]>
Commit | Line | Data |
---|---|---|
fee0510d PK |
1 | commit 08df80079f2039f577c94cbb78479b4166e964a6 |
2 | Author: Brad Spengler <spender@grsecurity.net> | |
3 | Date: Wed Dec 9 22:44:52 2015 -0500 | |
4 | ||
5 | fix harmless compiler warning | |
6 | ||
7 | kernel/ptrace.c | 2 +- | |
8 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
9 | ||
10 | commit 7df1e03db2cc00d6927d174088d715d545f6caca | |
11 | Author: Brad Spengler <spender@grsecurity.net> | |
12 | Date: Wed Dec 9 22:43:52 2015 -0500 | |
13 | ||
14 | Update size_overflow hash table | |
15 | ||
16 | .../size_overflow_plugin/size_overflow_hash.data | 3 ++- | |
17 | 1 files changed, 2 insertions(+), 1 deletions(-) | |
18 | ||
19 | commit 4f99b6c5ed05452d23fa480834dfc08ae7197d51 | |
20 | Merge: 015e832 2ddeae1 | |
21 | Author: Brad Spengler <spender@grsecurity.net> | |
22 | Date: Wed Dec 9 21:49:14 2015 -0500 | |
23 | ||
24 | Merge branch 'pax-test' into grsec-test | |
25 | ||
26 | Conflicts: | |
27 | arch/x86/kvm/svm.c | |
28 | fs/proc/base.c | |
29 | ||
30 | commit 2ddeae161726b8316b4f2740f9e2ff7ac282c844 | |
31 | Merge: 6ddfdb5 7317505 | |
32 | Author: Brad Spengler <spender@grsecurity.net> | |
33 | Date: Wed Dec 9 21:45:41 2015 -0500 | |
34 | ||
35 | Merge branch 'linux-4.2.y' into pax-test | |
36 | ||
37 | Conflicts: | |
38 | arch/x86/kernel/fpu/xstate.c | |
39 | arch/x86/kernel/head_64.S | |
40 | drivers/tty/tty_audit.c | |
41 | include/linux/tty.h | |
42 | ||
43 | commit 015e832266e2aba7984ed94b688d15a00c091edf | |
44 | Merge: 1798180 6ddfdb5 | |
45 | Author: Brad Spengler <spender@grsecurity.net> | |
46 | Date: Wed Dec 9 21:44:11 2015 -0500 | |
47 | ||
48 | Merge branch 'pax-test' into grsec-test | |
49 | ||
50 | Conflicts: | |
51 | drivers/tty/tty_audit.c | |
52 | include/linux/tty.h | |
53 | ||
54 | commit 6ddfdb5a2291947e1479615b89ed8f0f6529b276 | |
55 | Author: Brad Spengler <spender@grsecurity.net> | |
56 | Date: Wed Dec 9 21:42:28 2015 -0500 | |
57 | ||
58 | Update to pax-linux-4.2.6-test27.patch: | |
59 | - fixed __get_user on x86 to lie less about the size of the load, reported by peetaur (https://forums.grsecurity.net/viewtopic.php?f=3&t=4332) | |
60 | - Emese fixed an intentional overflow caused by gcc, reported by saironiq (https://forums.grsecurity.net/viewtopic.php?f=3&t=4333) | |
61 | - Emese fixed a false positive overflow report in the forcedeth driver, reported by fx3 (https://forums.grsecurity.net/viewtopic.php?t=4334) | |
62 | - Emese fixed a false positive overflow report in KVM's emulator, reported by fx3 (https://forums.grsecurity.net/viewtopic.php?f=3&t=4336) | |
63 | - Emese fixed the initify plugin to detect some captured use of __func__, reported by Rasmus Villemoes <linux@rasmusvillemoes.dk> | |
64 | - constrained shmmax and shmall to avoid triggering size overflow checks, reported by Mathias Krause <minipli@ld-linux.so> | |
65 | - the checker plugin can partially handle sparse's locking context annotations, it's context insensitive and thus not exactly useful for now, also see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=59856 | |
66 | ||
67 | Makefile | 6 + | |
68 | arch/x86/include/asm/cacheflush.h | 2 +- | |
69 | arch/x86/include/asm/compat.h | 4 + | |
70 | arch/x86/include/asm/dma.h | 2 + | |
71 | arch/x86/include/asm/uaccess.h | 20 +- | |
72 | arch/x86/kernel/apic/vector.c | 6 +- | |
73 | arch/x86/kernel/cpu/mtrr/generic.c | 6 +- | |
74 | arch/x86/kernel/cpu/perf_event_intel.c | 28 +- | |
75 | arch/x86/kvm/i8259.c | 10 +- | |
76 | arch/x86/kvm/ioapic.c | 2 + | |
77 | arch/x86/kvm/x86.c | 2 + | |
78 | arch/x86/lib/usercopy_64.c | 2 +- | |
79 | arch/x86/mm/mpx.c | 4 +- | |
80 | arch/x86/mm/pageattr.c | 7 + | |
81 | drivers/base/devres.c | 4 +- | |
82 | drivers/base/power/runtime.c | 6 +- | |
83 | drivers/base/regmap/regmap.c | 4 +- | |
84 | drivers/block/drbd/drbd_receiver.c | 4 +- | |
85 | drivers/block/drbd/drbd_worker.c | 6 +- | |
86 | drivers/block/nbd.c | 2 +- | |
87 | drivers/char/virtio_console.c | 6 +- | |
88 | drivers/md/dm.c | 12 +- | |
89 | drivers/net/ethernet/nvidia/forcedeth.c | 4 +- | |
90 | drivers/net/macvtap.c | 4 +- | |
91 | drivers/tty/n_tty.c | 2 +- | |
92 | drivers/tty/tty_audit.c | 2 +- | |
93 | drivers/video/fbdev/core/fbmem.c | 10 +- | |
94 | fs/compat.c | 3 +- | |
95 | fs/coredump.c | 2 +- | |
96 | fs/dcache.c | 13 +- | |
97 | fs/fhandle.c | 2 +- | |
98 | fs/file.c | 14 +- | |
99 | fs/fs-writeback.c | 11 +- | |
100 | fs/overlayfs/copy_up.c | 2 +- | |
101 | fs/readdir.c | 3 +- | |
102 | fs/super.c | 3 +- | |
103 | include/linux/compiler.h | 36 ++- | |
104 | include/linux/rcupdate.h | 8 + | |
105 | include/linux/sched.h | 4 +- | |
106 | include/linux/seqlock.h | 10 + | |
107 | include/linux/spinlock.h | 17 +- | |
108 | include/linux/srcu.h | 5 +- | |
109 | include/linux/syscalls.h | 2 +- | |
110 | include/linux/tty.h | 4 +- | |
111 | include/linux/writeback.h | 3 +- | |
112 | include/uapi/linux/swab.h | 6 +- | |
113 | ipc/ipc_sysctl.c | 6 + | |
114 | kernel/exit.c | 25 +- | |
115 | kernel/resource.c | 4 +- | |
116 | kernel/signal.c | 12 +- | |
117 | kernel/user.c | 2 +- | |
118 | kernel/workqueue.c | 6 +- | |
119 | lib/rhashtable.c | 4 +- | |
120 | net/compat.c | 2 +- | |
121 | net/ipv4/xfrm4_mode_transport.c | 2 +- | |
122 | security/keys/internal.h | 8 +- | |
123 | security/keys/keyring.c | 4 - | |
124 | sound/core/seq/seq_clientmgr.c | 8 +- | |
125 | sound/core/seq/seq_compat.c | 2 +- | |
126 | sound/core/seq/seq_memory.c | 6 +- | |
127 | tools/gcc/checker_plugin.c | 415 +++++++++++++++++++- | |
128 | tools/gcc/gcc-common.h | 1 + | |
129 | tools/gcc/initify_plugin.c | 33 ++- | |
130 | .../disable_size_overflow_hash.data | 1 + | |
131 | .../size_overflow_plugin/size_overflow_hash.data | 1 - | |
132 | 65 files changed, 713 insertions(+), 144 deletions(-) | |
133 | ||
134 | commit 1798180b176cfdedf4ca09877dc09ad2298cd014 | |
135 | Author: Peter Hurley <peter@hurleysoftware.com> | |
136 | Date: Sun Nov 8 08:52:31 2015 -0500 | |
137 | ||
138 | tty: audit: Fix audit source | |
139 | ||
140 | The data to audit/record is in the 'from' buffer (ie., the input | |
141 | read buffer). | |
142 | ||
143 | Fixes: 72586c6061ab ("n_tty: Fix auditing support for cannonical mode") | |
144 | Cc: stable <stable@vger.kernel.org> # 4.1+ | |
145 | Cc: Miloslav Trmač <mitr@redhat.com> | |
146 | Signed-off-by: Peter Hurley <peter@hurleysoftware.com> | |
147 | Acked-by: Laura Abbott <labbott@fedoraproject.org> | |
148 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
149 | ||
150 | drivers/tty/n_tty.c | 2 +- | |
151 | drivers/tty/tty_audit.c | 2 +- | |
152 | include/linux/tty.h | 6 +++--- | |
153 | 3 files changed, 5 insertions(+), 5 deletions(-) | |
154 | ||
155 | commit 558c7e73286735e7f8d81727843c389f3e564ed2 | |
156 | Author: Al Viro <viro@zeniv.linux.org.uk> | |
157 | Date: Tue Dec 8 03:07:22 2015 -0500 | |
158 | ||
159 | 9p: ->evict_inode() should kick out ->i_data, not ->i_mapping | |
160 | ||
161 | For block devices the pagecache is associated with the inode | |
162 | on bdevfs, not with the aliasing ones on the mountable filesystems. | |
163 | The latter have its own ->i_data empty and ->i_mapping pointing | |
164 | to the (unique per major/minor) bdevfs inode. That guarantees | |
165 | cache coherence between all block device inodes with the same | |
166 | device number. | |
167 | ||
168 | Eviction of an alias inode has no business trying to evict the | |
169 | pages belonging to bdevfs one; moreover, ->i_mapping is only | |
170 | safe to access when the thing is opened. At the time of | |
171 | ->evict_inode() the victim is definitely *not* opened. We are | |
172 | about to kill the address space embedded into struct inode | |
173 | (inode->i_data) and that's what we need to empty of any pages. | |
174 | ||
175 | 9p instance tries to empty inode->i_mapping instead, which is | |
176 | both unsafe and bogus - if we have several device nodes with | |
177 | the same device number in different places, closing one of them | |
178 | should not try to empty the (shared) page cache. | |
179 | ||
180 | Fortunately, other instances in the tree are OK; they are | |
181 | evicting from &inode->i_data instead, as 9p one should. | |
182 | ||
183 | Cc: stable@vger.kernel.org # v2.6.32+, ones prior to 2.6.36 need only half of that | |
184 | Reported-by: "Suzuki K. Poulose" <Suzuki.Poulose@arm.com> | |
185 | Tested-by: "Suzuki K. Poulose" <Suzuki.Poulose@arm.com> | |
186 | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> | |
187 | ||
188 | fs/9p/vfs_inode.c | 4 ++-- | |
189 | 1 files changed, 2 insertions(+), 2 deletions(-) | |
190 | ||
191 | commit 037f7332eaf1c065207db9d9123562a0a5459e88 | |
192 | Author: Jan Stancek <jstancek@redhat.com> | |
193 | Date: Tue Dec 8 13:57:51 2015 -0500 | |
194 | ||
195 | ipmi: move timer init to before irq is setup | |
196 | ||
197 | We encountered a panic on boot in ipmi_si on a dell per320 due to an | |
198 | uninitialized timer as follows. | |
199 | ||
200 | static int smi_start_processing(void *send_info, | |
201 | ipmi_smi_t intf) | |
202 | { | |
203 | /* Try to claim any interrupts. */ | |
204 | if (new_smi->irq_setup) | |
205 | new_smi->irq_setup(new_smi); | |
206 | ||
207 | --> IRQ arrives here and irq handler tries to modify uninitialized timer | |
208 | ||
209 | which triggers BUG_ON(!timer->function) in __mod_timer(). | |
210 | ||
211 | Call Trace: | |
212 | <IRQ> | |
213 | [<ffffffffa0532617>] start_new_msg+0x47/0x80 [ipmi_si] | |
214 | [<ffffffffa053269e>] start_check_enables+0x4e/0x60 [ipmi_si] | |
215 | [<ffffffffa0532bd8>] smi_event_handler+0x1e8/0x640 [ipmi_si] | |
216 | [<ffffffff810f5584>] ? __rcu_process_callbacks+0x54/0x350 | |
217 | [<ffffffffa053327c>] si_irq_handler+0x3c/0x60 [ipmi_si] | |
218 | [<ffffffff810efaf0>] handle_IRQ_event+0x60/0x170 | |
219 | [<ffffffff810f245e>] handle_edge_irq+0xde/0x180 | |
220 | [<ffffffff8100fc59>] handle_irq+0x49/0xa0 | |
221 | [<ffffffff8154643c>] do_IRQ+0x6c/0xf0 | |
222 | [<ffffffff8100ba53>] ret_from_intr+0x0/0x11 | |
223 | ||
224 | /* Set up the timer that drives the interface. */ | |
225 | setup_timer(&new_smi->si_timer, smi_timeout, (long)new_smi); | |
226 | ||
227 | The following patch fixes the problem. | |
228 | ||
229 | To: Openipmi-developer@lists.sourceforge.net | |
230 | To: Corey Minyard <minyard@acm.org> | |
231 | CC: linux-kernel@vger.kernel.org | |
232 | ||
233 | Signed-off-by: Jan Stancek <jstancek@redhat.com> | |
234 | Signed-off-by: Tony Camuso <tcamuso@redhat.com> | |
235 | Signed-off-by: Corey Minyard <cminyard@mvista.com> | |
236 | Cc: stable@vger.kernel.org # Applies cleanly to 3.10-, needs small rework before | |
237 | ||
238 | drivers/char/ipmi/ipmi_si_intf.c | 8 ++++---- | |
239 | 1 files changed, 4 insertions(+), 4 deletions(-) | |
240 | ||
241 | commit e15b4ee2742c5619359c2ee8c345cfdde6dddde4 | |
242 | Author: Sasha Levin <sasha.levin@oracle.com> | |
243 | Date: Thu Dec 3 22:04:01 2015 -0500 | |
244 | ||
245 | bitops.h: correctly handle rol32 with 0 byte shift | |
246 | ||
247 | ROL on a 32 bit integer with a shift of 32 or more is undefined and the | |
248 | result is arch-dependent. Avoid this by handling the trivial case of | |
249 | roling by 0 correctly. | |
250 | ||
251 | The trivial solution of checking if shift is 0 breaks gcc's detection | |
252 | of this code as a ROL instruction, which is unacceptable. | |
253 | ||
254 | This bug was reported and fixed in GCC | |
255 | (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57157): | |
256 | ||
257 | The standard rotate idiom, | |
258 | ||
259 | (x << n) | (x >> (32 - n)) | |
260 | ||
261 | is recognized by gcc (for concreteness, I discuss only the case that x | |
262 | is an uint32_t here). | |
263 | ||
264 | However, this is portable C only for n in the range 0 < n < 32. For n | |
265 | == 0, we get x >> 32 which gives undefined behaviour according to the | |
266 | C standard (6.5.7, Bitwise shift operators). To portably support n == | |
267 | 0, one has to write the rotate as something like | |
268 | ||
269 | (x << n) | (x >> ((-n) & 31)) | |
270 | ||
271 | And this is apparently not recognized by gcc. | |
272 | ||
273 | Note that this is broken on older GCCs and will result in slower ROL. | |
274 | ||
275 | Acked-by: Linus Torvalds <torvalds@linux-foundation.org> | |
276 | Signed-off-by: Sasha Levin <sasha.levin@oracle.com> | |
277 | Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | |
278 | ||
279 | include/linux/bitops.h | 2 +- | |
280 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
281 | ||
282 | commit ce8356f6a992579d7cb2fd5c9bbe72d71d7e0ae7 | |
283 | Author: Eric Dumazet <edumazet@google.com> | |
284 | Date: Mon Nov 9 17:51:23 2015 -0800 | |
285 | ||
286 | net: fix a race in dst_release() | |
287 | ||
288 | [ Upstream commit d69bbf88c8d0b367cf3e3a052f6daadf630ee566 ] | |
289 | ||
290 | Only cpu seeing dst refcount going to 0 can safely | |
291 | dereference dst->flags. | |
292 | ||
293 | Otherwise an other cpu might already have freed the dst. | |
294 | ||
295 | Fixes: 27b75c95f10d ("net: avoid RCU for NOCACHE dst") | |
296 | Reported-by: Greg Thelen <gthelen@google.com> | |
297 | Signed-off-by: Eric Dumazet <edumazet@google.com> | |
298 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
299 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
300 | ||
301 | Conflicts: | |
302 | ||
303 | net/core/dst.c | |
304 | ||
305 | net/core/dst.c | 2 +- | |
306 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
307 | ||
308 | commit fd6d066be125ec23856c705101701e6df3eae799 | |
309 | Author: Brad Spengler <spender@grsecurity.net> | |
310 | Date: Tue Dec 8 20:55:51 2015 -0500 | |
311 | ||
312 | Backport: ptrace: use fsuid, fsgid, effective creds for fs access checks | |
313 | ||
314 | By checking the effective credentials instead of the real UID / permitted | |
315 | capabilities, ensure that the calling process actually intended to use its | |
316 | credentials. | |
317 | ||
318 | To ensure that all ptrace checks use the correct caller credentials (e.g. | |
319 | in case out-of-tree code or newly added code omits the PTRACE_MODE_*CREDS | |
320 | flag), use two new flags and require one of them to be set. | |
321 | ||
322 | The problem was that when a privileged task had temporarily dropped its | |
323 | privileges, e.g. by calling setreuid(0, user_uid), with the intent to | |
324 | perform following syscalls with the credentials of a user, it still passed | |
325 | ptrace access checks that the user would not be able to pass. | |
326 | ||
327 | While an attacker should not be able to convince the privileged task to | |
328 | perform a ptrace() syscall, this is a problem because the ptrace access | |
329 | check is reused for things in procfs. | |
330 | ||
331 | In particular, the following somewhat interesting procfs entries only rely | |
332 | on ptrace access checks: | |
333 | ||
334 | /proc/$pid/stat - uses the check for determining whether pointers | |
335 | should be visible, useful for bypassing ASLR | |
336 | /proc/$pid/maps - also useful for bypassing ASLR | |
337 | /proc/$pid/cwd - useful for gaining access to restricted | |
338 | directories that contain files with lax permissions, e.g. in | |
339 | this scenario: | |
340 | lrwxrwxrwx root root /proc/13020/cwd -> /root/foobar | |
341 | drwx------ root root /root | |
342 | drwxr-xr-x root root /root/foobar | |
343 | -rw-r--r-- root root /root/foobar/secret | |
344 | ||
345 | Therefore, on a system where a root-owned mode 6755 binary changes its | |
346 | effective credentials as described and then dumps a user-specified file, | |
347 | this could be used by an attacker to reveal the memory layout of root's | |
348 | processes or reveal the contents of files he is not allowed to access | |
349 | (through /proc/$pid/cwd). | |
350 | ||
351 | Signed-off-by: Jann Horn <jann@thejh.net> | |
352 | Acked-by: Kees Cook <keescook@chromium.org> | |
353 | Cc: Casey Schaufler <casey@schaufler-ca.com> | |
354 | Cc: Oleg Nesterov <oleg@redhat.com> | |
355 | Cc: Ingo Molnar <mingo@redhat.com> | |
356 | Cc: James Morris <james.l.morris@oracle.com> | |
357 | Cc: "Serge E. Hallyn" <serge.hallyn@ubuntu.com> | |
358 | Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> | |
359 | Cc: Andy Lutomirski <luto@kernel.org> | |
360 | Cc: Al Viro <viro@zeniv.linux.org.uk> | |
361 | Cc: "Eric W. Biederman" <ebiederm@xmission.com> | |
362 | Cc: Willy Tarreau <w@1wt.eu> | |
363 | Signed-off-by: Andrew Morton <akpm@linux-foundation.org> | |
364 | ||
365 | fs/proc/array.c | 2 +- | |
366 | fs/proc/base.c | 24 ++++++++++++------------ | |
367 | fs/proc/namespaces.c | 4 ++-- | |
368 | fs/proc/task_mmu.c | 2 +- | |
369 | include/linux/ptrace.h | 24 +++++++++++++++++++++++- | |
370 | kernel/events/core.c | 2 +- | |
371 | kernel/futex.c | 2 +- | |
372 | kernel/futex_compat.c | 2 +- | |
373 | kernel/kcmp.c | 4 ++-- | |
374 | kernel/ptrace.c | 36 +++++++++++++++++++++++++++++------- | |
375 | mm/process_vm_access.c | 2 +- | |
376 | security/commoncap.c | 7 ++++++- | |
377 | 12 files changed, 80 insertions(+), 31 deletions(-) | |
378 | ||
379 | commit 60bfe5c382e5e97ae8d558224ec40a108437307f | |
380 | Author: Brad Spengler <spender@grsecurity.net> | |
381 | Date: Tue Dec 8 20:40:02 2015 -0500 | |
382 | ||
383 | Backport: security: let security modules use PTRACE_MODE_* with bitmasks | |
384 | ||
385 | It looks like smack and yama weren't aware that the ptrace mode | |
386 | can have flags ORed into it - PTRACE_MODE_NOAUDIT until now, but | |
387 | only for /proc/$pid/stat, and with the PTRACE_MODE_*CREDS patch, | |
388 | all modes have flags ORed into them. | |
389 | ||
390 | Signed-off-by: Jann Horn <jann@thejh.net> | |
391 | Acked-by: Kees Cook <keescook@chromium.org> | |
392 | Acked-by: Casey Schaufler <casey@schaufler-ca.com> | |
393 | Cc: Oleg Nesterov <oleg@redhat.com> | |
394 | Cc: Ingo Molnar <mingo@redhat.com> | |
395 | Cc: James Morris <james.l.morris@oracle.com> | |
396 | Cc: "Serge E. Hallyn" <serge.hallyn@ubuntu.com> | |
397 | Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> | |
398 | Cc: Andy Lutomirski <luto@kernel.org> | |
399 | Cc: Al Viro <viro@zeniv.linux.org.uk> | |
400 | Cc: "Eric W. Biederman" <ebiederm@xmission.com> | |
401 | Cc: Willy Tarreau <w@1wt.eu> | |
402 | Signed-off-by: Andrew Morton <akpm@linux-foundation.org> | |
403 | ||
404 | security/smack/smack_lsm.c | 8 +++----- | |
405 | security/yama/yama_lsm.c | 4 ++-- | |
406 | 2 files changed, 5 insertions(+), 7 deletions(-) | |
407 | ||
408 | commit 2744e9cf5a84c515268784034f99bc839a359747 | |
409 | Author: Brad Spengler <spender@grsecurity.net> | |
410 | Date: Tue Dec 8 20:13:37 2015 -0500 | |
411 | ||
412 | Update mm_access in anticipation of upstream /proc security fixes, reported by Jann Horn | |
413 | ||
414 | kernel/fork.c | 2 +- | |
415 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
416 | ||
417 | commit 4d0bf7315334418044d567eb47c9e36c1df73ba0 | |
418 | Author: Al Viro <viro@zeniv.linux.org.uk> | |
419 | Date: Sun Dec 6 12:33:02 2015 -0500 | |
420 | ||
421 | Don't reset ->total_link_count on nested calls of vfs_path_lookup() | |
422 | ||
423 | we already zero it on outermost set_nameidata(), so initialization in | |
424 | path_init() is pointless and wrong. The same DoS exists on pre-4.2 | |
425 | kernels, but there a slightly different fix will be needed. | |
426 | ||
427 | Cc: stable@vger.kernel.org # v4.2 | |
428 | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> | |
429 | ||
430 | Conflicts: | |
431 | ||
432 | fs/namei.c | |
433 | ||
434 | fs/namei.c | 1 - | |
435 | 1 files changed, 0 insertions(+), 1 deletions(-) | |
436 | ||
437 | commit e16faf47cc7dcb32105830b0af6d2c35f8724455 | |
438 | Author: Miklos Szeredi <miklos@szeredi.hu> | |
439 | Date: Fri Dec 4 19:18:48 2015 +0100 | |
440 | ||
441 | ovl: fix permission checking for setattr | |
442 | ||
443 | [Al Viro] The bug is in being too enthusiastic about optimizing ->setattr() | |
444 | away - instead of "copy verbatim with metadata" + "chmod/chown/utimes" | |
445 | (with the former being always safe and the latter failing in case of | |
446 | insufficient permissions) it tries to combine these two. Note that copyup | |
447 | itself will have to do ->setattr() anyway; _that_ is where the elevated | |
448 | capabilities are right. Having these two ->setattr() (one to set verbatim | |
449 | copy of metadata, another to do what overlayfs ->setattr() had been asked | |
450 | to do in the first place) combined is where it breaks. | |
451 | ||
452 | Signed-off-by: Miklos Szeredi <miklos@szeredi.hu> | |
453 | Cc: <stable@vger.kernel.org> | |
454 | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> | |
455 | ||
456 | fs/overlayfs/inode.c | 8 ++++---- | |
457 | 1 files changed, 4 insertions(+), 4 deletions(-) | |
458 | ||
a085e527 PK |
459 | commit 24ce7d83ff71aa7102231f41c41aaf44f949751a |
460 | Author: David Gstir <david@sigma-star.at> | |
461 | Date: Sun Nov 15 17:14:41 2015 +0100 | |
462 | ||
463 | crypto: nx - Fix timing leak in GCM and CCM decryption | |
464 | ||
465 | Using non-constant time memcmp() makes the verification of the authentication | |
466 | tag in the decrypt path vulnerable to timing attacks. Fix this by using | |
467 | crypto_memneq() instead. | |
468 | ||
469 | Cc: stable@vger.kernel.org | |
470 | Signed-off-by: David Gstir <david@sigma-star.at> | |
471 | Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | |
472 | ||
473 | drivers/crypto/nx/nx-aes-ccm.c | 2 +- | |
474 | drivers/crypto/nx/nx-aes-gcm.c | 2 +- | |
475 | 2 files changed, 2 insertions(+), 2 deletions(-) | |
476 | ||
477 | commit 5c001f6d281406b32d79cf9b7851413adb658641 | |
478 | Author: David Gstir <david@sigma-star.at> | |
479 | Date: Sun Nov 15 17:14:42 2015 +0100 | |
480 | ||
481 | crypto: talitos - Fix timing leak in ESP ICV verification | |
482 | ||
483 | Using non-constant time memcmp() makes the verification of the authentication | |
484 | tag in the decrypt path vulnerable to timing attacks. Fix this by using | |
485 | crypto_memneq() instead. | |
486 | ||
487 | Cc: stable@vger.kernel.org | |
488 | Signed-off-by: David Gstir <david@sigma-star.at> | |
489 | Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | |
490 | ||
491 | Conflicts: | |
492 | ||
493 | drivers/crypto/talitos.c | |
494 | ||
495 | drivers/crypto/talitos.c | 4 ++-- | |
496 | 1 files changed, 2 insertions(+), 2 deletions(-) | |
497 | ||
498 | commit 66e9fe2d958fcdce01c6dadf415864e8cdeb06cb | |
499 | Author: Brad Spengler <spender@grsecurity.net> | |
500 | Date: Fri Dec 4 23:40:00 2015 -0500 | |
501 | ||
502 | Fix a size_overflow report caused by __get_user not fully initializing a register when | |
503 | reading in less than a register-width from userland, reported by peetaur at: | |
504 | https://forums.grsecurity.net/viewtopic.php?f=3&t=4332 | |
505 | Fix is from the PaX Team | |
506 | ||
507 | arch/x86/include/asm/uaccess.h | 2 +- | |
508 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
509 | ||
510 | commit 8599b6467ba41cf3d4e9a96495b5d71d44e74f6c | |
511 | Author: Eric Dumazet <edumazet@google.com> | |
512 | Date: Thu Nov 26 08:18:14 2015 -0800 | |
513 | ||
514 | tcp: initialize tp->copied_seq in case of cross SYN connection | |
515 | ||
516 | Dmitry provided a syzkaller (http://github.com/google/syzkaller) | |
517 | generated program that triggers the WARNING at | |
518 | net/ipv4/tcp.c:1729 in tcp_recvmsg() : | |
519 | ||
520 | WARN_ON(tp->copied_seq != tp->rcv_nxt && | |
521 | !(flags & (MSG_PEEK | MSG_TRUNC))); | |
522 | ||
523 | His program is specifically attempting a Cross SYN TCP exchange, | |
524 | that we support (for the pleasure of hackers ?), but it looks we | |
525 | lack proper tcp->copied_seq initialization. | |
526 | ||
527 | Thanks again Dmitry for your report and testings. | |
528 | ||
529 | Signed-off-by: Eric Dumazet <edumazet@google.com> | |
530 | Reported-by: Dmitry Vyukov <dvyukov@google.com> | |
531 | Tested-by: Dmitry Vyukov <dvyukov@google.com> | |
532 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
533 | ||
534 | net/ipv4/tcp_input.c | 1 + | |
535 | 1 files changed, 1 insertions(+), 0 deletions(-) | |
536 | ||
537 | commit 73c0ec9194319dc262011dbe7196c55cb450f29a | |
538 | Author: Guillaume Nault <g.nault@alphalink.fr> | |
539 | Date: Thu Dec 3 16:49:32 2015 +0100 | |
540 | ||
541 | pppoe: fix memory corruption in padt work structure | |
542 | ||
543 | pppoe_connect() mustn't touch the padt_work field of pppoe sockets | |
544 | because that work could be already pending. | |
545 | ||
546 | [ 21.473147] BUG: unable to handle kernel NULL pointer dereference at 00000004 | |
547 | [ 21.474523] IP: [<c1043177>] process_one_work+0x29/0x31c | |
548 | [ 21.475164] *pde = 00000000 | |
549 | [ 21.475513] Oops: 0000 [#1] SMP | |
550 | [ 21.475910] Modules linked in: pppoe pppox ppp_generic slhc crc32c_intel aesni_intel virtio_net xts aes_i586 lrw gf128mul ablk_helper cryptd evdev acpi_cpufreq processor serio_raw button ext4 crc16 mbcache jbd2 virtio_blk virtio_pci virtio_ring virtio | |
551 | [ 21.476168] CPU: 2 PID: 164 Comm: kworker/2:2 Not tainted 4.4.0-rc1 #1 | |
552 | [ 21.476168] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014 | |
553 | [ 21.476168] task: f5f83c00 ti: f5e28000 task.ti: f5e28000 | |
554 | [ 21.476168] EIP: 0060:[<c1043177>] EFLAGS: 00010046 CPU: 2 | |
555 | [ 21.476168] EIP is at process_one_work+0x29/0x31c | |
556 | [ 21.484082] EAX: 00000000 EBX: f678b2a0 ECX: 00000004 EDX: 00000000 | |
557 | [ 21.484082] ESI: f6c69940 EDI: f5e29ef0 EBP: f5e29f0c ESP: f5e29edc | |
558 | [ 21.484082] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 | |
559 | [ 21.484082] CR0: 80050033 CR2: 000000a4 CR3: 317ad000 CR4: 00040690 | |
560 | [ 21.484082] Stack: | |
561 | [ 21.484082] 00000000 f6c69950 00000000 f6c69940 c0042338 f5e29f0c c1327945 00000000 | |
562 | [ 21.484082] 00000008 f678b2a0 f6c69940 f678b2b8 f5e29f30 c1043984 f5f83c00 f6c69970 | |
563 | [ 21.484082] f678b2a0 c10437d3 f6775e80 f678b2a0 c10437d3 f5e29fac c1047059 f5e29f74 | |
564 | [ 21.484082] Call Trace: | |
565 | [ 21.484082] [<c1327945>] ? _raw_spin_lock_irq+0x28/0x30 | |
566 | [ 21.484082] [<c1043984>] worker_thread+0x1b1/0x244 | |
567 | [ 21.484082] [<c10437d3>] ? rescuer_thread+0x229/0x229 | |
568 | [ 21.484082] [<c10437d3>] ? rescuer_thread+0x229/0x229 | |
569 | [ 21.484082] [<c1047059>] kthread+0x8f/0x94 | |
570 | [ 21.484082] [<c1327a32>] ? _raw_spin_unlock_irq+0x22/0x26 | |
571 | [ 21.484082] [<c1327ee9>] ret_from_kernel_thread+0x21/0x38 | |
572 | [ 21.484082] [<c1046fca>] ? kthread_parkme+0x19/0x19 | |
573 | [ 21.496082] Code: 5d c3 55 89 e5 57 56 53 89 c3 83 ec 24 89 d0 89 55 e0 8d 7d e4 e8 6c d8 ff ff b9 04 00 00 00 89 45 d8 8b 43 24 89 45 dc 8b 45 d8 <8b> 40 04 8b 80 e0 00 00 00 c1 e8 05 24 01 88 45 d7 8b 45 e0 8d | |
574 | [ 21.496082] EIP: [<c1043177>] process_one_work+0x29/0x31c SS:ESP 0068:f5e29edc | |
575 | [ 21.496082] CR2: 0000000000000004 | |
576 | [ 21.496082] ---[ end trace e362cc9cf10dae89 ]--- | |
577 | ||
578 | Reported-by: Andrew <nitr0@seti.kr.ua> | |
579 | Fixes: 287f3a943fef ("pppoe: Use workqueue to die properly when a PADT is received") | |
580 | Signed-off-by: Guillaume Nault <g.nault@alphalink.fr> | |
581 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
582 | ||
583 | drivers/net/ppp/pppoe.c | 14 ++++++++++---- | |
584 | 1 files changed, 10 insertions(+), 4 deletions(-) | |
585 | ||
586 | commit 909cb25969d65dbdd08c69486c72cb09cf30131a | |
587 | Merge: 2fd6be6 b27a8b0 | |
588 | Author: Brad Spengler <spender@grsecurity.net> | |
589 | Date: Fri Dec 4 19:40:10 2015 -0500 | |
590 | ||
591 | Merge branch 'pax-test' into grsec-test | |
592 | ||
593 | Conflicts: | |
594 | Makefile | |
595 | ||
596 | commit b27a8b0f99304f0bc3ea3a8e55f04f6bb57bbe8f | |
597 | Author: Brad Spengler <spender@grsecurity.net> | |
598 | Date: Fri Dec 4 19:38:31 2015 -0500 | |
599 | ||
600 | Update to pax-linux-4.2.6-test26.patch: | |
601 | - fixed integer truncation check in md introduced by upstream commits 284ae7cab0f7335c9e0aa8992b28415ef1a54c7c and 58c0fed400603a802968b23ddf78f029c5a84e41, reported by BeiKed9o (https://forums.grsecurity.net/viewtopic.php?f=3&t=4328) | |
602 | - gcc plugin compilation problems will now also produce the output of the checking script to make diagnosis easier, reported by hunger | |
603 | - Emese fixed a false positive size overflow report in __vhost_add_used_n, reported by quasar366 (https://forums.grsecurity.net/viewtopic.php?f=3&t=4329) | |
604 | - fixed a potential integer truncation error in the raid1 code caught by the size overflow plugin, reported by d1b (https://forums.grsecurity.net/viewtopic.php?f=3&t=4331) | |
605 | ||
606 | Makefile | 5 +++ | |
607 | drivers/md/md.c | 5 ++- | |
608 | drivers/md/raid1.c | 2 +- | |
609 | fs/proc/task_mmu.c | 3 ++ | |
610 | .../disable_size_overflow_hash.data | 4 ++- | |
611 | .../size_overflow_plugin/intentional_overflow.c | 32 ++++++++++++++++--- | |
612 | .../size_overflow_plugin/size_overflow_hash.data | 2 - | |
613 | .../size_overflow_plugin/size_overflow_plugin.c | 2 +- | |
614 | 8 files changed, 43 insertions(+), 12 deletions(-) | |
615 | ||
616 | commit 2fd6be640143ad13633518208bb1ba5730bf4949 | |
617 | Author: Eric Dumazet <edumazet@google.com> | |
618 | Date: Tue Dec 1 20:08:51 2015 -0800 | |
619 | ||
620 | net_sched: fix qdisc_tree_decrease_qlen() races | |
621 | ||
622 | qdisc_tree_decrease_qlen() suffers from two problems on multiqueue | |
623 | devices. | |
624 | ||
625 | One problem is that it updates sch->q.qlen and sch->qstats.drops | |
626 | on the mq/mqprio root qdisc, while it should not : Daniele | |
627 | reported underflows errors : | |
628 | [ 681.774821] PAX: sch->q.qlen: 0 n: 1 | |
629 | [ 681.774825] PAX: size overflow detected in function qdisc_tree_decrease_qlen net/sched/sch_api.c:769 cicus.693_49 min, count: 72, decl: qlen; num: 0; context: sk_buff_head; | |
630 | [ 681.774954] CPU: 2 PID: 19 Comm: ksoftirqd/2 Tainted: G O 4.2.6.201511282239-1-grsec #1 | |
631 | [ 681.774955] Hardware name: ASUSTeK COMPUTER INC. X302LJ/X302LJ, BIOS X302LJ.202 03/05/2015 | |
632 | [ 681.774956] ffffffffa9a04863 0000000000000000 0000000000000000 ffffffffa990ff7c | |
633 | [ 681.774959] ffffc90000d3bc38 ffffffffa95d2810 0000000000000007 ffffffffa991002b | |
634 | [ 681.774960] ffffc90000d3bc68 ffffffffa91a44f4 0000000000000001 0000000000000001 | |
635 | [ 681.774962] Call Trace: | |
636 | [ 681.774967] [<ffffffffa95d2810>] dump_stack+0x4c/0x7f | |
637 | [ 681.774970] [<ffffffffa91a44f4>] report_size_overflow+0x34/0x50 | |
638 | [ 681.774972] [<ffffffffa94d17e2>] qdisc_tree_decrease_qlen+0x152/0x160 | |
639 | [ 681.774976] [<ffffffffc02694b1>] fq_codel_dequeue+0x7b1/0x820 [sch_fq_codel] | |
640 | [ 681.774978] [<ffffffffc02680a0>] ? qdisc_peek_dequeued+0xa0/0xa0 [sch_fq_codel] | |
641 | [ 681.774980] [<ffffffffa94cd92d>] __qdisc_run+0x4d/0x1d0 | |
642 | [ 681.774983] [<ffffffffa949b2b2>] net_tx_action+0xc2/0x160 | |
643 | [ 681.774985] [<ffffffffa90664c1>] __do_softirq+0xf1/0x200 | |
644 | [ 681.774987] [<ffffffffa90665ee>] run_ksoftirqd+0x1e/0x30 | |
645 | [ 681.774989] [<ffffffffa90896b0>] smpboot_thread_fn+0x150/0x260 | |
646 | [ 681.774991] [<ffffffffa9089560>] ? sort_range+0x40/0x40 | |
647 | [ 681.774992] [<ffffffffa9085fe4>] kthread+0xe4/0x100 | |
648 | [ 681.774994] [<ffffffffa9085f00>] ? kthread_worker_fn+0x170/0x170 | |
649 | [ 681.774995] [<ffffffffa95d8d1e>] ret_from_fork+0x3e/0x70 | |
650 | ||
651 | mq/mqprio have their own ways to report qlen/drops by folding stats on | |
652 | all their queues, with appropriate locking. | |
653 | ||
654 | A second problem is that qdisc_tree_decrease_qlen() calls qdisc_lookup() | |
655 | without proper locking : concurrent qdisc updates could corrupt the list | |
656 | that qdisc_match_from_root() parses to find a qdisc given its handle. | |
657 | ||
658 | Fix first problem adding a TCQ_F_NOPARENT qdisc flag that | |
659 | qdisc_tree_decrease_qlen() can use to abort its tree traversal, | |
660 | as soon as it meets a mq/mqprio qdisc children. | |
661 | ||
662 | Second problem can be fixed by RCU protection. | |
663 | Qdisc are already freed after RCU grace period, so qdisc_list_add() and | |
664 | qdisc_list_del() simply have to use appropriate rcu list variants. | |
665 | ||
666 | A future patch will add a per struct netdev_queue list anchor, so that | |
667 | qdisc_tree_decrease_qlen() can have more efficient lookups. | |
668 | ||
669 | Reported-by: Daniele Fucini <dfucini@gmail.com> | |
670 | Signed-off-by: Eric Dumazet <edumazet@google.com> | |
671 | Cc: Cong Wang <cwang@twopensource.com> | |
672 | Cc: Jamal Hadi Salim <jhs@mojatatu.com> | |
673 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
674 | ||
675 | Conflicts: | |
676 | ||
677 | net/sched/sch_generic.c | |
678 | ||
679 | include/net/sch_generic.h | 3 +++ | |
680 | net/sched/sch_api.c | 27 ++++++++++++++++++--------- | |
681 | net/sched/sch_generic.c | 2 +- | |
682 | net/sched/sch_mq.c | 4 ++-- | |
683 | net/sched/sch_mqprio.c | 4 ++-- | |
684 | 5 files changed, 26 insertions(+), 14 deletions(-) | |
685 | ||
686 | commit 47e3db55fb66525b7a769de3e2275b5d75a03f39 | |
687 | Author: Eric Dumazet <edumazet@google.com> | |
688 | Date: Tue Dec 1 07:20:07 2015 -0800 | |
689 | ||
690 | ipv6: sctp: implement sctp_v6_destroy_sock() | |
691 | ||
692 | Dmitry Vyukov reported a memory leak using IPV6 SCTP sockets. | |
693 | ||
694 | We need to call inet6_destroy_sock() to properly release | |
695 | inet6 specific fields. | |
696 | ||
697 | Reported-by: Dmitry Vyukov <dvyukov@google.com> | |
698 | Signed-off-by: Eric Dumazet <edumazet@google.com> | |
699 | Acked-by: Daniel Borkmann <daniel@iogearbox.net> | |
700 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
701 | ||
702 | net/sctp/socket.c | 9 ++++++++- | |
703 | 1 files changed, 8 insertions(+), 1 deletions(-) | |
704 | ||
705 | commit c97f798d6e4fb454a7bfbb39fc073c8f538863c9 | |
706 | Author: Jan Engelhardt <jengelh@inai.de> | |
707 | Date: Mon Nov 23 17:46:32 2015 +0100 | |
708 | ||
709 | target: fix COMPARE_AND_WRITE non zero SGL offset data corruption | |
710 | ||
711 | target_core_sbc's compare_and_write functionality suffers from taking | |
712 | data at the wrong memory location when writing a CAW request to disk | |
713 | when a SGL offset is non-zero. | |
714 | ||
715 | This can happen with loopback and vhost-scsi fabric drivers when | |
716 | SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC is used to map existing user-space | |
717 | SGL memory into COMPARE_AND_WRITE READ/WRITE payload buffers. | |
718 | ||
719 | Given the following sample LIO subtopology, | |
720 | ||
721 | % targetcli ls /loopback/ | |
722 | o- loopback ................................. [1 Target] | |
723 | o- naa.6001405ebb8df14a ....... [naa.60014059143ed2b3] | |
724 | o- luns ................................... [2 LUNs] | |
725 | o- lun0 ................ [iblock/ram0 (/dev/ram0)] | |
726 | o- lun1 ................ [iblock/ram1 (/dev/ram1)] | |
727 | % lsscsi -g | |
728 | [3:0:1:0] disk LIO-ORG IBLOCK 4.0 /dev/sdc /dev/sg3 | |
729 | [3:0:1:1] disk LIO-ORG IBLOCK 4.0 /dev/sdd /dev/sg4 | |
730 | ||
731 | the following bug can be observed in Linux 4.3 and 4.4~rc1: | |
732 | ||
733 | % perl -e 'print chr$_ for 0..255,reverse 0..255' >rand | |
734 | % perl -e 'print "\0" x 512' >zero | |
735 | % cat rand >/dev/sdd | |
736 | % sg_compare_and_write -i rand -D zero --lba 0 /dev/sdd | |
