 # failure is the default! | |
572 | trap "_cleanup; exit \$status" 0 1 2 3 15 | |
573 | ||
574 | _cleanup() | |
575 | { | |
576 | rm -f $tmp.* | |
577 | } | |
578 | ||
579 | # get standard environment, filters and checks | |
580 | . ./common/rc | |
581 | . ./common/filter | |
582 | ||
583 | # real QA test starts here | |
584 | _need_to_be_root | |
585 | _supported_fs btrfs | |
586 | _supported_os Linux | |
587 | _require_scratch | |
588 | _require_cloner | |
589 | ||
590 | rm -f $seqres.full | |
591 | ||
592 | _scratch_mkfs >>$seqres.full 2>&1 | |
593 | _scratch_mount "-o compress" | |
594 | ||
595 | # Create our test files. File foo is going to be the source of a clone operation | |
596 | # and consists of a single inline extent with an uncompressed size of 512 bytes, | |
597 | # while file bar consists of a single inline extent with an uncompressed size of | |
598 | # 256 bytes. For our test's purpose, it's important that file bar has an inline | |
599 | # extent with a size smaller than foo's inline extent. | |
600 | $XFS_IO_PROG -f -c "pwrite -S 0xa1 0 128" \ | |
601 | -c "pwrite -S 0x2a 128 384" \ | |
602 | $SCRATCH_MNT/foo | _filter_xfs_io | |
603 | $XFS_IO_PROG -f -c "pwrite -S 0xbb 0 256" $SCRATCH_MNT/bar | _filter_xfs_io | |
604 | ||
605 | # Now durably persist all metadata and data. We do this to make sure that we get | |
606 | # on disk an inline extent with a size of 512 bytes for file foo. | |
607 | sync | |
608 | ||
609 | # Now truncate our file foo to a smaller size. Because it consists of a | |
610 | # compressed and inline extent, btrfs did not shrink the inline extent to the | |
611 | # new size (if the extent was not compressed, btrfs would shrink it to 128 | |
612 | # bytes), it only updates the inode's i_size to 128 bytes. | |
613 | $XFS_IO_PROG -c "truncate 128" $SCRATCH_MNT/foo | |
614 | ||
615 | # Now clone foo's inline extent into bar. | |
616 | # This clone operation should fail with errno EOPNOTSUPP because the source | |
617 | # file consists only of an inline extent and the file's size is smaller than | |
618 | # the inline extent of the destination (128 bytes < 256 bytes). However the | |
619 | # clone ioctl was not prepared to deal with a file that has a size smaller | |
620 | # than the size of its inline extent (something that happens only for compressed | |
621 | # inline extents), resulting in copying the full inline extent from the source | |
622 | # file into the destination file. | |
623 | # | |
624 | # Note that btrfs' clone operation for inline extents consists of removing the | |
625 | # inline extent from the destination inode and copy the inline extent from the | |
626 | # source inode into the destination inode, meaning that if the destination | |
627 | # inode's inline extent is larger (N bytes) than the source inode's inline | |
628 | # extent (M bytes), some bytes (N - M bytes) will be lost from the destination | |
629 | # file. Btrfs could copy the source inline extent's data into the destination's | |
630 | # inline extent so that we would not lose any data, but that's currently not | |
631 | # done due to the complexity that would be needed to deal with such cases | |
632 | # (specially when one or both extents are compressed), returning EOPNOTSUPP, as | |
633 | # it's normally not a very common case to clone very small files (only case | |
634 | # where we get inline extents) and copying inline extents does not save any | |
635 | # space (unlike for normal, non-inlined extents). | |
636 | $CLONER_PROG -s 0 -d 0 -l 0 $SCRATCH_MNT/foo $SCRATCH_MNT/bar | |
637 | ||
638 | # Now because the above clone operation used to succeed, and due to foo's inline | |
639 | # extent not being shinked by the truncate operation, our file bar got the whole | |
640 | # inline extent copied from foo, making us lose the last 128 bytes from bar | |
641 | # which got replaced by the bytes in range [128, 256[ from foo before foo was | |
642 | # truncated - in other words, data loss from bar and being able to read old and | |
643 | # stale data from foo that should not be possible to read anymore through normal | |
644 | # filesystem operations. Contrast with the case where we truncate a file from a | |
645 | # size N to a smaller size M, truncate it back to size N and then read the range | |
646 | # [M, N[, we should always get the value 0x00 for all the bytes in that range. | |
647 | ||
648 | # We expected the clone operation to fail with errno EOPNOTSUPP and therefore | |
649 | # not modify our file's bar data/metadata. So its content should be 256 bytes | |
650 | # long with all bytes having the value 0xbb. | |
651 | # | |
652 | # Without the btrfs bug fix, the clone operation succeeded and resulted in | |
653 | # leaking truncated data from foo, the bytes that belonged to its range | |
654 | # [128, 256[, and losing data from bar in that same range. So reading the | |
655 | # file gave us the following content: | |
656 | # | |
657 | # 0000000 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 | |
658 | # * | |
659 | # 0000200 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a | |
660 | # * | |
661 | # 0000400 | |
662 | echo "File bar's content after the clone operation:" | |
663 | od -t x1 $SCRATCH_MNT/bar | |
664 | ||
665 | # Also because the foo's inline extent was not shrunk by the truncate | |
666 | # operation, btrfs' fsck, which is run by the fstests framework everytime a | |
667 | # test completes, failed reporting the following error: | |
668 | # | |
669 | # root 5 inode 257 errors 400, nbytes wrong | |
670 | ||
671 | status=0 | |
672 | exit | |
673 | ||
674 | Cc: stable@vger.kernel.org | |
675 | Signed-off-by: Filipe Manana <fdmanana@suse.com> | |
676 | ||
677 | fs/btrfs/inode.c | 82 ++++++++++++++++++++++++++++++++++++++++++++--------- | |
678 | 1 files changed, 68 insertions(+), 14 deletions(-) | |
679 | ||
680 | commit fe6936fd0f41ee2dccce47f5642251649a54e4d4 | |
681 | Author: Christoph Biedl <linux-kernel.bfrz@manchmal.in-ulm.de> | |
682 | Date: Wed Nov 25 07:47:40 2015 +0100 | |
683 | ||
684 | isdn: Partially revert debug format string usage clean up | |
685 | ||
686 | Commit 35a4a57 ("isdn: clean up debug format string usage") introduced | |
687 | a safeguard to avoid accidential format string interpolation of data | |
688 | when calling debugl1 or HiSax_putstatus. This did however not take into | |
689 | account VHiSax_putstatus (called by HiSax_putstatus) does *not* call | |
690 | vsprintf if the head parameter is NULL - the format string is treated | |
691 | as plain text then instead. As a result, the string "%s" is processed | |
692 | literally, and the actual information is lost. This affects the isdnlog | |
693 | userspace program which stopped logging information since that commit. | |
694 | ||
695 | So revert the HiSax_putstatus invocations to the previous state. | |
696 | ||
697 | Fixes: 35a4a5733b0a ("isdn: clean up debug format string usage") | |
698 | Cc: Kees Cook <keescook@chromium.org> | |
699 | Cc: Karsten Keil <isdn@linux-pingi.de> | |
700 | Signed-off-by: Christoph Biedl <linux-kernel.bfrz@manchmal.in-ulm.de> | |
701 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
702 | ||
703 | drivers/isdn/hisax/config.c | 2 +- | |
704 | drivers/isdn/hisax/hfc_pci.c | 2 +- | |
705 | drivers/isdn/hisax/hfc_sx.c | 2 +- | |
706 | drivers/isdn/hisax/q931.c | 6 +++--- | |
707 | 4 files changed, 6 insertions(+), 6 deletions(-) | |
708 | ||
709 | commit 574035e44b3d49a71f1c0737b7b49bf60ddf0ce7 | |
710 | Author: Brad Spengler <spender@grsecurity.net> | |
711 | Date: Wed Nov 25 20:24:52 2015 -0500 | |
712 | ||
713 | future-proof the code against users of VM_NO_GUARD, mark KASAN as an incompatibility with KSTACKOVERFLOW | |
714 | ||
715 | lib/Kconfig.kasan | 2 +- | |
716 | mm/vmalloc.c | 2 ++ | |
717 | 2 files changed, 3 insertions(+), 1 deletions(-) | |
718 | ||
719 | commit 8a355f2c56ecd40ada14fd16717105ea9a9ac0b5 | |
720 | Author: Al Viro <viro@zeniv.linux.org.uk> | |
721 | Date: Mon Nov 23 21:11:08 2015 -0500 | |
722 | ||
723 | fix sysvfs symlinks | |
724 | ||
725 | The thing got broken back in 2002 - sysvfs does *not* have inline | |
726 | symlinks; even short ones have bodies stored in the first block | |
727 | of file. sysv_symlink() handles that correctly; unfortunately, | |
728 | attempting to look an existing symlink up will end up confusing | |
729 | them for inline symlinks, and interpret the block number containing | |
730 | the body as the body itself. | |
731 | ||
732 | Nobody has noticed until now, which says something about the level | |
733 | of testing sysvfs gets ;-/ | |
734 | ||
735 | Cc: stable@vger.kernel.org # all of them, not that anyone cared | |
736 | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> | |
737 | ||
738 | fs/sysv/inode.c | 11 ++--------- | |
739 | 1 files changed, 2 insertions(+), 9 deletions(-) | |
740 | ||
741 | commit 195f1b816ff4cdcc8defc2dc0424cf25a0d937fb | |
742 | Author: Jan Kara <jack@suse.cz> | |
743 | Date: Mon Nov 23 13:09:50 2015 +0100 | |
744 | ||
745 | vfs: Make sendfile(2) killable even better | |
746 | ||
747 | Commit 296291cdd162 (mm: make sendfile(2) killable) fixed an issue where | |
748 | sendfile(2) was doing a lot of tiny writes into a filesystem and thus | |
749 | was unkillable for a long time. However sendfile(2) can be (mis)used to | |
750 | issue lots of writes into arbitrary file descriptor such as evenfd or | |
751 | similar special file descriptors which never hit the standard filesystem | |
752 | write path and thus are still unkillable. E.g. the following example | |
753 | from Dmitry burns CPU for ~16s on my test system without possibility to | |
754 | be killed: | |
755 | ||
756 | int r1 = eventfd(0, 0); | |
757 | int r2 = memfd_create("", 0); | |
758 | unsigned long n = 1<<30; | |
759 | fallocate(r2, 0, 0, n); | |
760 | sendfile(r1, r2, 0, n); | |
761 | ||
762 | There are actually quite a few tests for pending signals in sendfile | |
763 | code however we data to write is always available none of them seems to | |
764 | trigger. So fix the problem by adding a test for pending signal into | |
765 | splice_from_pipe_next() also before the loop waiting for pipe buffers to | |
766 | be available. This should fix all the lockup issues with sendfile of the | |
767 | do-ton-of-tiny-writes nature. | |
768 | ||
769 | CC: stable@vger.kernel.org | |
770 | Reported-by: Dmitry Vyukov <dvyukov@google.com> | |
771 | Signed-off-by: Jan Kara <jack@suse.cz> | |
772 | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> | |
773 | ||
774 | fs/splice.c | 7 +++++++ | |
775 | 1 files changed, 7 insertions(+), 0 deletions(-) | |
776 | ||
777 | commit 92470552efa5a49718308238c7da9ba2579a1147 | |
778 | Author: Jan Kara <jack@suse.cz> | |
779 | Date: Mon Nov 23 13:09:51 2015 +0100 | |
780 | ||
781 | vfs: Avoid softlockups with sendfile(2) | |
782 | ||
783 | The following test program from Dmitry can cause softlockups or RCU | |
784 | stalls as it copies 1GB from tmpfs into eventfd and we don't have any | |
785 | scheduling point at that path in sendfile(2) implementation: | |
786 | ||
787 | int r1 = eventfd(0, 0); | |
788 | int r2 = memfd_create("", 0); | |
789 | unsigned long n = 1<<30; | |
790 | fallocate(r2, 0, 0, n); | |
791 | sendfile(r1, r2, 0, n); | |
792 | ||
793 | Add cond_resched() into __splice_from_pipe() to fix the problem. | |
794 | ||
795 | CC: Dmitry Vyukov <dvyukov@google.com> | |
796 | CC: stable@vger.kernel.org | |
797 | Signed-off-by: Jan Kara <jack@suse.cz> | |
798 | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> | |
799 | ||
800 | fs/splice.c | 1 + | |
801 | 1 files changed, 1 insertions(+), 0 deletions(-) | |
802 | ||
803 | commit 28ab97eb348dca6653eccb40d012103786d03ae6 | |
804 | Author: Eric Dumazet <edumazet@google.com> | |
805 | Date: Tue Nov 24 11:39:54 2015 -0800 | |
806 | ||
807 | pidns: fix NULL dereference in __task_pid_nr_ns() | |
808 | ||
809 | I got a crash during a "perf top" session that was caused by a race in | |
810 | __task_pid_nr_ns() : | |
811 | ||
812 | pid_nr_ns() was inlined, but apparently compiler chose to read | |
813 | task->pids[type].pid twice, and the pid->level dereference crashed | |
814 | because we got a NULL pointer at the second read : | |
815 | ||
816 | if (pid && ns->level <= pid->level) { // CRASH | |
817 | ||
818 | Just use RCU API properly to solve this race, and not worry about "perf | |
819 | top" crashing hosts :( | |
820 | ||
821 | get_task_pid() can benefit from same fix. | |
822 | ||
823 | Signed-off-by: Eric Dumazet <edumazet@google.com> | |
824 | Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | |
825 | ||
826 | kernel/pid.c | 4 ++-- | |
827 | 1 files changed, 2 insertions(+), 2 deletions(-) | |
828 | ||
347ea7b0 PK |
829 | commit 2545f7485c4676c52855750b992d8c1921e559c4 |
830 | Merge: 93a41eb 83df348 | |
831 | Author: Brad Spengler <spender@grsecurity.net> | |
832 | Date: Mon Nov 23 20:30:33 2015 -0500 | |
833 | ||
834 | Merge branch 'pax-test' into grsec-test | |
835 | ||
836 | commit 83df3482b33ef4d8192a253a6852e9a9db1f7dca | |
837 | Author: Brad Spengler <spender@grsecurity.net> | |
838 | Date: Mon Nov 23 20:30:16 2015 -0500 | |
839 | ||
840 | Update to pax-linux-4.2.6-test23.patch: | |
841 | - fixed gcc-common.h regression under gcc-5, reported by Arnaud and coldhak | |
842 | - fixed ath10k compile error with the size overflow plugin, reported by victor and careta (https://forums.grsecurity.net/viewtopic.php?t=4323) | |
843 | ||
844 | drivers/net/wireless/ath/ath10k/ce.c | 4 ++-- | |
845 | tools/gcc/gcc-common.h | 13 ++++++------- | |
846 | 2 files changed, 8 insertions(+), 9 deletions(-) | |
847 | ||
848 | commit 93a41eb6e3a7ab9446658b6d2ec4623014b55232 | |
849 | Author: Brad Spengler <spender@grsecurity.net> | |
850 | Date: Sun Nov 22 17:14:38 2015 -0500 | |
851 | ||
852 | update gcc-common.h | |
853 | ||
854 | tools/gcc/gcc-common.h | 13 ++++++------- | |
855 | 1 files changed, 6 insertions(+), 7 deletions(-) | |
856 | ||
857 | commit 7da11be9f025bd8193f03f9b32697bc1ce8ac650 | |
858 | Author: Andrew Cooper <andrew.cooper3@citrix.com> | |
859 | Date: Wed Jun 3 10:31:14 2015 +0100 | |
860 | ||
861 | x86/cpu: Fix SMAP check in PVOPS environments | |
862 | ||
863 | There appears to be no formal statement of what pv_irq_ops.save_fl() is | |
864 | supposed to return precisely. Native returns the full flags, while lguest and | |
865 | Xen only return the Interrupt Flag, and both have comments by the | |
866 | implementations stating that only the Interrupt Flag is looked at. This may | |
867 | have been true when initially implemented, but no longer is. | |
868 | ||
869 | To make matters worse, the Xen PVOP leaves the upper bits undefined, making | |
870 | the BUG_ON() undefined behaviour. Experimentally, this now trips for 32bit PV | |
871 | guests on Broadwell hardware. The BUG_ON() is consistent for an individual | |
872 | build, but not consistent for all builds. It has also been a sitting timebomb | |
873 | since SMAP support was introduced. | |
874 | ||
875 | Use native_save_fl() instead, which will obtain an accurate view of the AC | |
876 | flag. | |
877 | ||
878 | Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> | |
879 | Reviewed-by: David Vrabel <david.vrabel@citrix.com> | |
880 | Tested-by: Rusty Russell <rusty@rustcorp.com.au> | |
881 | Cc: Rusty Russell <rusty@rustcorp.com.au> | |
882 | Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> | |
883 | Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> | |
884 | Cc: <lguest@lists.ozlabs.org> | |
885 | Cc: Xen-devel <xen-devel@lists.xen.org> | |
886 | CC: stable@vger.kernel.org | |
887 | Link: http://lkml.kernel.org/r/1433323874-6927-1-git-send-email-andrew.cooper3@citrix.com | |
888 | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> | |
889 | ||
890 | arch/x86/kernel/cpu/common.c | 3 +-- | |
891 | 1 files changed, 1 insertions(+), 2 deletions(-) | |
892 | ||
893 | commit 08ce34cf092b9f1b5311f156df4182a282bf7acc | |
894 | Author: Dave Hansen <dave.hansen@linux.intel.com> | |
895 | Date: Wed Nov 11 10:19:31 2015 -0800 | |
896 | ||
897 | x86/mpx: Do proper get_user() when running 32-bit binaries on 64-bit kernels | |
898 | ||
899 | When you call get_user(foo, bar), you effectively do a | |
900 | ||
901 | copy_from_user(&foo, bar, sizeof(*bar)); | |
902 | ||
903 | Note that the sizeof() is implicit. | |
904 | ||
905 | When we reach out to userspace to try to zap an entire "bounds | |
906 | table" we need to go read a "bounds directory entry" in order to | |
907 | locate the table's address. The size of a "directory entry" | |
908 | depends on the binary being run and is always the size of a | |
909 | pointer. | |
910 | ||
911 | But, when we have a 64-bit kernel and a 32-bit application, the | |
912 | directory entry is still only 32-bits long, but we fetch it with | |
913 | a 64-bit pointer which makes get_user() does a 64-bit fetch. | |
914 | Reading 4 extra bytes isn't harmful, unless we are at the end of | |
915 | and run off the table. It might also cause the zero page to get | |
916 | faulted in unnecessarily even if you are not at the end. | |
917 | ||
918 | Fix it up by doing a special 32-bit get_user() via a cast when | |
919 | we have 32-bit userspace. | |
920 | ||
921 | Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> | |
922 | Cc: <stable@vger.kernel.org> | |
923 | Cc: Andy Lutomirski <luto@amacapital.net> | |
924 | Cc: Borislav Petkov <bp@alien8.de> | |
925 | Cc: Brian Gerst <brgerst@gmail.com> | |
926 | Cc: Dave Hansen <dave@sr71.net> | |
927 | Cc: Denys Vlasenko <dvlasenk@redhat.com> | |
928 | Cc: H. Peter Anvin <hpa@zytor.com> | |
929 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
930 | Cc: Peter Zijlstra <peterz@infradead.org> | |
931 | Cc: Thomas Gleixner <tglx@linutronix.de> | |
932 | Link: http://lkml.kernel.org/r/20151111181931.3ACF6822@viggo.jf.intel.com | |
933 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
934 | ||
935 | arch/x86/mm/mpx.c | 25 ++++++++++++++++++++++++- | |
936 | 1 files changed, 24 insertions(+), 1 deletions(-) | |
937 | ||
938 | commit 9e1e1d1d6f6f41b13a6e85f25e27aee4410f58bf | |
939 | Author: Dave Hansen <dave.hansen@linux.intel.com> | |
940 | Date: Wed Nov 11 10:19:34 2015 -0800 | |
941 | ||
942 | x86/mpx: Fix 32-bit address space calculation | |
943 | ||
944 | I received a bug report that running 32-bit MPX binaries on | |
945 | 64-bit kernels was broken. I traced it down to this little code | |
946 | snippet. We were switching our "number of bounds directory | |
947 | entries" calculation correctly. But, we didn't switch the other | |
948 | side of the calculation: the virtual space size. | |
949 | ||
950 | This meant that we were calculating an absurd size for | |
951 | bd_entry_virt_space() on 32-bit because we used the 64-bit | |
952 | virt_space. | |
953 | ||
954 | This was _also_ broken for 32-bit kernels running on 64-bit | |
955 | hardware since boot_cpu_data.x86_virt_bits=48 even when running | |
956 | in 32-bit mode. | |
957 | ||
958 | Correct that and properly handle all 3 possible cases: | |
959 | ||
960 | 1. 32-bit binary on 64-bit kernel | |
961 | 2. 64-bit binary on 64-bit kernel | |
962 | 3. 32-bit binary on 32-bit kernel | |
963 | ||
964 | This manifested in having bounds tables not properly unmapped. | |
965 | It "leaked" memory but had no functional impact otherwise. | |
966 | ||
967 | Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> | |
968 | Cc: <stable@vger.kernel.org> | |
969 | Cc: Andy Lutomirski <luto@amacapital.net> | |
970 | Cc: Borislav Petkov <bp@alien8.de> | |
971 | Cc: Brian Gerst <brgerst@gmail.com> | |
972 | Cc: Dave Hansen <dave@sr71.net> | |
973 | Cc: Denys Vlasenko <dvlasenk@redhat.com> | |
974 | Cc: H. Peter Anvin <hpa@zytor.com> | |
975 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
976 | Cc: Peter Zijlstra <peterz@infradead.org> | |
977 | Cc: Thomas Gleixner <tglx@linutronix.de> | |
978 | Link: http://lkml.kernel.org/r/20151111181934.FA7FAC34@viggo.jf.intel.com | |
979 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
980 | ||
981 | arch/x86/mm/mpx.c | 22 +++++++++++++++++----- | |
982 | 1 files changed, 17 insertions(+), 5 deletions(-) | |
983 | ||
984 | commit c197eee75054d90aafe695c0edb4f25feb469292 | |
985 | Author: Huaitong Han <huaitong.han@intel.com> | |
986 | Date: Fri Nov 6 17:00:23 2015 +0800 | |
987 | ||
988 | x86/fpu: Fix get_xsave_addr() behavior under virtualization | |
989 | ||
990 | KVM uses the get_xsave_addr() function in a different fashion from | |
991 | the native kernel, in that the 'xsave' parameter belongs to guest vcpu, | |
992 | not the currently running task. | |
993 | ||
994 | But 'xsave' is replaced with current task's (host) xsave structure, so | |
995 | get_xsave_addr() will incorrectly return the bad xsave address to KVM. | |
996 | ||
997 | Fix it so that the passed in 'xsave' address is used - as intended | |
998 | originally. | |
999 | ||
1000 | Signed-off-by: Huaitong Han <huaitong.han@intel.com> | |
1001 | Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com> | |
1002 | Cc: <stable@vger.kernel.org> | |
1003 | Cc: Andy Lutomirski <luto@amacapital.net> | |
1004 | Cc: Paolo Bonzini <pbonzini@redhat.com> | |
1005 | Cc: Borislav Petkov <bp@alien8.de> | |
1006 | Cc: Fenghua Yu <fenghua.yu@intel.com> | |
1007 | Cc: H. Peter Anvin <hpa@zytor.com> | |
1008 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
1009 | Cc: Oleg Nesterov <oleg@redhat.com> | |
1010 | Cc: Peter Zijlstra <peterz@infradead.org> | |
1011 | Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com> | |
1012 | Cc: Thomas Gleixner <tglx@linutronix.de> | |
1013 | Cc: dave.hansen@intel.com | |
1014 | Link: http://lkml.kernel.org/r/1446800423-21622-1-git-send-email-huaitong.han@intel.com | |
1015 | [ Tidied up the changelog. ] | |
1016 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
1017 | ||
1018 | Conflicts: | |
1019 | ||
1020 | arch/x86/kernel/fpu/xstate.c | |
1021 | ||
1022 | arch/x86/kernel/fpu/xstate.c | 1 - | |
1023 | 1 files changed, 0 insertions(+), 1 deletions(-) | |
1024 | ||
1025 | commit 460cdd8a9a19731ce27333866943eed81cba1d96 | |
1026 | Author: Dave Hansen <dave.hansen@linux.intel.com> | |
1027 | Date: Tue Nov 10 16:23:54 2015 -0800 | |
1028 | ||
1029 | x86/fpu: Fix 32-bit signal frame handling | |
1030 | ||
1031 | (This should have gone to LKML originally. Sorry for the extra | |
1032 | noise, folks on the cc.) | |
1033 | ||
1034 | Background: | |
1035 | ||
1036 | Signal frames on x86 have two formats: | |
1037 | ||
1038 | 1. For 32-bit executables (whether on a real 32-bit kernel or | |
1039 | under 32-bit emulation on a 64-bit kernel) we have a | |
1040 | 'fpregset_t' that includes the "FSAVE" registers. | |
1041 | ||
1042 | 2. For 64-bit executables (on 64-bit kernels obviously), the | |
1043 | 'fpregset_t' is smaller and does not contain the "FSAVE" | |
1044 | state. | |
1045 | ||
1046 | When creating the signal frame, we have to be aware of whether | |
1047 | we are running a 32 or 64-bit executable so we create the | |
1048 | correct format signal frame. | |
1049 | ||
1050 | Problem: | |
1051 | ||
1052 | save_xstate_epilog() uses 'fx_sw_reserved_ia32' whenever it is | |
1053 | called for a 32-bit executable. This is for real 32-bit and | |
1054 | ia32 emulation. | |
1055 | ||
1056 | But, fpu__init_prepare_fx_sw_frame() only initializes | |
1057 | 'fx_sw_reserved_ia32' when emulation is enabled, *NOT* for real | |
1058 | 32-bit kernels. | |
1059 | ||
1060 | This leads to really wierd situations where 32-bit programs | |
1061 | lose their extended state when returning from a signal handler. | |
1062 | The kernel copies the uninitialized (zero) 'fx_sw_reserved_ia32' | |
1063 | out to userspace in save_xstate_epilog(). But when returning | |
1064 | from the signal, the kernel errors out in check_for_xstate() | |
1065 | when it does not see FP_XSTATE_MAGIC1 present (because it was | |
1066 | zeroed). This leads to the FPU/XSAVE state being initialized. | |
1067 | ||
1068 | For MPX, this leads to the most permissive state and means we | |
1069 | silently lose bounds violations. I think this would also mean | |
1070 | that we could lose *ANY* FPU/SSE/AVX state. I'm not sure why | |
1071 | no one has spotted this bug. | |
1072 | ||
1073 | I believe this was broken by: | |
1074 | ||
1075 | 72a671ced66d ("x86, fpu: Unify signal handling code paths for x86 and x86_64 kernels") | |
1076 | ||
1077 | way back in 2012. | |
1078 | ||
1079 | Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> | |
1080 | Cc: <stable@vger.kernel.org> | |
1081 | Cc: Andy Lutomirski <luto@amacapital.net> | |
1082 | Cc: Borislav Petkov <bp@alien8.de> | |
1083 | Cc: Brian Gerst <brgerst@gmail.com> | |
1084 | Cc: Denys Vlasenko <dvlasenk@redhat.com> | |
1085 | Cc: H. Peter Anvin <hpa@zytor.com> | |
1086 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
1087 | Cc: Peter Zijlstra <peterz@infradead.org> | |
1088 | Cc: Thomas Gleixner <tglx@linutronix.de> | |
1089 | Cc: dave@sr71.net | |
1090 | Cc: fenghua.yu@intel.com | |
1091 | Cc: yu-cheng.yu@intel.com | |
1092 | Link: http://lkml.kernel.org/r/20151111002354.A0799571@viggo.jf.intel.com | |
1093 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
1094 | ||
1095 | arch/x86/kernel/fpu/signal.c | 11 +++++------ | |
1096 | 1 files changed, 5 insertions(+), 6 deletions(-) | |
1097 | ||
a375b63a PK |
1098 | commit c3f2cc8921a08fff1fbad9127dd7a30c4a953e88 |
1099 | Author: Brad Spengler <spender@grsecurity.net> | |
1100 | Date: Sat Nov 21 18:36:58 2015 -0500 | |
1101 | ||
1102 | Fix gcc 5.x compilation, reported by Arnaud and coldhak | |
1103 | ||
1104 | tools/gcc/gcc-common.h | 2 +- | |
1105 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
1106 | ||
d53f4099 PK |
1107 | commit f0ea1bc982c60c1c39d0f95d9f3db0ec799387ca |
1108 | Merge: 3929e88 c692401 | |
1109 | Author: Brad Spengler <spender@grsecurity.net> | |
1110 | Date: Sat Nov 21 15:41:38 2015 -0500 | |
1111 | ||
1112 | Merge branch 'pax-test' into grsec-test | |
1113 | ||
1114 | commit c69240179ca6ff101670f4859bb0e9a9deb85359 | |
1115 | Author: Brad Spengler <spender@grsecurity.net> | |
1116 | Date: Sat Nov 21 15:41:06 2015 -0500 | |
1117 | ||
1118 | Update to pax-linux-4.2.6-test22.patch: | |
1119 | - made the previous READ_ONCE/WRITE_ONCE fix compatible with gcc PR 58145 | |
1120 | ||
1121 | include/linux/compiler.h | 11 +++++++---- | |
1122 | 1 files changed, 7 insertions(+), 4 deletions(-) | |
1123 | ||
1124 | commit 3929e882e451b177af1a615858f0a96a7cd734b1 | |
1125 | Author: Brad Spengler <spender@grsecurity.net> | |
1126 | Date: Sat Nov 21 13:14:25 2015 -0500 | |
1127 | ||
1128 | remove disable_kill option entirely for the final 4.2 release | |
1129 | ||
1130 | fs/exec.c | 11 ----------- | |
1131 | security/Kconfig | 5 ----- | |
1132 | 2 files changed, 0 insertions(+), 16 deletions(-) | |
1133 | ||
1134 | commit 91633d0eebc41553ea77b5fa7559aa806a60008c | |
1135 | Author: Brad Spengler <spender@grsecurity.net> | |
1136 | Date: Sat Nov 21 07:38:10 2015 -0500 | |
1137 | ||
1138 | compile fix | |
1139 | ||
1140 | net/unix/af_unix.c | 1 + | |
1141 | 1 files changed, 1 insertions(+), 0 deletions(-) | |
1142 | ||
1143 | commit 0afc2f69e7f948995522f6e1dbb957ed84abd9b9 | |
1144 | Author: Brad Spengler <spender@grsecurity.net> | |
1145 | Date: Sat Nov 21 07:14:43 2015 -0500 | |
1146 | ||
1147 | Revert previous AF_UNIX fix: | |
1148 | http://www.spinics.net/lists/netdev/msg318826.html | |
1149 | and apply new one by Jason Baron: | |
1150 | https://lkml.org/lkml/2015/9/29/825 | |
1151 | ||
1152 | include/net/af_unix.h | 1 + | |
1153 | net/unix/af_unix.c | 36 ++++++++++++++++++++++++++++++------ | |
1154 | 2 files changed, 31 insertions(+), 6 deletions(-) | |
1155 | ||
1156 | commit 0a3eec2b3d110042af4e0a9f1e87458262fce1eb | |
1157 | Merge: 917a60c 8fd74af | |
1158 | Author: Brad Spengler <spender@grsecurity.net> | |
1159 | Date: Sat Nov 21 06:50:33 2015 -0500 | |
1160 | ||
1161 | Merge branch 'pax-test' into grsec-test | |
1162 | ||
1163 | commit 8fd74afe08ee45516a9daf2593f31c176516cb55 | |
1164 | Author: Brad Spengler <spender@grsecurity.net> | |
1165 | Date: Sat Nov 21 06:49:57 2015 -0500 | |
1166 | ||
1167 | Update to pax-linux-4.2.6-test21.patch: | |
1168 | - fixed a size overflow plugin bug that could cause a compiler error | |
1169 | - Emese fixed a size overflow false positive in xfrm4_mode_tunnel_input, reported by Arnaud <arnaud@drno.eu> | |
1170 | - updated gcc-common.h to support gcc-6 | |
1171 | - fixed some undefined behaviour in READ_ONCE/WRITE_ONCE | |
1172 | ||
1173 | include/linux/compiler.h | 38 +++---------------- | |
1174 | tools/gcc/gcc-common.h | 39 ++++++++++++++++---- | |
1175 | tools/gcc/initify_plugin.c | 4 +- | |
1176 | .../disable_size_overflow_hash.data | 7 +++- | |
1177 | .../size_overflow_plugin/intentional_overflow.c | 2 +- | |
1178 | .../size_overflow_plugin/size_overflow_hash.data | 9 +---- | |
1179 | .../size_overflow_plugin/size_overflow_transform.c | 4 +- | |
1180 | 7 files changed, 50 insertions(+), 53 deletions(-) | |
1181 | ||
6e783cc3 PK |
1182 | commit 917a60c749d80121229a1752874ff8a606778fc5 |
1183 | Merge: 76fc822 77d474f | |
1184 | Author: Brad Spengler <spender@grsecurity.net> | |
1185 | Date: Wed Nov 18 19:58:31 2015 -0500 | |
1186 | ||
1187 | Merge branch 'pax-test' into grsec-test | |
1188 | ||
1189 | commit 77d474f0bcb2e5acafc78c66c456d1aebaac14b3 | |
1190 | Author: Brad Spengler <spender@grsecurity.net> | |
1191 | Date: Wed Nov 18 19:58:08 2015 -0500 | |
1192 | ||
1193 | Update to pax-linux-4.2.6-test20.patch: | |
1194 | - constified some vdso/vsyscall related code/data | |
1195 | ||
1196 | arch/x86/entry/vdso/vdso2c.h | 4 ++-- | |
1197 | arch/x86/entry/vsyscall/vsyscall_emu_64.S | 2 +- | |
1198 | arch/x86/mm/ioremap.c | 2 +- | |
1199 | mm/debug.c | 3 +++ | |
1200 | 4 files changed, 7 insertions(+), 4 deletions(-) | |
1201 | ||
1202 | commit 76fc8223b2e6b6c950702adfdb055dd5da90657c | |
1203 | Author: Brad Spengler <spender@grsecurity.net> | |
1204 | Date: Wed Nov 18 17:40:27 2015 -0500 | |
1205 | ||
1206 | Allow processes with CAP_SYS_PTRACE to ignore /proc/pid restrictions, | |
1207 | as reported by Andrew | |
1208 | ||
1209 | fs/proc/base.c | 2 +- | |
1210 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
1211 | ||
fb116cbb PK |
1212 | commit 708c2e025f8a05b76f319cfa5fa624d37d8ef6f3 |
1213 | Author: Brad Spengler <spender@grsecurity.net> | |
1214 | Date: Tue Nov 17 18:43:24 2015 -0500 | |
1215 | ||
1216 | Fix multiple character encodings in patch, reported by IooNag on the forums | |
1217 | ||
1218 | grsecurity/Makefile | 2 +- | |
1219 | net/netfilter/xt_gradm.c | 2 +- | |
1220 | 2 files changed, 2 insertions(+), 2 deletions(-) | |
1221 | ||
1222 | commit d1f7534df8687fd05858fd45805b1185eafe38a7 | |
1223 | Author: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
1224 | Date: Tue Nov 17 15:10:59 2015 +0100 | |
1225 | ||
1226 | af_unix: take receive queue lock while appending new skb | |
1227 | ||
1228 | While possibly in future we don't necessarily need to use | |
1229 | sk_buff_head.lock this is a rather larger change, as it affects the | |
1230 | af_unix fd garbage collector, diag and socket cleanups. This is too much | |
1231 | for a stable patch. | |
1232 | ||
1233 | For the time being grab sk_buff_head.lock without disabling bh and irqs, | |
1234 | so don't use locked skb_queue_tail. | |
1235 | ||
1236 | Fixes: 869e7c62486e ("net: af_unix: implement stream sendpage support") | |
1237 | Cc: Eric Dumazet <edumazet@google.com> | |
1238 | Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
1239 | Reported-by: Eric Dumazet <edumazet@google.com> | |
1240 | Acked-by: Eric Dumazet <edumazet@google.com> | |
1241 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
1242 | ||
1243 | net/unix/af_unix.c | 5 ++++- | |
1244 | 1 files changed, 4 insertions(+), 1 deletions(-) | |
1245 | ||
1246 | commit 0df914e7a66a4807bac7762ab33ba3020944ef6b | |
1247 | Author: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
1248 | Date: Mon Nov 16 16:25:56 2015 +0100 | |
1249 | ||
1250 | af_unix: don't append consumed skbs to sk_receive_queue | |
1251 | ||
1252 | In case multiple writes to a unix stream socket race we could end up in a | |
1253 | situation where we pre-allocate a new skb for use in unix_stream_sendpage | |
1254 | but have to free it again in the locked section because another skb | |
1255 | has been appended meanwhile, which we must use. Accidentally we didn't | |
1256 | clear the pointer after consuming it and so we touched freed memory | |
1257 | while appending it to the sk_receive_queue. So, clear the pointer after | |
1258 | consuming the skb. | |
1259 | ||
1260 | This bug has been found with syzkaller | |
1261 | (http://github.com/google/syzkaller) by Dmitry Vyukov. | |
1262 | ||
1263 | Fixes: 869e7c62486e ("net: af_unix: implement stream sendpage support") | |
1264 | Reported-by: Dmitry Vyukov <dvyukov@google.com> | |
1265 | Cc: Dmitry Vyukov <dvyukov@google.com> | |
1266 | Cc: Eric Dumazet <eric.dumazet@gmail.com> | |
1267 | Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
1268 | Acked-by: Eric Dumazet <edumazet@google.com> | |
1269 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
1270 | ||
1271 | net/unix/af_unix.c | 1 + | |
1272 | 1 files changed, 1 insertions(+), 0 deletions(-) | |
1273 | ||
1274 | commit ac8466abcd0ae871cd38d868e1a4e903b92ffc48 | |
1275 | Author: Jason A. Donenfeld <Jason@zx2c4.com> | |
1276 | Date: Thu Nov 12 17:35:58 2015 +0100 | |
1277 | ||
1278 | ip_tunnel: disable preemption when updating per-cpu tstats | |
1279 | ||
1280 | Drivers like vxlan use the recently introduced | |
1281 | udp_tunnel_xmit_skb/udp_tunnel6_xmit_skb APIs. udp_tunnel6_xmit_skb | |
1282 | makes use of ip6tunnel_xmit, and ip6tunnel_xmit, after sending the | |
1283 | packet, updates the struct stats using the usual | |
1284 | u64_stats_update_begin/end calls on this_cpu_ptr(dev->tstats). | |
1285 | udp_tunnel_xmit_skb makes use of iptunnel_xmit, which doesn't touch | |
1286 | tstats, so drivers like vxlan, immediately after, call | |
1287 | iptunnel_xmit_stats, which does the same thing - calls | |
1288 | u64_stats_update_begin/end on this_cpu_ptr(dev->tstats). | |
1289 | ||
1290 | While vxlan is probably fine (I don't know?), calling a similar function | |
1291 | from, say, an unbound workqueue, on a fully preemptable kernel causes | |
1292 | real issues: | |
1293 | ||
1294 | [ 188.434537] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u8:0/6 | |
1295 | [ 188.435579] caller is debug_smp_processor_id+0x17/0x20 | |
1296 | [ 188.435583] CPU: 0 PID: 6 Comm: kworker/u8:0 Not tainted 4.2.6 #2 | |
1297 | [ 188.435607] Call Trace: | |
1298 | [ 188.435611] [<ffffffff8234e936>] dump_stack+0x4f/0x7b | |
1299 | [ 188.435615] [<ffffffff81915f3d>] check_preemption_disabled+0x19d/0x1c0 | |
1300 | [ 188.435619] [<ffffffff81915f77>] debug_smp_processor_id+0x17/0x20 | |
1301 | ||
1302 | The solution would be to protect the whole | |
1303 | this_cpu_ptr(dev->tstats)/u64_stats_update_begin/end blocks with | |
1304 | disabling preemption and then reenabling it. | |
1305 | ||
1306 | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | |
1307 | Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
1308 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
1309 | ||
1310 | include/net/ip6_tunnel.h | 3 ++- | |
1311 | include/net/ip_tunnels.h | 3 ++- | |
1312 | 2 files changed, 4 insertions(+), 2 deletions(-) | |
1313 | ||
1314 | commit 44665148f06b73ea0c253a1a34d15689674d7421 | |
1315 | Author: Mathias Krause <minipli@googlemail.com> | |
1316 | Date: Fri Nov 6 16:30:38 2015 -0800 | |
1317 | ||
1318 | printk: prevent userland from spoofing kernel messages | |
1319 | ||
1320 | The following statement of ABI/testing/dev-kmsg is not quite right: | |
1321 | ||
1322 | It is not possible to inject messages from userspace with the | |
1323 | facility number LOG_KERN (0), to make sure that the origin of the | |
1324 | messages can always be reliably determined. | |
1325 | ||
1326 | Userland actually can inject messages with a facility of 0 by abusing the | |
1327 | fact that the facility is stored in a u8 data type. By using a facility | |
1328 | which is a multiple of 256 the assignment of msg->facility in log_store() | |
1329 | implicitly truncates it to 0, i.e. LOG_KERN, allowing users of /dev/kmsg | |
1330 | to spoof kernel messages as shown below: | |
1331 | ||
1332 | The following call... | |
1333 | # printf '<%d>Kernel panic - not syncing: beer empty\n' 0 >/dev/kmsg | |
1334 | ...leads to the following log entry (dmesg -x | tail -n 1): | |
1335 | user :emerg : [ 66.137758] Kernel panic - not syncing: beer empty | |
1336 | ||
1337 | However, this call... | |
1338 | # printf '<%d>Kernel panic - not syncing: beer empty\n' 0x800 >/dev/kmsg | |
1339 | ...leads to the slightly different log entry (note the kernel facility): | |
1340 | kern :emerg : [ 74.177343] Kernel panic - not syncing: beer empty | |
1341 | ||
1342 | Fix that by limiting the user provided facility to 8 bit right from the | |
1343 | beginning and catch the truncation early. | |
1344 | ||
1345 | Fixes: 7ff9554bb578 ("printk: convert byte-buffer to variable-length...") | |
1346 | Signed-off-by: Mathias Krause <minipli@googlemail.com> | |
1347 | Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
1348 | Cc: Petr Mladek <pmladek@suse.cz> | |
1349 | Cc: Alex Elder <elder@linaro.org> | |
1350 | Cc: Joe Perches <joe@perches.com> | |
1351 | Cc: Kay Sievers <kay@vrfy.org> | |
1352 | Cc: <stable@vger.kernel.org> | |
1353 | Signed-off-by: Andrew Morton <akpm@linux-foundation.org> | |
1354 | Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | |
1355 | ||
1356 | kernel/printk/printk.c | 13 ++++++++----- | |
1357 | 1 files changed, 8 insertions(+), 5 deletions(-) | |
1358 | ||
1359 | commit bef8fb168317597f02c00ab4075ff094dcdfd2c6 | |
1360 | Author: Borislav Petkov <bp@suse.de> | |
1361 | Date: Thu Nov 5 16:57:56 2015 +0100 | |
1362 | ||
1363 | x86/cpu: Call verify_cpu() after having entered long mode too | |
1364 | ||
1365 | When we get loaded by a 64-bit bootloader, kernel entry point is | |
1366 | startup_64 in head_64.S. We don't trust any and all bootloaders because | |
1367 | some will fiddle with CPU configuration so we go ahead and massage each | |
1368 | CPU into sanity again. | |
1369 | ||
1370 | For example, some dell BIOSes have this XD disable feature which set | |
1371 | IA32_MISC_ENABLE[34] and disable NX. This might be some dumb workaround | |
1372 | for other OSes but Linux sure doesn't need it. | |
1373 | ||
1374 | A similar thing is present in the Surface 3 firmware - see | |
1375 | https://bugzilla.kernel.org/show_bug.cgi?id=106051 - which sets this bit | |
1376 | only on the BSP: | |
1377 | ||
1378 | # rdmsr -a 0x1a0 | |
1379 | 400850089 | |
1380 | 850089 | |
1381 | 850089 | |
1382 | 850089 | |
1383 | ||
1384 | I know, right?! | |
1385 | ||
1386 | There's not even an off switch in there. | |
1387 | ||
1388 | So fix all those cases by sanitizing the 64-bit entry point too. For | |
1389 | that, make verify_cpu() callable in 64-bit mode also. | |
1390 | ||
1391 | Requested-and-debugged-by: "H. Peter Anvin" <hpa@zytor.com> | |
1392 | Reported-and-tested-by: Bastien Nocera <bugzilla@hadess.net> | |
1393 | Signed-off-by: Borislav Petkov <bp@suse.de> | |
1394 | Cc: Matt Fleming <matt@codeblueprint.co.uk> | |
1395 | Cc: Peter Zijlstra <peterz@infradead.org> | |
1396 | Cc: stable@vger.kernel.org | |
1397 | Link: http://lkml.kernel.org/r/1446739076-21303-1-git-send-email-bp@alien8.de | |
1398 | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> | |
1399 | ||
1400 | Conflicts: | |
1401 | ||
1402 | arch/x86/kernel/head_64.S | |
1403 | ||
1404 | arch/x86/kernel/head_64.S | 9 +++++++++ | |
1405 | arch/x86/kernel/verify_cpu.S | 12 +++++++----- | |
1406 | 2 files changed, 16 insertions(+), 5 deletions(-) | |
1407 | ||
1408 | commit 9cb084208a9589a6a5be01d2b7df88843f4b01a4 | |
1409 | Author: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
1410 | Date: Tue Nov 10 16:23:15 2015 +0100 | |
1411 | ||
1412 | af-unix: fix use-after-free with concurrent readers while splicing | |
1413 | ||
1414 | During splicing an af-unix socket to a pipe we have to drop all | |
1415 | af-unix socket locks. While doing so we allow another reader to enter | |
1416 | unix_stream_read_generic which can read, copy and finally free another | |
1417 | skb. If exactly this skb is just in process of being spliced we get a | |
1418 | use-after-free report by kasan. | |
1419 | ||
1420 | First, we must make sure to not have a free while the skb is used during | |
1421 | the splice operation. We simply increment its use counter before unlocking | |
1422 | the reader lock. | |
1423 | ||
1424 | Stream sockets have the nice characteristic that we don't care about | |
1425 | zero length writes and they never reach the peer socket's queue. That | |
1426 | said, we can take the UNIXCB.consumed field as the indicator if the | |
1427 | skb was already freed from the socket's receive queue. If the skb was | |
1428 | fully consumed after we locked the reader side again we know it has been | |
1429 | dropped by a second reader. We indicate a short read to user space and | |
1430 | abort the current splice operation. | |
1431 | ||
1432 | This bug has been found with syzkaller | |
1433 | (http://github.com/google/syzkaller) by Dmitry Vyukov. | |
1434 | ||
1435 | Fixes: 2b514574f7e8 ("net: af_unix: implement splice for stream af_unix sockets") | |
1436 | Reported-by: Dmitry Vyukov <dvyukov@google.com> | |
1437 | Cc: Dmitry Vyukov <dvyukov@google.com> | |
1438 | Cc: Eric Dumazet <eric.dumazet@gmail.com> | |
1439 | Acked-by: Eric Dumazet <edumazet@google.com> | |
1440 | Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
1441 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
1442 | ||
1443 | net/unix/af_unix.c | 18 ++++++++++++++++++ | |
1444 | 1 files changed, 18 insertions(+), 0 deletions(-) | |
1445 | ||
90cab73e PK |
1446 | commit 4e75d2b7d6546add44f0951e78410b131a1e660d |
1447 | Author: Brad Spengler <spender@grsecurity.net> | |
1448 | Date: Sat Nov 14 15:08:46 2015 -0500 | |
1449 | ||
1450 | switch the default for SIZE_OVERFLOW_KILL to n, later we'll remove | |
1451 | the option entirely | |
1452 | Distros should make sure their users report all overflows printed to the | |
1453 | kernel logs so the underlying issues can be fixed | |
1454 | ||
1455 | security/Kconfig | 2 +- | |
1456 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
1457 | ||
1458 | commit 2e37eb35e0f1ba5a0feac5264a7b24d89376d0a2 | |
1459 | Author: Brad Spengler <spender@grsecurity.net> | |
1460 | Date: Sat Nov 14 15:07:51 2015 -0500 | |
1461 | ||
1462 | Resync with PaX | |
1463 | ||
1464 | fs/btrfs/inode.c | 12 ++++++++++++ | |
1465 | 1 files changed, 12 insertions(+), 0 deletions(-) | |
1466 | ||
1467 | commit 2f63d2552f38c700902d17bf9b591d82f39a3fb5 | |
1468 | Merge: 5e0ec21 823b1bc | |
1469 | Author: Brad Spengler <spender@grsecurity.net> | |
1470 | Date: Sat Nov 14 14:29:16 2015 -0500 | |
1471 | ||
1472 | Merge branch 'pax-test' into grsec-test | |
1473 | ||
1474 | commit 823b1bc5a8e670f7ddfa98ee0d83762bffab28fb | |
1475 | Author: Brad Spengler <spender@grsecurity.net> | |
1476 | Date: Sat Nov 14 14:28:35 2015 -0500 | |
1477 | ||
1478 | Update to pax-linux-4.2.6-test19.patch: | |
1479 | - David Sterba updated the fix for one of the previous btrfs problems | |
1480 | - Emese and Rasmus Villemoes <linux@rasmusvillemoes.dk> fixed a few bugs in the initify plugin | |
1481 | - fixed debian package generation to support building out-of-tree modules with plugins, reported by Elie Roudninski <elie.roudninski@gmail.com> | |
1482 | ||
1483 | fs/btrfs/delayed-inode.c | 3 +- | |
1484 | fs/btrfs/delayed-inode.h | 2 +- | |
1485 | fs/btrfs/inode.c | 2 +- | |
1486 | scripts/package/builddeb | 2 +- | |
1487 | tools/gcc/initify_plugin.c | 264 ++++++++++++++++++++++++++++++-------------- | |
1488 | 5 files changed, 188 insertions(+), 85 deletions(-) | |
1489 | ||
76e55d26 PK |
1490 | commit 5e0ec21349bb3aeead0701ef51df3086ad377979 |
1491 | Author: Brad Spengler <spender@grsecurity.net> | |
1492 | Date: Thu Nov 12 19:54:21 2015 -0500 | |
1493 | ||
1494 | Revert https://patchwork.kernel.org/patch/7585611/ for now as it's been reported | |
1495 | to cause userland hangs, similar to previous bugs seen in the past | |
1496 | ||
1497 | fs/btrfs/inode.c | 12 ------------ | |
1498 | 1 files changed, 0 insertions(+), 12 deletions(-) | |
1499 | ||
1500 | commit 65402b5a6125cc95c3223a0da8f2817e13bf18ec | |
1501 | Author: françois romieu <romieu@fr.zoreil.com> | |
1502 | Date: Wed Nov 11 23:35:18 2015 +0100 | |
1503 | ||
1504 | r8169: fix kasan reported skb use-after-free. | |
1505 | ||
1506 | Signed-off-by: Francois Romieu <romieu@fr.zoreil.com> | |
1507 | Reported-by: Dave Jones <davej@codemonkey.org.uk> | |
1508 | Fixes: d7d2d89d4b0af ("r8169: Add software counter for multicast packages") | |
1509 | Acked-by: Eric Dumazet <edumazet@google.com> | |
1510 | Acked-by: Corinna Vinschen <vinschen@redhat.com> | |
1511 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
1512 | ||
1513 | drivers/net/ethernet/realtek/r8169.c | 3 +++ | |
1514 | 1 files changed, 3 insertions(+), 0 deletions(-) | |
1515 | ||
1516 | commit bbfcbb7b1e086062aa17358927e14e394830b8a3 | |
1517 | Author: Anthony Lineham <anthony.lineham@alliedtelesis.co.nz> | |
1518 | Date: Thu Oct 22 11:17:03 2015 +1300 | |
1519 | ||
1520 | netfilter: Fix removal of GRE expectation entries created by PPTP | |
1521 | ||
1522 | The uninitialized tuple structure caused incorrect hash calculation | |
1523 | and the lookup failed. | |
1524 | ||
1525 | Link: https://bugzilla.kernel.org/show_bug.cgi?id=106441 | |
1526 | Signed-off-by: Anthony Lineham <anthony.lineham@alliedtelesis.co.nz> | |
1527 | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | |
1528 | ||
1529 | net/ipv4/netfilter/nf_nat_pptp.c | 2 +- | |
1530 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
1531 | ||
1532 | commit d7cb19f37a91603021e2bed6417766ecca315bd0 | |
1533 | Author: Paolo Bonzini <pbonzini@redhat.com> | |
1534 | Date: Tue Nov 10 09:14:39 2015 +0100 | |
1535 | ||
1536 | KVM: svm: unconditionally intercept #DB | |
1537 | ||
1538 | This is needed to avoid the possibility that the guest triggers | |
1539 | an infinite stream of #DB exceptions (CVE-2015-8104). | |
1540 | ||
1541 | VMX is not affected: because it does not save DR6 in the VMCS, | |
1542 | it already intercepts #DB unconditionally. | |
1543 | ||
1544 | Reported-by: Jan Beulich <jbeulich@suse.com> | |
1545 | Cc: stable@vger.kernel.org | |
1546 | Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> | |
1547 | ||
1548 | arch/x86/kvm/svm.c | 14 +++----------- | |
1549 | 1 files changed, 3 insertions(+), 11 deletions(-) | |
1550 | ||
1551 | commit 5b241ac6551e1675e1cbbc4a74fa1c698ada28f4 | |
1552 | Author: Eric Northup <digitaleric@google.com> | |
1553 | Date: Tue Nov 3 18:03:53 2015 +0100 | |
1554 | ||
1555 | KVM: x86: work around infinite loop in microcode when #AC is delivered | |
1556 | ||
1557 | It was found that a guest can DoS a host by triggering an infinite | |
1558 | stream of "alignment check" (#AC) exceptions. This causes the | |
1559 | microcode to enter an infinite loop where the core never receives | |
1560 | another interrupt. The host kernel panics pretty quickly due to the | |
1561 | effects (CVE-2015-5307). | |
1562 | ||
1563 | Signed-off-by: Eric Northup <digitaleric@google.com> | |
1564 | Cc: stable@vger.kernel.org | |
1565 | Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> | |
1566 | ||
1567 | arch/x86/include/uapi/asm/svm.h | 1 + | |
1568 | arch/x86/kvm/svm.c | 8 ++++++++ | |
1569 | arch/x86/kvm/vmx.c | 5 ++++- | |
1570 | 3 files changed, 13 insertions(+), 1 deletions(-) | |
1571 | ||
1572 | commit 6113725aaaf6626522b93732f29dd36370695a89 | |
1573 | Author: Daniel Borkmann <daniel@iogearbox.net> | |
1574 | Date: Thu Nov 5 00:01:51 2015 +0100 | |
1575 | ||
1576 | debugfs: fix refcount imbalance in start_creating | |
1577 | ||
1578 | In debugfs' start_creating(), we pin the file system to safely access | |
1579 | its root. When we failed to create a file, we unpin the file system via | |
1580 | failed_creating() to release the mount count and eventually the reference | |
1581 | of the vfsmount. | |
1582 | ||
1583 | However, when we run into an error during lookup_one_len() when still | |
1584 | in start_creating(), we only release the parent's mutex but not so the | |
1585 | reference on the mount. Looks like it was done in the past, but after | |
1586 | splitting portions of __create_file() into start_creating() and | |
1587 | end_creating() via 190afd81e4a5 ("debugfs: split the beginning and the | |
1588 | end of __create_file() off"), this seemed missed. Noticed during code | |
1589 | review. | |
1590 | ||
1591 | Fixes: 190afd81e4a5 ("debugfs: split the beginning and the end of __create_file() off") | |
1592 | Cc: stable@vger.kernel.org # v4.0+ | |
1593 | Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | |
1594 | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> | |
1595 | ||
1596 | fs/debugfs/inode.c | 6 +++++- | |
1597 | 1 files changed, 5 insertions(+), 1 deletions(-) | |
1598 | ||
1599 | commit e91f8a6717837a8a64b6e86317a1373ec9cd6c04 | |
1600 | Author: Maciej W. Rozycki <macro@imgtec.com> | |
1601 | Date: Mon Oct 26 15:48:19 2015 +0000 | |
1602 | ||
1603 | binfmt_elf: Don't clobber passed executable's file header | |
1604 | ||
1605 | Do not clobber the buffer space passed from `search_binary_handler' and | |
1606 | originally preloaded by `prepare_binprm' with the executable's file | |
1607 | header by overwriting it with its interpreter's file header. Instead | |
1608 | keep the buffer space intact and directly use the data structure locally | |
1609 | allocated for the interpreter's file header, fixing a bug introduced in | |
1610 | 2.1.14 with loadable module support (linux-mips.org commit beb11695 | |
1611 | [Import of Linux/MIPS 2.1.14], predating kernel.org repo's history). | |
1612 | Adjust the amount of data read from the interpreter's file accordingly. | |
1613 | ||
1614 | This was not an issue before loadable module support, because back then | |
1615 | `load_elf_binary' was executed only once for a given ELF executable, | |
1616 | whether the function succeeded or failed. | |
1617 | ||
1618 | With loadable module support supported and enabled, upon a failure of | |
1619 | `load_elf_binary' -- which may for example be caused by architecture | |
1620 | code rejecting an executable due to a missing hardware feature requested | |
1621 | in the file header -- a module load is attempted and then the function | |
1622 | reexecuted by `search_binary_handler'. With the executable's file | |
1623 | header replaced with its interpreter's file header the executable can | |
1624 | then be erroneously accepted in this subsequent attempt. | |
1625 | ||
1626 | Cc: stable@vger.kernel.org # all the way back | |
1627 | Signed-off-by: Maciej W. Rozycki <macro@imgtec.com> | |
1628 | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> | |
1629 | ||
1630 | fs/binfmt_elf.c | 10 +++++----- | |
1631 | 1 files changed, 5 insertions(+), 5 deletions(-) | |
1632 | ||
2d1b3edc PK |
1633 | commit 9c49029fe4cb9a52cb174aebfd5946a9d26b9956 |
1634 | Merge: 5482e7e 7033393 | |
1635 | Author: Brad Spengler <spender@grsecurity.net> | |
1636 | Date: Mon Nov 9 19:51:58 2015 -0500 | |
1637 | ||
1638 | Merge branch 'pax-test' into grsec-test | |
1639 | ||
1640 | commit 70333935932c9f3eb333a354dd760b4233efcc37 | |
1641 | Author: Brad Spengler <spender@grsecurity.net> | |
1642 | Date: Mon Nov 9 19:51:19 2015 -0500 | |
1643 | ||
1644 | Update to pax-linux-4.2.6-test18.patch: | |
1645 | - cleaned up the last of the FPU changes, by spender | |
1646 | - fixed a few KERNEXEC regressions (backported from 4.3) | |
1647 | - Emese fixed a few size overflow false positives in kvm, reported by Christian Roessner (https://bugs.gentoo.org/show_bug.cgi?id=558138#c23) | |
1648 | - David Sterba fixed a few integer overflows in btrfs caught by the size overflow plugin (https://patchwork.kernel.org/patch/7585611/ and https://patchwork.kernel.org/patch/7582351/), reported by Victor, Stebalien and alan.d (https://forums.grsecurity.net/viewtopic.php?f=1&t=4284) | |
1649 | ||
1650 | arch/x86/include/asm/fpu/internal.h | 2 +- | |
1651 | arch/x86/include/asm/fpu/types.h | 1 - | |
1652 | arch/x86/kernel/apic/apic.c | 4 ++- | |
1653 | arch/x86/kernel/fpu/init.c | 36 -------------------- | |
1654 | arch/x86/kernel/process_64.c | 6 +-- | |
1655 | arch/x86/kernel/vsmp_64.c | 13 +++++-- | |
1656 | drivers/acpi/video_detect.c | 2 +- | |
1657 | drivers/lguest/core.c | 2 +- | |
1658 | fs/btrfs/file.c | 10 ++++-- | |
1659 | fs/btrfs/inode.c | 12 ++++++ | |
1660 | .../disable_size_overflow_hash.data | 5 ++- | |
1661 | .../size_overflow_plugin/size_overflow_hash.data | 7 +--- | |
1662 | 12 files changed, 42 insertions(+), 58 deletions(-) | |
1663 | ||
1664 | commit 5482e7eb4ba3c5cc90472ccdb1bfe2cec64413e2 | |
1665 | Merge: 81e2642 682ba19 | |
1666 | Author: Brad Spengler <spender@grsecurity.net> | |
1667 | Date: Mon Nov 9 18:19:48 2015 -0500 | |
1668 | ||
1669 | Merge branch 'pax-test' into grsec-test | |
1670 | ||
1671 | Conflicts: | |
1672 | drivers/pci/pci-sysfs.c | |
1673 | ||
1674 | commit 682ba19ce305f501c9bc5c42a76f2c7442aa22fc | |
1675 | Merge: 7755256 1c02865 | |
1676 | Author: Brad Spengler <spender@grsecurity.net> | |
1677 | Date: Mon Nov 9 18:18:24 2015 -0500 | |
1678 | ||
1679 | Merge branch 'linux-4.2.y' into pax-test | |
1680 | ||
29c15a34 PK |
1681 | commit 81e26429b7a36f0c75de3ab42754256720c0a159 |
1682 | Author: Brad Spengler <spender@grsecurity.net> | |
1683 | Date: Mon Nov 9 07:37:30 2015 -0500 | |
1684 | ||
1685 | btrfs: fix signed overflow in btrfs_sync_file | |
1686 | ||
1687 | The calculation of range length in btrfs_sync_file leads to signed | |
1688 | overflow. This was caught by PaX gcc SIZE_OVERFLOW plugin. | |
1689 | ||
1690 | https://forums.grsecurity.net/viewtopic.php?f=1&t=4284 | |
1691 | ||
1692 | The fsync call passes 0 and LLONG_MAX, the range length does not fit to | |
1693 | loff_t and overflows, but the value is converted to u64 so it silently | |
1694 | works as expected. | |
1695 | ||
1696 | The minimal fix is a typecast to u64, switching functions to take | |
1697 | (start, end) instead of (start, len) would be more intrusive. | |
1698 | ||
1699 | Coccinelle script found that there's one more opencoded calculation of | |
1700 | the length. | |
1701 | ||
1702 | <smpl> | |
1703 | @@ | |
1704 | loff_t start, end; | |
1705 | @@ | |
1706 | * end - start | |
1707 | </smpl> | |
1708 | ||
1709 | CC: stable@vger.kernel.org | |
1710 | Signed-off-by: David Sterba <dsterba@suse.com> | |
1711 | ||
1712 | fs/btrfs/file.c | 10 +++++++--- | |
1713 | 1 files changed, 7 insertions(+), 3 deletions(-) | |
1714 | ||
4d865a41 PK |
1715 | commit 07fd498a96e2d589ad743851c0dec482a92e0429 |
1716 | Author: Brad Spengler <spender@grsecurity.net> | |
1717 | Date: Sun Nov 8 17:04:31 2015 -0500 | |
1718 | ||
1719 | Fix an upstream type confusion bug exposed by RANDSTRUCT: | |
1720 | at the beginning of each sem_array/shmid_kernel/msg_queue | |
1721 | struct is an kern_ipc_perm struct. Unlike every other place in the | |
1722 | kernel where some field must be at an explicit location, there's | |
1723 | no documentation at all that the kern_ipc_perm must be at the beginning | |
1724 | of these structs. Previously, shmid_kernel and kern_ipc_perm were both | |
1725 | randomized with RANDSTRUCT. The problem arises due to the show() handler | |
1726 | for /proc for msg/sem/shm -- what it is provided is a pointer to | |
1727 | a kern_ipc_perm struct (as a void *) which each show() handler then | |
1728 | assumes can be implicitly cast to its own particular struct type without | |
1729 | any kind of container_of being performed. Fix this by doing the proper | |
1730 | type conversions for each via container_of, and randomize the sem and msg | |
1731 | structs while we're at it. | |
1732 | ||
1733 | include/linux/msg.h | 2 +- | |
1734 | include/linux/sem.h | 2 +- | |
1735 | ipc/msg.c | 3 ++- | |
1736 | ipc/sem.c | 3 ++- | |
1737 | ipc/shm.c | 3 ++- | |
1738 | 5 files changed, 8 insertions(+), 5 deletions(-) | |
1739 | ||
1740 | commit 6591e1a526c544936975cd3515d8def09e8026f0 | |
1741 | Author: Brad Spengler <spender@grsecurity.net> | |
1742 | Date: Tue Nov 3 19:36:05 2015 -0500 | |
1743 | ||
1744 | Properly fix the PCI sysfs node check that was recently improperly fixed | |
1745 | upstream (it's under CAP_SYS_ADMIN so it's not really serious) | |
1746 | Reported by Mathias Krause | |
1747 | ||
1748 | drivers/pci/pci-sysfs.c | 2 +- | |
1749 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
1750 | ||
1751 | commit ece03d4d07f29634687b2ea5edb7cab23888cff3 | |
1752 | Merge: 715e674 7755256 | |
1753 | Author: Brad Spengler <spender@grsecurity.net> | |
1754 | Date: Mon Nov 2 21:32:10 2015 -0500 | |
1755 | ||
1756 | Merge branch 'pax-test' into grsec-test | |
1757 | ||
1758 | commit 775525660a6353feb261ad6232f6acbc23826bf4 | |
1759 | Author: Brad Spengler <spender@grsecurity.net> | |
1760 | Date: Mon Nov 2 21:31:21 2015 -0500 | |
1761 | ||
1762 | Update to pax-linux-4.2.5-test17.patch: | |
1763 | - Emese fixed a bunch of size overflow reports: | |
1764 | - https://forums.grsecurity.net/viewtopic.php?f=3&t=4290 | |
1765 | - https://forums.grsecurity.net/viewtopic.php?f=3&t=4291 | |
1766 | - https://forums.grsecurity.net/viewtopic.php?f=3&t=4288 | |
1767 | - https://forums.grsecurity.net/viewtopic.php?f=3&t=4285 | |
1768 | - https://forums.grsecurity.net/viewtopic.php?f=3&t=4283 | |
1769 | - https://forums.grsecurity.net/viewtopic.php?f=3&t=4287 | |
1770 | - https://forums.grsecurity.net/viewtopic.php?f=3&t=4289 | |
1771 | - https://bugs.archlinux.org/task/46798 | |
1772 | - fixed the x86 fpu code some more, reported by spender and others (https://bugs.gentoo.org/show_bug.cgi?id=563804, https://bugs.archlinux.org/task/46764) | |
1773 | ||
1774 | arch/x86/include/asm/fpu/internal.h | 4 +- | |
1775 | arch/x86/kernel/fpu/core.c | 2 +- | |
1776 | arch/x86/kernel/process.c | 3 +- | |
1777 | arch/x86/kernel/process_64.c | 6 +- | |
1778 | drivers/usb/class/cdc-acm.h | 2 +- | |
1779 | drivers/video/console/fbcon.c | 2 +- | |
1780 | fs/dlm/lowcomms.c | 2 +- | |
1781 | include/linux/usb.h | 8 +- | |
1782 | .../disable_size_overflow_hash.data | 15 +- | |
1783 | .../size_overflow_plugin/intentional_overflow.c | 3 + | |
1784 | .../size_overflow_plugin/size_overflow_hash.data | 373 ++++++++++++++++---- | |
1785 | tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 3 +- | |
1786 | .../size_overflow_plugin/size_overflow_plugin.c | 2 +- | |
1787 | 13 files changed, 329 insertions(+), 96 deletions(-) | |
1788 | ||
0a2b3309 PK |
1789 | commit 715e674a838f08748044bce459380762e9c1cd29 |
1790 | Author: Sasha Levin <sasha.levin@oracle.com> | |
1791 | Date: Wed Oct 7 11:03:28 2015 -0500 | |
1792 | ||
1793 | PCI: Prevent out of bounds access in numa_node override | |
1794 | ||
1795 | 63692df103e9 ("PCI: Allow numa_node override via sysfs") didn't check that | |
1796 | the numa node provided by userspace is valid. Passing a node number too | |
1797 | high would attempt to access invalid memory and trigger a kernel panic. | |
1798 | ||
1799 | Fixes: 63692df103e9 ("PCI: Allow numa_node override via sysfs") | |
1800 | Signed-off-by: Sasha Levin <sasha.levin@oracle.com> | |
1801 | Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> | |
1802 | CC: stable@vger.kernel.org # v3.19+ | |
1803 | ||
1804 | drivers/pci/pci-sysfs.c | 2 +- | |
1805 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
1806 | ||
1807 | commit 6abe1bb892fe394df80dd4267a8bd2874d537e4e | |
1808 | Author: David Howells <dhowells@redhat.com> | |
1809 | Date: Fri Sep 18 11:45:12 2015 +0100 | |
1810 | ||
1811 | ovl: use O_LARGEFILE in ovl_copy_up() | |
1812 | ||
1813 | Open the lower file with O_LARGEFILE in ovl_copy_up(). | |
1814 | ||
1815 | Pass O_LARGEFILE unconditionally in ovl_copy_up_data() as it's purely for | |
1816 | catching 32-bit userspace dealing with a file large enough that it'll be | |
1817 | mishandled if the application isn't aware that there might be an integer | |
1818 | overflow. Inside the kernel, there shouldn't be any problems. | |
1819 | ||
1820 | Reported-by: Ulrich Obergfell <uobergfe@redhat.com> | |
1821 | Signed-off-by: David Howells <dhowells@redhat.com> | |
1822 | Signed-off-by: Miklos Szeredi <miklos@szeredi.hu> | |
1823 | Cc: <stable@vger.kernel.org> # v3.18+ | |
1824 | ||
1825 | fs/overlayfs/copy_up.c | 4 ++-- | |
1826 | 1 files changed, 2 insertions(+), 2 deletions(-) | |
1827 | ||
1828 | commit bf5e23398e4a82e28fe0801337a4b78ca951a1d9 | |
1829 | Author: David Howells <dhowells@redhat.com> | |
1830 | Date: Fri Sep 18 11:45:22 2015 +0100 | |
1831 | ||
1832 | ovl: fix dentry reference leak | |
1833 | ||
1834 | In ovl_copy_up_locked(), newdentry is leaked if the function exits through | |
1835 | out_cleanup as this just to out after calling ovl_cleanup() - which doesn't | |
1836 | actually release the ref on newdentry. | |
1837 | ||
1838 | The out_cleanup segment should instead exit through out2 as certainly | |
1839 | newdentry leaks - and possibly upper does also, though this isn't caught | |
1840 | given the catch of newdentry. | |
1841 | ||
1842 | Without this fix, something like the following is seen: | |
1843 | ||
1844 | BUG: Dentry ffff880023e9eb20{i=f861,n=#ffff880023e82d90} still in use (1) [unmount of tmpfs tmpfs] | |
1845 | BUG: Dentry ffff880023ece640{i=0,n=bigfile} still in use (1) [unmount of tmpfs tmpfs] | |
1846 | ||
1847 | when unmounting the upper layer after an error occurred in copyup. | |
1848 | ||
1849 | An error can be induced by creating a big file in a lower layer with | |
1850 | something like: | |
1851 | ||
1852 | dd if=/dev/zero of=/lower/a/bigfile bs=65536 count=1 seek=$((0xf000)) | |
1853 | ||
1854 | to create a large file (4.1G). Overlay an upper layer that is too small | |
1855 | (on tmpfs might do) and then induce a copy up by opening it writably. | |
1856 | ||
1857 | Reported-by: Ulrich Obergfell <uobergfe@redhat.com> | |
1858 | Signed-off-by: David Howells <dhowells@redhat.com> | |
1859 | Signed-off-by: Miklos Szeredi <miklos@szeredi.hu> | |
1860 | Cc: <stable@vger.kernel.org> # v3.18+ | |
1861 | ||
1862 | fs/overlayfs/copy_up.c | 2 +- | |
1863 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
1864 | ||
1865 | commit da93976d3355abae09d9fd6a68e7dea77ed619d1 | |
1866 | Author: Miklos Szeredi <miklos@szeredi.hu> | |
1867 | Date: Mon Oct 12 15:56:20 2015 +0200 | |
1868 | ||
1869 | ovl: fix open in stacked overlay | |
1870 | ||
1871 | If two overlayfs filesystems are stacked on top of each other, then we need | |
1872 | recursion in ovl_d_select_inode(). | |
1873 | ||
1874 | I guess d_backing_inode() is supposed to do that. But currently it doesn't | |
1875 | and that functionality is open coded in vfs_open(). This is now copied | |
1876 | into ovl_d_select_inode() to fix this regression. | |
1877 | ||
1878 | Reported-by: Alban Crequy <alban.crequy@gmail.com> | |
1879 | Signed-off-by: Miklos Szeredi <miklos@szeredi.hu> | |
1880 | Fixes: 4bacc9c9234c ("overlayfs: Make f_path always point to the overlay...") | |
1881 | Cc: David Howells <dhowells@redhat.com> | |
1882 | Cc: <stable@vger.kernel.org> # v4.2+ | |
1883 | ||
1884 | fs/overlayfs/inode.c | 3 +++ | |
1885 | 1 files changed, 3 insertions(+), 0 deletions(-) | |
1886 | ||
1887 | commit 0ddd9cf6149717882b81c946149bf55332d763ae | |
1888 | Author: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> | |
1889 | Date: Mon Aug 24 15:57:18 2015 +0300 | |
1890 | ||
1891 | ovl: free stack of paths in ovl_fill_super | |
1892 | ||
1893 | This fixes small memory leak after mount. | |
1894 | ||
1895 | Kmemleak report: | |
1896 | ||
1897 | unreferenced object 0xffff88003683fe00 (size 16): | |
1898 | comm "mount", pid 2029, jiffies 4294909563 (age 33.380s) | |
1899 | hex dump (first 16 bytes): | |
1900 | 20 27 1f bb 00 88 ff ff 40 4b 0f 36 02 88 ff ff '......@K.6.... | |
1901 | backtrace: | |
1902 | [<ffffffff811f8cd4>] create_object+0x124/0x2c0 | |
1903 | [<ffffffff817a059b>] kmemleak_alloc+0x7b/0xc0 | |
1904 | [<ffffffff811dffe6>] __kmalloc+0x106/0x340 | |
1905 | [<ffffffffa01b7a29>] ovl_fill_super+0x389/0x9a0 [overlay] | |
1906 | [<ffffffff81200ac4>] mount_nodev+0x54/0xa0 | |
1907 | [<ffffffffa01b7118>] ovl_mount+0x18/0x20 [overlay] | |
1908 | [<ffffffff81201ab3>] mount_fs+0x43/0x170 | |
1909 | [<ffffffff81220d34>] vfs_kern_mount+0x74/0x170 | |
1910 | [<ffffffff812233ad>] do_mount+0x22d/0xdf0 | |
1911 | [<ffffffff812242cb>] SyS_mount+0x7b/0xc0 | |
1912 | [<ffffffff817b6bee>] entry_SYSCALL_64_fastpath+0x12/0x76 | |
1913 | [<ffffffffffffffff>] 0xffffffffffffffff | |
1914 | ||
1915 | Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> | |
1916 | Signed-off-by: Miklos Szeredi <miklos@szeredi.hu> | |
1917 | Fixes: a78d9f0d5d5c ("ovl: support multiple lower layers") | |
1918 | Cc: <stable@vger.kernel.org> # v4.0+ | |
1919 | ||
1920 | fs/overlayfs/super.c | 1 + | |
1921 | 1 files changed, 1 insertions(+), 0 deletions(-) | |
1922 | ||
1923 | commit b86575c9973b9ad55d659fd8a6be8f864435ad0e | |
1924 | Author: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> | |
1925 | Date: Mon Aug 24 15:57:19 2015 +0300 | |
1926 | ||
1927 | ovl: free lower_mnt array in ovl_put_super | |
1928 | ||
1929 | This fixes memory leak after umount. | |
1930 | ||
1931 | Kmemleak report: | |
1932 | ||
1933 | unreferenced object 0xffff8800ba791010 (size 8): | |
1934 | comm "mount", pid 2394, jiffies 4294996294 (age 53.920s) | |
1935 | hex dump (first 8 bytes): | |
1936 | 20 1c 13 02 00 88 ff ff ....... | |
1937 | backtrace: | |
1938 | [<ffffffff811f8cd4>] create_object+0x124/0x2c0 | |
1939 | [<ffffffff817a059b>] kmemleak_alloc+0x7b/0xc0 | |
1940 | [<ffffffff811dffe6>] __kmalloc+0x106/0x340 | |
1941 | [<ffffffffa0152bfc>] ovl_fill_super+0x55c/0x9b0 [overlay] | |
1942 | [<ffffffff81200ac4>] mount_nodev+0x54/0xa0 | |
1943 | [<ffffffffa0152118>] ovl_mount+0x18/0x20 [overlay] | |
1944 | [<ffffffff81201ab3>] mount_fs+0x43/0x170 | |
1945 | [<ffffffff81220d34>] vfs_kern_mount+0x74/0x170 | |
1946 | [<ffffffff812233ad>] do_mount+0x22d/0xdf0 | |
1947 | [<ffffffff812242cb>] SyS_mount+0x7b/0xc0 | |
1948 | [<ffffffff817b6bee>] entry_SYSCALL_64_fastpath+0x12/0x76 | |
1949 | [<ffffffffffffffff>] 0xffffffffffffffff | |
1950 | ||
1951 | Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> | |
1952 | Signed-off-by: Miklos Szeredi <miklos@szeredi.hu> | |
1953 | Fixes: dd662667e6d3 ("ovl: add mutli-layer infrastructure") | |
1954 | Cc: <stable@vger.kernel.org> # v4.0+ | |
1955 | ||
1956 | fs/overlayfs/super.c | 1 + | |
1957 | 1 files changed, 1 insertions(+), 0 deletions(-) | |
1958 | ||
1959 | commit 9f49b5376fae99cd590d13726e2633bc0a53b6db | |
1960 | Author: Linus Torvalds <torvalds@linux-foundation.org> | |
1961 | Date: Sun Nov 1 17:09:15 2015 -0800 | |
1962 | ||
1963 | mm: get rid of 'vmalloc_info' from /proc/meminfo | |
1964 | ||
1965 | It turns out that at least some versions of glibc end up reading | |
1966 | /proc/meminfo at every single startup, because glibc wants to know the | |
1967 | amount of memory the machine has. And while that's arguably insane, | |
1968 | it's just how things are. | |
1969 | ||
1970 | And it turns out that it's not all that expensive most of the time, but | |
1971 | the vmalloc information statistics (amount of virtual memory used in the | |
1972 | vmalloc space, and the biggest remaining chunk) can be rather expensive | |
1973 | to compute. | |
1974 | ||
1975 | The 'get_vmalloc_info()' function actually showed up on my profiles as | |
1976 | 4% of the CPU usage of "make test" in the git source repository, because | |
1977 | the git tests are lots of very short-lived shell-scripts etc. | |
1978 | ||
1979 | It turns out that apparently this same silly vmalloc info gathering | |
1980 | shows up on the facebook servers too, according to Dave Jones. So it's | |
1981 | not just "make test" for git. | |
1982 | ||
1983 | We had two patches to just cache the information (one by me, one by | |
1984 | Ingo) to mitigate this issue, but the whole vmalloc information of of | |
1985 | rather dubious value to begin with, and people who *actually* want to | |
1986 | know what the situation is wrt the vmalloc area should just look at the | |
1987 | much more complete /proc/vmallocinfo instead. | |
1988 | ||
1989 | In fact, according to my testing - and perhaps more importantly, | |
1990 | according to that big search engine in the sky: Google - there is | |
1991 | nothing out there that actually cares about those two expensive fields: | |
1992 | VmallocUsed and VmallocChunk. | |
1993 | ||
1994 | So let's try to just remove them entirely. Actually, this just removes | |
1995 | the computation and reports the numbers as zero for now, just to try to | |
1996 | be minimally intrusive. | |
1997 | ||
1998 | If this breaks anything, we'll obviously have to re-introduce the code | |
1999 | to compute this all and add the caching patches on top. But if given | |
2000 | the option, I'd really prefer to just remove this bad idea entirely | |
2001 | rather than add even more code to work around our historical mistake | |
2002 | that likely nobody really cares about. | |
2003 | ||
2004 | Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | |
2005 | ||
2006 | fs/proc/meminfo.c | 7 ++----- | |
2007 | include/linux/vmalloc.h | 12 ------------ | |
2008 | mm/vmalloc.c | 47 ----------------------------------------------- | |
2009 | 3 files changed, 2 insertions(+), 64 deletions(-) | |
2010 | ||
2011 | commit 66425129a550275398f886498d957284539bb331 | |
2012 | Author: Marek Vasut <marex@denx.de> | |
2013 | Date: Fri Oct 30 13:48:19 2015 +0100 | |
2014 | ||
2015 | can: Use correct type in sizeof() in nla_put() | |
2016 | ||
2017 | The sizeof() is invoked on an incorrect variable, likely due to some | |
2018 | copy-paste error, and this might result in memory corruption. Fix this. | |
2019 | ||
2020 | Signed-off-by: Marek Vasut <marex@denx.de> | |
2021 | Cc: Wolfgang Grandegger <wg@grandegger.com> | |
2022 | Cc: netdev@vger.kernel.org | |
2023 | Cc: linux-stable <stable@vger.kernel.org> | |
2024 | Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> | |
2025 | ||
2026 | drivers/net/can/dev.c | 2 +- | |
2027 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