737 | % sg_compare_and_write -i zero -D rand --lba 0 /dev/sdd | |
738 | Miscompare reported | |
739 | % hexdump -Cn 512 /dev/sdd | |
740 | 00000000 0f 0e 0d 0c 0b 0a 09 08 07 06 05 04 03 02 01 00 | |
741 | 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | |
742 | * | |
743 | 00000200 | |
744 | ||
745 | Rather than writing all-zeroes as instructed with the -D file, it | |
746 | corrupts the data in the sector by splicing some of the original | |
747 | bytes in. The page of the first entry of cmd->t_data_sg includes the | |
748 | CDB, and sg->offset is set to a position past the CDB. I presume that | |
749 | sg->offset is also the right choice to use for subsequent sglist | |
750 | members. | |
751 | ||
752 | Signed-off-by: Jan Engelhardt <jengelh@netitwork.de> | |
753 | Tested-by: Douglas Gilbert <dgilbert@interlog.com> | |
754 | Cc: <stable@vger.kernel.org> # v3.12+ | |
755 | Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> | |
756 | ||
757 | drivers/target/target_core_sbc.c | 4 ++-- | |
758 | 1 files changed, 2 insertions(+), 2 deletions(-) | |
759 | ||
760 | commit 43aa1ca4268298d8f65be2411d627573f33afb3e | |
761 | Author: Nicholas Bellinger <nab@linux-iscsi.org> | |
762 | Date: Thu Nov 5 23:37:59 2015 -0800 | |
763 | ||
764 | target: Fix race for SCF_COMPARE_AND_WRITE_POST checking | |
765 | ||
766 | This patch addresses a race + use after free where the first | |
767 | stage of COMPARE_AND_WRITE in compare_and_write_callback() | |
768 | is rescheduled after the backend sends the secondary WRITE, | |
769 | resulting in second stage compare_and_write_post() callback | |
770 | completing in target_complete_ok_work() before the first | |
771 | can return. | |
772 | ||
773 | Because current code depends on checking se_cmd->se_cmd_flags | |
774 | after return from se_cmd->transport_complete_callback(), | |
775 | this results in first stage having SCF_COMPARE_AND_WRITE_POST | |
776 | set, which incorrectly falls through into second stage CAW | |
777 | processing code, eventually triggering a NULL pointer | |
778 | dereference due to use after free. | |
779 | ||
780 | To address this bug, pass in a new *post_ret parameter into | |
781 | se_cmd->transport_complete_callback(), and depend upon this | |
782 | value instead of ->se_cmd_flags to determine when to return | |
783 | or fall through into ->queue_status() code for CAW. | |
784 | ||
785 | Cc: Sagi Grimberg <sagig@mellanox.com> | |
786 | Cc: <stable@vger.kernel.org> # v3.12+ | |
787 | Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> | |
788 | ||
789 | drivers/target/target_core_sbc.c | 13 +++++++++---- | |
790 | drivers/target/target_core_transport.c | 14 ++++++++------ | |
791 | include/target/target_core_base.h | 2 +- | |
792 | 3 files changed, 18 insertions(+), 11 deletions(-) | |
793 | ||
794 | commit c26b157afe2cbde205fcdd36c0b0cc6ca36c2a6e | |
795 | Author: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
796 | Date: Thu Nov 26 12:08:18 2015 +0100 | |
797 | ||
798 | af-unix: passcred support for sendpage | |
799 | ||
800 | sendpage did not care about credentials at all. This could lead to | |
801 | situations in which because of fd passing between processes we could | |
802 | append data to skbs with different scm data. It is illegal to splice those | |
803 | skbs together. Instead we have to allocate a new skb and if requested | |
804 | fill out the scm details. | |
805 | ||
806 | Fixes: 869e7c62486ec ("net: af_unix: implement stream sendpage support") | |
807 | Reported-by: Al Viro <viro@zeniv.linux.org.uk> | |
808 | Cc: Al Viro <viro@zeniv.linux.org.uk> | |
809 | Cc: Eric Dumazet <edumazet@google.com> | |
810 | Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
811 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
812 | ||
813 | net/unix/af_unix.c | 79 ++++++++++++++++++++++++++++++++++++++++++---------- | |
814 | 1 files changed, 64 insertions(+), 15 deletions(-) | |
815 | ||
816 | commit db1370c0dee2dfc22c3549eff6791afd19aaa365 | |
817 | Author: Peter Hurley <peter@hurleysoftware.com> | |
818 | Date: Fri Nov 27 14:18:39 2015 -0500 | |
819 | ||
820 | wan/x25: Fix use-after-free in x25_asy_open_tty() | |
821 | ||
822 | The N_X25 line discipline may access the previous line discipline's closed | |
823 | and already-freed private data on open [1]. | |
824 | ||
825 | The tty->disc_data field _never_ refers to valid data on entry to the | |
826 | line discipline's open() method. Rather, the ldisc is expected to | |
827 | initialize that field for its own use for the lifetime of the instance | |
828 | (ie. from open() to close() only). | |
829 | ||
830 | [1] | |
831 | [ 634.336761] ================================================================== | |
832 | [ 634.338226] BUG: KASAN: use-after-free in x25_asy_open_tty+0x13d/0x490 at addr ffff8800a743efd0 | |
833 | [ 634.339558] Read of size 4 by task syzkaller_execu/8981 | |
834 | [ 634.340359] ============================================================================= | |
835 | [ 634.341598] BUG kmalloc-512 (Not tainted): kasan: bad access detected | |
836 | ... | |
837 | [ 634.405018] Call Trace: | |
838 | [ 634.405277] dump_stack (lib/dump_stack.c:52) | |
839 | [ 634.405775] print_trailer (mm/slub.c:655) | |
840 | [ 634.406361] object_err (mm/slub.c:662) | |
841 | [ 634.406824] kasan_report_error (mm/kasan/report.c:138 mm/kasan/report.c:236) | |
842 | [ 634.409581] __asan_report_load4_noabort (mm/kasan/report.c:279) | |
843 | [ 634.411355] x25_asy_open_tty (drivers/net/wan/x25_asy.c:559 (discriminator 1)) | |
844 | [ 634.413997] tty_ldisc_open.isra.2 (drivers/tty/tty_ldisc.c:447) | |
845 | [ 634.414549] tty_set_ldisc (drivers/tty/tty_ldisc.c:567) | |
846 | [ 634.415057] tty_ioctl (drivers/tty/tty_io.c:2646 drivers/tty/tty_io.c:2879) | |
847 | [ 634.423524] do_vfs_ioctl (fs/ioctl.c:43 fs/ioctl.c:607) | |
848 | [ 634.427491] SyS_ioctl (fs/ioctl.c:622 fs/ioctl.c:613) | |
849 | [ 634.427945] entry_SYSCALL_64_fastpath (arch/x86/entry/entry_64.S:188) | |
850 | ||
851 | Reported-and-tested-by: Sasha Levin <sasha.levin@oracle.com> | |
852 | Cc: <stable@vger.kernel.org> | |
853 | Signed-off-by: Peter Hurley <peter@hurleysoftware.com> | |
854 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
855 | ||
856 | drivers/net/wan/x25_asy.c | 6 +----- | |
857 | 1 files changed, 1 insertions(+), 5 deletions(-) | |
858 | ||
859 | commit 39f32f33dc362f9704113cc7874238792f8294c9 | |
860 | Author: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> | |
861 | Date: Mon Nov 30 14:32:54 2015 -0200 | |
862 | ||
863 | sctp: use GFP_USER for user-controlled kmalloc | |
864 | ||
865 | Dmitry Vyukov reported that the user could trigger a kernel warning by | |
866 | using a large len value for getsockopt SCTP_GET_LOCAL_ADDRS, as that | |
867 | value directly affects the value used as a kmalloc() parameter. | |
868 | ||
869 | This patch thus switches the allocation flags from all user-controllable | |
870 | kmalloc size to GFP_USER to put some more restrictions on it and also | |
871 | disables the warn, as they are not necessary. | |
872 | ||
873 | Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> | |
874 | Acked-by: Daniel Borkmann <daniel@iogearbox.net> | |
875 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
876 | ||
877 | net/sctp/socket.c | 4 ++-- | |
878 | 1 files changed, 2 insertions(+), 2 deletions(-) | |
879 | ||
18e926a4 PK |
880 | commit 70614db891859ff8474665fc0e982e772c5baf6c |
881 | Merge: 2aa7479 7f57ad4 | |
882 | Author: Brad Spengler <spender@grsecurity.net> | |
883 | Date: Sat Nov 28 21:58:09 2015 -0500 | |
884 | ||
885 | Merge branch 'pax-test' into grsec-test | |
886 | ||
887 | commit 7f57ad48fc90cc2c942ef8cad44804ea6cdbfc67 | |
888 | Author: Brad Spengler <spender@grsecurity.net> | |
889 | Date: Sat Nov 28 21:57:41 2015 -0500 | |
890 | ||
891 | Update to pax-linux-4.2.6-test25.patch: | |
892 | - fixed constify regression, reported by spender | |
893 | ||
894 | tools/gcc/constify_plugin.c | 14 +++++++------- | |
895 | tools/gcc/initify_plugin.c | 2 +- | |
896 | .../size_overflow_plugin/size_overflow_transform.c | 13 ++++++------- | |
897 | tools/gcc/structleak_plugin.c | 2 +- | |
898 | 4 files changed, 15 insertions(+), 16 deletions(-) | |
899 | ||
900 | commit 2aa74790571aaea3d90191b1d235f580600d109f | |
901 | Merge: e10e76a 0851e20 | |
902 | Author: Brad Spengler <spender@grsecurity.net> | |
903 | Date: Fri Nov 27 21:02:06 2015 -0500 | |
904 | ||
905 | Merge branch 'pax-test' into grsec-test | |
906 | ||
907 | commit 0851e206a7d21e18d353984cb3f827158ce4237b | |
908 | Author: Brad Spengler <spender@grsecurity.net> | |
909 | Date: Fri Nov 27 21:01:41 2015 -0500 | |
910 | ||
911 | Update to pax-linux-4.2.6-test24.patch: | |
912 | - Emese fixed a few false positive overflow reports due to intentional overflows introduced by gcc, reported by Arnaud, kdave (https://forums.grsecurity.net/viewtopic.php?t=4287&p=15813#p15799) and rfnx (https://forums.grsecurity.net/viewtopic.php?t=4322) | |
913 | - Emese fixed a false positive size overflow report in ext4, reported by saironiq (https://forums.grsecurity.net/viewtopic.php?f=3&t=4324) | |
914 | - fixed a potential integer truncation error in the raid10 code caught by the size overflow plugin, reported by Alexander Tsoy (https://bugs.gentoo.org/show_bug.cgi?id=566316#c10) | |
915 | - fixed a few integer sign conversion errors in the kernel's zlib code caught by the size overflow plugin, reported by audiocricket (https://forums.grsecurity.net/viewtopic.php?f=3&t=4325) | |
916 | - fixed the handling of the no-constify constify plugin parameter | |
917 | - constified kvm_x86_ops | |
918 | - fixed macro param usage in access_ok, reported by gcc-6 | |
919 | - turned off ipa-icf on the size overflow plugin as gcc-5 compiles it very slowly | |
920 | - fixed all plugins for gcc-6 | |
921 | ||
922 | arch/arm/kvm/arm.c | 2 +- | |
923 | arch/mips/kvm/mips.c | 2 +- | |
924 | arch/powerpc/kvm/powerpc.c | 2 +- | |
925 | arch/x86/include/asm/uaccess.h | 2 +- | |
926 | arch/x86/kvm/svm.c | 2 +- | |
927 | arch/x86/kvm/vmx.c | 24 ++++---- | |
928 | arch/x86/kvm/x86.c | 2 +- | |
929 | crypto/zlib.c | 8 +- | |
930 | drivers/md/raid10.c | 2 +- | |
931 | include/linux/kvm_host.h | 4 +- | |
932 | scripts/Makefile.host | 6 ++ | |
933 | tools/gcc/constify_plugin.c | 27 +++++--- | |
934 | tools/gcc/initify_plugin.c | 6 +- | |
935 | tools/gcc/kernexec_plugin.c | 10 +-- | |
936 | tools/gcc/size_overflow_plugin/Makefile | 2 + | |
937 | .../disable_size_overflow_hash.data | 3 + | |
938 | .../insert_size_overflow_asm.c | 2 +- | |
939 | .../size_overflow_plugin/intentional_overflow.c | 63 ++++++++++++++++++++ | |
940 | tools/gcc/size_overflow_plugin/size_overflow.h | 1 + | |
941 | .../gcc/size_overflow_plugin/size_overflow_debug.c | 2 +- | |
942 | .../size_overflow_plugin/size_overflow_hash.data | 3 - | |
943 | tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 2 +- | |
944 | .../size_overflow_plugin/size_overflow_plugin.c | 2 +- | |
945 | .../size_overflow_plugin/size_overflow_transform.c | 14 +++-- | |
946 | .../size_overflow_transform_core.c | 2 + | |
947 | virt/kvm/kvm_main.c | 2 +- | |
948 | 26 files changed, 140 insertions(+), 57 deletions(-) | |
949 | ||
950 | commit e10e76a7ca9aab3528a613e91b556fd2f961c446 | |
951 | Author: Brad Spengler <spender@grsecurity.net> | |
952 | Date: Fri Nov 27 20:04:14 2015 -0500 | |
953 | ||
954 | update RANDSTRUCT for gcc6 | |
955 | ||
956 | tools/gcc/randomize_layout_plugin.c | 2 +- | |
957 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
958 | ||
959 | commit dd166b8680fdf8a72b44f175630803f33f442428 | |
960 | Author: Filipe Manana <fdmanana@suse.com> | |
961 | Date: Fri Oct 16 12:34:25 2015 +0100 | |
962 | ||
963 | Btrfs: fix truncation of compressed and inlined extents | |
964 | ||
965 | When truncating a file to a smaller size which consists of an inline | |
966 | extent that is compressed, we did not discard (or made unusable) the | |
967 | data between the new file size and the old file size, wasting metadata | |
968 | space and allowing for the truncated data to be leaked and the data | |
969 | corruption/loss mentioned below. | |
970 | We were also not correctly decrementing the number of bytes used by the | |
971 | inode, we were setting it to zero, giving a wrong report for callers of | |
972 | the stat(2) syscall. The fsck tool also reported an error about a mismatch | |
973 | between the nbytes of the file versus the real space used by the file. | |
974 | ||
975 | Now because we weren't discarding the truncated region of the file, it | |
976 | was possible for a caller of the clone ioctl to actually read the data | |
977 | that was truncated, allowing for a security breach without requiring root | |
978 | access to the system, using only standard filesystem operations. The | |
979 | scenario is the following: | |
980 | ||
981 | 1) User A creates a file which consists of an inline and compressed | |
982 | extent with a size of 2000 bytes - the file is not accessible to | |
983 | any other users (no read, write or execution permission for anyone | |
984 | else); | |
985 | ||
986 | 2) The user truncates the file to a size of 1000 bytes; | |
987 | ||
988 | 3) User A makes the file world readable; | |
989 | ||
990 | 4) User B creates a file consisting of an inline extent of 2000 bytes; | |
991 | ||
992 | 5) User B issues a clone operation from user A's file into its own | |
993 | file (using a length argument of 0, clone the whole range); | |
994 | ||
995 | 6) User B now gets to see the 1000 bytes that user A truncated from | |
996 | its file before it made its file world readbale. User B also lost | |
997 | the bytes in the range [1000, 2000[ bytes from its own file, but | |
998 | that might be ok if his/her intention was reading stale data from | |
999 | user A that was never supposed to be public. | |
1000 | ||
1001 | Note that this contrasts with the case where we truncate a file from 2000 | |
1002 | bytes to 1000 bytes and then truncate it back from 1000 to 2000 bytes. In | |
1003 | this case reading any byte from the range [1000, 2000[ will return a value | |
1004 | of 0x00, instead of the original data. | |
1005 | ||
1006 | This problem exists since the clone ioctl was added and happens both with | |
1007 | and without my recent data loss and file corruption fixes for the clone | |
1008 | ioctl (patch "Btrfs: fix file corruption and data loss after cloning | |
1009 | inline extents"). | |
1010 | ||
1011 | So fix this by truncating the compressed inline extents as we do for the | |
1012 | non-compressed case, which involves decompressing, if the data isn't already | |
1013 | in the page cache, compressing the truncated version of the extent, writing | |
1014 | the compressed content into the inline extent and then truncate it. | |
1015 | ||
1016 | The following test case for fstests reproduces the problem. In order for | |
1017 | the test to pass both this fix and my previous fix for the clone ioctl | |
1018 | that forbids cloning a smaller inline extent into a larger one, | |
1019 | which is titled "Btrfs: fix file corruption and data loss after cloning | |
1020 | inline extents", are needed. Without that other fix the test fails in a | |
1021 | different way that does not leak the truncated data, instead part of | |
1022 | destination file gets replaced with zeroes (because the destination file | |
1023 | has a larger inline extent than the source). | |
1024 | ||
1025 | seq=`basename $0` | |
1026 | seqres=$RESULT_DIR/$seq | |
1027 | echo "QA output created by $seq" | |
1028 | tmp=/tmp/$$ | |
1029 | status=1 # failure is the default! | |
1030 | trap "_cleanup; exit \$status" 0 1 2 3 15 | |
1031 | ||
1032 | _cleanup() | |
1033 | { | |
1034 | rm -f $tmp.* | |
1035 | } | |
1036 | ||
1037 | # get standard environment, filters and checks | |
1038 | . ./common/rc | |
1039 | . ./common/filter | |
1040 | ||
1041 | # real QA test starts here | |
1042 | _need_to_be_root | |
1043 | _supported_fs btrfs | |
1044 | _supported_os Linux | |
1045 | _require_scratch | |
1046 | _require_cloner | |
1047 | ||
1048 | rm -f $seqres.full | |
1049 | ||
1050 | _scratch_mkfs >>$seqres.full 2>&1 | |
1051 | _scratch_mount "-o compress" | |
1052 | ||
1053 | # Create our test files. File foo is going to be the source of a clone operation | |
1054 | # and consists of a single inline extent with an uncompressed size of 512 bytes, | |
1055 | # while file bar consists of a single inline extent with an uncompressed size of | |
1056 | # 256 bytes. For our test's purpose, it's important that file bar has an inline | |
1057 | # extent with a size smaller than foo's inline extent. | |
1058 | $XFS_IO_PROG -f -c "pwrite -S 0xa1 0 128" \ | |
1059 | -c "pwrite -S 0x2a 128 384" \ | |
1060 | $SCRATCH_MNT/foo | _filter_xfs_io | |
1061 | $XFS_IO_PROG -f -c "pwrite -S 0xbb 0 256" $SCRATCH_MNT/bar | _filter_xfs_io | |
1062 | ||
1063 | # Now durably persist all metadata and data. We do this to make sure that we get | |
1064 | # on disk an inline extent with a size of 512 bytes for file foo. | |
1065 | sync | |
1066 | ||
1067 | # Now truncate our file foo to a smaller size. Because it consists of a | |
1068 | # compressed and inline extent, btrfs did not shrink the inline extent to the | |
1069 | # new size (if the extent was not compressed, btrfs would shrink it to 128 | |
1070 | # bytes), it only updates the inode's i_size to 128 bytes. | |
1071 | $XFS_IO_PROG -c "truncate 128" $SCRATCH_MNT/foo | |
1072 | ||
1073 | # Now clone foo's inline extent into bar. | |
1074 | # This clone operation should fail with errno EOPNOTSUPP because the source | |
1075 | # file consists only of an inline extent and the file's size is smaller than | |
1076 | # the inline extent of the destination (128 bytes < 256 bytes). However the | |
1077 | # clone ioctl was not prepared to deal with a file that has a size smaller | |
1078 | # than the size of its inline extent (something that happens only for compressed | |
1079 | # inline extents), resulting in copying the full inline extent from the source | |
1080 | # file into the destination file. | |
1081 | # | |
1082 | # Note that btrfs' clone operation for inline extents consists of removing the | |
1083 | # inline extent from the destination inode and copy the inline extent from the | |
1084 | # source inode into the destination inode, meaning that if the destination | |
1085 | # inode's inline extent is larger (N bytes) than the source inode's inline | |
1086 | # extent (M bytes), some bytes (N - M bytes) will be lost from the destination | |
1087 | # file. Btrfs could copy the source inline extent's data into the destination's | |
1088 | # inline extent so that we would not lose any data, but that's currently not | |
1089 | # done due to the complexity that would be needed to deal with such cases | |
1090 | # (specially when one or both extents are compressed), returning EOPNOTSUPP, as | |
1091 | # it's normally not a very common case to clone very small files (only case | |
1092 | # where we get inline extents) and copying inline extents does not save any | |
1093 | # space (unlike for normal, non-inlined extents). | |
1094 | $CLONER_PROG -s 0 -d 0 -l 0 $SCRATCH_MNT/foo $SCRATCH_MNT/bar | |
1095 | ||
1096 | # Now because the above clone operation used to succeed, and due to foo's inline | |
1097 | # extent not being shinked by the truncate operation, our file bar got the whole | |
1098 | # inline extent copied from foo, making us lose the last 128 bytes from bar | |
1099 | # which got replaced by the bytes in range [128, 256[ from foo before foo was | |
1100 | # truncated - in other words, data loss from bar and being able to read old and | |
1101 | # stale data from foo that should not be possible to read anymore through normal | |
1102 | # filesystem operations. Contrast with the case where we truncate a file from a | |
1103 | # size N to a smaller size M, truncate it back to size N and then read the range | |
1104 | # [M, N[, we should always get the value 0x00 for all the bytes in that range. | |
1105 | ||
1106 | # We expected the clone operation to fail with errno EOPNOTSUPP and therefore | |
1107 | # not modify our file's bar data/metadata. So its content should be 256 bytes | |
1108 | # long with all bytes having the value 0xbb. | |
1109 | # | |
1110 | # Without the btrfs bug fix, the clone operation succeeded and resulted in | |
1111 | # leaking truncated data from foo, the bytes that belonged to its range | |
1112 | # [128, 256[, and losing data from bar in that same range. So reading the | |
1113 | # file gave us the following content: | |
1114 | # | |
1115 | # 0000000 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 | |
1116 | # * | |
1117 | # 0000200 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a | |
1118 | # * | |
1119 | # 0000400 | |
1120 | echo "File bar's content after the clone operation:" | |
1121 | od -t x1 $SCRATCH_MNT/bar | |
1122 | ||
1123 | # Also because the foo's inline extent was not shrunk by the truncate | |
1124 | # operation, btrfs' fsck, which is run by the fstests framework everytime a | |
1125 | # test completes, failed reporting the following error: | |
1126 | # | |
1127 | # root 5 inode 257 errors 400, nbytes wrong | |
1128 | ||
1129 | status=0 | |
1130 | exit | |
1131 | ||
1132 | Cc: stable@vger.kernel.org | |
1133 | Signed-off-by: Filipe Manana <fdmanana@suse.com> | |
1134 | ||
1135 | fs/btrfs/inode.c | 82 ++++++++++++++++++++++++++++++++++++++++++++--------- | |
1136 | 1 files changed, 68 insertions(+), 14 deletions(-) | |
1137 | ||
1138 | commit fe6936fd0f41ee2dccce47f5642251649a54e4d4 | |
1139 | Author: Christoph Biedl <linux-kernel.bfrz@manchmal.in-ulm.de> | |
1140 | Date: Wed Nov 25 07:47:40 2015 +0100 | |
1141 | ||
1142 | isdn: Partially revert debug format string usage clean up | |
1143 | ||
1144 | Commit 35a4a57 ("isdn: clean up debug format string usage") introduced | |
1145 | a safeguard to avoid accidential format string interpolation of data | |
1146 | when calling debugl1 or HiSax_putstatus. This did however not take into | |
1147 | account VHiSax_putstatus (called by HiSax_putstatus) does *not* call | |
1148 | vsprintf if the head parameter is NULL - the format string is treated | |
1149 | as plain text then instead. As a result, the string "%s" is processed | |
1150 | literally, and the actual information is lost. This affects the isdnlog | |
1151 | userspace program which stopped logging information since that commit. | |
1152 | ||
1153 | So revert the HiSax_putstatus invocations to the previous state. | |
1154 | ||
1155 | Fixes: 35a4a5733b0a ("isdn: clean up debug format string usage") | |
1156 | Cc: Kees Cook <keescook@chromium.org> | |
1157 | Cc: Karsten Keil <isdn@linux-pingi.de> | |
1158 | Signed-off-by: Christoph Biedl <linux-kernel.bfrz@manchmal.in-ulm.de> | |
1159 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
1160 | ||
1161 | drivers/isdn/hisax/config.c | 2 +- | |
1162 | drivers/isdn/hisax/hfc_pci.c | 2 +- | |
1163 | drivers/isdn/hisax/hfc_sx.c | 2 +- | |
1164 | drivers/isdn/hisax/q931.c | 6 +++--- | |
1165 | 4 files changed, 6 insertions(+), 6 deletions(-) | |
1166 | ||
1167 | commit 574035e44b3d49a71f1c0737b7b49bf60ddf0ce7 | |
1168 | Author: Brad Spengler <spender@grsecurity.net> | |
1169 | Date: Wed Nov 25 20:24:52 2015 -0500 | |
1170 | ||
1171 | future-proof the code against users of VM_NO_GUARD, mark KASAN as an incompatibility with KSTACKOVERFLOW | |
1172 | ||
1173 | lib/Kconfig.kasan | 2 +- | |
1174 | mm/vmalloc.c | 2 ++ | |
1175 | 2 files changed, 3 insertions(+), 1 deletions(-) | |
1176 | ||
1177 | commit 8a355f2c56ecd40ada14fd16717105ea9a9ac0b5 | |
1178 | Author: Al Viro <viro@zeniv.linux.org.uk> | |
1179 | Date: Mon Nov 23 21:11:08 2015 -0500 | |
1180 | ||
1181 | fix sysvfs symlinks | |
1182 | ||
1183 | The thing got broken back in 2002 - sysvfs does *not* have inline | |
1184 | symlinks; even short ones have bodies stored in the first block | |
1185 | of file. sysv_symlink() handles that correctly; unfortunately, | |
1186 | attempting to look an existing symlink up will end up confusing | |
1187 | them for inline symlinks, and interpret the block number containing | |
1188 | the body as the body itself. | |
1189 | ||
1190 | Nobody has noticed until now, which says something about the level | |
1191 | of testing sysvfs gets ;-/ | |
1192 | ||
1193 | Cc: stable@vger.kernel.org # all of them, not that anyone cared | |
1194 | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> | |
1195 | ||
1196 | fs/sysv/inode.c | 11 ++--------- | |
1197 | 1 files changed, 2 insertions(+), 9 deletions(-) | |
1198 | ||
1199 | commit 195f1b816ff4cdcc8defc2dc0424cf25a0d937fb | |
1200 | Author: Jan Kara <jack@suse.cz> | |
1201 | Date: Mon Nov 23 13:09:50 2015 +0100 | |
1202 | ||
1203 | vfs: Make sendfile(2) killable even better | |
1204 | ||
1205 | Commit 296291cdd162 (mm: make sendfile(2) killable) fixed an issue where | |
1206 | sendfile(2) was doing a lot of tiny writes into a filesystem and thus | |
1207 | was unkillable for a long time. However sendfile(2) can be (mis)used to | |
1208 | issue lots of writes into arbitrary file descriptor such as evenfd or | |
1209 | similar special file descriptors which never hit the standard filesystem | |
1210 | write path and thus are still unkillable. E.g. the following example | |
1211 | from Dmitry burns CPU for ~16s on my test system without possibility to | |
1212 | be killed: | |
1213 | ||
1214 | int r1 = eventfd(0, 0); | |
1215 | int r2 = memfd_create("", 0); | |
1216 | unsigned long n = 1<<30; | |
1217 | fallocate(r2, 0, 0, n); | |
1218 | sendfile(r1, r2, 0, n); | |
1219 | ||
1220 | There are actually quite a few tests for pending signals in sendfile | |
1221 | code however we data to write is always available none of them seems to | |
1222 | trigger. So fix the problem by adding a test for pending signal into | |
1223 | splice_from_pipe_next() also before the loop waiting for pipe buffers to | |
1224 | be available. This should fix all the lockup issues with sendfile of the | |
1225 | do-ton-of-tiny-writes nature. | |
1226 | ||
1227 | CC: stable@vger.kernel.org | |
1228 | Reported-by: Dmitry Vyukov <dvyukov@google.com> | |
1229 | Signed-off-by: Jan Kara <jack@suse.cz> | |
1230 | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> | |
1231 | ||
1232 | fs/splice.c | 7 +++++++ | |
1233 | 1 files changed, 7 insertions(+), 0 deletions(-) | |
1234 | ||
1235 | commit 92470552efa5a49718308238c7da9ba2579a1147 | |
1236 | Author: Jan Kara <jack@suse.cz> | |
1237 | Date: Mon Nov 23 13:09:51 2015 +0100 | |
1238 | ||
1239 | vfs: Avoid softlockups with sendfile(2) | |
1240 | ||
1241 | The following test program from Dmitry can cause softlockups or RCU | |
1242 | stalls as it copies 1GB from tmpfs into eventfd and we don't have any | |
1243 | scheduling point at that path in sendfile(2) implementation: | |
1244 | ||
1245 | int r1 = eventfd(0, 0); | |
1246 | int r2 = memfd_create("", 0); | |
1247 | unsigned long n = 1<<30; | |
1248 | fallocate(r2, 0, 0, n); | |
1249 | sendfile(r1, r2, 0, n); | |
1250 | ||
1251 | Add cond_resched() into __splice_from_pipe() to fix the problem. | |
1252 | ||
1253 | CC: Dmitry Vyukov <dvyukov@google.com> | |
1254 | CC: stable@vger.kernel.org | |
1255 | Signed-off-by: Jan Kara <jack@suse.cz> | |
1256 | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> | |
1257 | ||
1258 | fs/splice.c | 1 + | |
1259 | 1 files changed, 1 insertions(+), 0 deletions(-) | |
1260 | ||
1261 | commit 28ab97eb348dca6653eccb40d012103786d03ae6 | |
1262 | Author: Eric Dumazet <edumazet@google.com> | |
1263 | Date: Tue Nov 24 11:39:54 2015 -0800 | |
1264 | ||
1265 | pidns: fix NULL dereference in __task_pid_nr_ns() | |
1266 | ||
1267 | I got a crash during a "perf top" session that was caused by a race in | |
1268 | __task_pid_nr_ns() : | |
1269 | ||
1270 | pid_nr_ns() was inlined, but apparently compiler chose to read | |
1271 | task->pids[type].pid twice, and the pid->level dereference crashed | |
1272 | because we got a NULL pointer at the second read : | |
1273 | ||
1274 | if (pid && ns->level <= pid->level) { // CRASH | |
1275 | ||
1276 | Just use RCU API properly to solve this race, and not worry about "perf | |
1277 | top" crashing hosts :( | |
1278 | ||
1279 | get_task_pid() can benefit from same fix. | |
1280 | ||
1281 | Signed-off-by: Eric Dumazet <edumazet@google.com> | |
1282 | Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | |
1283 | ||
1284 | kernel/pid.c | 4 ++-- | |
1285 | 1 files changed, 2 insertions(+), 2 deletions(-) | |
1286 | ||
347ea7b0 PK |
1287 | commit 2545f7485c4676c52855750b992d8c1921e559c4 |
1288 | Merge: 93a41eb 83df348 | |
1289 | Author: Brad Spengler <spender@grsecurity.net> | |
1290 | Date: Mon Nov 23 20:30:33 2015 -0500 | |
1291 | ||
1292 | Merge branch 'pax-test' into grsec-test | |
1293 | ||
1294 | commit 83df3482b33ef4d8192a253a6852e9a9db1f7dca | |
1295 | Author: Brad Spengler <spender@grsecurity.net> | |
1296 | Date: Mon Nov 23 20:30:16 2015 -0500 | |
1297 | ||
1298 | Update to pax-linux-4.2.6-test23.patch: | |
1299 | - fixed gcc-common.h regression under gcc-5, reported by Arnaud and coldhak | |
1300 | - fixed ath10k compile error with the size overflow plugin, reported by victor and careta (https://forums.grsecurity.net/viewtopic.php?t=4323) | |
1301 | ||
1302 | drivers/net/wireless/ath/ath10k/ce.c | 4 ++-- | |
1303 | tools/gcc/gcc-common.h | 13 ++++++------- | |
1304 | 2 files changed, 8 insertions(+), 9 deletions(-) | |
1305 | ||
1306 | commit 93a41eb6e3a7ab9446658b6d2ec4623014b55232 | |
1307 | Author: Brad Spengler <spender@grsecurity.net> | |
1308 | Date: Sun Nov 22 17:14:38 2015 -0500 | |
1309 | ||
1310 | update gcc-common.h | |
1311 | ||
1312 | tools/gcc/gcc-common.h | 13 ++++++------- | |
1313 | 1 files changed, 6 insertions(+), 7 deletions(-) | |
1314 | ||
1315 | commit 7da11be9f025bd8193f03f9b32697bc1ce8ac650 | |
1316 | Author: Andrew Cooper <andrew.cooper3@citrix.com> | |
1317 | Date: Wed Jun 3 10:31:14 2015 +0100 | |
1318 | ||
1319 | x86/cpu: Fix SMAP check in PVOPS environments | |
1320 | ||
1321 | There appears to be no formal statement of what pv_irq_ops.save_fl() is | |
1322 | supposed to return precisely. Native returns the full flags, while lguest and | |
1323 | Xen only return the Interrupt Flag, and both have comments by the | |
1324 | implementations stating that only the Interrupt Flag is looked at. This may | |
1325 | have been true when initially implemented, but no longer is. | |
1326 | ||
1327 | To make matters worse, the Xen PVOP leaves the upper bits undefined, making | |
1328 | the BUG_ON() undefined behaviour. Experimentally, this now trips for 32bit PV | |
1329 | guests on Broadwell hardware. The BUG_ON() is consistent for an individual | |
1330 | build, but not consistent for all builds. It has also been a sitting timebomb | |
1331 | since SMAP support was introduced. | |
1332 | ||
1333 | Use native_save_fl() instead, which will obtain an accurate view of the AC | |
1334 | flag. | |
1335 | ||
1336 | Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> | |
1337 | Reviewed-by: David Vrabel <david.vrabel@citrix.com> | |
1338 | Tested-by: Rusty Russell <rusty@rustcorp.com.au> | |
1339 | Cc: Rusty Russell <rusty@rustcorp.com.au> | |
1340 | Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> | |
1341 | Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> | |
1342 | Cc: <lguest@lists.ozlabs.org> | |
1343 | Cc: Xen-devel <xen-devel@lists.xen.org> | |
1344 | CC: stable@vger.kernel.org | |
1345 | Link: http://lkml.kernel.org/r/1433323874-6927-1-git-send-email-andrew.cooper3@citrix.com | |
1346 | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> | |
1347 | ||
1348 | arch/x86/kernel/cpu/common.c | 3 +-- | |
1349 | 1 files changed, 1 insertions(+), 2 deletions(-) | |
1350 | ||
1351 | commit 08ce34cf092b9f1b5311f156df4182a282bf7acc | |
1352 | Author: Dave Hansen <dave.hansen@linux.intel.com> | |
1353 | Date: Wed Nov 11 10:19:31 2015 -0800 | |
1354 | ||
1355 | x86/mpx: Do proper get_user() when running 32-bit binaries on 64-bit kernels | |
1356 | ||
1357 | When you call get_user(foo, bar), you effectively do a | |
1358 | ||
1359 | copy_from_user(&foo, bar, sizeof(*bar)); | |
1360 | ||
1361 | Note that the sizeof() is implicit. | |
1362 | ||
1363 | When we reach out to userspace to try to zap an entire "bounds | |
1364 | table" we need to go read a "bounds directory entry" in order to | |
1365 | locate the table's address. The size of a "directory entry" | |
1366 | depends on the binary being run and is always the size of a | |
1367 | pointer. | |
1368 | ||
1369 | But, when we have a 64-bit kernel and a 32-bit application, the | |
1370 | directory entry is still only 32-bits long, but we fetch it with | |
1371 | a 64-bit pointer which makes get_user() does a 64-bit fetch. | |
1372 | Reading 4 extra bytes isn't harmful, unless we are at the end of | |
1373 | and run off the table. It might also cause the zero page to get | |
1374 | faulted in unnecessarily even if you are not at the end. | |
1375 | ||
1376 | Fix it up by doing a special 32-bit get_user() via a cast when | |
1377 | we have 32-bit userspace. | |
1378 | ||
1379 | Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> | |
1380 | Cc: <stable@vger.kernel.org> | |
1381 | Cc: Andy Lutomirski <luto@amacapital.net> | |
1382 | Cc: Borislav Petkov <bp@alien8.de> | |
1383 | Cc: Brian Gerst <brgerst@gmail.com> | |
1384 | Cc: Dave Hansen <dave@sr71.net> | |
1385 | Cc: Denys Vlasenko <dvlasenk@redhat.com> | |
1386 | Cc: H. Peter Anvin <hpa@zytor.com> | |
1387 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
1388 | Cc: Peter Zijlstra <peterz@infradead.org> | |
1389 | Cc: Thomas Gleixner <tglx@linutronix.de> | |
1390 | Link: http://lkml.kernel.org/r/20151111181931.3ACF6822@viggo.jf.intel.com | |
1391 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
1392 | ||
1393 | arch/x86/mm/mpx.c | 25 ++++++++++++++++++++++++- | |
1394 | 1 files changed, 24 insertions(+), 1 deletions(-) | |
1395 | ||
1396 | commit 9e1e1d1d6f6f41b13a6e85f25e27aee4410f58bf | |
1397 | Author: Dave Hansen <dave.hansen@linux.intel.com> | |
1398 | Date: Wed Nov 11 10:19:34 2015 -0800 | |
1399 | ||
1400 | x86/mpx: Fix 32-bit address space calculation | |
1401 | ||
1402 | I received a bug report that running 32-bit MPX binaries on | |
1403 | 64-bit kernels was broken. I traced it down to this little code | |
1404 | snippet. We were switching our "number of bounds directory | |
1405 | entries" calculation correctly. But, we didn't switch the other | |
1406 | side of the calculation: the virtual space size. | |
1407 | ||
1408 | This meant that we were calculating an absurd size for | |
1409 | bd_entry_virt_space() on 32-bit because we used the 64-bit | |
1410 | virt_space. | |
1411 | ||
1412 | This was _also_ broken for 32-bit kernels running on 64-bit | |
1413 | hardware since boot_cpu_data.x86_virt_bits=48 even when running | |
1414 | in 32-bit mode. | |
1415 | ||
1416 | Correct that and properly handle all 3 possible cases: | |
1417 | ||
1418 | 1. 32-bit binary on 64-bit kernel | |
1419 | 2. 64-bit binary on 64-bit kernel | |
1420 | 3. 32-bit binary on 32-bit kernel | |
1421 | ||
1422 | This manifested in having bounds tables not properly unmapped. | |
1423 | It "leaked" memory but had no functional impact otherwise. | |
1424 | ||
1425 | Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> | |
1426 | Cc: <stable@vger.kernel.org> | |