2028 | ||
2029 | commit 8c8e802a86f8faf2519710db043339e1cc953bc4 | |
2030 | Author: Brad Spengler <spender@grsecurity.net> | |
2031 | Date: Mon Nov 2 17:20:52 2015 -0500 | |
2032 | ||
2033 | Fix the FPU code properly by copying the dynamically-sized FPU state on | |
2034 | each clone of the task struct, making it equivalent to the new FPU-in-task-struct code | |
2035 | ||
2036 | Fix is from the PaX Team | |
2037 | ||
2038 | arch/x86/kernel/process.c | 2 ++ | |
2039 | 1 files changed, 2 insertions(+), 0 deletions(-) | |
2040 | ||
2041 | commit 036bc2e2231c76f7eb470bfef67b6bc26187aeae | |
2042 | Author: Brad Spengler <spender@grsecurity.net> | |
2043 | Date: Mon Nov 2 17:19:43 2015 -0500 | |
2044 | ||
2045 | Revert the forced eagerfpu since it's now fixed properly | |
2046 | ||
2047 | arch/x86/kernel/fpu/init.c | 3 --- | |
2048 | 1 files changed, 0 insertions(+), 3 deletions(-) | |
2049 | ||
2050 | commit a08ab82bcf321704f6a228c7924b860510c6d610 | |
2051 | Author: Carol L Soto <clsoto@linux.vnet.ibm.com> | |
2052 | Date: Tue Oct 27 17:36:20 2015 +0200 | |
2053 | ||
2054 | net/mlx4: Copy/set only sizeof struct mlx4_eqe bytes | |
2055 | ||
2056 | When doing memcpy/memset of EQEs, we should use sizeof struct | |
2057 | mlx4_eqe as the base size and not caps.eqe_size which could be bigger. | |
2058 | ||
2059 | If caps.eqe_size is bigger than the struct mlx4_eqe then we corrupt | |
2060 | data in the master context. | |
2061 | ||
2062 | When using a 64 byte stride, the memcpy copied over 63 bytes to the | |
2063 | slave_eq structure. This resulted in copying over the entire eqe of | |
2064 | interest, including its ownership bit -- and also 31 bytes of garbage | |
2065 | into the next WQE in the slave EQ -- which did NOT include the ownership | |
2066 | bit (and therefore had no impact). | |
2067 | ||
2068 | However, once the stride is increased to 128, we are overwriting the | |
2069 | ownership bits of *three* eqes in the slave_eq struct. This results | |
2070 | in an incorrect ownership bit for those eqes, which causes the eq to | |
2071 | seem to be full. The issue therefore surfaced only once 128-byte EQEs | |
2072 | started being used in SRIOV and (overarchitectures that have 128/256 | |
2073 | byte cache-lines such as PPC) - e.g after commit 77507aa249ae | |
2074 | "net/mlx4_core: Enable CQE/EQE stride support". | |
2075 | ||
2076 | Fixes: 08ff32352d6f ('mlx4: 64-byte CQE/EQE support') | |
2077 | Signed-off-by: Carol L Soto <clsoto@linux.vnet.ibm.com> | |
2078 | Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il> | |
2079 | Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> | |
2080 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
2081 | ||
2082 | drivers/net/ethernet/mellanox/mlx4/cmd.c | 2 +- | |
2083 | drivers/net/ethernet/mellanox/mlx4/eq.c | 2 +- | |
2084 | 2 files changed, 2 insertions(+), 2 deletions(-) | |
2085 | ||
2086 | commit 811ab3b52935612def289efa5e9e2aa973f16f26 | |
2087 | Author: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
2088 | Date: Wed Oct 28 13:21:04 2015 +0100 | |
2089 | ||
2090 | ipv6: protect mtu calculation of wrap-around and infinite loop by rounding issues | |
2091 | ||
2092 | Raw sockets with hdrincl enabled can insert ipv6 extension headers | |
2093 | right into the data stream. In case we need to fragment those packets, | |
2094 | we reparse the options header to find the place where we can insert | |
2095 | the fragment header. If the extension headers exceed the link's MTU we | |
2096 | actually cannot make progress in such a case. | |
2097 | ||
2098 | Instead of ending up in broken arithmetic or rounding towards 0 and | |
2099 | entering an endless loop in ip6_fragment, just prevent those cases by | |
2100 | aborting early and signal -EMSGSIZE to user space. | |
2101 | ||
2102 | This is the second version of the patch which doesn't use the | |
2103 | overflow_usub function, which got reverted for now. | |
2104 | ||
2105 | Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> | |
2106 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
2107 | Reported-by: Dmitry Vyukov <dvyukov@google.com> | |
2108 | Cc: Dmitry Vyukov <dvyukov@google.com> | |
2109 | Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
2110 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
2111 | ||
2112 | net/ipv6/ip6_output.c | 2 ++ | |
2113 | 1 files changed, 2 insertions(+), 0 deletions(-) | |
2114 | ||
2115 | commit f074980442c7c3ff4a75c711ff18204dfb4131b8 | |
2116 | Author: Brad Spengler <spender@grsecurity.net> | |
2117 | Date: Thu Oct 29 18:19:02 2015 -0400 | |
2118 | ||
2119 | Revert "ipv6: protect mtu calculation of wrap-around and infinite loop by rounding issues" | |
2120 | ||
2121 | This reverts commit 18d5034650b637ec479f41d98e3912398b3e3efc. | |
2122 | ||
2123 | net/ipv6/ip6_output.c | 6 +----- | |
2124 | 1 files changed, 1 insertions(+), 5 deletions(-) | |
2125 | ||
2126 | commit 53e629c2d13ed09f4c889925482606f82a65bd1d | |
2127 | Author: Brad Spengler <spender@grsecurity.net> | |
2128 | Date: Thu Oct 29 18:18:55 2015 -0400 | |
2129 | ||
2130 | Revert "overflow-arith: begin to add support for overflow builtin functions" | |
2131 | ||
2132 | This reverts commit cfd0008de8db38841f7f06b979482900994717b9. | |
2133 | ||
2134 | Conflicts: | |
2135 | ||
2136 | include/linux/compiler-gcc.h | |
2137 | ||
2138 | include/linux/compiler-gcc.h | 4 ---- | |
2139 | include/linux/overflow-arith.h | 18 ------------------ | |
2140 | 2 files changed, 0 insertions(+), 22 deletions(-) | |
2141 | ||
2142 | commit 225122602b5b7fd58ec5c2a4a1a4a9a29fe7a02a | |
2143 | Author: Brad Spengler <spender@grsecurity.net> | |
2144 | Date: Thu Oct 29 09:00:11 2015 -0400 | |
2145 | ||
2146 | Update size_overflow plugin | |
2147 | ||
2148 | .../size_overflow_plugin/intentional_overflow.c | 3 +++ | |
2149 | .../size_overflow_plugin/size_overflow_plugin.c | 2 +- | |
2150 | 2 files changed, 4 insertions(+), 1 deletions(-) | |
2151 | ||
c3f73f4b PK |
2152 | commit 2bf85cb1c3df45d59d8b59aeacf63cbbee360175 |
2153 | Author: Brad Spengler <spender@grsecurity.net> | |
2154 | Date: Thu Oct 29 08:52:07 2015 -0400 | |
2155 | ||
2156 | Temporarily disable the builtin_overflow again as the kernexec plugin also has problems with it | |
2157 | ||
2158 | include/linux/compiler-gcc.h | 2 +- | |
2159 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
2160 | ||
d60a514c PK |
2161 | commit a41c8c4d880b6005e874bf5440e24713da8483cd |
2162 | Author: Brad Spengler <spender@grsecurity.net> | |
2163 | Date: Wed Oct 28 19:28:30 2015 -0400 | |
2164 | ||
2165 | temporarily work around issue with the dynamic FPU state and lazy FPU mode | |
2166 | upstream configures FPU mode based on the eagerfpu variable before it's ever actually | |
2167 | set by the commandline parser (so eagerfpu= on the commandline has no effect) | |
2168 | ||
2169 | arch/x86/kernel/fpu/init.c | 3 +++ | |
2170 | 1 files changed, 3 insertions(+), 0 deletions(-) | |
2171 | ||
2172 | commit 8452f9d5cfabda9228496050a16bc8728c0ebbb7 | |
2173 | Author: Brad Spengler <spender@grsecurity.net> | |
2174 | Date: Wed Oct 28 19:25:55 2015 -0400 | |
2175 | ||
2176 | Remove/reorder some code due to the reverting of the FPU-state-in-task_struct code | |
2177 | ||
2178 | arch/x86/include/asm/fpu/types.h | 69 ++++++++++++++++++-------------------- | |
2179 | arch/x86/include/asm/processor.h | 10 ++---- | |
2180 | arch/x86/kernel/fpu/init.c | 20 ----------- | |
2181 | include/linux/sched.h | 4 +- | |
2182 | 4 files changed, 38 insertions(+), 65 deletions(-) | |
2183 | ||
2184 | commit c2127bd4215f8f02a1391bef3bde55d0bb1c19bc | |
2185 | Author: Brad Spengler <spender@grsecurity.net> | |
2186 | Date: Tue Oct 27 23:38:11 2015 -0400 | |
2187 | ||
2188 | fix typo | |
2189 | ||
2190 | tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 2 +- | |
2191 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
2192 | ||
2193 | commit c588def7b5713c31fef2b848bfebf0d727791b82 | |
2194 | Author: Brad Spengler <spender@grsecurity.net> | |
2195 | Date: Tue Oct 27 21:09:04 2015 -0400 | |
2196 | ||
2197 | remove the PAGE_SIZE padding from fpregs_state since it's not included as part | |
2198 | of the task struct | |
2199 | ||
2200 | arch/x86/include/asm/fpu/types.h | 1 - | |
2201 | 1 files changed, 0 insertions(+), 1 deletions(-) | |
2202 | ||
2203 | commit 3bd1e5915353fee1f347577f0e80d925910695f9 | |
2204 | Author: Herbert Xu <herbert@gondor.apana.org.au> | |
2205 | Date: Mon Oct 19 18:23:57 2015 +0800 | |
2206 | ||
2207 | crypto: api - Only abort operations on fatal signal | |
2208 | ||
2209 | Currently a number of Crypto API operations may fail when a signal | |
2210 | occurs. This causes nasty problems as the caller of those operations | |
2211 | are often not in a good position to restart the operation. | |
2212 | ||
2213 | In fact there is currently no need for those operations to be | |
2214 | interrupted by user signals at all. All we need is for them to | |
2215 | be killable. | |
2216 | ||
2217 | This patch replaces the relevant calls of signal_pending with | |
2218 | fatal_signal_pending, and wait_for_completion_interruptible with | |
2219 | wait_for_completion_killable, respectively. | |
2220 | ||
2221 | Cc: stable@vger.kernel.org | |
2222 | Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | |
2223 | ||
2224 | crypto/ablkcipher.c | 2 +- | |
2225 | crypto/algapi.c | 2 +- | |
2226 | crypto/api.c | 6 +++--- | |
2227 | crypto/crypto_user.c | 2 +- | |
2228 | 4 files changed, 6 insertions(+), 6 deletions(-) | |
2229 | ||
2230 | commit 2b278f02de77bd3d0ffb4c64bc56b702d4e27e49 | |
2231 | Author: Brad Spengler <spender@grsecurity.net> | |
2232 | Date: Tue Oct 27 18:02:42 2015 -0400 | |
2233 | ||
2234 | Update a comment | |
2235 | ||
2236 | arch/x86/include/asm/fpu/internal.h | 2 +- | |
2237 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
2238 | ||
2239 | commit 66cbab70d87485c22946485bfd375c3e88140213 | |
2240 | Merge: cad84c5 8610c94 | |
2241 | Author: Brad Spengler <spender@grsecurity.net> | |
2242 | Date: Tue Oct 27 07:44:23 2015 -0400 | |
2243 | ||
2244 | Merge branch 'pax-test' into grsec-test | |
2245 | ||
2246 | commit 8610c949a76ac2a09b334f41c35cb8e7a04a0ce8 | |
2247 | Merge: a851b41 f69d603 | |
2248 | Author: Brad Spengler <spender@grsecurity.net> | |
2249 | Date: Tue Oct 27 07:44:14 2015 -0400 | |
2250 | ||
2251 | Merge branch 'linux-4.2.y' into pax-test | |
2252 | ||
2253 | commit cad84c52f547c8ba47ddcf39d1f260f55350f0c2 | |
2254 | Author: Brad Spengler <spender@grsecurity.net> | |
2255 | Date: Mon Oct 26 07:33:21 2015 -0400 | |
2256 | ||
2257 | re-enable builtin_overflow support | |
2258 | ||
2259 | include/linux/compiler-gcc.h | 3 +-- | |
2260 | 1 files changed, 1 insertions(+), 2 deletions(-) | |
2261 | ||
2262 | commit 6e281aebbf456c27ce530055d5668bc5829c02a8 | |
2263 | Author: Brad Spengler <spender@grsecurity.net> | |
2264 | Date: Mon Oct 26 07:32:15 2015 -0400 | |
2265 | ||
2266 | Update the size_overflow plugin from Emese to fix the ICE on builtin_overflow use | |
2267 | ||
2268 | tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 3 ++- | |
2269 | .../size_overflow_plugin/size_overflow_plugin.c | 2 +- | |
2270 | 2 files changed, 3 insertions(+), 2 deletions(-) | |
2271 | ||
2272 | commit 75ed97df02fc6eb862df511da6ca690de3d0f15c | |
2273 | Author: Brad Spengler <spender@grsecurity.net> | |
2274 | Date: Mon Oct 26 07:17:00 2015 -0400 | |
2275 | ||
2276 | Fix from Emese for a size_overflow report in the fbcon code on the | |
2277 | 'softback_lines' global variable | |
2278 | ||
2279 | drivers/video/console/fbcon.c | 2 +- | |
2280 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
2281 | ||
134f4180 PK |
2282 | commit b088cabd42c6fe825baa27f40ab450ad75e571d3 |
2283 | Author: Brad Spengler <spender@grsecurity.net> | |
2284 | Date: Sun Oct 25 18:09:55 2015 -0400 | |
2285 | ||
2286 | Temporarily work around an ICE on GCC >= 5 reported by Daniel Micay due to | |
2287 | backporting of __builtin_usub_overflow | |
2288 | ||
2289 | include/linux/compiler-gcc.h | 3 ++- | |
2290 | 1 files changed, 2 insertions(+), 1 deletions(-) | |
2291 | ||
2292 | commit ba858f46865c6751af3ddba03b176e4d5ecf85c1 | |
2293 | Author: Brad Spengler <spender@grsecurity.net> | |
2294 | Date: Sun Oct 25 17:59:17 2015 -0400 | |
2295 | ||
2296 | Update size_overflow hash table | |
2297 | ||
2298 | .../disable_size_overflow_hash.data | 7 +++++++ | |
2299 | .../size_overflow_plugin/size_overflow_hash.data | 9 +-------- | |
2300 | 2 files changed, 8 insertions(+), 8 deletions(-) | |
2301 | ||
2302 | commit ba803bceaea0283b38e91c1d3176bf0671786269 | |
2303 | Author: Brad Spengler <spender@grsecurity.net> | |
2304 | Date: Sun Oct 25 15:31:17 2015 -0400 | |
2305 | ||
2306 | Fix oversight in pipacs' removal of FPU state from the task struct: | |
2307 | fpu_copy was performing an OOB copy starting from the address of the 'state' | |
2308 | pointer in the fpu struct instead of starting from the address pointed | |
2309 | to by the state pointer. Reported at: | |
2310 | https://bugs.archlinux.org/task/46764 | |
2311 | ||
2312 | arch/x86/include/asm/fpu/internal.h | 4 ++-- | |
2313 | arch/x86/kernel/fpu/core.c | 2 +- | |
2314 | 2 files changed, 3 insertions(+), 3 deletions(-) | |
2315 | ||
46c36e49 PK |
2316 | commit 26e7d31c5b5c970c50297d2b8be165e9c9ab9d83 |
2317 | Merge: 85d8735 a851b41 | |
2318 | Author: Brad Spengler <spender@grsecurity.net> | |
2319 | Date: Sun Oct 25 13:39:21 2015 -0400 | |
2320 | ||
2321 | Merge branch 'pax-test' into grsec-test | |
2322 | ||
2323 | commit a851b41415a0402d76f10712b6950ddff3872a22 | |
2324 | Author: Brad Spengler <spender@grsecurity.net> | |
2325 | Date: Sun Oct 25 13:38:25 2015 -0400 | |
2326 | ||
2327 | Update to latest size_overflow plugin release: | |
2328 | Temporarily ignore bitfield types: https://bugs.archlinux.org/task/46798 | |
2329 | Use SI or wider type for the size_overflow type: https://forums.grsecurity.net/viewtopic.php?t=4293&p=15655#p15655 | |
2330 | ||
2331 | .../size_overflow_plugin/intentional_overflow.c | 3 +++ | |
2332 | .../size_overflow_plugin/size_overflow_plugin.c | 2 +- | |
2333 | .../size_overflow_plugin/size_overflow_transform.c | 7 +++++++ | |
2334 | .../size_overflow_transform_core.c | 2 -- | |
2335 | 4 files changed, 11 insertions(+), 3 deletions(-) | |
2336 | ||
2337 | commit 85d8735a1d1190e3ad2e3f032ae88f811090fdfc | |
2338 | Author: Brad Spengler <spender@grsecurity.net> | |
2339 | Date: Sun Oct 25 13:01:32 2015 -0400 | |
2340 | ||
2341 | fpu doesn't live on the task_struct with PaX, so don't even bother computing some task_size | |
2342 | variable that isn't used for anything | |
2343 | ||
2344 | arch/x86/kernel/fpu/init.c | 14 -------------- | |
2345 | 1 files changed, 0 insertions(+), 14 deletions(-) | |
2346 | ||
2347 | commit cfd0008de8db38841f7f06b979482900994717b9 | |
2348 | Author: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
2349 | Date: Fri Oct 16 11:32:42 2015 +0200 | |
2350 | ||
2351 | overflow-arith: begin to add support for overflow builtin functions | |
2352 | ||
2353 | The idea of the overflow-arith.h header is to collect overflow checking | |
2354 | functions in one central place. | |
2355 | ||
2356 | If gcc compiler supports the __builtin_overflow_* builtins we use them | |
2357 | because they might give better performance, otherwise the code falls | |
2358 | back to normal overflow checking functions. | |
2359 | ||
2360 | The builtin_overflow functions are supported by gcc-5 and clang. The | |
2361 | matter of supporting clang is to just provide a corresponding | |
2362 | CC_HAVE_BUILTIN_OVERFLOW, because the specific overflow checking builtins | |
2363 | don't differ between gcc and clang. | |
2364 | ||
2365 | I just provide overflow_usub function here as I intend this to get merged | |
2366 | into net, more functions will definitely follow as they are needed. | |
2367 | ||
2368 | Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
2369 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
2370 | ||
2371 | include/linux/compiler-gcc.h | 4 ++++ | |
2372 | include/linux/overflow-arith.h | 18 ++++++++++++++++++ | |
2373 | 2 files changed, 22 insertions(+), 0 deletions(-) | |
2374 | ||
2375 | commit 18d5034650b637ec479f41d98e3912398b3e3efc | |
2376 | Author: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
2377 | Date: Fri Oct 16 11:32:43 2015 +0200 | |
2378 | ||
2379 | ipv6: protect mtu calculation of wrap-around and infinite loop by rounding issues | |
2380 | ||
2381 | Raw sockets with hdrincl enabled can insert ipv6 extension headers | |
2382 | right into the data stream. In case we need to fragment those packets, | |
2383 | we reparse the options header to find the place where we can insert | |
2384 | the fragment header. If the extension headers exceed the link's MTU we | |
2385 | actually cannot make progress in such a case. | |
2386 | ||
2387 | Instead of ending up in broken arithmetic or rounding towards 0 and | |
2388 | entering an endless loop in ip6_fragment, just prevent those cases by | |
2389 | aborting early and signal -EMSGSIZE to user space. | |
2390 | ||
2391 | Reported-by: Dmitry Vyukov <dvyukov@google.com> | |
2392 | Cc: Dmitry Vyukov <dvyukov@google.com> | |
2393 | Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
2394 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
2395 | ||
2396 | net/ipv6/ip6_output.c | 6 +++++- | |
2397 | 1 files changed, 5 insertions(+), 1 deletions(-) | |
2398 | ||
2399 | commit 0e1d1c0f1981b4049a70d23dce4c69daf19f020b | |
2400 | Merge: c81314c 9470e78 | |
2401 | Author: Brad Spengler <spender@grsecurity.net> | |
2402 | Date: Sun Oct 25 11:51:44 2015 -0400 | |
2403 | ||
2404 | Merge branch 'pax-test' into grsec-test | |
2405 | ||
2406 | commit 9470e7893a9a1bf15f9b7d412dc09bebb59105e8 | |
2407 | Author: Brad Spengler <spender@grsecurity.net> | |
2408 | Date: Sun Oct 25 11:50:54 2015 -0400 | |
2409 | ||
2410 | Temporary squelching of overflow warning on skb_transport_offset(), will be fixed properly after H2HC | |
2411 | ||
2412 | include/linux/skbuff.h | 2 +- | |
2413 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
2414 | ||
2415 | commit c81314ce278e9cfa3322881a6133c2c7e53b9430 | |
2416 | Author: Brad Spengler <spender@grsecurity.net> | |
2417 | Date: Sat Oct 24 23:13:36 2015 -0400 | |
2418 | ||
2419 | Update recordmcount/fixdep paths in RPM spec, from Andrew | |
2420 | ||
2421 | scripts/package/mkspec | 4 ++-- | |
2422 | 1 files changed, 2 insertions(+), 2 deletions(-) | |
2423 | ||
2424 | commit 798e4296bd55778b5e77f1db69c1bb972419590f | |
2425 | Author: Brad Spengler <spender@grsecurity.net> | |
2426 | Date: Sat Oct 24 23:11:22 2015 -0400 | |
2427 | ||
2428 | Update size_overflow hash table | |
2429 | ||
2430 | .../disable_size_overflow_hash.data | 3 +++ | |
2431 | .../size_overflow_plugin/size_overflow_hash.data | 5 +---- | |
2432 | 2 files changed, 4 insertions(+), 4 deletions(-) | |
2433 | ||
68b0b791 PK |
2434 | commit d9ef04f20fc634595883d1c1950c32a8fe04df22 |
2435 | Author: Brad Spengler <spender@grsecurity.net> | |
2436 | Date: Sat Oct 24 08:27:29 2015 -0400 | |
2437 | ||
2438 | Fix from Emese for https://forums.grsecurity.net/viewtopic.php?f=3&t=4291 | |
2439 | ||
2440 | drivers/usb/class/cdc-acm.h | 2 +- | |
2441 | include/linux/usb.h | 8 ++++---- | |
2442 | 2 files changed, 5 insertions(+), 5 deletions(-) | |
2443 | ||
2444 | commit eea46f1d247f5f63e3762da91a41cba76567800f | |
2445 | Author: Brad Spengler <spender@grsecurity.net> | |
2446 | Date: Fri Oct 23 18:24:57 2015 -0400 | |
2447 | ||
2448 | Update size_overflow hash tables | |
2449 | ||
2450 | .../disable_size_overflow_hash.data | 5 ++++- | |
2451 | .../size_overflow_plugin/size_overflow_hash.data | 5 +---- | |
2452 | 2 files changed, 5 insertions(+), 5 deletions(-) | |
2453 | ||
31a7c07c PK |
2454 | commit 8f521b864bd7428f3ad42613416c106d1d619c4d |
2455 | Merge: 26adf00 285f0d1 | |
2456 | Author: Brad Spengler <spender@grsecurity.net> | |
2457 | Date: Thu Oct 22 19:41:57 2015 -0400 | |
2458 | ||
2459 | Merge branch 'pax-test' into grsec-test | |
2460 | ||
2461 | Conflicts: | |
2462 | drivers/gpu/drm/drm_lock.c | |
2463 | ||
2464 | commit 285f0d1cda31b45ee217b90861677c032cb6550b | |
2465 | Merge: d6dc25f 190bd21 | |
2466 | Author: Brad Spengler <spender@grsecurity.net> | |
2467 | Date: Thu Oct 22 19:40:34 2015 -0400 | |
2468 | ||
2469 | Merge branch 'linux-4.2.y' into pax-test | |
2470 | ||
2471 | Conflicts: | |
2472 | arch/x86/kernel/process_64.c | |
2473 | ||
2474 | commit 26adf00caf8f4ebf155422082d4e8b8e4eb60eef | |
2475 | Author: Eric W. Biederman <ebiederm@xmission.com> | |
2476 | Date: Sat Aug 15 13:36:12 2015 -0500 | |
2477 | ||
2478 | dcache: Handle escaped paths in prepend_path | |
2479 | ||
2480 | A rename can result in a dentry that by walking up d_parent | |
2481 | will never reach it's mnt_root. For lack of a better term | |
2482 | I call this an escaped path. | |
2483 | ||
2484 | prepend_path is called by four different functions __d_path, | |
2485 | d_absolute_path, d_path, and getcwd. | |
2486 | ||
2487 | __d_path only wants to see paths are connected to the root it passes | |
2488 | in. So __d_path needs prepend_path to return an error. | |
2489 | ||
2490 | d_absolute_path similarly wants to see paths that are connected to | |
2491 | some root. Escaped paths are not connected to any mnt_root so | |
2492 | d_absolute_path needs prepend_path to return an error greater | |
2493 | than 1. So escaped paths will be treated like paths on lazily | |
2494 | unmounted mounts. | |
2495 | ||
2496 | getcwd needs to prepend "(unreachable)" so getcwd also needs | |
2497 | prepend_path to return an error. | |
2498 | ||
2499 | d_path is the interesting hold out. d_path just wants to print | |
2500 | something, and does not care about the weird cases. Which raises | |
2501 | the question what should be printed? | |
2502 | ||
2503 | Given that <escaped_path>/<anything> should result in -ENOENT I | |
2504 | believe it is desirable for escaped paths to be printed as empty | |
2505 | paths. As there are not really any meaninful path components when | |
2506 | considered from the perspective of a mount tree. | |
2507 | ||
2508 | So tweak prepend_path to return an empty path with an new error | |
2509 | code of 3 when it encounters an escaped path. | |
2510 | ||
2511 | Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> | |
2512 | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> | |
2513 | ||
2514 | fs/dcache.c | 7 +++++++ | |
2515 | 1 files changed, 7 insertions(+), 0 deletions(-) | |
2516 | ||
2517 | commit d402147a7689356c29bfd46a7cfa6594e517ab95 | |
2518 | Author: Salva Peiró <speirofr@gmail.com> | |
2519 | Date: Wed Oct 14 17:48:02 2015 +0200 | |
2520 | ||
2521 | staging/dgnc: fix info leak in ioctl | |
2522 | ||
2523 | The dgnc_mgmt_ioctl() code fails to initialize the 16 _reserved bytes of | |
2524 | struct digi_dinfo after the ->dinfo_nboards member. Add an explicit | |
2525 | memset(0) before filling the structure to avoid the info leak. | |
2526 | ||
2527 | Signed-off-by: Salva Peiró <speirofr@gmail.com> | |
2528 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
2529 | ||
2530 | drivers/staging/dgnc/dgnc_mgmt.c | 1 + | |
2531 | 1 files changed, 1 insertions(+), 0 deletions(-) | |
2532 | ||
2533 | commit bafc510c4fb4e8a5e69531fdc3a733e58c4bbdbf | |
2534 | Author: Salva Peiró <speirofr@gmail.com> | |
2535 | Date: Wed Oct 7 07:09:26 2015 -0300 | |
2536 | ||
2537 | [media] media/vivid-osd: fix info leak in ioctl | |
2538 | ||
2539 | The vivid_fb_ioctl() code fails to initialize the 16 _reserved bytes of | |
2540 | struct fb_vblank after the ->hcount member. Add an explicit | |
2541 | memset(0) before filling the structure to avoid the info leak. | |
2542 | ||
2543 | Signed-off-by: Salva Peiró <speirofr@gmail.com> | |
2544 | Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com> | |
2545 | Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com> | |
2546 | ||
2547 | drivers/media/platform/vivid/vivid-osd.c | 1 + | |
2548 | 1 files changed, 1 insertions(+), 0 deletions(-) | |
2549 | ||
2550 | commit 980a903796ae06366fd5acbcd179ee2dc57fbabf | |
2551 | Author: David Howells <dhowells@redhat.com> | |
2552 | Date: Mon Oct 19 11:20:28 2015 +0100 | |
2553 | ||
2554 | KEYS: Don't permit request_key() to construct a new keyring | |
2555 | ||
2556 | If request_key() is used to find a keyring, only do the search part - don't | |
2557 | do the construction part if the keyring was not found by the search. We | |
2558 | don't really want keyrings in the negative instantiated state since the | |
2559 | rejected/negative instantiation error value in the payload is unioned with | |
2560 | keyring metadata. | |
2561 | ||
2562 | Now the kernel gives an error: | |
2563 | ||
2564 | request_key("keyring", "#selinux,bdekeyring", "keyring", KEY_SPEC_USER_SESSION_KEYRING) = -1 EPERM (Operation not permitted) | |
2565 | ||
2566 | Signed-off-by: David Howells <dhowells@redhat.com> | |
2567 | ||
2568 | security/keys/request_key.c | 3 +++ | |
2569 | 1 files changed, 3 insertions(+), 0 deletions(-) | |
2570 | ||
2571 | commit f705c157ed6f8a9c4c0cf552fd5f054d9d500550 | |
2572 | Author: Dan Carpenter <dan.carpenter@oracle.com> | |
2573 | Date: Mon Oct 19 13:16:49 2015 +0300 | |
2574 | ||
2575 | irda: precedence bug in irlmp_seq_hb_idx() | |
2576 | ||
2577 | This is decrementing the pointer, instead of the value stored in the | |
2578 | pointer. KASan detects it as an out of bounds reference. | |
2579 | ||
2580 | Reported-by: "Berry Cheng 程君(成淼)" <chengmiao.cj@alibaba-inc.com> | |
2581 | Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> | |
2582 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
2583 | ||
2584 | net/irda/irlmp.c | 2 +- | |
2585 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
2586 | ||
dc085147 PK |
2587 | commit 4a110451298bfce895ed224e6bbd9201d8605b2b |
2588 | Author: Brad Spengler <spender@grsecurity.net> | |
2589 | Date: Tue Oct 20 19:25:13 2015 -0400 | |
2590 | ||
2591 | Ratelimit the dump_stack as well, both to 15s with a burst of 3, enough not to completely | |
2592 | flood syslog | |
2593 | ||
2594 | fs/exec.c | 11 +++++++++-- | |
2595 | 1 files changed, 9 insertions(+), 2 deletions(-) | |
2596 | ||
2597 | commit 183fc2ae7d90e077fd27623998d82916260a2223 | |
2598 | Merge: a240939 d6dc25f | |
2599 | Author: Brad Spengler <spender@grsecurity.net> | |
2600 | Date: Tue Oct 20 19:16:04 2015 -0400 | |
2601 | ||
2602 | Merge branch 'pax-test' into grsec-test | |
2603 | ||
2604 | Conflicts: | |
2605 | tools/gcc/size_overflow_plugin/size_overflow_plugin.c | |
2606 | ||
2607 | commit d6dc25f193a832e08d8e7cf097d7f70b3dc24776 | |
2608 | Author: Brad Spengler <spender@grsecurity.net> | |
2609 | Date: Tue Oct 20 19:14:41 2015 -0400 | |
2610 | ||
2611 | Update to pax-linux-4.2.3-test16.patch: | |
2612 | - fixed undefined integer shift in proc_do_submiturb, reported by Arnaud <arnaud@drno.eu> | |
2613 | - fixed integer underflow in scm_detach_fds (similar to 1ac70e7ad24a88710cf9b6d7ababaefa2b575df0 upstream), reported by kdave (https://forums.grsecurity.net/viewtopic.php?f=1&t=4286) | |
2614 | - Emese added a temporary workaround for miscompiling the ath10k driver, reported by victor | |
2615 | - Emese fixed a false positive that affected the iwlwifi driver among others, reported by victor | |
2616 | - Emese disabled size overflow checking in acpi_ex_do_math_op and on acpi_object_integer, reported by xxterry1xx and rfnx (https://forums.grsecurity.net/viewtopic.php?f=3&t=4287) | |
2617 | ||
2618 | drivers/net/wireless/ath/ath10k/ce.c | 2 +- | |
2619 | drivers/usb/core/devio.c | 2 +- | |
2620 | fs/dlm/lowcomms.c | 2 +- | |
2621 | net/core/scm.c | 6 ++- | |
2622 | .../disable_size_overflow_hash.data | 4 +- | |
2623 | .../size_overflow_plugin/intentional_overflow.c | 44 -------------------- | |
2624 | tools/gcc/size_overflow_plugin/size_overflow.h | 1 - | |
2625 | .../size_overflow_plugin/size_overflow_hash.data | 4 +- | |
2626 | .../size_overflow_plugin/size_overflow_plugin.c | 4 +- | |
2627 | .../size_overflow_plugin/size_overflow_transform.c | 3 - | |
2628 | .../size_overflow_transform_core.c | 6 +++ | |
2629 | 11 files changed, 19 insertions(+), 59 deletions(-) | |
2630 | ||
a129fb97 PK |
2631 | commit a2409394c2b0d97a9f02bf62ca4c0254602e58a6 |
2632 | Author: Brad Spengler <spender@grsecurity.net> | |
2633 | Date: Tue Oct 20 08:58:25 2015 -0400 | |
2634 | ||
2635 | set default to y | |
2636 | ||
2637 | security/Kconfig | 1 + | |
2638 | 1 files changed, 1 insertions(+), 0 deletions(-) | |
2639 | ||
2640 | commit 3abe24117389419654da44adc87a9a03ad7e3f38 | |
2641 | Author: Brad Spengler <spender@grsecurity.net> | |
2642 | Date: Tue Oct 20 08:08:32 2015 -0400 | |
2643 | ||
2644 | Add a new config option from Emese to allow SIZE_OVERFLOW to be enabled | |
2645 | while having it not kill the userland process in an overflow condition. | |
2646 | This will help us obtain reports over the next few weeks while not making | |
2647 | some percentage of users' machines unusable. | |
2648 | ||
2649 | To enable this option, set CONFIG_PAX_SIZE_OVERFLOW_DISABLE_KILL=y in .config | |
2650 | ||
2651 | fs/exec.c | 5 +++++ | |
2652 | security/Kconfig | 4 ++++ | |
2653 | .../size_overflow_plugin/size_overflow_plugin.c | 4 ++-- | |
2654 | 3 files changed, 11 insertions(+), 2 deletions(-) | |
2655 | ||
07330232 PK |
2656 | commit bcae982f720ce0b3463a81f2b72a4807cb89048b |
2657 | Merge: 0e55d80 128d3a5 | |
2658 | Author: Brad Spengler <spender@grsecurity.net> | |
2659 | Date: Mon Oct 19 18:56:09 2015 -0400 | |
2660 | ||
2661 | Merge branch 'pax-test' into grsec-test | |
2662 | ||
2663 | commit 128d3a5452ab001b29235b05eb0be3334fff3998 | |
2664 | Author: Brad Spengler <spender@grsecurity.net> | |
2665 | Date: Mon Oct 19 18:55:37 2015 -0400 | |
2666 | ||
2667 | Update to pax-linux-4.2.3-test14.patch: | |
2668 | - Emese fixed a false positive size overflow report, reported by gus (https://forums.grsecurity.net/viewtopic.php?t=4280) | |
2669 | - fixed an integer sign mixup in usb_stor_invoke_transport, reported by Arnaud <arnaud@drno.eu> | |
2670 | ||
2671 | drivers/usb/storage/transport.c | 2 +- | |
2672 | .../size_overflow_plugin/size_overflow_plugin.c | 2 +- | |
2673 | .../size_overflow_plugin/size_overflow_transform.c | 15 +++- | |
2674 | .../size_overflow_transform_core.c | 90 ++++++++++++++----- | |
2675 | 4 files changed, 81 insertions(+), 28 deletions(-) | |
2676 | ||
ed16389b PK |
2677 | commit 0e55d80a65998266cab71804131a072fcc8ee558 |
2678 | Merge: a61fd15 9c4310f | |
2679 | Author: Brad Spengler <spender@grsecurity.net> | |
2680 | Date: Sat Oct 17 23:15:36 2015 -0400 | |
2681 | ||
2682 | Merge branch 'pax-test' into grsec-test | |
2683 | ||
2684 | commit 9c4310fdb2d19f83affc62eb2698d3763ce8c36b | |
2685 | Author: Brad Spengler <spender@grsecurity.net> | |
2686 | Date: Sat Oct 17 23:15:13 2015 -0400 | |
2687 | ||
2688 | Update to pax-linux-4.2.3-test14.patch: | |
2689 | - reverted some page table hardening that caused too much slowdown under virtualization, reported by quasar366 (https://forums.grsecurity.net/viewtopic.php?f=3&t=4275) | |
2690 | ||
2691 | arch/x86/include/asm/pgtable-2level.h | 18 ++---------------- | |
2692 | arch/x86/include/asm/pgtable-3level.h | 10 ---------- | |
2693 | arch/x86/include/asm/pgtable_32.h | 2 ++ | |
2694 | arch/x86/include/asm/pgtable_64.h | 18 ++---------------- | |
2695 | arch/x86/mm/highmem_32.c | 2 ++ | |
2696 | arch/x86/mm/init_64.c | 2 ++ | |
2697 | arch/x86/mm/iomap_32.c | 4 ++++ | |
2698 | arch/x86/mm/pageattr.c | 4 ++++ | |
2699 | arch/x86/mm/pgtable.c | 2 ++ | |
2700 | arch/x86/mm/pgtable_32.c | 3 +++ | |
2701 | mm/highmem.c | 5 +++++ | |
2702 | mm/vmalloc.c | 7 +++++++ | |
2703 | 12 files changed, 35 insertions(+), 42 deletions(-) | |
2704 | ||
609ac19a PK |
2705 | commit a61fd152e87bd3ed91194b07f6b1fcbcd165093b |
2706 | Merge: 00f1afa db7a8e5 | |
2707 | Author: Brad Spengler <spender@grsecurity.net> | |
2708 | Date: Sat Oct 17 18:33:48 2015 -0400 | |
2709 | ||
2710 | Merge branch 'pax-test' into grsec-test | |
2711 | ||
2712 | commit db7a8e5c284179889014b5929a40298e1b228fbc | |
2713 | Author: Brad Spengler <spender@grsecurity.net> | |
2714 | Date: Sat Oct 17 18:33:22 2015 -0400 | |
2715 | ||
2716 | Update to pax-linux-4.2.3-test13.patch: | |
2717 | - Emese worked around a sign mixup with wiphy.rts_threshold, reported by gus (https://forums.grsecurity.net/viewtopic.php?f=3&t=4278) | |
2718 | ||
2719 | .../disable_size_overflow_hash.data | 2 ++ | |
2720 | .../size_overflow_plugin/size_overflow_hash.data | 2 -- | |
2721 | 2 files changed, 2 insertions(+), 2 deletions(-) | |
2722 | ||
5bf3f0b0 PK |
2723 | commit 00f1afa694317365e9bd6dc77d2e3e96ae3a68ec |
2724 | Merge: 7098385 57dc21d | |
2725 | Author: Brad Spengler <spender@grsecurity.net> | |
2726 | Date: Sat Oct 17 11:04:56 2015 -0400 | |
2727 | ||
2728 | Merge branch 'pax-test' into grsec-test | |
2729 | ||
2730 | commit 57dc21d203a9fa1312a4abc608da5b3644d29078 | |
2731 | Author: Brad Spengler <spender@grsecurity.net> | |
2732 | Date: Sat Oct 17 11:04:34 2015 -0400 | |
2733 | ||
2734 | Update to pax-linux-4.2.3-test12.patch: | |
2735 | - removed size_overflow_hash.data.prev that was left behind by accident | |
2736 | - Emese fixed a false positive overflow report in the megaraid driver due to a gcc limitation, reported by vortex (https://forums.grsecurity.net/viewtopic.php?f=3&t=4277) | |
2737 | ||
2738 | drivers/scsi/megaraid/megaraid_sas.h | 2 +- | |
2739 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
2740 | ||
c84fce4e PK |
2741 | commit 7098385851c43dea6692508c71cd5fbcce3187b2 |
2742 | Merge: bc6d23e 78b0f64 | |
2743 | Author: Brad Spengler <spender@grsecurity.net> | |
2744 | Date: Fri Oct 16 17:45:06 2015 -0400 | |
2745 | ||
2746 | Merge branch 'pax-test' into grsec-test | |
2747 | ||
2748 | Conflicts: | |
2749 | tools/gcc/size_overflow_plugin/intentional_overflow.c | |
2750 | ||
2751 | commit 78b0f643d8d2b870e8ad5df075d4ab79befa4266 | |
2752 | Author: Brad Spengler <spender@grsecurity.net> | |
2753 | Date: Fri Oct 16 17:44:18 2015 -0400 | |
2754 | ||
2755 | Update to pax-linux-4.2.3-test11.patch: | |
2756 | - Emese fixed a few false positives caused by error codes | |
2757 | - simplified the switch_mm code on x86 a bit | |
2758 | ||
2759 | arch/x86/include/asm/mmu_context.h | 118 +++++-------- | |
2760 | include/drm/drm_mm.h | 2 +- | |
2761 | .../size_overflow_plugin/intentional_overflow.c | 11 +- | |
2762 | tools/gcc/size_overflow_plugin/size_overflow.h | 19 ++- | |
2763 | .../size_overflow_plugin/size_overflow_plugin.c | 2 +- | |
2764 | .../size_overflow_plugin/size_overflow_transform.c | 178 +++++++++----------- | |
2765 | .../size_overflow_transform_core.c | 31 ++-- | |
2766 | 7 files changed, 169 insertions(+), 192 deletions(-) | |
2767 | ||
2768 | commit bc6d23e3408e389f8a96134f6bc915e9fc8b370b | |
2769 | Author: Brad Spengler <spender@grsecurity.net> | |
2770 | Date: Fri Oct 16 17:28:54 2015 -0400 | |
2771 | ||
2772 | Update rpm devel spec, thanks to Andrew | |
2773 | ||
2774 | scripts/package/mkspec | 3 +++ | |
2775 | 1 files changed, 3 insertions(+), 0 deletions(-) | |
2776 | ||
2777 | commit b3f30cb9207a72a6aa4a78f23f8c5353be0bb27b | |
2778 | Author: Brad Spengler <spender@grsecurity.net> | |
2779 | Date: Thu Oct 15 20:10:56 2015 -0400 | |
2780 | ||
2781 | disable tracing support with GRKERNSEC_KMEM (it forces debugfs support on) | |
2782 | ||
2783 | kernel/trace/Kconfig | 2 +- | |
2784 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
2785 | ||
2786 | commit 82a0c12587f14add438ddf3b558e2278fcb7a387 | |
2787 | Author: Brad Spengler <spender@grsecurity.net> | |
2788 | Date: Thu Oct 15 19:19:43 2015 -0400 | |
2789 | ||
2790 | Force DEBUG_FS off the hard way, since 'select' can cause it to be | |
2791 | inadvertently enabled. Add a backup check that fails the build if | |
2792 | GRKERNSEC_KMEM is enabled with DEBUG_FS | |
2793 | Ditto for PROC_PAGE_MONITOR | |
2794 | ||
2795 | arch/arc/Kconfig | 1 + | |
2796 | arch/arm/Kconfig.debug | 1 + | |
2797 | arch/arm64/Kconfig.debug | 1 + | |
2798 | arch/blackfin/Kconfig.debug | 1 + | |
2799 | arch/s390/Kconfig.debug | 1 + | |
2800 | arch/x86/Kconfig.debug | 2 ++ | |
2801 | drivers/iommu/Kconfig | 1 + | |
2802 | drivers/md/bcache/Kconfig | 1 + | |
2803 | drivers/net/wireless/ath/ath9k/Kconfig | 1 - | |
2804 | include/linux/grsecurity.h | 6 ++++++ | |
2805 | init/Kconfig | 1 + | |
2806 | kernel/trace/Kconfig | 2 ++ | |
2807 | lib/Kconfig.debug | 6 +++++- | |
2808 | mm/Kconfig | 3 +++ | |
2809 | net/sunrpc/Kconfig | 1 + | |
2810 | 15 files changed, 27 insertions(+), 2 deletions(-) | |
2811 | ||
2812 | commit 1b6f8fc8b8100292647638c713326776a0865705 | |
2813 | Author: Brad Spengler <spender@grsecurity.net> | |
2814 | Date: Thu Oct 15 17:58:59 2015 -0400 | |
2815 | ||
2816 | Force DEBUG_FS off in the kernel config, even having it present is a security | |
2817 | risk | |
2818 | ||
2819 | Conflicts: | |
2820 | ||
2821 | lib/Kconfig.debug | |
2822 | ||
2823 | lib/Kconfig.debug | 1 + | |
2824 | 1 files changed, 1 insertions(+), 0 deletions(-) | |
2825 | ||
2826 | commit 21057fc30571f96aa46acf8922417311905d0f2b | |
2827 | Author: Brad Spengler <spender@grsecurity.net> | |
2828 | Date: Thu Oct 15 08:15:33 2015 -0400 | |
2829 | ||
2830 | Backport fix from: https://patchwork.kernel.org/patch/6853351/ | |
2831 | The debug_read_tlb() uses the sprintf() functions directly on the buffer | |
2832 | allocated by buf = kmalloc(count), without taking into account the size | |
2833 | of the buffer, with the consequence corrupting the heap, depending on | |
2834 | the count requested by the user. | |
2835 | ||
2836 | The patch fixes the issue replacing sprintf() by seq_printf(). | |
2837 | ||
2838 | Signed-off-by: Salva Peiró <speirofr@gmail.com> | |
2839 | ||
2840 | drivers/iommu/omap-iommu-debug.c | 26 +++++++------------------- | |
2841 | drivers/iommu/omap-iommu.c | 28 +++++++++++----------------- | |
2842 | drivers/iommu/omap-iommu.h | 3 +-- | |
2843 | 3 files changed, 19 insertions(+), 38 deletions(-) | |
2844 | ||
2845 | commit ba936d19274485bad900a69d679878a50faa50aa | |
2846 | Author: Joe Perches <joe@perches.com> | |
2847 | Date: Wed Oct 14 01:09:40 2015 -0700 | |
2848 | ||
2849 | ethtool: Use kcalloc instead of kmalloc for ethtool_get_strings | |
2850 | ||
2851 | It seems that kernel memory can leak into userspace by a | |
2852 | kmalloc, ethtool_get_strings, then copy_to_user sequence. | |
2853 | ||
2854 | Avoid this by using kcalloc to zero fill the copied buffer. | |
2855 | ||
2856 | Signed-off-by: Joe Perches <joe@perches.com> | |
2857 | Acked-by: Ben Hutchings <ben@decadent.org.uk> | |
2858 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
2859 | ||
2860 | net/core/ethtool.c | 2 +- | |
2861 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
2862 | ||
2863 | commit bae0a8209962cede6a0d486cf2414cac1747f91b | |
2864 | Author: Brad Spengler <spender@grsecurity.net> | |
2865 | Date: Wed Oct 14 19:54:27 2015 -0400 | |
2866 | ||
2867 | Update size_overflow hash table | |
2868 | ||
2869 | .../size_overflow_plugin/size_overflow_hash.data | 53 +++++++++++++++++-- | |
2870 | 1 files changed, 47 insertions(+), 6 deletions(-) | |
2871 | ||
2872 | commit 1d840cc98b8f9b62d3c906ae24385f79c9131e29 | |
2873 | Author: Brad Spengler <spender@grsecurity.net> | |
2874 | Date: Wed Oct 14 19:50:48 2015 -0400 | |
2875 | ||
2876 | Update size_overflow hash table | |
2877 | ||
2878 | .../size_overflow_plugin/size_overflow_hash.data | 1 + | |
2879 | 1 files changed, 1 insertions(+), 0 deletions(-) | |
2880 | ||
2881 | commit fca9b7af6aebd1d80f364d6d849470e917919004 | |
2882 | Author: Brad Spengler <spender@grsecurity.net> | |
2883 | Date: Wed Oct 14 19:47:21 2015 -0400 | |
2884 | ||
2885 | Update size_overflow hash table | |
2886 | ||
2887 | .../size_overflow_plugin/size_overflow_hash.data | 300 ++++++++++++++++---- | |
2888 | 1 files changed, 244 insertions(+), 56 deletions(-) | |
2889 | ||
2890 | commit 07cadc277ba83222698c99091c7da2c28275981f | |
2891 | Author: Brad Spengler <spender@grsecurity.net> | |
2892 | Date: Wed Oct 14 19:39:44 2015 -0400 | |
2893 | ||
2894 | squelch some informational messages only used by Emese | |
2895 | ||
2896 | .../size_overflow_plugin/intentional_overflow.c | 6 +++--- | |
2897 | 1 files changed, 3 insertions(+), 3 deletions(-) | |
2898 | ||
2899 | commit 77eeeac20bde1e0ebd72efe0f7b5c52786411bc7 | |
2900 | Author: Brad Spengler <spender@grsecurity.net> | |
2901 | Date: Wed Oct 14 19:15:56 2015 -0400 | |
2902 | ||
2903 | Re-enable size_overflow | |
2904 | ||
2905 | security/Kconfig | 1 - | |
2906 | 1 files changed, 0 insertions(+), 1 deletions(-) | |
2907 | ||
2908 | commit cb8efa1fd63be1bbcf5e585396cc0ed562d0c624 | |
2909 | Merge: 913cbf6 4c48a7f | |
2910 | Author: Brad Spengler <spender@grsecurity.net> | |
2911 | Date: Wed Oct 14 17:14:42 2015 -0400 | |
2912 | ||
2913 | Merge branch 'pax-test' into grsec-test | |
2914 | ||
2915 | Conflicts: | |
2916 | tools/gcc/size_overflow_plugin/size_overflow_hash.data | |
2917 | ||
2918 | commit 4c48a7fc8df9310f994708b42fe1102a2943917c | |
2919 | Author: Brad Spengler <spender@grsecurity.net> | |
2920 | Date: Wed Oct 14 17:12:54 2015 -0400 | |
2921 | ||
2922 | Update to pax-linux-4.2.3-test10.patch: | |
2923 | - fixed accidentally dropped csum_partial_copy_generic_to_user entry point for pre-P6 i386 configs, by minipli | |
2924 | - Emese fixed a bunch of false positives with the size overflow plugin, let's see how it goes in the real world :) | |
2925 | ||
2926 | arch/x86/include/asm/processor.h | 2 +- | |
2927 | arch/x86/include/asm/ptrace.h | 8 +- | |
2928 | arch/x86/lib/checksum_32.S | 2 + | |
2929 | arch/x86/xen/mmu.c | 2 +- | |
2930 | drivers/ata/libahci.c | 2 +- | |
2931 | drivers/i2c/busses/i2c-diolan-u2c.c | 2 +- | |
2932 | drivers/oprofile/oprofile_files.c | 2 +- | |
2933 | drivers/spi/spidev.c | 2 +- | |
2934 | drivers/tty/n_tty.c | 2 +- | |
2935 | drivers/usb/core/message.c | 6 +- | |
2936 | fs/binfmt_elf.c | 2 +- | |
2937 | fs/ubifs/io.c | 2 +- | |
2938 | include/drm/drm_mm.h | 2 +- | |
2939 | include/linux/completion.h | 12 +- | |
2940 | include/linux/jiffies.h | 10 +- | |
2941 | include/linux/kernel.h | 2 +- | |
2942 | include/linux/mm.h | 2 +- | |
2943 | include/linux/random.h | 4 +- | |
2944 | include/linux/sched.h | 2 +- | |
2945 | include/linux/usb.h | 2 +- | |
2946 | kernel/sched/completion.c | 6 +- | |
2947 | kernel/time/timer.c | 2 +- | |
2948 | lib/bitmap.c | 2 +- | |
2949 | mm/internal.h | 2 +- | |
2950 | net/sunrpc/svcauth_unix.c | 2 +- | |
2951 | .../disable_size_overflow_hash.data |22980 +++++++++++--------- | |
2952 | .../insert_size_overflow_asm.c | 7 + | |
2953 | .../size_overflow_plugin/intentional_overflow.c | 10 +- | |
2954 | tools/gcc/size_overflow_plugin/size_overflow.h | 29 +- | |
2955 | .../gcc/size_overflow_plugin/size_overflow_debug.c | 20 +- | |
2956 | .../size_overflow_plugin/size_overflow_hash.data |14092 ++++++++---- | |
2957 | tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 252 +- | |
2958 | .../size_overflow_plugin/size_overflow_plugin.c | 2 +- | |
2959 | .../size_overflow_plugin_hash.c | 13 +- | |
2960 | .../size_overflow_plugin/size_overflow_transform.c | 205 +- | |
2961 | .../size_overflow_transform_core.c | 4 +- | |
2962 | 36 files changed, 21958 insertions(+), 15740 deletions(-) | |
2963 | ||
2964 | commit 913cbf6a23fcad570b776b1a5a71242b909c5c99 | |
2965 | Author: Dave Kleikamp <dave.kleikamp@oracle.com> | |
2966 | Date: Mon Oct 5 10:08:51 2015 -0500 | |
2967 | ||
2968 | crypto: sparc - initialize blkcipher.ivsize | |
2969 | ||
2970 | Some of the crypto algorithms write to the initialization vector, | |
2971 | but no space has been allocated for it. This clobbers adjacent memory. | |
2972 | ||
2973 | Cc: stable@vger.kernel.org | |
2974 | Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com> | |
2975 | Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | |
2976 | ||
2977 | arch/sparc/crypto/aes_glue.c | 2 ++ | |
2978 | arch/sparc/crypto/camellia_glue.c | 1 + | |
2979 | arch/sparc/crypto/des_glue.c | 2 ++ | |
2980 | 3 files changed, 5 insertions(+), 0 deletions(-) | |
2981 | ||
ebfb31c7 PK |
2982 | commit 7af7ad1e287067b7ea659dc0dd3e2e355588e246 |
2983 | Author: Brad Spengler <spender@grsecurity.net> | |
2984 | Date: Tue Oct 13 08:03:51 2015 -0400 | |
2985 | ||
2986 | Apply fix by Tejun Heo for upstream bug reported on the forums by Fuxino: | |
2987 | https://forums.grsecurity.net/viewtopic.php?f=3&t=4276#p15570 | |
2988 | ||
2989 | Probably made more easily reproducible via SANITIZE, but we won't know for | |
2990 | sure without a full oops report. | |
2991 | ||
2992 | For some reason even though this patch was marked for 4.2+ stable over a month | |
2993 | ago, it still hasn't hit Greg's tree. | |
2994 | ||
2995 | block/blk-cgroup.c | 3 +++ | |
2996 | 1 files changed, 3 insertions(+), 0 deletions(-) | |
2997 | ||
2998 | commit 8e1f29f9e1af36f71d12213ea6530eb77014c00c | |
2999 | Author: Dmitry Vyukov <dvyukov@google.com> | |
3000 | Date: Thu Sep 17 17:17:10 2015 +0200 | |
3001 | ||
3002 | tty: fix data race on tty_buffer.commit | |
3003 | ||
3004 | Race on buffer data happens when newly committed data is | |
3005 | picked up by an old flush work in the following scenario: | |
3006 | __tty_buffer_request_room does a plain write of tail->commit, | |
3007 | no barriers were executed before that. | |
3008 | At this point flush_to_ldisc reads this new value of commit, | |
3009 | and reads buffer data, no barriers in between. | |
3010 | The committed buffer data is not necessary visible to flush_to_ldisc. | |
3011 | ||
3012 | Similar bug happens when tty_schedule_flip commits data. | |
3013 | ||
3014 | Update commit with smp_store_release and read commit with | |
3015 | smp_load_acquire, as it is commit that signals data readiness. | |
3016 | This is orthogonal to the existing synchronization on tty_buffer.next, | |
3017 | which is required to not dismiss a buffer with unconsumed data. | |
3018 | ||
3019 | The data race was found with KernelThreadSanitizer (KTSAN). | |
3020 | ||
3021 | Signed-off-by: Dmitry Vyukov <dvyukov@google.com> | |
3022 | Reviewed-by: Peter Hurley <peter@hurleysoftware.com> | |
3023 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
3024 | ||
3025 | drivers/tty/tty_buffer.c | 15 ++++++++++++--- | |
3026 | 1 files changed, 12 insertions(+), 3 deletions(-) | |
3027 | ||
3028 | commit d62db216e7182e24317596471c1a3a2a9fb9d1f5 | |
3029 | Author: Peter Hurley <peter@hurleysoftware.com> | |
3030 | Date: Sun Jul 12 20:50:49 2015 -0400 | |
3031 | ||
3032 | tty: Replace smp_rmb/smp_wmb with smp_load_acquire/smp_store_release | |
3033 | ||
3034 | Clarify flip buffer producer/consumer operation; the use of | |
3035 | smp_load_acquire() and smp_store_release() more clearly indicates | |
3036 | which memory access requires a barrier. | |
3037 | ||
3038 | Signed-off-by: Peter Hurley <peter@hurleysoftware.com> | |
3039 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
3040 | ||
3041 | drivers/tty/tty_buffer.c | 10 ++++------ | |
3042 | 1 files changed, 4 insertions(+), 6 deletions(-) | |
3043 | ||
3044 | commit c6bbe8a6097f869b6a3d3c40d456727180573dd9 | |
3045 | Author: Kosuke Tatsukawa <tatsu@ab.jp.nec.com> | |
3046 | Date: Fri Oct 2 08:27:05 2015 +0000 | |
3047 | ||
3048 | tty: fix stall caused by missing memory barrier in drivers/tty/n_tty.c | |
3049 | ||
3050 | My colleague ran into a program stall on a x86_64 server, where | |
3051 | n_tty_read() was waiting for data even if there was data in the buffer | |
3052 | in the pty. kernel stack for the stuck process looks like below. | |
3053 | #0 [ffff88303d107b58] __schedule at ffffffff815c4b20 | |
3054 | #1 [ffff88303d107bd0] schedule at ffffffff815c513e | |
3055 | #2 [ffff88303d107bf0] schedule_timeout at ffffffff815c7818 | |
3056 | #3 [ffff88303d107ca0] wait_woken at ffffffff81096bd2 | |
3057 | #4 [ffff88303d107ce0] n_tty_read at ffffffff8136fa23 | |
3058 | #5 [ffff88303d107dd0] tty_read at ffffffff81368013 | |
3059 | #6 [ffff88303d107e20] __vfs_read at ffffffff811a3704 | |
3060 | #7 [ffff88303d107ec0] vfs_read at ffffffff811a3a57 | |
3061 | #8 [ffff88303d107f00] sys_read at ffffffff811a4306 | |
3062 | #9 [ffff88303d107f50] entry_SYSCALL_64_fastpath at ffffffff815c86d7 | |
3063 | ||
3064 | There seems to be two problems causing this issue. | |
3065 | ||
3066 | First, in drivers/tty/n_tty.c, __receive_buf() stores the data and | |
3067 | updates ldata->commit_head using smp_store_release() and then checks | |
3068 | the wait queue using waitqueue_active(). However, since there is no | |
3069 | memory barrier, __receive_buf() could return without calling | |
3070 | wake_up_interactive_poll(), and at the same time, n_tty_read() could | |
3071 | start to wait in wait_woken() as in the following chart. | |
3072 | ||
3073 | __receive_buf() n_tty_read() | |
3074 | ------------------------------------------------------------------------ | |
3075 | if (waitqueue_active(&tty->read_wait)) | |
3076 | /* Memory operations issued after the | |
3077 | RELEASE may be completed before the | |
3078 | RELEASE operation has completed */ | |
3079 | add_wait_queue(&tty->read_wait, &wait); | |
3080 | ... | |
3081 | if (!input_available_p(tty, 0)) { | |
3082 | smp_store_release(&ldata->commit_head, | |
3083 | ldata->read_head); | |
3084 | ... | |
3085 | timeout = wait_woken(&wait, | |
3086 | TASK_INTERRUPTIBLE, timeout); | |
3087 | ------------------------------------------------------------------------ | |
3088 | ||
3089 | The second problem is that n_tty_read() also lacks a memory barrier | |
3090 | call and could also cause __receive_buf() to return without calling | |
3091 | wake_up_interactive_poll(), and n_tty_read() to wait in wait_woken() | |
3092 | as in the chart below. | |
3093 | ||
3094 | __receive_buf() n_tty_read() | |
3095 | ------------------------------------------------------------------------ | |
3096 | spin_lock_irqsave(&q->lock, flags); | |
3097 | /* from add_wait_queue() */ | |
3098 | ... | |
3099 | if (!input_available_p(tty, 0)) { | |
3100 | /* Memory operations issued after the | |
3101 | RELEASE may be completed before the | |
3102 | RELEASE operation has completed */ | |
3103 | smp_store_release(&ldata->commit_head, | |
3104 | ldata->read_head); | |
3105 | if (waitqueue_active(&tty->read_wait)) | |
3106 | __add_wait_queue(q, wait); | |
3107 | spin_unlock_irqrestore(&q->lock,flags); | |
3108 | /* from add_wait_queue() */ | |
3109 | ... | |
3110 | timeout = wait_woken(&wait, | |
3111 | TASK_INTERRUPTIBLE, timeout); | |
3112 | ------------------------------------------------------------------------ | |
3113 | ||
3114 | There are also other places in drivers/tty/n_tty.c which have similar | |
3115 | calls to waitqueue_active(), so instead of adding many memory barrier | |
3116 | calls, this patch simply removes the call to waitqueue_active(), | |
3117 | leaving just wake_up*() behind. | |
3118 | ||
3119 | This fixes both problems because, even though the memory access before | |
3120 | or after the spinlocks in both wake_up*() and add_wait_queue() can | |
3121 | sneak into the critical section, it cannot go past it and the critical | |
3122 | section assures that they will be serialized (please see "INTER-CPU | |
3123 | ACQUIRING BARRIER EFFECTS" in Documentation/memory-barriers.txt for a | |
3124 | better explanation). Moreover, the resulting code is much simpler. | |
3125 | ||
3126 | Latency measurement using a ping-pong test over a pty doesn't show any | |
3127 | visible performance drop. | |
3128 | ||
3129 | Signed-off-by: Kosuke Tatsukawa <tatsu@ab.jp.nec.com> | |
3130 | Cc: stable@vger.kernel.org | |
3131 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
3132 | ||
3133 | drivers/tty/n_tty.c | 15 +++++---------- | |
3134 | 1 files changed, 5 insertions(+), 10 deletions(-) | |
3135 | ||
3136 | commit 3af2011ac1a085a3e8c57ca3a840aec393b37db3 | |
3137 | Author: Dmitry Vyukov <dvyukov@google.com> | |
3138 | Date: Thu Sep 17 17:17:08 2015 +0200 | |
3139 | ||
3140 | tty: fix data race in flush_to_ldisc | |
3141 | ||
3142 | flush_to_ldisc reads port->itty and checks that it is not NULL, | |
3143 | concurrently release_tty sets port->itty to NULL. It is possible | |
3144 | that flush_to_ldisc loads port->itty once, ensures that it is | |
3145 | not NULL, but then reloads it again and uses. The second load | |
3146 | can already return NULL, which will cause a crash. | |
3147 | ||
3148 | Use READ_ONCE to read port->itty. | |
3149 | ||
3150 | The data race was found with KernelThreadSanitizer (KTSAN). | |
3151 | ||
3152 | Signed-off-by: Dmitry Vyukov <dvyukov@google.com> | |
3153 | Reviewed-by: Peter Hurley <peter@hurleysoftware.com> | |
3154 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
3155 | ||
3156 | drivers/tty/tty_buffer.c | 2 +- | |
3157 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
3158 | ||
3159 | commit 4a433f384b0a5b7e39f969ee8df89c56537d078d | |
3160 | Author: Dmitry Vyukov <dvyukov@google.com> | |
3161 | Date: Thu Sep 17 17:17:09 2015 +0200 | |
3162 | ||
3163 | tty: fix data race in tty_buffer_flush | |
3164 | ||
3165 | tty_buffer_flush frees not acquired buffers. | |
3166 | As the result, for example, read of b->size in tty_buffer_free | |
3167 | can return garbage value which will lead to a huge buffer | |
3168 | hanging in the freelist. This is just the benignest | |
3169 | manifestation of freeing of a not acquired object. | |
3170 | If the object is passed to kfree, heap can be corrupted. | |
3171 | ||
3172 | Acquire visibility over the buffer before freeing it. | |
3173 | ||
3174 | The data race was found with KernelThreadSanitizer (KTSAN). | |
3175 | ||
3176 | Signed-off-by: Dmitry Vyukov <dvyukov@google.com> | |
3177 | Reviewed-by: Peter Hurley <peter@hurleysoftware.com> | |
3178 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
3179 | ||
3180 | drivers/tty/tty_buffer.c | 5 ++++- | |
3181 | 1 files changed, 4 insertions(+), 1 deletions(-) | |
3182 | ||
3183 | commit 1477c439d65debf45ac3164a1615504131fad1ff | |
3184 | Author: Jann Horn <jann@thejh.net> | |
3185 | Date: Sun Oct 4 19:29:12 2015 +0200 | |
3186 | ||
3187 | drivers/tty: require read access for controlling terminal | |
3188 | ||
3189 | This is mostly a hardening fix, given that write-only access to other | |
3190 | users' ttys is usually only given through setgid tty executables. | |
3191 | ||
3192 | Signed-off-by: Jann Horn <jann@thejh.net> | |
3193 | Cc: stable@vger.kernel.org | |
3194 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
3195 | ||
3196 | drivers/tty/tty_io.c | 31 +++++++++++++++++++++++++++---- | |
3197 | 1 files changed, 27 insertions(+), 4 deletions(-) | |
3198 | ||
3199 | commit c2d51348729aa244b827216715db7734daf07155 | |
3200 | Author: Brad Spengler <spender@grsecurity.net> | |
3201 | Date: Mon Oct 12 07:19:03 2015 -0400 | |
3202 | ||
3203 | Don't auto-enable UDEREF on x64 with a VirtualBox host | |
3204 | ||
3205 | Conflicts: | |
3206 | ||
3207 | security/Kconfig | |
3208 | ||
3209 | security/Kconfig | 2 +- | |
3210 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
3211 | ||
cf7c63af PK |
3212 | commit 45ff0fe97624b7133be6f0280ab8fda4610b7937 |
3213 | Merge: ca6828e 1c527d2 | |
3214 | Author: Brad Spengler <spender@grsecurity.net> | |
3215 | Date: Sun Oct 11 17:17:58 2015 -0400 | |
3216 | ||
3217 | Merge branch 'pax-test' into grsec-test | |
3218 | ||
3219 | Conflicts: | |
3220 | arch/x86/mm/pgtable.c | |
3221 | ||
3222 | commit 1c527d25ad2ece4cdb4723047625d96b942a3b91 | |
3223 | Author: Brad Spengler <spender@grsecurity.net> | |
3224 | Date: Sun Oct 11 17:16:49 2015 -0400 | |
3225 | ||
3226 | Update to pax-linux-4.2.3-test9.patch: | |
3227 | - really fixed vsyscall/pvclock regression caused by the recent page table hardening, reported by kamil (https://forums.grsecurity.net/viewtopic.php?f=3&t=4272) and quasar366 (https://forums.grsecurity.net/viewtopic.php?f=3&t=4275) | |
3228 | - fixed a compilation error caused by the above regression, reported by spender | |
3229 | - fixed an arm compilation error, reported by Emese | |
3230 | ||
3231 | arch/arm/kernel/module-plts.c | 7 +------ | |
3232 | arch/x86/mm/pgtable.c | 21 +++++++++++++++++++-- | |
3233 | 2 files changed, 20 insertions(+), 8 deletions(-) | |
3234 | ||
3235 | commit ca6828e73b10b4a7537b16a37c2c0280523171e1 | |
3236 | Author: Trond Myklebust <trond.myklebust@primarydata.com> | |
3237 | Date: Fri Oct 9 13:44:34 2015 -0400 | |
3238 | ||
3239 | namei: results of d_is_negative() should be checked after dentry revalidation | |
3240 | ||
3241 | Leandro Awa writes: | |
3242 | "After switching to version 4.1.6, our parallelized and distributed | |
3243 | workflows now fail consistently with errors of the form: | |
3244 | ||
3245 | T34: ./regex.c:39:22: error: config.h: No such file or directory | |
3246 | ||
3247 | From our 'git bisect' testing, the following commit appears to be the | |
3248 | possible cause of the behavior we've been seeing: commit 766c4cbfacd8" | |
3249 | ||
3250 | Al Viro says: | |
3251 | "What happens is that 766c4cbfacd8 got the things subtly wrong. | |
3252 | ||
3253 | We used to treat d_is_negative() after lookup_fast() as "fall with | |
3254 | ENOENT". That was wrong - checking ->d_flags outside of ->d_seq | |
3255 | protection is unreliable and failing with hard error on what should've | |
3256 | fallen back to non-RCU pathname resolution is a bug. | |
3257 | ||
3258 | Unfortunately, we'd pulled the test too far up and ran afoul of | |
3259 | another kind of staleness. The dentry might have been absolutely | |
3260 | stable from the RCU point of view (and we might be on UP, etc), but | |
3261 | stale from the remote fs point of view. If ->d_revalidate() returns | |
3262 | "it's actually stale", dentry gets thrown away and the original code | |
3263 | wouldn't even have looked at its ->d_flags. | |
3264 | ||
3265 | What we need is to check ->d_flags where 766c4cbfacd8 does (prior to | |
3266 | ->d_seq validation) but only use the result in cases where we do not | |
3267 | discard this dentry outright" | |
3268 | ||
3269 | Reported-by: Leandro Awa <lawa@nvidia.com> | |
3270 | Link: https://bugzilla.kernel.org/show_bug.cgi?id=104911 | |
3271 | Fixes: 766c4cbfacd8 ("namei: d_is_negative() should be checked...") | |
3272 | Tested-by: Leandro Awa <lawa@nvidia.com> | |
3273 | Cc: stable@vger.kernel.org # v4.1+ | |
3274 | Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com> | |
3275 | Acked-by: Al Viro <viro@zeniv.linux.org.uk> | |
3276 | Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | |
3277 | ||
3278 | fs/namei.c | 8 ++++++-- | |
3279 | 1 files changed, 6 insertions(+), 2 deletions(-) | |
3280 | ||
3281 | commit c0181260ce096a814637ad60e45a64c94840fffa | |
3282 | Author: Matt Fleming <matt.fleming@intel.com> | |
3283 | Date: Fri Sep 25 23:02:18 2015 +0100 | |
3284 | ||
3285 | x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime, instead of top-down | |
3286 | ||
3287 | Beginning with UEFI v2.5 EFI_PROPERTIES_TABLE was introduced | |
3288 | that signals that the firmware PE/COFF loader supports splitting | |
3289 | code and data sections of PE/COFF images into separate EFI | |
3290 | memory map entries. This allows the kernel to map those regions | |
3291 | with strict memory protections, e.g. EFI_MEMORY_RO for code, | |
3292 | EFI_MEMORY_XP for data, etc. | |
3293 | ||
3294 | Unfortunately, an unwritten requirement of this new feature is | |
3295 | that the regions need to be mapped with the same offsets | |
3296 | relative to each other as observed in the EFI memory map. If | |
3297 | this is not done crashes like this may occur, | |
3298 | ||
3299 | BUG: unable to handle kernel paging request at fffffffefe6086dd | |
3300 | IP: [<fffffffefe6086dd>] 0xfffffffefe6086dd | |
3301 | Call Trace: | |
3302 | [<ffffffff8104c90e>] efi_call+0x7e/0x100 | |
3303 | [<ffffffff81602091>] ? virt_efi_set_variable+0x61/0x90 | |
3304 | [<ffffffff8104c583>] efi_delete_dummy_variable+0x63/0x70 | |
3305 | [<ffffffff81f4e4aa>] efi_enter_virtual_mode+0x383/0x392 | |
3306 | [<ffffffff81f37e1b>] start_kernel+0x38a/0x417 | |
3307 | [<ffffffff81f37495>] x86_64_start_reservations+0x2a/0x2c | |
3308 | [<ffffffff81f37582>] x86_64_start_kernel+0xeb/0xef | |
3309 | ||
3310 | Here 0xfffffffefe6086dd refers to an address the firmware | |
3311 | expects to be mapped but which the OS never claimed was mapped. | |
3312 | The issue is that included in these regions are relative | |
3313 | addresses to other regions which were emitted by the firmware | |
3314 | toolchain before the "splitting" of sections occurred at | |
3315 | runtime. | |
3316 | ||
3317 | Needless to say, we don't satisfy this unwritten requirement on | |
3318 | x86_64 and instead map the EFI memory map entries in reverse | |
3319 | order. The above crash is almost certainly triggerable with any | |
3320 | kernel newer than v3.13 because that's when we rewrote the EFI | |
3321 | runtime region mapping code, in commit d2f7cbe7b26a ("x86/efi: | |
3322 | Runtime services virtual mapping"). For kernel versions before | |
3323 | v3.13 things may work by pure luck depending on the | |
3324 | fragmentation of the kernel virtual address space at the time we | |
3325 | map the EFI regions. | |
3326 | ||
3327 | Instead of mapping the EFI memory map entries in reverse order, | |
3328 | where entry N has a higher virtual address than entry N+1, map | |
3329 | them in the same order as they appear in the EFI memory map to | |
3330 | preserve this relative offset between regions. | |
3331 | ||
3332 | This patch has been kept as small as possible with the intention | |
3333 | that it should be applied aggressively to stable and | |
3334 | distribution kernels. It is very much a bugfix rather than | |
3335 | support for a new feature, since when EFI_PROPERTIES_TABLE is | |
3336 | enabled we must map things as outlined above to even boot - we | |
3337 | have no way of asking the firmware not to split the code/data | |
3338 | regions. | |
3339 | ||
3340 | In fact, this patch doesn't even make use of the more strict | |
3341 | memory protections available in UEFI v2.5. That will come later. | |
3342 | ||
3343 | Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> | |
3344 | Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> | |
3345 | Signed-off-by: Matt Fleming <matt.fleming@intel.com> | |
3346 | Cc: <stable@vger.kernel.org> | |
3347 | Cc: Borislav Petkov <bp@suse.de> | |
3348 | Cc: Chun-Yi <jlee@suse.com> | |
3349 | Cc: Dave Young <dyoung@redhat.com> | |
3350 | Cc: H. Peter Anvin <hpa@zytor.com> | |
3351 | Cc: James Bottomley <JBottomley@Odin.com> | |
3352 | Cc: Lee, Chun-Yi <jlee@suse.com> | |
3353 | Cc: Leif Lindholm <leif.lindholm@linaro.org> | |
3354 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
3355 | Cc: Matthew Garrett <mjg59@srcf.ucam.org> | |
3356 | Cc: Mike Galbraith <efault@gmx.de> | |
3357 | Cc: Peter Jones <pjones@redhat.com> | |
3358 | Cc: Peter Zijlstra <peterz@infradead.org> | |
3359 | Cc: Thomas Gleixner <tglx@linutronix.de> | |
3360 | Cc: linux-kernel@vger.kernel.org | |
3361 | Link: http://lkml.kernel.org/r/1443218539-7610-2-git-send-email-matt@codeblueprint.co.uk | |
3362 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
3363 | ||
3364 | arch/x86/platform/efi/efi.c | 67 ++++++++++++++++++++++++++++++++++++++++++- | |
3365 | 1 files changed, 66 insertions(+), 1 deletions(-) | |
3366 | ||
3367 | commit 9377caab146791c8c587da3750d6eddcd01bdfba | |
3368 | Author: Ard Biesheuvel <ard.biesheuvel@linaro.org> | |
3369 | Date: Fri Sep 25 23:02:19 2015 +0100 | |
3370 | ||
3371 | arm64/efi: Fix boot crash by not padding between EFI_MEMORY_RUNTIME regions | |
3372 | ||
3373 | The new Properties Table feature introduced in UEFIv2.5 may | |
3374 | split memory regions that cover PE/COFF memory images into | |
3375 | separate code and data regions. Since these regions only differ | |
3376 | in the type (runtime code vs runtime data) and the permission | |
3377 | bits, but not in the memory type attributes (UC/WC/WT/WB), the | |
3378 | spec does not require them to be aligned to 64 KB. | |
3379 | ||
3380 | Since the relative offset of PE/COFF .text and .data segments | |
3381 | cannot be changed on the fly, this means that we can no longer | |
3382 | pad out those regions to be mappable using 64 KB pages. | |
3383 | Unfortunately, there is no annotation in the UEFI memory map | |
3384 | that identifies data regions that were split off from a code | |
3385 | region, so we must apply this logic to all adjacent runtime | |
3386 | regions whose attributes only differ in the permission bits. | |
3387 | ||
3388 | So instead of rounding each memory region to 64 KB alignment at | |
3389 | both ends, only round down regions that are not directly | |
3390 | preceded by another runtime region with the same type | |
3391 | attributes. Since the UEFI spec does not mandate that the memory | |
3392 | map be sorted, this means we also need to sort it first. | |
3393 | ||
3394 | Note that this change will result in all EFI_MEMORY_RUNTIME | |
3395 | regions whose start addresses are not aligned to the OS page | |
3396 | size to be mapped with executable permissions (i.e., on kernels | |
3397 | compiled with 64 KB pages). However, since these mappings are | |
3398 | only active during the time that UEFI Runtime Services are being | |
3399 | invoked, the window for abuse is rather small. | |
3400 | ||
3401 | Tested-by: Mark Salter <msalter@redhat.com> | |
3402 | Tested-by: Mark Rutland <mark.rutland@arm.com> [UEFI 2.4 only] | |
3403 | Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> | |
3404 | Signed-off-by: Matt Fleming <matt.fleming@intel.com> | |
3405 | Reviewed-by: Mark Salter <msalter@redhat.com> | |
3406 | Reviewed-by: Mark Rutland <mark.rutland@arm.com> | |
3407 | Cc: <stable@vger.kernel.org> # v4.0+ | |
3408 | Cc: Catalin Marinas <catalin.marinas@arm.com> | |
3409 | Cc: Leif Lindholm <leif.lindholm@linaro.org> | |
3410 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
3411 | Cc: Mike Galbraith <efault@gmx.de> | |
3412 | Cc: Peter Zijlstra <peterz@infradead.org> | |
3413 | Cc: Thomas Gleixner <tglx@linutronix.de> | |
3414 | Cc: Will Deacon <will.deacon@arm.com> | |
3415 | Cc: linux-kernel@vger.kernel.org | |
3416 | Link: http://lkml.kernel.org/r/1443218539-7610-3-git-send-email-matt@codeblueprint.co.uk | |
3417 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
3418 | ||
3419 | arch/arm64/kernel/efi.c | 3 +- | |
3420 | drivers/firmware/efi/libstub/arm-stub.c | 88 +++++++++++++++++++++++++----- | |
3421 | 2 files changed, 75 insertions(+), 16 deletions(-) | |
3422 | ||
3423 | commit 189124f1e733622c44d72060832af3c68d7ee8bc | |
3424 | Author: Ralf Baechle <ralf@linux-mips.org> | |
3425 | Date: Fri Oct 2 09:48:57 2015 +0200 | |
3426 | ||
3427 | MIPS: BPF: Fix load delay slots. | |
3428 | ||
3429 | The entire bpf_jit_asm.S is written in noreorder mode because "we know | |
3430 | better" according to a comment. This also prevented the assembler from | |
3431 | throwing in the required NOPs for MIPS I processors which have no | |
3432 | load-use interlock, thus the load's consumer might end up using the | |
3433 | old value of the register from prior to the load. | |
3434 | ||
3435 | Fixed by putting the assembler in reorder mode for just the affected | |
3436 | load instructions. This is not enough for gas to actually try to be | |
3437 | clever by looking at the next instruction and inserting a nop only | |
3438 | when needed but as the comment said "we know better", so getting gas | |
3439 | to unconditionally emit a NOP is just right in this case and prevents | |
3440 | adding further ifdefery. | |
3441 | ||
3442 | Signed-off-by: Ralf Baechle <ralf@linux-mips.org> | |
3443 | ||
3444 | arch/mips/net/bpf_jit_asm.S | 4 ++++ | |
3445 | 1 files changed, 4 insertions(+), 0 deletions(-) | |
3446 | ||
3447 | commit b4b012d6599fbc3c6e81f0a03cd59eb9f0095ed8 | |
3448 | Author: Lee, Chun-Yi <joeyli.kernel@gmail.com> | |
3449 | Date: Tue Sep 29 20:58:57 2015 +0800 | |
3450 | ||
3451 | x86/kexec: Fix kexec crash in syscall kexec_file_load() | |
3452 | ||
3453 | The original bug is a page fault crash that sometimes happens | |
3454 | on big machines when preparing ELF headers: | |
3455 | ||
3456 | BUG: unable to handle kernel paging request at ffffc90613fc9000 | |
3457 | IP: [<ffffffff8103d645>] prepare_elf64_ram_headers_callback+0x165/0x260 | |
3458 | ||
3459 | The bug is caused by us under-counting the number of memory ranges | |
3460 | and subsequently not allocating enough ELF header space for them. | |
3461 | The bug is typically masked on smaller systems, because the ELF header | |
3462 | allocation is rounded up to the next page. | |
3463 | ||
3464 | This patch modifies the code in fill_up_crash_elf_data() by using | |
3465 | walk_system_ram_res() instead of walk_system_ram_range() to correctly | |
3466 | count the max number of crash memory ranges. That's because the | |
3467 | walk_system_ram_range() filters out small memory regions that | |
3468 | reside in the same page, but walk_system_ram_res() does not. | |
3469 | ||
3470 | Here's how I found the bug: | |
3471 | ||
3472 | After tracing prepare_elf64_headers() and prepare_elf64_ram_headers_callback(), | |
3473 | the code uses walk_system_ram_res() to fill-in crash memory regions information | |
3474 | to the program header, so it counts those small memory regions that | |
3475 | reside in a page area. | |
3476 | ||
3477 | But, when the kernel was using walk_system_ram_range() in | |
3478 | fill_up_crash_elf_data() to count the number of crash memory regions, | |
3479 | it filters out small regions. | |
3480 | ||
3481 | I printed those small memory regions, for example: | |
3482 | ||
3483 | kexec: Get nr_ram ranges. vaddr=0xffff880077592258 paddr=0x77592258, sz=0xdc0 | |
3484 | ||
3485 | Based on the code in walk_system_ram_range(), this memory region | |
3486 | will be filtered out: | |
3487 | ||
3488 | pfn = (0x77592258 + 0x1000 - 1) >> 12 = 0x77593 | |
3489 | end_pfn = (0x77592258 + 0xfc0 -1 + 1) >> 12 = 0x77593 | |
3490 | end_pfn - pfn = 0x77593 - 0x77593 = 0 <=== if (end_pfn > pfn) is FALSE | |
3491 | ||
3492 | So, the max_nr_ranges that's counted by the kernel doesn't include | |
3493 | small memory regions - causing us to under-allocate the required space. | |
3494 | That causes the page fault crash that happens in a later code path | |
3495 | when preparing ELF headers. | |
3496 | ||