1427 | Cc: Andy Lutomirski <luto@amacapital.net> | |
1428 | Cc: Borislav Petkov <bp@alien8.de> | |
1429 | Cc: Brian Gerst <brgerst@gmail.com> | |
1430 | Cc: Dave Hansen <dave@sr71.net> | |
1431 | Cc: Denys Vlasenko <dvlasenk@redhat.com> | |
1432 | Cc: H. Peter Anvin <hpa@zytor.com> | |
1433 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
1434 | Cc: Peter Zijlstra <peterz@infradead.org> | |
1435 | Cc: Thomas Gleixner <tglx@linutronix.de> | |
1436 | Link: http://lkml.kernel.org/r/20151111181934.FA7FAC34@viggo.jf.intel.com | |
1437 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
1438 | ||
1439 | arch/x86/mm/mpx.c | 22 +++++++++++++++++----- | |
1440 | 1 files changed, 17 insertions(+), 5 deletions(-) | |
1441 | ||
1442 | commit c197eee75054d90aafe695c0edb4f25feb469292 | |
1443 | Author: Huaitong Han <huaitong.han@intel.com> | |
1444 | Date: Fri Nov 6 17:00:23 2015 +0800 | |
1445 | ||
1446 | x86/fpu: Fix get_xsave_addr() behavior under virtualization | |
1447 | ||
1448 | KVM uses the get_xsave_addr() function in a different fashion from | |
1449 | the native kernel, in that the 'xsave' parameter belongs to guest vcpu, | |
1450 | not the currently running task. | |
1451 | ||
1452 | But 'xsave' is replaced with current task's (host) xsave structure, so | |
1453 | get_xsave_addr() will incorrectly return the bad xsave address to KVM. | |
1454 | ||
1455 | Fix it so that the passed in 'xsave' address is used - as intended | |
1456 | originally. | |
1457 | ||
1458 | Signed-off-by: Huaitong Han <huaitong.han@intel.com> | |
1459 | Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com> | |
1460 | Cc: <stable@vger.kernel.org> | |
1461 | Cc: Andy Lutomirski <luto@amacapital.net> | |
1462 | Cc: Paolo Bonzini <pbonzini@redhat.com> | |
1463 | Cc: Borislav Petkov <bp@alien8.de> | |
1464 | Cc: Fenghua Yu <fenghua.yu@intel.com> | |
1465 | Cc: H. Peter Anvin <hpa@zytor.com> | |
1466 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
1467 | Cc: Oleg Nesterov <oleg@redhat.com> | |
1468 | Cc: Peter Zijlstra <peterz@infradead.org> | |
1469 | Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com> | |
1470 | Cc: Thomas Gleixner <tglx@linutronix.de> | |
1471 | Cc: dave.hansen@intel.com | |
1472 | Link: http://lkml.kernel.org/r/1446800423-21622-1-git-send-email-huaitong.han@intel.com | |
1473 | [ Tidied up the changelog. ] | |
1474 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
1475 | ||
1476 | Conflicts: | |
1477 | ||
1478 | arch/x86/kernel/fpu/xstate.c | |
1479 | ||
1480 | arch/x86/kernel/fpu/xstate.c | 1 - | |
1481 | 1 files changed, 0 insertions(+), 1 deletions(-) | |
1482 | ||
1483 | commit 460cdd8a9a19731ce27333866943eed81cba1d96 | |
1484 | Author: Dave Hansen <dave.hansen@linux.intel.com> | |
1485 | Date: Tue Nov 10 16:23:54 2015 -0800 | |
1486 | ||
1487 | x86/fpu: Fix 32-bit signal frame handling | |
1488 | ||
1489 | (This should have gone to LKML originally. Sorry for the extra | |
1490 | noise, folks on the cc.) | |
1491 | ||
1492 | Background: | |
1493 | ||
1494 | Signal frames on x86 have two formats: | |
1495 | ||
1496 | 1. For 32-bit executables (whether on a real 32-bit kernel or | |
1497 | under 32-bit emulation on a 64-bit kernel) we have a | |
1498 | 'fpregset_t' that includes the "FSAVE" registers. | |
1499 | ||
1500 | 2. For 64-bit executables (on 64-bit kernels obviously), the | |
1501 | 'fpregset_t' is smaller and does not contain the "FSAVE" | |
1502 | state. | |
1503 | ||
1504 | When creating the signal frame, we have to be aware of whether | |
1505 | we are running a 32 or 64-bit executable so we create the | |
1506 | correct format signal frame. | |
1507 | ||
1508 | Problem: | |
1509 | ||
1510 | save_xstate_epilog() uses 'fx_sw_reserved_ia32' whenever it is | |
1511 | called for a 32-bit executable. This is for real 32-bit and | |
1512 | ia32 emulation. | |
1513 | ||
1514 | But, fpu__init_prepare_fx_sw_frame() only initializes | |
1515 | 'fx_sw_reserved_ia32' when emulation is enabled, *NOT* for real | |
1516 | 32-bit kernels. | |
1517 | ||
1518 | This leads to really wierd situations where 32-bit programs | |
1519 | lose their extended state when returning from a signal handler. | |
1520 | The kernel copies the uninitialized (zero) 'fx_sw_reserved_ia32' | |
1521 | out to userspace in save_xstate_epilog(). But when returning | |
1522 | from the signal, the kernel errors out in check_for_xstate() | |
1523 | when it does not see FP_XSTATE_MAGIC1 present (because it was | |
1524 | zeroed). This leads to the FPU/XSAVE state being initialized. | |
1525 | ||
1526 | For MPX, this leads to the most permissive state and means we | |
1527 | silently lose bounds violations. I think this would also mean | |
1528 | that we could lose *ANY* FPU/SSE/AVX state. I'm not sure why | |
1529 | no one has spotted this bug. | |
1530 | ||
1531 | I believe this was broken by: | |
1532 | ||
1533 | 72a671ced66d ("x86, fpu: Unify signal handling code paths for x86 and x86_64 kernels") | |
1534 | ||
1535 | way back in 2012. | |
1536 | ||
1537 | Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> | |
1538 | Cc: <stable@vger.kernel.org> | |
1539 | Cc: Andy Lutomirski <luto@amacapital.net> | |
1540 | Cc: Borislav Petkov <bp@alien8.de> | |
1541 | Cc: Brian Gerst <brgerst@gmail.com> | |
1542 | Cc: Denys Vlasenko <dvlasenk@redhat.com> | |
1543 | Cc: H. Peter Anvin <hpa@zytor.com> | |
1544 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
1545 | Cc: Peter Zijlstra <peterz@infradead.org> | |
1546 | Cc: Thomas Gleixner <tglx@linutronix.de> | |
1547 | Cc: dave@sr71.net | |
1548 | Cc: fenghua.yu@intel.com | |
1549 | Cc: yu-cheng.yu@intel.com | |
1550 | Link: http://lkml.kernel.org/r/20151111002354.A0799571@viggo.jf.intel.com | |
1551 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
1552 | ||
1553 | arch/x86/kernel/fpu/signal.c | 11 +++++------ | |
1554 | 1 files changed, 5 insertions(+), 6 deletions(-) | |
1555 | ||
a375b63a PK |
1556 | commit c3f2cc8921a08fff1fbad9127dd7a30c4a953e88 |
1557 | Author: Brad Spengler <spender@grsecurity.net> | |
1558 | Date: Sat Nov 21 18:36:58 2015 -0500 | |
1559 | ||
1560 | Fix gcc 5.x compilation, reported by Arnaud and coldhak | |
1561 | ||
1562 | tools/gcc/gcc-common.h | 2 +- | |
1563 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
1564 | ||
d53f4099 PK |
1565 | commit f0ea1bc982c60c1c39d0f95d9f3db0ec799387ca |
1566 | Merge: 3929e88 c692401 | |
1567 | Author: Brad Spengler <spender@grsecurity.net> | |
1568 | Date: Sat Nov 21 15:41:38 2015 -0500 | |
1569 | ||
1570 | Merge branch 'pax-test' into grsec-test | |
1571 | ||
1572 | commit c69240179ca6ff101670f4859bb0e9a9deb85359 | |
1573 | Author: Brad Spengler <spender@grsecurity.net> | |
1574 | Date: Sat Nov 21 15:41:06 2015 -0500 | |
1575 | ||
1576 | Update to pax-linux-4.2.6-test22.patch: | |
1577 | - made the previous READ_ONCE/WRITE_ONCE fix compatible with gcc PR 58145 | |
1578 | ||
1579 | include/linux/compiler.h | 11 +++++++---- | |
1580 | 1 files changed, 7 insertions(+), 4 deletions(-) | |
1581 | ||
1582 | commit 3929e882e451b177af1a615858f0a96a7cd734b1 | |
1583 | Author: Brad Spengler <spender@grsecurity.net> | |
1584 | Date: Sat Nov 21 13:14:25 2015 -0500 | |
1585 | ||
1586 | remove disable_kill option entirely for the final 4.2 release | |
1587 | ||
1588 | fs/exec.c | 11 ----------- | |
1589 | security/Kconfig | 5 ----- | |
1590 | 2 files changed, 0 insertions(+), 16 deletions(-) | |
1591 | ||
1592 | commit 91633d0eebc41553ea77b5fa7559aa806a60008c | |
1593 | Author: Brad Spengler <spender@grsecurity.net> | |
1594 | Date: Sat Nov 21 07:38:10 2015 -0500 | |
1595 | ||
1596 | compile fix | |
1597 | ||
1598 | net/unix/af_unix.c | 1 + | |
1599 | 1 files changed, 1 insertions(+), 0 deletions(-) | |
1600 | ||
1601 | commit 0afc2f69e7f948995522f6e1dbb957ed84abd9b9 | |
1602 | Author: Brad Spengler <spender@grsecurity.net> | |
1603 | Date: Sat Nov 21 07:14:43 2015 -0500 | |
1604 | ||
1605 | Revert previous AF_UNIX fix: | |
1606 | http://www.spinics.net/lists/netdev/msg318826.html | |
1607 | and apply new one by Jason Baron: | |
1608 | https://lkml.org/lkml/2015/9/29/825 | |
1609 | ||
1610 | include/net/af_unix.h | 1 + | |
1611 | net/unix/af_unix.c | 36 ++++++++++++++++++++++++++++++------ | |
1612 | 2 files changed, 31 insertions(+), 6 deletions(-) | |
1613 | ||
1614 | commit 0a3eec2b3d110042af4e0a9f1e87458262fce1eb | |
1615 | Merge: 917a60c 8fd74af | |
1616 | Author: Brad Spengler <spender@grsecurity.net> | |
1617 | Date: Sat Nov 21 06:50:33 2015 -0500 | |
1618 | ||
1619 | Merge branch 'pax-test' into grsec-test | |
1620 | ||
1621 | commit 8fd74afe08ee45516a9daf2593f31c176516cb55 | |
1622 | Author: Brad Spengler <spender@grsecurity.net> | |
1623 | Date: Sat Nov 21 06:49:57 2015 -0500 | |
1624 | ||
1625 | Update to pax-linux-4.2.6-test21.patch: | |
1626 | - fixed a size overflow plugin bug that could cause a compiler error | |
1627 | - Emese fixed a size overflow false positive in xfrm4_mode_tunnel_input, reported by Arnaud <arnaud@drno.eu> | |
1628 | - updated gcc-common.h to support gcc-6 | |
1629 | - fixed some undefined behaviour in READ_ONCE/WRITE_ONCE | |
1630 | ||
1631 | include/linux/compiler.h | 38 +++---------------- | |
1632 | tools/gcc/gcc-common.h | 39 ++++++++++++++++---- | |
1633 | tools/gcc/initify_plugin.c | 4 +- | |
1634 | .../disable_size_overflow_hash.data | 7 +++- | |
1635 | .../size_overflow_plugin/intentional_overflow.c | 2 +- | |
1636 | .../size_overflow_plugin/size_overflow_hash.data | 9 +---- | |
1637 | .../size_overflow_plugin/size_overflow_transform.c | 4 +- | |
1638 | 7 files changed, 50 insertions(+), 53 deletions(-) | |
1639 | ||
6e783cc3 PK |
1640 | commit 917a60c749d80121229a1752874ff8a606778fc5 |
1641 | Merge: 76fc822 77d474f | |
1642 | Author: Brad Spengler <spender@grsecurity.net> | |
1643 | Date: Wed Nov 18 19:58:31 2015 -0500 | |
1644 | ||
1645 | Merge branch 'pax-test' into grsec-test | |
1646 | ||
1647 | commit 77d474f0bcb2e5acafc78c66c456d1aebaac14b3 | |
1648 | Author: Brad Spengler <spender@grsecurity.net> | |
1649 | Date: Wed Nov 18 19:58:08 2015 -0500 | |
1650 | ||
1651 | Update to pax-linux-4.2.6-test20.patch: | |
1652 | - constified some vdso/vsyscall related code/data | |
1653 | ||
1654 | arch/x86/entry/vdso/vdso2c.h | 4 ++-- | |
1655 | arch/x86/entry/vsyscall/vsyscall_emu_64.S | 2 +- | |
1656 | arch/x86/mm/ioremap.c | 2 +- | |
1657 | mm/debug.c | 3 +++ | |
1658 | 4 files changed, 7 insertions(+), 4 deletions(-) | |
1659 | ||
1660 | commit 76fc8223b2e6b6c950702adfdb055dd5da90657c | |
1661 | Author: Brad Spengler <spender@grsecurity.net> | |
1662 | Date: Wed Nov 18 17:40:27 2015 -0500 | |
1663 | ||
1664 | Allow processes with CAP_SYS_PTRACE to ignore /proc/pid restrictions, | |
1665 | as reported by Andrew | |
1666 | ||
1667 | fs/proc/base.c | 2 +- | |
1668 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
1669 | ||
fb116cbb PK |
1670 | commit 708c2e025f8a05b76f319cfa5fa624d37d8ef6f3 |
1671 | Author: Brad Spengler <spender@grsecurity.net> | |
1672 | Date: Tue Nov 17 18:43:24 2015 -0500 | |
1673 | ||
1674 | Fix multiple character encodings in patch, reported by IooNag on the forums | |
1675 | ||
1676 | grsecurity/Makefile | 2 +- | |
1677 | net/netfilter/xt_gradm.c | 2 +- | |
1678 | 2 files changed, 2 insertions(+), 2 deletions(-) | |
1679 | ||
1680 | commit d1f7534df8687fd05858fd45805b1185eafe38a7 | |
1681 | Author: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
1682 | Date: Tue Nov 17 15:10:59 2015 +0100 | |
1683 | ||
1684 | af_unix: take receive queue lock while appending new skb | |
1685 | ||
1686 | While possibly in future we don't necessarily need to use | |
1687 | sk_buff_head.lock this is a rather larger change, as it affects the | |
1688 | af_unix fd garbage collector, diag and socket cleanups. This is too much | |
1689 | for a stable patch. | |
1690 | ||
1691 | For the time being grab sk_buff_head.lock without disabling bh and irqs, | |
1692 | so don't use locked skb_queue_tail. | |
1693 | ||
1694 | Fixes: 869e7c62486e ("net: af_unix: implement stream sendpage support") | |
1695 | Cc: Eric Dumazet <edumazet@google.com> | |
1696 | Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
1697 | Reported-by: Eric Dumazet <edumazet@google.com> | |
1698 | Acked-by: Eric Dumazet <edumazet@google.com> | |
1699 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
1700 | ||
1701 | net/unix/af_unix.c | 5 ++++- | |
1702 | 1 files changed, 4 insertions(+), 1 deletions(-) | |
1703 | ||
1704 | commit 0df914e7a66a4807bac7762ab33ba3020944ef6b | |
1705 | Author: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
1706 | Date: Mon Nov 16 16:25:56 2015 +0100 | |
1707 | ||
1708 | af_unix: don't append consumed skbs to sk_receive_queue | |
1709 | ||
1710 | In case multiple writes to a unix stream socket race we could end up in a | |
1711 | situation where we pre-allocate a new skb for use in unix_stream_sendpage | |
1712 | but have to free it again in the locked section because another skb | |
1713 | has been appended meanwhile, which we must use. Accidentally we didn't | |
1714 | clear the pointer after consuming it and so we touched freed memory | |
1715 | while appending it to the sk_receive_queue. So, clear the pointer after | |
1716 | consuming the skb. | |
1717 | ||
1718 | This bug has been found with syzkaller | |
1719 | (http://github.com/google/syzkaller) by Dmitry Vyukov. | |
1720 | ||
1721 | Fixes: 869e7c62486e ("net: af_unix: implement stream sendpage support") | |
1722 | Reported-by: Dmitry Vyukov <dvyukov@google.com> | |
1723 | Cc: Dmitry Vyukov <dvyukov@google.com> | |
1724 | Cc: Eric Dumazet <eric.dumazet@gmail.com> | |
1725 | Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
1726 | Acked-by: Eric Dumazet <edumazet@google.com> | |
1727 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
1728 | ||
1729 | net/unix/af_unix.c | 1 + | |
1730 | 1 files changed, 1 insertions(+), 0 deletions(-) | |
1731 | ||
1732 | commit ac8466abcd0ae871cd38d868e1a4e903b92ffc48 | |
1733 | Author: Jason A. Donenfeld <Jason@zx2c4.com> | |
1734 | Date: Thu Nov 12 17:35:58 2015 +0100 | |
1735 | ||
1736 | ip_tunnel: disable preemption when updating per-cpu tstats | |
1737 | ||
1738 | Drivers like vxlan use the recently introduced | |
1739 | udp_tunnel_xmit_skb/udp_tunnel6_xmit_skb APIs. udp_tunnel6_xmit_skb | |
1740 | makes use of ip6tunnel_xmit, and ip6tunnel_xmit, after sending the | |
1741 | packet, updates the struct stats using the usual | |
1742 | u64_stats_update_begin/end calls on this_cpu_ptr(dev->tstats). | |
1743 | udp_tunnel_xmit_skb makes use of iptunnel_xmit, which doesn't touch | |
1744 | tstats, so drivers like vxlan, immediately after, call | |
1745 | iptunnel_xmit_stats, which does the same thing - calls | |
1746 | u64_stats_update_begin/end on this_cpu_ptr(dev->tstats). | |
1747 | ||
1748 | While vxlan is probably fine (I don't know?), calling a similar function | |
1749 | from, say, an unbound workqueue, on a fully preemptable kernel causes | |
1750 | real issues: | |
1751 | ||
1752 | [ 188.434537] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u8:0/6 | |
1753 | [ 188.435579] caller is debug_smp_processor_id+0x17/0x20 | |
1754 | [ 188.435583] CPU: 0 PID: 6 Comm: kworker/u8:0 Not tainted 4.2.6 #2 | |
1755 | [ 188.435607] Call Trace: | |
1756 | [ 188.435611] [<ffffffff8234e936>] dump_stack+0x4f/0x7b | |
1757 | [ 188.435615] [<ffffffff81915f3d>] check_preemption_disabled+0x19d/0x1c0 | |
1758 | [ 188.435619] [<ffffffff81915f77>] debug_smp_processor_id+0x17/0x20 | |
1759 | ||
1760 | The solution would be to protect the whole | |
1761 | this_cpu_ptr(dev->tstats)/u64_stats_update_begin/end blocks with | |
1762 | disabling preemption and then reenabling it. | |
1763 | ||
1764 | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | |
1765 | Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
1766 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
1767 | ||
1768 | include/net/ip6_tunnel.h | 3 ++- | |
1769 | include/net/ip_tunnels.h | 3 ++- | |
1770 | 2 files changed, 4 insertions(+), 2 deletions(-) | |
1771 | ||
1772 | commit 44665148f06b73ea0c253a1a34d15689674d7421 | |
1773 | Author: Mathias Krause <minipli@googlemail.com> | |
1774 | Date: Fri Nov 6 16:30:38 2015 -0800 | |
1775 | ||
1776 | printk: prevent userland from spoofing kernel messages | |
1777 | ||
1778 | The following statement of ABI/testing/dev-kmsg is not quite right: | |
1779 | ||
1780 | It is not possible to inject messages from userspace with the | |
1781 | facility number LOG_KERN (0), to make sure that the origin of the | |
1782 | messages can always be reliably determined. | |
1783 | ||
1784 | Userland actually can inject messages with a facility of 0 by abusing the | |
1785 | fact that the facility is stored in a u8 data type. By using a facility | |
1786 | which is a multiple of 256 the assignment of msg->facility in log_store() | |
1787 | implicitly truncates it to 0, i.e. LOG_KERN, allowing users of /dev/kmsg | |
1788 | to spoof kernel messages as shown below: | |
1789 | ||
1790 | The following call... | |
1791 | # printf '<%d>Kernel panic - not syncing: beer empty\n' 0 >/dev/kmsg | |
1792 | ...leads to the following log entry (dmesg -x | tail -n 1): | |
1793 | user :emerg : [ 66.137758] Kernel panic - not syncing: beer empty | |
1794 | ||
1795 | However, this call... | |
1796 | # printf '<%d>Kernel panic - not syncing: beer empty\n' 0x800 >/dev/kmsg | |
1797 | ...leads to the slightly different log entry (note the kernel facility): | |
1798 | kern :emerg : [ 74.177343] Kernel panic - not syncing: beer empty | |
1799 | ||
1800 | Fix that by limiting the user provided facility to 8 bit right from the | |
1801 | beginning and catch the truncation early. | |
1802 | ||
1803 | Fixes: 7ff9554bb578 ("printk: convert byte-buffer to variable-length...") | |
1804 | Signed-off-by: Mathias Krause <minipli@googlemail.com> | |
1805 | Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
1806 | Cc: Petr Mladek <pmladek@suse.cz> | |
1807 | Cc: Alex Elder <elder@linaro.org> | |
1808 | Cc: Joe Perches <joe@perches.com> | |
1809 | Cc: Kay Sievers <kay@vrfy.org> | |
1810 | Cc: <stable@vger.kernel.org> | |
1811 | Signed-off-by: Andrew Morton <akpm@linux-foundation.org> | |
1812 | Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | |
1813 | ||
1814 | kernel/printk/printk.c | 13 ++++++++----- | |
1815 | 1 files changed, 8 insertions(+), 5 deletions(-) | |
1816 | ||
1817 | commit bef8fb168317597f02c00ab4075ff094dcdfd2c6 | |
1818 | Author: Borislav Petkov <bp@suse.de> | |
1819 | Date: Thu Nov 5 16:57:56 2015 +0100 | |
1820 | ||
1821 | x86/cpu: Call verify_cpu() after having entered long mode too | |
1822 | ||
1823 | When we get loaded by a 64-bit bootloader, kernel entry point is | |
1824 | startup_64 in head_64.S. We don't trust any and all bootloaders because | |
1825 | some will fiddle with CPU configuration so we go ahead and massage each | |
1826 | CPU into sanity again. | |
1827 | ||
1828 | For example, some dell BIOSes have this XD disable feature which set | |
1829 | IA32_MISC_ENABLE[34] and disable NX. This might be some dumb workaround | |
1830 | for other OSes but Linux sure doesn't need it. | |
1831 | ||
1832 | A similar thing is present in the Surface 3 firmware - see | |
1833 | https://bugzilla.kernel.org/show_bug.cgi?id=106051 - which sets this bit | |
1834 | only on the BSP: | |
1835 | ||
1836 | # rdmsr -a 0x1a0 | |
1837 | 400850089 | |
1838 | 850089 | |
1839 | 850089 | |
1840 | 850089 | |
1841 | ||
1842 | I know, right?! | |
1843 | ||
1844 | There's not even an off switch in there. | |
1845 | ||
1846 | So fix all those cases by sanitizing the 64-bit entry point too. For | |
1847 | that, make verify_cpu() callable in 64-bit mode also. | |
1848 | ||
1849 | Requested-and-debugged-by: "H. Peter Anvin" <hpa@zytor.com> | |
1850 | Reported-and-tested-by: Bastien Nocera <bugzilla@hadess.net> | |
1851 | Signed-off-by: Borislav Petkov <bp@suse.de> | |
1852 | Cc: Matt Fleming <matt@codeblueprint.co.uk> | |
1853 | Cc: Peter Zijlstra <peterz@infradead.org> | |
1854 | Cc: stable@vger.kernel.org | |
1855 | Link: http://lkml.kernel.org/r/1446739076-21303-1-git-send-email-bp@alien8.de | |
1856 | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> | |
1857 | ||
1858 | Conflicts: | |
1859 | ||
1860 | arch/x86/kernel/head_64.S | |
1861 | ||
1862 | arch/x86/kernel/head_64.S | 9 +++++++++ | |
1863 | arch/x86/kernel/verify_cpu.S | 12 +++++++----- | |
1864 | 2 files changed, 16 insertions(+), 5 deletions(-) | |
1865 | ||
1866 | commit 9cb084208a9589a6a5be01d2b7df88843f4b01a4 | |
1867 | Author: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
1868 | Date: Tue Nov 10 16:23:15 2015 +0100 | |
1869 | ||
1870 | af-unix: fix use-after-free with concurrent readers while splicing | |
1871 | ||
1872 | During splicing an af-unix socket to a pipe we have to drop all | |
1873 | af-unix socket locks. While doing so we allow another reader to enter | |
1874 | unix_stream_read_generic which can read, copy and finally free another | |
1875 | skb. If exactly this skb is just in process of being spliced we get a | |
1876 | use-after-free report by kasan. | |
1877 | ||
1878 | First, we must make sure to not have a free while the skb is used during | |
1879 | the splice operation. We simply increment its use counter before unlocking | |
1880 | the reader lock. | |
1881 | ||
1882 | Stream sockets have the nice characteristic that we don't care about | |
1883 | zero length writes and they never reach the peer socket's queue. That | |
1884 | said, we can take the UNIXCB.consumed field as the indicator if the | |
1885 | skb was already freed from the socket's receive queue. If the skb was | |
1886 | fully consumed after we locked the reader side again we know it has been | |
1887 | dropped by a second reader. We indicate a short read to user space and | |
1888 | abort the current splice operation. | |
1889 | ||
1890 | This bug has been found with syzkaller | |
1891 | (http://github.com/google/syzkaller) by Dmitry Vyukov. | |
1892 | ||
1893 | Fixes: 2b514574f7e8 ("net: af_unix: implement splice for stream af_unix sockets") | |
1894 | Reported-by: Dmitry Vyukov <dvyukov@google.com> | |
1895 | Cc: Dmitry Vyukov <dvyukov@google.com> | |
1896 | Cc: Eric Dumazet <eric.dumazet@gmail.com> | |
1897 | Acked-by: Eric Dumazet <edumazet@google.com> | |
1898 | Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
1899 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
1900 | ||
1901 | net/unix/af_unix.c | 18 ++++++++++++++++++ | |
1902 | 1 files changed, 18 insertions(+), 0 deletions(-) | |
1903 | ||
90cab73e PK |
1904 | commit 4e75d2b7d6546add44f0951e78410b131a1e660d |
1905 | Author: Brad Spengler <spender@grsecurity.net> | |
1906 | Date: Sat Nov 14 15:08:46 2015 -0500 | |
1907 | ||
1908 | switch the default for SIZE_OVERFLOW_KILL to n, later we'll remove | |
1909 | the option entirely | |
1910 | Distros should make sure their users report all overflows printed to the | |
1911 | kernel logs so the underlying issues can be fixed | |
1912 | ||
1913 | security/Kconfig | 2 +- | |
1914 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
1915 | ||
1916 | commit 2e37eb35e0f1ba5a0feac5264a7b24d89376d0a2 | |
1917 | Author: Brad Spengler <spender@grsecurity.net> | |
1918 | Date: Sat Nov 14 15:07:51 2015 -0500 | |
1919 | ||
1920 | Resync with PaX | |
1921 | ||
1922 | fs/btrfs/inode.c | 12 ++++++++++++ | |
1923 | 1 files changed, 12 insertions(+), 0 deletions(-) | |
1924 | ||
1925 | commit 2f63d2552f38c700902d17bf9b591d82f39a3fb5 | |
1926 | Merge: 5e0ec21 823b1bc | |
1927 | Author: Brad Spengler <spender@grsecurity.net> | |
1928 | Date: Sat Nov 14 14:29:16 2015 -0500 | |
1929 | ||
1930 | Merge branch 'pax-test' into grsec-test | |
1931 | ||
1932 | commit 823b1bc5a8e670f7ddfa98ee0d83762bffab28fb | |
1933 | Author: Brad Spengler <spender@grsecurity.net> | |
1934 | Date: Sat Nov 14 14:28:35 2015 -0500 | |
1935 | ||
1936 | Update to pax-linux-4.2.6-test19.patch: | |
1937 | - David Sterba updated the fix for one of the previous btrfs problems | |
1938 | - Emese and Rasmus Villemoes <linux@rasmusvillemoes.dk> fixed a few bugs in the initify plugin | |
1939 | - fixed debian package generation to support building out-of-tree modules with plugins, reported by Elie Roudninski <elie.roudninski@gmail.com> | |
1940 | ||
1941 | fs/btrfs/delayed-inode.c | 3 +- | |
1942 | fs/btrfs/delayed-inode.h | 2 +- | |
1943 | fs/btrfs/inode.c | 2 +- | |
1944 | scripts/package/builddeb | 2 +- | |
1945 | tools/gcc/initify_plugin.c | 264 ++++++++++++++++++++++++++++++-------------- | |
1946 | 5 files changed, 188 insertions(+), 85 deletions(-) | |
1947 | ||
76e55d26 PK |
1948 | commit 5e0ec21349bb3aeead0701ef51df3086ad377979 |
1949 | Author: Brad Spengler <spender@grsecurity.net> | |
1950 | Date: Thu Nov 12 19:54:21 2015 -0500 | |
1951 | ||
1952 | Revert https://patchwork.kernel.org/patch/7585611/ for now as it's been reported | |
1953 | to cause userland hangs, similar to previous bugs seen in the past | |
1954 | ||
1955 | fs/btrfs/inode.c | 12 ------------ | |
1956 | 1 files changed, 0 insertions(+), 12 deletions(-) | |
1957 | ||
1958 | commit 65402b5a6125cc95c3223a0da8f2817e13bf18ec | |
1959 | Author: françois romieu <romieu@fr.zoreil.com> | |
1960 | Date: Wed Nov 11 23:35:18 2015 +0100 | |
1961 | ||
1962 | r8169: fix kasan reported skb use-after-free. | |
1963 | ||
1964 | Signed-off-by: Francois Romieu <romieu@fr.zoreil.com> | |
1965 | Reported-by: Dave Jones <davej@codemonkey.org.uk> | |
1966 | Fixes: d7d2d89d4b0af ("r8169: Add software counter for multicast packages") | |
1967 | Acked-by: Eric Dumazet <edumazet@google.com> | |
1968 | Acked-by: Corinna Vinschen <vinschen@redhat.com> | |
1969 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
1970 | ||
1971 | drivers/net/ethernet/realtek/r8169.c | 3 +++ | |
1972 | 1 files changed, 3 insertions(+), 0 deletions(-) | |
1973 | ||
1974 | commit bbfcbb7b1e086062aa17358927e14e394830b8a3 | |
1975 | Author: Anthony Lineham <anthony.lineham@alliedtelesis.co.nz> | |
1976 | Date: Thu Oct 22 11:17:03 2015 +1300 | |
1977 | ||
1978 | netfilter: Fix removal of GRE expectation entries created by PPTP | |
1979 | ||
1980 | The uninitialized tuple structure caused incorrect hash calculation | |
1981 | and the lookup failed. | |
1982 | ||
1983 | Link: https://bugzilla.kernel.org/show_bug.cgi?id=106441 | |
1984 | Signed-off-by: Anthony Lineham <anthony.lineham@alliedtelesis.co.nz> | |
1985 | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | |
1986 | ||
1987 | net/ipv4/netfilter/nf_nat_pptp.c | 2 +- | |
1988 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
1989 | ||
1990 | commit d7cb19f37a91603021e2bed6417766ecca315bd0 | |
1991 | Author: Paolo Bonzini <pbonzini@redhat.com> | |
1992 | Date: Tue Nov 10 09:14:39 2015 +0100 | |
1993 | ||
1994 | KVM: svm: unconditionally intercept #DB | |
1995 | ||
1996 | This is needed to avoid the possibility that the guest triggers | |
1997 | an infinite stream of #DB exceptions (CVE-2015-8104). | |
1998 | ||
1999 | VMX is not affected: because it does not save DR6 in the VMCS, | |
2000 | it already intercepts #DB unconditionally. | |
2001 | ||
2002 | Reported-by: Jan Beulich <jbeulich@suse.com> | |
2003 | Cc: stable@vger.kernel.org | |
2004 | Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> | |
2005 | ||
2006 | arch/x86/kvm/svm.c | 14 +++----------- | |
2007 | 1 files changed, 3 insertions(+), 11 deletions(-) | |
2008 | ||
2009 | commit 5b241ac6551e1675e1cbbc4a74fa1c698ada28f4 | |
2010 | Author: Eric Northup <digitaleric@google.com> | |
2011 | Date: Tue Nov 3 18:03:53 2015 +0100 | |
2012 | ||
2013 | KVM: x86: work around infinite loop in microcode when #AC is delivered | |
2014 | ||
2015 | It was found that a guest can DoS a host by triggering an infinite | |
2016 | stream of "alignment check" (#AC) exceptions. This causes the | |
2017 | microcode to enter an infinite loop where the core never receives | |
2018 | another interrupt. The host kernel panics pretty quickly due to the | |
2019 | effects (CVE-2015-5307). | |
2020 | ||
2021 | Signed-off-by: Eric Northup <digitaleric@google.com> | |
2022 | Cc: stable@vger.kernel.org | |
2023 | Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> | |
2024 | ||
2025 | arch/x86/include/uapi/asm/svm.h | 1 + | |
2026 | arch/x86/kvm/svm.c | 8 ++++++++ | |
2027 | arch/x86/kvm/vmx.c | 5 ++++- | |
2028 | 3 files changed, 13 insertions(+), 1 deletions(-) | |
2029 | ||
2030 | commit 6113725aaaf6626522b93732f29dd36370695a89 | |
2031 | Author: Daniel Borkmann <daniel@iogearbox.net> | |
2032 | Date: Thu Nov 5 00:01:51 2015 +0100 | |
2033 | ||
2034 | debugfs: fix refcount imbalance in start_creating | |
2035 | ||
2036 | In debugfs' start_creating(), we pin the file system to safely access | |
2037 | its root. When we failed to create a file, we unpin the file system via | |
2038 | failed_creating() to release the mount count and eventually the reference | |
2039 | of the vfsmount. | |
2040 | ||
2041 | However, when we run into an error during lookup_one_len() when still | |
2042 | in start_creating(), we only release the parent's mutex but not so the | |
2043 | reference on the mount. Looks like it was done in the past, but after | |
2044 | splitting portions of __create_file() into start_creating() and | |
2045 | end_creating() via 190afd81e4a5 ("debugfs: split the beginning and the | |
2046 | end of __create_file() off"), this seemed missed. Noticed during code | |
2047 | review. | |
2048 | ||
2049 | Fixes: 190afd81e4a5 ("debugfs: split the beginning and the end of __create_file() off") | |
2050 | Cc: stable@vger.kernel.org # v4.0+ | |
2051 | Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | |
2052 | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> | |
2053 | ||
2054 | fs/debugfs/inode.c | 6 +++++- | |
2055 | 1 files changed, 5 insertions(+), 1 deletions(-) | |
2056 | ||
2057 | commit e91f8a6717837a8a64b6e86317a1373ec9cd6c04 | |
2058 | Author: Maciej W. Rozycki <macro@imgtec.com> | |
2059 | Date: Mon Oct 26 15:48:19 2015 +0000 | |
2060 | ||
2061 | binfmt_elf: Don't clobber passed executable's file header | |
2062 | ||
2063 | Do not clobber the buffer space passed from `search_binary_handler' and | |
2064 | originally preloaded by `prepare_binprm' with the executable's file | |
2065 | header by overwriting it with its interpreter's file header. Instead | |
2066 | keep the buffer space intact and directly use the data structure locally | |
2067 | allocated for the interpreter's file header, fixing a bug introduced in | |
2068 | 2.1.14 with loadable module support (linux-mips.org commit beb11695 | |
2069 | [Import of Linux/MIPS 2.1.14], predating kernel.org repo's history). | |
2070 | Adjust the amount of data read from the interpreter's file accordingly. | |
2071 | ||
2072 | This was not an issue before loadable module support, because back then | |
2073 | `load_elf_binary' was executed only once for a given ELF executable, | |
2074 | whether the function succeeded or failed. | |
2075 | ||
2076 | With loadable module support supported and enabled, upon a failure of | |
2077 | `load_elf_binary' -- which may for example be caused by architecture | |
2078 | code rejecting an executable due to a missing hardware feature requested | |
2079 | in the file header -- a module load is attempted and then the function | |
2080 | reexecuted by `search_binary_handler'. With the executable's file | |
2081 | header replaced with its interpreter's file header the executable can | |
2082 | then be erroneously accepted in this subsequent attempt. | |
2083 | ||
2084 | Cc: stable@vger.kernel.org # all the way back | |
2085 | Signed-off-by: Maciej W. Rozycki <macro@imgtec.com> | |
2086 | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> | |
2087 | ||
2088 | fs/binfmt_elf.c | 10 +++++----- | |
2089 | 1 files changed, 5 insertions(+), 5 deletions(-) | |
2090 | ||
2d1b3edc PK |
2091 | commit 9c49029fe4cb9a52cb174aebfd5946a9d26b9956 |
2092 | Merge: 5482e7e 7033393 | |
2093 | Author: Brad Spengler <spender@grsecurity.net> | |
2094 | Date: Mon Nov 9 19:51:58 2015 -0500 | |
2095 | ||
2096 | Merge branch 'pax-test' into grsec-test | |
2097 | ||
2098 | commit 70333935932c9f3eb333a354dd760b4233efcc37 | |
2099 | Author: Brad Spengler <spender@grsecurity.net> | |
2100 | Date: Mon Nov 9 19:51:19 2015 -0500 | |
2101 | ||
2102 | Update to pax-linux-4.2.6-test18.patch: | |
2103 | - cleaned up the last of the FPU changes, by spender | |
2104 | - fixed a few KERNEXEC regressions (backported from 4.3) | |
2105 | - Emese fixed a few size overflow false positives in kvm, reported by Christian Roessner (https://bugs.gentoo.org/show_bug.cgi?id=558138#c23) | |
2106 | - David Sterba fixed a few integer overflows in btrfs caught by the size overflow plugin (https://patchwork.kernel.org/patch/7585611/ and https://patchwork.kernel.org/patch/7582351/), reported by Victor, Stebalien and alan.d (https://forums.grsecurity.net/viewtopic.php?f=1&t=4284) | |
2107 | ||
2108 | arch/x86/include/asm/fpu/internal.h | 2 +- | |
2109 | arch/x86/include/asm/fpu/types.h | 1 - | |
2110 | arch/x86/kernel/apic/apic.c | 4 ++- | |
2111 | arch/x86/kernel/fpu/init.c | 36 -------------------- | |
2112 | arch/x86/kernel/process_64.c | 6 +-- | |
2113 | arch/x86/kernel/vsmp_64.c | 13 +++++-- | |
2114 | drivers/acpi/video_detect.c | 2 +- | |
2115 | drivers/lguest/core.c | 2 +- | |
2116 | fs/btrfs/file.c | 10 ++++-- | |
2117 | fs/btrfs/inode.c | 12 ++++++ | |
2118 | .../disable_size_overflow_hash.data | 5 ++- | |
2119 | .../size_overflow_plugin/size_overflow_hash.data | 7 +--- | |
2120 | 12 files changed, 42 insertions(+), 58 deletions(-) | |
2121 | ||
2122 | commit 5482e7eb4ba3c5cc90472ccdb1bfe2cec64413e2 | |
2123 | Merge: 81e2642 682ba19 | |
2124 | Author: Brad Spengler <spender@grsecurity.net> | |
2125 | Date: Mon Nov 9 18:19:48 2015 -0500 | |
2126 | ||
2127 | Merge branch 'pax-test' into grsec-test | |
2128 | ||
2129 | Conflicts: | |
2130 | drivers/pci/pci-sysfs.c | |
2131 | ||
2132 | commit 682ba19ce305f501c9bc5c42a76f2c7442aa22fc | |
2133 | Merge: 7755256 1c02865 | |
2134 | Author: Brad Spengler <spender@grsecurity.net> | |
2135 | Date: Mon Nov 9 18:18:24 2015 -0500 | |
2136 | ||
2137 | Merge branch 'linux-4.2.y' into pax-test | |
2138 | ||
29c15a34 PK |
2139 | commit 81e26429b7a36f0c75de3ab42754256720c0a159 |
2140 | Author: Brad Spengler <spender@grsecurity.net> | |
2141 | Date: Mon Nov 9 07:37:30 2015 -0500 | |
2142 | ||
2143 | btrfs: fix signed overflow in btrfs_sync_file | |
2144 | ||
2145 | The calculation of range length in btrfs_sync_file leads to signed | |
2146 | overflow. This was caught by PaX gcc SIZE_OVERFLOW plugin. | |
2147 | ||
2148 | https://forums.grsecurity.net/viewtopic.php?f=1&t=4284 | |
2149 | ||
2150 | The fsync call passes 0 and LLONG_MAX, the range length does not fit to | |
2151 | loff_t and overflows, but the value is converted to u64 so it silently | |
2152 | works as expected. | |
2153 | ||
2154 | The minimal fix is a typecast to u64, switching functions to take | |
2155 | (start, end) instead of (start, len) would be more intrusive. | |
2156 | ||
2157 | Coccinelle script found that there's one more opencoded calculation of | |
2158 | the length. | |
2159 | ||
2160 | <smpl> | |
2161 | @@ | |
2162 | loff_t start, end; | |
2163 | @@ | |
2164 | * end - start | |
2165 | </smpl> | |
2166 | ||
2167 | CC: stable@vger.kernel.org | |
2168 | Signed-off-by: David Sterba <dsterba@suse.com> | |
2169 | ||
2170 | fs/btrfs/file.c | 10 +++++++--- | |
2171 | 1 files changed, 7 insertions(+), 3 deletions(-) | |
2172 | ||
4d865a41 PK |
2173 | commit 07fd498a96e2d589ad743851c0dec482a92e0429 |
2174 | Author: Brad Spengler <spender@grsecurity.net> | |
2175 | Date: Sun Nov 8 17:04:31 2015 -0500 | |
2176 | ||
2177 | Fix an upstream type confusion bug exposed by RANDSTRUCT: | |
2178 | at the beginning of each sem_array/shmid_kernel/msg_queue | |
2179 | struct is an kern_ipc_perm struct. Unlike every other place in the | |
2180 | kernel where some field must be at an explicit location, there's | |
2181 | no documentation at all that the kern_ipc_perm must be at the beginning | |
2182 | of these structs. Previously, shmid_kernel and kern_ipc_perm were both | |
2183 | randomized with RANDSTRUCT. The problem arises due to the show() handler | |
2184 | for /proc for msg/sem/shm -- what it is provided is a pointer to | |
2185 | a kern_ipc_perm struct (as a void *) which each show() handler then | |
2186 | assumes can be implicitly cast to its own particular struct type without | |
2187 | any kind of container_of being performed. Fix this by doing the proper | |
2188 | type conversions for each via container_of, and randomize the sem and msg | |
2189 | structs while we're at it. | |
2190 | ||
2191 | include/linux/msg.h | 2 +- | |
2192 | include/linux/sem.h | 2 +- | |
2193 | ipc/msg.c | 3 ++- | |
2194 | ipc/sem.c | 3 ++- | |
2195 | ipc/shm.c | 3 ++- | |
2196 | 5 files changed, 8 insertions(+), 5 deletions(-) | |
2197 | ||
2198 | commit 6591e1a526c544936975cd3515d8def09e8026f0 | |
2199 | Author: Brad Spengler <spender@grsecurity.net> | |
2200 | Date: Tue Nov 3 19:36:05 2015 -0500 | |
2201 | ||
2202 | Properly fix the PCI sysfs node check that was recently improperly fixed | |
2203 | upstream (it's under CAP_SYS_ADMIN so it's not really serious) | |
2204 | Reported by Mathias Krause | |
2205 | ||
2206 | drivers/pci/pci-sysfs.c | 2 +- | |
2207 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
2208 | ||
2209 | commit ece03d4d07f29634687b2ea5edb7cab23888cff3 | |
2210 | Merge: 715e674 7755256 | |
2211 | Author: Brad Spengler <spender@grsecurity.net> | |
2212 | Date: Mon Nov 2 21:32:10 2015 -0500 | |
2213 | ||
2214 | Merge branch 'pax-test' into grsec-test | |
2215 | ||
2216 | commit 775525660a6353feb261ad6232f6acbc23826bf4 | |
2217 | Author: Brad Spengler <spender@grsecurity.net> | |
2218 | Date: Mon Nov 2 21:31:21 2015 -0500 | |
2219 | ||
2220 | Update to pax-linux-4.2.5-test17.patch: | |
2221 | - Emese fixed a bunch of size overflow reports: | |
2222 | - https://forums.grsecurity.net/viewtopic.php?f=3&t=4290 | |
2223 | - https://forums.grsecurity.net/viewtopic.php?f=3&t=4291 | |
2224 | - https://forums.grsecurity.net/viewtopic.php?f=3&t=4288 | |
2225 | - https://forums.grsecurity.net/viewtopic.php?f=3&t=4285 | |
2226 | - https://forums.grsecurity.net/viewtopic.php?f=3&t=4283 | |
2227 | - https://forums.grsecurity.net/viewtopic.php?f=3&t=4287 | |
2228 | - https://forums.grsecurity.net/viewtopic.php?f=3&t=4289 | |
2229 | - https://bugs.archlinux.org/task/46798 | |
2230 | - fixed the x86 fpu code some more, reported by spender and others (https://bugs.gentoo.org/show_bug.cgi?id=563804, https://bugs.archlinux.org/task/46764) | |
2231 | ||
2232 | arch/x86/include/asm/fpu/internal.h | 4 +- | |
2233 | arch/x86/kernel/fpu/core.c | 2 +- | |
2234 | arch/x86/kernel/process.c | 3 +- | |
2235 | arch/x86/kernel/process_64.c | 6 +- | |
2236 | drivers/usb/class/cdc-acm.h | 2 +- | |
2237 | drivers/video/console/fbcon.c | 2 +- | |
2238 | fs/dlm/lowcomms.c | 2 +- | |
2239 | include/linux/usb.h | 8 +- | |
2240 | .../disable_size_overflow_hash.data | 15 +- | |
2241 | .../size_overflow_plugin/intentional_overflow.c | 3 + | |
2242 | .../size_overflow_plugin/size_overflow_hash.data | 373 ++++++++++++++++---- | |
2243 | tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 3 +- | |
2244 | .../size_overflow_plugin/size_overflow_plugin.c | 2 +- | |
2245 | 13 files changed, 329 insertions(+), 96 deletions(-) | |
2246 | ||
0a2b3309 PK |
2247 | commit 715e674a838f08748044bce459380762e9c1cd29 |
2248 | Author: Sasha Levin <sasha.levin@oracle.com> | |
2249 | Date: Wed Oct 7 11:03:28 2015 -0500 | |
2250 | ||
2251 | PCI: Prevent out of bounds access in numa_node override | |
2252 | ||
2253 | 63692df103e9 ("PCI: Allow numa_node override via sysfs") didn't check that | |
2254 | the numa node provided by userspace is valid. Passing a node number too | |
2255 | high would attempt to access invalid memory and trigger a kernel panic. | |
2256 | ||
2257 | Fixes: 63692df103e9 ("PCI: Allow numa_node override via sysfs") | |
2258 | Signed-off-by: Sasha Levin <sasha.levin@oracle.com> | |
2259 | Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> | |
2260 | CC: stable@vger.kernel.org # v3.19+ | |
2261 | ||
2262 | drivers/pci/pci-sysfs.c | 2 +- | |
2263 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
2264 | ||
2265 | commit 6abe1bb892fe394df80dd4267a8bd2874d537e4e | |
2266 | Author: David Howells <dhowells@redhat.com> | |
2267 | Date: Fri Sep 18 11:45:12 2015 +0100 | |
2268 | ||
2269 | ovl: use O_LARGEFILE in ovl_copy_up() | |
2270 | ||
2271 | Open the lower file with O_LARGEFILE in ovl_copy_up(). | |
2272 | ||
2273 | Pass O_LARGEFILE unconditionally in ovl_copy_up_data() as it's purely for | |
2274 | catching 32-bit userspace dealing with a file large enough that it'll be | |
2275 | mishandled if the application isn't aware that there might be an integer | |
2276 | overflow. Inside the kernel, there shouldn't be any problems. | |
2277 | ||
2278 | Reported-by: Ulrich Obergfell <uobergfe@redhat.com> | |
2279 | Signed-off-by: David Howells <dhowells@redhat.com> | |
2280 | Signed-off-by: Miklos Szeredi <miklos@szeredi.hu> | |
2281 | Cc: <stable@vger.kernel.org> # v3.18+ | |
2282 | ||
2283 | fs/overlayfs/copy_up.c | 4 ++-- | |
2284 | 1 files changed, 2 insertions(+), 2 deletions(-) | |
2285 | ||
2286 | commit bf5e23398e4a82e28fe0801337a4b78ca951a1d9 | |
2287 | Author: David Howells <dhowells@redhat.com> | |
2288 | Date: Fri Sep 18 11:45:22 2015 +0100 | |
2289 | ||
2290 | ovl: fix dentry reference leak | |
2291 | ||
2292 | In ovl_copy_up_locked(), newdentry is leaked if the function exits through | |
2293 | out_cleanup as this just to out after calling ovl_cleanup() - which doesn't | |
2294 | actually release the ref on newdentry. | |
2295 | ||
2296 | The out_cleanup segment should instead exit through out2 as certainly | |
2297 | newdentry leaks - and possibly upper does also, though this isn't caught | |
2298 | given the catch of newdentry. | |
2299 | ||
2300 | Without this fix, something like the following is seen: | |
2301 | ||
2302 | BUG: Dentry ffff880023e9eb20{i=f861,n=#ffff880023e82d90} still in use (1) [unmount of tmpfs tmpfs] | |
2303 | BUG: Dentry ffff880023ece640{i=0,n=bigfile} still in use (1) [unmount of tmpfs tmpfs] | |
2304 | ||
2305 | when unmounting the upper layer after an error occurred in copyup. | |
2306 | ||
2307 | An error can be induced by creating a big file in a lower layer with | |
2308 | something like: | |
2309 | ||
2310 | dd if=/dev/zero of=/lower/a/bigfile bs=65536 count=1 seek=$((0xf000)) | |
2311 | ||
2312 | to create a large file (4.1G). Overlay an upper layer that is too small | |
2313 | (on tmpfs might do) and then induce a copy up by opening it writably. | |
2314 | ||
2315 | Reported-by: Ulrich Obergfell <uobergfe@redhat.com> | |
2316 | Signed-off-by: David Howells <dhowells@redhat.com> | |
2317 | Signed-off-by: Miklos Szeredi <miklos@szeredi.hu> | |
2318 | Cc: <stable@vger.kernel.org> # v3.18+ | |
2319 | ||
2320 | fs/overlayfs/copy_up.c | 2 +- | |
2321 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
2322 | ||
2323 | commit da93976d3355abae09d9fd6a68e7dea77ed619d1 | |
2324 | Author: Miklos Szeredi <miklos@szeredi.hu> | |
2325 | Date: Mon Oct 12 15:56:20 2015 +0200 | |
2326 | ||
2327 | ovl: fix open in stacked overlay | |
2328 | ||
2329 | If two overlayfs filesystems are stacked on top of each other, then we need | |
2330 | recursion in ovl_d_select_inode(). | |
2331 | ||
2332 | I guess d_backing_inode() is supposed to do that. But currently it doesn't | |
2333 | and that functionality is open coded in vfs_open(). This is now copied | |
2334 | into ovl_d_select_inode() to fix this regression. | |
2335 | ||
2336 | Reported-by: Alban Crequy <alban.crequy@gmail.com> | |
2337 | Signed-off-by: Miklos Szeredi <miklos@szeredi.hu> | |
2338 | Fixes: 4bacc9c9234c ("overlayfs: Make f_path always point to the overlay...") | |
2339 | Cc: David Howells <dhowells@redhat.com> | |
2340 | Cc: <stable@vger.kernel.org> # v4.2+ | |
2341 | ||
2342 | fs/overlayfs/inode.c | 3 +++ | |
2343 | 1 files changed, 3 insertions(+), 0 deletions(-) | |
2344 | ||
2345 | commit 0ddd9cf6149717882b81c946149bf55332d763ae | |
2346 | Author: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> | |
2347 | Date: Mon Aug 24 15:57:18 2015 +0300 | |
2348 | ||
2349 | ovl: free stack of paths in ovl_fill_super | |
2350 | ||
2351 | This fixes small memory leak after mount. | |
2352 | ||
2353 | Kmemleak report: | |
2354 | ||
2355 | unreferenced object 0xffff88003683fe00 (size 16): | |
2356 | comm "mount", pid 2029, jiffies 4294909563 (age 33.380s) | |
2357 | hex dump (first 16 bytes): | |
2358 | 20 27 1f bb 00 88 ff ff 40 4b 0f 36 02 88 ff ff '......@K.6.... | |
2359 | backtrace: | |
2360 | [<ffffffff811f8cd4>] create_object+0x124/0x2c0 | |
2361 | [<ffffffff817a059b>] kmemleak_alloc+0x7b/0xc0 | |
2362 | [<ffffffff811dffe6>] __kmalloc+0x106/0x340 | |
2363 | [<ffffffffa01b7a29>] ovl_fill_super+0x389/0x9a0 [overlay] | |
2364 | [<ffffffff81200ac4>] mount_nodev+0x54/0xa0 | |
2365 | [<ffffffffa01b7118>] ovl_mount+0x18/0x20 [overlay] | |
2366 | [<ffffffff81201ab3>] mount_fs+0x43/0x170 | |
2367 | [<ffffffff81220d34>] vfs_kern_mount+0x74/0x170 | |
2368 | [<ffffffff812233ad>] do_mount+0x22d/0xdf0 | |
2369 | [<ffffffff812242cb>] SyS_mount+0x7b/0xc0 | |
2370 | [<ffffffff817b6bee>] entry_SYSCALL_64_fastpath+0x12/0x76 | |
2371 | [<ffffffffffffffff>] 0xffffffffffffffff | |
2372 | ||
2373 | Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> | |
2374 | Signed-off-by: Miklos Szeredi <miklos@szeredi.hu> | |
2375 | Fixes: a78d9f0d5d5c ("ovl: support multiple lower layers") | |
2376 | Cc: <stable@vger.kernel.org> # v4.0+ | |
2377 | ||
2378 | fs/overlayfs/super.c | 1 + | |
2379 | 1 files changed, 1 insertions(+), 0 deletions(-) | |
2380 | ||
2381 | commit b86575c9973b9ad55d659fd8a6be8f864435ad0e | |
2382 | Author: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> | |
2383 | Date: Mon Aug 24 15:57:19 2015 +0300 | |
2384 | ||
2385 | ovl: free lower_mnt array in ovl_put_super | |
2386 | ||
2387 | This fixes memory leak after umount. | |
2388 | ||
2389 | Kmemleak report: | |
2390 | ||
2391 | unreferenced object 0xffff8800ba791010 (size 8): | |
2392 | comm "mount", pid 2394, jiffies 4294996294 (age 53.920s) | |
2393 | hex dump (first 8 bytes): | |
2394 | 20 1c 13 02 00 88 ff ff ....... | |
2395 | backtrace: | |
2396 | [<ffffffff811f8cd4>] create_object+0x124/0x2c0 | |
2397 | [<ffffffff817a059b>] kmemleak_alloc+0x7b/0xc0 | |
2398 | [<ffffffff811dffe6>] __kmalloc+0x106/0x340 | |
2399 | [<ffffffffa0152bfc>] ovl_fill_super+0x55c/0x9b0 [overlay] | |
2400 | [<ffffffff81200ac4>] mount_nodev+0x54/0xa0 | |
2401 | [<ffffffffa0152118>] ovl_mount+0x18/0x20 [overlay] | |
2402 | [<ffffffff81201ab3>] mount_fs+0x43/0x170 | |
2403 | [<ffffffff81220d34>] vfs_kern_mount+0x74/0x170 | |
2404 | [<ffffffff812233ad>] do_mount+0x22d/0xdf0 | |
2405 | [<ffffffff812242cb>] SyS_mount+0x7b/0xc0 | |
2406 | [<ffffffff817b6bee>] entry_SYSCALL_64_fastpath+0x12/0x76 | |
2407 | [<ffffffffffffffff>] 0xffffffffffffffff | |
2408 | ||
2409 | Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> | |
2410 | Signed-off-by: Miklos Szeredi <miklos@szeredi.hu> | |
2411 | Fixes: dd662667e6d3 ("ovl: add mutli-layer infrastructure") | |
2412 | Cc: <stable@vger.kernel.org> # v4.0+ | |
2413 | ||
2414 | fs/overlayfs/super.c | 1 + | |
2415 | 1 files changed, 1 insertions(+), 0 deletions(-) | |
2416 | ||
2417 | commit 9f49b5376fae99cd590d13726e2633bc0a53b6db | |
2418 | Author: Linus Torvalds <torvalds@linux-foundation.org> | |
2419 | Date: Sun Nov 1 17:09:15 2015 -0800 | |
2420 | ||
2421 | mm: get rid of 'vmalloc_info' from /proc/meminfo | |
2422 | ||
2423 | It turns out that at least some versions of glibc end up reading | |
2424 | /proc/meminfo at every single startup, because glibc wants to know the | |
2425 | amount of memory the machine has. And while that's arguably insane, | |
2426 | it's just how things are. | |
2427 | ||
2428 | And it turns out that it's not all that expensive most of the time, but | |
2429 | the vmalloc information statistics (amount of virtual memory used in the | |
2430 | vmalloc space, and the biggest remaining chunk) can be rather expensive | |
2431 | to compute. | |
2432 | ||
2433 | The 'get_vmalloc_info()' function actually showed up on my profiles as | |
2434 | 4% of the CPU usage of "make test" in the git source repository, because | |
2435 | the git tests are lots of very short-lived shell-scripts etc. | |
2436 | ||
2437 | It turns out that apparently this same silly vmalloc info gathering | |
2438 | shows up on the facebook servers too, according to Dave Jones. So it's | |
2439 | not just "make test" for git. | |
2440 | ||
2441 | We had two patches to just cache the information (one by me, one by | |
2442 | Ingo) to mitigate this issue, but the whole vmalloc information of of | |
2443 | rather dubious value to begin with, and people who *actually* want to | |
2444 | know what the situation is wrt the vmalloc area should just look at the | |
2445 | much more complete /proc/vmallocinfo instead. | |
2446 | ||
2447 | In fact, according to my testing - and perhaps more importantly, | |
2448 | according to that big search engine in the sky: Google - there is | |
2449 | nothing out there that actually cares about those two expensive fields: | |
2450 | VmallocUsed and VmallocChunk. | |
2451 | ||
2452 | So let's try to just remove them entirely. Actually, this just removes | |
2453 | the computation and reports the numbers as zero for now, just to try to | |
2454 | be minimally intrusive. | |
2455 | ||
2456 | If this breaks anything, we'll obviously have to re-introduce the code | |
2457 | to compute this all and add the caching patches on top. But if given | |
2458 | the option, I'd really prefer to just remove this bad idea entirely | |
2459 | rather than add even more code to work around our historical mistake | |
2460 | that likely nobody really cares about. | |
2461 | ||
2462 | Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | |
2463 | ||
2464 | fs/proc/meminfo.c | 7 ++----- | |
2465 | include/linux/vmalloc.h | 12 ------------ | |
2466 | mm/vmalloc.c | 47 ----------------------------------------------- | |
2467 | 3 files changed, 2 insertions(+), 64 deletions(-) | |
2468 | ||
2469 | commit 66425129a550275398f886498d957284539bb331 | |
2470 | Author: Marek Vasut <marex@denx.de> | |
2471 | Date: Fri Oct 30 13:48:19 2015 +0100 | |
2472 | ||
2473 | can: Use correct type in sizeof() in nla_put() | |
2474 | ||
2475 | The sizeof() is invoked on an incorrect variable, likely due to some | |
2476 | copy-paste error, and this might result in memory corruption. Fix this. | |
2477 | ||
2478 | Signed-off-by: Marek Vasut <marex@denx.de> | |
2479 | Cc: Wolfgang Grandegger <wg@grandegger.com> | |
2480 | Cc: netdev@vger.kernel.org | |
2481 | Cc: linux-stable <stable@vger.kernel.org> | |
2482 | Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> | |
2483 | ||
2484 | drivers/net/can/dev.c | 2 +- | |
2485 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
2486 | ||
2487 | commit 8c8e802a86f8faf2519710db043339e1cc953bc4 | |
2488 | Author: Brad Spengler <spender@grsecurity.net> | |
2489 | Date: Mon Nov 2 17:20:52 2015 -0500 | |
2490 | ||
2491 | Fix the FPU code properly by copying the dynamically-sized FPU state on | |
2492 | each clone of the task struct, making it equivalent to the new FPU-in-task-struct code | |
2493 | ||
2494 | Fix is from the PaX Team | |
2495 | ||
2496 | arch/x86/kernel/process.c | 2 ++ | |
2497 | 1 files changed, 2 insertions(+), 0 deletions(-) | |
2498 | ||
2499 | commit 036bc2e2231c76f7eb470bfef67b6bc26187aeae | |
2500 | Author: Brad Spengler <spender@grsecurity.net> | |
2501 | Date: Mon Nov 2 17:19:43 2015 -0500 | |
2502 | ||
2503 | Revert the forced eagerfpu since it's now fixed properly | |
2504 | ||
2505 | arch/x86/kernel/fpu/init.c | 3 --- | |
2506 | 1 files changed, 0 insertions(+), 3 deletions(-) | |
2507 | ||
2508 | commit a08ab82bcf321704f6a228c7924b860510c6d610 | |
2509 | Author: Carol L Soto <clsoto@linux.vnet.ibm.com> | |
2510 | Date: Tue Oct 27 17:36:20 2015 +0200 | |
2511 | ||
2512 | net/mlx4: Copy/set only sizeof struct mlx4_eqe bytes | |
2513 | ||
2514 | When doing memcpy/memset of EQEs, we should use sizeof struct | |
2515 | mlx4_eqe as the base size and not caps.eqe_size which could be bigger. | |
2516 | ||
2517 | If caps.eqe_size is bigger than the struct mlx4_eqe then we corrupt | |
2518 | data in the master context. | |
2519 | ||
2520 | When using a 64 byte stride, the memcpy copied over 63 bytes to the | |
2521 | slave_eq structure. This resulted in copying over the entire eqe of | |
2522 | interest, including its ownership bit -- and also 31 bytes of garbage | |
2523 | into the next WQE in the slave EQ -- which did NOT include the ownership | |
2524 | bit (and therefore had no impact). | |
2525 | ||
2526 | However, once the stride is increased to 128, we are overwriting the | |
2527 | ownership bits of *three* eqes in the slave_eq struct. This results | |
2528 | in an incorrect ownership bit for those eqes, which causes the eq to | |
2529 | seem to be full. The issue therefore surfaced only once 128-byte EQEs | |
2530 | started being used in SRIOV and (overarchitectures that have 128/256 | |
2531 | byte cache-lines such as PPC) - e.g after commit 77507aa249ae | |
2532 | "net/mlx4_core: Enable CQE/EQE stride support". | |
2533 | ||
2534 | Fixes: 08ff32352d6f ('mlx4: 64-byte CQE/EQE support') | |
2535 | Signed-off-by: Carol L Soto <clsoto@linux.vnet.ibm.com> | |
2536 | Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il> | |
2537 | Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> | |
2538 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
2539 | ||
2540 | drivers/net/ethernet/mellanox/mlx4/cmd.c | 2 +- | |
2541 | drivers/net/ethernet/mellanox/mlx4/eq.c | 2 +- | |
2542 | 2 files changed, 2 insertions(+), 2 deletions(-) | |
2543 | ||
2544 | commit 811ab3b52935612def289efa5e9e2aa973f16f26 | |
2545 | Author: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
2546 | Date: Wed Oct 28 13:21:04 2015 +0100 | |
2547 | ||
2548 | ipv6: protect mtu calculation of wrap-around and infinite loop by rounding issues | |
2549 | ||
2550 | Raw sockets with hdrincl enabled can insert ipv6 extension headers | |
2551 | right into the data stream. In case we need to fragment those packets, | |
2552 | we reparse the options header to find the place where we can insert | |
2553 | the fragment header. If the extension headers exceed the link's MTU we | |
2554 | actually cannot make progress in such a case. | |
2555 | ||
2556 | Instead of ending up in broken arithmetic or rounding towards 0 and | |
2557 | entering an endless loop in ip6_fragment, just prevent those cases by | |
2558 | aborting early and signal -EMSGSIZE to user space. | |
2559 | ||
2560 | This is the second version of the patch which doesn't use the | |
2561 | overflow_usub function, which got reverted for now. | |
2562 | ||
2563 | Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> | |
2564 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
2565 | Reported-by: Dmitry Vyukov <dvyukov@google.com> | |
2566 | Cc: Dmitry Vyukov <dvyukov@google.com> | |
2567 | Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
2568 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
2569 | ||
2570 | net/ipv6/ip6_output.c | 2 ++ | |
2571 | 1 files changed, 2 insertions(+), 0 deletions(-) | |
2572 | ||
2573 | commit f074980442c7c3ff4a75c711ff18204dfb4131b8 | |
2574 | Author: Brad Spengler <spender@grsecurity.net> | |
2575 | Date: Thu Oct 29 18:19:02 2015 -0400 | |
2576 | ||
2577 | Revert "ipv6: protect mtu calculation of wrap-around and infinite loop by rounding issues" | |
2578 | ||
2579 | This reverts commit 18d5034650b637ec479f41d98e3912398b3e3efc. | |
2580 | ||
2581 | net/ipv6/ip6_output.c | 6 +----- | |
2582 | 1 files changed, 1 insertions(+), 5 deletions(-) | |
2583 | ||
2584 | commit 53e629c2d13ed09f4c889925482606f82a65bd1d | |
2585 | Author: Brad Spengler <spender@grsecurity.net> | |
2586 | Date: Thu Oct 29 18:18:55 2015 -0400 | |
2587 | ||
2588 | Revert "overflow-arith: begin to add support for overflow builtin functions" | |
2589 | ||
2590 | This reverts commit cfd0008de8db38841f7f06b979482900994717b9. | |
2591 | ||
2592 | Conflicts: | |
2593 | ||
2594 | include/linux/compiler-gcc.h | |
2595 | ||
2596 | include/linux/compiler-gcc.h | 4 ---- | |
2597 | include/linux/overflow-arith.h | 18 ------------------ | |
2598 | 2 files changed, 0 insertions(+), 22 deletions(-) | |
2599 | ||
2600 | commit 225122602b5b7fd58ec5c2a4a1a4a9a29fe7a02a | |
2601 | Author: Brad Spengler <spender@grsecurity.net> | |
2602 | Date: Thu Oct 29 09:00:11 2015 -0400 | |
2603 | ||
2604 | Update size_overflow plugin | |
2605 | ||
2606 | .../size_overflow_plugin/intentional_overflow.c | 3 +++ | |
2607 | .../size_overflow_plugin/size_overflow_plugin.c | 2 +- | |
2608 | 2 files changed, 4 insertions(+), 1 deletions(-) | |
2609 | ||
c3f73f4b PK |
2610 | commit 2bf85cb1c3df45d59d8b59aeacf63cbbee360175 |
2611 | Author: Brad Spengler <spender@grsecurity.net> | |
2612 | Date: Thu Oct 29 08:52:07 2015 -0400 | |
2613 | ||
2614 | Temporarily disable the builtin_overflow again as the kernexec plugin also has problems with it | |
2615 | ||
2616 | include/linux/compiler-gcc.h | 2 +- | |
2617 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
2618 | ||
d60a514c PK |
2619 | commit a41c8c4d880b6005e874bf5440e24713da8483cd |
2620 | Author: Brad Spengler <spender@grsecurity.net> | |
2621 | Date: Wed Oct 28 19:28:30 2015 -0400 | |
2622 | ||
2623 | temporarily work around issue with the dynamic FPU state and lazy FPU mode | |
2624 | upstream configures FPU mode based on the eagerfpu variable before it's ever actually | |
2625 | set by the commandline parser (so eagerfpu= on the commandline has no effect) | |
2626 | ||
2627 | arch/x86/kernel/fpu/init.c | 3 +++ | |
2628 | 1 files changed, 3 insertions(+), 0 deletions(-) | |
2629 | ||
2630 | commit 8452f9d5cfabda9228496050a16bc8728c0ebbb7 | |
2631 | Author: Brad Spengler <spender@grsecurity.net> | |
2632 | Date: Wed Oct 28 19:25:55 2015 -0400 | |
2633 | ||
2634 | Remove/reorder some code due to the reverting of the FPU-state-in-task_struct code | |
2635 | ||
2636 | arch/x86/include/asm/fpu/types.h | 69 ++++++++++++++++++-------------------- | |
2637 | arch/x86/include/asm/processor.h | 10 ++---- | |
2638 | arch/x86/kernel/fpu/init.c | 20 ----------- | |
2639 | include/linux/sched.h | 4 +- | |
2640 | 4 files changed, 38 insertions(+), 65 deletions(-) | |
2641 | ||
2642 | commit c2127bd4215f8f02a1391bef3bde55d0bb1c19bc | |
2643 | Author: Brad Spengler <spender@grsecurity.net> | |
2644 | Date: Tue Oct 27 23:38:11 2015 -0400 | |
2645 | ||
2646 | fix typo | |
2647 | ||
2648 | tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 2 +- | |
2649 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
2650 | ||
2651 | commit c588def7b5713c31fef2b848bfebf0d727791b82 | |
2652 | Author: Brad Spengler <spender@grsecurity.net> | |
2653 | Date: Tue Oct 27 21:09:04 2015 -0400 | |
2654 | ||
2655 | remove the PAGE_SIZE padding from fpregs_state since it's not included as part | |
2656 | of the task struct | |
2657 | ||
2658 | arch/x86/include/asm/fpu/types.h | 1 - | |
2659 | 1 files changed, 0 insertions(+), 1 deletions(-) | |
2660 | ||
2661 | commit 3bd1e5915353fee1f347577f0e80d925910695f9 | |
2662 | Author: Herbert Xu <herbert@gondor.apana.org.au> | |
2663 | Date: Mon Oct 19 18:23:57 2015 +0800 | |
2664 | ||
2665 | crypto: api - Only abort operations on fatal signal | |
2666 | ||
2667 | Currently a number of Crypto API operations may fail when a signal | |
2668 | occurs. This causes nasty problems as the caller of those operations | |
2669 | are often not in a good position to restart the operation. | |
2670 | ||
2671 | In fact there is currently no need for those operations to be | |
2672 | interrupted by user signals at all. All we need is for them to | |
2673 | be killable. | |
2674 | ||
2675 | This patch replaces the relevant calls of signal_pending with | |
2676 | fatal_signal_pending, and wait_for_completion_interruptible with | |
2677 | wait_for_completion_killable, respectively. | |
2678 | ||
2679 | Cc: stable@vger.kernel.org | |
2680 | Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | |
2681 | ||
2682 | crypto/ablkcipher.c | 2 +- | |
2683 | crypto/algapi.c | 2 +- | |
2684 | crypto/api.c | 6 +++--- | |
2685 | crypto/crypto_user.c | 2 +- | |
2686 | 4 files changed, 6 insertions(+), 6 deletions(-) | |
2687 | ||
2688 | commit 2b278f02de77bd3d0ffb4c64bc56b702d4e27e49 | |
2689 | Author: Brad Spengler <spender@grsecurity.net> | |
2690 | Date: Tue Oct 27 18:02:42 2015 -0400 | |
2691 | ||
2692 | Update a comment | |
2693 | ||
2694 | arch/x86/include/asm/fpu/internal.h | 2 +- | |
2695 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
2696 | ||
2697 | commit 66cbab70d87485c22946485bfd375c3e88140213 | |
2698 | Merge: cad84c5 8610c94 | |
2699 | Author: Brad Spengler <spender@grsecurity.net> | |
2700 | Date: Tue Oct 27 07:44:23 2015 -0400 | |
2701 | ||
2702 | Merge branch 'pax-test' into grsec-test | |
2703 | ||
2704 | commit 8610c949a76ac2a09b334f41c35cb8e7a04a0ce8 | |
2705 | Merge: a851b41 f69d603 | |
2706 | Author: Brad Spengler <spender@grsecurity.net> | |
2707 | Date: Tue Oct 27 07:44:14 2015 -0400 | |
2708 | ||
2709 | Merge branch 'linux-4.2.y' into pax-test | |
2710 | ||
2711 | commit cad84c52f547c8ba47ddcf39d1f260f55350f0c2 | |
2712 | Author: Brad Spengler <spender@grsecurity.net> | |
2713 | Date: Mon Oct 26 07:33:21 2015 -0400 | |
2714 | ||
2715 | re-enable builtin_overflow support | |
2716 | ||
2717 | include/linux/compiler-gcc.h | 3 +-- | |
2718 | 1 files changed, 1 insertions(+), 2 deletions(-) | |
2719 | ||
2720 | commit 6e281aebbf456c27ce530055d5668bc5829c02a8 | |
2721 | Author: Brad Spengler <spender@grsecurity.net> | |
2722 | Date: Mon Oct 26 07:32:15 2015 -0400 | |
2723 | ||
2724 | Update the size_overflow plugin from Emese to fix the ICE on builtin_overflow use | |
2725 | ||
2726 | tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 3 ++- | |
2727 | .../size_overflow_plugin/size_overflow_plugin.c | 2 +- | |
2728 | 2 files changed, 3 insertions(+), 2 deletions(-) | |
2729 | ||
2730 | commit 75ed97df02fc6eb862df511da6ca690de3d0f15c | |
2731 | Author: Brad Spengler <spender@grsecurity.net> | |
2732 | Date: Mon Oct 26 07:17:00 2015 -0400 | |
2733 | ||
2734 | Fix from Emese for a size_overflow report in the fbcon code on the | |
2735 | 'softback_lines' global variable | |
2736 | ||
2737 | drivers/video/console/fbcon.c | 2 +- | |
2738 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
2739 | ||
134f4180 PK |
2740 | commit b088cabd42c6fe825baa27f40ab450ad75e571d3 |
2741 | Author: Brad Spengler <spender@grsecurity.net> | |
2742 | Date: Sun Oct 25 18:09:55 2015 -0400 | |
2743 | ||
2744 | Temporarily work around an ICE on GCC >= 5 reported by Daniel Micay due to | |
2745 | backporting of __builtin_usub_overflow | |
2746 | ||
2747 | include/linux/compiler-gcc.h | 3 ++- | |
2748 | 1 files changed, 2 insertions(+), 1 deletions(-) | |
2749 | ||
2750 | commit ba858f46865c6751af3ddba03b176e4d5ecf85c1 | |
2751 | Author: Brad Spengler <spender@grsecurity.net> | |
2752 | Date: Sun Oct 25 17:59:17 2015 -0400 | |
2753 | ||
2754 | Update size_overflow hash table | |
2755 | ||
2756 | .../disable_size_overflow_hash.data | 7 +++++++ | |
2757 | .../size_overflow_plugin/size_overflow_hash.data | 9 +-------- | |
2758 | 2 files changed, 8 insertions(+), 8 deletions(-) | |
2759 | ||
2760 | commit ba803bceaea0283b38e91c1d3176bf0671786269 | |
2761 | Author: Brad Spengler <spender@grsecurity.net> | |
2762 | Date: Sun Oct 25 15:31:17 2015 -0400 | |
2763 | ||
2764 | Fix oversight in pipacs' removal of FPU state from the task struct: | |
2765 | fpu_copy was performing an OOB copy starting from the address of the 'state' | |
2766 | pointer in the fpu struct instead of starting from the address pointed | |
2767 | to by the state pointer. Reported at: | |
2768 | https://bugs.archlinux.org/task/46764 | |
2769 | ||
2770 | arch/x86/include/asm/fpu/internal.h | 4 ++-- | |
2771 | arch/x86/kernel/fpu/core.c | 2 +- | |
2772 | 2 files changed, 3 insertions(+), 3 deletions(-) | |
2773 | ||
46c36e49 PK |
2774 | commit 26e7d31c5b5c970c50297d2b8be165e9c9ab9d83 |
2775 | Merge: 85d8735 a851b41 | |
2776 | Author: Brad Spengler <spender@grsecurity.net> | |
2777 | Date: Sun Oct 25 13:39:21 2015 -0400 | |
2778 | ||
2779 | Merge branch 'pax-test' into grsec-test | |
2780 | ||
2781 | commit a851b41415a0402d76f10712b6950ddff3872a22 | |
2782 | Author: Brad Spengler <spender@grsecurity.net> | |
2783 | Date: Sun Oct 25 13:38:25 2015 -0400 | |
2784 | ||
2785 | Update to latest size_overflow plugin release: | |
2786 | Temporarily ignore bitfield types: https://bugs.archlinux.org/task/46798 | |
2787 | Use SI or wider type for the size_overflow type: https://forums.grsecurity.net/viewtopic.php?t=4293&p=15655#p15655 | |
2788 | ||
2789 | .../size_overflow_plugin/intentional_overflow.c | 3 +++ | |
2790 | .../size_overflow_plugin/size_overflow_plugin.c | 2 +- | |
2791 | .../size_overflow_plugin/size_overflow_transform.c | 7 +++++++ | |
2792 | .../size_overflow_transform_core.c | 2 -- | |
2793 | 4 files changed, 11 insertions(+), 3 deletions(-) | |
2794 | ||
2795 | commit 85d8735a1d1190e3ad2e3f032ae88f811090fdfc | |
2796 | Author: Brad Spengler <spender@grsecurity.net> | |
2797 | Date: Sun Oct 25 13:01:32 2015 -0400 | |
2798 | ||
2799 | fpu doesn't live on the task_struct with PaX, so don't even bother computing some task_size | |
2800 | variable that isn't used for anything | |
2801 | ||
2802 | arch/x86/kernel/fpu/init.c | 14 -------------- | |
2803 | 1 files changed, 0 insertions(+), 14 deletions(-) | |
2804 | ||
2805 | commit cfd0008de8db38841f7f06b979482900994717b9 | |
2806 | Author: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
2807 | Date: Fri Oct 16 11:32:42 2015 +0200 | |
2808 | ||
2809 | overflow-arith: begin to add support for overflow builtin functions | |
2810 | ||
2811 | The idea of the overflow-arith.h header is to collect overflow checking | |
2812 | functions in one central place. | |
2813 | ||
2814 | If gcc compiler supports the __builtin_overflow_* builtins we use them | |
2815 | because they might give better performance, otherwise the code falls | |
2816 | back to normal overflow checking functions. | |
2817 | ||
2818 | The builtin_overflow functions are supported by gcc-5 and clang. The | |
2819 | matter of supporting clang is to just provide a corresponding | |
2820 | CC_HAVE_BUILTIN_OVERFLOW, because the specific overflow checking builtins | |
2821 | don't differ between gcc and clang. | |
2822 | ||
2823 | I just provide overflow_usub function here as I intend this to get merged | |
2824 | into net, more functions will definitely follow as they are needed. | |
2825 | ||
2826 | Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
2827 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
2828 | ||
2829 | include/linux/compiler-gcc.h | 4 ++++ | |
2830 | include/linux/overflow-arith.h | 18 ++++++++++++++++++ | |
2831 | 2 files changed, 22 insertions(+), 0 deletions(-) | |
2832 | ||
2833 | commit 18d5034650b637ec479f41d98e3912398b3e3efc | |
2834 | Author: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
2835 | Date: Fri Oct 16 11:32:43 2015 +0200 | |
2836 | ||
2837 | ipv6: protect mtu calculation of wrap-around and infinite loop by rounding issues | |
2838 | ||
2839 | Raw sockets with hdrincl enabled can insert ipv6 extension headers | |
2840 | right into the data stream. In case we need to fragment those packets, | |
2841 | we reparse the options header to find the place where we can insert | |
2842 | the fragment header. If the extension headers exceed the link's MTU we | |
2843 | actually cannot make progress in such a case. | |
2844 | ||
2845 | Instead of ending up in broken arithmetic or rounding towards 0 and | |
2846 | entering an endless loop in ip6_fragment, just prevent those cases by | |
2847 | aborting early and signal -EMSGSIZE to user space. | |
2848 | ||
2849 | Reported-by: Dmitry Vyukov <dvyukov@google.com> | |
2850 | Cc: Dmitry Vyukov <dvyukov@google.com> | |
2851 | Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> | |
2852 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
2853 | ||
2854 | net/ipv6/ip6_output.c | 6 +++++- | |
2855 | 1 files changed, 5 insertions(+), 1 deletions(-) | |
2856 | ||
2857 | commit 0e1d1c0f1981b4049a70d23dce4c69daf19f020b | |
2858 | Merge: c81314c 9470e78 | |
2859 | Author: Brad Spengler <spender@grsecurity.net> | |
2860 | Date: Sun Oct 25 11:51:44 2015 -0400 | |
2861 | ||
2862 | Merge branch 'pax-test' into grsec-test | |
2863 | ||
2864 | commit 9470e7893a9a1bf15f9b7d412dc09bebb59105e8 | |
2865 | Author: Brad Spengler <spender@grsecurity.net> | |
2866 | Date: Sun Oct 25 11:50:54 2015 -0400 | |
2867 | ||
2868 | Temporary squelching of overflow warning on skb_transport_offset(), will be fixed properly after H2HC | |
2869 | ||
2870 | include/linux/skbuff.h | 2 +- | |
2871 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
2872 | ||
2873 | commit c81314ce278e9cfa3322881a6133c2c7e53b9430 | |
2874 | Author: Brad Spengler <spender@grsecurity.net> | |
2875 | Date: Sat Oct 24 23:13:36 2015 -0400 | |
2876 | ||
2877 | Update recordmcount/fixdep paths in RPM spec, from Andrew | |
2878 | ||
2879 | scripts/package/mkspec | 4 ++-- | |
2880 | 1 files changed, 2 insertions(+), 2 deletions(-) | |
2881 | ||
2882 | commit 798e4296bd55778b5e77f1db69c1bb972419590f | |
2883 | Author: Brad Spengler <spender@grsecurity.net> | |
2884 | Date: Sat Oct 24 23:11:22 2015 -0400 | |
2885 | ||
2886 | Update size_overflow hash table | |
2887 | ||
2888 | .../disable_size_overflow_hash.data | 3 +++ | |
2889 | .../size_overflow_plugin/size_overflow_hash.data | 5 +---- | |
2890 | 2 files changed, 4 insertions(+), 4 deletions(-) | |
2891 | ||
68b0b791 PK |
2892 | commit d9ef04f20fc634595883d1c1950c32a8fe04df22 |
2893 | Author: Brad Spengler <spender@grsecurity.net> | |
2894 | Date: Sat Oct 24 08:27:29 2015 -0400 | |
2895 | ||
2896 | Fix from Emese for https://forums.grsecurity.net/viewtopic.php?f=3&t=4291 | |
2897 | ||
2898 | drivers/usb/class/cdc-acm.h | 2 +- | |
2899 | include/linux/usb.h | 8 ++++---- | |
2900 | 2 files changed, 5 insertions(+), 5 deletions(-) | |
2901 | ||
2902 | commit eea46f1d247f5f63e3762da91a41cba76567800f | |
2903 | Author: Brad Spengler <spender@grsecurity.net> | |
2904 | Date: Fri Oct 23 18:24:57 2015 -0400 | |
2905 | ||
2906 | Update size_overflow hash tables | |
2907 | ||
2908 | .../disable_size_overflow_hash.data | 5 ++++- | |
2909 | .../size_overflow_plugin/size_overflow_hash.data | 5 +---- | |
2910 | 2 files changed, 5 insertions(+), 5 deletions(-) | |