3497 | This bug is not easy to reproduce on small machines that have few | |
3498 | CPUs, because the allocated page aligned ELF buffer has more free | |
3499 | space to cover those small memory regions' PT_LOAD headers. | |
3500 | ||
3501 | Signed-off-by: Lee, Chun-Yi <jlee@suse.com> | |
3502 | Cc: Andy Lutomirski <luto@kernel.org> | |
3503 | Cc: Baoquan He <bhe@redhat.com> | |
3504 | Cc: Jiang Liu <jiang.liu@linux.intel.com> | |
3505 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
3506 | Cc: Mike Galbraith <efault@gmx.de> | |
3507 | Cc: Peter Zijlstra <peterz@infradead.org> | |
3508 | Cc: Stephen Rothwell <sfr@canb.auug.org.au> | |
3509 | Cc: Takashi Iwai <tiwai@suse.de> | |
3510 | Cc: Thomas Gleixner <tglx@linutronix.de> | |
3511 | Cc: Viresh Kumar <viresh.kumar@linaro.org> | |
3512 | Cc: Vivek Goyal <vgoyal@redhat.com> | |
3513 | Cc: kexec@lists.infradead.org | |
3514 | Cc: linux-kernel@vger.kernel.org | |
3515 | Cc: <stable@vger.kernel.org> | |
3516 | Link: http://lkml.kernel.org/r/1443531537-29436-1-git-send-email-jlee@suse.com | |
3517 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
3518 | ||
3519 | arch/x86/kernel/crash.c | 7 +++---- | |
3520 | 1 files changed, 3 insertions(+), 4 deletions(-) | |
3521 | ||
3522 | commit bf91f1e0162bdd27ebd1411090a81fd9188daa4f | |
3523 | Author: Elad Raz <eladr@mellanox.com> | |
3524 | Date: Sat Aug 22 08:44:11 2015 +0300 | |
3525 | ||
3526 | netfilter: ipset: Fixing unnamed union init | |
3527 | ||
3528 | In continue to proposed Vinson Lee's post [1], this patch fixes compilation | |
3529 | issues founded at gcc 4.4.7. The initialization of .cidr field of unnamed | |
3530 | unions causes compilation error in gcc 4.4.x. | |
3531 | ||
3532 | References | |
3533 | ||
3534 | Visible links | |
3535 | [1] https://lkml.org/lkml/2015/7/5/74 | |
3536 | ||
3537 | Signed-off-by: Elad Raz <eladr@mellanox.com> | |
3538 | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | |
3539 | ||
3540 | net/netfilter/ipset/ip_set_hash_netnet.c | 20 ++++++++++++++++++-- | |
3541 | net/netfilter/ipset/ip_set_hash_netportnet.c | 20 ++++++++++++++++++-- | |
3542 | 2 files changed, 36 insertions(+), 4 deletions(-) | |
3543 | ||
40d5ff9e PK |
3544 | commit fed13a5012b8d7e87a6f9efa2e40e0be28eaecd9 |
3545 | Author: Brad Spengler <spender@grsecurity.net> | |
3546 | Date: Fri Oct 9 23:12:43 2015 -0400 | |
3547 | ||
3548 | compile fix | |
3549 | ||
3550 | arch/x86/mm/pgtable.c | 2 ++ | |
3551 | 1 files changed, 2 insertions(+), 0 deletions(-) | |
3552 | ||
3553 | commit 58edc15a668a6dd90b3f66abc84b509f8fba7505 | |
3554 | Author: Daniel Borkmann <daniel@iogearbox.net> | |
3555 | Date: Mon Aug 31 19:11:02 2015 +0200 | |
3556 | ||
3557 | netfilter: conntrack: use nf_ct_tmpl_free in CT/synproxy error paths | |
3558 | ||
3559 | Commit 0838aa7fcfcd ("netfilter: fix netns dependencies with conntrack | |
3560 | templates") migrated templates to the new allocator api, but forgot to | |
3561 | update error paths for them in CT and synproxy to use nf_ct_tmpl_free() | |
3562 | instead of nf_conntrack_free(). | |
3563 | ||
3564 | Due to that, memory is being freed into the wrong kmemcache, but also | |
3565 | we drop the per net reference count of ct objects causing an imbalance. | |
3566 | ||
3567 | In Brad's case, this leads to a wrap-around of net->ct.count and thus | |
3568 | lets __nf_conntrack_alloc() refuse to create a new ct object: | |
3569 | ||
3570 | [ 10.340913] xt_addrtype: ipv6 does not support BROADCAST matching | |
3571 | [ 10.810168] nf_conntrack: table full, dropping packet | |
3572 | [ 11.917416] r8169 0000:07:00.0 eth0: link up | |
3573 | [ 11.917438] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready | |
3574 | [ 12.815902] nf_conntrack: table full, dropping packet | |
3575 | [ 15.688561] nf_conntrack: table full, dropping packet | |
3576 | [ 15.689365] nf_conntrack: table full, dropping packet | |
3577 | [ 15.690169] nf_conntrack: table full, dropping packet | |
3578 | [ 15.690967] nf_conntrack: table full, dropping packet | |
3579 | [...] | |
3580 | ||
3581 | With slab debugging, it also reports the wrong kmemcache (kmalloc-512 vs. | |
3582 | nf_conntrack_ffffffff81ce75c0) and reports poison overwrites, etc. Thus, | |
3583 | to fix the problem, export and use nf_ct_tmpl_free() instead. | |
3584 | ||
3585 | Fixes: 0838aa7fcfcd ("netfilter: fix netns dependencies with conntrack templates") | |
3586 | Reported-by: Brad Jackson <bjackson0971@gmail.com> | |
3587 | Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | |
3588 | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | |
3589 | ||
3590 | include/net/netfilter/nf_conntrack.h | 1 + | |
3591 | net/netfilter/nf_conntrack_core.c | 3 ++- | |
3592 | net/netfilter/nf_synproxy_core.c | 2 +- | |
3593 | net/netfilter/xt_CT.c | 2 +- | |
3594 | 4 files changed, 5 insertions(+), 3 deletions(-) | |
3595 | ||
3596 | commit 37d26e44573aaa9c3b1f0c36ec9d4bddc008fc03 | |
3597 | Author: Brad Spengler <spender@grsecurity.net> | |
3598 | Date: Fri Oct 9 18:22:54 2015 -0400 | |
3599 | ||
3600 | Fix BUG() in scatterwalk_map_and_copy caused by virt_to_page being | |
3601 | called on the KSTACKOVERFLOW's vmalloc'd stack. Thanks to | |
3602 | Yves-Alexis Perez for the report | |
3603 | ||
3604 | crypto/scatterwalk.c | 10 ++++++++-- | |
3605 | 1 files changed, 8 insertions(+), 2 deletions(-) | |
3606 | ||
3607 | commit 8137d53d2b60023587a48004f0b67946ed6db4a8 | |
3608 | Merge: 147420b a9c991f | |
3609 | Author: Brad Spengler <spender@grsecurity.net> | |
3610 | Date: Fri Oct 9 18:20:32 2015 -0400 | |
3611 | ||
3612 | Merge branch 'pax-test' into grsec-test | |
3613 | ||
3614 | commit a9c991f727bb8daf15838296e301683791c17071 | |
3615 | Author: Brad Spengler <spender@grsecurity.net> | |
3616 | Date: Fri Oct 9 18:20:07 2015 -0400 | |
3617 | ||
3618 | Update to pax-linux-4.2.3-test8.patch: | |
3619 | - fixed vsyscall/pvclock regression caused by the recent page table hardening, reported by kamil (https://forums.grsecurity.net/viewtopic.php?f=3&t=4272) | |
3620 | ||
3621 | arch/x86/kernel/espfix_64.c | 4 +--- | |
3622 | arch/x86/kernel/kvmclock.c | 20 ++++++-------------- | |
3623 | arch/x86/mm/highmem_32.c | 2 ++ | |
3624 | arch/x86/mm/pgtable.c | 33 +++++++++++++++++++++++++++++++++ | |
3625 | 4 files changed, 42 insertions(+), 17 deletions(-) | |
3626 | ||
3627 | commit 147420b0f00c7f20f354e1dfa460b904a3af432b | |
3628 | Author: Brad Spengler <spender@grsecurity.net> | |
3629 | Date: Fri Oct 9 08:54:24 2015 -0400 | |
3630 | ||
3631 | Properly fix the bug reported at: | |
3632 | https://code.google.com/p/android/issues/detail?id=187973 | |
3633 | ||
3634 | drivers/net/slip/slhc.c | 3 +++ | |
3635 | 1 files changed, 3 insertions(+), 0 deletions(-) | |
3636 | ||
afe359a8 PK |
3637 | commit 4918a68ea80e1185ec8f3a94d3a2210552ed0bb5 |
3638 | Merge: 4e736d9 7e02f35 | |
0a9c1e67 | 3639 | Author: Brad Spengler <spender@grsecurity.net> |
afe359a8 | 3640 | Date: Wed Oct 7 20:57:21 2015 -0400 |
0a9c1e67 | 3641 | |
afe359a8 | 3642 | Merge branch 'pax-test' into grsec-test |
ee1b9a5f | 3643 | |
da1216b9 | 3644 | Conflicts: |
afe359a8 | 3645 | arch/x86/kernel/espfix_64.c |
da1216b9 | 3646 | |
afe359a8 PK |
3647 | commit 7e02f35880fd6bdb2f4e7ba07a13d6df1d121008 |
3648 | Author: Brad Spengler <spender@grsecurity.net> | |
3649 | Date: Wed Oct 7 20:54:36 2015 -0400 | |
da1216b9 | 3650 | |
afe359a8 PK |
3651 | Update to pax-linux-4.2.3-test7.patch: |
3652 | - backported vanilla commits b763ec17ac762470eec5be8ebcc43e4f8b2c2b82 and 176fc2d5770a0990eebff903ba680d2edd32e718 | |
3653 | - constified a few more page tables for ESPFIX/amd64 | |
3654 | - fixed xen and the recently added level1_modules_pgt page tables on amd64 | |
ee1b9a5f | 3655 | |
afe359a8 PK |
3656 | arch/x86/include/asm/pgtable_64.h | 1 + |
3657 | arch/x86/kernel/espfix_64.c | 35 +++++++++++++++++++++++---------- | |
3658 | arch/x86/xen/mmu.c | 4 +++ | |
3659 | drivers/base/regmap/regmap-debugfs.c | 14 +++++------- | |
3660 | 4 files changed, 35 insertions(+), 19 deletions(-) | |
ee1b9a5f | 3661 | |
afe359a8 PK |
3662 | commit 4e736d9e568f6cc0d08dfe7519abf9a5d58a5418 |
3663 | Author: Robin Murphy <robin.murphy@arm.com> | |
3664 | Date: Thu Oct 1 15:37:19 2015 -0700 | |
ee1b9a5f | 3665 | |
afe359a8 | 3666 | dmapool: fix overflow condition in pool_find_page() |
ee1b9a5f | 3667 | |
afe359a8 PK |
3668 | If a DMA pool lies at the very top of the dma_addr_t range (as may |
3669 | happen with an IOMMU involved), the calculated end address of the pool | |
3670 | wraps around to zero, and page lookup always fails. | |
ee1b9a5f | 3671 | |
afe359a8 | 3672 | Tweak the relevant calculation to be overflow-proof. |
da1216b9 | 3673 | |
afe359a8 PK |
3674 | Signed-off-by: Robin Murphy <robin.murphy@arm.com> |
3675 | Cc: Arnd Bergmann <arnd@arndb.de> | |
3676 | Cc: Marek Szyprowski <m.szyprowski@samsung.com> | |
3677 | Cc: Sumit Semwal <sumit.semwal@linaro.org> | |
3678 | Cc: Sakari Ailus <sakari.ailus@iki.fi> | |
3679 | Cc: Russell King <rmk+kernel@arm.linux.org.uk> | |
da1216b9 PK |
3680 | Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
3681 | Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | |
ee1b9a5f | 3682 | |
afe359a8 | 3683 | mm/dmapool.c | 2 +- |
578d7714 PK |
3684 | 1 files changed, 1 insertions(+), 1 deletions(-) |
3685 | ||
afe359a8 PK |
3686 | commit 96a101a9b4208a6e5f2a0db7599881142e70ba43 |
3687 | Author: Greg Thelen <gthelen@google.com> | |
3688 | Date: Thu Oct 1 15:37:05 2015 -0700 | |
578d7714 | 3689 | |
afe359a8 | 3690 | memcg: make mem_cgroup_read_stat() unsigned |
da1216b9 | 3691 | |
afe359a8 PK |
3692 | mem_cgroup_read_stat() returns a page count by summing per cpu page |
3693 | counters. The summing is racy wrt. updates, so a transient negative | |
3694 | sum is possible. Callers don't want negative values: | |
578d7714 | 3695 | |
afe359a8 PK |
3696 | - mem_cgroup_wb_stats() doesn't want negative nr_dirty or nr_writeback. |
3697 | This could confuse dirty throttling. | |
da1216b9 | 3698 | |
afe359a8 | 3699 | - oom reports and memory.stat shouldn't show confusing negative usage. |
da1216b9 | 3700 | |
afe359a8 | 3701 | - tree_usage() already avoids negatives. |
da1216b9 | 3702 | |
afe359a8 PK |
3703 | Avoid returning negative page counts from mem_cgroup_read_stat() and |
3704 | convert it to unsigned. | |
da1216b9 | 3705 | |
afe359a8 PK |
3706 | [akpm@linux-foundation.org: fix old typo while we're in there] |
3707 | Signed-off-by: Greg Thelen <gthelen@google.com> | |
3708 | Cc: Johannes Weiner <hannes@cmpxchg.org> | |
3709 | Acked-by: Michal Hocko <mhocko@suse.com> | |
3710 | Cc: <stable@vger.kernel.org> [4.2+] | |
3711 | Signed-off-by: Andrew Morton <akpm@linux-foundation.org> | |
3712 | Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | |
eeed91c5 | 3713 | |
afe359a8 PK |
3714 | mm/memcontrol.c | 30 ++++++++++++++++++------------ |
3715 | 1 files changed, 18 insertions(+), 12 deletions(-) | |
eeed91c5 | 3716 | |
afe359a8 | 3717 | commit b7808c46650d5f4c09f071566de991af36eb9d37 |
da1216b9 | 3718 | Author: Daniel Borkmann <daniel@iogearbox.net> |
afe359a8 PK |
3719 | Date: Fri Oct 2 12:06:03 2015 +0200 |
3720 | ||
3721 | bpf: fix panic in SO_GET_FILTER with native ebpf programs | |
3722 | ||
3723 | When sockets have a native eBPF program attached through | |
3724 | setsockopt(sk, SOL_SOCKET, SO_ATTACH_BPF, ...), and then try to | |
3725 | dump these over getsockopt(sk, SOL_SOCKET, SO_GET_FILTER, ...), | |
3726 | the following panic appears: | |
3727 | ||
3728 | [49904.178642] BUG: unable to handle kernel NULL pointer dereference at (null) | |
3729 | [49904.178762] IP: [<ffffffff81610fd9>] sk_get_filter+0x39/0x90 | |
3730 | [49904.182000] PGD 86fc9067 PUD 531a1067 PMD 0 | |
3731 | [49904.185196] Oops: 0000 [#1] SMP | |
3732 | [...] | |
3733 | [49904.224677] Call Trace: | |
3734 | [49904.226090] [<ffffffff815e3d49>] sock_getsockopt+0x319/0x740 | |
3735 | [49904.227535] [<ffffffff812f59e3>] ? sock_has_perm+0x63/0x70 | |
3736 | [49904.228953] [<ffffffff815e2fc8>] ? release_sock+0x108/0x150 | |
3737 | [49904.230380] [<ffffffff812f5a43>] ? selinux_socket_getsockopt+0x23/0x30 | |
3738 | [49904.231788] [<ffffffff815dff36>] SyS_getsockopt+0xa6/0xc0 | |
3739 | [49904.233267] [<ffffffff8171b9ae>] entry_SYSCALL_64_fastpath+0x12/0x71 | |
3740 | ||
3741 | The underlying issue is the very same as in commit b382c0865600 | |
3742 | ("sock, diag: fix panic in sock_diag_put_filterinfo"), that is, | |
3743 | native eBPF programs don't store an original program since this | |
3744 | is only needed in cBPF ones. | |
3745 | ||
3746 | However, sk_get_filter() wasn't updated to test for this at the | |
3747 | time when eBPF could be attached. Just throw an error to the user | |
3748 | to indicate that eBPF cannot be dumped over this interface. | |
3749 | That way, it can also be known that a program _is_ attached (as | |
3750 | opposed to just return 0), and a different (future) method needs | |
3751 | to be consulted for a dump. | |
3752 | ||
3753 | Fixes: 89aa075832b0 ("net: sock: allow eBPF programs to be attached to sockets") | |
da1216b9 | 3754 | Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> |
afe359a8 | 3755 | Acked-by: Alexei Starovoitov <ast@plumgrid.com> |
da1216b9 | 3756 | Signed-off-by: David S. Miller <davem@davemloft.net> |
32ca80f1 | 3757 | |
afe359a8 PK |
3758 | net/core/filter.c | 6 +++++- |
3759 | 1 files changed, 5 insertions(+), 1 deletions(-) | |
32ca80f1 | 3760 | |
afe359a8 PK |
3761 | commit 40853c884afb5fc2dcb9f7fc34ef446162566fcc |
3762 | Author: Steve French <smfrench@gmail.com> | |
3763 | Date: Mon Sep 28 17:21:07 2015 -0500 | |
32ca80f1 | 3764 | |
afe359a8 | 3765 | [SMB3] Do not fall back to SMBWriteX in set_file_size error cases |
e1f904d0 | 3766 | |
afe359a8 | 3767 | The error paths in set_file_size for cifs and smb3 are incorrect. |
e1f904d0 | 3768 | |
afe359a8 PK |
3769 | In the unlikely event that a server did not support set file info |
3770 | of the file size, the code incorrectly falls back to trying SMBWriteX | |
3771 | (note that only the original core SMB Write, used for example by DOS, | |
3772 | can set the file size this way - this actually does not work for the more | |
3773 | recent SMBWriteX). The idea was since the old DOS SMB Write could set | |
3774 | the file size if you write zero bytes at that offset then use that if | |
3775 | server rejects the normal set file info call. | |
da1216b9 | 3776 | |
afe359a8 PK |
3777 | Fortunately the SMBWriteX will never be sent on the wire (except when |
3778 | file size is zero) since the length and offset fields were reversed | |
3779 | in the two places in this function that call SMBWriteX causing | |
3780 | the fall back path to return an error. It is also important to never call | |
3781 | an SMB request from an SMB2/sMB3 session (which theoretically would | |
3782 | be possible, and can cause a brief session drop, although the client | |
3783 | recovers) so this should be fixed. In practice this path does not happen | |
3784 | with modern servers but the error fall back to SMBWriteX is clearly wrong. | |
e1f904d0 | 3785 | |
afe359a8 | 3786 | Removing the calls to SMBWriteX in the error paths in cifs_set_file_size |
da1216b9 | 3787 | |
afe359a8 | 3788 | Pointed out by PaX/grsecurity team |
cac6ae42 | 3789 | |
afe359a8 PK |
3790 | Signed-off-by: Steve French <steve.french@primarydata.com> |
3791 | Reported-by: PaX Team <pageexec@freemail.hu> | |
3792 | CC: Emese Revfy <re.emese@gmail.com> | |
3793 | CC: Brad Spengler <spender@grsecurity.net> | |
3794 | CC: Stable <stable@vger.kernel.org> | |
3969d2a7 | 3795 | |
afe359a8 PK |
3796 | fs/cifs/inode.c | 34 ---------------------------------- |
3797 | 1 files changed, 0 insertions(+), 34 deletions(-) | |
3969d2a7 | 3798 | |
afe359a8 | 3799 | commit f5fad97c967a08f4a89513969598b1d3c8232a38 |
3969d2a7 | 3800 | Author: Brad Spengler <spender@grsecurity.net> |
afe359a8 | 3801 | Date: Wed Oct 7 18:22:40 2015 -0400 |
3969d2a7 | 3802 | |
afe359a8 PK |
3803 | Initial import of grsecurity for Linux 4.2.3 |
3804 | Note that size_overflow is currently marked BROKEN | |
76e7c0f9 | 3805 | |
6090327c | 3806 | Documentation/dontdiff | 2 + |
e8242a6d | 3807 | Documentation/kernel-parameters.txt | 7 + |
afe359a8 | 3808 | Documentation/sysctl/kernel.txt | 15 + |
a8b227b4 | 3809 | Makefile | 18 +- |
6090327c PK |
3810 | arch/alpha/include/asm/cache.h | 4 +- |
3811 | arch/alpha/kernel/osf_sys.c | 12 +- | |
3812 | arch/arm/Kconfig | 1 + | |
3813 | arch/arm/include/asm/thread_info.h | 9 +- | |
3814 | arch/arm/kernel/process.c | 4 +- | |
3815 | arch/arm/kernel/ptrace.c | 9 + | |
3816 | arch/arm/kernel/traps.c | 7 +- | |
3817 | arch/arm/mm/Kconfig | 2 +- | |
3818 | arch/arm/mm/fault.c | 40 +- | |
3819 | arch/arm/mm/mmap.c | 8 +- | |
afe359a8 | 3820 | arch/arm/net/bpf_jit_32.c | 51 +- |
6090327c PK |
3821 | arch/avr32/include/asm/cache.h | 4 +- |
3822 | arch/blackfin/include/asm/cache.h | 3 +- | |
3823 | arch/cris/include/arch-v10/arch/cache.h | 3 +- | |
3824 | arch/cris/include/arch-v32/arch/cache.h | 3 +- | |
3825 | arch/frv/include/asm/cache.h | 3 +- | |
3826 | arch/frv/mm/elf-fdpic.c | 4 +- | |
3827 | arch/hexagon/include/asm/cache.h | 6 +- | |
3828 | arch/ia64/Kconfig | 1 + | |
3829 | arch/ia64/include/asm/cache.h | 3 +- | |
3830 | arch/ia64/kernel/sys_ia64.c | 2 + | |
3831 | arch/ia64/mm/hugetlbpage.c | 2 + | |
3832 | arch/m32r/include/asm/cache.h | 4 +- | |
3833 | arch/m68k/include/asm/cache.h | 4 +- | |
3834 | arch/metag/mm/hugetlbpage.c | 1 + | |
3835 | arch/microblaze/include/asm/cache.h | 3 +- | |
3836 | arch/mips/Kconfig | 1 + | |
3837 | arch/mips/include/asm/cache.h | 3 +- | |
3838 | arch/mips/include/asm/thread_info.h | 11 +- | |
da1216b9 | 3839 | arch/mips/kernel/irq.c | 3 + |
6090327c PK |
3840 | arch/mips/kernel/ptrace.c | 9 + |
3841 | arch/mips/mm/mmap.c | 4 +- | |
3842 | arch/mn10300/proc-mn103e010/include/proc/cache.h | 4 +- | |
3843 | arch/mn10300/proc-mn2ws0050/include/proc/cache.h | 4 +- | |
3844 | arch/openrisc/include/asm/cache.h | 4 +- | |
3845 | arch/parisc/include/asm/cache.h | 5 +- | |
3846 | arch/parisc/kernel/sys_parisc.c | 4 + | |
3847 | arch/powerpc/Kconfig | 1 + | |
3848 | arch/powerpc/include/asm/cache.h | 3 +- | |
3849 | arch/powerpc/include/asm/thread_info.h | 5 +- | |
3850 | arch/powerpc/kernel/Makefile | 2 + | |
3851 | arch/powerpc/kernel/irq.c | 3 + | |
3852 | arch/powerpc/kernel/process.c | 10 +- | |
3853 | arch/powerpc/kernel/ptrace.c | 14 + | |
3854 | arch/powerpc/kernel/traps.c | 5 + | |
6090327c | 3855 | arch/powerpc/mm/slice.c | 2 +- |
6090327c PK |
3856 | arch/s390/include/asm/cache.h | 4 +- |
3857 | arch/score/include/asm/cache.h | 4 +- | |
3858 | arch/sh/include/asm/cache.h | 3 +- | |
3859 | arch/sh/mm/mmap.c | 6 +- | |
3860 | arch/sparc/include/asm/cache.h | 4 +- | |
0986ccbe PK |
3861 | arch/sparc/include/asm/pgalloc_64.h | 1 + |
3862 | arch/sparc/include/asm/thread_info_64.h | 8 +- | |
6090327c PK |
3863 | arch/sparc/kernel/process_32.c | 6 +- |
3864 | arch/sparc/kernel/process_64.c | 8 +- | |
3865 | arch/sparc/kernel/ptrace_64.c | 14 + | |
3866 | arch/sparc/kernel/sys_sparc_64.c | 8 +- | |
3867 | arch/sparc/kernel/syscalls.S | 8 +- | |
3868 | arch/sparc/kernel/traps_32.c | 8 +- | |
3869 | arch/sparc/kernel/traps_64.c | 28 +- | |
3870 | arch/sparc/kernel/unaligned_64.c | 2 +- | |
3871 | arch/sparc/mm/fault_64.c | 2 +- | |
3872 | arch/sparc/mm/hugetlbpage.c | 15 +- | |
3873 | arch/tile/Kconfig | 1 + | |
3874 | arch/tile/include/asm/cache.h | 3 +- | |
3875 | arch/tile/mm/hugetlbpage.c | 2 + | |
3876 | arch/um/include/asm/cache.h | 3 +- | |
3877 | arch/unicore32/include/asm/cache.h | 6 +- | |
afe359a8 PK |
3878 | arch/x86/Kconfig | 21 + |
3879 | arch/x86/entry/entry_32.S | 2 +- | |
3880 | arch/x86/entry/entry_64.S | 2 +- | |
6090327c PK |
3881 | arch/x86/ia32/ia32_aout.c | 2 + |
3882 | arch/x86/include/asm/floppy.h | 20 +- | |
3883 | arch/x86/include/asm/io.h | 2 +- | |
3884 | arch/x86/include/asm/page.h | 12 +- | |
3885 | arch/x86/include/asm/paravirt_types.h | 23 +- | |
3886 | arch/x86/include/asm/processor.h | 2 +- | |
3887 | arch/x86/include/asm/thread_info.h | 8 +- | |
a8b227b4 | 3888 | arch/x86/kernel/dumpstack.c | 10 +- |
6090327c PK |
3889 | arch/x86/kernel/dumpstack_32.c | 2 +- |
3890 | arch/x86/kernel/dumpstack_64.c | 2 +- | |
8cf17962 | 3891 | arch/x86/kernel/espfix_64.c | 2 +- |
afe359a8 | 3892 | arch/x86/kernel/fpu/init.c | 4 +- |
6090327c PK |
3893 | arch/x86/kernel/ioport.c | 13 + |
3894 | arch/x86/kernel/irq_32.c | 3 + | |
3895 | arch/x86/kernel/irq_64.c | 4 + | |
afe359a8 | 3896 | arch/x86/kernel/ldt.c | 18 + |
6090327c PK |
3897 | arch/x86/kernel/msr.c | 10 + |
3898 | arch/x86/kernel/ptrace.c | 28 + | |
3899 | arch/x86/kernel/signal.c | 9 +- | |
3900 | arch/x86/kernel/sys_i386_32.c | 9 +- | |
3901 | arch/x86/kernel/sys_x86_64.c | 8 +- | |
3902 | arch/x86/kernel/traps.c | 5 + | |
3903 | arch/x86/kernel/verify_cpu.S | 1 + | |
3904 | arch/x86/kernel/vm86_32.c | 16 + | |
3905 | arch/x86/mm/fault.c | 12 +- | |
3906 | arch/x86/mm/hugetlbpage.c | 15 +- | |
3907 | arch/x86/mm/init.c | 66 +- | |
3908 | arch/x86/mm/init_32.c | 6 +- | |
0986ccbe | 3909 | arch/x86/net/bpf_jit_comp.c | 4 + |
a8b227b4 | 3910 | arch/x86/platform/efi/efi_64.c | 2 +- |
6090327c PK |
3911 | arch/x86/xen/Kconfig | 1 + |
3912 | arch/xtensa/variants/dc232b/include/variant/core.h | 2 +- | |
3913 | arch/xtensa/variants/fsf/include/variant/core.h | 3 +- | |
6090327c PK |
3914 | drivers/acpi/acpica/hwxfsleep.c | 11 +- |
3915 | drivers/acpi/custom_method.c | 4 + | |
3916 | drivers/block/cciss.h | 30 +- | |
6090327c PK |
3917 | drivers/block/smart1,2.h | 40 +- |
3918 | drivers/cdrom/cdrom.c | 2 +- | |
3919 | drivers/char/Kconfig | 4 +- | |
3920 | drivers/char/genrtc.c | 1 + | |
3921 | drivers/char/mem.c | 17 + | |
3922 | drivers/char/random.c | 5 +- | |
3923 | drivers/cpufreq/sparc-us3-cpufreq.c | 2 - | |
3924 | drivers/firewire/ohci.c | 4 + | |
da1216b9 PK |
3925 | drivers/gpu/drm/drm_context.c | 50 +- |
3926 | drivers/gpu/drm/drm_drv.c | 11 +- | |
3927 | drivers/gpu/drm/drm_lock.c | 18 +- | |
3928 | drivers/gpu/drm/i915/i915_dma.c | 2 + | |
3929 | drivers/gpu/drm/nouveau/nouveau_drm.c | 3 +- | |
6090327c PK |
3930 | drivers/gpu/drm/nouveau/nouveau_ttm.c | 30 +- |
3931 | drivers/gpu/drm/ttm/ttm_bo_manager.c | 10 +- | |
afe359a8 | 3932 | drivers/gpu/drm/virtio/virtgpu_ttm.c | 10 +- |
6090327c | 3933 | drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c | 10 +- |
6090327c PK |
3934 | drivers/hid/hid-wiimote-debug.c | 2 +- |
3935 | drivers/infiniband/hw/nes/nes_cm.c | 22 +- | |
0986ccbe | 3936 | drivers/iommu/amd_iommu.c | 14 +- |
6090327c PK |
3937 | drivers/isdn/gigaset/bas-gigaset.c | 32 +- |
3938 | drivers/isdn/gigaset/ser-gigaset.c | 32 +- | |
3939 | drivers/isdn/gigaset/usb-gigaset.c | 32 +- | |
3940 | drivers/isdn/i4l/isdn_concap.c | 6 +- | |
3941 | drivers/isdn/i4l/isdn_x25iface.c | 16 +- | |
a8b227b4 PK |
3942 | drivers/md/raid5.c | 8 + |
3943 | drivers/media/pci/solo6x10/solo6x10-g723.c | 2 +- | |
6090327c | 3944 | drivers/media/radio/radio-cadet.c | 5 +- |
a8b227b4 PK |
3945 | drivers/media/usb/dvb-usb/cinergyT2-core.c | 91 +- |
3946 | drivers/media/usb/dvb-usb/cinergyT2-fe.c | 182 +- | |
6090327c PK |
3947 | drivers/media/usb/dvb-usb/dvb-usb-firmware.c | 37 +- |
3948 | drivers/media/usb/dvb-usb/technisat-usb2.c | 75 +- | |
3949 | drivers/message/fusion/mptbase.c | 9 + | |
3950 | drivers/misc/sgi-xp/xp_main.c | 12 +- | |
6090327c PK |
3951 | drivers/net/ethernet/brocade/bna/bna_enet.c | 8 +- |
3952 | drivers/net/wan/lmc/lmc_media.c | 97 +- | |
3953 | drivers/net/wan/z85230.c | 24 +- | |
3954 | drivers/net/wireless/zd1211rw/zd_usb.c | 2 +- | |
3955 | drivers/pci/proc.c | 9 + | |
3956 | drivers/platform/x86/asus-wmi.c | 12 + | |
3957 | drivers/rtc/rtc-dev.c | 3 + | |
3958 | drivers/scsi/bfa/bfa_fcs.c | 19 +- | |
3959 | drivers/scsi/bfa/bfa_fcs_lport.c | 29 +- | |
3960 | drivers/scsi/bfa/bfa_modules.h | 12 +- | |
e8242a6d | 3961 | drivers/scsi/hpsa.h | 40 +- |
6090327c PK |
3962 | drivers/staging/lustre/lustre/ldlm/ldlm_flock.c | 2 +- |
3963 | drivers/staging/lustre/lustre/libcfs/module.c | 10 +- | |
afe359a8 PK |
3964 | drivers/staging/sm750fb/sm750.c | 3 + |
3965 | drivers/tty/serial/uartlite.c | 4 +- | |
6090327c PK |
3966 | drivers/tty/sysrq.c | 2 +- |
3967 | drivers/tty/vt/keyboard.c | 22 +- | |
3968 | drivers/uio/uio.c | 6 +- | |
3969 | drivers/usb/core/hub.c | 5 + | |
a8b227b4 PK |
3970 | drivers/usb/gadget/function/f_uac1.c | 1 + |
3971 | drivers/usb/gadget/function/u_uac1.c | 1 + | |
6090327c | 3972 | drivers/usb/host/hwa-hc.c | 9 +- |
afe359a8 | 3973 | drivers/usb/usbip/vhci_sysfs.c | 2 +- |
6090327c PK |
3974 | drivers/video/fbdev/arcfb.c | 2 +- |
3975 | drivers/video/fbdev/matrox/matroxfb_DAC1064.c | 10 +- | |
3976 | drivers/video/fbdev/matrox/matroxfb_Ti3026.c | 5 +- | |
3977 | drivers/video/fbdev/sh_mobile_lcdcfb.c | 6 +- | |
da1216b9 | 3978 | drivers/video/logo/logo_linux_clut224.ppm | 2720 ++++----- |
6090327c | 3979 | drivers/xen/xenfs/xenstored.c | 5 + |
afe359a8 PK |
3980 | firmware/Makefile | 2 + |
3981 | firmware/WHENCE | 20 +- | |
3982 | firmware/bnx2/bnx2-mips-06-6.2.3.fw.ihex | 5804 +++++++++++++++++ | |
da1216b9 | 3983 | firmware/bnx2/bnx2-mips-09-6.2.1b.fw.ihex | 6496 ++++++++++++++++++++ |
6090327c PK |
3984 | fs/attr.c | 1 + |
3985 | fs/autofs4/waitq.c | 9 + | |
3986 | fs/binfmt_aout.c | 7 + | |
3987 | fs/binfmt_elf.c | 40 +- | |
6090327c PK |
3988 | fs/compat.c | 20 +- |
3989 | fs/coredump.c | 17 +- | |
8cf17962 | 3990 | fs/dcache.c | 3 + |
da1216b9 PK |
3991 | fs/debugfs/inode.c | 11 +- |
3992 | fs/exec.c | 218 +- | |
6090327c | 3993 | fs/ext2/balloc.c | 4 +- |
0986ccbe | 3994 | fs/ext2/super.c | 8 +- |
6090327c | 3995 | fs/ext3/balloc.c | 4 +- |
0986ccbe | 3996 | fs/ext3/super.c | 8 +- |
6090327c | 3997 | fs/ext4/balloc.c | 4 +- |
0986ccbe | 3998 | fs/fcntl.c | 4 + |
da1216b9 | 3999 | fs/fhandle.c | 3 +- |
6090327c PK |
4000 | fs/file.c | 4 + |
4001 | fs/filesystems.c | 4 + | |
e8242a6d | 4002 | fs/fs_struct.c | 20 +- |
6090327c | 4003 | fs/hugetlbfs/inode.c | 5 +- |
afe359a8 | 4004 | fs/inode.c | 8 +- |
8cf17962 | 4005 | fs/kernfs/dir.c | 6 + |
6090327c | 4006 | fs/mount.h | 4 +- |
afe359a8 | 4007 | fs/namei.c | 285 +- |
8cf17962 | 4008 | fs/namespace.c | 24 + |
a8b227b4 | 4009 | fs/nfsd/nfscache.c | 2 +- |
6090327c | 4010 | fs/open.c | 38 + |
afe359a8 | 4011 | fs/overlayfs/inode.c | 3 + |
da1216b9 | 4012 | fs/overlayfs/super.c | 6 +- |
6090327c PK |
4013 | fs/pipe.c | 2 +- |
4014 | fs/posix_acl.c | 15 +- | |
4015 | fs/proc/Kconfig | 10 +- | |
0986ccbe | 4016 | fs/proc/array.c | 66 +- |
afe359a8 | 4017 | fs/proc/base.c | 168 +- |
6090327c PK |
4018 | fs/proc/cmdline.c | 4 + |
4019 | fs/proc/devices.c | 4 + | |
4020 | fs/proc/fd.c | 17 +- | |
e8242a6d | 4021 | fs/proc/generic.c | 64 + |
6090327c | 4022 | fs/proc/inode.c | 17 + |
0986ccbe | 4023 | fs/proc/internal.h | 11 +- |
6090327c PK |
4024 | fs/proc/interrupts.c | 4 + |
4025 | fs/proc/kcore.c | 3 + | |
4026 | fs/proc/proc_net.c | 31 + | |
4027 | fs/proc/proc_sysctl.c | 52 +- | |
4028 | fs/proc/root.c | 8 + | |
4029 | fs/proc/stat.c | 69 +- | |
e8242a6d | 4030 | fs/proc/task_mmu.c | 66 +- |
6090327c PK |
4031 | fs/readdir.c | 19 + |
4032 | fs/reiserfs/item_ops.c | 24 +- | |
0986ccbe | 4033 | fs/reiserfs/super.c | 4 + |
6090327c | 4034 | fs/select.c | 2 + |
afe359a8 | 4035 | fs/seq_file.c | 30 +- |
6090327c | 4036 | fs/stat.c | 20 +- |
e8242a6d | 4037 | fs/sysfs/dir.c | 30 +- |
6090327c | 4038 | fs/utimes.c | 7 + |
8cf17962 | 4039 | fs/xattr.c | 26 +- |
da1216b9 | 4040 | grsecurity/Kconfig | 1182 ++++ |
6090327c | 4041 | grsecurity/Makefile | 54 + |
da1216b9 | 4042 | grsecurity/gracl.c | 2757 +++++++++ |
6090327c | 4043 | grsecurity/gracl_alloc.c | 105 + |
a8b227b4 | 4044 | grsecurity/gracl_cap.c | 127 + |
da1216b9 | 4045 | grsecurity/gracl_compat.c | 269 + |
afe359a8 | 4046 | grsecurity/gracl_fs.c | 448 ++ |
da1216b9 PK |
4047 | grsecurity/gracl_ip.c | 386 ++ |
4048 | grsecurity/gracl_learn.c | 207 + | |
4049 | grsecurity/gracl_policy.c | 1786 ++++++ | |
6090327c | 4050 | grsecurity/gracl_res.c | 68 + |
da1216b9 | 4051 | grsecurity/gracl_segv.c | 304 + |
6090327c PK |
4052 | grsecurity/gracl_shm.c | 40 + |
4053 | grsecurity/grsec_chdir.c | 19 + | |
da1216b9 PK |
4054 | grsecurity/grsec_chroot.c | 467 ++ |
4055 | grsecurity/grsec_disabled.c | 445 ++ | |
4056 | grsecurity/grsec_exec.c | 189 + | |
4057 | grsecurity/grsec_fifo.c | 26 + | |
6090327c | 4058 | grsecurity/grsec_fork.c | 23 + |
da1216b9 | 4059 | grsecurity/grsec_init.c | 290 + |
6090327c | 4060 | grsecurity/grsec_ipc.c | 48 + |
afe359a8 PK |
4061 | grsecurity/grsec_link.c | 65 + |
4062 | grsecurity/grsec_log.c | 340 + | |
6090327c PK |
4063 | grsecurity/grsec_mem.c | 48 + |
4064 | grsecurity/grsec_mount.c | 65 + | |
afe359a8 | 4065 | grsecurity/grsec_pax.c | 47 + |
6090327c PK |
4066 | grsecurity/grsec_proc.c | 20 + |
4067 | grsecurity/grsec_ptrace.c | 30 + | |
da1216b9 PK |
4068 | grsecurity/grsec_sig.c | 236 + |
4069 | grsecurity/grsec_sock.c | 244 + | |
4070 | grsecurity/grsec_sysctl.c | 488 ++ | |
6090327c PK |
4071 | grsecurity/grsec_time.c | 16 + |
4072 | grsecurity/grsec_tpe.c | 78 + | |
4073 | grsecurity/grsec_usb.c | 15 + | |
4074 | grsecurity/grsum.c | 64 + | |
da1216b9 | 4075 | include/drm/drmP.h | 23 +- |
6090327c | 4076 | include/linux/binfmts.h | 5 +- |
afe359a8 PK |
4077 | include/linux/capability.h | 13 + |
4078 | include/linux/compiler-gcc.h | 5 + | |
6090327c PK |
4079 | include/linux/compiler.h | 8 + |
4080 | include/linux/cred.h | 8 +- | |
8cf17962 | 4081 | include/linux/dcache.h | 5 +- |
6090327c PK |
4082 | include/linux/fs.h | 24 +- |
4083 | include/linux/fs_struct.h | 2 +- | |
4084 | include/linux/fsnotify.h | 6 + | |
da1216b9 PK |
4085 | include/linux/gracl.h | 342 + |
4086 | include/linux/gracl_compat.h | 156 + | |
6090327c PK |
4087 | include/linux/gralloc.h | 9 + |
4088 | include/linux/grdefs.h | 140 + | |
da1216b9 | 4089 | include/linux/grinternal.h | 230 + |
8cf17962 | 4090 | include/linux/grmsg.h | 118 + |
afe359a8 | 4091 | include/linux/grsecurity.h | 249 + |
6090327c | 4092 | include/linux/grsock.h | 19 + |
afe359a8 | 4093 | include/linux/ipc.h | 2 +- |
6090327c PK |
4094 | include/linux/ipc_namespace.h | 2 +- |
4095 | include/linux/kallsyms.h | 18 +- | |
4096 | include/linux/kmod.h | 5 + | |
4097 | include/linux/kobject.h | 2 +- | |
afe359a8 | 4098 | include/linux/lsm_hooks.h | 4 +- |
8cf17962 | 4099 | include/linux/mm.h | 12 + |
6090327c | 4100 | include/linux/mm_types.h | 4 +- |
afe359a8 | 4101 | include/linux/module.h | 5 +- |
6090327c PK |
4102 | include/linux/mount.h | 2 +- |
4103 | include/linux/netfilter/xt_gradm.h | 9 + | |
4104 | include/linux/path.h | 4 +- | |
4105 | include/linux/perf_event.h | 13 +- | |
4106 | include/linux/pid_namespace.h | 2 +- | |
8cf17962 | 4107 | include/linux/printk.h | 2 +- |
6090327c PK |
4108 | include/linux/proc_fs.h | 22 +- |
4109 | include/linux/proc_ns.h | 2 +- | |
4110 | include/linux/random.h | 2 +- | |
4111 | include/linux/rbtree_augmented.h | 4 +- | |
da1216b9 | 4112 | include/linux/scatterlist.h | 12 +- |
afe359a8 | 4113 | include/linux/sched.h | 110 +- |
6090327c PK |
4114 | include/linux/security.h | 3 +- |
4115 | include/linux/seq_file.h | 5 + | |
afe359a8 | 4116 | include/linux/shm.h | 6 +- |
6090327c PK |
4117 | include/linux/skbuff.h | 3 + |
4118 | include/linux/slab.h | 9 - | |
afe359a8 | 4119 | include/linux/sysctl.h | 8 +- |
6090327c PK |
4120 | include/linux/thread_info.h | 6 +- |
4121 | include/linux/tty.h | 2 +- | |
4122 | include/linux/tty_driver.h | 4 +- | |
4123 | include/linux/uidgid.h | 5 + | |
4124 | include/linux/user_namespace.h | 2 +- | |
4125 | include/linux/utsname.h | 2 +- | |
4126 | include/linux/vermagic.h | 16 +- | |
afe359a8 | 4127 | include/linux/vmalloc.h | 8 + |
6090327c PK |
4128 | include/net/af_unix.h | 2 +- |
4129 | include/net/ip.h | 2 +- | |
4130 | include/net/neighbour.h | 2 +- | |
4131 | include/net/net_namespace.h | 2 +- | |
e8242a6d | 4132 | include/net/sock.h | 2 +- |
6090327c | 4133 | include/trace/events/fs.h | 53 + |
da1216b9 | 4134 | include/uapi/drm/i915_drm.h | 1 + |
6090327c PK |
4135 | include/uapi/linux/personality.h | 1 + |
4136 | init/Kconfig | 3 +- | |
e8242a6d | 4137 | init/main.c | 35 +- |
6090327c | 4138 | ipc/mqueue.c | 1 + |
afe359a8 PK |
4139 | ipc/msg.c | 14 +- |
4140 | ipc/shm.c | 36 +- | |
4141 | ipc/util.c | 14 +- | |
da1216b9 | 4142 | kernel/auditsc.c | 2 +- |
0986ccbe | 4143 | kernel/bpf/syscall.c | 8 +- |
6090327c | 4144 | kernel/capability.c | 41 +- |
0986ccbe | 4145 | kernel/cgroup.c | 5 +- |
6090327c PK |
4146 | kernel/compat.c | 1 + |
4147 | kernel/configs.c | 11 + | |
afe359a8 | 4148 | kernel/cred.c | 112 +- |
6090327c PK |
4149 | kernel/events/core.c | 14 +- |
4150 | kernel/exit.c | 10 +- | |
4151 | kernel/fork.c | 86 +- | |
4152 | kernel/futex.c | 4 +- | |
4153 | kernel/kallsyms.c | 9 + | |
4154 | kernel/kcmp.c | 4 + | |
afe359a8 | 4155 | kernel/kexec.c | 2 +- |
e8242a6d | 4156 | kernel/kmod.c | 95 +- |
6090327c PK |
4157 | kernel/kprobes.c | 7 +- |
4158 | kernel/ksysfs.c | 2 + | |
4159 | kernel/locking/lockdep_proc.c | 10 +- | |
afe359a8 | 4160 | kernel/module.c | 108 +- |
6090327c PK |
4161 | kernel/panic.c | 4 +- |
4162 | kernel/pid.c | 19 +- | |
6090327c | 4163 | kernel/power/Kconfig | 2 + |
afe359a8 | 4164 | kernel/printk/printk.c | 7 +- |
6090327c | 4165 | kernel/ptrace.c | 20 +- |
6090327c PK |
4166 | kernel/resource.c | 10 + |
4167 | kernel/sched/core.c | 11 +- | |
4168 | kernel/signal.c | 37 +- | |
a8b227b4 | 4169 | kernel/sys.c | 64 +- |
afe359a8 | 4170 | kernel/sysctl.c | 180 +- |
6090327c | 4171 | kernel/taskstats.c | 6 + |
a8b227b4 PK |
4172 | kernel/time/posix-timers.c | 8 + |
4173 | kernel/time/time.c | 5 + | |
6090327c | 4174 | kernel/time/timekeeping.c | 3 + |
afe359a8 | 4175 | kernel/time/timer_list.c | 13 +- |
6090327c | 4176 | kernel/time/timer_stats.c | 10 +- |
0986ccbe | 4177 | kernel/trace/trace_syscalls.c | 8 + |
6090327c PK |
4178 | kernel/user_namespace.c | 15 + |
4179 | lib/Kconfig.debug | 7 +- | |
4180 | lib/is_single_threaded.c | 3 + | |
4181 | lib/list_debug.c | 65 +- | |
e8242a6d | 4182 | lib/nlattr.c | 2 + |
6090327c | 4183 | lib/rbtree.c | 4 +- |
afe359a8 | 4184 | lib/vsprintf.c | 39 +- |
6090327c PK |
4185 | localversion-grsec | 1 + |
4186 | mm/Kconfig | 5 +- | |
e8242a6d | 4187 | mm/Kconfig.debug | 1 + |
6090327c | 4188 | mm/filemap.c | 1 + |
afe359a8 | 4189 | mm/hugetlb.c | 8 + |
6090327c | 4190 | mm/kmemleak.c | 4 +- |
da1216b9 | 4191 | mm/memory.c | 2 +- |
6090327c PK |
4192 | mm/mempolicy.c | 12 +- |
4193 | mm/migrate.c | 3 +- | |
4194 | mm/mlock.c | 6 +- | |
e8242a6d | 4195 | mm/mmap.c | 93 +- |
6090327c | 4196 | mm/mprotect.c | 8 + |
e8242a6d | 4197 | mm/page_alloc.c | 2 +- |
6090327c PK |
4198 | mm/process_vm_access.c | 6 + |
4199 | mm/shmem.c | 2 +- | |
afe359a8 | 4200 | mm/slab.c | 27 +- |
6090327c | 4201 | mm/slab_common.c | 2 +- |
afe359a8 PK |
4202 | mm/slob.c | 12 + |
4203 | mm/slub.c | 33 +- | |
6090327c | 4204 | mm/util.c | 3 + |
afe359a8 | 4205 | mm/vmalloc.c | 80 +- |
6090327c PK |
4206 | mm/vmstat.c | 29 +- |
4207 | net/appletalk/atalk_proc.c | 2 +- | |
4208 | net/atm/lec.c | 6 +- | |
4209 | net/atm/mpoa_caches.c | 42 +- | |
4210 | net/can/bcm.c | 2 +- | |
4211 | net/can/proc.c | 2 +- | |
0986ccbe | 4212 | net/core/dev_ioctl.c | 7 +- |
6090327c PK |
4213 | net/core/filter.c | 8 +- |