2911 | ||
31a7c07c PK |
2912 | commit 8f521b864bd7428f3ad42613416c106d1d619c4d |
2913 | Merge: 26adf00 285f0d1 | |
2914 | Author: Brad Spengler <spender@grsecurity.net> | |
2915 | Date: Thu Oct 22 19:41:57 2015 -0400 | |
2916 | ||
2917 | Merge branch 'pax-test' into grsec-test | |
2918 | ||
2919 | Conflicts: | |
2920 | drivers/gpu/drm/drm_lock.c | |
2921 | ||
2922 | commit 285f0d1cda31b45ee217b90861677c032cb6550b | |
2923 | Merge: d6dc25f 190bd21 | |
2924 | Author: Brad Spengler <spender@grsecurity.net> | |
2925 | Date: Thu Oct 22 19:40:34 2015 -0400 | |
2926 | ||
2927 | Merge branch 'linux-4.2.y' into pax-test | |
2928 | ||
2929 | Conflicts: | |
2930 | arch/x86/kernel/process_64.c | |
2931 | ||
2932 | commit 26adf00caf8f4ebf155422082d4e8b8e4eb60eef | |
2933 | Author: Eric W. Biederman <ebiederm@xmission.com> | |
2934 | Date: Sat Aug 15 13:36:12 2015 -0500 | |
2935 | ||
2936 | dcache: Handle escaped paths in prepend_path | |
2937 | ||
2938 | A rename can result in a dentry that by walking up d_parent | |
2939 | will never reach it's mnt_root. For lack of a better term | |
2940 | I call this an escaped path. | |
2941 | ||
2942 | prepend_path is called by four different functions __d_path, | |
2943 | d_absolute_path, d_path, and getcwd. | |
2944 | ||
2945 | __d_path only wants to see paths are connected to the root it passes | |
2946 | in. So __d_path needs prepend_path to return an error. | |
2947 | ||
2948 | d_absolute_path similarly wants to see paths that are connected to | |
2949 | some root. Escaped paths are not connected to any mnt_root so | |
2950 | d_absolute_path needs prepend_path to return an error greater | |
2951 | than 1. So escaped paths will be treated like paths on lazily | |
2952 | unmounted mounts. | |
2953 | ||
2954 | getcwd needs to prepend "(unreachable)" so getcwd also needs | |
2955 | prepend_path to return an error. | |
2956 | ||
2957 | d_path is the interesting hold out. d_path just wants to print | |
2958 | something, and does not care about the weird cases. Which raises | |
2959 | the question what should be printed? | |
2960 | ||
2961 | Given that <escaped_path>/<anything> should result in -ENOENT I | |
2962 | believe it is desirable for escaped paths to be printed as empty | |
2963 | paths. As there are not really any meaninful path components when | |
2964 | considered from the perspective of a mount tree. | |
2965 | ||
2966 | So tweak prepend_path to return an empty path with an new error | |
2967 | code of 3 when it encounters an escaped path. | |
2968 | ||
2969 | Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> | |
2970 | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> | |
2971 | ||
2972 | fs/dcache.c | 7 +++++++ | |
2973 | 1 files changed, 7 insertions(+), 0 deletions(-) | |
2974 | ||
2975 | commit d402147a7689356c29bfd46a7cfa6594e517ab95 | |
2976 | Author: Salva Peiró <speirofr@gmail.com> | |
2977 | Date: Wed Oct 14 17:48:02 2015 +0200 | |
2978 | ||
2979 | staging/dgnc: fix info leak in ioctl | |
2980 | ||
2981 | The dgnc_mgmt_ioctl() code fails to initialize the 16 _reserved bytes of | |
2982 | struct digi_dinfo after the ->dinfo_nboards member. Add an explicit | |
2983 | memset(0) before filling the structure to avoid the info leak. | |
2984 | ||
2985 | Signed-off-by: Salva Peiró <speirofr@gmail.com> | |
2986 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
2987 | ||
2988 | drivers/staging/dgnc/dgnc_mgmt.c | 1 + | |
2989 | 1 files changed, 1 insertions(+), 0 deletions(-) | |
2990 | ||
2991 | commit bafc510c4fb4e8a5e69531fdc3a733e58c4bbdbf | |
2992 | Author: Salva Peiró <speirofr@gmail.com> | |
2993 | Date: Wed Oct 7 07:09:26 2015 -0300 | |
2994 | ||
2995 | [media] media/vivid-osd: fix info leak in ioctl | |
2996 | ||
2997 | The vivid_fb_ioctl() code fails to initialize the 16 _reserved bytes of | |
2998 | struct fb_vblank after the ->hcount member. Add an explicit | |
2999 | memset(0) before filling the structure to avoid the info leak. | |
3000 | ||
3001 | Signed-off-by: Salva Peiró <speirofr@gmail.com> | |
3002 | Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com> | |
3003 | Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com> | |
3004 | ||
3005 | drivers/media/platform/vivid/vivid-osd.c | 1 + | |
3006 | 1 files changed, 1 insertions(+), 0 deletions(-) | |
3007 | ||
3008 | commit 980a903796ae06366fd5acbcd179ee2dc57fbabf | |
3009 | Author: David Howells <dhowells@redhat.com> | |
3010 | Date: Mon Oct 19 11:20:28 2015 +0100 | |
3011 | ||
3012 | KEYS: Don't permit request_key() to construct a new keyring | |
3013 | ||
3014 | If request_key() is used to find a keyring, only do the search part - don't | |
3015 | do the construction part if the keyring was not found by the search. We | |
3016 | don't really want keyrings in the negative instantiated state since the | |
3017 | rejected/negative instantiation error value in the payload is unioned with | |
3018 | keyring metadata. | |
3019 | ||
3020 | Now the kernel gives an error: | |
3021 | ||
3022 | request_key("keyring", "#selinux,bdekeyring", "keyring", KEY_SPEC_USER_SESSION_KEYRING) = -1 EPERM (Operation not permitted) | |
3023 | ||
3024 | Signed-off-by: David Howells <dhowells@redhat.com> | |
3025 | ||
3026 | security/keys/request_key.c | 3 +++ | |
3027 | 1 files changed, 3 insertions(+), 0 deletions(-) | |
3028 | ||
3029 | commit f705c157ed6f8a9c4c0cf552fd5f054d9d500550 | |
3030 | Author: Dan Carpenter <dan.carpenter@oracle.com> | |
3031 | Date: Mon Oct 19 13:16:49 2015 +0300 | |
3032 | ||
3033 | irda: precedence bug in irlmp_seq_hb_idx() | |
3034 | ||
3035 | This is decrementing the pointer, instead of the value stored in the | |
3036 | pointer. KASan detects it as an out of bounds reference. | |
3037 | ||
3038 | Reported-by: "Berry Cheng 程君(成淼)" <chengmiao.cj@alibaba-inc.com> | |
3039 | Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> | |
3040 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
3041 | ||
3042 | net/irda/irlmp.c | 2 +- | |
3043 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
3044 | ||
dc085147 PK |
3045 | commit 4a110451298bfce895ed224e6bbd9201d8605b2b |
3046 | Author: Brad Spengler <spender@grsecurity.net> | |
3047 | Date: Tue Oct 20 19:25:13 2015 -0400 | |
3048 | ||
3049 | Ratelimit the dump_stack as well, both to 15s with a burst of 3, enough not to completely | |
3050 | flood syslog | |
3051 | ||
3052 | fs/exec.c | 11 +++++++++-- | |
3053 | 1 files changed, 9 insertions(+), 2 deletions(-) | |
3054 | ||
3055 | commit 183fc2ae7d90e077fd27623998d82916260a2223 | |
fee0510d | 3056 | Merge: a2409394 d6dc25f |
dc085147 PK |
3057 | Author: Brad Spengler <spender@grsecurity.net> |
3058 | Date: Tue Oct 20 19:16:04 2015 -0400 | |
3059 | ||
3060 | Merge branch 'pax-test' into grsec-test | |
3061 | ||
3062 | Conflicts: | |
3063 | tools/gcc/size_overflow_plugin/size_overflow_plugin.c | |
3064 | ||
3065 | commit d6dc25f193a832e08d8e7cf097d7f70b3dc24776 | |
3066 | Author: Brad Spengler <spender@grsecurity.net> | |
3067 | Date: Tue Oct 20 19:14:41 2015 -0400 | |
3068 | ||
3069 | Update to pax-linux-4.2.3-test16.patch: | |
3070 | - fixed undefined integer shift in proc_do_submiturb, reported by Arnaud <arnaud@drno.eu> | |
3071 | - fixed integer underflow in scm_detach_fds (similar to 1ac70e7ad24a88710cf9b6d7ababaefa2b575df0 upstream), reported by kdave (https://forums.grsecurity.net/viewtopic.php?f=1&t=4286) | |
3072 | - Emese added a temporary workaround for miscompiling the ath10k driver, reported by victor | |
3073 | - Emese fixed a false positive that affected the iwlwifi driver among others, reported by victor | |
3074 | - Emese disabled size overflow checking in acpi_ex_do_math_op and on acpi_object_integer, reported by xxterry1xx and rfnx (https://forums.grsecurity.net/viewtopic.php?f=3&t=4287) | |
3075 | ||
3076 | drivers/net/wireless/ath/ath10k/ce.c | 2 +- | |
3077 | drivers/usb/core/devio.c | 2 +- | |
3078 | fs/dlm/lowcomms.c | 2 +- | |
3079 | net/core/scm.c | 6 ++- | |
3080 | .../disable_size_overflow_hash.data | 4 +- | |
3081 | .../size_overflow_plugin/intentional_overflow.c | 44 -------------------- | |
3082 | tools/gcc/size_overflow_plugin/size_overflow.h | 1 - | |
3083 | .../size_overflow_plugin/size_overflow_hash.data | 4 +- | |
3084 | .../size_overflow_plugin/size_overflow_plugin.c | 4 +- | |
3085 | .../size_overflow_plugin/size_overflow_transform.c | 3 - | |
3086 | .../size_overflow_transform_core.c | 6 +++ | |
3087 | 11 files changed, 19 insertions(+), 59 deletions(-) | |
3088 | ||
a129fb97 PK |
3089 | commit a2409394c2b0d97a9f02bf62ca4c0254602e58a6 |
3090 | Author: Brad Spengler <spender@grsecurity.net> | |
3091 | Date: Tue Oct 20 08:58:25 2015 -0400 | |
3092 | ||
3093 | set default to y | |
3094 | ||
3095 | security/Kconfig | 1 + | |
3096 | 1 files changed, 1 insertions(+), 0 deletions(-) | |
3097 | ||
3098 | commit 3abe24117389419654da44adc87a9a03ad7e3f38 | |
3099 | Author: Brad Spengler <spender@grsecurity.net> | |
3100 | Date: Tue Oct 20 08:08:32 2015 -0400 | |
3101 | ||
3102 | Add a new config option from Emese to allow SIZE_OVERFLOW to be enabled | |
3103 | while having it not kill the userland process in an overflow condition. | |
3104 | This will help us obtain reports over the next few weeks while not making | |
3105 | some percentage of users' machines unusable. | |
3106 | ||
3107 | To enable this option, set CONFIG_PAX_SIZE_OVERFLOW_DISABLE_KILL=y in .config | |
3108 | ||
3109 | fs/exec.c | 5 +++++ | |
3110 | security/Kconfig | 4 ++++ | |
3111 | .../size_overflow_plugin/size_overflow_plugin.c | 4 ++-- | |
3112 | 3 files changed, 11 insertions(+), 2 deletions(-) | |
3113 | ||
07330232 PK |
3114 | commit bcae982f720ce0b3463a81f2b72a4807cb89048b |
3115 | Merge: 0e55d80 128d3a5 | |
3116 | Author: Brad Spengler <spender@grsecurity.net> | |
3117 | Date: Mon Oct 19 18:56:09 2015 -0400 | |
3118 | ||
3119 | Merge branch 'pax-test' into grsec-test | |
3120 | ||
3121 | commit 128d3a5452ab001b29235b05eb0be3334fff3998 | |
3122 | Author: Brad Spengler <spender@grsecurity.net> | |
3123 | Date: Mon Oct 19 18:55:37 2015 -0400 | |
3124 | ||
3125 | Update to pax-linux-4.2.3-test14.patch: | |
3126 | - Emese fixed a false positive size overflow report, reported by gus (https://forums.grsecurity.net/viewtopic.php?t=4280) | |
3127 | - fixed an integer sign mixup in usb_stor_invoke_transport, reported by Arnaud <arnaud@drno.eu> | |
3128 | ||
3129 | drivers/usb/storage/transport.c | 2 +- | |
3130 | .../size_overflow_plugin/size_overflow_plugin.c | 2 +- | |
3131 | .../size_overflow_plugin/size_overflow_transform.c | 15 +++- | |
3132 | .../size_overflow_transform_core.c | 90 ++++++++++++++----- | |
3133 | 4 files changed, 81 insertions(+), 28 deletions(-) | |
3134 | ||
ed16389b PK |
3135 | commit 0e55d80a65998266cab71804131a072fcc8ee558 |
3136 | Merge: a61fd15 9c4310f | |
3137 | Author: Brad Spengler <spender@grsecurity.net> | |
3138 | Date: Sat Oct 17 23:15:36 2015 -0400 | |
3139 | ||
3140 | Merge branch 'pax-test' into grsec-test | |
3141 | ||
3142 | commit 9c4310fdb2d19f83affc62eb2698d3763ce8c36b | |
3143 | Author: Brad Spengler <spender@grsecurity.net> | |
3144 | Date: Sat Oct 17 23:15:13 2015 -0400 | |
3145 | ||
3146 | Update to pax-linux-4.2.3-test14.patch: | |
3147 | - reverted some page table hardening that caused too much slowdown under virtualization, reported by quasar366 (https://forums.grsecurity.net/viewtopic.php?f=3&t=4275) | |
3148 | ||
3149 | arch/x86/include/asm/pgtable-2level.h | 18 ++---------------- | |
3150 | arch/x86/include/asm/pgtable-3level.h | 10 ---------- | |
3151 | arch/x86/include/asm/pgtable_32.h | 2 ++ | |
3152 | arch/x86/include/asm/pgtable_64.h | 18 ++---------------- | |
3153 | arch/x86/mm/highmem_32.c | 2 ++ | |
3154 | arch/x86/mm/init_64.c | 2 ++ | |
3155 | arch/x86/mm/iomap_32.c | 4 ++++ | |
3156 | arch/x86/mm/pageattr.c | 4 ++++ | |
3157 | arch/x86/mm/pgtable.c | 2 ++ | |
3158 | arch/x86/mm/pgtable_32.c | 3 +++ | |
3159 | mm/highmem.c | 5 +++++ | |
3160 | mm/vmalloc.c | 7 +++++++ | |
3161 | 12 files changed, 35 insertions(+), 42 deletions(-) | |
3162 | ||
609ac19a PK |
3163 | commit a61fd152e87bd3ed91194b07f6b1fcbcd165093b |
3164 | Merge: 00f1afa db7a8e5 | |
3165 | Author: Brad Spengler <spender@grsecurity.net> | |
3166 | Date: Sat Oct 17 18:33:48 2015 -0400 | |
3167 | ||
3168 | Merge branch 'pax-test' into grsec-test | |
3169 | ||
3170 | commit db7a8e5c284179889014b5929a40298e1b228fbc | |
3171 | Author: Brad Spengler <spender@grsecurity.net> | |
3172 | Date: Sat Oct 17 18:33:22 2015 -0400 | |
3173 | ||
3174 | Update to pax-linux-4.2.3-test13.patch: | |
3175 | - Emese worked around a sign mixup with wiphy.rts_threshold, reported by gus (https://forums.grsecurity.net/viewtopic.php?f=3&t=4278) | |
3176 | ||
3177 | .../disable_size_overflow_hash.data | 2 ++ | |
3178 | .../size_overflow_plugin/size_overflow_hash.data | 2 -- | |
3179 | 2 files changed, 2 insertions(+), 2 deletions(-) | |
3180 | ||
5bf3f0b0 PK |
3181 | commit 00f1afa694317365e9bd6dc77d2e3e96ae3a68ec |
3182 | Merge: 7098385 57dc21d | |
3183 | Author: Brad Spengler <spender@grsecurity.net> | |
3184 | Date: Sat Oct 17 11:04:56 2015 -0400 | |
3185 | ||
3186 | Merge branch 'pax-test' into grsec-test | |
3187 | ||
3188 | commit 57dc21d203a9fa1312a4abc608da5b3644d29078 | |
3189 | Author: Brad Spengler <spender@grsecurity.net> | |
3190 | Date: Sat Oct 17 11:04:34 2015 -0400 | |
3191 | ||
3192 | Update to pax-linux-4.2.3-test12.patch: | |
3193 | - removed size_overflow_hash.data.prev that was left behind by accident | |
3194 | - Emese fixed a false positive overflow report in the megaraid driver due to a gcc limitation, reported by vortex (https://forums.grsecurity.net/viewtopic.php?f=3&t=4277) | |
3195 | ||
3196 | drivers/scsi/megaraid/megaraid_sas.h | 2 +- | |
3197 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
3198 | ||
c84fce4e PK |
3199 | commit 7098385851c43dea6692508c71cd5fbcce3187b2 |
3200 | Merge: bc6d23e 78b0f64 | |
3201 | Author: Brad Spengler <spender@grsecurity.net> | |
3202 | Date: Fri Oct 16 17:45:06 2015 -0400 | |
3203 | ||
3204 | Merge branch 'pax-test' into grsec-test | |
3205 | ||
3206 | Conflicts: | |
3207 | tools/gcc/size_overflow_plugin/intentional_overflow.c | |
3208 | ||
3209 | commit 78b0f643d8d2b870e8ad5df075d4ab79befa4266 | |
3210 | Author: Brad Spengler <spender@grsecurity.net> | |
3211 | Date: Fri Oct 16 17:44:18 2015 -0400 | |
3212 | ||
3213 | Update to pax-linux-4.2.3-test11.patch: | |
3214 | - Emese fixed a few false positives caused by error codes | |
3215 | - simplified the switch_mm code on x86 a bit | |
3216 | ||
3217 | arch/x86/include/asm/mmu_context.h | 118 +++++-------- | |
3218 | include/drm/drm_mm.h | 2 +- | |
3219 | .../size_overflow_plugin/intentional_overflow.c | 11 +- | |
3220 | tools/gcc/size_overflow_plugin/size_overflow.h | 19 ++- | |
3221 | .../size_overflow_plugin/size_overflow_plugin.c | 2 +- | |
3222 | .../size_overflow_plugin/size_overflow_transform.c | 178 +++++++++----------- | |
3223 | .../size_overflow_transform_core.c | 31 ++-- | |
3224 | 7 files changed, 169 insertions(+), 192 deletions(-) | |
3225 | ||
3226 | commit bc6d23e3408e389f8a96134f6bc915e9fc8b370b | |
3227 | Author: Brad Spengler <spender@grsecurity.net> | |
3228 | Date: Fri Oct 16 17:28:54 2015 -0400 | |
3229 | ||
3230 | Update rpm devel spec, thanks to Andrew | |
3231 | ||
3232 | scripts/package/mkspec | 3 +++ | |
3233 | 1 files changed, 3 insertions(+), 0 deletions(-) | |
3234 | ||
3235 | commit b3f30cb9207a72a6aa4a78f23f8c5353be0bb27b | |
3236 | Author: Brad Spengler <spender@grsecurity.net> | |
3237 | Date: Thu Oct 15 20:10:56 2015 -0400 | |
3238 | ||
3239 | disable tracing support with GRKERNSEC_KMEM (it forces debugfs support on) | |
3240 | ||
3241 | kernel/trace/Kconfig | 2 +- | |
3242 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
3243 | ||
3244 | commit 82a0c12587f14add438ddf3b558e2278fcb7a387 | |
3245 | Author: Brad Spengler <spender@grsecurity.net> | |
3246 | Date: Thu Oct 15 19:19:43 2015 -0400 | |
3247 | ||
3248 | Force DEBUG_FS off the hard way, since 'select' can cause it to be | |
3249 | inadvertently enabled. Add a backup check that fails the build if | |
3250 | GRKERNSEC_KMEM is enabled with DEBUG_FS | |
3251 | Ditto for PROC_PAGE_MONITOR | |
3252 | ||
3253 | arch/arc/Kconfig | 1 + | |
3254 | arch/arm/Kconfig.debug | 1 + | |
3255 | arch/arm64/Kconfig.debug | 1 + | |
3256 | arch/blackfin/Kconfig.debug | 1 + | |
3257 | arch/s390/Kconfig.debug | 1 + | |
3258 | arch/x86/Kconfig.debug | 2 ++ | |
3259 | drivers/iommu/Kconfig | 1 + | |
3260 | drivers/md/bcache/Kconfig | 1 + | |
3261 | drivers/net/wireless/ath/ath9k/Kconfig | 1 - | |
3262 | include/linux/grsecurity.h | 6 ++++++ | |
3263 | init/Kconfig | 1 + | |
3264 | kernel/trace/Kconfig | 2 ++ | |
3265 | lib/Kconfig.debug | 6 +++++- | |
3266 | mm/Kconfig | 3 +++ | |
3267 | net/sunrpc/Kconfig | 1 + | |
3268 | 15 files changed, 27 insertions(+), 2 deletions(-) | |
3269 | ||
3270 | commit 1b6f8fc8b8100292647638c713326776a0865705 | |
3271 | Author: Brad Spengler <spender@grsecurity.net> | |
3272 | Date: Thu Oct 15 17:58:59 2015 -0400 | |
3273 | ||
3274 | Force DEBUG_FS off in the kernel config, even having it present is a security | |
3275 | risk | |
3276 | ||
3277 | Conflicts: | |
3278 | ||
3279 | lib/Kconfig.debug | |
3280 | ||
3281 | lib/Kconfig.debug | 1 + | |
3282 | 1 files changed, 1 insertions(+), 0 deletions(-) | |
3283 | ||
3284 | commit 21057fc30571f96aa46acf8922417311905d0f2b | |
3285 | Author: Brad Spengler <spender@grsecurity.net> | |
3286 | Date: Thu Oct 15 08:15:33 2015 -0400 | |
3287 | ||
3288 | Backport fix from: https://patchwork.kernel.org/patch/6853351/ | |
3289 | The debug_read_tlb() uses the sprintf() functions directly on the buffer | |
3290 | allocated by buf = kmalloc(count), without taking into account the size | |
3291 | of the buffer, with the consequence corrupting the heap, depending on | |
3292 | the count requested by the user. | |
3293 | ||
3294 | The patch fixes the issue replacing sprintf() by seq_printf(). | |
3295 | ||
3296 | Signed-off-by: Salva Peiró <speirofr@gmail.com> | |
3297 | ||
3298 | drivers/iommu/omap-iommu-debug.c | 26 +++++++------------------- | |
3299 | drivers/iommu/omap-iommu.c | 28 +++++++++++----------------- | |
3300 | drivers/iommu/omap-iommu.h | 3 +-- | |
3301 | 3 files changed, 19 insertions(+), 38 deletions(-) | |
3302 | ||
3303 | commit ba936d19274485bad900a69d679878a50faa50aa | |
3304 | Author: Joe Perches <joe@perches.com> | |
3305 | Date: Wed Oct 14 01:09:40 2015 -0700 | |
3306 | ||
3307 | ethtool: Use kcalloc instead of kmalloc for ethtool_get_strings | |
3308 | ||
3309 | It seems that kernel memory can leak into userspace by a | |
3310 | kmalloc, ethtool_get_strings, then copy_to_user sequence. | |
3311 | ||
3312 | Avoid this by using kcalloc to zero fill the copied buffer. | |
3313 | ||
3314 | Signed-off-by: Joe Perches <joe@perches.com> | |
3315 | Acked-by: Ben Hutchings <ben@decadent.org.uk> | |
3316 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
3317 | ||
3318 | net/core/ethtool.c | 2 +- | |
3319 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
3320 | ||
3321 | commit bae0a8209962cede6a0d486cf2414cac1747f91b | |
3322 | Author: Brad Spengler <spender@grsecurity.net> | |
3323 | Date: Wed Oct 14 19:54:27 2015 -0400 | |
3324 | ||
3325 | Update size_overflow hash table | |
3326 | ||
3327 | .../size_overflow_plugin/size_overflow_hash.data | 53 +++++++++++++++++-- | |
3328 | 1 files changed, 47 insertions(+), 6 deletions(-) | |
3329 | ||
3330 | commit 1d840cc98b8f9b62d3c906ae24385f79c9131e29 | |
3331 | Author: Brad Spengler <spender@grsecurity.net> | |
3332 | Date: Wed Oct 14 19:50:48 2015 -0400 | |
3333 | ||
3334 | Update size_overflow hash table | |
3335 | ||
3336 | .../size_overflow_plugin/size_overflow_hash.data | 1 + | |
3337 | 1 files changed, 1 insertions(+), 0 deletions(-) | |
3338 | ||
3339 | commit fca9b7af6aebd1d80f364d6d849470e917919004 | |
3340 | Author: Brad Spengler <spender@grsecurity.net> | |
3341 | Date: Wed Oct 14 19:47:21 2015 -0400 | |
3342 | ||
3343 | Update size_overflow hash table | |
3344 | ||
3345 | .../size_overflow_plugin/size_overflow_hash.data | 300 ++++++++++++++++---- | |
3346 | 1 files changed, 244 insertions(+), 56 deletions(-) | |
3347 | ||
3348 | commit 07cadc277ba83222698c99091c7da2c28275981f | |
3349 | Author: Brad Spengler <spender@grsecurity.net> | |
3350 | Date: Wed Oct 14 19:39:44 2015 -0400 | |
3351 | ||
3352 | squelch some informational messages only used by Emese | |
3353 | ||
3354 | .../size_overflow_plugin/intentional_overflow.c | 6 +++--- | |
3355 | 1 files changed, 3 insertions(+), 3 deletions(-) | |
3356 | ||
3357 | commit 77eeeac20bde1e0ebd72efe0f7b5c52786411bc7 | |
3358 | Author: Brad Spengler <spender@grsecurity.net> | |
3359 | Date: Wed Oct 14 19:15:56 2015 -0400 | |
3360 | ||
3361 | Re-enable size_overflow | |
3362 | ||
3363 | security/Kconfig | 1 - | |
3364 | 1 files changed, 0 insertions(+), 1 deletions(-) | |
3365 | ||
3366 | commit cb8efa1fd63be1bbcf5e585396cc0ed562d0c624 | |
3367 | Merge: 913cbf6 4c48a7f | |
3368 | Author: Brad Spengler <spender@grsecurity.net> | |
3369 | Date: Wed Oct 14 17:14:42 2015 -0400 | |
3370 | ||
3371 | Merge branch 'pax-test' into grsec-test | |
3372 | ||
3373 | Conflicts: | |
3374 | tools/gcc/size_overflow_plugin/size_overflow_hash.data | |
3375 | ||
3376 | commit 4c48a7fc8df9310f994708b42fe1102a2943917c | |
3377 | Author: Brad Spengler <spender@grsecurity.net> | |
3378 | Date: Wed Oct 14 17:12:54 2015 -0400 | |
3379 | ||
3380 | Update to pax-linux-4.2.3-test10.patch: | |
3381 | - fixed accidentally dropped csum_partial_copy_generic_to_user entry point for pre-P6 i386 configs, by minipli | |
3382 | - Emese fixed a bunch of false positives with the size overflow plugin, let's see how it goes in the real world :) | |
3383 | ||
3384 | arch/x86/include/asm/processor.h | 2 +- | |
3385 | arch/x86/include/asm/ptrace.h | 8 +- | |
3386 | arch/x86/lib/checksum_32.S | 2 + | |
3387 | arch/x86/xen/mmu.c | 2 +- | |
3388 | drivers/ata/libahci.c | 2 +- | |
3389 | drivers/i2c/busses/i2c-diolan-u2c.c | 2 +- | |
3390 | drivers/oprofile/oprofile_files.c | 2 +- | |
3391 | drivers/spi/spidev.c | 2 +- | |
3392 | drivers/tty/n_tty.c | 2 +- | |
3393 | drivers/usb/core/message.c | 6 +- | |
3394 | fs/binfmt_elf.c | 2 +- | |
3395 | fs/ubifs/io.c | 2 +- | |
3396 | include/drm/drm_mm.h | 2 +- | |
3397 | include/linux/completion.h | 12 +- | |
3398 | include/linux/jiffies.h | 10 +- | |
3399 | include/linux/kernel.h | 2 +- | |
3400 | include/linux/mm.h | 2 +- | |
3401 | include/linux/random.h | 4 +- | |
3402 | include/linux/sched.h | 2 +- | |
3403 | include/linux/usb.h | 2 +- | |
3404 | kernel/sched/completion.c | 6 +- | |
3405 | kernel/time/timer.c | 2 +- | |
3406 | lib/bitmap.c | 2 +- | |
3407 | mm/internal.h | 2 +- | |
3408 | net/sunrpc/svcauth_unix.c | 2 +- | |
3409 | .../disable_size_overflow_hash.data |22980 +++++++++++--------- | |
3410 | .../insert_size_overflow_asm.c | 7 + | |
3411 | .../size_overflow_plugin/intentional_overflow.c | 10 +- | |
3412 | tools/gcc/size_overflow_plugin/size_overflow.h | 29 +- | |
3413 | .../gcc/size_overflow_plugin/size_overflow_debug.c | 20 +- | |
3414 | .../size_overflow_plugin/size_overflow_hash.data |14092 ++++++++---- | |
3415 | tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 252 +- | |
3416 | .../size_overflow_plugin/size_overflow_plugin.c | 2 +- | |
3417 | .../size_overflow_plugin_hash.c | 13 +- | |
3418 | .../size_overflow_plugin/size_overflow_transform.c | 205 +- | |
3419 | .../size_overflow_transform_core.c | 4 +- | |
3420 | 36 files changed, 21958 insertions(+), 15740 deletions(-) | |
3421 | ||
3422 | commit 913cbf6a23fcad570b776b1a5a71242b909c5c99 | |
3423 | Author: Dave Kleikamp <dave.kleikamp@oracle.com> | |
3424 | Date: Mon Oct 5 10:08:51 2015 -0500 | |
3425 | ||
3426 | crypto: sparc - initialize blkcipher.ivsize | |
3427 | ||
3428 | Some of the crypto algorithms write to the initialization vector, | |
3429 | but no space has been allocated for it. This clobbers adjacent memory. | |
3430 | ||
3431 | Cc: stable@vger.kernel.org | |
3432 | Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com> | |
3433 | Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | |
3434 | ||
3435 | arch/sparc/crypto/aes_glue.c | 2 ++ | |
3436 | arch/sparc/crypto/camellia_glue.c | 1 + | |
3437 | arch/sparc/crypto/des_glue.c | 2 ++ | |
3438 | 3 files changed, 5 insertions(+), 0 deletions(-) | |
3439 | ||
ebfb31c7 PK |
3440 | commit 7af7ad1e287067b7ea659dc0dd3e2e355588e246 |
3441 | Author: Brad Spengler <spender@grsecurity.net> | |
3442 | Date: Tue Oct 13 08:03:51 2015 -0400 | |
3443 | ||
3444 | Apply fix by Tejun Heo for upstream bug reported on the forums by Fuxino: | |
3445 | https://forums.grsecurity.net/viewtopic.php?f=3&t=4276#p15570 | |
3446 | ||
3447 | Probably made more easily reproducible via SANITIZE, but we won't know for | |
3448 | sure without a full oops report. | |
3449 | ||
3450 | For some reason even though this patch was marked for 4.2+ stable over a month | |
3451 | ago, it still hasn't hit Greg's tree. | |
3452 | ||
3453 | block/blk-cgroup.c | 3 +++ | |
3454 | 1 files changed, 3 insertions(+), 0 deletions(-) | |
3455 | ||
3456 | commit 8e1f29f9e1af36f71d12213ea6530eb77014c00c | |
3457 | Author: Dmitry Vyukov <dvyukov@google.com> | |
3458 | Date: Thu Sep 17 17:17:10 2015 +0200 | |
3459 | ||
3460 | tty: fix data race on tty_buffer.commit | |
3461 | ||
3462 | Race on buffer data happens when newly committed data is | |
3463 | picked up by an old flush work in the following scenario: | |
3464 | __tty_buffer_request_room does a plain write of tail->commit, | |
3465 | no barriers were executed before that. | |
3466 | At this point flush_to_ldisc reads this new value of commit, | |
3467 | and reads buffer data, no barriers in between. | |
3468 | The committed buffer data is not necessary visible to flush_to_ldisc. | |
3469 | ||
3470 | Similar bug happens when tty_schedule_flip commits data. | |
3471 | ||
3472 | Update commit with smp_store_release and read commit with | |
3473 | smp_load_acquire, as it is commit that signals data readiness. | |
3474 | This is orthogonal to the existing synchronization on tty_buffer.next, | |
3475 | which is required to not dismiss a buffer with unconsumed data. | |
3476 | ||
3477 | The data race was found with KernelThreadSanitizer (KTSAN). | |
3478 | ||
3479 | Signed-off-by: Dmitry Vyukov <dvyukov@google.com> | |
3480 | Reviewed-by: Peter Hurley <peter@hurleysoftware.com> | |
3481 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
3482 | ||
3483 | drivers/tty/tty_buffer.c | 15 ++++++++++++--- | |
3484 | 1 files changed, 12 insertions(+), 3 deletions(-) | |
3485 | ||
3486 | commit d62db216e7182e24317596471c1a3a2a9fb9d1f5 | |
3487 | Author: Peter Hurley <peter@hurleysoftware.com> | |
3488 | Date: Sun Jul 12 20:50:49 2015 -0400 | |
3489 | ||
3490 | tty: Replace smp_rmb/smp_wmb with smp_load_acquire/smp_store_release | |
3491 | ||
3492 | Clarify flip buffer producer/consumer operation; the use of | |
3493 | smp_load_acquire() and smp_store_release() more clearly indicates | |
3494 | which memory access requires a barrier. | |
3495 | ||
3496 | Signed-off-by: Peter Hurley <peter@hurleysoftware.com> | |
3497 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
3498 | ||
3499 | drivers/tty/tty_buffer.c | 10 ++++------ | |
3500 | 1 files changed, 4 insertions(+), 6 deletions(-) | |
3501 | ||
3502 | commit c6bbe8a6097f869b6a3d3c40d456727180573dd9 | |
3503 | Author: Kosuke Tatsukawa <tatsu@ab.jp.nec.com> | |
3504 | Date: Fri Oct 2 08:27:05 2015 +0000 | |
3505 | ||
3506 | tty: fix stall caused by missing memory barrier in drivers/tty/n_tty.c | |
3507 | ||
3508 | My colleague ran into a program stall on a x86_64 server, where | |
3509 | n_tty_read() was waiting for data even if there was data in the buffer | |
3510 | in the pty. kernel stack for the stuck process looks like below. | |
3511 | #0 [ffff88303d107b58] __schedule at ffffffff815c4b20 | |
3512 | #1 [ffff88303d107bd0] schedule at ffffffff815c513e | |
3513 | #2 [ffff88303d107bf0] schedule_timeout at ffffffff815c7818 | |
3514 | #3 [ffff88303d107ca0] wait_woken at ffffffff81096bd2 | |
3515 | #4 [ffff88303d107ce0] n_tty_read at ffffffff8136fa23 | |
3516 | #5 [ffff88303d107dd0] tty_read at ffffffff81368013 | |
3517 | #6 [ffff88303d107e20] __vfs_read at ffffffff811a3704 | |
3518 | #7 [ffff88303d107ec0] vfs_read at ffffffff811a3a57 | |
3519 | #8 [ffff88303d107f00] sys_read at ffffffff811a4306 | |
3520 | #9 [ffff88303d107f50] entry_SYSCALL_64_fastpath at ffffffff815c86d7 | |
3521 | ||
3522 | There seems to be two problems causing this issue. | |
3523 | ||
3524 | First, in drivers/tty/n_tty.c, __receive_buf() stores the data and | |
3525 | updates ldata->commit_head using smp_store_release() and then checks | |
3526 | the wait queue using waitqueue_active(). However, since there is no | |
3527 | memory barrier, __receive_buf() could return without calling | |
3528 | wake_up_interactive_poll(), and at the same time, n_tty_read() could | |
3529 | start to wait in wait_woken() as in the following chart. | |
3530 | ||
3531 | __receive_buf() n_tty_read() | |
3532 | ------------------------------------------------------------------------ | |
3533 | if (waitqueue_active(&tty->read_wait)) | |
3534 | /* Memory operations issued after the | |
3535 | RELEASE may be completed before the | |
3536 | RELEASE operation has completed */ | |
3537 | add_wait_queue(&tty->read_wait, &wait); | |
3538 | ... | |
3539 | if (!input_available_p(tty, 0)) { | |
3540 | smp_store_release(&ldata->commit_head, | |
3541 | ldata->read_head); | |
3542 | ... | |
3543 | timeout = wait_woken(&wait, | |
3544 | TASK_INTERRUPTIBLE, timeout); | |
3545 | ------------------------------------------------------------------------ | |
3546 | ||
3547 | The second problem is that n_tty_read() also lacks a memory barrier | |
3548 | call and could also cause __receive_buf() to return without calling | |
3549 | wake_up_interactive_poll(), and n_tty_read() to wait in wait_woken() | |
3550 | as in the chart below. | |
3551 | ||
3552 | __receive_buf() n_tty_read() | |
3553 | ------------------------------------------------------------------------ | |
3554 | spin_lock_irqsave(&q->lock, flags); | |
3555 | /* from add_wait_queue() */ | |
3556 | ... | |
3557 | if (!input_available_p(tty, 0)) { | |
3558 | /* Memory operations issued after the | |
3559 | RELEASE may be completed before the | |
3560 | RELEASE operation has completed */ | |
3561 | smp_store_release(&ldata->commit_head, | |
3562 | ldata->read_head); | |
3563 | if (waitqueue_active(&tty->read_wait)) | |
3564 | __add_wait_queue(q, wait); | |
3565 | spin_unlock_irqrestore(&q->lock,flags); | |
3566 | /* from add_wait_queue() */ | |
3567 | ... | |
3568 | timeout = wait_woken(&wait, | |
3569 | TASK_INTERRUPTIBLE, timeout); | |
3570 | ------------------------------------------------------------------------ | |
3571 | ||
3572 | There are also other places in drivers/tty/n_tty.c which have similar | |
3573 | calls to waitqueue_active(), so instead of adding many memory barrier | |
3574 | calls, this patch simply removes the call to waitqueue_active(), | |
3575 | leaving just wake_up*() behind. | |
3576 | ||
3577 | This fixes both problems because, even though the memory access before | |
3578 | or after the spinlocks in both wake_up*() and add_wait_queue() can | |
3579 | sneak into the critical section, it cannot go past it and the critical | |
3580 | section assures that they will be serialized (please see "INTER-CPU | |
3581 | ACQUIRING BARRIER EFFECTS" in Documentation/memory-barriers.txt for a | |
3582 | better explanation). Moreover, the resulting code is much simpler. | |
3583 | ||
3584 | Latency measurement using a ping-pong test over a pty doesn't show any | |
3585 | visible performance drop. | |
3586 | ||
3587 | Signed-off-by: Kosuke Tatsukawa <tatsu@ab.jp.nec.com> | |
3588 | Cc: stable@vger.kernel.org | |
3589 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
3590 | ||
3591 | drivers/tty/n_tty.c | 15 +++++---------- | |
3592 | 1 files changed, 5 insertions(+), 10 deletions(-) | |
3593 | ||
3594 | commit 3af2011ac1a085a3e8c57ca3a840aec393b37db3 | |
3595 | Author: Dmitry Vyukov <dvyukov@google.com> | |
3596 | Date: Thu Sep 17 17:17:08 2015 +0200 | |
3597 | ||
3598 | tty: fix data race in flush_to_ldisc | |
3599 | ||
3600 | flush_to_ldisc reads port->itty and checks that it is not NULL, | |
3601 | concurrently release_tty sets port->itty to NULL. It is possible | |
3602 | that flush_to_ldisc loads port->itty once, ensures that it is | |
3603 | not NULL, but then reloads it again and uses. The second load | |
3604 | can already return NULL, which will cause a crash. | |
3605 | ||
3606 | Use READ_ONCE to read port->itty. | |
3607 | ||
3608 | The data race was found with KernelThreadSanitizer (KTSAN). | |
3609 | ||
3610 | Signed-off-by: Dmitry Vyukov <dvyukov@google.com> | |
3611 | Reviewed-by: Peter Hurley <peter@hurleysoftware.com> | |
3612 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
3613 | ||
3614 | drivers/tty/tty_buffer.c | 2 +- | |
3615 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
3616 | ||
3617 | commit 4a433f384b0a5b7e39f969ee8df89c56537d078d | |
3618 | Author: Dmitry Vyukov <dvyukov@google.com> | |
3619 | Date: Thu Sep 17 17:17:09 2015 +0200 | |
3620 | ||
3621 | tty: fix data race in tty_buffer_flush | |
3622 | ||
3623 | tty_buffer_flush frees not acquired buffers. | |
3624 | As the result, for example, read of b->size in tty_buffer_free | |
3625 | can return garbage value which will lead to a huge buffer | |
3626 | hanging in the freelist. This is just the benignest | |
3627 | manifestation of freeing of a not acquired object. | |
3628 | If the object is passed to kfree, heap can be corrupted. | |
3629 | ||
3630 | Acquire visibility over the buffer before freeing it. | |
3631 | ||
3632 | The data race was found with KernelThreadSanitizer (KTSAN). | |
3633 | ||
3634 | Signed-off-by: Dmitry Vyukov <dvyukov@google.com> | |
3635 | Reviewed-by: Peter Hurley <peter@hurleysoftware.com> | |
3636 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
3637 | ||
3638 | drivers/tty/tty_buffer.c | 5 ++++- | |
3639 | 1 files changed, 4 insertions(+), 1 deletions(-) | |
3640 | ||
3641 | commit 1477c439d65debf45ac3164a1615504131fad1ff | |
3642 | Author: Jann Horn <jann@thejh.net> | |
3643 | Date: Sun Oct 4 19:29:12 2015 +0200 | |
3644 | ||
3645 | drivers/tty: require read access for controlling terminal | |
3646 | ||
3647 | This is mostly a hardening fix, given that write-only access to other | |
3648 | users' ttys is usually only given through setgid tty executables. | |
3649 | ||
3650 | Signed-off-by: Jann Horn <jann@thejh.net> | |
3651 | Cc: stable@vger.kernel.org | |
3652 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
3653 | ||
3654 | drivers/tty/tty_io.c | 31 +++++++++++++++++++++++++++---- | |
3655 | 1 files changed, 27 insertions(+), 4 deletions(-) | |
3656 | ||
3657 | commit c2d51348729aa244b827216715db7734daf07155 | |
3658 | Author: Brad Spengler <spender@grsecurity.net> | |
3659 | Date: Mon Oct 12 07:19:03 2015 -0400 | |
3660 | ||
3661 | Don't auto-enable UDEREF on x64 with a VirtualBox host | |
3662 | ||
3663 | Conflicts: | |
3664 | ||
3665 | security/Kconfig | |
3666 | ||
3667 | security/Kconfig | 2 +- | |
3668 | 1 files changed, 1 insertions(+), 1 deletions(-) | |
3669 | ||
cf7c63af PK |
3670 | commit 45ff0fe97624b7133be6f0280ab8fda4610b7937 |
3671 | Merge: ca6828e 1c527d2 | |
3672 | Author: Brad Spengler <spender@grsecurity.net> | |
3673 | Date: Sun Oct 11 17:17:58 2015 -0400 | |
3674 | ||
3675 | Merge branch 'pax-test' into grsec-test | |
3676 | ||
3677 | Conflicts: | |
3678 | arch/x86/mm/pgtable.c | |
3679 | ||
3680 | commit 1c527d25ad2ece4cdb4723047625d96b942a3b91 | |
3681 | Author: Brad Spengler <spender@grsecurity.net> | |
3682 | Date: Sun Oct 11 17:16:49 2015 -0400 | |
3683 | ||
3684 | Update to pax-linux-4.2.3-test9.patch: | |
3685 | - really fixed vsyscall/pvclock regression caused by the recent page table hardening, reported by kamil (https://forums.grsecurity.net/viewtopic.php?f=3&t=4272) and quasar366 (https://forums.grsecurity.net/viewtopic.php?f=3&t=4275) | |
3686 | - fixed a compilation error caused by the above regression, reported by spender | |
3687 | - fixed an arm compilation error, reported by Emese | |
3688 | ||
3689 | arch/arm/kernel/module-plts.c | 7 +------ | |
3690 | arch/x86/mm/pgtable.c | 21 +++++++++++++++++++-- | |
3691 | 2 files changed, 20 insertions(+), 8 deletions(-) | |
3692 | ||
3693 | commit ca6828e73b10b4a7537b16a37c2c0280523171e1 | |
3694 | Author: Trond Myklebust <trond.myklebust@primarydata.com> | |
3695 | Date: Fri Oct 9 13:44:34 2015 -0400 | |
3696 | ||
3697 | namei: results of d_is_negative() should be checked after dentry revalidation | |
3698 | ||
3699 | Leandro Awa writes: | |
3700 | "After switching to version 4.1.6, our parallelized and distributed | |
3701 | workflows now fail consistently with errors of the form: | |
3702 | ||
3703 | T34: ./regex.c:39:22: error: config.h: No such file or directory | |
3704 | ||
3705 | From our 'git bisect' testing, the following commit appears to be the | |
3706 | possible cause of the behavior we've been seeing: commit 766c4cbfacd8" | |
3707 | ||
3708 | Al Viro says: | |
3709 | "What happens is that 766c4cbfacd8 got the things subtly wrong. | |
3710 | ||
3711 | We used to treat d_is_negative() after lookup_fast() as "fall with | |
3712 | ENOENT". That was wrong - checking ->d_flags outside of ->d_seq | |
3713 | protection is unreliable and failing with hard error on what should've | |
3714 | fallen back to non-RCU pathname resolution is a bug. | |
3715 | ||
3716 | Unfortunately, we'd pulled the test too far up and ran afoul of | |
3717 | another kind of staleness. The dentry might have been absolutely | |
3718 | stable from the RCU point of view (and we might be on UP, etc), but | |
3719 | stale from the remote fs point of view. If ->d_revalidate() returns | |
3720 | "it's actually stale", dentry gets thrown away and the original code | |
3721 | wouldn't even have looked at its ->d_flags. | |
3722 | ||
3723 | What we need is to check ->d_flags where 766c4cbfacd8 does (prior to | |
3724 | ->d_seq validation) but only use the result in cases where we do not | |
3725 | discard this dentry outright" | |
3726 | ||
3727 | Reported-by: Leandro Awa <lawa@nvidia.com> | |
3728 | Link: https://bugzilla.kernel.org/show_bug.cgi?id=104911 | |
3729 | Fixes: 766c4cbfacd8 ("namei: d_is_negative() should be checked...") | |
3730 | Tested-by: Leandro Awa <lawa@nvidia.com> | |
3731 | Cc: stable@vger.kernel.org # v4.1+ | |
3732 | Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com> | |
3733 | Acked-by: Al Viro <viro@zeniv.linux.org.uk> | |
3734 | Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | |
3735 | ||
3736 | fs/namei.c | 8 ++++++-- | |
3737 | 1 files changed, 6 insertions(+), 2 deletions(-) | |
3738 | ||
3739 | commit c0181260ce096a814637ad60e45a64c94840fffa | |
3740 | Author: Matt Fleming <matt.fleming@intel.com> | |
3741 | Date: Fri Sep 25 23:02:18 2015 +0100 | |
3742 | ||
3743 | x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime, instead of top-down | |
3744 | ||
3745 | Beginning with UEFI v2.5 EFI_PROPERTIES_TABLE was introduced | |
3746 | that signals that the firmware PE/COFF loader supports splitting | |
3747 | code and data sections of PE/COFF images into separate EFI | |
3748 | memory map entries. This allows the kernel to map those regions | |
3749 | with strict memory protections, e.g. EFI_MEMORY_RO for code, | |
3750 | EFI_MEMORY_XP for data, etc. | |
3751 | ||
3752 | Unfortunately, an unwritten requirement of this new feature is | |
3753 | that the regions need to be mapped with the same offsets | |
3754 | relative to each other as observed in the EFI memory map. If | |
3755 | this is not done crashes like this may occur, | |
3756 | ||
3757 | BUG: unable to handle kernel paging request at fffffffefe6086dd | |
3758 | IP: [<fffffffefe6086dd>] 0xfffffffefe6086dd | |
3759 | Call Trace: | |
3760 | [<ffffffff8104c90e>] efi_call+0x7e/0x100 | |
3761 | [<ffffffff81602091>] ? virt_efi_set_variable+0x61/0x90 | |
3762 | [<ffffffff8104c583>] efi_delete_dummy_variable+0x63/0x70 | |
3763 | [<ffffffff81f4e4aa>] efi_enter_virtual_mode+0x383/0x392 | |
3764 | [<ffffffff81f37e1b>] start_kernel+0x38a/0x417 | |
3765 | [<ffffffff81f37495>] x86_64_start_reservations+0x2a/0x2c | |
3766 | [<ffffffff81f37582>] x86_64_start_kernel+0xeb/0xef | |
3767 | ||
3768 | Here 0xfffffffefe6086dd refers to an address the firmware | |
3769 | expects to be mapped but which the OS never claimed was mapped. | |
3770 | The issue is that included in these regions are relative | |
3771 | addresses to other regions which were emitted by the firmware | |
3772 | toolchain before the "splitting" of sections occurred at | |
3773 | runtime. | |
3774 | ||
3775 | Needless to say, we don't satisfy this unwritten requirement on | |
3776 | x86_64 and instead map the EFI memory map entries in reverse | |
3777 | order. The above crash is almost certainly triggerable with any | |
3778 | kernel newer than v3.13 because that's when we rewrote the EFI | |
3779 | runtime region mapping code, in commit d2f7cbe7b26a ("x86/efi: | |
3780 | Runtime services virtual mapping"). For kernel versions before | |
3781 | v3.13 things may work by pure luck depending on the | |
3782 | fragmentation of the kernel virtual address space at the time we | |
3783 | map the EFI regions. | |
3784 | ||
3785 | Instead of mapping the EFI memory map entries in reverse order, | |
3786 | where entry N has a higher virtual address than entry N+1, map | |
3787 | them in the same order as they appear in the EFI memory map to | |
3788 | preserve this relative offset between regions. | |
3789 | ||
3790 | This patch has been kept as small as possible with the intention | |
3791 | that it should be applied aggressively to stable and | |
3792 | distribution kernels. It is very much a bugfix rather than | |
3793 | support for a new feature, since when EFI_PROPERTIES_TABLE is | |
3794 | enabled we must map things as outlined above to even boot - we | |
3795 | have no way of asking the firmware not to split the code/data | |
3796 | regions. | |
3797 | ||
3798 | In fact, this patch doesn't even make use of the more strict | |
3799 | memory protections available in UEFI v2.5. That will come later. | |
3800 | ||
3801 | Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> | |
3802 | Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> | |
3803 | Signed-off-by: Matt Fleming <matt.fleming@intel.com> | |
3804 | Cc: <stable@vger.kernel.org> | |
3805 | Cc: Borislav Petkov <bp@suse.de> | |
3806 | Cc: Chun-Yi <jlee@suse.com> | |
3807 | Cc: Dave Young <dyoung@redhat.com> | |
3808 | Cc: H. Peter Anvin <hpa@zytor.com> | |
3809 | Cc: James Bottomley <JBottomley@Odin.com> | |
3810 | Cc: Lee, Chun-Yi <jlee@suse.com> | |
3811 | Cc: Leif Lindholm <leif.lindholm@linaro.org> | |
3812 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
3813 | Cc: Matthew Garrett <mjg59@srcf.ucam.org> | |
3814 | Cc: Mike Galbraith <efault@gmx.de> | |
3815 | Cc: Peter Jones <pjones@redhat.com> | |
3816 | Cc: Peter Zijlstra <peterz@infradead.org> | |
3817 | Cc: Thomas Gleixner <tglx@linutronix.de> | |
3818 | Cc: linux-kernel@vger.kernel.org | |
3819 | Link: http://lkml.kernel.org/r/1443218539-7610-2-git-send-email-matt@codeblueprint.co.uk | |
3820 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
3821 | ||
3822 | arch/x86/platform/efi/efi.c | 67 ++++++++++++++++++++++++++++++++++++++++++- | |
3823 | 1 files changed, 66 insertions(+), 1 deletions(-) | |
3824 | ||
3825 | commit 9377caab146791c8c587da3750d6eddcd01bdfba | |
3826 | Author: Ard Biesheuvel <ard.biesheuvel@linaro.org> | |
3827 | Date: Fri Sep 25 23:02:19 2015 +0100 | |
3828 | ||
3829 | arm64/efi: Fix boot crash by not padding between EFI_MEMORY_RUNTIME regions | |
3830 | ||
3831 | The new Properties Table feature introduced in UEFIv2.5 may | |
3832 | split memory regions that cover PE/COFF memory images into | |
3833 | separate code and data regions. Since these regions only differ | |
3834 | in the type (runtime code vs runtime data) and the permission | |
3835 | bits, but not in the memory type attributes (UC/WC/WT/WB), the | |
3836 | spec does not require them to be aligned to 64 KB. | |
3837 | ||
3838 | Since the relative offset of PE/COFF .text and .data segments | |
3839 | cannot be changed on the fly, this means that we can no longer | |
3840 | pad out those regions to be mappable using 64 KB pages. | |
3841 | Unfortunately, there is no annotation in the UEFI memory map | |
3842 | that identifies data regions that were split off from a code | |
3843 | region, so we must apply this logic to all adjacent runtime | |
3844 | regions whose attributes only differ in the permission bits. | |
3845 | ||
3846 | So instead of rounding each memory region to 64 KB alignment at | |
3847 | both ends, only round down regions that are not directly | |
3848 | preceded by another runtime region with the same type | |
3849 | attributes. Since the UEFI spec does not mandate that the memory | |
3850 | map be sorted, this means we also need to sort it first. | |
3851 | ||
3852 | Note that this change will result in all EFI_MEMORY_RUNTIME | |
3853 | regions whose start addresses are not aligned to the OS page | |
3854 | size to be mapped with executable permissions (i.e., on kernels | |
3855 | compiled with 64 KB pages). However, since these mappings are | |
3856 | only active during the time that UEFI Runtime Services are being | |
3857 | invoked, the window for abuse is rather small. | |
3858 | ||
3859 | Tested-by: Mark Salter <msalter@redhat.com> | |
3860 | Tested-by: Mark Rutland <mark.rutland@arm.com> [UEFI 2.4 only] | |
3861 | Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> | |
3862 | Signed-off-by: Matt Fleming <matt.fleming@intel.com> | |
3863 | Reviewed-by: Mark Salter <msalter@redhat.com> | |
3864 | Reviewed-by: Mark Rutland <mark.rutland@arm.com> | |
3865 | Cc: <stable@vger.kernel.org> # v4.0+ | |
3866 | Cc: Catalin Marinas <catalin.marinas@arm.com> | |
3867 | Cc: Leif Lindholm <leif.lindholm@linaro.org> | |
3868 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
3869 | Cc: Mike Galbraith <efault@gmx.de> | |
3870 | Cc: Peter Zijlstra <peterz@infradead.org> | |
3871 | Cc: Thomas Gleixner <tglx@linutronix.de> | |
3872 | Cc: Will Deacon <will.deacon@arm.com> | |
3873 | Cc: linux-kernel@vger.kernel.org | |
3874 | Link: http://lkml.kernel.org/r/1443218539-7610-3-git-send-email-matt@codeblueprint.co.uk | |
3875 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
3876 | ||
3877 | arch/arm64/kernel/efi.c | 3 +- | |
3878 | drivers/firmware/efi/libstub/arm-stub.c | 88 +++++++++++++++++++++++++----- | |
3879 | 2 files changed, 75 insertions(+), 16 deletions(-) | |
3880 | ||
3881 | commit 189124f1e733622c44d72060832af3c68d7ee8bc | |
3882 | Author: Ralf Baechle <ralf@linux-mips.org> | |
3883 | Date: Fri Oct 2 09:48:57 2015 +0200 | |
3884 | ||
3885 | MIPS: BPF: Fix load delay slots. | |
3886 | ||
3887 | The entire bpf_jit_asm.S is written in noreorder mode because "we know | |
3888 | better" according to a comment. This also prevented the assembler from | |
3889 | throwing in the required NOPs for MIPS I processors which have no | |
3890 | load-use interlock, thus the load's consumer might end up using the | |
3891 | old value of the register from prior to the load. | |
3892 | ||
3893 | Fixed by putting the assembler in reorder mode for just the affected | |
3894 | load instructions. This is not enough for gas to actually try to be | |
3895 | clever by looking at the next instruction and inserting a nop only | |
3896 | when needed but as the comment said "we know better", so getting gas | |
3897 | to unconditionally emit a NOP is just right in this case and prevents | |
3898 | adding further ifdefery. | |
3899 | ||
3900 | Signed-off-by: Ralf Baechle <ralf@linux-mips.org> | |
3901 | ||
3902 | arch/mips/net/bpf_jit_asm.S | 4 ++++ | |
3903 | 1 files changed, 4 insertions(+), 0 deletions(-) | |
3904 | ||
3905 | commit b4b012d6599fbc3c6e81f0a03cd59eb9f0095ed8 | |
3906 | Author: Lee, Chun-Yi <joeyli.kernel@gmail.com> | |
3907 | Date: Tue Sep 29 20:58:57 2015 +0800 | |
3908 | ||
3909 | x86/kexec: Fix kexec crash in syscall kexec_file_load() | |
3910 | ||
3911 | The original bug is a page fault crash that sometimes happens | |
3912 | on big machines when preparing ELF headers: | |
3913 | ||
3914 | BUG: unable to handle kernel paging request at ffffc90613fc9000 | |
3915 | IP: [<ffffffff8103d645>] prepare_elf64_ram_headers_callback+0x165/0x260 | |
3916 | ||
3917 | The bug is caused by us under-counting the number of memory ranges | |
3918 | and subsequently not allocating enough ELF header space for them. | |
3919 | The bug is typically masked on smaller systems, because the ELF header | |
3920 | allocation is rounded up to the next page. | |
3921 | ||
3922 | This patch modifies the code in fill_up_crash_elf_data() by using | |
3923 | walk_system_ram_res() instead of walk_system_ram_range() to correctly | |
3924 | count the max number of crash memory ranges. That's because the | |
3925 | walk_system_ram_range() filters out small memory regions that | |
3926 | reside in the same page, but walk_system_ram_res() does not. | |
3927 | ||
3928 | Here's how I found the bug: | |
3929 | ||
3930 | After tracing prepare_elf64_headers() and prepare_elf64_ram_headers_callback(), | |
3931 | the code uses walk_system_ram_res() to fill-in crash memory regions information | |
3932 | to the program header, so it counts those small memory regions that | |
3933 | reside in a page area. | |
3934 | ||
3935 | But, when the kernel was using walk_system_ram_range() in | |
3936 | fill_up_crash_elf_data() to count the number of crash memory regions, | |
3937 | it filters out small regions. | |
3938 | ||
3939 | I printed those small memory regions, for example: | |
3940 | ||
3941 | kexec: Get nr_ram ranges. vaddr=0xffff880077592258 paddr=0x77592258, sz=0xdc0 | |
3942 | ||
3943 | Based on the code in walk_system_ram_range(), this memory region | |
3944 | will be filtered out: | |
3945 | ||
3946 | pfn = (0x77592258 + 0x1000 - 1) >> 12 = 0x77593 | |
3947 | end_pfn = (0x77592258 + 0xfc0 -1 + 1) >> 12 = 0x77593 | |
3948 | end_pfn - pfn = 0x77593 - 0x77593 = 0 <=== if (end_pfn > pfn) is FALSE | |
3949 | ||
3950 | So, the max_nr_ranges that's counted by the kernel doesn't include | |
3951 | small memory regions - causing us to under-allocate the required space. | |
3952 | That causes the page fault crash that happens in a later code path | |
3953 | when preparing ELF headers. | |
3954 | ||
3955 | This bug is not easy to reproduce on small machines that have few | |
3956 | CPUs, because the allocated page aligned ELF buffer has more free | |
3957 | space to cover those small memory regions' PT_LOAD headers. | |
3958 | ||
3959 | Signed-off-by: Lee, Chun-Yi <jlee@suse.com> | |
3960 | Cc: Andy Lutomirski <luto@kernel.org> | |
3961 | Cc: Baoquan He <bhe@redhat.com> | |
3962 | Cc: Jiang Liu <jiang.liu@linux.intel.com> | |
3963 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
3964 | Cc: Mike Galbraith <efault@gmx.de> | |
3965 | Cc: Peter Zijlstra <peterz@infradead.org> | |
3966 | Cc: Stephen Rothwell <sfr@canb.auug.org.au> | |
3967 | Cc: Takashi Iwai <tiwai@suse.de> | |
3968 | Cc: Thomas Gleixner <tglx@linutronix.de> | |
3969 | Cc: Viresh Kumar <viresh.kumar@linaro.org> | |
3970 | Cc: Vivek Goyal <vgoyal@redhat.com> | |
3971 | Cc: kexec@lists.infradead.org | |
3972 | Cc: linux-kernel@vger.kernel.org | |
3973 | Cc: <stable@vger.kernel.org> | |
3974 | Link: http://lkml.kernel.org/r/1443531537-29436-1-git-send-email-jlee@suse.com | |
3975 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
3976 | ||
3977 | arch/x86/kernel/crash.c | 7 +++---- | |
3978 | 1 files changed, 3 insertions(+), 4 deletions(-) | |
3979 | ||
3980 | commit bf91f1e0162bdd27ebd1411090a81fd9188daa4f | |
3981 | Author: Elad Raz <eladr@mellanox.com> | |
3982 | Date: Sat Aug 22 08:44:11 2015 +0300 | |
3983 | ||
3984 | netfilter: ipset: Fixing unnamed union init | |
3985 | ||
3986 | In continue to proposed Vinson Lee's post [1], this patch fixes compilation | |
3987 | issues founded at gcc 4.4.7. The initialization of .cidr field of unnamed | |
3988 | unions causes compilation error in gcc 4.4.x. | |
3989 | ||
3990 | References | |
3991 | ||
3992 | Visible links | |
3993 | [1] https://lkml.org/lkml/2015/7/5/74 | |
3994 | ||
3995 | Signed-off-by: Elad Raz <eladr@mellanox.com> | |
3996 | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | |
3997 | ||
3998 | net/netfilter/ipset/ip_set_hash_netnet.c | 20 ++++++++++++++++++-- | |
3999 | net/netfilter/ipset/ip_set_hash_netportnet.c | 20 ++++++++++++++++++-- | |
4000 | 2 files changed, 36 insertions(+), 4 deletions(-) | |
4001 | ||
40d5ff9e PK |
4002 | commit fed13a5012b8d7e87a6f9efa2e40e0be28eaecd9 |
4003 | Author: Brad Spengler <spender@grsecurity.net> | |
4004 | Date: Fri Oct 9 23:12:43 2015 -0400 | |
4005 | ||
4006 | compile fix | |
4007 | ||
4008 | arch/x86/mm/pgtable.c | 2 ++ | |
4009 | 1 files changed, 2 insertions(+), 0 deletions(-) | |
4010 | ||
4011 | commit 58edc15a668a6dd90b3f66abc84b509f8fba7505 | |
4012 | Author: Daniel Borkmann <daniel@iogearbox.net> | |
4013 | Date: Mon Aug 31 19:11:02 2015 +0200 | |
4014 | ||
4015 | netfilter: conntrack: use nf_ct_tmpl_free in CT/synproxy error paths | |
4016 | ||
4017 | Commit 0838aa7fcfcd ("netfilter: fix netns dependencies with conntrack | |
4018 | templates") migrated templates to the new allocator api, but forgot to | |
4019 | update error paths for them in CT and synproxy to use nf_ct_tmpl_free() | |
4020 | instead of nf_conntrack_free(). | |
4021 | ||
4022 | Due to that, memory is being freed into the wrong kmemcache, but also | |
4023 | we drop the per net reference count of ct objects causing an imbalance. | |
4024 | ||
4025 | In Brad's case, this leads to a wrap-around of net->ct.count and thus | |
4026 | lets __nf_conntrack_alloc() refuse to create a new ct object: | |
4027 | ||
4028 | [ 10.340913] xt_addrtype: ipv6 does not support BROADCAST matching | |
4029 | [ 10.810168] nf_conntrack: table full, dropping packet | |
4030 | [ 11.917416] r8169 0000:07:00.0 eth0: link up | |
4031 | [ 11.917438] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready | |
4032 | [ 12.815902] nf_conntrack: table full, dropping packet | |
4033 | [ 15.688561] nf_conntrack: table full, dropping packet | |
4034 | [ 15.689365] nf_conntrack: table full, dropping packet | |
4035 | [ 15.690169] nf_conntrack: table full, dropping packet | |
4036 | [ 15.690967] nf_conntrack: table full, dropping packet | |
4037 | [...] | |
4038 | ||
4039 | With slab debugging, it also reports the wrong kmemcache (kmalloc-512 vs. | |
4040 | nf_conntrack_ffffffff81ce75c0) and reports poison overwrites, etc. Thus, | |
4041 | to fix the problem, export and use nf_ct_tmpl_free() instead. | |
4042 | ||
4043 | Fixes: 0838aa7fcfcd ("netfilter: fix netns dependencies with conntrack templates") | |
4044 | Reported-by: Brad Jackson <bjackson0971@gmail.com> | |
4045 | Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> | |
4046 | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | |
4047 | ||
4048 | include/net/netfilter/nf_conntrack.h | 1 + | |
4049 | net/netfilter/nf_conntrack_core.c | 3 ++- | |
4050 | net/netfilter/nf_synproxy_core.c | 2 +- | |
4051 | net/netfilter/xt_CT.c | 2 +- | |
4052 | 4 files changed, 5 insertions(+), 3 deletions(-) | |
4053 | ||
4054 | commit 37d26e44573aaa9c3b1f0c36ec9d4bddc008fc03 | |
4055 | Author: Brad Spengler <spender@grsecurity.net> | |
4056 | Date: Fri Oct 9 18:22:54 2015 -0400 | |
4057 | ||
4058 | Fix BUG() in scatterwalk_map_and_copy caused by virt_to_page being | |
4059 | called on the KSTACKOVERFLOW's vmalloc'd stack. Thanks to | |
4060 | Yves-Alexis Perez for the report | |
4061 | ||
4062 | crypto/scatterwalk.c | 10 ++++++++-- | |
4063 | 1 files changed, 8 insertions(+), 2 deletions(-) | |
4064 | ||
4065 | commit 8137d53d2b60023587a48004f0b67946ed6db4a8 | |
4066 | Merge: 147420b a9c991f | |
4067 | Author: Brad Spengler <spender@grsecurity.net> | |
4068 | Date: Fri Oct 9 18:20:32 2015 -0400 | |
4069 | ||
4070 | Merge branch 'pax-test' into grsec-test | |
4071 | ||
4072 | commit a9c991f727bb8daf15838296e301683791c17071 | |
4073 | Author: Brad Spengler <spender@grsecurity.net> | |
4074 | Date: Fri Oct 9 18:20:07 2015 -0400 | |
4075 | ||
4076 | Update to pax-linux-4.2.3-test8.patch: | |
4077 | - fixed vsyscall/pvclock regression caused by the recent page table hardening, reported by kamil (https://forums.grsecurity.net/viewtopic.php?f=3&t=4272) | |
4078 | ||
4079 | arch/x86/kernel/espfix_64.c | 4 +--- | |
4080 | arch/x86/kernel/kvmclock.c | 20 ++++++-------------- | |
4081 | arch/x86/mm/highmem_32.c | 2 ++ | |
4082 | arch/x86/mm/pgtable.c | 33 +++++++++++++++++++++++++++++++++ | |
4083 | 4 files changed, 42 insertions(+), 17 deletions(-) | |
4084 | ||
4085 | commit 147420b0f00c7f20f354e1dfa460b904a3af432b | |
4086 | Author: Brad Spengler <spender@grsecurity.net> | |
4087 | Date: Fri Oct 9 08:54:24 2015 -0400 | |
4088 | ||
4089 | Properly fix the bug reported at: | |
4090 | https://code.google.com/p/android/issues/detail?id=187973 | |
4091 | ||
4092 | drivers/net/slip/slhc.c | 3 +++ | |
4093 | 1 files changed, 3 insertions(+), 0 deletions(-) | |
4094 | ||
afe359a8 PK |
4095 | commit 4918a68ea80e1185ec8f3a94d3a2210552ed0bb5 |
4096 | Merge: 4e736d9 7e02f35 | |
0a9c1e67 | 4097 | Author: Brad Spengler <spender@grsecurity.net> |
afe359a8 | 4098 | Date: Wed Oct 7 20:57:21 2015 -0400 |
0a9c1e67 | 4099 | |
afe359a8 | 4100 | Merge branch 'pax-test' into grsec-test |
ee1b9a5f | 4101 | |
da1216b9 | 4102 | Conflicts: |
afe359a8 | 4103 | arch/x86/kernel/espfix_64.c |
da1216b9 | 4104 | |
afe359a8 PK |
4105 | commit 7e02f35880fd6bdb2f4e7ba07a13d6df1d121008 |
4106 | Author: Brad Spengler <spender@grsecurity.net> | |
4107 | Date: Wed Oct 7 20:54:36 2015 -0400 | |
da1216b9 | 4108 | |
afe359a8 PK |
4109 | Update to pax-linux-4.2.3-test7.patch: |
4110 | - backported vanilla commits b763ec17ac762470eec5be8ebcc43e4f8b2c2b82 and 176fc2d5770a0990eebff903ba680d2edd32e718 | |
4111 | - constified a few more page tables for ESPFIX/amd64 | |
4112 | - fixed xen and the recently added level1_modules_pgt page tables on amd64 | |
ee1b9a5f | 4113 | |
afe359a8 PK |
4114 | arch/x86/include/asm/pgtable_64.h | 1 + |
4115 | arch/x86/kernel/espfix_64.c | 35 +++++++++++++++++++++++---------- | |
4116 | arch/x86/xen/mmu.c | 4 +++ | |
4117 | drivers/base/regmap/regmap-debugfs.c | 14 +++++------- | |
4118 | 4 files changed, 35 insertions(+), 19 deletions(-) | |
ee1b9a5f | 4119 | |
afe359a8 PK |
4120 | commit 4e736d9e568f6cc0d08dfe7519abf9a5d58a5418 |
4121 | Author: Robin Murphy <robin.murphy@arm.com> | |
4122 | Date: Thu Oct 1 15:37:19 2015 -0700 | |
ee1b9a5f | 4123 | |
afe359a8 | 4124 | dmapool: fix overflow condition in pool_find_page() |
ee1b9a5f | 4125 | |
afe359a8 PK |
4126 | If a DMA pool lies at the very top of the dma_addr_t range (as may |
4127 | happen with an IOMMU involved), the calculated end address of the pool | |
4128 | wraps around to zero, and page lookup always fails. | |
ee1b9a5f | 4129 | |
afe359a8 | 4130 | Tweak the relevant calculation to be overflow-proof. |
da1216b9 | 4131 | |
afe359a8 PK |
4132 | Signed-off-by: Robin Murphy <robin.murphy@arm.com> |
4133 | Cc: Arnd Bergmann <arnd@arndb.de> | |
4134 | Cc: Marek Szyprowski <m.szyprowski@samsung.com> | |
4135 | Cc: Sumit Semwal <sumit.semwal@linaro.org> | |
4136 | Cc: Sakari Ailus <sakari.ailus@iki.fi> | |
4137 | Cc: Russell King <rmk+kernel@arm.linux.org.uk> | |
da1216b9 PK |
4138 | Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
4139 | Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | |
ee1b9a5f | 4140 | |
afe359a8 | 4141 | mm/dmapool.c | 2 +- |
578d7714 PK |
4142 | 1 files changed, 1 insertions(+), 1 deletions(-) |
4143 | ||
afe359a8 PK |
4144 | commit 96a101a9b4208a6e5f2a0db7599881142e70ba43 |
4145 | Author: Greg Thelen <gthelen@google.com> | |
4146 | Date: Thu Oct 1 15:37:05 2015 -0700 | |
578d7714 | 4147 | |
afe359a8 | 4148 | memcg: make mem_cgroup_read_stat() unsigned |
da1216b9 | 4149 | |
afe359a8 PK |
4150 | mem_cgroup_read_stat() returns a page count by summing per cpu page |
4151 | counters. The summing is racy wrt. updates, so a transient negative | |
4152 | sum is possible. Callers don't want negative values: | |
578d7714 | 4153 | |
afe359a8 PK |
4154 | - mem_cgroup_wb_stats() doesn't want negative nr_dirty or nr_writeback. |
4155 | This could confuse dirty throttling. | |
da1216b9 | 4156 | |
afe359a8 | 4157 | - oom reports and memory.stat shouldn't show confusing negative usage. |
da1216b9 | 4158 | |
afe359a8 | 4159 | - tree_usage() already avoids negatives. |
da1216b9 | 4160 | |
afe359a8 PK |
4161 | Avoid returning negative page counts from mem_cgroup_read_stat() and |
4162 | convert it to unsigned. | |
da1216b9 | 4163 | |
afe359a8 PK |
4164 | [akpm@linux-foundation.org: fix old typo while we're in there] |
4165 | Signed-off-by: Greg Thelen <gthelen@google.com> | |
4166 | Cc: Johannes Weiner <hannes@cmpxchg.org> | |
4167 | Acked-by: Michal Hocko <mhocko@suse.com> | |
4168 | Cc: <stable@vger.kernel.org> [4.2+] | |
4169 | Signed-off-by: Andrew Morton <akpm@linux-foundation.org> | |
4170 | Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | |
eeed91c5 | 4171 | |
afe359a8 PK |
4172 | mm/memcontrol.c | 30 ++++++++++++++++++------------ |
4173 | 1 files changed, 18 insertions(+), 12 deletions(-) | |
eeed91c5 | 4174 | |
afe359a8 | 4175 | commit b7808c46650d5f4c09f071566de991af36eb9d37 |
da1216b9 | 4176 | Author: Daniel Borkmann <daniel@iogearbox.net> |
afe359a8 PK |
4177 | Date: Fri Oct 2 12:06:03 2015 +0200 |
4178 | ||
4179 | bpf: fix panic in SO_GET_FILTER with native ebpf programs | |
4180 | ||
4181 | When sockets have a native eBPF program attached through | |
4182 | setsockopt(sk, SOL_SOCKET, SO_ATTACH_BPF, ...), and then try to | |
4183 | dump these over getsockopt(sk, SOL_SOCKET, SO_GET_FILTER, ...), | |
4184 | the following panic appears: | |
4185 | ||
4186 | [49904.178642] BUG: unable to handle kernel NULL pointer dereference at (null) | |
4187 | [49904.178762] IP: [<ffffffff81610fd9>] sk_get_filter+0x39/0x90 | |
4188 | [49904.182000] PGD 86fc9067 PUD 531a1067 PMD 0 | |
4189 | [49904.185196] Oops: 0000 [#1] SMP | |
4190 | [...] | |
4191 | [49904.224677] Call Trace: | |
4192 | [49904.226090] [<ffffffff815e3d49>] sock_getsockopt+0x319/0x740 | |
4193 | [49904.227535] [<ffffffff812f59e3>] ? sock_has_perm+0x63/0x70 | |
4194 | [49904.228953] [<ffffffff815e2fc8>] ? release_sock+0x108/0x150 | |
4195 | [49904.230380] [<ffffffff812f5a43>] ? selinux_socket_getsockopt+0x23/0x30 | |
4196 | [49904.231788] [<ffffffff815dff36>] SyS_getsockopt+0xa6/0xc0 | |
4197 | [49904.233267] [<ffffffff8171b9ae>] entry_SYSCALL_64_fastpath+0x12/0x71 | |
4198 | ||
4199 | The underlying issue is the very same as in commit b382c0865600 | |
4200 | ("sock, diag: fix panic in sock_diag_put_filterinfo"), that is, | |
4201 | native eBPF programs don't store an original program since this | |
4202 | is only needed in cBPF ones. | |
4203 | ||
4204 | However, sk_get_filter() wasn't updated to test for this at the | |
4205 | time when eBPF could be attached. Just throw an error to the user | |
4206 | to indicate that eBPF cannot be dumped over this interface. | |
4207 | That way, it can also be known that a program _is_ attached (as | |
4208 | opposed to just return 0), and a different (future) method needs | |
4209 | to be consulted for a dump. | |
4210 | ||
4211 | Fixes: 89aa075832b0 ("net: sock: allow eBPF programs to be attached to sockets") | |
da1216b9 | 4212 | Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> |
afe359a8 | 4213 | Acked-by: Alexei Starovoitov <ast@plumgrid.com> |
da1216b9 | 4214 | Signed-off-by: David S. Miller <davem@davemloft.net> |
32ca80f1 | 4215 | |
afe359a8 PK |
4216 | net/core/filter.c | 6 +++++- |
4217 | 1 files changed, 5 insertions(+), 1 deletions(-) | |
32ca80f1 | 4218 | |
afe359a8 PK |
4219 | commit 40853c884afb5fc2dcb9f7fc34ef446162566fcc |
4220 | Author: Steve French <smfrench@gmail.com> | |
4221 | Date: Mon Sep 28 17:21:07 2015 -0500 | |
32ca80f1 | 4222 | |
afe359a8 | 4223 | [SMB3] Do not fall back to SMBWriteX in set_file_size error cases |
e1f904d0 | 4224 | |
afe359a8 | 4225 | The error paths in set_file_size for cifs and smb3 are incorrect. |
e1f904d0 | 4226 | |
afe359a8 PK |
4227 | In the unlikely event that a server did not support set file info |
4228 | of the file size, the code incorrectly falls back to trying SMBWriteX | |
4229 | (note that only the original core SMB Write, used for example by DOS, | |
4230 | can set the file size this way - this actually does not work for the more | |
4231 | recent SMBWriteX). The idea was since the old DOS SMB Write could set | |
4232 | the file size if you write zero bytes at that offset then use that if | |
4233 | server rejects the normal set file info call. | |
da1216b9 | 4234 | |
afe359a8 PK |
4235 | Fortunately the SMBWriteX will never be sent on the wire (except when |
4236 | file size is zero) since the length and offset fields were reversed | |
4237 | in the two places in this function that call SMBWriteX causing | |
4238 | the fall back path to return an error. It is also important to never call | |
4239 | an SMB request from an SMB2/sMB3 session (which theoretically would | |
4240 | be possible, and can cause a brief session drop, although the client | |
4241 | recovers) so this should be fixed. In practice this path does not happen | |
4242 | with modern servers but the error fall back to SMBWriteX is clearly wrong. | |
e1f904d0 | 4243 | |
afe359a8 | 4244 | Removing the calls to SMBWriteX in the error paths in cifs_set_file_size |
da1216b9 | 4245 | |
afe359a8 | 4246 | Pointed out by PaX/grsecurity team |
cac6ae42 | 4247 | |
afe359a8 PK |
4248 | Signed-off-by: Steve French <steve.french@primarydata.com> |
4249 | Reported-by: PaX Team <pageexec@freemail.hu> | |
4250 | CC: Emese Revfy <re.emese@gmail.com> | |
4251 | CC: Brad Spengler <spender@grsecurity.net> | |
4252 | CC: Stable <stable@vger.kernel.org> | |
3969d2a7 | 4253 | |
afe359a8 PK |
4254 | fs/cifs/inode.c | 34 ---------------------------------- |
4255 | 1 files changed, 0 insertions(+), 34 deletions(-) | |
3969d2a7 | 4256 | |
afe359a8 | 4257 | commit f5fad97c967a08f4a89513969598b1d3c8232a38 |
3969d2a7 | 4258 | Author: Brad Spengler <spender@grsecurity.net> |
afe359a8 | 4259 | Date: Wed Oct 7 18:22:40 2015 -0400 |
3969d2a7 | 4260 | |
afe359a8 PK |
4261 | Initial import of grsecurity for Linux 4.2.3 |
4262 | Note that size_overflow is currently marked BROKEN | |
76e7c0f9 | 4263 | |
6090327c | 4264 | Documentation/dontdiff | 2 + |
e8242a6d | 4265 | Documentation/kernel-parameters.txt | 7 + |
afe359a8 | 4266 | Documentation/sysctl/kernel.txt | 15 + |
a8b227b4 | 4267 | Makefile | 18 +- |
6090327c PK |
4268 | arch/alpha/include/asm/cache.h | 4 +- |
4269 | arch/alpha/kernel/osf_sys.c | 12 +- | |
4270 | arch/arm/Kconfig | 1 + | |
4271 | arch/arm/include/asm/thread_info.h | 9 +- | |
4272 | arch/arm/kernel/process.c | 4 +- | |
4273 | arch/arm/kernel/ptrace.c | 9 + | |
4274 | arch/arm/kernel/traps.c | 7 +- | |
4275 | arch/arm/mm/Kconfig | 2 +- | |
4276 | arch/arm/mm/fault.c | 40 +- | |
4277 | arch/arm/mm/mmap.c | 8 +- | |
afe359a8 | 4278 | arch/arm/net/bpf_jit_32.c | 51 +- |
6090327c PK |
4279 | arch/avr32/include/asm/cache.h | 4 +- |
4280 | arch/blackfin/include/asm/cache.h | 3 +- | |
4281 | arch/cris/include/arch-v10/arch/cache.h | 3 +- | |
4282 | arch/cris/include/arch-v32/arch/cache.h | 3 +- | |
4283 | arch/frv/include/asm/cache.h | 3 +- | |
4284 | arch/frv/mm/elf-fdpic.c | 4 +- | |
4285 | arch/hexagon/include/asm/cache.h | 6 +- | |
4286 | arch/ia64/Kconfig | 1 + | |
4287 | arch/ia64/include/asm/cache.h | 3 +- | |
4288 | arch/ia64/kernel/sys_ia64.c | 2 + | |
4289 | arch/ia64/mm/hugetlbpage.c | 2 + | |
4290 | arch/m32r/include/asm/cache.h | 4 +- | |
4291 | arch/m68k/include/asm/cache.h | 4 +- | |
4292 | arch/metag/mm/hugetlbpage.c | 1 + | |
4293 | arch/microblaze/include/asm/cache.h | 3 +- | |
4294 | arch/mips/Kconfig | 1 + | |
4295 | arch/mips/include/asm/cache.h | 3 +- | |
4296 | arch/mips/include/asm/thread_info.h | 11 +- | |
da1216b9 | 4297 | arch/mips/kernel/irq.c | 3 + |
6090327c PK |
4298 | arch/mips/kernel/ptrace.c | 9 + |
4299 | arch/mips/mm/mmap.c | 4 +- | |
4300 | arch/mn10300/proc-mn103e010/include/proc/cache.h | 4 +- | |
4301 | arch/mn10300/proc-mn2ws0050/include/proc/cache.h | 4 +- | |
4302 | arch/openrisc/include/asm/cache.h | 4 +- | |
4303 | arch/parisc/include/asm/cache.h | 5 +- | |
4304 | arch/parisc/kernel/sys_parisc.c | 4 + | |
4305 | arch/powerpc/Kconfig | 1 + | |
4306 | arch/powerpc/include/asm/cache.h | 3 +- | |
4307 | arch/powerpc/include/asm/thread_info.h | 5 +- | |
4308 | arch/powerpc/kernel/Makefile | 2 + | |
4309 | arch/powerpc/kernel/irq.c | 3 + | |
4310 | arch/powerpc/kernel/process.c | 10 +- | |
4311 | arch/powerpc/kernel/ptrace.c | 14 + | |
4312 | arch/powerpc/kernel/traps.c | 5 + | |
6090327c | 4313 | arch/powerpc/mm/slice.c | 2 +- |
6090327c PK |
4314 | arch/s390/include/asm/cache.h | 4 +- |
4315 | arch/score/include/asm/cache.h | 4 +- | |
4316 | arch/sh/include/asm/cache.h | 3 +- | |
4317 | arch/sh/mm/mmap.c | 6 +- | |
4318 | arch/sparc/include/asm/cache.h | 4 +- | |
0986ccbe PK |
4319 | arch/sparc/include/asm/pgalloc_64.h | 1 + |
4320 | arch/sparc/include/asm/thread_info_64.h | 8 +- | |
6090327c PK |
4321 | arch/sparc/kernel/process_32.c | 6 +- |
4322 | arch/sparc/kernel/process_64.c | 8 +- | |
4323 | arch/sparc/kernel/ptrace_64.c | 14 + | |
4324 | arch/sparc/kernel/sys_sparc_64.c | 8 +- | |
4325 | arch/sparc/kernel/syscalls.S | 8 +- | |
4326 | arch/sparc/kernel/traps_32.c | 8 +- | |
4327 | arch/sparc/kernel/traps_64.c | 28 +- | |
4328 | arch/sparc/kernel/unaligned_64.c | 2 +- | |
4329 | arch/sparc/mm/fault_64.c | 2 +- | |
4330 | arch/sparc/mm/hugetlbpage.c | 15 +- | |
4331 | arch/tile/Kconfig | 1 + | |
4332 | arch/tile/include/asm/cache.h | 3 +- | |
4333 | arch/tile/mm/hugetlbpage.c | 2 + | |
4334 | arch/um/include/asm/cache.h | 3 +- | |
4335 | arch/unicore32/include/asm/cache.h | 6 +- | |
afe359a8 PK |
4336 | arch/x86/Kconfig | 21 + |
4337 | arch/x86/entry/entry_32.S | 2 +- | |
4338 | arch/x86/entry/entry_64.S | 2 +- | |
6090327c PK |
4339 | arch/x86/ia32/ia32_aout.c | 2 + |
4340 | arch/x86/include/asm/floppy.h | 20 +- | |
4341 | arch/x86/include/asm/io.h | 2 +- | |
4342 | arch/x86/include/asm/page.h | 12 +- | |
4343 | arch/x86/include/asm/paravirt_types.h | 23 +- | |
4344 | arch/x86/include/asm/processor.h | 2 +- | |
4345 | arch/x86/include/asm/thread_info.h | 8 +- | |