4214 | net/core/net-procfs.c | 17 +- | |
4215 | net/core/pktgen.c | 2 +- | |
e8242a6d | 4216 | net/core/sock.c | 3 +- |
0986ccbe | 4217 | net/core/sysctl_net_core.c | 2 +- |
6090327c | 4218 | net/decnet/dn_dev.c | 2 +- |
0986ccbe | 4219 | net/ipv4/devinet.c | 6 +- |
6090327c | 4220 | net/ipv4/inet_hashtables.c | 5 + |
a8b227b4 | 4221 | net/ipv4/ip_input.c | 7 + |
6090327c PK |
4222 | net/ipv4/ip_sockglue.c | 3 +- |
4223 | net/ipv4/netfilter/ipt_CLUSTERIP.c | 2 +- | |
4224 | net/ipv4/route.c | 6 +- | |
da1216b9 | 4225 | net/ipv4/tcp_input.c | 4 +- |
6090327c PK |
4226 | net/ipv4/tcp_ipv4.c | 24 +- |
4227 | net/ipv4/tcp_minisocks.c | 9 +- | |
4228 | net/ipv4/tcp_timer.c | 11 + | |
4229 | net/ipv4/udp.c | 24 + | |
e8242a6d | 4230 | net/ipv6/addrconf.c | 13 +- |
6090327c PK |
4231 | net/ipv6/proc.c | 2 +- |
4232 | net/ipv6/tcp_ipv6.c | 23 +- | |
4233 | net/ipv6/udp.c | 7 + | |
4234 | net/ipx/ipx_proc.c | 2 +- | |
4235 | net/irda/irproc.c | 2 +- | |
4236 | net/llc/llc_proc.c | 2 +- | |
4237 | net/netfilter/Kconfig | 10 + | |
4238 | net/netfilter/Makefile | 1 + | |
4239 | net/netfilter/nf_conntrack_core.c | 8 + | |
4240 | net/netfilter/xt_gradm.c | 51 + | |
4241 | net/netfilter/xt_hashlimit.c | 4 +- | |
4242 | net/netfilter/xt_recent.c | 2 +- | |
8cf17962 | 4243 | net/socket.c | 71 +- |
6090327c PK |
4244 | net/sunrpc/cache.c | 2 +- |
4245 | net/sunrpc/stats.c | 2 +- | |
4246 | net/sysctl_net.c | 2 +- | |
e8242a6d | 4247 | net/unix/af_unix.c | 52 +- |
6090327c PK |
4248 | net/vmw_vsock/vmci_transport_notify.c | 30 +- |
4249 | net/vmw_vsock/vmci_transport_notify_qstate.c | 30 +- | |
4250 | net/x25/sysctl_net_x25.c | 2 +- | |
4251 | net/x25/x25_proc.c | 2 +- | |
0986ccbe PK |
4252 | scripts/package/Makefile | 2 +- |
4253 | scripts/package/mkspec | 38 +- | |
afe359a8 | 4254 | security/Kconfig | 370 +- |
6090327c PK |
4255 | security/apparmor/file.c | 4 +- |
4256 | security/apparmor/lsm.c | 8 +- | |
4257 | security/commoncap.c | 29 + | |
4258 | security/min_addr.c | 2 + | |
4259 | security/tomoyo/file.c | 12 +- | |
4260 | security/tomoyo/mount.c | 4 + | |
da1216b9 | 4261 | security/tomoyo/tomoyo.c | 20 +- |
6090327c | 4262 | security/yama/Kconfig | 2 +- |
6090327c | 4263 | sound/synth/emux/emux_seq.c | 14 +- |
e8242a6d PK |
4264 | sound/usb/line6/driver.c | 40 +- |
4265 | sound/usb/line6/toneport.c | 12 +- | |
6090327c PK |
4266 | tools/gcc/.gitignore | 1 + |
4267 | tools/gcc/Makefile | 12 + | |
4268 | tools/gcc/gen-random-seed.sh | 8 + | |
afe359a8 PK |
4269 | tools/gcc/randomize_layout_plugin.c | 930 +++ |
4270 | tools/gcc/size_overflow_plugin/.gitignore | 1 + | |
4271 | .../size_overflow_plugin/size_overflow_hash.data | 320 +- | |
4272 | 466 files changed, 32295 insertions(+), 2907 deletions(-) | |
4273 | ||
4274 | commit fc19197ab5a42069863a7d88f1d41eb687697fe9 | |
4275 | Author: Brad Spengler <spender@grsecurity.net> | |
4276 | Date: Sun Oct 4 20:43:51 2015 -0400 | |
4277 | ||
4278 | Update to pax-linux-4.2.3-test6.patch: | |
4279 | - fixed a KERNEXEC/x86 and early ioremap regression, reported by spender | |
4280 | - sanitized a few more top level page table entries on amd64 | |
76e7c0f9 | 4281 | |
afe359a8 PK |
4282 | arch/x86/kernel/espfix_64.c | 2 +- |
4283 | arch/x86/kernel/head_64.S | 8 ++++---- | |
4284 | arch/x86/mm/ioremap.c | 6 +++++- | |
4285 | 3 files changed, 10 insertions(+), 6 deletions(-) | |
4286 | ||
4287 | commit 23ac5415b9ef394e10b1516d3b314c742c6a3e59 | |
4288 | Author: Brad Spengler <spender@grsecurity.net> | |
4289 | Date: Sun Oct 4 17:47:37 2015 -0400 | |
4290 | ||
4291 | Resync with pax-linux-4.2.3-test5.patch | |
4292 | ||
4293 | arch/x86/include/asm/pgtable-2level.h | 20 ++++++++++++++++---- | |
4294 | arch/x86/include/asm/pgtable-3level.h | 8 ++++++++ | |
4295 | arch/x86/include/asm/pgtable_32.h | 2 -- | |
4296 | arch/x86/include/asm/pgtable_64.h | 20 ++++++++++++++++---- | |
4297 | arch/x86/mm/highmem_32.c | 2 -- | |
4298 | arch/x86/mm/init_64.c | 2 -- | |
4299 | arch/x86/mm/iomap_32.c | 4 ---- | |
4300 | arch/x86/mm/ioremap.c | 2 +- | |
4301 | arch/x86/mm/pgtable.c | 2 -- | |
4302 | arch/x86/mm/pgtable_32.c | 3 --- | |
4303 | mm/highmem.c | 6 +----- | |
4304 | mm/vmalloc.c | 12 +----------- | |
4305 | .../size_overflow_plugin/size_overflow_hash.data | 2 -- | |
4306 | 13 files changed, 43 insertions(+), 42 deletions(-) | |
4307 | ||
4308 | commit 25f4bed80f0d87783793a70d6c20080031a1fd38 | |
4309 | Author: Brad Spengler <spender@grsecurity.net> | |
4310 | Date: Sun Oct 4 13:06:32 2015 -0400 | |
4311 | ||
4312 | Update to pax-linux-4.2.3-test5.patch: | |
4313 | - forward port to 4.2.3 | |
4314 | - fixed integer sign conversion errors caused by ieee80211_tx_rate_control.max_rate_idx, caught by the size overflow plugin | |
4315 | - fixed a bug in try_preserve_large_page that caused unnecessary large page split ups | |
4316 | - increased the number of statically allocated kernel page tables under KERNEXEC/amd64 | |
4317 | ||
4318 | arch/x86/include/asm/pgtable-2level.h | 2 ++ | |
4319 | arch/x86/include/asm/pgtable-3level.h | 5 +++++ | |
4320 | arch/x86/include/asm/pgtable_64.h | 2 ++ | |
4321 | arch/x86/kernel/cpu/bugs_64.c | 2 ++ | |
4322 | arch/x86/kernel/head_64.S | 28 +++++++++++++++++++++++----- | |
4323 | arch/x86/kernel/vmlinux.lds.S | 8 +++++++- | |
4324 | arch/x86/mm/init.c | 18 ++++++++++++++---- | |
4325 | arch/x86/mm/ioremap.c | 8 ++++++-- | |
4326 | arch/x86/mm/pageattr.c | 5 ++--- | |
4327 | arch/x86/mm/pgtable.c | 2 ++ | |
4328 | include/asm-generic/sections.h | 1 + | |
4329 | include/asm-generic/vmlinux.lds.h | 2 ++ | |
4330 | include/net/mac80211.h | 2 +- | |
4331 | mm/vmalloc.c | 7 ++++++- | |
4332 | 14 files changed, 75 insertions(+), 17 deletions(-) | |
4333 | ||
4334 | commit a2dce7cb2e3c389b7ef6c76c15ccdbf506007ddd | |
4335 | Merge: d113ff6 fcba09f | |
4336 | Author: Brad Spengler <spender@grsecurity.net> | |
4337 | Date: Sat Oct 3 09:12:31 2015 -0400 | |
4338 | ||
4339 | Merge branch 'linux-4.2.y' into pax-test | |
4340 | ||
4341 | commit d113ff6e7835e89e2b954503b1a100750ddb43c7 | |
4342 | Author: Brad Spengler <spender@grsecurity.net> | |
4343 | Date: Thu Oct 1 21:34:12 2015 -0400 | |
4344 | ||
4345 | Update to pax-linux-4.2.2-test5.patch: | |
4346 | - fixed a RANDKSTACK regression, reported by spender | |
4347 | - fixed some more compiler warnings due to the ktla_ktva changes, reported by spender | |
4348 | ||
4349 | arch/x86/entry/entry_64.S | 2 ++ | |
4350 | arch/x86/kernel/process.c | 1 + | |
4351 | drivers/hv/hv.c | 2 +- | |
4352 | drivers/lguest/x86/core.c | 4 ++-- | |
4353 | drivers/misc/kgdbts.c | 4 ++-- | |
4354 | drivers/video/fbdev/uvesafb.c | 4 ++-- | |
4355 | fs/binfmt_elf_fdpic.c | 2 +- | |
4356 | 7 files changed, 11 insertions(+), 8 deletions(-) | |
4357 | ||
4358 | commit 149e32a4dddfae46e2490f011870cd4492ca946c | |
4359 | Author: Brad Spengler <spender@grsecurity.net> | |
4360 | Date: Tue Sep 29 16:31:50 2015 -0400 | |
4361 | ||
4362 | Update to pax-linux-4.2.2-test4.patch: | |
4363 | - fixed a few compiler warnings caused by the recently reworked ktla_ktva/ktva_ktla functions, reported by spender | |
4364 | - Emese fixed a size overflow false positive in the IDE driver, reported by spender | |
4365 | ||
4366 | arch/x86/lib/insn.c | 2 +- | |
4367 | drivers/ide/ide-disk.c | 2 +- | |
4368 | drivers/video/fbdev/vesafb.c | 4 ++-- | |
4369 | fs/binfmt_elf.c | 2 +- | |
4370 | .../size_overflow_plugin/size_overflow_plugin.c | 4 ++-- | |
4371 | .../size_overflow_transform_core.c | 11 +++++------ | |
4372 | 6 files changed, 12 insertions(+), 13 deletions(-) | |
4373 | ||
4374 | commit 02c41b848fbaddf82ce98690b23d3d85a94d55fe | |
4375 | Merge: b8b2f5b 7659db3 | |
6090327c | 4376 | Author: Brad Spengler <spender@grsecurity.net> |
afe359a8 | 4377 | Date: Tue Sep 29 15:50:40 2015 -0400 |
76e7c0f9 | 4378 | |
afe359a8 PK |
4379 | Merge branch 'linux-4.2.y' into pax-test |
4380 | ||
4381 | Conflicts: | |
4382 | fs/nfs/inode.c | |
4383 | ||
4384 | commit b8b2f5bc93ced0ca9a8366d0f3fa09abd1ca7ac6 | |
4385 | Author: Brad Spengler <spender@grsecurity.net> | |
4386 | Date: Tue Sep 29 09:13:54 2015 -0400 | |
4387 | ||
4388 | Initial import of pax-linux-4.2.1-test3.patch | |
76e7c0f9 | 4389 | |
6090327c | 4390 | Documentation/dontdiff | 47 +- |
a8b227b4 | 4391 | Documentation/kbuild/makefiles.txt | 39 +- |
0986ccbe | 4392 | Documentation/kernel-parameters.txt | 28 + |
da1216b9 | 4393 | Makefile | 108 +- |
6090327c PK |
4394 | arch/alpha/include/asm/atomic.h | 10 + |
4395 | arch/alpha/include/asm/elf.h | 7 + | |
4396 | arch/alpha/include/asm/pgalloc.h | 6 + | |
4397 | arch/alpha/include/asm/pgtable.h | 11 + | |
4398 | arch/alpha/kernel/module.c | 2 +- | |
4399 | arch/alpha/kernel/osf_sys.c | 8 +- | |
4400 | arch/alpha/mm/fault.c | 141 +- | |
4401 | arch/arm/Kconfig | 2 +- | |
8cf17962 | 4402 | arch/arm/include/asm/atomic.h | 319 +- |
6090327c PK |
4403 | arch/arm/include/asm/barrier.h | 2 +- |
4404 | arch/arm/include/asm/cache.h | 5 +- | |
4405 | arch/arm/include/asm/cacheflush.h | 2 +- | |
4406 | arch/arm/include/asm/checksum.h | 14 +- | |
afe359a8 PK |
4407 | arch/arm/include/asm/cmpxchg.h | 4 + |
4408 | arch/arm/include/asm/cpuidle.h | 2 +- | |
6090327c | 4409 | arch/arm/include/asm/domain.h | 33 +- |
da1216b9 | 4410 | arch/arm/include/asm/elf.h | 9 +- |
6090327c PK |
4411 | arch/arm/include/asm/fncpy.h | 2 + |
4412 | arch/arm/include/asm/futex.h | 10 + | |
4413 | arch/arm/include/asm/kmap_types.h | 2 +- | |
4414 | arch/arm/include/asm/mach/dma.h | 2 +- | |
4415 | arch/arm/include/asm/mach/map.h | 16 +- | |
4416 | arch/arm/include/asm/outercache.h | 2 +- | |
4417 | arch/arm/include/asm/page.h | 3 +- | |
8cf17962 PK |
4418 | arch/arm/include/asm/pgalloc.h | 20 + |
4419 | arch/arm/include/asm/pgtable-2level-hwdef.h | 4 +- | |
6090327c | 4420 | arch/arm/include/asm/pgtable-2level.h | 3 + |
0986ccbe | 4421 | arch/arm/include/asm/pgtable-3level.h | 3 + |
6090327c PK |
4422 | arch/arm/include/asm/pgtable.h | 54 +- |
4423 | arch/arm/include/asm/psci.h | 2 +- | |
4424 | arch/arm/include/asm/smp.h | 2 +- | |
4425 | arch/arm/include/asm/thread_info.h | 6 +- | |
a8b227b4 | 4426 | arch/arm/include/asm/tls.h | 3 + |
afe359a8 | 4427 | arch/arm/include/asm/uaccess.h | 100 +- |
6090327c PK |
4428 | arch/arm/include/uapi/asm/ptrace.h | 2 +- |
4429 | arch/arm/kernel/armksyms.c | 8 +- | |
afe359a8 | 4430 | arch/arm/kernel/cpuidle.c | 2 +- |
6090327c PK |
4431 | arch/arm/kernel/entry-armv.S | 110 +- |
4432 | arch/arm/kernel/entry-common.S | 40 +- | |
4433 | arch/arm/kernel/entry-header.S | 60 + | |
4434 | arch/arm/kernel/fiq.c | 3 + | |
4435 | arch/arm/kernel/head.S | 2 +- | |
afe359a8 | 4436 | arch/arm/kernel/module.c | 38 +- |
6090327c | 4437 | arch/arm/kernel/patch.c | 2 + |
da1216b9 | 4438 | arch/arm/kernel/process.c | 90 +- |
6090327c | 4439 | arch/arm/kernel/psci.c | 2 +- |
da1216b9 | 4440 | arch/arm/kernel/reboot.c | 1 + |
6090327c PK |
4441 | arch/arm/kernel/setup.c | 20 +- |
4442 | arch/arm/kernel/signal.c | 35 +- | |
4443 | arch/arm/kernel/smp.c | 2 +- | |
4444 | arch/arm/kernel/tcm.c | 4 +- | |
a8b227b4 | 4445 | arch/arm/kernel/traps.c | 6 +- |
8cf17962 | 4446 | arch/arm/kernel/vmlinux.lds.S | 6 +- |
a8b227b4 | 4447 | arch/arm/kvm/arm.c | 10 +- |
6090327c PK |
4448 | arch/arm/lib/clear_user.S | 6 +- |
4449 | arch/arm/lib/copy_from_user.S | 6 +- | |
4450 | arch/arm/lib/copy_page.S | 1 + | |
4451 | arch/arm/lib/copy_to_user.S | 6 +- | |
4452 | arch/arm/lib/csumpartialcopyuser.S | 4 +- | |
4453 | arch/arm/lib/delay.c | 2 +- | |
afe359a8 | 4454 | arch/arm/lib/uaccess_with_memcpy.c | 8 +- |
da1216b9 | 4455 | arch/arm/mach-exynos/suspend.c | 6 +- |
a8b227b4 | 4456 | arch/arm/mach-mvebu/coherency.c | 4 +- |
6090327c | 4457 | arch/arm/mach-omap2/board-n8x0.c | 2 +- |
6090327c | 4458 | arch/arm/mach-omap2/omap-mpuss-lowpower.c | 4 +- |
e8242a6d | 4459 | arch/arm/mach-omap2/omap-smp.c | 1 + |
6090327c PK |
4460 | arch/arm/mach-omap2/omap-wakeupgen.c | 2 +- |
4461 | arch/arm/mach-omap2/omap_device.c | 4 +- | |
4462 | arch/arm/mach-omap2/omap_device.h | 4 +- | |
4463 | arch/arm/mach-omap2/omap_hwmod.c | 4 +- | |
4464 | arch/arm/mach-omap2/powerdomains43xx_data.c | 5 +- | |
4465 | arch/arm/mach-omap2/wd_timer.c | 6 +- | |
afe359a8 PK |
4466 | arch/arm/mach-shmobile/platsmp-apmu.c | 5 +- |
4467 | arch/arm/mach-shmobile/pm-r8a7740.c | 5 +- | |
4468 | arch/arm/mach-shmobile/pm-sh73a0.c | 5 +- | |
6090327c | 4469 | arch/arm/mach-tegra/cpuidle-tegra20.c | 2 +- |
e8242a6d PK |
4470 | arch/arm/mach-tegra/irq.c | 1 + |
4471 | arch/arm/mach-ux500/pm.c | 1 + | |
e8242a6d | 4472 | arch/arm/mach-zynq/platsmp.c | 1 + |
0986ccbe | 4473 | arch/arm/mm/Kconfig | 6 +- |
6090327c PK |
4474 | arch/arm/mm/alignment.c | 8 + |
4475 | arch/arm/mm/cache-l2x0.c | 2 +- | |
4476 | arch/arm/mm/context.c | 10 +- | |
0986ccbe | 4477 | arch/arm/mm/fault.c | 146 + |
6090327c | 4478 | arch/arm/mm/fault.h | 12 + |
8cf17962 | 4479 | arch/arm/mm/init.c | 39 + |
6090327c PK |
4480 | arch/arm/mm/ioremap.c | 4 +- |
4481 | arch/arm/mm/mmap.c | 30 +- | |
4482 | arch/arm/mm/mmu.c | 182 +- | |
0986ccbe | 4483 | arch/arm/net/bpf_jit_32.c | 3 + |
6090327c PK |
4484 | arch/arm/plat-iop/setup.c | 2 +- |
4485 | arch/arm/plat-omap/sram.c | 2 + | |
e8242a6d | 4486 | arch/arm64/include/asm/atomic.h | 10 + |
6090327c | 4487 | arch/arm64/include/asm/barrier.h | 2 +- |
8cf17962 | 4488 | arch/arm64/include/asm/percpu.h | 8 +- |
e8242a6d | 4489 | arch/arm64/include/asm/pgalloc.h | 5 + |
6090327c | 4490 | arch/arm64/include/asm/uaccess.h | 1 + |
e8242a6d | 4491 | arch/arm64/mm/dma-mapping.c | 2 +- |
6090327c PK |
4492 | arch/avr32/include/asm/elf.h | 8 +- |
4493 | arch/avr32/include/asm/kmap_types.h | 4 +- | |
4494 | arch/avr32/mm/fault.c | 27 + | |
4495 | arch/frv/include/asm/atomic.h | 10 + | |
4496 | arch/frv/include/asm/kmap_types.h | 2 +- | |
4497 | arch/frv/mm/elf-fdpic.c | 3 +- | |
a8b227b4 | 4498 | arch/ia64/Makefile | 1 + |
6090327c PK |
4499 | arch/ia64/include/asm/atomic.h | 10 + |
4500 | arch/ia64/include/asm/barrier.h | 2 +- | |
4501 | arch/ia64/include/asm/elf.h | 7 + | |
4502 | arch/ia64/include/asm/pgalloc.h | 12 + | |
4503 | arch/ia64/include/asm/pgtable.h | 13 +- | |
4504 | arch/ia64/include/asm/spinlock.h | 2 +- | |
4505 | arch/ia64/include/asm/uaccess.h | 27 +- | |
8cf17962 | 4506 | arch/ia64/kernel/module.c | 45 +- |
6090327c PK |
4507 | arch/ia64/kernel/palinfo.c | 2 +- |
4508 | arch/ia64/kernel/sys_ia64.c | 7 + | |
4509 | arch/ia64/kernel/vmlinux.lds.S | 2 +- | |
4510 | arch/ia64/mm/fault.c | 32 +- | |
a8b227b4 | 4511 | arch/ia64/mm/init.c | 15 +- |
6090327c PK |
4512 | arch/m32r/lib/usercopy.c | 6 + |
4513 | arch/metag/include/asm/barrier.h | 2 +- | |
4514 | arch/mips/cavium-octeon/dma-octeon.c | 2 +- | |
e8242a6d | 4515 | arch/mips/include/asm/atomic.h | 355 +- |
6090327c | 4516 | arch/mips/include/asm/barrier.h | 2 +- |
da1216b9 | 4517 | arch/mips/include/asm/elf.h | 7 + |
6090327c PK |
4518 | arch/mips/include/asm/exec.h | 2 +- |
4519 | arch/mips/include/asm/hw_irq.h | 2 +- | |
4520 | arch/mips/include/asm/local.h | 57 + | |
4521 | arch/mips/include/asm/page.h | 2 +- | |
4522 | arch/mips/include/asm/pgalloc.h | 5 + | |
4523 | arch/mips/include/asm/pgtable.h | 3 + | |
4524 | arch/mips/include/asm/uaccess.h | 1 + | |
4525 | arch/mips/kernel/binfmt_elfn32.c | 7 + | |
4526 | arch/mips/kernel/binfmt_elfo32.c | 7 + | |
4527 | arch/mips/kernel/i8259.c | 2 +- | |
4528 | arch/mips/kernel/irq-gt641xx.c | 2 +- | |
4529 | arch/mips/kernel/irq.c | 6 +- | |
4530 | arch/mips/kernel/pm-cps.c | 2 +- | |
4531 | arch/mips/kernel/process.c | 12 - | |
6090327c PK |
4532 | arch/mips/kernel/sync-r4k.c | 24 +- |
4533 | arch/mips/kernel/traps.c | 13 +- | |
a8b227b4 | 4534 | arch/mips/kvm/mips.c | 2 +- |
6090327c PK |
4535 | arch/mips/mm/fault.c | 25 + |
4536 | arch/mips/mm/mmap.c | 51 +- | |
6090327c PK |
4537 | arch/mips/sgi-ip27/ip27-nmi.c | 6 +- |
4538 | arch/mips/sni/rm200.c | 2 +- | |
4539 | arch/mips/vr41xx/common/icu.c | 2 +- | |
4540 | arch/mips/vr41xx/common/irq.c | 4 +- | |
4541 | arch/parisc/include/asm/atomic.h | 10 + | |
4542 | arch/parisc/include/asm/elf.h | 7 + | |
4543 | arch/parisc/include/asm/pgalloc.h | 6 + | |
4544 | arch/parisc/include/asm/pgtable.h | 11 + | |
4545 | arch/parisc/include/asm/uaccess.h | 4 +- | |
4546 | arch/parisc/kernel/module.c | 50 +- | |
4547 | arch/parisc/kernel/sys_parisc.c | 15 + | |
4548 | arch/parisc/kernel/traps.c | 4 +- | |
4549 | arch/parisc/mm/fault.c | 140 +- | |
0986ccbe | 4550 | arch/powerpc/include/asm/atomic.h | 329 +- |
6090327c | 4551 | arch/powerpc/include/asm/barrier.h | 2 +- |
da1216b9 | 4552 | arch/powerpc/include/asm/elf.h | 12 + |
6090327c PK |
4553 | arch/powerpc/include/asm/exec.h | 2 +- |
4554 | arch/powerpc/include/asm/kmap_types.h | 2 +- | |
0986ccbe | 4555 | arch/powerpc/include/asm/local.h | 46 + |
6090327c PK |
4556 | arch/powerpc/include/asm/mman.h | 2 +- |
4557 | arch/powerpc/include/asm/page.h | 8 +- | |
4558 | arch/powerpc/include/asm/page_64.h | 7 +- | |
4559 | arch/powerpc/include/asm/pgalloc-64.h | 7 + | |
4560 | arch/powerpc/include/asm/pgtable.h | 1 + | |
4561 | arch/powerpc/include/asm/pte-hash32.h | 1 + | |
4562 | arch/powerpc/include/asm/reg.h | 1 + | |
4563 | arch/powerpc/include/asm/smp.h | 2 +- | |
0986ccbe | 4564 | arch/powerpc/include/asm/spinlock.h | 42 +- |
6090327c | 4565 | arch/powerpc/include/asm/uaccess.h | 141 +- |
8cf17962 | 4566 | arch/powerpc/kernel/Makefile | 5 + |
6090327c PK |
4567 | arch/powerpc/kernel/exceptions-64e.S | 4 +- |
4568 | arch/powerpc/kernel/exceptions-64s.S | 2 +- | |
4569 | arch/powerpc/kernel/module_32.c | 15 +- | |
8cf17962 | 4570 | arch/powerpc/kernel/process.c | 46 - |
6090327c PK |
4571 | arch/powerpc/kernel/signal_32.c | 2 +- |
4572 | arch/powerpc/kernel/signal_64.c | 2 +- | |
0986ccbe | 4573 | arch/powerpc/kernel/traps.c | 21 + |
6090327c PK |
4574 | arch/powerpc/kernel/vdso.c | 5 +- |
4575 | arch/powerpc/kvm/powerpc.c | 2 +- | |
4576 | arch/powerpc/lib/usercopy_64.c | 18 - | |
e8242a6d | 4577 | arch/powerpc/mm/fault.c | 56 +- |
da1216b9 | 4578 | arch/powerpc/mm/mmap.c | 16 + |
6090327c PK |
4579 | arch/powerpc/mm/slice.c | 13 +- |
4580 | arch/powerpc/platforms/cell/spufs/file.c | 4 +- | |
4581 | arch/s390/include/asm/atomic.h | 10 + | |
4582 | arch/s390/include/asm/barrier.h | 2 +- | |
da1216b9 | 4583 | arch/s390/include/asm/elf.h | 7 + |
6090327c PK |
4584 | arch/s390/include/asm/exec.h | 2 +- |
4585 | arch/s390/include/asm/uaccess.h | 13 +- | |
4586 | arch/s390/kernel/module.c | 22 +- | |
e8242a6d | 4587 | arch/s390/kernel/process.c | 24 - |
da1216b9 | 4588 | arch/s390/mm/mmap.c | 16 + |
6090327c PK |
4589 | arch/score/include/asm/exec.h | 2 +- |
4590 | arch/score/kernel/process.c | 5 - | |
4591 | arch/sh/mm/mmap.c | 22 +- | |
0986ccbe | 4592 | arch/sparc/include/asm/atomic_64.h | 110 +- |
6090327c PK |
4593 | arch/sparc/include/asm/barrier_64.h | 2 +- |
4594 | arch/sparc/include/asm/cache.h | 2 +- | |
4595 | arch/sparc/include/asm/elf_32.h | 7 + | |
4596 | arch/sparc/include/asm/elf_64.h | 7 + | |
4597 | arch/sparc/include/asm/pgalloc_32.h | 1 + | |
4598 | arch/sparc/include/asm/pgalloc_64.h | 1 + | |
4599 | arch/sparc/include/asm/pgtable.h | 4 + | |
4600 | arch/sparc/include/asm/pgtable_32.h | 15 +- | |
4601 | arch/sparc/include/asm/pgtsrmmu.h | 5 + | |
4602 | arch/sparc/include/asm/setup.h | 4 +- | |
4603 | arch/sparc/include/asm/spinlock_64.h | 35 +- | |
e8242a6d | 4604 | arch/sparc/include/asm/thread_info_32.h | 1 + |
6090327c PK |
4605 | arch/sparc/include/asm/thread_info_64.h | 2 + |
4606 | arch/sparc/include/asm/uaccess.h | 1 + | |
e8242a6d PK |
4607 | arch/sparc/include/asm/uaccess_32.h | 28 +- |
4608 | arch/sparc/include/asm/uaccess_64.h | 24 +- | |
6090327c PK |
4609 | arch/sparc/kernel/Makefile | 2 +- |
4610 | arch/sparc/kernel/prom_common.c | 2 +- | |
4611 | arch/sparc/kernel/smp_64.c | 8 +- | |
4612 | arch/sparc/kernel/sys_sparc_32.c | 2 +- | |
4613 | arch/sparc/kernel/sys_sparc_64.c | 52 +- | |
4614 | arch/sparc/kernel/traps_64.c | 27 +- | |
4615 | arch/sparc/lib/Makefile | 2 +- | |
0986ccbe PK |
4616 | arch/sparc/lib/atomic_64.S | 57 +- |
4617 | arch/sparc/lib/ksyms.c | 6 +- | |
6090327c PK |
4618 | arch/sparc/mm/Makefile | 2 +- |
4619 | arch/sparc/mm/fault_32.c | 292 + | |
8cf17962 | 4620 | arch/sparc/mm/fault_64.c | 486 + |
6090327c PK |
4621 | arch/sparc/mm/hugetlbpage.c | 22 +- |
4622 | arch/sparc/mm/init_64.c | 10 +- | |
4623 | arch/tile/include/asm/atomic_64.h | 10 + | |
4624 | arch/tile/include/asm/uaccess.h | 4 +- | |
4625 | arch/um/Makefile | 4 + | |
4626 | arch/um/include/asm/kmap_types.h | 2 +- | |
4627 | arch/um/include/asm/page.h | 3 + | |
4628 | arch/um/include/asm/pgtable-3level.h | 1 + | |
4629 | arch/um/kernel/process.c | 16 - | |
afe359a8 | 4630 | arch/x86/Kconfig | 15 +- |
6090327c PK |
4631 | arch/x86/Kconfig.cpu | 6 +- |
4632 | arch/x86/Kconfig.debug | 4 +- | |
a8b227b4 | 4633 | arch/x86/Makefile | 13 +- |
6090327c PK |
4634 | arch/x86/boot/Makefile | 3 + |
4635 | arch/x86/boot/bitops.h | 4 +- | |
4636 | arch/x86/boot/boot.h | 2 +- | |
4637 | arch/x86/boot/compressed/Makefile | 3 + | |
4638 | arch/x86/boot/compressed/efi_stub_32.S | 16 +- | |
8cf17962 | 4639 | arch/x86/boot/compressed/efi_thunk_64.S | 4 +- |
6090327c PK |
4640 | arch/x86/boot/compressed/head_32.S | 4 +- |
4641 | arch/x86/boot/compressed/head_64.S | 12 +- | |
4642 | arch/x86/boot/compressed/misc.c | 11 +- | |
4643 | arch/x86/boot/cpucheck.c | 16 +- | |
4644 | arch/x86/boot/header.S | 6 +- | |
4645 | arch/x86/boot/memory.c | 2 +- | |
4646 | arch/x86/boot/video-vesa.c | 1 + | |
4647 | arch/x86/boot/video.c | 2 +- | |
4648 | arch/x86/crypto/aes-x86_64-asm_64.S | 4 + | |
4649 | arch/x86/crypto/aesni-intel_asm.S | 106 +- | |
4650 | arch/x86/crypto/blowfish-x86_64-asm_64.S | 7 + | |
4651 | arch/x86/crypto/camellia-aesni-avx-asm_64.S | 10 + | |
4652 | arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 10 + | |
4653 | arch/x86/crypto/camellia-x86_64-asm_64.S | 7 + | |
4654 | arch/x86/crypto/cast5-avx-x86_64-asm_64.S | 51 +- | |
4655 | arch/x86/crypto/cast6-avx-x86_64-asm_64.S | 25 +- | |
da1216b9 | 4656 | arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 4 +- |
6090327c PK |
4657 | arch/x86/crypto/ghash-clmulni-intel_asm.S | 4 + |
4658 | arch/x86/crypto/salsa20-x86_64-asm_64.S | 4 + | |
4659 | arch/x86/crypto/serpent-avx-x86_64-asm_64.S | 9 + | |
4660 | arch/x86/crypto/serpent-avx2-asm_64.S | 9 + | |
4661 | arch/x86/crypto/serpent-sse2-x86_64-asm_64.S | 4 + | |
4662 | arch/x86/crypto/sha1_ssse3_asm.S | 10 +- | |
4663 | arch/x86/crypto/sha256-avx-asm.S | 2 + | |
4664 | arch/x86/crypto/sha256-avx2-asm.S | 2 + | |
4665 | arch/x86/crypto/sha256-ssse3-asm.S | 2 + | |
4666 | arch/x86/crypto/sha512-avx-asm.S | 2 + | |
4667 | arch/x86/crypto/sha512-avx2-asm.S | 2 + | |
4668 | arch/x86/crypto/sha512-ssse3-asm.S | 2 + | |
4669 | arch/x86/crypto/twofish-avx-x86_64-asm_64.S | 25 +- | |
4670 | arch/x86/crypto/twofish-x86_64-asm_64-3way.S | 4 + | |
4671 | arch/x86/crypto/twofish-x86_64-asm_64.S | 3 + | |
afe359a8 PK |
4672 | arch/x86/entry/calling.h | 92 +- |
4673 | arch/x86/entry/entry_32.S | 360 +- | |
4674 | arch/x86/entry/entry_64.S | 636 +- | |
4675 | arch/x86/entry/entry_64_compat.S | 159 +- | |
4676 | arch/x86/entry/thunk_64.S | 2 + | |
4677 | arch/x86/entry/vdso/Makefile | 2 +- | |
4678 | arch/x86/entry/vdso/vdso2c.h | 4 +- | |
4679 | arch/x86/entry/vdso/vma.c | 41 +- | |
4680 | arch/x86/entry/vsyscall/vsyscall_64.c | 16 +- | |
0986ccbe | 4681 | arch/x86/ia32/ia32_signal.c | 23 +- |
afe359a8 | 4682 | arch/x86/ia32/sys_ia32.c | 42 +- |
da1216b9 | 4683 | arch/x86/include/asm/alternative-asm.h | 43 +- |
6090327c PK |
4684 | arch/x86/include/asm/alternative.h | 4 +- |
4685 | arch/x86/include/asm/apic.h | 2 +- | |
4686 | arch/x86/include/asm/apm.h | 4 +- | |
8cf17962 | 4687 | arch/x86/include/asm/atomic.h | 269 +- |
6090327c | 4688 | arch/x86/include/asm/atomic64_32.h | 100 + |
0986ccbe | 4689 | arch/x86/include/asm/atomic64_64.h | 164 +- |
6090327c PK |
4690 | arch/x86/include/asm/barrier.h | 4 +- |
4691 | arch/x86/include/asm/bitops.h | 18 +- | |
afe359a8 | 4692 | arch/x86/include/asm/boot.h | 2 +- |
6090327c | 4693 | arch/x86/include/asm/cache.h | 5 +- |
6090327c PK |
4694 | arch/x86/include/asm/checksum_32.h | 12 +- |
4695 | arch/x86/include/asm/cmpxchg.h | 39 + | |
4696 | arch/x86/include/asm/compat.h | 2 +- | |
afe359a8 | 4697 | arch/x86/include/asm/cpufeature.h | 17 +- |
6090327c PK |
4698 | arch/x86/include/asm/desc.h | 78 +- |
4699 | arch/x86/include/asm/desc_defs.h | 6 + | |
4700 | arch/x86/include/asm/div64.h | 2 +- | |
da1216b9 | 4701 | arch/x86/include/asm/elf.h | 33 +- |
6090327c | 4702 | arch/x86/include/asm/emergency-restart.h | 2 +- |
afe359a8 PK |
4703 | arch/x86/include/asm/fpu/internal.h | 36 +- |
4704 | arch/x86/include/asm/fpu/types.h | 5 +- | |
6090327c PK |
4705 | arch/x86/include/asm/futex.h | 14 +- |
4706 | arch/x86/include/asm/hw_irq.h | 4 +- | |
4707 | arch/x86/include/asm/i8259.h | 2 +- | |
afe359a8 | 4708 | arch/x86/include/asm/io.h | 22 +- |
6090327c PK |
4709 | arch/x86/include/asm/irqflags.h | 5 + |
4710 | arch/x86/include/asm/kprobes.h | 9 +- | |
4711 | arch/x86/include/asm/local.h | 106 +- | |
4712 | arch/x86/include/asm/mman.h | 15 + | |
afe359a8 PK |
4713 | arch/x86/include/asm/mmu.h | 14 +- |
4714 | arch/x86/include/asm/mmu_context.h | 138 +- | |
6090327c PK |
4715 | arch/x86/include/asm/module.h | 17 +- |
4716 | arch/x86/include/asm/nmi.h | 19 +- | |
4717 | arch/x86/include/asm/page.h | 1 + | |
afe359a8 PK |
4718 | arch/x86/include/asm/page_32.h | 12 +- |
4719 | arch/x86/include/asm/page_64.h | 14 +- | |
6090327c PK |
4720 | arch/x86/include/asm/paravirt.h | 46 +- |
4721 | arch/x86/include/asm/paravirt_types.h | 15 +- | |
4722 | arch/x86/include/asm/pgalloc.h | 23 + | |
4723 | arch/x86/include/asm/pgtable-2level.h | 2 + | |
4724 | arch/x86/include/asm/pgtable-3level.h | 4 + | |
da1216b9 | 4725 | arch/x86/include/asm/pgtable.h | 128 +- |
6090327c | 4726 | arch/x86/include/asm/pgtable_32.h | 14 +- |
afe359a8 | 4727 | arch/x86/include/asm/pgtable_32_types.h | 24 +- |
da1216b9 | 4728 | arch/x86/include/asm/pgtable_64.h | 22 +- |
6090327c PK |
4729 | arch/x86/include/asm/pgtable_64_types.h | 5 + |
4730 | arch/x86/include/asm/pgtable_types.h | 26 +- | |
4731 | arch/x86/include/asm/preempt.h | 2 +- | |
afe359a8 PK |
4732 | arch/x86/include/asm/processor.h | 59 +- |
4733 | arch/x86/include/asm/ptrace.h | 21 +- | |
6090327c PK |
4734 | arch/x86/include/asm/qrwlock.h | 4 +- |
4735 | arch/x86/include/asm/realmode.h | 4 +- | |
4736 | arch/x86/include/asm/reboot.h | 10 +- | |
4737 | arch/x86/include/asm/rmwcc.h | 84 +- | |
4738 | arch/x86/include/asm/rwsem.h | 60 +- | |
da1216b9 PK |
4739 | arch/x86/include/asm/segment.h | 27 +- |
4740 | arch/x86/include/asm/smap.h | 43 + | |
6090327c | 4741 | arch/x86/include/asm/smp.h | 14 +- |
6090327c PK |
4742 | arch/x86/include/asm/stackprotector.h | 4 +- |
4743 | arch/x86/include/asm/stacktrace.h | 32 +- | |
4744 | arch/x86/include/asm/switch_to.h | 4 +- | |
afe359a8 PK |
4745 | arch/x86/include/asm/sys_ia32.h | 6 +- |
4746 | arch/x86/include/asm/thread_info.h | 27 +- | |
4747 | arch/x86/include/asm/tlbflush.h | 77 +- | |
e8242a6d | 4748 | arch/x86/include/asm/uaccess.h | 192 +- |
8cf17962 PK |
4749 | arch/x86/include/asm/uaccess_32.h | 28 +- |
4750 | arch/x86/include/asm/uaccess_64.h | 169 +- | |
6090327c PK |
4751 | arch/x86/include/asm/word-at-a-time.h | 2 +- |
4752 | arch/x86/include/asm/x86_init.h | 10 +- | |
4753 | arch/x86/include/asm/xen/page.h | 2 +- | |
6090327c | 4754 | arch/x86/include/uapi/asm/e820.h | 2 +- |
6090327c PK |
4755 | arch/x86/kernel/Makefile | 2 +- |
4756 | arch/x86/kernel/acpi/boot.c | 4 +- | |
4757 | arch/x86/kernel/acpi/sleep.c | 4 + | |
4758 | arch/x86/kernel/acpi/wakeup_32.S | 6 +- | |
afe359a8 | 4759 | arch/x86/kernel/alternative.c | 124 +- |
6090327c PK |
4760 | arch/x86/kernel/apic/apic.c | 4 +- |
4761 | arch/x86/kernel/apic/apic_flat_64.c | 4 +- | |
4762 | arch/x86/kernel/apic/apic_noop.c | 2 +- | |
4763 | arch/x86/kernel/apic/bigsmp_32.c | 2 +- | |
e8242a6d | 4764 | arch/x86/kernel/apic/io_apic.c | 8 +- |
afe359a8 | 4765 | arch/x86/kernel/apic/msi.c | 2 +- |
6090327c | 4766 | arch/x86/kernel/apic/probe_32.c | 2 +- |
8cf17962 | 4767 | arch/x86/kernel/apic/vector.c | 4 +- |
6090327c PK |
4768 | arch/x86/kernel/apic/x2apic_cluster.c | 4 +- |
4769 | arch/x86/kernel/apic/x2apic_phys.c | 2 +- | |
4770 | arch/x86/kernel/apic/x2apic_uv_x.c | 2 +- | |
e8242a6d | 4771 | arch/x86/kernel/apm_32.c | 21 +- |
6090327c PK |
4772 | arch/x86/kernel/asm-offsets.c | 20 + |
4773 | arch/x86/kernel/asm-offsets_64.c | 1 + | |
4774 | arch/x86/kernel/cpu/Makefile | 4 - | |
4775 | arch/x86/kernel/cpu/amd.c | 2 +- | |
afe359a8 | 4776 | arch/x86/kernel/cpu/common.c | 202 +- |
da1216b9 | 4777 | arch/x86/kernel/cpu/intel_cacheinfo.c | 14 +- |
6090327c PK |
4778 | arch/x86/kernel/cpu/mcheck/mce.c | 31 +- |
4779 | arch/x86/kernel/cpu/mcheck/p5.c | 3 + | |
4780 | arch/x86/kernel/cpu/mcheck/winchip.c | 3 + | |
4781 | arch/x86/kernel/cpu/microcode/core.c | 2 +- | |
4782 | arch/x86/kernel/cpu/microcode/intel.c | 4 +- | |
4783 | arch/x86/kernel/cpu/mtrr/main.c | 2 +- | |
4784 | arch/x86/kernel/cpu/mtrr/mtrr.h | 2 +- | |
afe359a8 | 4785 | arch/x86/kernel/cpu/perf_event.c | 10 +- |
6090327c PK |
4786 | arch/x86/kernel/cpu/perf_event_amd_iommu.c | 2 +- |
4787 | arch/x86/kernel/cpu/perf_event_intel.c | 6 +- | |
da1216b9 PK |
4788 | arch/x86/kernel/cpu/perf_event_intel_bts.c | 6 +- |
4789 | arch/x86/kernel/cpu/perf_event_intel_cqm.c | 4 +- | |
4790 | arch/x86/kernel/cpu/perf_event_intel_pt.c | 44 +- | |
6090327c PK |
4791 | arch/x86/kernel/cpu/perf_event_intel_rapl.c | 2 +- |
4792 | arch/x86/kernel/cpu/perf_event_intel_uncore.c | 2 +- | |
4793 | arch/x86/kernel/cpu/perf_event_intel_uncore.h | 2 +- | |
4794 | arch/x86/kernel/cpuid.c | 2 +- | |
6090327c PK |
4795 | arch/x86/kernel/crash_dump_64.c | 2 +- |
4796 | arch/x86/kernel/doublefault.c | 8 +- | |
da1216b9 PK |
4797 | arch/x86/kernel/dumpstack.c | 24 +- |
4798 | arch/x86/kernel/dumpstack_32.c | 25 +- | |
8cf17962 | 4799 | arch/x86/kernel/dumpstack_64.c | 62 +- |
6090327c PK |
4800 | arch/x86/kernel/e820.c | 4 +- |
4801 | arch/x86/kernel/early_printk.c | 1 + | |
8cf17962 | 4802 | arch/x86/kernel/espfix_64.c | 13 +- |
afe359a8 PK |
4803 | arch/x86/kernel/fpu/core.c | 22 +- |
4804 | arch/x86/kernel/fpu/init.c | 8 +- | |
4805 | arch/x86/kernel/fpu/regset.c | 22 +- | |
4806 | arch/x86/kernel/fpu/signal.c | 20 +- | |
4807 | arch/x86/kernel/fpu/xstate.c | 8 +- | |
da1216b9 | 4808 | arch/x86/kernel/ftrace.c | 18 +- |
afe359a8 PK |
4809 | arch/x86/kernel/head64.c | 14 +- |
4810 | arch/x86/kernel/head_32.S | 235 +- | |
da1216b9 | 4811 | arch/x86/kernel/head_64.S | 149 +- |
6090327c | 4812 | arch/x86/kernel/i386_ksyms_32.c | 12 + |
6090327c PK |
4813 | arch/x86/kernel/i8259.c | 10 +- |
4814 | arch/x86/kernel/io_delay.c | 2 +- | |
4815 | arch/x86/kernel/ioport.c | 2 +- | |
4816 | arch/x86/kernel/irq.c | 8 +- | |
da1216b9 | 4817 | arch/x86/kernel/irq_32.c | 45 +- |
afe359a8 | 4818 | arch/x86/kernel/jump_label.c | 10 +- |
da1216b9 PK |
4819 | arch/x86/kernel/kgdb.c | 21 +- |
4820 | arch/x86/kernel/kprobes/core.c | 28 +- | |
6090327c PK |
4821 | arch/x86/kernel/kprobes/opt.c | 16 +- |
4822 | arch/x86/kernel/ksysfs.c | 2 +- | |
afe359a8 | 4823 | arch/x86/kernel/ldt.c | 25 + |
e8242a6d | 4824 | arch/x86/kernel/livepatch.c | 12 +- |
6090327c | 4825 | arch/x86/kernel/machine_kexec_32.c | 6 +- |
a8b227b4 | 4826 | arch/x86/kernel/mcount_64.S | 19 +- |
6090327c PK |
4827 | arch/x86/kernel/module.c | 78 +- |
4828 | arch/x86/kernel/msr.c | 2 +- | |
4829 | arch/x86/kernel/nmi.c | 34 +- | |
4830 | arch/x86/kernel/nmi_selftest.c | 4 +- | |
4831 | arch/x86/kernel/paravirt-spinlocks.c | 2 +- | |
4832 | arch/x86/kernel/paravirt.c | 45 +- | |
8cf17962 | 4833 | arch/x86/kernel/paravirt_patch_64.c | 8 + |
6090327c PK |
4834 | arch/x86/kernel/pci-calgary_64.c | 2 +- |
4835 | arch/x86/kernel/pci-iommu_table.c | 2 +- | |
4836 | arch/x86/kernel/pci-swiotlb.c | 2 +- | |
afe359a8 PK |
4837 | arch/x86/kernel/process.c | 71 +- |
4838 | arch/x86/kernel/process_32.c | 30 +- | |
4839 | arch/x86/kernel/process_64.c | 19 +- | |
6090327c PK |
4840 | arch/x86/kernel/ptrace.c | 20 +- |
4841 | arch/x86/kernel/pvclock.c | 8 +- | |
e8242a6d | 4842 | arch/x86/kernel/reboot.c | 44 +- |
6090327c PK |
4843 | arch/x86/kernel/reboot_fixups_32.c | 2 +- |
4844 | arch/x86/kernel/relocate_kernel_64.S | 3 +- | |
afe359a8 | 4845 | arch/x86/kernel/setup.c | 29 +- |
6090327c PK |
4846 | arch/x86/kernel/setup_percpu.c | 29 +- |
4847 | arch/x86/kernel/signal.c | 17 +- | |
4848 | arch/x86/kernel/smp.c | 2 +- | |
afe359a8 PK |
4849 | arch/x86/kernel/smpboot.c | 29 +- |
4850 | arch/x86/kernel/step.c | 6 +- | |
6090327c PK |
4851 | arch/x86/kernel/sys_i386_32.c | 184 + |
4852 | arch/x86/kernel/sys_x86_64.c | 22 +- | |
da1216b9 PK |
4853 | arch/x86/kernel/tboot.c | 14 +- |
4854 | arch/x86/kernel/time.c | 8 +- | |
6090327c PK |
4855 | arch/x86/kernel/tls.c | 7 +- |
4856 | arch/x86/kernel/tracepoint.c | 4 +- | |
da1216b9 | 4857 | arch/x86/kernel/traps.c | 53 +- |
6090327c | 4858 | arch/x86/kernel/tsc.c | 2 +- |
da1216b9 | 4859 | arch/x86/kernel/uprobes.c | 2 +- |
6090327c PK |
4860 | arch/x86/kernel/vm86_32.c | 6 +- |
4861 | arch/x86/kernel/vmlinux.lds.S | 147 +- | |
6090327c PK |
4862 | arch/x86/kernel/x8664_ksyms_64.c | 6 +- |
4863 | arch/x86/kernel/x86_init.c | 6 +- | |
6090327c | 4864 | arch/x86/kvm/cpuid.c | 21 +- |
8cf17962 | 4865 | arch/x86/kvm/emulate.c | 2 +- |
6090327c PK |
4866 | arch/x86/kvm/lapic.c | 2 +- |
4867 | arch/x86/kvm/paging_tmpl.h | 2 +- | |
4868 | arch/x86/kvm/svm.c | 8 + | |
e8242a6d | 4869 | arch/x86/kvm/vmx.c | 82 +- |
afe359a8 | 4870 | arch/x86/kvm/x86.c | 44 +- |
6090327c PK |
4871 | arch/x86/lguest/boot.c | 3 +- |
4872 | arch/x86/lib/atomic64_386_32.S | 164 + | |
afe359a8 PK |
4873 | arch/x86/lib/atomic64_cx8_32.S | 98 +- |
4874 | arch/x86/lib/checksum_32.S | 97 +- | |
da1216b9 | 4875 | arch/x86/lib/clear_page_64.S | 3 + |
0986ccbe | 4876 | arch/x86/lib/cmpxchg16b_emu.S | 3 + |
afe359a8 PK |
4877 | arch/x86/lib/copy_page_64.S | 14 +- |
4878 | arch/x86/lib/copy_user_64.S | 66 +- | |
4879 | arch/x86/lib/csum-copy_64.S | 14 +- | |
6090327c PK |
4880 | arch/x86/lib/csum-wrappers_64.c | 8 +- |
4881 | arch/x86/lib/getuser.S | 74 +- | |
8cf17962 | 4882 | arch/x86/lib/insn.c | 8 +- |
6090327c | 4883 | arch/x86/lib/iomap_copy_64.S | 2 + |
da1216b9 PK |
4884 | arch/x86/lib/memcpy_64.S | 6 + |
4885 | arch/x86/lib/memmove_64.S | 3 +- | |
4886 | arch/x86/lib/memset_64.S | 3 + | |
6090327c PK |
4887 | arch/x86/lib/mmx_32.c | 243 +- |
4888 | arch/x86/lib/msr-reg.S | 2 + | |
afe359a8 | 4889 | arch/x86/lib/putuser.S | 87 +- |
6090327c | 4890 | arch/x86/lib/rwsem.S | 6 +- |
afe359a8 | 4891 | arch/x86/lib/usercopy_32.c | 359 +- |
da1216b9 | 4892 | arch/x86/lib/usercopy_64.c | 20 +- |
afe359a8 PK |
4893 | arch/x86/math-emu/fpu_aux.c | 2 +- |
4894 | arch/x86/math-emu/fpu_entry.c | 4 +- | |
4895 | arch/x86/math-emu/fpu_system.h | 2 +- | |
6090327c | 4896 | arch/x86/mm/Makefile | 4 + |
afe359a8 | 4897 | arch/x86/mm/extable.c | 26 +- |
da1216b9 | 4898 | arch/x86/mm/fault.c | 570 +- |
6090327c PK |
4899 | arch/x86/mm/gup.c | 6 +- |
4900 | arch/x86/mm/highmem_32.c | 4 + | |
4901 | arch/x86/mm/hugetlbpage.c | 24 +- | |
4902 | arch/x86/mm/init.c | 101 +- | |
4903 | arch/x86/mm/init_32.c | 111 +- | |