a8b227b4 | 4346 | arch/x86/kernel/dumpstack.c | 10 +- |
6090327c PK |
4347 | arch/x86/kernel/dumpstack_32.c | 2 +- |
4348 | arch/x86/kernel/dumpstack_64.c | 2 +- | |
8cf17962 | 4349 | arch/x86/kernel/espfix_64.c | 2 +- |
afe359a8 | 4350 | arch/x86/kernel/fpu/init.c | 4 +- |
6090327c PK |
4351 | arch/x86/kernel/ioport.c | 13 + |
4352 | arch/x86/kernel/irq_32.c | 3 + | |
4353 | arch/x86/kernel/irq_64.c | 4 + | |
afe359a8 | 4354 | arch/x86/kernel/ldt.c | 18 + |
6090327c PK |
4355 | arch/x86/kernel/msr.c | 10 + |
4356 | arch/x86/kernel/ptrace.c | 28 + | |
4357 | arch/x86/kernel/signal.c | 9 +- | |
4358 | arch/x86/kernel/sys_i386_32.c | 9 +- | |
4359 | arch/x86/kernel/sys_x86_64.c | 8 +- | |
4360 | arch/x86/kernel/traps.c | 5 + | |
4361 | arch/x86/kernel/verify_cpu.S | 1 + | |
4362 | arch/x86/kernel/vm86_32.c | 16 + | |
4363 | arch/x86/mm/fault.c | 12 +- | |
4364 | arch/x86/mm/hugetlbpage.c | 15 +- | |
4365 | arch/x86/mm/init.c | 66 +- | |
4366 | arch/x86/mm/init_32.c | 6 +- | |
0986ccbe | 4367 | arch/x86/net/bpf_jit_comp.c | 4 + |
a8b227b4 | 4368 | arch/x86/platform/efi/efi_64.c | 2 +- |
6090327c PK |
4369 | arch/x86/xen/Kconfig | 1 + |
4370 | arch/xtensa/variants/dc232b/include/variant/core.h | 2 +- | |
4371 | arch/xtensa/variants/fsf/include/variant/core.h | 3 +- | |
6090327c PK |
4372 | drivers/acpi/acpica/hwxfsleep.c | 11 +- |
4373 | drivers/acpi/custom_method.c | 4 + | |
4374 | drivers/block/cciss.h | 30 +- | |
6090327c PK |
4375 | drivers/block/smart1,2.h | 40 +- |
4376 | drivers/cdrom/cdrom.c | 2 +- | |
4377 | drivers/char/Kconfig | 4 +- | |
4378 | drivers/char/genrtc.c | 1 + | |
4379 | drivers/char/mem.c | 17 + | |
4380 | drivers/char/random.c | 5 +- | |
4381 | drivers/cpufreq/sparc-us3-cpufreq.c | 2 - | |
4382 | drivers/firewire/ohci.c | 4 + | |
da1216b9 PK |
4383 | drivers/gpu/drm/drm_context.c | 50 +- |
4384 | drivers/gpu/drm/drm_drv.c | 11 +- | |
4385 | drivers/gpu/drm/drm_lock.c | 18 +- | |
4386 | drivers/gpu/drm/i915/i915_dma.c | 2 + | |
4387 | drivers/gpu/drm/nouveau/nouveau_drm.c | 3 +- | |
6090327c PK |
4388 | drivers/gpu/drm/nouveau/nouveau_ttm.c | 30 +- |
4389 | drivers/gpu/drm/ttm/ttm_bo_manager.c | 10 +- | |
afe359a8 | 4390 | drivers/gpu/drm/virtio/virtgpu_ttm.c | 10 +- |
6090327c | 4391 | drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c | 10 +- |
6090327c PK |
4392 | drivers/hid/hid-wiimote-debug.c | 2 +- |
4393 | drivers/infiniband/hw/nes/nes_cm.c | 22 +- | |
0986ccbe | 4394 | drivers/iommu/amd_iommu.c | 14 +- |
6090327c PK |
4395 | drivers/isdn/gigaset/bas-gigaset.c | 32 +- |
4396 | drivers/isdn/gigaset/ser-gigaset.c | 32 +- | |
4397 | drivers/isdn/gigaset/usb-gigaset.c | 32 +- | |
4398 | drivers/isdn/i4l/isdn_concap.c | 6 +- | |
4399 | drivers/isdn/i4l/isdn_x25iface.c | 16 +- | |
a8b227b4 PK |
4400 | drivers/md/raid5.c | 8 + |
4401 | drivers/media/pci/solo6x10/solo6x10-g723.c | 2 +- | |
6090327c | 4402 | drivers/media/radio/radio-cadet.c | 5 +- |
a8b227b4 PK |
4403 | drivers/media/usb/dvb-usb/cinergyT2-core.c | 91 +- |
4404 | drivers/media/usb/dvb-usb/cinergyT2-fe.c | 182 +- | |
6090327c PK |
4405 | drivers/media/usb/dvb-usb/dvb-usb-firmware.c | 37 +- |
4406 | drivers/media/usb/dvb-usb/technisat-usb2.c | 75 +- | |
4407 | drivers/message/fusion/mptbase.c | 9 + | |
4408 | drivers/misc/sgi-xp/xp_main.c | 12 +- | |
6090327c PK |
4409 | drivers/net/ethernet/brocade/bna/bna_enet.c | 8 +- |
4410 | drivers/net/wan/lmc/lmc_media.c | 97 +- | |
4411 | drivers/net/wan/z85230.c | 24 +- | |
4412 | drivers/net/wireless/zd1211rw/zd_usb.c | 2 +- | |
4413 | drivers/pci/proc.c | 9 + | |
4414 | drivers/platform/x86/asus-wmi.c | 12 + | |
4415 | drivers/rtc/rtc-dev.c | 3 + | |
4416 | drivers/scsi/bfa/bfa_fcs.c | 19 +- | |
4417 | drivers/scsi/bfa/bfa_fcs_lport.c | 29 +- | |
4418 | drivers/scsi/bfa/bfa_modules.h | 12 +- | |
e8242a6d | 4419 | drivers/scsi/hpsa.h | 40 +- |
6090327c PK |
4420 | drivers/staging/lustre/lustre/ldlm/ldlm_flock.c | 2 +- |
4421 | drivers/staging/lustre/lustre/libcfs/module.c | 10 +- | |
afe359a8 PK |
4422 | drivers/staging/sm750fb/sm750.c | 3 + |
4423 | drivers/tty/serial/uartlite.c | 4 +- | |
6090327c PK |
4424 | drivers/tty/sysrq.c | 2 +- |
4425 | drivers/tty/vt/keyboard.c | 22 +- | |
4426 | drivers/uio/uio.c | 6 +- | |
4427 | drivers/usb/core/hub.c | 5 + | |
a8b227b4 PK |
4428 | drivers/usb/gadget/function/f_uac1.c | 1 + |
4429 | drivers/usb/gadget/function/u_uac1.c | 1 + | |
6090327c | 4430 | drivers/usb/host/hwa-hc.c | 9 +- |
afe359a8 | 4431 | drivers/usb/usbip/vhci_sysfs.c | 2 +- |
6090327c PK |
4432 | drivers/video/fbdev/arcfb.c | 2 +- |
4433 | drivers/video/fbdev/matrox/matroxfb_DAC1064.c | 10 +- | |
4434 | drivers/video/fbdev/matrox/matroxfb_Ti3026.c | 5 +- | |
4435 | drivers/video/fbdev/sh_mobile_lcdcfb.c | 6 +- | |
da1216b9 | 4436 | drivers/video/logo/logo_linux_clut224.ppm | 2720 ++++----- |
6090327c | 4437 | drivers/xen/xenfs/xenstored.c | 5 + |
afe359a8 PK |
4438 | firmware/Makefile | 2 + |
4439 | firmware/WHENCE | 20 +- | |
4440 | firmware/bnx2/bnx2-mips-06-6.2.3.fw.ihex | 5804 +++++++++++++++++ | |
da1216b9 | 4441 | firmware/bnx2/bnx2-mips-09-6.2.1b.fw.ihex | 6496 ++++++++++++++++++++ |
6090327c PK |
4442 | fs/attr.c | 1 + |
4443 | fs/autofs4/waitq.c | 9 + | |
4444 | fs/binfmt_aout.c | 7 + | |
4445 | fs/binfmt_elf.c | 40 +- | |
6090327c PK |
4446 | fs/compat.c | 20 +- |
4447 | fs/coredump.c | 17 +- | |
8cf17962 | 4448 | fs/dcache.c | 3 + |
da1216b9 PK |
4449 | fs/debugfs/inode.c | 11 +- |
4450 | fs/exec.c | 218 +- | |
6090327c | 4451 | fs/ext2/balloc.c | 4 +- |
0986ccbe | 4452 | fs/ext2/super.c | 8 +- |
6090327c | 4453 | fs/ext3/balloc.c | 4 +- |
0986ccbe | 4454 | fs/ext3/super.c | 8 +- |
6090327c | 4455 | fs/ext4/balloc.c | 4 +- |
0986ccbe | 4456 | fs/fcntl.c | 4 + |
da1216b9 | 4457 | fs/fhandle.c | 3 +- |
6090327c PK |
4458 | fs/file.c | 4 + |
4459 | fs/filesystems.c | 4 + | |
e8242a6d | 4460 | fs/fs_struct.c | 20 +- |
6090327c | 4461 | fs/hugetlbfs/inode.c | 5 +- |
afe359a8 | 4462 | fs/inode.c | 8 +- |
8cf17962 | 4463 | fs/kernfs/dir.c | 6 + |
6090327c | 4464 | fs/mount.h | 4 +- |
afe359a8 | 4465 | fs/namei.c | 285 +- |
8cf17962 | 4466 | fs/namespace.c | 24 + |
a8b227b4 | 4467 | fs/nfsd/nfscache.c | 2 +- |
6090327c | 4468 | fs/open.c | 38 + |
afe359a8 | 4469 | fs/overlayfs/inode.c | 3 + |
da1216b9 | 4470 | fs/overlayfs/super.c | 6 +- |
6090327c PK |
4471 | fs/pipe.c | 2 +- |
4472 | fs/posix_acl.c | 15 +- | |
4473 | fs/proc/Kconfig | 10 +- | |
0986ccbe | 4474 | fs/proc/array.c | 66 +- |
afe359a8 | 4475 | fs/proc/base.c | 168 +- |
6090327c PK |
4476 | fs/proc/cmdline.c | 4 + |
4477 | fs/proc/devices.c | 4 + | |
4478 | fs/proc/fd.c | 17 +- | |
e8242a6d | 4479 | fs/proc/generic.c | 64 + |
6090327c | 4480 | fs/proc/inode.c | 17 + |
0986ccbe | 4481 | fs/proc/internal.h | 11 +- |
6090327c PK |
4482 | fs/proc/interrupts.c | 4 + |
4483 | fs/proc/kcore.c | 3 + | |
4484 | fs/proc/proc_net.c | 31 + | |
4485 | fs/proc/proc_sysctl.c | 52 +- | |
4486 | fs/proc/root.c | 8 + | |
4487 | fs/proc/stat.c | 69 +- | |
e8242a6d | 4488 | fs/proc/task_mmu.c | 66 +- |
6090327c PK |
4489 | fs/readdir.c | 19 + |
4490 | fs/reiserfs/item_ops.c | 24 +- | |
0986ccbe | 4491 | fs/reiserfs/super.c | 4 + |
6090327c | 4492 | fs/select.c | 2 + |
afe359a8 | 4493 | fs/seq_file.c | 30 +- |
6090327c | 4494 | fs/stat.c | 20 +- |
e8242a6d | 4495 | fs/sysfs/dir.c | 30 +- |
6090327c | 4496 | fs/utimes.c | 7 + |
8cf17962 | 4497 | fs/xattr.c | 26 +- |
da1216b9 | 4498 | grsecurity/Kconfig | 1182 ++++ |
6090327c | 4499 | grsecurity/Makefile | 54 + |
da1216b9 | 4500 | grsecurity/gracl.c | 2757 +++++++++ |
6090327c | 4501 | grsecurity/gracl_alloc.c | 105 + |
a8b227b4 | 4502 | grsecurity/gracl_cap.c | 127 + |
da1216b9 | 4503 | grsecurity/gracl_compat.c | 269 + |
afe359a8 | 4504 | grsecurity/gracl_fs.c | 448 ++ |
da1216b9 PK |
4505 | grsecurity/gracl_ip.c | 386 ++ |
4506 | grsecurity/gracl_learn.c | 207 + | |
4507 | grsecurity/gracl_policy.c | 1786 ++++++ | |
6090327c | 4508 | grsecurity/gracl_res.c | 68 + |
da1216b9 | 4509 | grsecurity/gracl_segv.c | 304 + |
6090327c PK |
4510 | grsecurity/gracl_shm.c | 40 + |
4511 | grsecurity/grsec_chdir.c | 19 + | |
da1216b9 PK |
4512 | grsecurity/grsec_chroot.c | 467 ++ |
4513 | grsecurity/grsec_disabled.c | 445 ++ | |
4514 | grsecurity/grsec_exec.c | 189 + | |
4515 | grsecurity/grsec_fifo.c | 26 + | |
6090327c | 4516 | grsecurity/grsec_fork.c | 23 + |
da1216b9 | 4517 | grsecurity/grsec_init.c | 290 + |
6090327c | 4518 | grsecurity/grsec_ipc.c | 48 + |
afe359a8 PK |
4519 | grsecurity/grsec_link.c | 65 + |
4520 | grsecurity/grsec_log.c | 340 + | |
6090327c PK |
4521 | grsecurity/grsec_mem.c | 48 + |
4522 | grsecurity/grsec_mount.c | 65 + | |
afe359a8 | 4523 | grsecurity/grsec_pax.c | 47 + |
6090327c PK |
4524 | grsecurity/grsec_proc.c | 20 + |
4525 | grsecurity/grsec_ptrace.c | 30 + | |
da1216b9 PK |
4526 | grsecurity/grsec_sig.c | 236 + |
4527 | grsecurity/grsec_sock.c | 244 + | |
4528 | grsecurity/grsec_sysctl.c | 488 ++ | |
6090327c PK |
4529 | grsecurity/grsec_time.c | 16 + |
4530 | grsecurity/grsec_tpe.c | 78 + | |
4531 | grsecurity/grsec_usb.c | 15 + | |
4532 | grsecurity/grsum.c | 64 + | |
da1216b9 | 4533 | include/drm/drmP.h | 23 +- |
6090327c | 4534 | include/linux/binfmts.h | 5 +- |
afe359a8 PK |
4535 | include/linux/capability.h | 13 + |
4536 | include/linux/compiler-gcc.h | 5 + | |
6090327c PK |
4537 | include/linux/compiler.h | 8 + |
4538 | include/linux/cred.h | 8 +- | |
8cf17962 | 4539 | include/linux/dcache.h | 5 +- |
6090327c PK |
4540 | include/linux/fs.h | 24 +- |
4541 | include/linux/fs_struct.h | 2 +- | |
4542 | include/linux/fsnotify.h | 6 + | |
da1216b9 PK |
4543 | include/linux/gracl.h | 342 + |
4544 | include/linux/gracl_compat.h | 156 + | |
6090327c PK |
4545 | include/linux/gralloc.h | 9 + |
4546 | include/linux/grdefs.h | 140 + | |
da1216b9 | 4547 | include/linux/grinternal.h | 230 + |
8cf17962 | 4548 | include/linux/grmsg.h | 118 + |
afe359a8 | 4549 | include/linux/grsecurity.h | 249 + |
6090327c | 4550 | include/linux/grsock.h | 19 + |
afe359a8 | 4551 | include/linux/ipc.h | 2 +- |
6090327c PK |
4552 | include/linux/ipc_namespace.h | 2 +- |
4553 | include/linux/kallsyms.h | 18 +- | |
4554 | include/linux/kmod.h | 5 + | |
4555 | include/linux/kobject.h | 2 +- | |
afe359a8 | 4556 | include/linux/lsm_hooks.h | 4 +- |
8cf17962 | 4557 | include/linux/mm.h | 12 + |
6090327c | 4558 | include/linux/mm_types.h | 4 +- |
afe359a8 | 4559 | include/linux/module.h | 5 +- |
6090327c PK |
4560 | include/linux/mount.h | 2 +- |
4561 | include/linux/netfilter/xt_gradm.h | 9 + | |
4562 | include/linux/path.h | 4 +- | |
4563 | include/linux/perf_event.h | 13 +- | |
4564 | include/linux/pid_namespace.h | 2 +- | |
8cf17962 | 4565 | include/linux/printk.h | 2 +- |
6090327c PK |
4566 | include/linux/proc_fs.h | 22 +- |
4567 | include/linux/proc_ns.h | 2 +- | |
4568 | include/linux/random.h | 2 +- | |
4569 | include/linux/rbtree_augmented.h | 4 +- | |
da1216b9 | 4570 | include/linux/scatterlist.h | 12 +- |
afe359a8 | 4571 | include/linux/sched.h | 110 +- |
6090327c PK |
4572 | include/linux/security.h | 3 +- |
4573 | include/linux/seq_file.h | 5 + | |
afe359a8 | 4574 | include/linux/shm.h | 6 +- |
6090327c PK |
4575 | include/linux/skbuff.h | 3 + |
4576 | include/linux/slab.h | 9 - | |
afe359a8 | 4577 | include/linux/sysctl.h | 8 +- |
6090327c PK |
4578 | include/linux/thread_info.h | 6 +- |
4579 | include/linux/tty.h | 2 +- | |
4580 | include/linux/tty_driver.h | 4 +- | |
4581 | include/linux/uidgid.h | 5 + | |
4582 | include/linux/user_namespace.h | 2 +- | |
4583 | include/linux/utsname.h | 2 +- | |
4584 | include/linux/vermagic.h | 16 +- | |
afe359a8 | 4585 | include/linux/vmalloc.h | 8 + |
6090327c PK |
4586 | include/net/af_unix.h | 2 +- |
4587 | include/net/ip.h | 2 +- | |
4588 | include/net/neighbour.h | 2 +- | |
4589 | include/net/net_namespace.h | 2 +- | |
e8242a6d | 4590 | include/net/sock.h | 2 +- |
6090327c | 4591 | include/trace/events/fs.h | 53 + |
da1216b9 | 4592 | include/uapi/drm/i915_drm.h | 1 + |
6090327c PK |
4593 | include/uapi/linux/personality.h | 1 + |
4594 | init/Kconfig | 3 +- | |
e8242a6d | 4595 | init/main.c | 35 +- |
6090327c | 4596 | ipc/mqueue.c | 1 + |
afe359a8 PK |
4597 | ipc/msg.c | 14 +- |
4598 | ipc/shm.c | 36 +- | |
4599 | ipc/util.c | 14 +- | |
da1216b9 | 4600 | kernel/auditsc.c | 2 +- |
0986ccbe | 4601 | kernel/bpf/syscall.c | 8 +- |
6090327c | 4602 | kernel/capability.c | 41 +- |
0986ccbe | 4603 | kernel/cgroup.c | 5 +- |
6090327c PK |
4604 | kernel/compat.c | 1 + |
4605 | kernel/configs.c | 11 + | |
afe359a8 | 4606 | kernel/cred.c | 112 +- |
6090327c PK |
4607 | kernel/events/core.c | 14 +- |
4608 | kernel/exit.c | 10 +- | |
4609 | kernel/fork.c | 86 +- | |
4610 | kernel/futex.c | 4 +- | |
4611 | kernel/kallsyms.c | 9 + | |
4612 | kernel/kcmp.c | 4 + | |
afe359a8 | 4613 | kernel/kexec.c | 2 +- |
e8242a6d | 4614 | kernel/kmod.c | 95 +- |
6090327c PK |
4615 | kernel/kprobes.c | 7 +- |
4616 | kernel/ksysfs.c | 2 + | |
4617 | kernel/locking/lockdep_proc.c | 10 +- | |
afe359a8 | 4618 | kernel/module.c | 108 +- |
6090327c PK |
4619 | kernel/panic.c | 4 +- |
4620 | kernel/pid.c | 19 +- | |
6090327c | 4621 | kernel/power/Kconfig | 2 + |
afe359a8 | 4622 | kernel/printk/printk.c | 7 +- |
6090327c | 4623 | kernel/ptrace.c | 20 +- |
6090327c PK |
4624 | kernel/resource.c | 10 + |
4625 | kernel/sched/core.c | 11 +- | |
4626 | kernel/signal.c | 37 +- | |
a8b227b4 | 4627 | kernel/sys.c | 64 +- |
afe359a8 | 4628 | kernel/sysctl.c | 180 +- |
6090327c | 4629 | kernel/taskstats.c | 6 + |
a8b227b4 PK |
4630 | kernel/time/posix-timers.c | 8 + |
4631 | kernel/time/time.c | 5 + | |
6090327c | 4632 | kernel/time/timekeeping.c | 3 + |
afe359a8 | 4633 | kernel/time/timer_list.c | 13 +- |
6090327c | 4634 | kernel/time/timer_stats.c | 10 +- |
0986ccbe | 4635 | kernel/trace/trace_syscalls.c | 8 + |
6090327c PK |
4636 | kernel/user_namespace.c | 15 + |
4637 | lib/Kconfig.debug | 7 +- | |
4638 | lib/is_single_threaded.c | 3 + | |
4639 | lib/list_debug.c | 65 +- | |
e8242a6d | 4640 | lib/nlattr.c | 2 + |
6090327c | 4641 | lib/rbtree.c | 4 +- |
afe359a8 | 4642 | lib/vsprintf.c | 39 +- |
6090327c PK |
4643 | localversion-grsec | 1 + |
4644 | mm/Kconfig | 5 +- | |
e8242a6d | 4645 | mm/Kconfig.debug | 1 + |
6090327c | 4646 | mm/filemap.c | 1 + |
afe359a8 | 4647 | mm/hugetlb.c | 8 + |
6090327c | 4648 | mm/kmemleak.c | 4 +- |
da1216b9 | 4649 | mm/memory.c | 2 +- |
6090327c PK |
4650 | mm/mempolicy.c | 12 +- |
4651 | mm/migrate.c | 3 +- | |
4652 | mm/mlock.c | 6 +- | |
e8242a6d | 4653 | mm/mmap.c | 93 +- |
6090327c | 4654 | mm/mprotect.c | 8 + |
e8242a6d | 4655 | mm/page_alloc.c | 2 +- |
6090327c PK |
4656 | mm/process_vm_access.c | 6 + |
4657 | mm/shmem.c | 2 +- | |
afe359a8 | 4658 | mm/slab.c | 27 +- |
6090327c | 4659 | mm/slab_common.c | 2 +- |
afe359a8 PK |
4660 | mm/slob.c | 12 + |
4661 | mm/slub.c | 33 +- | |
6090327c | 4662 | mm/util.c | 3 + |
afe359a8 | 4663 | mm/vmalloc.c | 80 +- |
6090327c PK |
4664 | mm/vmstat.c | 29 +- |
4665 | net/appletalk/atalk_proc.c | 2 +- | |
4666 | net/atm/lec.c | 6 +- | |
4667 | net/atm/mpoa_caches.c | 42 +- | |
4668 | net/can/bcm.c | 2 +- | |
4669 | net/can/proc.c | 2 +- | |
0986ccbe | 4670 | net/core/dev_ioctl.c | 7 +- |
6090327c PK |
4671 | net/core/filter.c | 8 +- |
4672 | net/core/net-procfs.c | 17 +- | |
4673 | net/core/pktgen.c | 2 +- | |
e8242a6d | 4674 | net/core/sock.c | 3 +- |
0986ccbe | 4675 | net/core/sysctl_net_core.c | 2 +- |
6090327c | 4676 | net/decnet/dn_dev.c | 2 +- |
0986ccbe | 4677 | net/ipv4/devinet.c | 6 +- |
6090327c | 4678 | net/ipv4/inet_hashtables.c | 5 + |
a8b227b4 | 4679 | net/ipv4/ip_input.c | 7 + |
6090327c PK |
4680 | net/ipv4/ip_sockglue.c | 3 +- |
4681 | net/ipv4/netfilter/ipt_CLUSTERIP.c | 2 +- | |
4682 | net/ipv4/route.c | 6 +- | |
da1216b9 | 4683 | net/ipv4/tcp_input.c | 4 +- |
6090327c PK |
4684 | net/ipv4/tcp_ipv4.c | 24 +- |
4685 | net/ipv4/tcp_minisocks.c | 9 +- | |
4686 | net/ipv4/tcp_timer.c | 11 + | |
4687 | net/ipv4/udp.c | 24 + | |
e8242a6d | 4688 | net/ipv6/addrconf.c | 13 +- |
6090327c PK |
4689 | net/ipv6/proc.c | 2 +- |
4690 | net/ipv6/tcp_ipv6.c | 23 +- | |
4691 | net/ipv6/udp.c | 7 + | |
4692 | net/ipx/ipx_proc.c | 2 +- | |
4693 | net/irda/irproc.c | 2 +- | |
4694 | net/llc/llc_proc.c | 2 +- | |
4695 | net/netfilter/Kconfig | 10 + | |
4696 | net/netfilter/Makefile | 1 + | |
4697 | net/netfilter/nf_conntrack_core.c | 8 + | |
4698 | net/netfilter/xt_gradm.c | 51 + | |
4699 | net/netfilter/xt_hashlimit.c | 4 +- | |
4700 | net/netfilter/xt_recent.c | 2 +- | |
8cf17962 | 4701 | net/socket.c | 71 +- |
6090327c PK |
4702 | net/sunrpc/cache.c | 2 +- |
4703 | net/sunrpc/stats.c | 2 +- | |
4704 | net/sysctl_net.c | 2 +- | |
e8242a6d | 4705 | net/unix/af_unix.c | 52 +- |
6090327c PK |
4706 | net/vmw_vsock/vmci_transport_notify.c | 30 +- |
4707 | net/vmw_vsock/vmci_transport_notify_qstate.c | 30 +- | |
4708 | net/x25/sysctl_net_x25.c | 2 +- | |
4709 | net/x25/x25_proc.c | 2 +- | |
0986ccbe PK |
4710 | scripts/package/Makefile | 2 +- |
4711 | scripts/package/mkspec | 38 +- | |
afe359a8 | 4712 | security/Kconfig | 370 +- |
6090327c PK |
4713 | security/apparmor/file.c | 4 +- |
4714 | security/apparmor/lsm.c | 8 +- | |
4715 | security/commoncap.c | 29 + | |
4716 | security/min_addr.c | 2 + | |
4717 | security/tomoyo/file.c | 12 +- | |
4718 | security/tomoyo/mount.c | 4 + | |
da1216b9 | 4719 | security/tomoyo/tomoyo.c | 20 +- |
6090327c | 4720 | security/yama/Kconfig | 2 +- |
6090327c | 4721 | sound/synth/emux/emux_seq.c | 14 +- |
e8242a6d PK |
4722 | sound/usb/line6/driver.c | 40 +- |
4723 | sound/usb/line6/toneport.c | 12 +- | |
6090327c PK |
4724 | tools/gcc/.gitignore | 1 + |
4725 | tools/gcc/Makefile | 12 + | |
4726 | tools/gcc/gen-random-seed.sh | 8 + | |
afe359a8 PK |
4727 | tools/gcc/randomize_layout_plugin.c | 930 +++ |
4728 | tools/gcc/size_overflow_plugin/.gitignore | 1 + | |
4729 | .../size_overflow_plugin/size_overflow_hash.data | 320 +- | |
4730 | 466 files changed, 32295 insertions(+), 2907 deletions(-) | |
4731 | ||
4732 | commit fc19197ab5a42069863a7d88f1d41eb687697fe9 | |
4733 | Author: Brad Spengler <spender@grsecurity.net> | |
4734 | Date: Sun Oct 4 20:43:51 2015 -0400 | |
4735 | ||
4736 | Update to pax-linux-4.2.3-test6.patch: | |
4737 | - fixed a KERNEXEC/x86 and early ioremap regression, reported by spender | |
4738 | - sanitized a few more top level page table entries on amd64 | |
76e7c0f9 | 4739 | |
afe359a8 PK |
4740 | arch/x86/kernel/espfix_64.c | 2 +- |
4741 | arch/x86/kernel/head_64.S | 8 ++++---- | |
4742 | arch/x86/mm/ioremap.c | 6 +++++- | |
4743 | 3 files changed, 10 insertions(+), 6 deletions(-) | |
4744 | ||
4745 | commit 23ac5415b9ef394e10b1516d3b314c742c6a3e59 | |
4746 | Author: Brad Spengler <spender@grsecurity.net> | |
4747 | Date: Sun Oct 4 17:47:37 2015 -0400 | |
4748 | ||
4749 | Resync with pax-linux-4.2.3-test5.patch | |
4750 | ||
4751 | arch/x86/include/asm/pgtable-2level.h | 20 ++++++++++++++++---- | |
4752 | arch/x86/include/asm/pgtable-3level.h | 8 ++++++++ | |
4753 | arch/x86/include/asm/pgtable_32.h | 2 -- | |
4754 | arch/x86/include/asm/pgtable_64.h | 20 ++++++++++++++++---- | |
4755 | arch/x86/mm/highmem_32.c | 2 -- | |
4756 | arch/x86/mm/init_64.c | 2 -- | |
4757 | arch/x86/mm/iomap_32.c | 4 ---- | |
4758 | arch/x86/mm/ioremap.c | 2 +- | |
4759 | arch/x86/mm/pgtable.c | 2 -- | |
4760 | arch/x86/mm/pgtable_32.c | 3 --- | |
4761 | mm/highmem.c | 6 +----- | |
4762 | mm/vmalloc.c | 12 +----------- | |
4763 | .../size_overflow_plugin/size_overflow_hash.data | 2 -- | |
4764 | 13 files changed, 43 insertions(+), 42 deletions(-) | |
4765 | ||
4766 | commit 25f4bed80f0d87783793a70d6c20080031a1fd38 | |
4767 | Author: Brad Spengler <spender@grsecurity.net> | |
4768 | Date: Sun Oct 4 13:06:32 2015 -0400 | |
4769 | ||
4770 | Update to pax-linux-4.2.3-test5.patch: | |
4771 | - forward port to 4.2.3 | |
4772 | - fixed integer sign conversion errors caused by ieee80211_tx_rate_control.max_rate_idx, caught by the size overflow plugin | |
4773 | - fixed a bug in try_preserve_large_page that caused unnecessary large page split ups | |
4774 | - increased the number of statically allocated kernel page tables under KERNEXEC/amd64 | |
4775 | ||
4776 | arch/x86/include/asm/pgtable-2level.h | 2 ++ | |
4777 | arch/x86/include/asm/pgtable-3level.h | 5 +++++ | |
4778 | arch/x86/include/asm/pgtable_64.h | 2 ++ | |
4779 | arch/x86/kernel/cpu/bugs_64.c | 2 ++ | |
4780 | arch/x86/kernel/head_64.S | 28 +++++++++++++++++++++++----- | |
4781 | arch/x86/kernel/vmlinux.lds.S | 8 +++++++- | |
4782 | arch/x86/mm/init.c | 18 ++++++++++++++---- | |
4783 | arch/x86/mm/ioremap.c | 8 ++++++-- | |
4784 | arch/x86/mm/pageattr.c | 5 ++--- | |
4785 | arch/x86/mm/pgtable.c | 2 ++ | |
4786 | include/asm-generic/sections.h | 1 + | |
4787 | include/asm-generic/vmlinux.lds.h | 2 ++ | |
4788 | include/net/mac80211.h | 2 +- | |
4789 | mm/vmalloc.c | 7 ++++++- | |
4790 | 14 files changed, 75 insertions(+), 17 deletions(-) | |
4791 | ||
4792 | commit a2dce7cb2e3c389b7ef6c76c15ccdbf506007ddd | |
4793 | Merge: d113ff6 fcba09f | |
4794 | Author: Brad Spengler <spender@grsecurity.net> | |
4795 | Date: Sat Oct 3 09:12:31 2015 -0400 | |
4796 | ||
4797 | Merge branch 'linux-4.2.y' into pax-test | |
4798 | ||
4799 | commit d113ff6e7835e89e2b954503b1a100750ddb43c7 | |
4800 | Author: Brad Spengler <spender@grsecurity.net> | |
4801 | Date: Thu Oct 1 21:34:12 2015 -0400 | |
4802 | ||
4803 | Update to pax-linux-4.2.2-test5.patch: | |
4804 | - fixed a RANDKSTACK regression, reported by spender | |
4805 | - fixed some more compiler warnings due to the ktla_ktva changes, reported by spender | |
4806 | ||
4807 | arch/x86/entry/entry_64.S | 2 ++ | |
4808 | arch/x86/kernel/process.c | 1 + | |
4809 | drivers/hv/hv.c | 2 +- | |
4810 | drivers/lguest/x86/core.c | 4 ++-- | |
4811 | drivers/misc/kgdbts.c | 4 ++-- | |
4812 | drivers/video/fbdev/uvesafb.c | 4 ++-- | |
4813 | fs/binfmt_elf_fdpic.c | 2 +- | |
4814 | 7 files changed, 11 insertions(+), 8 deletions(-) | |
4815 | ||
4816 | commit 149e32a4dddfae46e2490f011870cd4492ca946c | |
4817 | Author: Brad Spengler <spender@grsecurity.net> | |
4818 | Date: Tue Sep 29 16:31:50 2015 -0400 | |
4819 | ||
4820 | Update to pax-linux-4.2.2-test4.patch: | |
4821 | - fixed a few compiler warnings caused by the recently reworked ktla_ktva/ktva_ktla functions, reported by spender | |
4822 | - Emese fixed a size overflow false positive in the IDE driver, reported by spender | |
4823 | ||
4824 | arch/x86/lib/insn.c | 2 +- | |
4825 | drivers/ide/ide-disk.c | 2 +- | |
4826 | drivers/video/fbdev/vesafb.c | 4 ++-- | |
4827 | fs/binfmt_elf.c | 2 +- | |
4828 | .../size_overflow_plugin/size_overflow_plugin.c | 4 ++-- | |
4829 | .../size_overflow_transform_core.c | 11 +++++------ | |
4830 | 6 files changed, 12 insertions(+), 13 deletions(-) | |
4831 | ||
4832 | commit 02c41b848fbaddf82ce98690b23d3d85a94d55fe | |
4833 | Merge: b8b2f5b 7659db3 | |
6090327c | 4834 | Author: Brad Spengler <spender@grsecurity.net> |
afe359a8 | 4835 | Date: Tue Sep 29 15:50:40 2015 -0400 |
76e7c0f9 | 4836 | |
afe359a8 PK |
4837 | Merge branch 'linux-4.2.y' into pax-test |
4838 | ||
4839 | Conflicts: | |
4840 | fs/nfs/inode.c | |
4841 | ||
4842 | commit b8b2f5bc93ced0ca9a8366d0f3fa09abd1ca7ac6 | |
4843 | Author: Brad Spengler <spender@grsecurity.net> | |
4844 | Date: Tue Sep 29 09:13:54 2015 -0400 | |
4845 | ||
4846 | Initial import of pax-linux-4.2.1-test3.patch | |
76e7c0f9 | 4847 | |
6090327c | 4848 | Documentation/dontdiff | 47 +- |
a8b227b4 | 4849 | Documentation/kbuild/makefiles.txt | 39 +- |
0986ccbe | 4850 | Documentation/kernel-parameters.txt | 28 + |
da1216b9 | 4851 | Makefile | 108 +- |
6090327c PK |
4852 | arch/alpha/include/asm/atomic.h | 10 + |
4853 | arch/alpha/include/asm/elf.h | 7 + | |
4854 | arch/alpha/include/asm/pgalloc.h | 6 + | |
4855 | arch/alpha/include/asm/pgtable.h | 11 + | |
4856 | arch/alpha/kernel/module.c | 2 +- | |
4857 | arch/alpha/kernel/osf_sys.c | 8 +- | |
4858 | arch/alpha/mm/fault.c | 141 +- | |
4859 | arch/arm/Kconfig | 2 +- | |
8cf17962 | 4860 | arch/arm/include/asm/atomic.h | 319 +- |
6090327c PK |
4861 | arch/arm/include/asm/barrier.h | 2 +- |
4862 | arch/arm/include/asm/cache.h | 5 +- | |
4863 | arch/arm/include/asm/cacheflush.h | 2 +- | |
4864 | arch/arm/include/asm/checksum.h | 14 +- | |
afe359a8 PK |
4865 | arch/arm/include/asm/cmpxchg.h | 4 + |
4866 | arch/arm/include/asm/cpuidle.h | 2 +- | |
6090327c | 4867 | arch/arm/include/asm/domain.h | 33 +- |
da1216b9 | 4868 | arch/arm/include/asm/elf.h | 9 +- |
6090327c PK |
4869 | arch/arm/include/asm/fncpy.h | 2 + |
4870 | arch/arm/include/asm/futex.h | 10 + | |
4871 | arch/arm/include/asm/kmap_types.h | 2 +- | |
4872 | arch/arm/include/asm/mach/dma.h | 2 +- | |
4873 | arch/arm/include/asm/mach/map.h | 16 +- | |
4874 | arch/arm/include/asm/outercache.h | 2 +- | |
4875 | arch/arm/include/asm/page.h | 3 +- | |
8cf17962 PK |
4876 | arch/arm/include/asm/pgalloc.h | 20 + |
4877 | arch/arm/include/asm/pgtable-2level-hwdef.h | 4 +- | |
6090327c | 4878 | arch/arm/include/asm/pgtable-2level.h | 3 + |
0986ccbe | 4879 | arch/arm/include/asm/pgtable-3level.h | 3 + |
6090327c PK |
4880 | arch/arm/include/asm/pgtable.h | 54 +- |
4881 | arch/arm/include/asm/psci.h | 2 +- | |
4882 | arch/arm/include/asm/smp.h | 2 +- | |
4883 | arch/arm/include/asm/thread_info.h | 6 +- | |
a8b227b4 | 4884 | arch/arm/include/asm/tls.h | 3 + |
afe359a8 | 4885 | arch/arm/include/asm/uaccess.h | 100 +- |
6090327c PK |
4886 | arch/arm/include/uapi/asm/ptrace.h | 2 +- |
4887 | arch/arm/kernel/armksyms.c | 8 +- | |
afe359a8 | 4888 | arch/arm/kernel/cpuidle.c | 2 +- |
6090327c PK |
4889 | arch/arm/kernel/entry-armv.S | 110 +- |
4890 | arch/arm/kernel/entry-common.S | 40 +- | |
4891 | arch/arm/kernel/entry-header.S | 60 + | |
4892 | arch/arm/kernel/fiq.c | 3 + | |
4893 | arch/arm/kernel/head.S | 2 +- | |
afe359a8 | 4894 | arch/arm/kernel/module.c | 38 +- |
6090327c | 4895 | arch/arm/kernel/patch.c | 2 + |
da1216b9 | 4896 | arch/arm/kernel/process.c | 90 +- |
6090327c | 4897 | arch/arm/kernel/psci.c | 2 +- |
da1216b9 | 4898 | arch/arm/kernel/reboot.c | 1 + |
6090327c PK |
4899 | arch/arm/kernel/setup.c | 20 +- |
4900 | arch/arm/kernel/signal.c | 35 +- | |
4901 | arch/arm/kernel/smp.c | 2 +- | |
4902 | arch/arm/kernel/tcm.c | 4 +- | |
a8b227b4 | 4903 | arch/arm/kernel/traps.c | 6 +- |
8cf17962 | 4904 | arch/arm/kernel/vmlinux.lds.S | 6 +- |
a8b227b4 | 4905 | arch/arm/kvm/arm.c | 10 +- |
6090327c PK |
4906 | arch/arm/lib/clear_user.S | 6 +- |
4907 | arch/arm/lib/copy_from_user.S | 6 +- | |
4908 | arch/arm/lib/copy_page.S | 1 + | |
4909 | arch/arm/lib/copy_to_user.S | 6 +- | |
4910 | arch/arm/lib/csumpartialcopyuser.S | 4 +- | |
4911 | arch/arm/lib/delay.c | 2 +- | |
afe359a8 | 4912 | arch/arm/lib/uaccess_with_memcpy.c | 8 +- |
da1216b9 | 4913 | arch/arm/mach-exynos/suspend.c | 6 +- |
a8b227b4 | 4914 | arch/arm/mach-mvebu/coherency.c | 4 +- |
6090327c | 4915 | arch/arm/mach-omap2/board-n8x0.c | 2 +- |
6090327c | 4916 | arch/arm/mach-omap2/omap-mpuss-lowpower.c | 4 +- |
e8242a6d | 4917 | arch/arm/mach-omap2/omap-smp.c | 1 + |
6090327c PK |
4918 | arch/arm/mach-omap2/omap-wakeupgen.c | 2 +- |
4919 | arch/arm/mach-omap2/omap_device.c | 4 +- | |
4920 | arch/arm/mach-omap2/omap_device.h | 4 +- | |
4921 | arch/arm/mach-omap2/omap_hwmod.c | 4 +- | |
4922 | arch/arm/mach-omap2/powerdomains43xx_data.c | 5 +- | |
4923 | arch/arm/mach-omap2/wd_timer.c | 6 +- | |
afe359a8 PK |
4924 | arch/arm/mach-shmobile/platsmp-apmu.c | 5 +- |
4925 | arch/arm/mach-shmobile/pm-r8a7740.c | 5 +- | |
4926 | arch/arm/mach-shmobile/pm-sh73a0.c | 5 +- | |
6090327c | 4927 | arch/arm/mach-tegra/cpuidle-tegra20.c | 2 +- |
e8242a6d PK |
4928 | arch/arm/mach-tegra/irq.c | 1 + |
4929 | arch/arm/mach-ux500/pm.c | 1 + | |
e8242a6d | 4930 | arch/arm/mach-zynq/platsmp.c | 1 + |
0986ccbe | 4931 | arch/arm/mm/Kconfig | 6 +- |
6090327c PK |
4932 | arch/arm/mm/alignment.c | 8 + |
4933 | arch/arm/mm/cache-l2x0.c | 2 +- | |
4934 | arch/arm/mm/context.c | 10 +- | |
0986ccbe | 4935 | arch/arm/mm/fault.c | 146 + |
6090327c | 4936 | arch/arm/mm/fault.h | 12 + |
8cf17962 | 4937 | arch/arm/mm/init.c | 39 + |
6090327c PK |
4938 | arch/arm/mm/ioremap.c | 4 +- |
4939 | arch/arm/mm/mmap.c | 30 +- | |
4940 | arch/arm/mm/mmu.c | 182 +- | |
0986ccbe | 4941 | arch/arm/net/bpf_jit_32.c | 3 + |
6090327c PK |
4942 | arch/arm/plat-iop/setup.c | 2 +- |
4943 | arch/arm/plat-omap/sram.c | 2 + | |
e8242a6d | 4944 | arch/arm64/include/asm/atomic.h | 10 + |
6090327c | 4945 | arch/arm64/include/asm/barrier.h | 2 +- |
8cf17962 | 4946 | arch/arm64/include/asm/percpu.h | 8 +- |
e8242a6d | 4947 | arch/arm64/include/asm/pgalloc.h | 5 + |
6090327c | 4948 | arch/arm64/include/asm/uaccess.h | 1 + |
e8242a6d | 4949 | arch/arm64/mm/dma-mapping.c | 2 +- |
6090327c PK |
4950 | arch/avr32/include/asm/elf.h | 8 +- |
4951 | arch/avr32/include/asm/kmap_types.h | 4 +- | |
4952 | arch/avr32/mm/fault.c | 27 + | |
4953 | arch/frv/include/asm/atomic.h | 10 + | |
4954 | arch/frv/include/asm/kmap_types.h | 2 +- | |
4955 | arch/frv/mm/elf-fdpic.c | 3 +- | |
a8b227b4 | 4956 | arch/ia64/Makefile | 1 + |
6090327c PK |
4957 | arch/ia64/include/asm/atomic.h | 10 + |
4958 | arch/ia64/include/asm/barrier.h | 2 +- | |
4959 | arch/ia64/include/asm/elf.h | 7 + | |
4960 | arch/ia64/include/asm/pgalloc.h | 12 + | |
4961 | arch/ia64/include/asm/pgtable.h | 13 +- | |
4962 | arch/ia64/include/asm/spinlock.h | 2 +- | |
4963 | arch/ia64/include/asm/uaccess.h | 27 +- | |
8cf17962 | 4964 | arch/ia64/kernel/module.c | 45 +- |
6090327c PK |
4965 | arch/ia64/kernel/palinfo.c | 2 +- |
4966 | arch/ia64/kernel/sys_ia64.c | 7 + | |
4967 | arch/ia64/kernel/vmlinux.lds.S | 2 +- | |
4968 | arch/ia64/mm/fault.c | 32 +- | |
a8b227b4 | 4969 | arch/ia64/mm/init.c | 15 +- |
6090327c PK |
4970 | arch/m32r/lib/usercopy.c | 6 + |
4971 | arch/metag/include/asm/barrier.h | 2 +- | |
4972 | arch/mips/cavium-octeon/dma-octeon.c | 2 +- | |
e8242a6d | 4973 | arch/mips/include/asm/atomic.h | 355 +- |
6090327c | 4974 | arch/mips/include/asm/barrier.h | 2 +- |
da1216b9 | 4975 | arch/mips/include/asm/elf.h | 7 + |
6090327c PK |
4976 | arch/mips/include/asm/exec.h | 2 +- |
4977 | arch/mips/include/asm/hw_irq.h | 2 +- | |
4978 | arch/mips/include/asm/local.h | 57 + | |
4979 | arch/mips/include/asm/page.h | 2 +- | |
4980 | arch/mips/include/asm/pgalloc.h | 5 + | |
4981 | arch/mips/include/asm/pgtable.h | 3 + | |
4982 | arch/mips/include/asm/uaccess.h | 1 + | |
4983 | arch/mips/kernel/binfmt_elfn32.c | 7 + | |
4984 | arch/mips/kernel/binfmt_elfo32.c | 7 + | |
4985 | arch/mips/kernel/i8259.c | 2 +- | |
4986 | arch/mips/kernel/irq-gt641xx.c | 2 +- | |
4987 | arch/mips/kernel/irq.c | 6 +- | |
4988 | arch/mips/kernel/pm-cps.c | 2 +- | |
4989 | arch/mips/kernel/process.c | 12 - | |
6090327c PK |
4990 | arch/mips/kernel/sync-r4k.c | 24 +- |
4991 | arch/mips/kernel/traps.c | 13 +- | |
a8b227b4 | 4992 | arch/mips/kvm/mips.c | 2 +- |
6090327c PK |
4993 | arch/mips/mm/fault.c | 25 + |
4994 | arch/mips/mm/mmap.c | 51 +- | |
6090327c PK |
4995 | arch/mips/sgi-ip27/ip27-nmi.c | 6 +- |
4996 | arch/mips/sni/rm200.c | 2 +- | |
4997 | arch/mips/vr41xx/common/icu.c | 2 +- | |
4998 | arch/mips/vr41xx/common/irq.c | 4 +- | |
4999 | arch/parisc/include/asm/atomic.h | 10 + | |
5000 | arch/parisc/include/asm/elf.h | 7 + | |
5001 | arch/parisc/include/asm/pgalloc.h | 6 + | |
5002 | arch/parisc/include/asm/pgtable.h | 11 + | |
5003 | arch/parisc/include/asm/uaccess.h | 4 +- | |
5004 | arch/parisc/kernel/module.c | 50 +- | |
5005 | arch/parisc/kernel/sys_parisc.c | 15 + | |
5006 | arch/parisc/kernel/traps.c | 4 +- | |
5007 | arch/parisc/mm/fault.c | 140 +- | |
0986ccbe | 5008 | arch/powerpc/include/asm/atomic.h | 329 +- |
6090327c | 5009 | arch/powerpc/include/asm/barrier.h | 2 +- |
da1216b9 | 5010 | arch/powerpc/include/asm/elf.h | 12 + |
6090327c PK |
5011 | arch/powerpc/include/asm/exec.h | 2 +- |
5012 | arch/powerpc/include/asm/kmap_types.h | 2 +- | |
0986ccbe | 5013 | arch/powerpc/include/asm/local.h | 46 + |
6090327c PK |
5014 | arch/powerpc/include/asm/mman.h | 2 +- |
5015 | arch/powerpc/include/asm/page.h | 8 +- | |
5016 | arch/powerpc/include/asm/page_64.h | 7 +- | |
5017 | arch/powerpc/include/asm/pgalloc-64.h | 7 + | |
5018 | arch/powerpc/include/asm/pgtable.h | 1 + | |
5019 | arch/powerpc/include/asm/pte-hash32.h | 1 + | |
5020 | arch/powerpc/include/asm/reg.h | 1 + | |
5021 | arch/powerpc/include/asm/smp.h | 2 +- | |
0986ccbe | 5022 | arch/powerpc/include/asm/spinlock.h | 42 +- |
6090327c | 5023 | arch/powerpc/include/asm/uaccess.h | 141 +- |
8cf17962 | 5024 | arch/powerpc/kernel/Makefile | 5 + |
6090327c PK |
5025 | arch/powerpc/kernel/exceptions-64e.S | 4 +- |
5026 | arch/powerpc/kernel/exceptions-64s.S | 2 +- | |
5027 | arch/powerpc/kernel/module_32.c | 15 +- | |
8cf17962 | 5028 | arch/powerpc/kernel/process.c | 46 - |
6090327c PK |
5029 | arch/powerpc/kernel/signal_32.c | 2 +- |
5030 | arch/powerpc/kernel/signal_64.c | 2 +- | |
0986ccbe | 5031 | arch/powerpc/kernel/traps.c | 21 + |
6090327c PK |
5032 | arch/powerpc/kernel/vdso.c | 5 +- |
5033 | arch/powerpc/kvm/powerpc.c | 2 +- | |
5034 | arch/powerpc/lib/usercopy_64.c | 18 - | |
e8242a6d | 5035 | arch/powerpc/mm/fault.c | 56 +- |
da1216b9 | 5036 | arch/powerpc/mm/mmap.c | 16 + |
6090327c PK |
5037 | arch/powerpc/mm/slice.c | 13 +- |
5038 | arch/powerpc/platforms/cell/spufs/file.c | 4 +- | |
5039 | arch/s390/include/asm/atomic.h | 10 + | |
5040 | arch/s390/include/asm/barrier.h | 2 +- | |
da1216b9 | 5041 | arch/s390/include/asm/elf.h | 7 + |
6090327c PK |
5042 | arch/s390/include/asm/exec.h | 2 +- |
5043 | arch/s390/include/asm/uaccess.h | 13 +- | |
5044 | arch/s390/kernel/module.c | 22 +- | |
e8242a6d | 5045 | arch/s390/kernel/process.c | 24 - |
da1216b9 | 5046 | arch/s390/mm/mmap.c | 16 + |
6090327c PK |
5047 | arch/score/include/asm/exec.h | 2 +- |
5048 | arch/score/kernel/process.c | 5 - | |
5049 | arch/sh/mm/mmap.c | 22 +- | |
0986ccbe | 5050 | arch/sparc/include/asm/atomic_64.h | 110 +- |
6090327c PK |
5051 | arch/sparc/include/asm/barrier_64.h | 2 +- |
5052 | arch/sparc/include/asm/cache.h | 2 +- | |
5053 | arch/sparc/include/asm/elf_32.h | 7 + | |
5054 | arch/sparc/include/asm/elf_64.h | 7 + | |
5055 | arch/sparc/include/asm/pgalloc_32.h | 1 + | |
5056 | arch/sparc/include/asm/pgalloc_64.h | 1 + | |
5057 | arch/sparc/include/asm/pgtable.h | 4 + | |
5058 | arch/sparc/include/asm/pgtable_32.h | 15 +- | |
5059 | arch/sparc/include/asm/pgtsrmmu.h | 5 + | |
5060 | arch/sparc/include/asm/setup.h | 4 +- | |
5061 | arch/sparc/include/asm/spinlock_64.h | 35 +- | |
e8242a6d | 5062 | arch/sparc/include/asm/thread_info_32.h | 1 + |
6090327c PK |
5063 | arch/sparc/include/asm/thread_info_64.h | 2 + |
5064 | arch/sparc/include/asm/uaccess.h | 1 + | |
e8242a6d PK |
5065 | arch/sparc/include/asm/uaccess_32.h | 28 +- |
5066 | arch/sparc/include/asm/uaccess_64.h | 24 +- | |
6090327c PK |
5067 | arch/sparc/kernel/Makefile | 2 +- |
5068 | arch/sparc/kernel/prom_common.c | 2 +- | |
5069 | arch/sparc/kernel/smp_64.c | 8 +- | |
5070 | arch/sparc/kernel/sys_sparc_32.c | 2 +- | |
5071 | arch/sparc/kernel/sys_sparc_64.c | 52 +- | |
5072 | arch/sparc/kernel/traps_64.c | 27 +- | |
5073 | arch/sparc/lib/Makefile | 2 +- | |
0986ccbe PK |
5074 | arch/sparc/lib/atomic_64.S | 57 +- |
5075 | arch/sparc/lib/ksyms.c | 6 +- | |
6090327c PK |
5076 | arch/sparc/mm/Makefile | 2 +- |
5077 | arch/sparc/mm/fault_32.c | 292 + | |
8cf17962 | 5078 | arch/sparc/mm/fault_64.c | 486 + |
6090327c PK |