8cf17962 | 4904 | arch/x86/mm/init_64.c | 46 +- |
6090327c | 4905 | arch/x86/mm/iomap_32.c | 4 + |
afe359a8 | 4906 | arch/x86/mm/ioremap.c | 44 +- |
6090327c | 4907 | arch/x86/mm/kmemcheck/kmemcheck.c | 4 +- |
da1216b9 | 4908 | arch/x86/mm/mmap.c | 40 +- |
6090327c PK |
4909 | arch/x86/mm/mmio-mod.c | 10 +- |
4910 | arch/x86/mm/numa.c | 2 +- | |
4911 | arch/x86/mm/pageattr.c | 33 +- | |
afe359a8 | 4912 | arch/x86/mm/pat.c | 12 +- |
6090327c PK |
4913 | arch/x86/mm/pat_rbtree.c | 2 +- |
4914 | arch/x86/mm/pf_in.c | 10 +- | |
e8242a6d | 4915 | arch/x86/mm/pgtable.c | 162 +- |
6090327c | 4916 | arch/x86/mm/pgtable_32.c | 3 + |
6090327c PK |
4917 | arch/x86/mm/setup_nx.c | 7 + |
4918 | arch/x86/mm/tlb.c | 4 + | |
4919 | arch/x86/mm/uderef_64.c | 37 + | |
4920 | arch/x86/net/bpf_jit.S | 11 + | |
8cf17962 | 4921 | arch/x86/net/bpf_jit_comp.c | 13 +- |
da1216b9 | 4922 | arch/x86/oprofile/backtrace.c | 6 +- |
6090327c PK |
4923 | arch/x86/oprofile/nmi_int.c | 8 +- |
4924 | arch/x86/oprofile/op_model_amd.c | 8 +- | |
4925 | arch/x86/oprofile/op_model_ppro.c | 7 +- | |
4926 | arch/x86/oprofile/op_x86_model.h | 2 +- | |
4927 | arch/x86/pci/intel_mid_pci.c | 2 +- | |
4928 | arch/x86/pci/irq.c | 8 +- | |
4929 | arch/x86/pci/pcbios.c | 144 +- | |
4930 | arch/x86/platform/efi/efi_32.c | 24 + | |
da1216b9 | 4931 | arch/x86/platform/efi/efi_64.c | 26 +- |
6090327c | 4932 | arch/x86/platform/efi/efi_stub_32.S | 64 +- |
8cf17962 | 4933 | arch/x86/platform/efi/efi_stub_64.S | 2 + |
e8242a6d | 4934 | arch/x86/platform/intel-mid/intel-mid.c | 5 +- |
a8b227b4 PK |
4935 | arch/x86/platform/intel-mid/intel_mid_weak_decls.h | 6 +- |
4936 | arch/x86/platform/intel-mid/mfld.c | 4 +- | |
4937 | arch/x86/platform/intel-mid/mrfl.c | 2 +- | |
e8242a6d | 4938 | arch/x86/platform/intel-quark/imr_selftest.c | 2 +- |
6090327c PK |
4939 | arch/x86/platform/olpc/olpc_dt.c | 2 +- |
4940 | arch/x86/power/cpu.c | 11 +- | |
4941 | arch/x86/realmode/init.c | 10 +- | |
4942 | arch/x86/realmode/rm/Makefile | 3 + | |
4943 | arch/x86/realmode/rm/header.S | 4 +- | |
da1216b9 | 4944 | arch/x86/realmode/rm/reboot.S | 4 + |
6090327c PK |
4945 | arch/x86/realmode/rm/trampoline_32.S | 12 +- |
4946 | arch/x86/realmode/rm/trampoline_64.S | 3 +- | |
4947 | arch/x86/realmode/rm/wakeup_asm.S | 5 +- | |
4948 | arch/x86/tools/Makefile | 2 +- | |
afe359a8 | 4949 | arch/x86/tools/relocs.c | 96 +- |
6090327c PK |
4950 | arch/x86/um/mem_32.c | 2 +- |
4951 | arch/x86/um/tls_32.c | 2 +- | |
da1216b9 PK |
4952 | arch/x86/xen/enlighten.c | 50 +- |
4953 | arch/x86/xen/mmu.c | 17 +- | |
4954 | arch/x86/xen/smp.c | 16 +- | |
6090327c PK |
4955 | arch/x86/xen/xen-asm_32.S | 2 +- |
4956 | arch/x86/xen/xen-head.S | 11 + | |
4957 | arch/x86/xen/xen-ops.h | 2 - | |
e8242a6d | 4958 | block/bio.c | 4 +- |
6090327c PK |
4959 | block/blk-iopoll.c | 2 +- |
4960 | block/blk-map.c | 2 +- | |
4961 | block/blk-softirq.c | 2 +- | |
4962 | block/bsg.c | 12 +- | |
4963 | block/compat_ioctl.c | 4 +- | |
4964 | block/genhd.c | 9 +- | |
4965 | block/partitions/efi.c | 8 +- | |
4966 | block/scsi_ioctl.c | 29 +- | |
4967 | crypto/cryptd.c | 4 +- | |
4968 | crypto/pcrypt.c | 2 +- | |
e8242a6d | 4969 | crypto/zlib.c | 4 +- |
afe359a8 | 4970 | drivers/acpi/acpi_video.c | 2 +- |
6090327c PK |
4971 | drivers/acpi/apei/apei-internal.h | 2 +- |
4972 | drivers/acpi/apei/ghes.c | 4 +- | |
4973 | drivers/acpi/bgrt.c | 6 +- | |
4974 | drivers/acpi/blacklist.c | 4 +- | |
e8242a6d | 4975 | drivers/acpi/bus.c | 4 +- |
0986ccbe | 4976 | drivers/acpi/device_pm.c | 4 +- |
e8242a6d PK |
4977 | drivers/acpi/ec.c | 2 +- |
4978 | drivers/acpi/pci_slot.c | 2 +- | |
4979 | drivers/acpi/processor_driver.c | 2 +- | |
6090327c | 4980 | drivers/acpi/processor_idle.c | 2 +- |
e8242a6d PK |
4981 | drivers/acpi/processor_pdc.c | 2 +- |
4982 | drivers/acpi/sleep.c | 2 +- | |
6090327c | 4983 | drivers/acpi/sysfs.c | 4 +- |
e8242a6d | 4984 | drivers/acpi/thermal.c | 2 +- |
afe359a8 | 4985 | drivers/acpi/video_detect.c | 7 +- |
6090327c PK |
4986 | drivers/ata/libahci.c | 2 +- |
4987 | drivers/ata/libata-core.c | 12 +- | |
4988 | drivers/ata/libata-scsi.c | 2 +- | |
4989 | drivers/ata/libata.h | 2 +- | |
4990 | drivers/ata/pata_arasan_cf.c | 4 +- | |
4991 | drivers/atm/adummy.c | 2 +- | |
4992 | drivers/atm/ambassador.c | 8 +- | |
4993 | drivers/atm/atmtcp.c | 14 +- | |
4994 | drivers/atm/eni.c | 10 +- | |
4995 | drivers/atm/firestream.c | 8 +- | |
4996 | drivers/atm/fore200e.c | 14 +- | |
4997 | drivers/atm/he.c | 18 +- | |
4998 | drivers/atm/horizon.c | 4 +- | |
4999 | drivers/atm/idt77252.c | 36 +- | |
5000 | drivers/atm/iphase.c | 34 +- | |
5001 | drivers/atm/lanai.c | 12 +- | |
5002 | drivers/atm/nicstar.c | 46 +- | |
5003 | drivers/atm/solos-pci.c | 4 +- | |
5004 | drivers/atm/suni.c | 4 +- | |
5005 | drivers/atm/uPD98402.c | 16 +- | |
5006 | drivers/atm/zatm.c | 6 +- | |
5007 | drivers/base/bus.c | 4 +- | |
5008 | drivers/base/devtmpfs.c | 8 +- | |
5009 | drivers/base/node.c | 2 +- | |
da1216b9 | 5010 | drivers/base/power/domain.c | 11 +- |
6090327c PK |
5011 | drivers/base/power/sysfs.c | 2 +- |
5012 | drivers/base/power/wakeup.c | 8 +- | |
5013 | drivers/base/syscore.c | 4 +- | |
5014 | drivers/block/cciss.c | 28 +- | |
5015 | drivers/block/cciss.h | 2 +- | |
5016 | drivers/block/cpqarray.c | 28 +- | |
5017 | drivers/block/cpqarray.h | 2 +- | |
a8b227b4 | 5018 | drivers/block/drbd/drbd_bitmap.c | 2 +- |
8cf17962 | 5019 | drivers/block/drbd/drbd_int.h | 8 +- |
a8b227b4 | 5020 | drivers/block/drbd/drbd_main.c | 12 +- |
6090327c | 5021 | drivers/block/drbd/drbd_nl.c | 4 +- |
a8b227b4 PK |
5022 | drivers/block/drbd/drbd_receiver.c | 34 +- |
5023 | drivers/block/drbd/drbd_worker.c | 8 +- | |
6090327c | 5024 | drivers/block/pktcdvd.c | 4 +- |
8cf17962 | 5025 | drivers/block/rbd.c | 2 +- |
6090327c PK |
5026 | drivers/bluetooth/btwilink.c | 2 +- |
5027 | drivers/cdrom/cdrom.c | 11 +- | |
5028 | drivers/cdrom/gdrom.c | 1 - | |
5029 | drivers/char/agp/compat_ioctl.c | 2 +- | |
5030 | drivers/char/agp/frontend.c | 4 +- | |
afe359a8 | 5031 | drivers/char/agp/intel-gtt.c | 4 +- |
6090327c | 5032 | drivers/char/hpet.c | 2 +- |
6090327c PK |
5033 | drivers/char/ipmi/ipmi_msghandler.c | 8 +- |
5034 | drivers/char/ipmi/ipmi_si_intf.c | 8 +- | |
8cf17962 | 5035 | drivers/char/mem.c | 47 +- |
6090327c | 5036 | drivers/char/nvram.c | 2 +- |
a8b227b4 PK |
5037 | drivers/char/pcmcia/synclink_cs.c | 16 +- |
5038 | drivers/char/random.c | 12 +- | |
e8242a6d | 5039 | drivers/char/sonypi.c | 11 +- |
6090327c PK |
5040 | drivers/char/tpm/tpm_acpi.c | 3 +- |
5041 | drivers/char/tpm/tpm_eventlog.c | 7 +- | |
5042 | drivers/char/virtio_console.c | 4 +- | |
5043 | drivers/clk/clk-composite.c | 2 +- | |
da1216b9 | 5044 | drivers/clk/samsung/clk.h | 2 +- |
6090327c PK |
5045 | drivers/clk/socfpga/clk-gate.c | 9 +- |
5046 | drivers/clk/socfpga/clk-pll.c | 9 +- | |
5047 | drivers/cpufreq/acpi-cpufreq.c | 17 +- | |
8cf17962 | 5048 | drivers/cpufreq/cpufreq-dt.c | 4 +- |
6090327c | 5049 | drivers/cpufreq/cpufreq.c | 26 +- |
afe359a8 | 5050 | drivers/cpufreq/cpufreq_governor.c | 2 +- |
6090327c PK |
5051 | drivers/cpufreq/cpufreq_governor.h | 4 +- |
5052 | drivers/cpufreq/cpufreq_ondemand.c | 10 +- | |
0986ccbe | 5053 | drivers/cpufreq/intel_pstate.c | 33 +- |
6090327c PK |
5054 | drivers/cpufreq/p4-clockmod.c | 12 +- |
5055 | drivers/cpufreq/sparc-us3-cpufreq.c | 67 +- | |
5056 | drivers/cpufreq/speedstep-centrino.c | 7 +- | |
5057 | drivers/cpuidle/driver.c | 2 +- | |
afe359a8 | 5058 | drivers/cpuidle/dt_idle_states.c | 2 +- |
6090327c PK |
5059 | drivers/cpuidle/governor.c | 2 +- |
5060 | drivers/cpuidle/sysfs.c | 2 +- | |
5061 | drivers/crypto/hifn_795x.c | 4 +- | |
5062 | drivers/devfreq/devfreq.c | 4 +- | |
5063 | drivers/dma/sh/shdma-base.c | 4 +- | |
5064 | drivers/dma/sh/shdmac.c | 2 +- | |
5065 | drivers/edac/edac_device.c | 4 +- | |
da1216b9 | 5066 | drivers/edac/edac_mc_sysfs.c | 2 +- |
6090327c PK |
5067 | drivers/edac/edac_pci.c | 4 +- |
5068 | drivers/edac/edac_pci_sysfs.c | 22 +- | |
5069 | drivers/edac/mce_amd.h | 2 +- | |
5070 | drivers/firewire/core-card.c | 6 +- | |
5071 | drivers/firewire/core-device.c | 2 +- | |
5072 | drivers/firewire/core-transaction.c | 1 + | |
5073 | drivers/firewire/core.h | 1 + | |
5074 | drivers/firmware/dmi-id.c | 2 +- | |
afe359a8 | 5075 | drivers/firmware/dmi_scan.c | 12 +- |
6090327c PK |
5076 | drivers/firmware/efi/cper.c | 8 +- |
5077 | drivers/firmware/efi/efi.c | 12 +- | |
5078 | drivers/firmware/efi/efivars.c | 2 +- | |
e8242a6d PK |
5079 | drivers/firmware/efi/runtime-map.c | 2 +- |
5080 | drivers/firmware/google/gsmi.c | 2 +- | |
5081 | drivers/firmware/google/memconsole.c | 7 +- | |
5082 | drivers/firmware/memmap.c | 2 +- | |
afe359a8 | 5083 | drivers/gpio/gpio-davinci.c | 6 +- |
6090327c PK |
5084 | drivers/gpio/gpio-em.c | 2 +- |
5085 | drivers/gpio/gpio-ich.c | 2 +- | |
afe359a8 | 5086 | drivers/gpio/gpio-omap.c | 4 +- |
6090327c PK |
5087 | drivers/gpio/gpio-rcar.c | 2 +- |
5088 | drivers/gpio/gpio-vr41xx.c | 2 +- | |
a8b227b4 | 5089 | drivers/gpio/gpiolib.c | 13 +- |
afe359a8 PK |
5090 | drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- |
5091 | drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 2 +- | |
5092 | drivers/gpu/drm/amd/amdkfd/kfd_device.c | 6 +- | |
5093 | .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 90 +- | |
5094 | .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.h | 8 +- | |
5095 | .../drm/amd/amdkfd/kfd_device_queue_manager_cik.c | 14 +- | |
5096 | .../drm/amd/amdkfd/kfd_device_queue_manager_vi.c | 14 +- | |
5097 | drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c | 4 +- | |
5098 | drivers/gpu/drm/amd/amdkfd/kfd_kernel_queue.c | 2 +- | |
e8242a6d | 5099 | drivers/gpu/drm/amd/amdkfd/kfd_kernel_queue.h | 2 +- |
afe359a8 | 5100 | .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 16 +- |
6090327c | 5101 | drivers/gpu/drm/drm_crtc.c | 2 +- |
a8b227b4 | 5102 | drivers/gpu/drm/drm_drv.c | 2 +- |
6090327c PK |
5103 | drivers/gpu/drm/drm_fops.c | 12 +- |
5104 | drivers/gpu/drm/drm_global.c | 14 +- | |
5105 | drivers/gpu/drm/drm_info.c | 13 +- | |
5106 | drivers/gpu/drm/drm_ioc32.c | 13 +- | |
a8b227b4 | 5107 | drivers/gpu/drm/drm_ioctl.c | 2 +- |
e8242a6d | 5108 | drivers/gpu/drm/gma500/mdfld_dsi_dpi.c | 10 +- |
6090327c | 5109 | drivers/gpu/drm/i810/i810_drv.h | 4 +- |
afe359a8 | 5110 | drivers/gpu/drm/i915/i915_debugfs.c | 2 +- |
6090327c PK |
5111 | drivers/gpu/drm/i915/i915_dma.c | 2 +- |
5112 | drivers/gpu/drm/i915/i915_gem_execbuffer.c | 4 +- | |
afe359a8 PK |
5113 | drivers/gpu/drm/i915/i915_gem_gtt.c | 32 +- |
5114 | drivers/gpu/drm/i915/i915_gem_gtt.h | 16 +- | |
5115 | drivers/gpu/drm/i915/i915_gem_stolen.c | 2 +- | |
da1216b9 | 5116 | drivers/gpu/drm/i915/i915_ioc32.c | 16 +- |
6090327c | 5117 | drivers/gpu/drm/i915/intel_display.c | 26 +- |
8cf17962 | 5118 | drivers/gpu/drm/imx/imx-drm-core.c | 2 +- |
6090327c | 5119 | drivers/gpu/drm/mga/mga_drv.h | 4 +- |
da1216b9 | 5120 | drivers/gpu/drm/mga/mga_ioc32.c | 10 +- |
6090327c PK |
5121 | drivers/gpu/drm/mga/mga_irq.c | 8 +- |
5122 | drivers/gpu/drm/nouveau/nouveau_bios.c | 2 +- | |
5123 | drivers/gpu/drm/nouveau/nouveau_drm.h | 1 - | |
5124 | drivers/gpu/drm/nouveau/nouveau_ioc32.c | 2 +- | |
5125 | drivers/gpu/drm/nouveau/nouveau_vga.c | 2 +- | |
afe359a8 | 5126 | drivers/gpu/drm/omapdrm/Makefile | 2 +- |
6090327c PK |
5127 | drivers/gpu/drm/qxl/qxl_cmd.c | 12 +- |
5128 | drivers/gpu/drm/qxl/qxl_debugfs.c | 8 +- | |
5129 | drivers/gpu/drm/qxl/qxl_drv.h | 8 +- | |
5130 | drivers/gpu/drm/qxl/qxl_ioctl.c | 10 +- | |
5131 | drivers/gpu/drm/qxl/qxl_irq.c | 16 +- | |
5132 | drivers/gpu/drm/qxl/qxl_ttm.c | 38 +- | |
5133 | drivers/gpu/drm/r128/r128_cce.c | 2 +- | |
5134 | drivers/gpu/drm/r128/r128_drv.h | 4 +- | |
da1216b9 | 5135 | drivers/gpu/drm/r128/r128_ioc32.c | 10 +- |
6090327c PK |
5136 | drivers/gpu/drm/r128/r128_irq.c | 4 +- |
5137 | drivers/gpu/drm/r128/r128_state.c | 4 +- | |
5138 | drivers/gpu/drm/radeon/mkregtable.c | 4 +- | |
5139 | drivers/gpu/drm/radeon/radeon_device.c | 2 +- | |
5140 | drivers/gpu/drm/radeon/radeon_drv.h | 2 +- | |
da1216b9 | 5141 | drivers/gpu/drm/radeon/radeon_ioc32.c | 12 +- |
6090327c PK |
5142 | drivers/gpu/drm/radeon/radeon_irq.c | 6 +- |
5143 | drivers/gpu/drm/radeon/radeon_state.c | 4 +- | |
5144 | drivers/gpu/drm/radeon/radeon_ttm.c | 4 +- | |
5145 | drivers/gpu/drm/tegra/dc.c | 2 +- | |
5146 | drivers/gpu/drm/tegra/dsi.c | 2 +- | |
5147 | drivers/gpu/drm/tegra/hdmi.c | 2 +- | |
afe359a8 PK |
5148 | drivers/gpu/drm/tegra/sor.c | 7 +- |
5149 | drivers/gpu/drm/tilcdc/Makefile | 6 +- | |
6090327c | 5150 | drivers/gpu/drm/ttm/ttm_memory.c | 4 +- |
0986ccbe PK |
5151 | drivers/gpu/drm/ttm/ttm_page_alloc.c | 18 +- |
5152 | drivers/gpu/drm/ttm/ttm_page_alloc_dma.c | 18 +- | |
6090327c PK |
5153 | drivers/gpu/drm/udl/udl_fb.c | 1 - |
5154 | drivers/gpu/drm/via/via_drv.h | 4 +- | |
5155 | drivers/gpu/drm/via/via_irq.c | 18 +- | |
afe359a8 PK |
5156 | drivers/gpu/drm/virtio/virtgpu_debugfs.c | 2 +- |
5157 | drivers/gpu/drm/virtio/virtgpu_fence.c | 2 +- | |
6090327c PK |
5158 | drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 2 +- |
5159 | drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c | 8 +- | |
5160 | drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c | 4 +- | |
5161 | drivers/gpu/drm/vmwgfx/vmwgfx_irq.c | 4 +- | |
5162 | drivers/gpu/drm/vmwgfx/vmwgfx_marker.c | 2 +- | |
5163 | drivers/gpu/vga/vga_switcheroo.c | 4 +- | |
5164 | drivers/hid/hid-core.c | 4 +- | |
afe359a8 | 5165 | drivers/hid/hid-sensor-custom.c | 2 +- |
e8242a6d | 5166 | drivers/hv/channel.c | 2 +- |
6090327c PK |
5167 | drivers/hv/hv.c | 4 +- |
5168 | drivers/hv/hv_balloon.c | 18 +- | |
5169 | drivers/hv/hyperv_vmbus.h | 2 +- | |
e8242a6d | 5170 | drivers/hwmon/acpi_power_meter.c | 6 +- |
6090327c PK |
5171 | drivers/hwmon/applesmc.c | 2 +- |
5172 | drivers/hwmon/asus_atk0110.c | 10 +- | |
5173 | drivers/hwmon/coretemp.c | 2 +- | |
afe359a8 | 5174 | drivers/hwmon/dell-smm-hwmon.c | 2 +- |
6090327c PK |
5175 | drivers/hwmon/ibmaem.c | 2 +- |
5176 | drivers/hwmon/iio_hwmon.c | 2 +- | |
a8b227b4 | 5177 | drivers/hwmon/nct6683.c | 6 +- |
6090327c PK |
5178 | drivers/hwmon/nct6775.c | 6 +- |
5179 | drivers/hwmon/pmbus/pmbus_core.c | 10 +- | |
5180 | drivers/hwmon/sht15.c | 12 +- | |
5181 | drivers/hwmon/via-cputemp.c | 2 +- | |
5182 | drivers/i2c/busses/i2c-amd756-s4882.c | 2 +- | |
5183 | drivers/i2c/busses/i2c-diolan-u2c.c | 2 +- | |
5184 | drivers/i2c/busses/i2c-nforce2-s4985.c | 2 +- | |
5185 | drivers/i2c/i2c-dev.c | 2 +- | |
5186 | drivers/ide/ide-cd.c | 2 +- | |
5187 | drivers/iio/industrialio-core.c | 2 +- | |
afe359a8 | 5188 | drivers/iio/magnetometer/ak8975.c | 2 +- |
6090327c PK |
5189 | drivers/infiniband/core/cm.c | 32 +- |
5190 | drivers/infiniband/core/fmr_pool.c | 20 +- | |
e8242a6d | 5191 | drivers/infiniband/core/uverbs_cmd.c | 3 + |
6090327c PK |
5192 | drivers/infiniband/hw/cxgb4/mem.c | 4 +- |
5193 | drivers/infiniband/hw/ipath/ipath_rc.c | 6 +- | |
5194 | drivers/infiniband/hw/ipath/ipath_ruc.c | 6 +- | |
5195 | drivers/infiniband/hw/mlx4/mad.c | 2 +- | |
5196 | drivers/infiniband/hw/mlx4/mcg.c | 2 +- | |
5197 | drivers/infiniband/hw/mlx4/mlx4_ib.h | 2 +- | |
5198 | drivers/infiniband/hw/mthca/mthca_cmd.c | 8 +- | |
5199 | drivers/infiniband/hw/mthca/mthca_main.c | 2 +- | |
5200 | drivers/infiniband/hw/mthca/mthca_mr.c | 6 +- | |
5201 | drivers/infiniband/hw/mthca/mthca_provider.c | 2 +- | |
5202 | drivers/infiniband/hw/nes/nes.c | 4 +- | |
5203 | drivers/infiniband/hw/nes/nes.h | 40 +- | |
5204 | drivers/infiniband/hw/nes/nes_cm.c | 62 +- | |
5205 | drivers/infiniband/hw/nes/nes_mgt.c | 8 +- | |
5206 | drivers/infiniband/hw/nes/nes_nic.c | 40 +- | |
5207 | drivers/infiniband/hw/nes/nes_verbs.c | 10 +- | |
5208 | drivers/infiniband/hw/qib/qib.h | 1 + | |
0986ccbe | 5209 | drivers/infiniband/ulp/ipoib/ipoib_netlink.c | 2 +- |
6090327c PK |
5210 | drivers/input/gameport/gameport.c | 4 +- |
5211 | drivers/input/input.c | 4 +- | |
5212 | drivers/input/joystick/sidewinder.c | 1 + | |
5213 | drivers/input/joystick/xpad.c | 4 +- | |
5214 | drivers/input/misc/ims-pcu.c | 4 +- | |
5215 | drivers/input/mouse/psmouse.h | 2 +- | |
5216 | drivers/input/mousedev.c | 2 +- | |
5217 | drivers/input/serio/serio.c | 4 +- | |
5218 | drivers/input/serio/serio_raw.c | 4 +- | |
e8242a6d | 5219 | drivers/input/touchscreen/htcpen.c | 2 +- |
da1216b9 PK |
5220 | drivers/iommu/arm-smmu.c | 43 +- |
5221 | drivers/iommu/io-pgtable-arm.c | 101 +- | |
5222 | drivers/iommu/io-pgtable.c | 11 +- | |
5223 | drivers/iommu/io-pgtable.h | 19 +- | |
0986ccbe | 5224 | drivers/iommu/iommu.c | 2 +- |
da1216b9 | 5225 | drivers/iommu/ipmmu-vmsa.c | 13 +- |
afe359a8 | 5226 | drivers/iommu/irq_remapping.c | 2 +- |
da1216b9 | 5227 | drivers/irqchip/irq-gic.c | 2 +- |
8cf17962 | 5228 | drivers/irqchip/irq-renesas-intc-irqpin.c | 2 +- |
6090327c PK |
5229 | drivers/irqchip/irq-renesas-irqc.c | 2 +- |
5230 | drivers/isdn/capi/capi.c | 10 +- | |
5231 | drivers/isdn/gigaset/interface.c | 8 +- | |
5232 | drivers/isdn/gigaset/usb-gigaset.c | 2 +- | |
5233 | drivers/isdn/hardware/avm/b1.c | 4 +- | |
5234 | drivers/isdn/i4l/isdn_common.c | 2 + | |
5235 | drivers/isdn/i4l/isdn_tty.c | 22 +- | |
5236 | drivers/isdn/icn/icn.c | 2 +- | |
5237 | drivers/isdn/mISDN/dsp_cmx.c | 2 +- | |
6090327c PK |
5238 | drivers/lguest/core.c | 10 +- |
5239 | drivers/lguest/page_tables.c | 2 +- | |
5240 | drivers/lguest/x86/core.c | 12 +- | |
5241 | drivers/lguest/x86/switcher_32.S | 27 +- | |
5242 | drivers/md/bcache/closure.h | 2 +- | |
5243 | drivers/md/bitmap.c | 2 +- | |
5244 | drivers/md/dm-ioctl.c | 2 +- | |
afe359a8 | 5245 | drivers/md/dm-raid1.c | 18 +- |
6090327c PK |
5246 | drivers/md/dm-stats.c | 6 +- |
5247 | drivers/md/dm-stripe.c | 10 +- | |
0986ccbe | 5248 | drivers/md/dm-table.c | 2 +- |
6090327c PK |
5249 | drivers/md/dm-thin-metadata.c | 4 +- |
5250 | drivers/md/dm.c | 16 +- | |
5251 | drivers/md/md.c | 26 +- | |
5252 | drivers/md/md.h | 6 +- | |
5253 | drivers/md/persistent-data/dm-space-map-metadata.c | 4 +- | |
5254 | drivers/md/persistent-data/dm-space-map.h | 1 + | |
5255 | drivers/md/raid1.c | 4 +- | |
5256 | drivers/md/raid10.c | 16 +- | |
e8242a6d | 5257 | drivers/md/raid5.c | 22 +- |
6090327c PK |
5258 | drivers/media/dvb-core/dvbdev.c | 2 +- |
5259 | drivers/media/dvb-frontends/af9033.h | 2 +- | |
5260 | drivers/media/dvb-frontends/dib3000.h | 2 +- | |
a8b227b4 PK |
5261 | drivers/media/dvb-frontends/dib7000p.h | 2 +- |
5262 | drivers/media/dvb-frontends/dib8000.h | 2 +- | |
6090327c PK |
5263 | drivers/media/pci/cx88/cx88-video.c | 6 +- |
5264 | drivers/media/pci/ivtv/ivtv-driver.c | 2 +- | |
a8b227b4 PK |
5265 | drivers/media/pci/solo6x10/solo6x10-core.c | 2 +- |
5266 | drivers/media/pci/solo6x10/solo6x10-p2m.c | 2 +- | |
5267 | drivers/media/pci/solo6x10/solo6x10.h | 2 +- | |
0986ccbe | 5268 | drivers/media/pci/tw68/tw68-core.c | 2 +- |
6090327c PK |
5269 | drivers/media/platform/omap/omap_vout.c | 11 +- |
5270 | drivers/media/platform/s5p-tv/mixer.h | 2 +- | |
5271 | drivers/media/platform/s5p-tv/mixer_grp_layer.c | 2 +- | |
5272 | drivers/media/platform/s5p-tv/mixer_reg.c | 2 +- | |
5273 | drivers/media/platform/s5p-tv/mixer_video.c | 24 +- | |
5274 | drivers/media/platform/s5p-tv/mixer_vp_layer.c | 2 +- | |
6090327c PK |
5275 | drivers/media/radio/radio-cadet.c | 2 + |
5276 | drivers/media/radio/radio-maxiradio.c | 2 +- | |
5277 | drivers/media/radio/radio-shark.c | 2 +- | |
5278 | drivers/media/radio/radio-shark2.c | 2 +- | |
5279 | drivers/media/radio/radio-si476x.c | 2 +- | |
8cf17962 | 5280 | drivers/media/radio/wl128x/fmdrv_common.c | 2 +- |
0986ccbe | 5281 | drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 12 +- |
6090327c PK |
5282 | drivers/media/v4l2-core/v4l2-device.c | 4 +- |
5283 | drivers/media/v4l2-core/v4l2-ioctl.c | 13 +- | |
8cf17962 | 5284 | drivers/memory/omap-gpmc.c | 21 +- |
6090327c | 5285 | drivers/message/fusion/mptsas.c | 34 +- |
6090327c | 5286 | drivers/mfd/ab8500-debugfs.c | 2 +- |
e8242a6d | 5287 | drivers/mfd/kempld-core.c | 2 +- |
6090327c PK |
5288 | drivers/mfd/max8925-i2c.c | 2 +- |
5289 | drivers/mfd/tps65910.c | 2 +- | |
5290 | drivers/mfd/twl4030-irq.c | 9 +- | |
5291 | drivers/misc/c2port/core.c | 4 +- | |
5292 | drivers/misc/eeprom/sunxi_sid.c | 4 +- | |
5293 | drivers/misc/kgdbts.c | 4 +- | |
5294 | drivers/misc/lis3lv02d/lis3lv02d.c | 8 +- | |
5295 | drivers/misc/lis3lv02d/lis3lv02d.h | 2 +- | |
afe359a8 | 5296 | drivers/misc/mic/scif/scif_rb.c | 8 +- |
6090327c PK |
5297 | drivers/misc/sgi-gru/gruhandles.c | 4 +- |
5298 | drivers/misc/sgi-gru/gruprocfs.c | 8 +- | |
5299 | drivers/misc/sgi-gru/grutables.h | 154 +- | |
5300 | drivers/misc/sgi-xp/xp.h | 2 +- | |
5301 | drivers/misc/sgi-xp/xpc.h | 3 +- | |
da1216b9 | 5302 | drivers/misc/sgi-xp/xpc_main.c | 2 +- |
6090327c | 5303 | drivers/mmc/card/block.c | 2 +- |
6090327c PK |
5304 | drivers/mmc/host/dw_mmc.h | 2 +- |
5305 | drivers/mmc/host/mmci.c | 4 +- | |
0986ccbe | 5306 | drivers/mmc/host/omap_hsmmc.c | 4 +- |
6090327c PK |
5307 | drivers/mmc/host/sdhci-esdhc-imx.c | 7 +- |
5308 | drivers/mmc/host/sdhci-s3c.c | 8 +- | |
5309 | drivers/mtd/chips/cfi_cmdset_0020.c | 2 +- | |
5310 | drivers/mtd/nand/denali.c | 1 + | |
0986ccbe | 5311 | drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 2 +- |
6090327c PK |
5312 | drivers/mtd/nftlmount.c | 1 + |
5313 | drivers/mtd/sm_ftl.c | 2 +- | |
5314 | drivers/net/bonding/bond_netlink.c | 2 +- | |
0986ccbe | 5315 | drivers/net/caif/caif_hsi.c | 2 +- |
6090327c | 5316 | drivers/net/can/Kconfig | 2 +- |
0986ccbe PK |
5317 | drivers/net/can/dev.c | 2 +- |
5318 | drivers/net/can/vcan.c | 2 +- | |
5319 | drivers/net/dummy.c | 2 +- | |
6090327c PK |
5320 | drivers/net/ethernet/8390/ax88796.c | 4 +- |
5321 | drivers/net/ethernet/altera/altera_tse_main.c | 4 +- | |
a8b227b4 | 5322 | drivers/net/ethernet/amd/xgbe/xgbe-common.h | 4 +- |
0986ccbe | 5323 | drivers/net/ethernet/amd/xgbe/xgbe-dcb.c | 4 +- |
e8242a6d | 5324 | drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 27 +- |
afe359a8 PK |
5325 | drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 143 +- |
5326 | drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 64 +- | |
5327 | drivers/net/ethernet/amd/xgbe/xgbe-ethtool.c | 10 +- | |
5328 | drivers/net/ethernet/amd/xgbe/xgbe-main.c | 15 +- | |
5329 | drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 27 +- | |
a8b227b4 | 5330 | drivers/net/ethernet/amd/xgbe/xgbe-ptp.c | 4 +- |
afe359a8 | 5331 | drivers/net/ethernet/amd/xgbe/xgbe.h | 10 +- |
6090327c PK |
5332 | drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h | 2 +- |
5333 | drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c | 11 +- | |
5334 | drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h | 3 +- | |
5335 | drivers/net/ethernet/broadcom/tg3.h | 1 + | |
afe359a8 PK |
5336 | drivers/net/ethernet/cavium/liquidio/lio_ethtool.c | 6 +- |
5337 | drivers/net/ethernet/cavium/liquidio/lio_main.c | 11 +- | |
6090327c | 5338 | drivers/net/ethernet/chelsio/cxgb3/l2t.h | 2 +- |
6090327c PK |
5339 | drivers/net/ethernet/dec/tulip/de4x5.c | 4 +- |
5340 | drivers/net/ethernet/emulex/benet/be_main.c | 2 +- | |
5341 | drivers/net/ethernet/faraday/ftgmac100.c | 2 + | |
5342 | drivers/net/ethernet/faraday/ftmac100.c | 2 + | |
5343 | drivers/net/ethernet/intel/i40e/i40e_ptp.c | 2 +- | |
5344 | drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c | 2 +- | |
0986ccbe | 5345 | drivers/net/ethernet/mellanox/mlx4/en_tx.c | 4 +- |
afe359a8 | 5346 | drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 +- |
6090327c PK |
5347 | drivers/net/ethernet/neterion/vxge/vxge-config.c | 7 +- |
5348 | .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c | 4 +- | |
5349 | .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c | 12 +- | |
5350 | .../net/ethernet/qlogic/qlcnic/qlcnic_minidump.c | 2 +- | |
5351 | drivers/net/ethernet/realtek/r8169.c | 8 +- | |
5352 | drivers/net/ethernet/sfc/ptp.c | 2 +- | |
5353 | drivers/net/ethernet/stmicro/stmmac/mmc_core.c | 4 +- | |
e8242a6d | 5354 | drivers/net/ethernet/via/via-rhine.c | 2 +- |
6090327c PK |
5355 | drivers/net/hyperv/hyperv_net.h | 2 +- |
5356 | drivers/net/hyperv/rndis_filter.c | 4 +- | |
0986ccbe | 5357 | drivers/net/ifb.c | 2 +- |
afe359a8 | 5358 | drivers/net/ipvlan/ipvlan_core.c | 2 +- |
6090327c | 5359 | drivers/net/macvlan.c | 20 +- |
0986ccbe PK |
5360 | drivers/net/macvtap.c | 6 +- |
5361 | drivers/net/nlmon.c | 2 +- | |
8cf17962 | 5362 | drivers/net/phy/phy_device.c | 6 +- |
6090327c PK |
5363 | drivers/net/ppp/ppp_generic.c | 4 +- |
5364 | drivers/net/slip/slhc.c | 2 +- | |
0986ccbe PK |
5365 | drivers/net/team/team.c | 4 +- |
5366 | drivers/net/tun.c | 7 +- | |
6090327c PK |
5367 | drivers/net/usb/hso.c | 23 +- |
5368 | drivers/net/usb/r8152.c | 2 +- | |
5369 | drivers/net/usb/sierra_net.c | 4 +- | |
5370 | drivers/net/virtio_net.c | 2 +- | |
5371 | drivers/net/vxlan.c | 4 +- | |
5372 | drivers/net/wimax/i2400m/rx.c | 2 +- | |
5373 | drivers/net/wireless/airo.c | 2 +- | |
5374 | drivers/net/wireless/at76c50x-usb.c | 2 +- | |
5375 | drivers/net/wireless/ath/ath10k/htc.c | 7 +- | |
5376 | drivers/net/wireless/ath/ath10k/htc.h | 4 +- | |
a8b227b4 PK |
5377 | drivers/net/wireless/ath/ath9k/ar9002_mac.c | 36 +- |
5378 | drivers/net/wireless/ath/ath9k/ar9003_mac.c | 64 +- | |
6090327c | 5379 | drivers/net/wireless/ath/ath9k/hw.h | 4 +- |
a8b227b4 | 5380 | drivers/net/wireless/ath/ath9k/main.c | 22 +- |
6090327c PK |
5381 | drivers/net/wireless/b43/phy_lp.c | 2 +- |
5382 | drivers/net/wireless/iwlegacy/3945-mac.c | 4 +- | |
5383 | drivers/net/wireless/iwlwifi/dvm/debugfs.c | 34 +- | |
5384 | drivers/net/wireless/iwlwifi/pcie/trans.c | 4 +- | |
5385 | drivers/net/wireless/mac80211_hwsim.c | 28 +- | |
5386 | drivers/net/wireless/rndis_wlan.c | 2 +- | |
5387 | drivers/net/wireless/rt2x00/rt2x00.h | 2 +- | |
5388 | drivers/net/wireless/rt2x00/rt2x00queue.c | 4 +- | |
5389 | drivers/net/wireless/ti/wl1251/sdio.c | 12 +- | |
5390 | drivers/net/wireless/ti/wl12xx/main.c | 8 +- | |
5391 | drivers/net/wireless/ti/wl18xx/main.c | 6 +- | |
5392 | drivers/nfc/nfcwilink.c | 2 +- | |
e8242a6d | 5393 | drivers/of/fdt.c | 4 +- |
6090327c PK |
5394 | drivers/oprofile/buffer_sync.c | 8 +- |
5395 | drivers/oprofile/event_buffer.c | 2 +- | |
5396 | drivers/oprofile/oprof.c | 2 +- | |
5397 | drivers/oprofile/oprofile_files.c | 2 +- | |
5398 | drivers/oprofile/oprofile_stats.c | 10 +- | |
5399 | drivers/oprofile/oprofile_stats.h | 10 +- | |
5400 | drivers/oprofile/oprofilefs.c | 6 +- | |
5401 | drivers/oprofile/timer_int.c | 2 +- | |
5402 | drivers/parport/procfs.c | 4 +- | |
e8242a6d | 5403 | drivers/pci/host/pci-host-generic.c | 24 +- |
6090327c PK |
5404 | drivers/pci/hotplug/acpiphp_ibm.c | 4 +- |
5405 | drivers/pci/hotplug/cpcihp_generic.c | 6 +- | |
5406 | drivers/pci/hotplug/cpcihp_zt5550.c | 14 +- | |
0986ccbe | 5407 | drivers/pci/hotplug/cpqphp_nvram.c | 2 + |
6090327c PK |
5408 | drivers/pci/hotplug/pci_hotplug_core.c | 6 +- |
5409 | drivers/pci/hotplug/pciehp_core.c | 2 +- | |
afe359a8 | 5410 | drivers/pci/msi.c | 21 +- |
6090327c PK |
5411 | drivers/pci/pci-sysfs.c | 6 +- |
5412 | drivers/pci/pci.h | 2 +- | |
5413 | drivers/pci/pcie/aspm.c | 6 +- | |
e8242a6d | 5414 | drivers/pci/pcie/portdrv_pci.c | 2 +- |
6090327c | 5415 | drivers/pci/probe.c | 2 +- |
afe359a8 | 5416 | drivers/pinctrl/pinctrl-at91.c | 5 +- |
e8242a6d | 5417 | drivers/platform/chrome/chromeos_pstore.c | 2 +- |
6090327c | 5418 | drivers/platform/x86/alienware-wmi.c | 4 +- |
e8242a6d PK |
5419 | drivers/platform/x86/compal-laptop.c | 2 +- |
5420 | drivers/platform/x86/hdaps.c | 2 +- | |
5421 | drivers/platform/x86/ibm_rtl.c | 2 +- | |
5422 | drivers/platform/x86/intel_oaktrail.c | 2 +- | |
5423 | drivers/platform/x86/msi-laptop.c | 16 +- | |
6090327c | 5424 | drivers/platform/x86/msi-wmi.c | 2 +- |
e8242a6d PK |
5425 | drivers/platform/x86/samsung-laptop.c | 2 +- |
5426 | drivers/platform/x86/samsung-q10.c | 2 +- | |
5427 | drivers/platform/x86/sony-laptop.c | 14 +- | |
da1216b9 | 5428 | drivers/platform/x86/thinkpad_acpi.c | 2 +- |
6090327c | 5429 | drivers/pnp/pnpbios/bioscalls.c | 14 +- |
e8242a6d | 5430 | drivers/pnp/pnpbios/core.c | 2 +- |
6090327c PK |
5431 | drivers/power/pda_power.c | 7 +- |
5432 | drivers/power/power_supply.h | 4 +- | |
5433 | drivers/power/power_supply_core.c | 7 +- | |
5434 | drivers/power/power_supply_sysfs.c | 6 +- | |
afe359a8 | 5435 | drivers/power/reset/at91-reset.c | 9 +- |
6090327c PK |
5436 | drivers/powercap/powercap_sys.c | 136 +- |
5437 | drivers/ptp/ptp_private.h | 2 +- | |
5438 | drivers/ptp/ptp_sysfs.c | 2 +- | |
5439 | drivers/regulator/core.c | 4 +- | |
5440 | drivers/regulator/max8660.c | 6 +- | |
afe359a8 | 5441 | drivers/regulator/max8973-regulator.c | 16 +- |
8cf17962 | 5442 | drivers/regulator/mc13892-regulator.c | 8 +- |
afe359a8 | 5443 | drivers/rtc/rtc-armada38x.c | 7 +- |
6090327c PK |
5444 | drivers/rtc/rtc-cmos.c | 4 +- |
5445 | drivers/rtc/rtc-ds1307.c | 2 +- | |
5446 | drivers/rtc/rtc-m48t59.c | 4 +- | |
afe359a8 PK |
5447 | drivers/rtc/rtc-test.c | 6 +- |
5448 | drivers/scsi/be2iscsi/be_main.c | 2 +- | |
6090327c PK |
5449 | drivers/scsi/bfa/bfa_fcpim.h | 2 +- |
5450 | drivers/scsi/bfa/bfa_ioc.h | 4 +- | |
5451 | drivers/scsi/fcoe/fcoe_sysfs.c | 12 +- | |
5452 | drivers/scsi/hosts.c | 4 +- | |
afe359a8 | 5453 | drivers/scsi/hpsa.c | 38 +- |
6090327c PK |
5454 | drivers/scsi/hpsa.h | 2 +- |
5455 | drivers/scsi/libfc/fc_exch.c | 50 +- | |
5456 | drivers/scsi/libsas/sas_ata.c | 2 +- | |
5457 | drivers/scsi/lpfc/lpfc.h | 8 +- | |
5458 | drivers/scsi/lpfc/lpfc_debugfs.c | 18 +- | |
5459 | drivers/scsi/lpfc/lpfc_init.c | 6 +- | |
5460 | drivers/scsi/lpfc/lpfc_scsi.c | 10 +- | |
5461 | drivers/scsi/mpt2sas/mpt2sas_scsih.c | 8 +- | |
5462 | drivers/scsi/pmcraid.c | 20 +- | |
5463 | drivers/scsi/pmcraid.h | 8 +- | |
5464 | drivers/scsi/qla2xxx/qla_attr.c | 4 +- | |
5465 | drivers/scsi/qla2xxx/qla_gbl.h | 4 +- | |
5466 | drivers/scsi/qla2xxx/qla_os.c | 6 +- | |
5467 | drivers/scsi/qla4xxx/ql4_def.h | 2 +- | |
5468 | drivers/scsi/qla4xxx/ql4_os.c | 6 +- | |
da1216b9 | 5469 | drivers/scsi/scsi.c | 2 +- |
8cf17962 | 5470 | drivers/scsi/scsi_lib.c | 8 +- |
6090327c | 5471 | drivers/scsi/scsi_sysfs.c | 2 +- |
6090327c PK |
5472 | drivers/scsi/scsi_transport_fc.c | 8 +- |
5473 | drivers/scsi/scsi_transport_iscsi.c | 6 +- | |
5474 | drivers/scsi/scsi_transport_srp.c | 6 +- | |
da1216b9 | 5475 | drivers/scsi/sd.c | 6 +- |
6090327c | 5476 | drivers/scsi/sg.c | 2 +- |
afe359a8 | 5477 | drivers/scsi/sr.c | 21 +- |
0986ccbe | 5478 | drivers/soc/tegra/fuse/fuse-tegra.c | 2 +- |
6090327c | 5479 | drivers/spi/spi.c | 2 +- |
afe359a8 | 5480 | drivers/spi/spidev.c | 2 +- |
6090327c | 5481 | drivers/staging/android/timed_output.c | 6 +- |
8cf17962 | 5482 | drivers/staging/comedi/comedi_fops.c | 8 +- |
e8242a6d PK |
5483 | drivers/staging/fbtft/fbtft-core.c | 2 +- |
5484 | drivers/staging/fbtft/fbtft.h | 2 +- | |
6090327c | 5485 | drivers/staging/gdm724x/gdm_tty.c | 2 +- |
afe359a8 PK |
5486 | drivers/staging/iio/accel/lis3l02dq_ring.c | 2 +- |
5487 | drivers/staging/iio/adc/ad7280a.c | 4 +- | |
6090327c PK |
5488 | drivers/staging/lustre/lnet/selftest/brw_test.c | 12 +- |
5489 | drivers/staging/lustre/lnet/selftest/framework.c | 4 - | |
5490 | drivers/staging/lustre/lnet/selftest/ping_test.c | 14 +- | |
5491 | drivers/staging/lustre/lustre/include/lustre_dlm.h | 2 +- | |
5492 | drivers/staging/lustre/lustre/include/obd.h | 2 +- | |
da1216b9 | 5493 | drivers/staging/lustre/lustre/libcfs/module.c | 6 +- |
6090327c PK |
5494 | drivers/staging/octeon/ethernet-rx.c | 12 +- |
5495 | drivers/staging/octeon/ethernet.c | 8 +- | |
5496 | drivers/staging/rtl8188eu/include/hal_intf.h | 2 +- | |
6090327c | 5497 | drivers/staging/rtl8712/rtl871x_io.h | 2 +- |
afe359a8 PK |
5498 | drivers/staging/sm750fb/sm750.c | 14 +- |
5499 | drivers/staging/unisys/visorbus/visorbus_private.h | 4 +- | |
6090327c PK |
5500 | drivers/target/sbp/sbp_target.c | 4 +- |
5501 | drivers/target/target_core_device.c | 2 +- | |
5502 | drivers/target/target_core_transport.c | 2 +- | |
afe359a8 | 5503 | drivers/thermal/cpu_cooling.c | 9 +- |
0986ccbe | 5504 | drivers/thermal/int340x_thermal/int3400_thermal.c | 6 +- |
8cf17962 | 5505 | drivers/thermal/of-thermal.c | 17 +- |
e8242a6d | 5506 | drivers/thermal/x86_pkg_temp_thermal.c | 2 +- |
6090327c PK |
5507 | drivers/tty/cyclades.c | 6 +- |
5508 | drivers/tty/hvc/hvc_console.c | 14 +- | |
5509 | drivers/tty/hvc/hvcs.c | 21 +- | |
5510 | drivers/tty/hvc/hvsi.c | 22 +- | |
5511 | drivers/tty/hvc/hvsi_lib.c | 4 +- | |
5512 | drivers/tty/ipwireless/tty.c | 27 +- | |
5513 | drivers/tty/moxa.c | 2 +- | |
5514 | drivers/tty/n_gsm.c | 4 +- | |
5515 | drivers/tty/n_tty.c | 5 +- | |
5516 | drivers/tty/pty.c | 4 +- | |
5517 | drivers/tty/rocket.c | 6 +- | |
afe359a8 PK |
5518 | drivers/tty/serial/8250/8250_core.c | 10 +- |
5519 | drivers/tty/serial/ifx6x60.c | 2 +- | |
6090327c PK |
5520 | drivers/tty/serial/ioc4_serial.c | 6 +- |
5521 | drivers/tty/serial/kgdb_nmi.c | 4 +- | |
5522 | drivers/tty/serial/kgdboc.c | 32 +- | |
5523 | drivers/tty/serial/msm_serial.c | 4 +- | |
5524 | drivers/tty/serial/samsung.c | 9 +- | |
5525 | drivers/tty/serial/serial_core.c | 8 +- | |
5526 | drivers/tty/synclink.c | 34 +- | |
5527 | drivers/tty/synclink_gt.c | 28 +- | |
5528 | drivers/tty/synclinkmp.c | 34 +- | |
5529 | drivers/tty/tty_io.c | 2 +- | |
5530 | drivers/tty/tty_ldisc.c | 8 +- | |
5531 | drivers/tty/tty_port.c | 22 +- | |
0986ccbe | 5532 | drivers/uio/uio.c | 13 +- |
6090327c PK |
5533 | drivers/usb/atm/cxacru.c | 2 +- |
5534 | drivers/usb/atm/usbatm.c | 24 +- | |
5535 | drivers/usb/core/devices.c | 6 +- | |
5536 | drivers/usb/core/devio.c | 10 +- | |
5537 | drivers/usb/core/hcd.c | 4 +- | |
5538 | drivers/usb/core/message.c | 6 +- | |
5539 | drivers/usb/core/sysfs.c | 2 +- | |
5540 | drivers/usb/core/usb.c | 2 +- | |
6090327c | 5541 | drivers/usb/early/ehci-dbgp.c | 16 +- |
a8b227b4 | 5542 | drivers/usb/gadget/function/u_serial.c | 22 +- |
afe359a8 PK |
5543 | drivers/usb/gadget/udc/dummy_hcd.c | 2 +- |
5544 | drivers/usb/host/ehci-hcd.c | 2 +- | |
6090327c | 5545 | drivers/usb/host/ehci-hub.c | 4 +- |
afe359a8 PK |
5546 | drivers/usb/host/ehci-q.c | 4 +- |
5547 | drivers/usb/host/fotg210-hcd.c | 2 +- | |
5548 | drivers/usb/host/fusbh200-hcd.c | 2 +- | |
5549 | drivers/usb/host/hwa-hc.c | 2 +- | |
5550 | drivers/usb/host/ohci-hcd.c | 2 +- | |
5551 | drivers/usb/host/r8a66597.h | 2 +- | |
5552 | drivers/usb/host/uhci-hcd.c | 2 +- | |
5553 | drivers/usb/host/xhci-pci.c | 2 +- | |
5554 | drivers/usb/host/xhci.c | 2 +- | |
6090327c PK |
5555 | drivers/usb/misc/appledisplay.c | 4 +- |
5556 | drivers/usb/serial/console.c | 8 +- | |
afe359a8 | 5557 | drivers/usb/storage/usb.c | 2 +- |
6090327c | 5558 | drivers/usb/storage/usb.h | 2 +- |
a8b227b4 PK |
5559 | drivers/usb/usbip/vhci.h | 2 +- |
5560 | drivers/usb/usbip/vhci_hcd.c | 6 +- | |
5561 | drivers/usb/usbip/vhci_rx.c | 2 +- | |
6090327c PK |
5562 | drivers/usb/wusbcore/wa-hc.h | 4 +- |
5563 | drivers/usb/wusbcore/wa-xfer.c | 2 +- | |
5564 | drivers/vfio/vfio.c | 2 +- | |
5565 | drivers/vhost/vringh.c | 20 +- | |
5566 | drivers/video/backlight/kb3886_bl.c | 2 +- | |
5567 | drivers/video/fbdev/aty/aty128fb.c | 2 +- | |
5568 | drivers/video/fbdev/aty/atyfb_base.c | 8 +- | |
5569 | drivers/video/fbdev/aty/mach64_cursor.c | 5 +- | |
5570 | drivers/video/fbdev/core/fb_defio.c | 6 +- | |
5571 | drivers/video/fbdev/core/fbmem.c | 2 +- | |
5572 | drivers/video/fbdev/hyperv_fb.c | 4 +- | |
5573 | drivers/video/fbdev/i810/i810_accel.c | 1 + | |
afe359a8 | 5574 | drivers/video/fbdev/matrox/matroxfb_base.c | 2 +- |
6090327c PK |
5575 | drivers/video/fbdev/mb862xx/mb862xxfb_accel.c | 16 +- |
5576 | drivers/video/fbdev/nvidia/nvidia.c | 27 +- | |
5577 | drivers/video/fbdev/omap2/dss/display.c | 8 +- | |
5578 | drivers/video/fbdev/s1d13xxxfb.c | 6 +- | |
5579 | drivers/video/fbdev/smscufx.c | 4 +- | |
5580 | drivers/video/fbdev/udlfb.c | 36 +- | |
5581 | drivers/video/fbdev/uvesafb.c | 52 +- | |
5582 | drivers/video/fbdev/vesafb.c | 58 +- | |
5583 | drivers/video/fbdev/via/via_clock.h | 2 +- | |
e8242a6d | 5584 | drivers/xen/events/events_base.c | 6 +- |
afe359a8 | 5585 | drivers/xen/evtchn.c | 4 +- |
6090327c PK |
5586 | fs/Kconfig.binfmt | 2 +- |
5587 | fs/afs/inode.c | 4 +- | |
5588 | fs/aio.c | 2 +- | |
5589 | fs/autofs4/waitq.c | 2 +- | |
5590 | fs/befs/endian.h | 6 +- | |
5591 | fs/binfmt_aout.c | 23 +- | |
afe359a8 PK |
5592 | fs/binfmt_elf.c | 672 +- |
5593 | fs/binfmt_elf_fdpic.c | 2 +- | |
6090327c PK |
5594 | fs/block_dev.c | 2 +- |
5595 | fs/btrfs/ctree.c | 9 +- | |
5596 | fs/btrfs/delayed-inode.c | 6 +- | |
5597 | fs/btrfs/delayed-inode.h | 4 +- | |
5598 | fs/btrfs/super.c | 2 +- | |
5599 | fs/btrfs/sysfs.c | 2 +- | |
0986ccbe | 5600 | fs/btrfs/tests/free-space-tests.c | 8 +- |
6090327c PK |
5601 | fs/btrfs/tree-log.h | 2 +- |
5602 | fs/buffer.c | 2 +- | |
5603 | fs/cachefiles/bind.c | 6 +- | |
5604 | fs/cachefiles/daemon.c | 8 +- | |
5605 | fs/cachefiles/internal.h | 12 +- | |
5606 | fs/cachefiles/namei.c | 2 +- | |
5607 | fs/cachefiles/proc.c | 12 +- | |
afe359a8 | 5608 | fs/ceph/dir.c | 12 +- |
6090327c PK |
5609 | fs/ceph/super.c | 4 +- |
5610 | fs/cifs/cifs_debug.c | 12 +- | |
5611 | fs/cifs/cifsfs.c | 8 +- | |
5612 | fs/cifs/cifsglob.h | 54 +- | |
5613 | fs/cifs/file.c | 10 +- | |
5614 | fs/cifs/misc.c | 4 +- | |
5615 | fs/cifs/smb1ops.c | 80 +- | |
5616 | fs/cifs/smb2ops.c | 84 +- | |
5617 | fs/cifs/smb2pdu.c | 3 +- | |
5618 | fs/coda/cache.c | 10 +- | |
5619 | fs/compat.c | 4 +- | |
5620 | fs/compat_binfmt_elf.c | 2 + | |
5621 | fs/compat_ioctl.c | 12 +- | |
5622 | fs/configfs/dir.c | 10 +- | |
5623 | fs/coredump.c | 16 +- | |
e8242a6d | 5624 | fs/dcache.c | 51 +- |
6090327c PK |
5625 | fs/ecryptfs/inode.c | 2 +- |
5626 | fs/ecryptfs/miscdev.c | 2 +- | |
8cf17962 | 5627 | fs/exec.c | 362 +- |
6090327c PK |
5628 | fs/ext2/xattr.c | 5 +- |
5629 | fs/ext3/xattr.c | 5 +- | |
5630 | fs/ext4/ext4.h | 20 +- | |
5631 | fs/ext4/mballoc.c | 44 +- | |
5632 | fs/ext4/mmp.c | 2 +- | |
e8242a6d | 5633 | fs/ext4/resize.c | 16 +- |
6090327c PK |
5634 | fs/ext4/super.c | 4 +- |
5635 | fs/ext4/xattr.c | 5 +- | |
5636 | fs/fhandle.c | 3 +- | |
5637 | fs/file.c | 4 +- | |
5638 | fs/fs_struct.c | 8 +- | |
5639 | fs/fscache/cookie.c | 40 +- | |
afe359a8 | 5640 | fs/fscache/internal.h | 202 +- |
6090327c | 5641 | fs/fscache/object.c | 26 +- |
afe359a8 | 5642 | fs/fscache/operation.c | 38 +- |
6090327c | 5643 | fs/fscache/page.c | 110 +- |
afe359a8 | 5644 | fs/fscache/stats.c | 348 +- |
6090327c PK |
5645 | fs/fuse/cuse.c | 10 +- |
5646 | fs/fuse/dev.c | 4 +- | |
e8242a6d PK |
5647 | fs/gfs2/glock.c | 22 +- |
5648 | fs/gfs2/glops.c | 4 +- | |
5649 | fs/gfs2/quota.c | 6 +- | |
6090327c PK |
5650 | fs/hugetlbfs/inode.c | 13 +- |
5651 | fs/inode.c | 4 +- | |
5652 | fs/jffs2/erase.c | 3 +- | |
5653 | fs/jffs2/wbuf.c | 3 +- | |
5654 | fs/jfs/super.c | 2 +- | |
5655 | fs/kernfs/dir.c | 2 +- | |
e8242a6d | 5656 | fs/kernfs/file.c | 20 +- |
afe359a8 | 5657 | fs/libfs.c | 10 +- |
6090327c | 5658 | fs/lockd/clntproc.c | 4 +- |
afe359a8 | 5659 | fs/namei.c | 16 +- |
6090327c PK |
5660 | fs/namespace.c | 16 +- |
5661 | fs/nfs/callback_xdr.c | 2 +- | |
5662 | fs/nfs/inode.c | 6 +- | |
5663 | fs/nfsd/nfs4proc.c | 2 +- | |
5664 | fs/nfsd/nfs4xdr.c | 2 +- | |
a8b227b4 | 5665 | fs/nfsd/nfscache.c | 11 +- |
6090327c | 5666 | fs/nfsd/vfs.c | 6 +- |
a8b227b4 | 5667 | fs/nls/nls_base.c | 26 +- |
6090327c PK |
5668 | fs/nls/nls_euc-jp.c | 6 +- |
5669 | fs/nls/nls_koi8-ru.c | 6 +- | |
5670 | fs/notify/fanotify/fanotify_user.c | 4 +- | |
5671 | fs/notify/notification.c | 4 +- | |
5672 | fs/ntfs/dir.c | 2 +- | |
6090327c PK |
5673 | fs/ntfs/super.c | 6 +- |
5674 | fs/ocfs2/localalloc.c | 2 +- | |
5675 | fs/ocfs2/ocfs2.h | 10 +- | |
5676 | fs/ocfs2/suballoc.c | 12 +- | |
5677 | fs/ocfs2/super.c | 20 +- | |
da1216b9 | 5678 | fs/pipe.c | 72 +- |
6090327c PK |
5679 | fs/posix_acl.c | 4 +- |
5680 | fs/proc/array.c | 20 + | |
5681 | fs/proc/base.c | 4 +- | |
e8242a6d | 5682 | fs/proc/kcore.c | 34 +- |
6090327c PK |
5683 | fs/proc/meminfo.c | 2 +- |
5684 | fs/proc/nommu.c | 2 +- | |
afe359a8 | 5685 | fs/proc/proc_sysctl.c | 26 +- |
6090327c PK |
5686 | fs/proc/task_mmu.c | 39 +- |
5687 | fs/proc/task_nommu.c | 4 +- | |
5688 | fs/proc/vmcore.c | 16 +- | |
5689 | fs/qnx6/qnx6.h | 4 +- | |
5690 | fs/quota/netlink.c | 4 +- | |
5691 | fs/read_write.c | 2 +- | |
5692 | fs/reiserfs/do_balan.c | 2 +- | |
5693 | fs/reiserfs/procfs.c | 2 +- | |
5694 | fs/reiserfs/reiserfs.h | 4 +- | |
5695 | fs/seq_file.c | 4 +- | |
5696 | fs/splice.c | 43 +- | |
da1216b9 | 5697 | fs/squashfs/xattr.c | 12 +- |
6090327c | 5698 | fs/sysv/sysv.h | 2 +- |
afe359a8 | 5699 | fs/tracefs/inode.c | 8 +- |
6090327c PK |
5700 | fs/ubifs/io.c | 2 +- |
5701 | fs/udf/misc.c | 2 +- | |
5702 | fs/ufs/swab.h | 4 +- | |
5703 | fs/xattr.c | 21 + | |
a8b227b4 | 5704 | fs/xfs/libxfs/xfs_bmap.c | 2 +- |
6090327c PK |
5705 | fs/xfs/xfs_dir2_readdir.c | 7 +- |
5706 | fs/xfs/xfs_ioctl.c | 2 +- | |
0986ccbe | 5707 | fs/xfs/xfs_linux.h | 4 +- |
6090327c | 5708 | include/asm-generic/4level-fixup.h | 2 + |
0986ccbe | 5709 | include/asm-generic/atomic-long.h | 214 +- |
6090327c PK |
5710 | include/asm-generic/atomic64.h | 12 + |
5711 | include/asm-generic/barrier.h | 2 +- | |
5712 | include/asm-generic/bitops/__fls.h | 2 +- | |
5713 | include/asm-generic/bitops/fls.h | 2 +- | |
5714 | include/asm-generic/bitops/fls64.h | 4 +- | |
da1216b9 | 5715 | include/asm-generic/bug.h | 6 +- |
6090327c PK |
5716 | include/asm-generic/cache.h | 4 +- |
5717 | include/asm-generic/emergency-restart.h | 2 +- | |
5718 | include/asm-generic/kmap_types.h | 4 +- | |
5719 | include/asm-generic/local.h | 13 + | |
5720 | include/asm-generic/pgtable-nopmd.h | 18 +- | |
5721 | include/asm-generic/pgtable-nopud.h | 15 +- | |
5722 | include/asm-generic/pgtable.h | 16 + | |
5723 | include/asm-generic/uaccess.h | 16 + | |
da1216b9 | 5724 | include/asm-generic/vmlinux.lds.h | 13 +- |
6090327c PK |
5725 | include/crypto/algapi.h | 2 +- |
5726 | include/drm/drmP.h | 16 +- | |
5727 | include/drm/drm_crtc_helper.h | 2 +- | |
afe359a8 | 5728 | include/drm/drm_mm.h | 2 +- |
6090327c | 5729 | include/drm/i915_pciids.h | 2 +- |
afe359a8 | 5730 | include/drm/intel-gtt.h | 4 +- |
6090327c PK |
5731 | include/drm/ttm/ttm_memory.h | 2 +- |
5732 | include/drm/ttm/ttm_page_alloc.h | 1 + | |
5733 | include/keys/asymmetric-subtype.h | 2 +- | |
5734 | include/linux/atmdev.h | 4 +- | |
8cf17962 | 5735 | include/linux/atomic.h | 2 +- |
6090327c PK |
5736 | include/linux/audit.h | 2 +- |
5737 | include/linux/binfmts.h | 3 +- | |
8cf17962 | 5738 | include/linux/bitmap.h | 2 +- |
afe359a8 | 5739 | include/linux/bitops.h | 8 +- |
6090327c PK |
5740 | include/linux/blkdev.h | 2 +- |
5741 | include/linux/blktrace_api.h | 2 +- | |
5742 | include/linux/cache.h | 8 + | |
5743 | include/linux/cdrom.h | 1 - | |
5744 | include/linux/cleancache.h | 2 +- | |
5745 | include/linux/clk-provider.h | 1 + | |
da1216b9 | 5746 | include/linux/compat.h | 6 +- |
afe359a8 PK |
5747 | include/linux/compiler-gcc.h | 28 +- |
5748 | include/linux/compiler.h | 95 +- | |
6090327c PK |
5749 | include/linux/completion.h | 12 +- |
5750 | include/linux/configfs.h | 2 +- | |
5751 | include/linux/cpufreq.h | 3 +- | |
5752 | include/linux/cpuidle.h | 5 +- | |
8cf17962 | 5753 | include/linux/cpumask.h | 14 +- |
afe359a8 | 5754 | include/linux/crypto.h | 4 +- |
6090327c | 5755 | include/linux/ctype.h | 2 +- |
e8242a6d | 5756 | include/linux/dcache.h | 4 +- |
6090327c PK |
5757 | include/linux/decompress/mm.h | 2 +- |
5758 | include/linux/devfreq.h | 2 +- | |
5759 | include/linux/device.h | 7 +- | |
5760 | include/linux/dma-mapping.h | 2 +- | |
6090327c PK |
5761 | include/linux/efi.h | 1 + |
5762 | include/linux/elf.h | 2 + | |
5763 | include/linux/err.h | 4 +- | |
5764 | include/linux/extcon.h | 2 +- | |
e8242a6d | 5765 | include/linux/fb.h | 3 +- |
6090327c | 5766 | include/linux/fdtable.h | 2 +- |
da1216b9 | 5767 | include/linux/fs.h | 5 +- |
6090327c | 5768 | include/linux/fs_struct.h | 2 +- |
afe359a8 | 5769 | include/linux/fscache-cache.h | 2 +- |
6090327c PK |
5770 | include/linux/fscache.h | 2 +- |
5771 | include/linux/fsnotify.h | 2 +- | |
5772 | include/linux/genhd.h | 4 +- | |
5773 | include/linux/genl_magic_func.h | 2 +- | |
5774 | include/linux/gfp.h | 12 +- | |
6090327c PK |
5775 | include/linux/highmem.h | 12 + |
5776 | include/linux/hwmon-sysfs.h | 6 +- | |
5777 | include/linux/i2c.h | 1 + | |
6090327c PK |
5778 | include/linux/if_pppox.h | 2 +- |
5779 | include/linux/init.h | 12 +- | |
5780 | include/linux/init_task.h | 7 + | |
5781 | include/linux/interrupt.h | 6 +- | |
5782 | include/linux/iommu.h | 2 +- | |
5783 | include/linux/ioport.h | 2 +- | |
afe359a8 PK |
5784 | include/linux/ipc.h | 2 +- |
5785 | include/linux/irq.h | 5 +- | |
8cf17962 | 5786 | include/linux/irqdesc.h | 2 +- |
afe359a8 PK |
5787 | include/linux/irqdomain.h | 3 + |
5788 | include/linux/jiffies.h | 30 +- | |
8cf17962 | 5789 | include/linux/kernel.h | 2 +- |
6090327c PK |
5790 | include/linux/key-type.h | 2 +- |
5791 | include/linux/kgdb.h | 6 +- | |
8cf17962 | 5792 | include/linux/kmemleak.h | 4 +- |
6090327c PK |
5793 | include/linux/kobject.h | 3 +- |
5794 | include/linux/kobject_ns.h | 2 +- | |
5795 | include/linux/kref.h | 2 +- | |
5796 | include/linux/kvm_host.h | 4 +- | |
5797 | include/linux/libata.h | 2 +- | |
5798 | include/linux/linkage.h | 1 + | |
5799 | include/linux/list.h | 15 + | |
e8242a6d | 5800 | include/linux/lockref.h | 26 +- |
6090327c PK |
5801 | include/linux/math64.h | 10 +- |
5802 | include/linux/mempolicy.h | 7 + | |
0986ccbe | 5803 | include/linux/mm.h | 104 +- |
6090327c PK |
5804 | include/linux/mm_types.h | 20 + |
5805 | include/linux/mmiotrace.h | 4 +- | |
5806 | include/linux/mmzone.h | 2 +- | |
5807 | include/linux/mod_devicetable.h | 4 +- | |
afe359a8 | 5808 | include/linux/module.h | 69 +- |
6090327c PK |
5809 | include/linux/moduleloader.h | 16 + |
5810 | include/linux/moduleparam.h | 4 +- | |
6090327c PK |
5811 | include/linux/net.h | 2 +- |
5812 | include/linux/netdevice.h | 7 +- | |
5813 | include/linux/netfilter.h | 2 +- | |
5814 | include/linux/netfilter/nfnetlink.h | 2 +- | |
a8b227b4 | 5815 | include/linux/nls.h | 4 +- |
6090327c PK |
5816 | include/linux/notifier.h | 3 +- |
5817 | include/linux/oprofile.h | 4 +- | |
5818 | include/linux/padata.h | 2 +- | |
5819 | include/linux/pci_hotplug.h | 3 +- | |
8cf17962 | 5820 | include/linux/percpu.h | 2 +- |
da1216b9 | 5821 | include/linux/perf_event.h | 12 +- |
6090327c PK |
5822 | include/linux/pipe_fs_i.h | 8 +- |
5823 | include/linux/pm.h | 1 + | |
5824 | include/linux/pm_domain.h | 4 +- | |
5825 | include/linux/pm_runtime.h | 2 +- | |
5826 | include/linux/pnp.h | 2 +- | |
5827 | include/linux/poison.h | 4 +- | |
5828 | include/linux/power/smartreflex.h | 2 +- | |
5829 | include/linux/ppp-comp.h | 2 +- | |
5830 | include/linux/preempt.h | 21 + | |
5831 | include/linux/proc_ns.h | 2 +- | |
5832 | include/linux/quota.h | 2 +- | |
5833 | include/linux/random.h | 23 +- | |
afe359a8 | 5834 | include/linux/rculist.h | 16 + |
6090327c PK |
5835 | include/linux/reboot.h | 14 +- |
5836 | include/linux/regset.h | 3 +- | |
5837 | include/linux/relay.h | 2 +- | |
5838 | include/linux/rio.h | 2 +- | |
5839 | include/linux/rmap.h | 4 +- | |
afe359a8 | 5840 | include/linux/sched.h | 74 +- |
6090327c | 5841 | include/linux/sched/sysctl.h | 1 + |
6090327c PK |
5842 | include/linux/semaphore.h | 2 +- |
5843 | include/linux/seq_file.h | 1 + | |
5844 | include/linux/signal.h | 2 +- | |
8cf17962 | 5845 | include/linux/skbuff.h | 10 +- |
da1216b9 | 5846 | include/linux/slab.h | 47 +- |
6090327c PK |
5847 | include/linux/slab_def.h | 14 +- |
5848 | include/linux/slub_def.h | 2 +- | |
5849 | include/linux/smp.h | 2 + | |
5850 | include/linux/sock_diag.h | 2 +- | |
5851 | include/linux/sonet.h | 2 +- | |
5852 | include/linux/sunrpc/addr.h | 8 +- | |
5853 | include/linux/sunrpc/clnt.h | 2 +- | |
5854 | include/linux/sunrpc/svc.h | 2 +- | |
5855 | include/linux/sunrpc/svc_rdma.h | 18 +- | |
5856 | include/linux/sunrpc/svcauth.h | 2 +- | |
5857 | include/linux/swiotlb.h | 3 +- | |
da1216b9 | 5858 | include/linux/syscalls.h | 21 +- |
6090327c | 5859 | include/linux/syscore_ops.h | 2 +- |
a8b227b4 | 5860 | include/linux/sysctl.h | 3 +- |
6090327c PK |
5861 | include/linux/sysfs.h | 9 +- |
5862 | include/linux/sysrq.h | 3 +- | |
afe359a8 | 5863 | include/linux/tcp.h | 14 +- |
6090327c PK |
5864 | include/linux/thread_info.h | 7 + |
5865 | include/linux/tty.h | 4 +- | |
5866 | include/linux/tty_driver.h | 2 +- | |
5867 | include/linux/tty_ldisc.h | 2 +- | |
5868 | include/linux/types.h | 16 + | |
5869 | include/linux/uaccess.h | 6 +- | |
0986ccbe | 5870 | include/linux/uio_driver.h | 2 +- |
6090327c | 5871 | include/linux/unaligned/access_ok.h | 24 +- |
afe359a8 PK |
5872 | include/linux/usb.h | 6 +- |
5873 | include/linux/usb/hcd.h | 1 + | |
6090327c PK |
5874 | include/linux/usb/renesas_usbhs.h | 2 +- |
5875 | include/linux/vermagic.h | 21 +- | |
5876 | include/linux/vga_switcheroo.h | 8 +- | |
5877 | include/linux/vmalloc.h | 7 +- | |
5878 | include/linux/vmstat.h | 24 +- | |
5879 | include/linux/xattr.h | 5 +- | |
5880 | include/linux/zlib.h | 3 +- | |
5881 | include/media/v4l2-dev.h | 2 +- | |
5882 | include/media/v4l2-device.h | 2 +- | |
5883 | include/net/9p/transport.h | 2 +- | |
5884 | include/net/bluetooth/l2cap.h | 2 +- | |
8cf17962 | 5885 | include/net/bonding.h | 2 +- |
6090327c PK |
5886 | include/net/caif/cfctrl.h | 6 +- |
5887 | include/net/flow.h | 2 +- | |
5888 | include/net/genetlink.h | 2 +- | |
5889 | include/net/gro_cells.h | 2 +- | |
5890 | include/net/inet_connection_sock.h | 2 +- | |
afe359a8 | 5891 | include/net/inet_sock.h | 2 +- |
6090327c PK |
5892 | include/net/inetpeer.h | 2 +- |
5893 | include/net/ip_fib.h | 2 +- | |
5894 | include/net/ip_vs.h | 8 +- | |
5895 | include/net/irda/ircomm_tty.h | 1 + | |
5896 | include/net/iucv/af_iucv.h | 2 +- | |
5897 | include/net/llc_c_ac.h | 2 +- | |
5898 | include/net/llc_c_ev.h | 4 +- | |
5899 | include/net/llc_c_st.h | 2 +- | |
5900 | include/net/llc_s_ac.h | 2 +- | |
5901 | include/net/llc_s_st.h | 2 +- | |
5902 | include/net/mac80211.h | 2 +- | |
5903 | include/net/neighbour.h | 2 +- | |
afe359a8 | 5904 | include/net/net_namespace.h | 18 +- |
6090327c PK |
5905 | include/net/netlink.h | 2 +- |
5906 | include/net/netns/conntrack.h | 6 +- | |
5907 | include/net/netns/ipv4.h | 4 +- | |
5908 | include/net/netns/ipv6.h | 4 +- | |
5909 | include/net/netns/xfrm.h | 2 +- | |
5910 | include/net/ping.h | 2 +- | |
5911 | include/net/protocol.h | 4 +- | |
5912 | include/net/rtnetlink.h | 2 +- | |
5913 | include/net/sctp/checksum.h | 4 +- | |
5914 | include/net/sctp/sm.h | 4 +- | |
5915 | include/net/sctp/structs.h | 2 +- | |
afe359a8 | 5916 | include/net/sock.h | 12 +- |
6090327c PK |
5917 | include/net/tcp.h | 8 +- |
5918 | include/net/xfrm.h | 13 +- | |
5919 | include/rdma/iw_cm.h | 2 +- | |
5920 | include/scsi/libfc.h | 3 +- | |
5921 | include/scsi/scsi_device.h | 6 +- | |
da1216b9 | 5922 | include/scsi/scsi_driver.h | 2 +- |
6090327c | 5923 | include/scsi/scsi_transport_fc.h | 3 +- |
afe359a8 | 5924 | include/scsi/sg.h | 2 +- |
6090327c PK |
5925 | include/sound/compress_driver.h | 2 +- |
5926 | include/sound/soc.h | 4 +- | |
5927 | include/target/target_core_base.h | 2 +- | |
5928 | include/trace/events/irq.h | 4 +- | |
5929 | include/uapi/linux/a.out.h | 8 + | |
5930 | include/uapi/linux/bcache.h | 5 +- | |
5931 | include/uapi/linux/byteorder/little_endian.h | 28 +- | |
afe359a8 | 5932 | include/uapi/linux/connector.h | 2 +- |
6090327c PK |
5933 | include/uapi/linux/elf.h | 28 + |
5934 | include/uapi/linux/screen_info.h | 3 +- | |
5935 | include/uapi/linux/swab.h | 6 +- | |
6090327c PK |
5936 | include/uapi/linux/xattr.h | 4 + |
5937 | include/video/udlfb.h | 8 +- | |
5938 | include/video/uvesafb.h | 1 + | |
5939 | init/Kconfig | 2 +- | |
5940 | init/Makefile | 3 + | |
5941 | init/do_mounts.c | 14 +- | |
5942 | init/do_mounts.h | 8 +- | |
5943 | init/do_mounts_initrd.c | 30 +- | |
5944 | init/do_mounts_md.c | 6 +- | |
5945 | init/init_task.c | 4 + | |
a8b227b4 | 5946 | init/initramfs.c | 38 +- |
afe359a8 | 5947 | init/main.c | 30 +- |
da1216b9 | 5948 | ipc/compat.c | 4 +- |
8cf17962 | 5949 | ipc/ipc_sysctl.c | 8 +- |
6090327c | 5950 | ipc/mq_sysctl.c | 4 +- |
da1216b9 | 5951 | ipc/sem.c | 4 +- |
6090327c | 5952 | ipc/shm.c | 6 + |
6090327c PK |
5953 | kernel/audit.c | 8 +- |
5954 | kernel/auditsc.c | 4 +- | |
8cf17962 | 5955 | kernel/bpf/core.c | 7 +- |
6090327c PK |
5956 | kernel/capability.c | 3 + |
5957 | kernel/compat.c | 38 +- | |
5958 | kernel/debug/debug_core.c | 16 +- | |
5959 | kernel/debug/kdb/kdb_main.c | 4 +- | |
da1216b9 | 5960 | kernel/events/core.c | 26 +- |
6090327c PK |
5961 | kernel/events/internal.h | 10 +- |
5962 | kernel/events/uprobes.c | 2 +- | |
5963 | kernel/exit.c | 2 +- | |
afe359a8 | 5964 | kernel/fork.c | 165 +- |
6090327c PK |
5965 | kernel/futex.c | 11 +- |
5966 | kernel/futex_compat.c | 2 +- | |
5967 | kernel/gcov/base.c | 7 +- | |
8cf17962 | 5968 | kernel/irq/manage.c | 2 +- |
afe359a8 | 5969 | kernel/irq/msi.c | 20 +- |
8cf17962 | 5970 | kernel/irq/spurious.c | 2 +- |
6090327c | 5971 | kernel/jump_label.c | 5 + |
0986ccbe | 5972 | kernel/kallsyms.c | 37 +- |
6090327c PK |
5973 | kernel/kexec.c | 3 +- |
5974 | kernel/kmod.c | 8 +- | |
5975 | kernel/kprobes.c | 4 +- | |
5976 | kernel/ksysfs.c | 2 +- | |
5977 | kernel/locking/lockdep.c | 7 +- | |
6090327c PK |
5978 | kernel/locking/mutex-debug.c | 12 +- |
5979 | kernel/locking/mutex-debug.h | 4 +- | |
5980 | kernel/locking/mutex.c | 6 +- | |
5981 | kernel/locking/rtmutex-tester.c | 24 +- | |
afe359a8 | 5982 | kernel/module.c | 422 +- |
6090327c PK |
5983 | kernel/notifier.c | 17 +- |
5984 | kernel/padata.c | 4 +- | |
5985 | kernel/panic.c | 5 +- | |
5986 | kernel/pid.c | 2 +- | |
5987 | kernel/pid_namespace.c | 2 +- | |
6090327c PK |
5988 | kernel/power/process.c | 12 +- |
5989 | kernel/profile.c | 14 +- | |
5990 | kernel/ptrace.c | 8 +- | |
0986ccbe | 5991 | kernel/rcu/rcutorture.c | 60 +- |
6090327c | 5992 | kernel/rcu/tiny.c | 4 +- |
afe359a8 | 5993 | kernel/rcu/tree.c | 66 +- |
6090327c | 5994 | kernel/rcu/tree.h | 26 +- |
afe359a8 | 5995 | kernel/rcu/tree_plugin.h | 14 +- |
6090327c | 5996 | kernel/rcu/tree_trace.c | 22 +- |
6090327c PK |
5997 | kernel/sched/auto_group.c | 4 +- |
5998 | kernel/sched/completion.c | 6 +- | |
5999 | kernel/sched/core.c | 45 +- | |
afe359a8 | 6000 | kernel/sched/fair.c | 2 +- |
6090327c PK |
6001 | kernel/sched/sched.h | 2 +- |
6002 | kernel/signal.c | 12 +- | |
6003 | kernel/smpboot.c | 4 +- | |
6004 | kernel/softirq.c | 12 +- | |
6005 | kernel/sys.c | 10 +- | |
6006 | kernel/sysctl.c | 34 +- | |
6007 | kernel/time/alarmtimer.c | 2 +- | |
a8b227b4 PK |
6008 | kernel/time/posix-cpu-timers.c | 4 +- |
6009 | kernel/time/posix-timers.c | 24 +- | |
6010 | kernel/time/timer.c | 4 +- | |
6090327c | 6011 | kernel/time/timer_stats.c | 10 +- |
6090327c | 6012 | kernel/trace/blktrace.c | 6 +- |
0986ccbe | 6013 | kernel/trace/ftrace.c | 15 +- |
e8242a6d | 6014 | kernel/trace/ring_buffer.c | 96 +- |
6090327c PK |
6015 | kernel/trace/trace.c | 2 +- |
6016 | kernel/trace/trace.h | 2 +- | |
6017 | kernel/trace/trace_clock.c | 4 +- | |
6018 | kernel/trace/trace_events.c | 1 - | |
0986ccbe | 6019 | kernel/trace/trace_functions_graph.c | 4 +- |
6090327c | 6020 | kernel/trace/trace_mmiotrace.c | 8 +- |
a8b227b4 PK |
6021 | kernel/trace/trace_output.c | 10 +- |
6022 | kernel/trace/trace_seq.c | 2 +- | |
6090327c PK |
6023 | kernel/trace/trace_stack.c | 2 +- |
6024 | kernel/user_namespace.c | 2 +- | |
6025 | kernel/utsname_sysctl.c | 2 +- | |
6026 | kernel/watchdog.c | 2 +- | |
afe359a8 | 6027 | kernel/workqueue.c | 4 +- |
6090327c PK |
6028 | lib/Kconfig.debug | 8 +- |
6029 | lib/Makefile | 2 +- | |
6030 | lib/average.c | 2 +- | |
8cf17962 | 6031 | lib/bitmap.c | 10 +- |
6090327c PK |
6032 | lib/bug.c | 2 + |
6033 | lib/debugobjects.c | 2 +- | |
da1216b9 PK |
6034 | lib/decompress_bunzip2.c | 3 +- |
6035 | lib/decompress_unlzma.c | 4 +- | |
6090327c PK |
6036 | lib/div64.c | 4 +- |
6037 | lib/dma-debug.c | 4 +- | |
6090327c PK |
6038 | lib/inflate.c | 2 +- |
6039 | lib/ioremap.c | 4 +- | |
6040 | lib/kobject.c | 4 +- | |
6041 | lib/list_debug.c | 126 +- | |
e8242a6d | 6042 | lib/lockref.c | 44 +- |
6090327c PK |
6043 | lib/percpu-refcount.c | 2 +- |
6044 | lib/radix-tree.c | 2 +- | |
6045 | lib/random32.c | 2 +- | |
6046 | lib/show_mem.c | 2 +- | |
6047 | lib/strncpy_from_user.c | 2 +- | |
6048 | lib/strnlen_user.c | 2 +- | |
6049 | lib/swiotlb.c | 2 +- | |
6050 | lib/usercopy.c | 6 + | |
6051 | lib/vsprintf.c | 12 +- | |
6052 | mm/Kconfig | 6 +- | |
6053 | mm/backing-dev.c | 4 +- | |
6054 | mm/filemap.c | 2 +- | |
6090327c PK |
6055 | mm/gup.c | 13 +- |
6056 | mm/highmem.c | 7 +- | |
6057 | mm/hugetlb.c | 70 +- | |
6058 | mm/internal.h | 3 +- | |
6090327c | 6059 | mm/maccess.c | 4 +- |
e8242a6d | 6060 | mm/madvise.c | 37 + |
afe359a8 PK |
6061 | mm/memory-failure.c | 34 +- |
6062 | mm/memory.c | 425 +- | |
6090327c PK |
6063 | mm/mempolicy.c | 25 + |
6064 | mm/mlock.c | 15 +- | |
e8242a6d | 6065 | mm/mm_init.c | 2 +- |
da1216b9 | 6066 | mm/mmap.c | 582 +- |
0986ccbe | 6067 | mm/mprotect.c | 137 +- |
6090327c PK |
6068 | mm/mremap.c | 44 +- |
6069 | mm/nommu.c | 21 +- | |
6070 | mm/page-writeback.c | 2 +- | |
afe359a8 | 6071 | mm/page_alloc.c | 49 +- |
6090327c PK |
6072 | mm/percpu.c | 2 +- |
6073 | mm/process_vm_access.c | 14 +- | |
8cf17962 | 6074 | mm/rmap.c | 45 +- |
6090327c | 6075 | mm/shmem.c | 19 +- |
8cf17962 | 6076 | mm/slab.c | 109 +- |
0986ccbe | 6077 | mm/slab.h | 22 +- |
8cf17962 PK |
6078 | mm/slab_common.c | 86 +- |
6079 | mm/slob.c | 218 +- | |
afe359a8 | 6080 | mm/slub.c | 102 +- |
6090327c PK |
6081 | mm/sparse-vmemmap.c | 4 +- |
6082 | mm/sparse.c | 2 +- | |
da1216b9 | 6083 | mm/swap.c | 2 + |
6090327c PK |
6084 | mm/swapfile.c | 12 +- |
6085 | mm/util.c | 6 + | |
e8242a6d | 6086 | mm/vmalloc.c | 112 +- |
6090327c PK |
6087 | mm/vmstat.c | 12 +- |
6088 | net/8021q/vlan.c | 5 +- | |
0986ccbe | 6089 | net/8021q/vlan_netlink.c | 2 +- |
6090327c PK |
6090 | net/9p/mod.c | 4 +- |
6091 | net/9p/trans_fd.c | 2 +- | |
6092 | net/atm/atm_misc.c | 8 +- | |
6093 | net/atm/lec.h | 2 +- | |
6094 | net/atm/proc.c | 6 +- | |
6095 | net/atm/resources.c | 4 +- | |
6096 | net/ax25/sysctl_net_ax25.c | 2 +- | |
6097 | net/batman-adv/bat_iv_ogm.c | 8 +- | |
6098 | net/batman-adv/fragmentation.c | 2 +- | |
0986ccbe | 6099 | net/batman-adv/soft-interface.c | 8 +- |
6090327c PK |
6100 | net/batman-adv/types.h | 6 +- |
6101 | net/bluetooth/hci_sock.c | 2 +- | |
6102 | net/bluetooth/l2cap_core.c | 6 +- | |
6103 | net/bluetooth/l2cap_sock.c | 12 +- | |
6104 | net/bluetooth/rfcomm/sock.c | 4 +- | |
6105 | net/bluetooth/rfcomm/tty.c | 4 +- | |
0986ccbe | 6106 | net/bridge/br_netlink.c | 2 +- |
6090327c PK |
6107 | net/bridge/netfilter/ebtables.c | 6 +- |
6108 | net/caif/cfctrl.c | 11 +- | |
0986ccbe | 6109 | net/caif/chnl_net.c | 2 +- |
6090327c PK |
6110 | net/can/af_can.c | 2 +- |
6111 | net/can/gw.c | 6 +- | |
6112 | net/ceph/messenger.c | 4 +- | |
8cf17962 | 6113 | net/compat.c | 24 +- |
6090327c | 6114 | net/core/datagram.c | 2 +- |
da1216b9 | 6115 | net/core/dev.c | 16 +- |
6090327c | 6116 | net/core/filter.c | 2 +- |
e8242a6d | 6117 | net/core/flow.c | 6 +- |
6090327c PK |
6118 | net/core/neighbour.c | 4 +- |
6119 | net/core/net-sysfs.c | 2 +- | |
6120 | net/core/net_namespace.c | 8 +- | |
6121 | net/core/netpoll.c | 4 +- | |
6122 | net/core/rtnetlink.c | 15 +- | |
6123 | net/core/scm.c | 8 +- | |
6124 | net/core/skbuff.c | 8 +- | |
afe359a8 PK |
6125 | net/core/sock.c | 28 +- |
6126 | net/core/sock_diag.c | 15 +- | |
8cf17962 | 6127 | net/core/sysctl_net_core.c | 22 +- |
6090327c PK |
6128 | net/decnet/af_decnet.c | 1 + |
6129 | net/decnet/sysctl_net_decnet.c | 4 +- | |
afe359a8 | 6130 | net/dsa/dsa.c | 2 +- |
0986ccbe | 6131 | net/hsr/hsr_netlink.c | 2 +- |
e8242a6d PK |
6132 | net/ieee802154/6lowpan/core.c | 2 +- |
6133 | net/ieee802154/6lowpan/reassembly.c | 14 +- | |
0986ccbe | 6134 | net/ipv4/af_inet.c | 2 +- |
6090327c PK |
6135 | net/ipv4/devinet.c | 18 +- |
6136 | net/ipv4/fib_frontend.c | 6 +- | |
6137 | net/ipv4/fib_semantics.c | 2 +- | |
afe359a8 PK |
6138 | net/ipv4/inet_connection_sock.c | 4 +- |
6139 | net/ipv4/inet_timewait_sock.c | 2 +- | |
6090327c PK |
6140 | net/ipv4/inetpeer.c | 2 +- |
6141 | net/ipv4/ip_fragment.c | 15 +- | |
6142 | net/ipv4/ip_gre.c | 6 +- | |
6143 | net/ipv4/ip_sockglue.c | 2 +- | |
6144 | net/ipv4/ip_vti.c | 4 +- | |
6145 | net/ipv4/ipconfig.c | 6 +- | |
6146 | net/ipv4/ipip.c | 4 +- | |
6147 | net/ipv4/netfilter/arp_tables.c | 12 +- | |
6148 | net/ipv4/netfilter/ip_tables.c | 12 +- | |
0986ccbe | 6149 | net/ipv4/ping.c | 14 +- |
6090327c PK |
6150 | net/ipv4/raw.c | 14 +- |
6151 | net/ipv4/route.c | 32 +- | |
6152 | net/ipv4/sysctl_net_ipv4.c | 22 +- | |
afe359a8 | 6153 | net/ipv4/tcp_input.c | 6 +- |
6090327c PK |
6154 | net/ipv4/tcp_probe.c | 2 +- |
6155 | net/ipv4/udp.c | 10 +- | |
6156 | net/ipv4/xfrm4_policy.c | 18 +- | |
da1216b9 | 6157 | net/ipv6/addrconf.c | 16 +- |
6090327c PK |
6158 | net/ipv6/af_inet6.c | 2 +- |
6159 | net/ipv6/datagram.c | 2 +- | |
6160 | net/ipv6/icmp.c | 2 +- | |
0986ccbe | 6161 | net/ipv6/ip6_fib.c | 4 +- |
6090327c PK |
6162 | net/ipv6/ip6_gre.c | 10 +- |
6163 | net/ipv6/ip6_tunnel.c | 4 +- | |
6164 | net/ipv6/ip6_vti.c | 4 +- | |
6165 | net/ipv6/ipv6_sockglue.c | 2 +- | |
6166 | net/ipv6/netfilter/ip6_tables.c | 12 +- | |
6167 | net/ipv6/netfilter/nf_conntrack_reasm.c | 14 +- | |
6168 | net/ipv6/ping.c | 33 +- | |
6169 | net/ipv6/raw.c | 17 +- | |
6170 | net/ipv6/reassembly.c | 13 +- | |
6171 | net/ipv6/route.c | 2 +- | |
6172 | net/ipv6/sit.c | 4 +- | |
6173 | net/ipv6/sysctl_net_ipv6.c | 2 +- | |
6174 | net/ipv6/udp.c | 6 +- | |
afe359a8 | 6175 | net/ipv6/xfrm6_policy.c | 23 +- |
6090327c PK |
6176 | net/irda/ircomm/ircomm_tty.c | 18 +- |
6177 | net/iucv/af_iucv.c | 4 +- | |
6178 | net/iucv/iucv.c | 2 +- | |
6179 | net/key/af_key.c | 4 +- | |
6180 | net/l2tp/l2tp_eth.c | 38 +- | |
e8242a6d PK |
6181 | net/l2tp/l2tp_ip.c | 2 +- |
6182 | net/l2tp/l2tp_ip6.c | 2 +- | |
6090327c PK |
6183 | net/mac80211/cfg.c | 8 +- |
6184 | net/mac80211/ieee80211_i.h | 3 +- | |
afe359a8 | 6185 | net/mac80211/iface.c | 20 +- |
6090327c | 6186 | net/mac80211/main.c | 2 +- |
da1216b9 | 6187 | net/mac80211/pm.c | 4 +- |
6090327c | 6188 | net/mac80211/rate.c | 2 +- |
da1216b9 | 6189 | net/mac80211/sta_info.c | 2 +- |
e8242a6d | 6190 | net/mac80211/util.c | 8 +- |
da1216b9 | 6191 | net/mpls/af_mpls.c | 6 +- |
6090327c PK |
6192 | net/netfilter/ipset/ip_set_core.c | 2 +- |
6193 | net/netfilter/ipvs/ip_vs_conn.c | 6 +- | |
6194 | net/netfilter/ipvs/ip_vs_core.c | 4 +- | |
6195 | net/netfilter/ipvs/ip_vs_ctl.c | 14 +- | |
6196 | net/netfilter/ipvs/ip_vs_lblc.c | 2 +- | |
6197 | net/netfilter/ipvs/ip_vs_lblcr.c | 2 +- | |
6198 | net/netfilter/ipvs/ip_vs_sync.c | 6 +- | |
6199 | net/netfilter/ipvs/ip_vs_xmit.c | 4 +- | |
6200 | net/netfilter/nf_conntrack_acct.c | 2 +- | |
6201 | net/netfilter/nf_conntrack_ecache.c | 2 +- | |
6202 | net/netfilter/nf_conntrack_helper.c | 2 +- | |
6203 | net/netfilter/nf_conntrack_proto.c | 2 +- | |
6204 | net/netfilter/nf_conntrack_standalone.c | 2 +- | |
6205 | net/netfilter/nf_conntrack_timestamp.c | 2 +- | |
6206 | net/netfilter/nf_log.c | 10 +- | |
6207 | net/netfilter/nf_sockopt.c | 4 +- | |
6208 | net/netfilter/nfnetlink_log.c | 4 +- | |
e8242a6d | 6209 | net/netfilter/nft_compat.c | 9 +- |
6090327c PK |
6210 | net/netfilter/xt_statistic.c | 8 +- |
6211 | net/netlink/af_netlink.c | 4 +- | |
0986ccbe PK |
6212 | net/openvswitch/vport-internal_dev.c | 2 +- |
6213 | net/openvswitch/vport.c | 16 +- | |
6214 | net/openvswitch/vport.h | 8 +- | |
da1216b9 | 6215 | net/packet/af_packet.c | 8 +- |
6090327c PK |
6216 | net/phonet/pep.c | 6 +- |
6217 | net/phonet/socket.c | 2 +- | |
6218 | net/phonet/sysctl.c | 2 +- | |
6219 | net/rds/cong.c | 6 +- | |
6220 | net/rds/ib.h | 2 +- | |
6221 | net/rds/ib_cm.c | 2 +- | |
6222 | net/rds/ib_recv.c | 4 +- | |
6223 | net/rds/iw.h | 2 +- | |
6224 | net/rds/iw_cm.c | 2 +- | |
6225 | net/rds/iw_recv.c | 4 +- | |
6226 | net/rds/rds.h | 2 +- | |
6227 | net/rds/tcp.c | 2 +- | |
6228 | net/rds/tcp_send.c | 2 +- | |
6229 | net/rxrpc/af_rxrpc.c | 2 +- | |
6230 | net/rxrpc/ar-ack.c | 14 +- | |
6231 | net/rxrpc/ar-call.c | 2 +- | |
6232 | net/rxrpc/ar-connection.c | 2 +- | |
6233 | net/rxrpc/ar-connevent.c | 2 +- | |
6234 | net/rxrpc/ar-input.c | 4 +- | |
6235 | net/rxrpc/ar-internal.h | 8 +- | |
6236 | net/rxrpc/ar-local.c | 2 +- | |
6237 | net/rxrpc/ar-output.c | 4 +- | |
6238 | net/rxrpc/ar-peer.c | 2 +- | |
6239 | net/rxrpc/ar-proc.c | 4 +- | |
6240 | net/rxrpc/ar-transport.c | 2 +- | |
6241 | net/rxrpc/rxkad.c | 4 +- | |
6242 | net/sched/sch_generic.c | 4 +- | |
6243 | net/sctp/ipv6.c | 6 +- | |
6244 | net/sctp/protocol.c | 10 +- | |
6245 | net/sctp/sm_sideeffect.c | 2 +- | |
6246 | net/sctp/socket.c | 21 +- | |
6247 | net/sctp/sysctl.c | 10 +- | |
8cf17962 | 6248 | net/socket.c | 18 +- |
6090327c PK |
6249 | net/sunrpc/auth_gss/svcauth_gss.c | 4 +- |
6250 | net/sunrpc/clnt.c | 4 +- | |
6251 | net/sunrpc/sched.c | 4 +- | |
6252 | net/sunrpc/svc.c | 4 +- | |
6253 | net/sunrpc/svcauth_unix.c | 4 +- | |
6254 | net/sunrpc/xprtrdma/svc_rdma.c | 38 +- | |
6255 | net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 8 +- | |
6256 | net/sunrpc/xprtrdma/svc_rdma_sendto.c | 2 +- | |
6257 | net/sunrpc/xprtrdma/svc_rdma_transport.c | 10 +- | |
e8242a6d | 6258 | net/tipc/netlink_compat.c | 12 +- |
6090327c | 6259 | net/tipc/subscr.c | 2 +- |
8cf17962 | 6260 | net/unix/af_unix.c | 7 +- |
6090327c PK |
6261 | net/unix/sysctl_net_unix.c | 2 +- |
6262 | net/wireless/wext-core.c | 19 +- | |
6263 | net/xfrm/xfrm_policy.c | 16 +- | |
6264 | net/xfrm/xfrm_state.c | 33 +- | |
6265 | net/xfrm/xfrm_sysctl.c | 2 +- | |
8cf17962 | 6266 | scripts/Kbuild.include | 2 +- |
6090327c PK |
6267 | scripts/Makefile.build | 2 +- |
6268 | scripts/Makefile.clean | 3 +- | |
0986ccbe | 6269 | scripts/Makefile.host | 63 +- |
6090327c | 6270 | scripts/basic/fixdep.c | 12 +- |
afe359a8 PK |
6271 | scripts/dtc/checks.c | 14 +- |
6272 | scripts/dtc/data.c | 6 +- | |
6273 | scripts/dtc/flattree.c | 8 +- | |
6274 | scripts/dtc/livetree.c | 4 +- | |
a8b227b4 | 6275 | scripts/gcc-plugin.sh | 51 + |
6090327c | 6276 | scripts/headers_install.sh | 1 + |
afe359a8 PK |
6277 | scripts/kallsyms.c | 4 +- |
6278 | scripts/kconfig/lkc.h | 5 +- | |
6279 | scripts/kconfig/menu.c | 2 +- | |
6280 | scripts/kconfig/symbol.c | 6 +- | |
6090327c PK |
6281 | scripts/link-vmlinux.sh | 2 +- |
6282 | scripts/mod/file2alias.c | 14 +- | |
6283 | scripts/mod/modpost.c | 25 +- | |
6284 | scripts/mod/modpost.h | 6 +- | |
6285 | scripts/mod/sumversion.c | 2 +- | |
6286 | scripts/module-common.lds | 4 + | |
6287 | scripts/package/builddeb | 1 + | |
6288 | scripts/pnmtologo.c | 6 +- | |
6289 | scripts/sortextable.h | 6 +- | |
a8b227b4 | 6290 | scripts/tags.sh | 2 +- |
afe359a8 | 6291 | security/Kconfig | 691 +- |
6090327c PK |
6292 | security/integrity/ima/ima.h | 4 +- |
6293 | security/integrity/ima/ima_api.c | 2 +- | |
6294 | security/integrity/ima/ima_fs.c | 4 +- | |
6295 | security/integrity/ima/ima_queue.c | 2 +- | |
6090327c | 6296 | security/keys/key.c | 18 +- |
6090327c | 6297 | security/selinux/avc.c | 6 +- |
6090327c | 6298 | security/selinux/include/xfrm.h | 2 +- |
afe359a8 | 6299 | security/yama/yama_lsm.c | 2 +- |
6090327c PK |
6300 | sound/aoa/codecs/onyx.c | 7 +- |
6301 | sound/aoa/codecs/onyx.h | 1 + | |
6302 | sound/core/oss/pcm_oss.c | 18 +- | |
6303 | sound/core/pcm_compat.c | 2 +- | |
6304 | sound/core/pcm_native.c | 4 +- | |
6090327c PK |
6305 | sound/core/sound.c | 2 +- |
6306 | sound/drivers/mts64.c | 14 +- | |
6307 | sound/drivers/opl4/opl4_lib.c | 2 +- | |
6308 | sound/drivers/portman2x4.c | 3 +- | |
6309 | sound/firewire/amdtp.c | 4 +- | |
6310 | sound/firewire/amdtp.h | 4 +- | |
6311 | sound/firewire/isight.c | 10 +- | |
6312 | sound/firewire/scs1x.c | 8 +- | |
6313 | sound/oss/sb_audio.c | 2 +- | |
6314 | sound/oss/swarm_cs4297a.c | 6 +- | |
8cf17962 | 6315 | sound/pci/hda/hda_codec.c | 2 +- |
6090327c PK |
6316 | sound/pci/ymfpci/ymfpci.h | 2 +- |
6317 | sound/pci/ymfpci/ymfpci_main.c | 12 +- | |
8cf17962 | 6318 | sound/soc/soc-ac97.c | 6 +- |
e8242a6d | 6319 | sound/soc/xtensa/xtfpga-i2s.c | 2 +- |
da1216b9 | 6320 | tools/gcc/Makefile | 42 + |
6090327c | 6321 | tools/gcc/checker_plugin.c | 150 + |
e8242a6d | 6322 | tools/gcc/colorize_plugin.c | 215 + |
da1216b9 | 6323 | tools/gcc/constify_plugin.c | 564 + |
afe359a8 | 6324 | tools/gcc/gcc-common.h | 790 + |
da1216b9 | 6325 | tools/gcc/initify_plugin.c | 450 + |
e8242a6d | 6326 | tools/gcc/kallocstat_plugin.c | 188 + |
afe359a8 PK |
6327 | tools/gcc/kernexec_plugin.c | 551 + |
6328 | tools/gcc/latent_entropy_plugin.c | 470 + | |
6329 | tools/gcc/size_overflow_plugin/.gitignore | 2 + | |
6330 | tools/gcc/size_overflow_plugin/Makefile | 26 + | |
6331 | .../disable_size_overflow_hash.data |11008 ++++++++++++++ | |
6332 | .../generate_size_overflow_hash.sh | 103 + | |
e8242a6d | 6333 | .../insert_size_overflow_asm.c | 409 + |
afe359a8 | 6334 | .../size_overflow_plugin/intentional_overflow.c | 980 ++ |
8cf17962 | 6335 | .../size_overflow_plugin/remove_unnecessary_dup.c | 137 + |
afe359a8 PK |
6336 | tools/gcc/size_overflow_plugin/size_overflow.h | 329 + |
6337 | .../gcc/size_overflow_plugin/size_overflow_debug.c | 192 + | |
6338 | .../size_overflow_plugin/size_overflow_hash.data |15719 ++++++++++++++++++++ | |
6090327c | 6339 | .../size_overflow_hash_aux.data | 92 + |
afe359a8 PK |
6340 | tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 1373 ++ |
6341 | .../gcc/size_overflow_plugin/size_overflow_misc.c | 505 + | |
6342 | .../size_overflow_plugin/size_overflow_plugin.c | 318 + | |
6343 | .../size_overflow_plugin_hash.c | 353 + | |
6344 | .../size_overflow_plugin/size_overflow_transform.c | 576 + | |
6345 | .../size_overflow_transform_core.c | 962 ++ | |
6346 | tools/gcc/stackleak_plugin.c | 436 + | |
e8242a6d | 6347 | tools/gcc/structleak_plugin.c | 287 + |
6090327c PK |
6348 | tools/include/linux/compiler.h | 8 + |
6349 | tools/lib/api/Makefile | 2 +- | |
6350 | tools/perf/util/include/asm/alternative-asm.h | 3 + | |
6351 | tools/virtio/linux/uaccess.h | 2 +- | |
6352 | virt/kvm/kvm_main.c | 44 +- | |
afe359a8 | 6353 | 1963 files changed, 60342 insertions(+), 8946 deletions(-) |