5079 | arch/sparc/mm/hugetlbpage.c | 22 +- |
5080 | arch/sparc/mm/init_64.c | 10 +- | |
5081 | arch/tile/include/asm/atomic_64.h | 10 + | |
5082 | arch/tile/include/asm/uaccess.h | 4 +- | |
5083 | arch/um/Makefile | 4 + | |
5084 | arch/um/include/asm/kmap_types.h | 2 +- | |
5085 | arch/um/include/asm/page.h | 3 + | |
5086 | arch/um/include/asm/pgtable-3level.h | 1 + | |
5087 | arch/um/kernel/process.c | 16 - | |
afe359a8 | 5088 | arch/x86/Kconfig | 15 +- |
6090327c PK |
5089 | arch/x86/Kconfig.cpu | 6 +- |
5090 | arch/x86/Kconfig.debug | 4 +- | |
a8b227b4 | 5091 | arch/x86/Makefile | 13 +- |
6090327c PK |
5092 | arch/x86/boot/Makefile | 3 + |
5093 | arch/x86/boot/bitops.h | 4 +- | |
5094 | arch/x86/boot/boot.h | 2 +- | |
5095 | arch/x86/boot/compressed/Makefile | 3 + | |
5096 | arch/x86/boot/compressed/efi_stub_32.S | 16 +- | |
8cf17962 | 5097 | arch/x86/boot/compressed/efi_thunk_64.S | 4 +- |
6090327c PK |
5098 | arch/x86/boot/compressed/head_32.S | 4 +- |
5099 | arch/x86/boot/compressed/head_64.S | 12 +- | |
5100 | arch/x86/boot/compressed/misc.c | 11 +- | |
5101 | arch/x86/boot/cpucheck.c | 16 +- | |
5102 | arch/x86/boot/header.S | 6 +- | |
5103 | arch/x86/boot/memory.c | 2 +- | |
5104 | arch/x86/boot/video-vesa.c | 1 + | |
5105 | arch/x86/boot/video.c | 2 +- | |
5106 | arch/x86/crypto/aes-x86_64-asm_64.S | 4 + | |
5107 | arch/x86/crypto/aesni-intel_asm.S | 106 +- | |
5108 | arch/x86/crypto/blowfish-x86_64-asm_64.S | 7 + | |
5109 | arch/x86/crypto/camellia-aesni-avx-asm_64.S | 10 + | |
5110 | arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 10 + | |
5111 | arch/x86/crypto/camellia-x86_64-asm_64.S | 7 + | |
5112 | arch/x86/crypto/cast5-avx-x86_64-asm_64.S | 51 +- | |
5113 | arch/x86/crypto/cast6-avx-x86_64-asm_64.S | 25 +- | |
da1216b9 | 5114 | arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 4 +- |
6090327c PK |
5115 | arch/x86/crypto/ghash-clmulni-intel_asm.S | 4 + |
5116 | arch/x86/crypto/salsa20-x86_64-asm_64.S | 4 + | |
5117 | arch/x86/crypto/serpent-avx-x86_64-asm_64.S | 9 + | |
5118 | arch/x86/crypto/serpent-avx2-asm_64.S | 9 + | |
5119 | arch/x86/crypto/serpent-sse2-x86_64-asm_64.S | 4 + | |
5120 | arch/x86/crypto/sha1_ssse3_asm.S | 10 +- | |
5121 | arch/x86/crypto/sha256-avx-asm.S | 2 + | |
5122 | arch/x86/crypto/sha256-avx2-asm.S | 2 + | |
5123 | arch/x86/crypto/sha256-ssse3-asm.S | 2 + | |
5124 | arch/x86/crypto/sha512-avx-asm.S | 2 + | |
5125 | arch/x86/crypto/sha512-avx2-asm.S | 2 + | |
5126 | arch/x86/crypto/sha512-ssse3-asm.S | 2 + | |
5127 | arch/x86/crypto/twofish-avx-x86_64-asm_64.S | 25 +- | |
5128 | arch/x86/crypto/twofish-x86_64-asm_64-3way.S | 4 + | |
5129 | arch/x86/crypto/twofish-x86_64-asm_64.S | 3 + | |
afe359a8 PK |
5130 | arch/x86/entry/calling.h | 92 +- |
5131 | arch/x86/entry/entry_32.S | 360 +- | |
5132 | arch/x86/entry/entry_64.S | 636 +- | |
5133 | arch/x86/entry/entry_64_compat.S | 159 +- | |
5134 | arch/x86/entry/thunk_64.S | 2 + | |
5135 | arch/x86/entry/vdso/Makefile | 2 +- | |
5136 | arch/x86/entry/vdso/vdso2c.h | 4 +- | |
5137 | arch/x86/entry/vdso/vma.c | 41 +- | |
5138 | arch/x86/entry/vsyscall/vsyscall_64.c | 16 +- | |
0986ccbe | 5139 | arch/x86/ia32/ia32_signal.c | 23 +- |
afe359a8 | 5140 | arch/x86/ia32/sys_ia32.c | 42 +- |
da1216b9 | 5141 | arch/x86/include/asm/alternative-asm.h | 43 +- |
6090327c PK |
5142 | arch/x86/include/asm/alternative.h | 4 +- |
5143 | arch/x86/include/asm/apic.h | 2 +- | |
5144 | arch/x86/include/asm/apm.h | 4 +- | |
8cf17962 | 5145 | arch/x86/include/asm/atomic.h | 269 +- |
6090327c | 5146 | arch/x86/include/asm/atomic64_32.h | 100 + |
0986ccbe | 5147 | arch/x86/include/asm/atomic64_64.h | 164 +- |
6090327c PK |
5148 | arch/x86/include/asm/barrier.h | 4 +- |
5149 | arch/x86/include/asm/bitops.h | 18 +- | |
afe359a8 | 5150 | arch/x86/include/asm/boot.h | 2 +- |
6090327c | 5151 | arch/x86/include/asm/cache.h | 5 +- |
6090327c PK |
5152 | arch/x86/include/asm/checksum_32.h | 12 +- |
5153 | arch/x86/include/asm/cmpxchg.h | 39 + | |
5154 | arch/x86/include/asm/compat.h | 2 +- | |
afe359a8 | 5155 | arch/x86/include/asm/cpufeature.h | 17 +- |
6090327c PK |
5156 | arch/x86/include/asm/desc.h | 78 +- |
5157 | arch/x86/include/asm/desc_defs.h | 6 + | |
5158 | arch/x86/include/asm/div64.h | 2 +- | |
da1216b9 | 5159 | arch/x86/include/asm/elf.h | 33 +- |
6090327c | 5160 | arch/x86/include/asm/emergency-restart.h | 2 +- |
afe359a8 PK |
5161 | arch/x86/include/asm/fpu/internal.h | 36 +- |
5162 | arch/x86/include/asm/fpu/types.h | 5 +- | |
6090327c PK |
5163 | arch/x86/include/asm/futex.h | 14 +- |
5164 | arch/x86/include/asm/hw_irq.h | 4 +- | |
5165 | arch/x86/include/asm/i8259.h | 2 +- | |
afe359a8 | 5166 | arch/x86/include/asm/io.h | 22 +- |
6090327c PK |
5167 | arch/x86/include/asm/irqflags.h | 5 + |
5168 | arch/x86/include/asm/kprobes.h | 9 +- | |
5169 | arch/x86/include/asm/local.h | 106 +- | |
5170 | arch/x86/include/asm/mman.h | 15 + | |
afe359a8 PK |
5171 | arch/x86/include/asm/mmu.h | 14 +- |
5172 | arch/x86/include/asm/mmu_context.h | 138 +- | |
6090327c PK |
5173 | arch/x86/include/asm/module.h | 17 +- |
5174 | arch/x86/include/asm/nmi.h | 19 +- | |
5175 | arch/x86/include/asm/page.h | 1 + | |
afe359a8 PK |
5176 | arch/x86/include/asm/page_32.h | 12 +- |
5177 | arch/x86/include/asm/page_64.h | 14 +- | |
6090327c PK |
5178 | arch/x86/include/asm/paravirt.h | 46 +- |
5179 | arch/x86/include/asm/paravirt_types.h | 15 +- | |
5180 | arch/x86/include/asm/pgalloc.h | 23 + | |
5181 | arch/x86/include/asm/pgtable-2level.h | 2 + | |
5182 | arch/x86/include/asm/pgtable-3level.h | 4 + | |
da1216b9 | 5183 | arch/x86/include/asm/pgtable.h | 128 +- |
6090327c | 5184 | arch/x86/include/asm/pgtable_32.h | 14 +- |
afe359a8 | 5185 | arch/x86/include/asm/pgtable_32_types.h | 24 +- |
da1216b9 | 5186 | arch/x86/include/asm/pgtable_64.h | 22 +- |
6090327c PK |
5187 | arch/x86/include/asm/pgtable_64_types.h | 5 + |
5188 | arch/x86/include/asm/pgtable_types.h | 26 +- | |
5189 | arch/x86/include/asm/preempt.h | 2 +- | |
afe359a8 PK |
5190 | arch/x86/include/asm/processor.h | 59 +- |
5191 | arch/x86/include/asm/ptrace.h | 21 +- | |
6090327c PK |
5192 | arch/x86/include/asm/qrwlock.h | 4 +- |
5193 | arch/x86/include/asm/realmode.h | 4 +- | |
5194 | arch/x86/include/asm/reboot.h | 10 +- | |
5195 | arch/x86/include/asm/rmwcc.h | 84 +- | |
5196 | arch/x86/include/asm/rwsem.h | 60 +- | |
da1216b9 PK |
5197 | arch/x86/include/asm/segment.h | 27 +- |
5198 | arch/x86/include/asm/smap.h | 43 + | |
6090327c | 5199 | arch/x86/include/asm/smp.h | 14 +- |
6090327c PK |
5200 | arch/x86/include/asm/stackprotector.h | 4 +- |
5201 | arch/x86/include/asm/stacktrace.h | 32 +- | |
5202 | arch/x86/include/asm/switch_to.h | 4 +- | |
afe359a8 PK |
5203 | arch/x86/include/asm/sys_ia32.h | 6 +- |
5204 | arch/x86/include/asm/thread_info.h | 27 +- | |
5205 | arch/x86/include/asm/tlbflush.h | 77 +- | |
e8242a6d | 5206 | arch/x86/include/asm/uaccess.h | 192 +- |
8cf17962 PK |
5207 | arch/x86/include/asm/uaccess_32.h | 28 +- |
5208 | arch/x86/include/asm/uaccess_64.h | 169 +- | |
6090327c PK |
5209 | arch/x86/include/asm/word-at-a-time.h | 2 +- |
5210 | arch/x86/include/asm/x86_init.h | 10 +- | |
5211 | arch/x86/include/asm/xen/page.h | 2 +- | |
6090327c | 5212 | arch/x86/include/uapi/asm/e820.h | 2 +- |
6090327c PK |
5213 | arch/x86/kernel/Makefile | 2 +- |
5214 | arch/x86/kernel/acpi/boot.c | 4 +- | |
5215 | arch/x86/kernel/acpi/sleep.c | 4 + | |
5216 | arch/x86/kernel/acpi/wakeup_32.S | 6 +- | |
afe359a8 | 5217 | arch/x86/kernel/alternative.c | 124 +- |
6090327c PK |
5218 | arch/x86/kernel/apic/apic.c | 4 +- |
5219 | arch/x86/kernel/apic/apic_flat_64.c | 4 +- | |
5220 | arch/x86/kernel/apic/apic_noop.c | 2 +- | |
5221 | arch/x86/kernel/apic/bigsmp_32.c | 2 +- | |
e8242a6d | 5222 | arch/x86/kernel/apic/io_apic.c | 8 +- |
afe359a8 | 5223 | arch/x86/kernel/apic/msi.c | 2 +- |
6090327c | 5224 | arch/x86/kernel/apic/probe_32.c | 2 +- |
8cf17962 | 5225 | arch/x86/kernel/apic/vector.c | 4 +- |
6090327c PK |
5226 | arch/x86/kernel/apic/x2apic_cluster.c | 4 +- |
5227 | arch/x86/kernel/apic/x2apic_phys.c | 2 +- | |
5228 | arch/x86/kernel/apic/x2apic_uv_x.c | 2 +- | |
e8242a6d | 5229 | arch/x86/kernel/apm_32.c | 21 +- |
6090327c PK |
5230 | arch/x86/kernel/asm-offsets.c | 20 + |
5231 | arch/x86/kernel/asm-offsets_64.c | 1 + | |
5232 | arch/x86/kernel/cpu/Makefile | 4 - | |
5233 | arch/x86/kernel/cpu/amd.c | 2 +- | |
afe359a8 | 5234 | arch/x86/kernel/cpu/common.c | 202 +- |
da1216b9 | 5235 | arch/x86/kernel/cpu/intel_cacheinfo.c | 14 +- |
6090327c PK |
5236 | arch/x86/kernel/cpu/mcheck/mce.c | 31 +- |
5237 | arch/x86/kernel/cpu/mcheck/p5.c | 3 + | |
5238 | arch/x86/kernel/cpu/mcheck/winchip.c | 3 + | |
5239 | arch/x86/kernel/cpu/microcode/core.c | 2 +- | |
5240 | arch/x86/kernel/cpu/microcode/intel.c | 4 +- | |
5241 | arch/x86/kernel/cpu/mtrr/main.c | 2 +- | |
5242 | arch/x86/kernel/cpu/mtrr/mtrr.h | 2 +- | |
afe359a8 | 5243 | arch/x86/kernel/cpu/perf_event.c | 10 +- |
6090327c PK |
5244 | arch/x86/kernel/cpu/perf_event_amd_iommu.c | 2 +- |
5245 | arch/x86/kernel/cpu/perf_event_intel.c | 6 +- | |
da1216b9 PK |
5246 | arch/x86/kernel/cpu/perf_event_intel_bts.c | 6 +- |
5247 | arch/x86/kernel/cpu/perf_event_intel_cqm.c | 4 +- | |
5248 | arch/x86/kernel/cpu/perf_event_intel_pt.c | 44 +- | |
6090327c PK |
5249 | arch/x86/kernel/cpu/perf_event_intel_rapl.c | 2 +- |
5250 | arch/x86/kernel/cpu/perf_event_intel_uncore.c | 2 +- | |
5251 | arch/x86/kernel/cpu/perf_event_intel_uncore.h | 2 +- | |
5252 | arch/x86/kernel/cpuid.c | 2 +- | |
6090327c PK |
5253 | arch/x86/kernel/crash_dump_64.c | 2 +- |
5254 | arch/x86/kernel/doublefault.c | 8 +- | |
da1216b9 PK |
5255 | arch/x86/kernel/dumpstack.c | 24 +- |
5256 | arch/x86/kernel/dumpstack_32.c | 25 +- | |
8cf17962 | 5257 | arch/x86/kernel/dumpstack_64.c | 62 +- |
6090327c PK |
5258 | arch/x86/kernel/e820.c | 4 +- |
5259 | arch/x86/kernel/early_printk.c | 1 + | |
8cf17962 | 5260 | arch/x86/kernel/espfix_64.c | 13 +- |
afe359a8 PK |
5261 | arch/x86/kernel/fpu/core.c | 22 +- |
5262 | arch/x86/kernel/fpu/init.c | 8 +- | |
5263 | arch/x86/kernel/fpu/regset.c | 22 +- | |
5264 | arch/x86/kernel/fpu/signal.c | 20 +- | |
5265 | arch/x86/kernel/fpu/xstate.c | 8 +- | |
da1216b9 | 5266 | arch/x86/kernel/ftrace.c | 18 +- |
afe359a8 PK |
5267 | arch/x86/kernel/head64.c | 14 +- |
5268 | arch/x86/kernel/head_32.S | 235 +- | |
da1216b9 | 5269 | arch/x86/kernel/head_64.S | 149 +- |
6090327c | 5270 | arch/x86/kernel/i386_ksyms_32.c | 12 + |
6090327c PK |
5271 | arch/x86/kernel/i8259.c | 10 +- |
5272 | arch/x86/kernel/io_delay.c | 2 +- | |
5273 | arch/x86/kernel/ioport.c | 2 +- | |
5274 | arch/x86/kernel/irq.c | 8 +- | |
da1216b9 | 5275 | arch/x86/kernel/irq_32.c | 45 +- |
afe359a8 | 5276 | arch/x86/kernel/jump_label.c | 10 +- |
da1216b9 PK |
5277 | arch/x86/kernel/kgdb.c | 21 +- |
5278 | arch/x86/kernel/kprobes/core.c | 28 +- | |
6090327c PK |
5279 | arch/x86/kernel/kprobes/opt.c | 16 +- |
5280 | arch/x86/kernel/ksysfs.c | 2 +- | |
afe359a8 | 5281 | arch/x86/kernel/ldt.c | 25 + |
e8242a6d | 5282 | arch/x86/kernel/livepatch.c | 12 +- |
6090327c | 5283 | arch/x86/kernel/machine_kexec_32.c | 6 +- |
a8b227b4 | 5284 | arch/x86/kernel/mcount_64.S | 19 +- |
6090327c PK |
5285 | arch/x86/kernel/module.c | 78 +- |
5286 | arch/x86/kernel/msr.c | 2 +- | |
5287 | arch/x86/kernel/nmi.c | 34 +- | |
5288 | arch/x86/kernel/nmi_selftest.c | 4 +- | |
5289 | arch/x86/kernel/paravirt-spinlocks.c | 2 +- | |
5290 | arch/x86/kernel/paravirt.c | 45 +- | |
8cf17962 | 5291 | arch/x86/kernel/paravirt_patch_64.c | 8 + |
6090327c PK |
5292 | arch/x86/kernel/pci-calgary_64.c | 2 +- |
5293 | arch/x86/kernel/pci-iommu_table.c | 2 +- | |
5294 | arch/x86/kernel/pci-swiotlb.c | 2 +- | |
afe359a8 PK |
5295 | arch/x86/kernel/process.c | 71 +- |
5296 | arch/x86/kernel/process_32.c | 30 +- | |
5297 | arch/x86/kernel/process_64.c | 19 +- | |
6090327c PK |
5298 | arch/x86/kernel/ptrace.c | 20 +- |
5299 | arch/x86/kernel/pvclock.c | 8 +- | |
e8242a6d | 5300 | arch/x86/kernel/reboot.c | 44 +- |
6090327c PK |
5301 | arch/x86/kernel/reboot_fixups_32.c | 2 +- |
5302 | arch/x86/kernel/relocate_kernel_64.S | 3 +- | |
afe359a8 | 5303 | arch/x86/kernel/setup.c | 29 +- |
6090327c PK |
5304 | arch/x86/kernel/setup_percpu.c | 29 +- |
5305 | arch/x86/kernel/signal.c | 17 +- | |
5306 | arch/x86/kernel/smp.c | 2 +- | |
afe359a8 PK |
5307 | arch/x86/kernel/smpboot.c | 29 +- |
5308 | arch/x86/kernel/step.c | 6 +- | |
6090327c PK |
5309 | arch/x86/kernel/sys_i386_32.c | 184 + |
5310 | arch/x86/kernel/sys_x86_64.c | 22 +- | |
da1216b9 PK |
5311 | arch/x86/kernel/tboot.c | 14 +- |
5312 | arch/x86/kernel/time.c | 8 +- | |
6090327c PK |
5313 | arch/x86/kernel/tls.c | 7 +- |
5314 | arch/x86/kernel/tracepoint.c | 4 +- | |
da1216b9 | 5315 | arch/x86/kernel/traps.c | 53 +- |
6090327c | 5316 | arch/x86/kernel/tsc.c | 2 +- |
da1216b9 | 5317 | arch/x86/kernel/uprobes.c | 2 +- |
6090327c PK |
5318 | arch/x86/kernel/vm86_32.c | 6 +- |
5319 | arch/x86/kernel/vmlinux.lds.S | 147 +- | |
6090327c PK |
5320 | arch/x86/kernel/x8664_ksyms_64.c | 6 +- |
5321 | arch/x86/kernel/x86_init.c | 6 +- | |
6090327c | 5322 | arch/x86/kvm/cpuid.c | 21 +- |
8cf17962 | 5323 | arch/x86/kvm/emulate.c | 2 +- |
6090327c PK |
5324 | arch/x86/kvm/lapic.c | 2 +- |
5325 | arch/x86/kvm/paging_tmpl.h | 2 +- | |
5326 | arch/x86/kvm/svm.c | 8 + | |
e8242a6d | 5327 | arch/x86/kvm/vmx.c | 82 +- |
afe359a8 | 5328 | arch/x86/kvm/x86.c | 44 +- |
6090327c PK |
5329 | arch/x86/lguest/boot.c | 3 +- |
5330 | arch/x86/lib/atomic64_386_32.S | 164 + | |
afe359a8 PK |
5331 | arch/x86/lib/atomic64_cx8_32.S | 98 +- |
5332 | arch/x86/lib/checksum_32.S | 97 +- | |
da1216b9 | 5333 | arch/x86/lib/clear_page_64.S | 3 + |
0986ccbe | 5334 | arch/x86/lib/cmpxchg16b_emu.S | 3 + |
afe359a8 PK |
5335 | arch/x86/lib/copy_page_64.S | 14 +- |
5336 | arch/x86/lib/copy_user_64.S | 66 +- | |
5337 | arch/x86/lib/csum-copy_64.S | 14 +- | |
6090327c PK |
5338 | arch/x86/lib/csum-wrappers_64.c | 8 +- |
5339 | arch/x86/lib/getuser.S | 74 +- | |
8cf17962 | 5340 | arch/x86/lib/insn.c | 8 +- |
6090327c | 5341 | arch/x86/lib/iomap_copy_64.S | 2 + |
da1216b9 PK |
5342 | arch/x86/lib/memcpy_64.S | 6 + |
5343 | arch/x86/lib/memmove_64.S | 3 +- | |
5344 | arch/x86/lib/memset_64.S | 3 + | |
6090327c PK |
5345 | arch/x86/lib/mmx_32.c | 243 +- |
5346 | arch/x86/lib/msr-reg.S | 2 + | |
afe359a8 | 5347 | arch/x86/lib/putuser.S | 87 +- |
6090327c | 5348 | arch/x86/lib/rwsem.S | 6 +- |
afe359a8 | 5349 | arch/x86/lib/usercopy_32.c | 359 +- |
da1216b9 | 5350 | arch/x86/lib/usercopy_64.c | 20 +- |
afe359a8 PK |
5351 | arch/x86/math-emu/fpu_aux.c | 2 +- |
5352 | arch/x86/math-emu/fpu_entry.c | 4 +- | |
5353 | arch/x86/math-emu/fpu_system.h | 2 +- | |
6090327c | 5354 | arch/x86/mm/Makefile | 4 + |
afe359a8 | 5355 | arch/x86/mm/extable.c | 26 +- |
da1216b9 | 5356 | arch/x86/mm/fault.c | 570 +- |
6090327c PK |
5357 | arch/x86/mm/gup.c | 6 +- |
5358 | arch/x86/mm/highmem_32.c | 4 + | |
5359 | arch/x86/mm/hugetlbpage.c | 24 +- | |
5360 | arch/x86/mm/init.c | 101 +- | |
5361 | arch/x86/mm/init_32.c | 111 +- | |
8cf17962 | 5362 | arch/x86/mm/init_64.c | 46 +- |
6090327c | 5363 | arch/x86/mm/iomap_32.c | 4 + |
afe359a8 | 5364 | arch/x86/mm/ioremap.c | 44 +- |
6090327c | 5365 | arch/x86/mm/kmemcheck/kmemcheck.c | 4 +- |
da1216b9 | 5366 | arch/x86/mm/mmap.c | 40 +- |
6090327c PK |
5367 | arch/x86/mm/mmio-mod.c | 10 +- |
5368 | arch/x86/mm/numa.c | 2 +- | |
5369 | arch/x86/mm/pageattr.c | 33 +- | |
afe359a8 | 5370 | arch/x86/mm/pat.c | 12 +- |
6090327c PK |
5371 | arch/x86/mm/pat_rbtree.c | 2 +- |
5372 | arch/x86/mm/pf_in.c | 10 +- | |
e8242a6d | 5373 | arch/x86/mm/pgtable.c | 162 +- |
6090327c | 5374 | arch/x86/mm/pgtable_32.c | 3 + |
6090327c PK |
5375 | arch/x86/mm/setup_nx.c | 7 + |
5376 | arch/x86/mm/tlb.c | 4 + | |
5377 | arch/x86/mm/uderef_64.c | 37 + | |
5378 | arch/x86/net/bpf_jit.S | 11 + | |
8cf17962 | 5379 | arch/x86/net/bpf_jit_comp.c | 13 +- |
da1216b9 | 5380 | arch/x86/oprofile/backtrace.c | 6 +- |
6090327c PK |
5381 | arch/x86/oprofile/nmi_int.c | 8 +- |
5382 | arch/x86/oprofile/op_model_amd.c | 8 +- | |
5383 | arch/x86/oprofile/op_model_ppro.c | 7 +- | |
5384 | arch/x86/oprofile/op_x86_model.h | 2 +- | |
5385 | arch/x86/pci/intel_mid_pci.c | 2 +- | |
5386 | arch/x86/pci/irq.c | 8 +- | |
5387 | arch/x86/pci/pcbios.c | 144 +- | |
5388 | arch/x86/platform/efi/efi_32.c | 24 + | |
da1216b9 | 5389 | arch/x86/platform/efi/efi_64.c | 26 +- |
6090327c | 5390 | arch/x86/platform/efi/efi_stub_32.S | 64 +- |
8cf17962 | 5391 | arch/x86/platform/efi/efi_stub_64.S | 2 + |
e8242a6d | 5392 | arch/x86/platform/intel-mid/intel-mid.c | 5 +- |
a8b227b4 PK |
5393 | arch/x86/platform/intel-mid/intel_mid_weak_decls.h | 6 +- |
5394 | arch/x86/platform/intel-mid/mfld.c | 4 +- | |
5395 | arch/x86/platform/intel-mid/mrfl.c | 2 +- | |
e8242a6d | 5396 | arch/x86/platform/intel-quark/imr_selftest.c | 2 +- |
6090327c PK |
5397 | arch/x86/platform/olpc/olpc_dt.c | 2 +- |
5398 | arch/x86/power/cpu.c | 11 +- | |
5399 | arch/x86/realmode/init.c | 10 +- | |
5400 | arch/x86/realmode/rm/Makefile | 3 + | |
5401 | arch/x86/realmode/rm/header.S | 4 +- | |
da1216b9 | 5402 | arch/x86/realmode/rm/reboot.S | 4 + |
6090327c PK |
5403 | arch/x86/realmode/rm/trampoline_32.S | 12 +- |
5404 | arch/x86/realmode/rm/trampoline_64.S | 3 +- | |
5405 | arch/x86/realmode/rm/wakeup_asm.S | 5 +- | |
5406 | arch/x86/tools/Makefile | 2 +- | |
afe359a8 | 5407 | arch/x86/tools/relocs.c | 96 +- |
6090327c PK |
5408 | arch/x86/um/mem_32.c | 2 +- |
5409 | arch/x86/um/tls_32.c | 2 +- | |
da1216b9 PK |
5410 | arch/x86/xen/enlighten.c | 50 +- |
5411 | arch/x86/xen/mmu.c | 17 +- | |
5412 | arch/x86/xen/smp.c | 16 +- | |
6090327c PK |
5413 | arch/x86/xen/xen-asm_32.S | 2 +- |
5414 | arch/x86/xen/xen-head.S | 11 + | |
5415 | arch/x86/xen/xen-ops.h | 2 - | |
e8242a6d | 5416 | block/bio.c | 4 +- |
6090327c PK |
5417 | block/blk-iopoll.c | 2 +- |
5418 | block/blk-map.c | 2 +- | |
5419 | block/blk-softirq.c | 2 +- | |
5420 | block/bsg.c | 12 +- | |
5421 | block/compat_ioctl.c | 4 +- | |
5422 | block/genhd.c | 9 +- | |
5423 | block/partitions/efi.c | 8 +- | |
5424 | block/scsi_ioctl.c | 29 +- | |
5425 | crypto/cryptd.c | 4 +- | |
5426 | crypto/pcrypt.c | 2 +- | |
e8242a6d | 5427 | crypto/zlib.c | 4 +- |
afe359a8 | 5428 | drivers/acpi/acpi_video.c | 2 +- |
6090327c PK |
5429 | drivers/acpi/apei/apei-internal.h | 2 +- |
5430 | drivers/acpi/apei/ghes.c | 4 +- | |
5431 | drivers/acpi/bgrt.c | 6 +- | |
5432 | drivers/acpi/blacklist.c | 4 +- | |
e8242a6d | 5433 | drivers/acpi/bus.c | 4 +- |
0986ccbe | 5434 | drivers/acpi/device_pm.c | 4 +- |
e8242a6d PK |
5435 | drivers/acpi/ec.c | 2 +- |
5436 | drivers/acpi/pci_slot.c | 2 +- | |
5437 | drivers/acpi/processor_driver.c | 2 +- | |
6090327c | 5438 | drivers/acpi/processor_idle.c | 2 +- |
e8242a6d PK |
5439 | drivers/acpi/processor_pdc.c | 2 +- |
5440 | drivers/acpi/sleep.c | 2 +- | |
6090327c | 5441 | drivers/acpi/sysfs.c | 4 +- |
e8242a6d | 5442 | drivers/acpi/thermal.c | 2 +- |
afe359a8 | 5443 | drivers/acpi/video_detect.c | 7 +- |
6090327c PK |
5444 | drivers/ata/libahci.c | 2 +- |
5445 | drivers/ata/libata-core.c | 12 +- | |
5446 | drivers/ata/libata-scsi.c | 2 +- | |
5447 | drivers/ata/libata.h | 2 +- | |
5448 | drivers/ata/pata_arasan_cf.c | 4 +- | |
5449 | drivers/atm/adummy.c | 2 +- | |
5450 | drivers/atm/ambassador.c | 8 +- | |
5451 | drivers/atm/atmtcp.c | 14 +- | |
5452 | drivers/atm/eni.c | 10 +- | |
5453 | drivers/atm/firestream.c | 8 +- | |
5454 | drivers/atm/fore200e.c | 14 +- | |
5455 | drivers/atm/he.c | 18 +- | |
5456 | drivers/atm/horizon.c | 4 +- | |
5457 | drivers/atm/idt77252.c | 36 +- | |
5458 | drivers/atm/iphase.c | 34 +- | |
5459 | drivers/atm/lanai.c | 12 +- | |
5460 | drivers/atm/nicstar.c | 46 +- | |
5461 | drivers/atm/solos-pci.c | 4 +- | |
5462 | drivers/atm/suni.c | 4 +- | |
5463 | drivers/atm/uPD98402.c | 16 +- | |
5464 | drivers/atm/zatm.c | 6 +- | |
5465 | drivers/base/bus.c | 4 +- | |
5466 | drivers/base/devtmpfs.c | 8 +- | |
5467 | drivers/base/node.c | 2 +- | |
da1216b9 | 5468 | drivers/base/power/domain.c | 11 +- |
6090327c PK |
5469 | drivers/base/power/sysfs.c | 2 +- |
5470 | drivers/base/power/wakeup.c | 8 +- | |
5471 | drivers/base/syscore.c | 4 +- | |
5472 | drivers/block/cciss.c | 28 +- | |
5473 | drivers/block/cciss.h | 2 +- | |
5474 | drivers/block/cpqarray.c | 28 +- | |
5475 | drivers/block/cpqarray.h | 2 +- | |
a8b227b4 | 5476 | drivers/block/drbd/drbd_bitmap.c | 2 +- |
8cf17962 | 5477 | drivers/block/drbd/drbd_int.h | 8 +- |
a8b227b4 | 5478 | drivers/block/drbd/drbd_main.c | 12 +- |
6090327c | 5479 | drivers/block/drbd/drbd_nl.c | 4 +- |
a8b227b4 PK |
5480 | drivers/block/drbd/drbd_receiver.c | 34 +- |
5481 | drivers/block/drbd/drbd_worker.c | 8 +- | |
6090327c | 5482 | drivers/block/pktcdvd.c | 4 +- |
8cf17962 | 5483 | drivers/block/rbd.c | 2 +- |
6090327c PK |
5484 | drivers/bluetooth/btwilink.c | 2 +- |
5485 | drivers/cdrom/cdrom.c | 11 +- | |
5486 | drivers/cdrom/gdrom.c | 1 - | |
5487 | drivers/char/agp/compat_ioctl.c | 2 +- | |
5488 | drivers/char/agp/frontend.c | 4 +- | |
afe359a8 | 5489 | drivers/char/agp/intel-gtt.c | 4 +- |
6090327c | 5490 | drivers/char/hpet.c | 2 +- |
6090327c PK |
5491 | drivers/char/ipmi/ipmi_msghandler.c | 8 +- |
5492 | drivers/char/ipmi/ipmi_si_intf.c | 8 +- | |
8cf17962 | 5493 | drivers/char/mem.c | 47 +- |
6090327c | 5494 | drivers/char/nvram.c | 2 +- |
a8b227b4 PK |
5495 | drivers/char/pcmcia/synclink_cs.c | 16 +- |
5496 | drivers/char/random.c | 12 +- | |
e8242a6d | 5497 | drivers/char/sonypi.c | 11 +- |
6090327c PK |
5498 | drivers/char/tpm/tpm_acpi.c | 3 +- |
5499 | drivers/char/tpm/tpm_eventlog.c | 7 +- | |
5500 | drivers/char/virtio_console.c | 4 +- | |
5501 | drivers/clk/clk-composite.c | 2 +- | |
da1216b9 | 5502 | drivers/clk/samsung/clk.h | 2 +- |
6090327c PK |
5503 | drivers/clk/socfpga/clk-gate.c | 9 +- |
5504 | drivers/clk/socfpga/clk-pll.c | 9 +- | |
5505 | drivers/cpufreq/acpi-cpufreq.c | 17 +- | |
8cf17962 | 5506 | drivers/cpufreq/cpufreq-dt.c | 4 +- |
6090327c | 5507 | drivers/cpufreq/cpufreq.c | 26 +- |
afe359a8 | 5508 | drivers/cpufreq/cpufreq_governor.c | 2 +- |
6090327c PK |
5509 | drivers/cpufreq/cpufreq_governor.h | 4 +- |
5510 | drivers/cpufreq/cpufreq_ondemand.c | 10 +- | |
0986ccbe | 5511 | drivers/cpufreq/intel_pstate.c | 33 +- |
6090327c PK |
5512 | drivers/cpufreq/p4-clockmod.c | 12 +- |
5513 | drivers/cpufreq/sparc-us3-cpufreq.c | 67 +- | |
5514 | drivers/cpufreq/speedstep-centrino.c | 7 +- | |
5515 | drivers/cpuidle/driver.c | 2 +- | |
afe359a8 | 5516 | drivers/cpuidle/dt_idle_states.c | 2 +- |
6090327c PK |
5517 | drivers/cpuidle/governor.c | 2 +- |
5518 | drivers/cpuidle/sysfs.c | 2 +- | |
5519 | drivers/crypto/hifn_795x.c | 4 +- | |
5520 | drivers/devfreq/devfreq.c | 4 +- | |
5521 | drivers/dma/sh/shdma-base.c | 4 +- | |
5522 | drivers/dma/sh/shdmac.c | 2 +- | |
5523 | drivers/edac/edac_device.c | 4 +- | |
da1216b9 | 5524 | drivers/edac/edac_mc_sysfs.c | 2 +- |
6090327c PK |
5525 | drivers/edac/edac_pci.c | 4 +- |
5526 | drivers/edac/edac_pci_sysfs.c | 22 +- | |
5527 | drivers/edac/mce_amd.h | 2 +- | |
5528 | drivers/firewire/core-card.c | 6 +- | |
5529 | drivers/firewire/core-device.c | 2 +- | |
5530 | drivers/firewire/core-transaction.c | 1 + | |
5531 | drivers/firewire/core.h | 1 + | |
5532 | drivers/firmware/dmi-id.c | 2 +- | |
afe359a8 | 5533 | drivers/firmware/dmi_scan.c | 12 +- |
6090327c PK |
5534 | drivers/firmware/efi/cper.c | 8 +- |
5535 | drivers/firmware/efi/efi.c | 12 +- | |
5536 | drivers/firmware/efi/efivars.c | 2 +- | |
e8242a6d PK |
5537 | drivers/firmware/efi/runtime-map.c | 2 +- |
5538 | drivers/firmware/google/gsmi.c | 2 +- | |
5539 | drivers/firmware/google/memconsole.c | 7 +- | |
5540 | drivers/firmware/memmap.c | 2 +- | |
afe359a8 | 5541 | drivers/gpio/gpio-davinci.c | 6 +- |
6090327c PK |
5542 | drivers/gpio/gpio-em.c | 2 +- |
5543 | drivers/gpio/gpio-ich.c | 2 +- | |
afe359a8 | 5544 | drivers/gpio/gpio-omap.c | 4 +- |
6090327c PK |
5545 | drivers/gpio/gpio-rcar.c | 2 +- |
5546 | drivers/gpio/gpio-vr41xx.c | 2 +- | |
a8b227b4 | 5547 | drivers/gpio/gpiolib.c | 13 +- |
afe359a8 PK |
5548 | drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- |
5549 | drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 2 +- | |
5550 | drivers/gpu/drm/amd/amdkfd/kfd_device.c | 6 +- | |
5551 | .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 90 +- | |
5552 | .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.h | 8 +- | |
5553 | .../drm/amd/amdkfd/kfd_device_queue_manager_cik.c | 14 +- | |
5554 | .../drm/amd/amdkfd/kfd_device_queue_manager_vi.c | 14 +- | |
5555 | drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c | 4 +- | |
5556 | drivers/gpu/drm/amd/amdkfd/kfd_kernel_queue.c | 2 +- | |
e8242a6d | 5557 | drivers/gpu/drm/amd/amdkfd/kfd_kernel_queue.h | 2 +- |
afe359a8 | 5558 | .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 16 +- |
6090327c | 5559 | drivers/gpu/drm/drm_crtc.c | 2 +- |
a8b227b4 | 5560 | drivers/gpu/drm/drm_drv.c | 2 +- |
6090327c PK |
5561 | drivers/gpu/drm/drm_fops.c | 12 +- |
5562 | drivers/gpu/drm/drm_global.c | 14 +- | |
5563 | drivers/gpu/drm/drm_info.c | 13 +- | |
5564 | drivers/gpu/drm/drm_ioc32.c | 13 +- | |
a8b227b4 | 5565 | drivers/gpu/drm/drm_ioctl.c | 2 +- |
e8242a6d | 5566 | drivers/gpu/drm/gma500/mdfld_dsi_dpi.c | 10 +- |
6090327c | 5567 | drivers/gpu/drm/i810/i810_drv.h | 4 +- |
afe359a8 | 5568 | drivers/gpu/drm/i915/i915_debugfs.c | 2 +- |
6090327c PK |
5569 | drivers/gpu/drm/i915/i915_dma.c | 2 +- |
5570 | drivers/gpu/drm/i915/i915_gem_execbuffer.c | 4 +- | |
afe359a8 PK |
5571 | drivers/gpu/drm/i915/i915_gem_gtt.c | 32 +- |
5572 | drivers/gpu/drm/i915/i915_gem_gtt.h | 16 +- | |
5573 | drivers/gpu/drm/i915/i915_gem_stolen.c | 2 +- | |
da1216b9 | 5574 | drivers/gpu/drm/i915/i915_ioc32.c | 16 +- |
6090327c | 5575 | drivers/gpu/drm/i915/intel_display.c | 26 +- |
8cf17962 | 5576 | drivers/gpu/drm/imx/imx-drm-core.c | 2 +- |
6090327c | 5577 | drivers/gpu/drm/mga/mga_drv.h | 4 +- |
da1216b9 | 5578 | drivers/gpu/drm/mga/mga_ioc32.c | 10 +- |
6090327c PK |
5579 | drivers/gpu/drm/mga/mga_irq.c | 8 +- |
5580 | drivers/gpu/drm/nouveau/nouveau_bios.c | 2 +- | |
5581 | drivers/gpu/drm/nouveau/nouveau_drm.h | 1 - | |
5582 | drivers/gpu/drm/nouveau/nouveau_ioc32.c | 2 +- | |
5583 | drivers/gpu/drm/nouveau/nouveau_vga.c | 2 +- | |
afe359a8 | 5584 | drivers/gpu/drm/omapdrm/Makefile | 2 +- |
6090327c PK |
5585 | drivers/gpu/drm/qxl/qxl_cmd.c | 12 +- |
5586 | drivers/gpu/drm/qxl/qxl_debugfs.c | 8 +- | |
5587 | drivers/gpu/drm/qxl/qxl_drv.h | 8 +- | |
5588 | drivers/gpu/drm/qxl/qxl_ioctl.c | 10 +- | |
5589 | drivers/gpu/drm/qxl/qxl_irq.c | 16 +- | |
5590 | drivers/gpu/drm/qxl/qxl_ttm.c | 38 +- | |
5591 | drivers/gpu/drm/r128/r128_cce.c | 2 +- | |
5592 | drivers/gpu/drm/r128/r128_drv.h | 4 +- | |
da1216b9 | 5593 | drivers/gpu/drm/r128/r128_ioc32.c | 10 +- |
6090327c PK |
5594 | drivers/gpu/drm/r128/r128_irq.c | 4 +- |
5595 | drivers/gpu/drm/r128/r128_state.c | 4 +- | |
5596 | drivers/gpu/drm/radeon/mkregtable.c | 4 +- | |
5597 | drivers/gpu/drm/radeon/radeon_device.c | 2 +- | |
5598 | drivers/gpu/drm/radeon/radeon_drv.h | 2 +- | |
da1216b9 | 5599 | drivers/gpu/drm/radeon/radeon_ioc32.c | 12 +- |
6090327c PK |
5600 | drivers/gpu/drm/radeon/radeon_irq.c | 6 +- |
5601 | drivers/gpu/drm/radeon/radeon_state.c | 4 +- | |
5602 | drivers/gpu/drm/radeon/radeon_ttm.c | 4 +- | |
5603 | drivers/gpu/drm/tegra/dc.c | 2 +- | |
5604 | drivers/gpu/drm/tegra/dsi.c | 2 +- | |
5605 | drivers/gpu/drm/tegra/hdmi.c | 2 +- | |
afe359a8 PK |
5606 | drivers/gpu/drm/tegra/sor.c | 7 +- |
5607 | drivers/gpu/drm/tilcdc/Makefile | 6 +- | |
6090327c | 5608 | drivers/gpu/drm/ttm/ttm_memory.c | 4 +- |
0986ccbe PK |
5609 | drivers/gpu/drm/ttm/ttm_page_alloc.c | 18 +- |
5610 | drivers/gpu/drm/ttm/ttm_page_alloc_dma.c | 18 +- | |
6090327c PK |
5611 | drivers/gpu/drm/udl/udl_fb.c | 1 - |
5612 | drivers/gpu/drm/via/via_drv.h | 4 +- | |
5613 | drivers/gpu/drm/via/via_irq.c | 18 +- | |
afe359a8 PK |
5614 | drivers/gpu/drm/virtio/virtgpu_debugfs.c | 2 +- |
5615 | drivers/gpu/drm/virtio/virtgpu_fence.c | 2 +- | |
6090327c PK |
5616 | drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 2 +- |
5617 | drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c | 8 +- | |
5618 | drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c | 4 +- | |
5619 | drivers/gpu/drm/vmwgfx/vmwgfx_irq.c | 4 +- | |
5620 | drivers/gpu/drm/vmwgfx/vmwgfx_marker.c | 2 +- | |
5621 | drivers/gpu/vga/vga_switcheroo.c | 4 +- | |
5622 | drivers/hid/hid-core.c | 4 +- | |
afe359a8 | 5623 | drivers/hid/hid-sensor-custom.c | 2 +- |
e8242a6d | 5624 | drivers/hv/channel.c | 2 +- |
6090327c PK |
5625 | drivers/hv/hv.c | 4 +- |
5626 | drivers/hv/hv_balloon.c | 18 +- | |
5627 | drivers/hv/hyperv_vmbus.h | 2 +- | |
e8242a6d | 5628 | drivers/hwmon/acpi_power_meter.c | 6 +- |
6090327c PK |
5629 | drivers/hwmon/applesmc.c | 2 +- |
5630 | drivers/hwmon/asus_atk0110.c | 10 +- | |
5631 | drivers/hwmon/coretemp.c | 2 +- | |
afe359a8 | 5632 | drivers/hwmon/dell-smm-hwmon.c | 2 +- |
6090327c PK |
5633 | drivers/hwmon/ibmaem.c | 2 +- |
5634 | drivers/hwmon/iio_hwmon.c | 2 +- | |
a8b227b4 | 5635 | drivers/hwmon/nct6683.c | 6 +- |
6090327c PK |
5636 | drivers/hwmon/nct6775.c | 6 +- |
5637 | drivers/hwmon/pmbus/pmbus_core.c | 10 +- | |
5638 | drivers/hwmon/sht15.c | 12 +- | |
5639 | drivers/hwmon/via-cputemp.c | 2 +- | |
5640 | drivers/i2c/busses/i2c-amd756-s4882.c | 2 +- | |
5641 | drivers/i2c/busses/i2c-diolan-u2c.c | 2 +- | |
5642 | drivers/i2c/busses/i2c-nforce2-s4985.c | 2 +- | |
5643 | drivers/i2c/i2c-dev.c | 2 +- | |
5644 | drivers/ide/ide-cd.c | 2 +- | |
5645 | drivers/iio/industrialio-core.c | 2 +- | |
afe359a8 | 5646 | drivers/iio/magnetometer/ak8975.c | 2 +- |
6090327c PK |
5647 | drivers/infiniband/core/cm.c | 32 +- |
5648 | drivers/infiniband/core/fmr_pool.c | 20 +- | |
e8242a6d | 5649 | drivers/infiniband/core/uverbs_cmd.c | 3 + |
6090327c PK |
5650 | drivers/infiniband/hw/cxgb4/mem.c | 4 +- |
5651 | drivers/infiniband/hw/ipath/ipath_rc.c | 6 +- | |
5652 | drivers/infiniband/hw/ipath/ipath_ruc.c | 6 +- | |
5653 | drivers/infiniband/hw/mlx4/mad.c | 2 +- | |
5654 | drivers/infiniband/hw/mlx4/mcg.c | 2 +- | |
5655 | drivers/infiniband/hw/mlx4/mlx4_ib.h | 2 +- | |
5656 | drivers/infiniband/hw/mthca/mthca_cmd.c | 8 +- | |
5657 | drivers/infiniband/hw/mthca/mthca_main.c | 2 +- | |
5658 | drivers/infiniband/hw/mthca/mthca_mr.c | 6 +- | |
5659 | drivers/infiniband/hw/mthca/mthca_provider.c | 2 +- | |
5660 | drivers/infiniband/hw/nes/nes.c | 4 +- | |
5661 | drivers/infiniband/hw/nes/nes.h | 40 +- | |
5662 | drivers/infiniband/hw/nes/nes_cm.c | 62 +- | |
5663 | drivers/infiniband/hw/nes/nes_mgt.c | 8 +- | |
5664 | drivers/infiniband/hw/nes/nes_nic.c | 40 +- | |
5665 | drivers/infiniband/hw/nes/nes_verbs.c | 10 +- | |
5666 | drivers/infiniband/hw/qib/qib.h | 1 + | |
0986ccbe | 5667 | drivers/infiniband/ulp/ipoib/ipoib_netlink.c | 2 +- |
6090327c PK |
5668 | drivers/input/gameport/gameport.c | 4 +- |
5669 | drivers/input/input.c | 4 +- | |
5670 | drivers/input/joystick/sidewinder.c | 1 + | |
5671 | drivers/input/joystick/xpad.c | 4 +- | |
5672 | drivers/input/misc/ims-pcu.c | 4 +- | |
5673 | drivers/input/mouse/psmouse.h | 2 +- | |
5674 | drivers/input/mousedev.c | 2 +- | |
5675 | drivers/input/serio/serio.c | 4 +- | |
5676 | drivers/input/serio/serio_raw.c | 4 +- | |
e8242a6d | 5677 | drivers/input/touchscreen/htcpen.c | 2 +- |
da1216b9 PK |
5678 | drivers/iommu/arm-smmu.c | 43 +- |
5679 | drivers/iommu/io-pgtable-arm.c | 101 +- | |
5680 | drivers/iommu/io-pgtable.c | 11 +- | |
5681 | drivers/iommu/io-pgtable.h | 19 +- | |
0986ccbe | 5682 | drivers/iommu/iommu.c | 2 +- |
da1216b9 | 5683 | drivers/iommu/ipmmu-vmsa.c | 13 +- |
afe359a8 | 5684 | drivers/iommu/irq_remapping.c | 2 +- |
da1216b9 | 5685 | drivers/irqchip/irq-gic.c | 2 +- |
8cf17962 | 5686 | drivers/irqchip/irq-renesas-intc-irqpin.c | 2 +- |
6090327c PK |
5687 | drivers/irqchip/irq-renesas-irqc.c | 2 +- |
5688 | drivers/isdn/capi/capi.c | 10 +- | |
5689 | drivers/isdn/gigaset/interface.c | 8 +- | |
5690 | drivers/isdn/gigaset/usb-gigaset.c | 2 +- | |
5691 | drivers/isdn/hardware/avm/b1.c | 4 +- | |
5692 | drivers/isdn/i4l/isdn_common.c | 2 + | |
5693 | drivers/isdn/i4l/isdn_tty.c | 22 +- | |
5694 | drivers/isdn/icn/icn.c | 2 +- | |
5695 | drivers/isdn/mISDN/dsp_cmx.c | 2 +- | |
6090327c PK |
5696 | drivers/lguest/core.c | 10 +- |
5697 | drivers/lguest/page_tables.c | 2 +- | |
5698 | drivers/lguest/x86/core.c | 12 +- | |
5699 | drivers/lguest/x86/switcher_32.S | 27 +- | |
5700 | drivers/md/bcache/closure.h | 2 +- | |
5701 | drivers/md/bitmap.c | 2 +- | |
5702 | drivers/md/dm-ioctl.c | 2 +- | |
afe359a8 | 5703 | drivers/md/dm-raid1.c | 18 +- |
6090327c PK |
5704 | drivers/md/dm-stats.c | 6 +- |
5705 | drivers/md/dm-stripe.c | 10 +- | |
0986ccbe | 5706 | drivers/md/dm-table.c | 2 +- |
6090327c PK |
5707 | drivers/md/dm-thin-metadata.c | 4 +- |
5708 | drivers/md/dm.c | 16 +- | |
5709 | drivers/md/md.c | 26 +- | |
5710 | drivers/md/md.h | 6 +- | |
5711 | drivers/md/persistent-data/dm-space-map-metadata.c | 4 +- | |
5712 | drivers/md/persistent-data/dm-space-map.h | 1 + | |
5713 | drivers/md/raid1.c | 4 +- | |
5714 | drivers/md/raid10.c | 16 +- | |
e8242a6d | 5715 | drivers/md/raid5.c | 22 +- |
6090327c PK |
5716 | drivers/media/dvb-core/dvbdev.c | 2 +- |
5717 | drivers/media/dvb-frontends/af9033.h | 2 +- | |
5718 | drivers/media/dvb-frontends/dib3000.h | 2 +- | |
a8b227b4 PK |
5719 | drivers/media/dvb-frontends/dib7000p.h | 2 +- |
5720 | drivers/media/dvb-frontends/dib8000.h | 2 +- | |
6090327c PK |
5721 | drivers/media/pci/cx88/cx88-video.c | 6 +- |
5722 | drivers/media/pci/ivtv/ivtv-driver.c | 2 +- | |
a8b227b4 PK |
5723 | drivers/media/pci/solo6x10/solo6x10-core.c | 2 +- |
5724 | drivers/media/pci/solo6x10/solo6x10-p2m.c | 2 +- | |
5725 | drivers/media/pci/solo6x10/solo6x10.h | 2 +- | |
0986ccbe | 5726 | drivers/media/pci/tw68/tw68-core.c | 2 +- |
6090327c PK |
5727 | drivers/media/platform/omap/omap_vout.c | 11 +- |
5728 | drivers/media/platform/s5p-tv/mixer.h | 2 +- | |
5729 | drivers/media/platform/s5p-tv/mixer_grp_layer.c | 2 +- | |
5730 | drivers/media/platform/s5p-tv/mixer_reg.c | 2 +- | |
5731 | drivers/media/platform/s5p-tv/mixer_video.c | 24 +- | |
5732 | drivers/media/platform/s5p-tv/mixer_vp_layer.c | 2 +- | |
6090327c PK |
5733 | drivers/media/radio/radio-cadet.c | 2 + |
5734 | drivers/media/radio/radio-maxiradio.c | 2 +- | |
5735 | drivers/media/radio/radio-shark.c | 2 +- | |
5736 | drivers/media/radio/radio-shark2.c | 2 +- | |
5737 | drivers/media/radio/radio-si476x.c | 2 +- | |
8cf17962 | 5738 | drivers/media/radio/wl128x/fmdrv_common.c | 2 +- |
0986ccbe | 5739 | drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 12 +- |
6090327c PK |
5740 | drivers/media/v4l2-core/v4l2-device.c | 4 +- |
5741 | drivers/media/v4l2-core/v4l2-ioctl.c | 13 +- | |
8cf17962 | 5742 | drivers/memory/omap-gpmc.c | 21 +- |
6090327c | 5743 | drivers/message/fusion/mptsas.c | 34 +- |
6090327c | 5744 | drivers/mfd/ab8500-debugfs.c | 2 +- |
e8242a6d | 5745 | drivers/mfd/kempld-core.c | 2 +- |
6090327c PK |
5746 | drivers/mfd/max8925-i2c.c | 2 +- |
5747 | drivers/mfd/tps65910.c | 2 +- | |
5748 | drivers/mfd/twl4030-irq.c | 9 +- | |
5749 | drivers/misc/c2port/core.c | 4 +- | |
5750 | drivers/misc/eeprom/sunxi_sid.c | 4 +- | |
5751 | drivers/misc/kgdbts.c | 4 +- | |
5752 | drivers/misc/lis3lv02d/lis3lv02d.c | 8 +- | |
5753 | drivers/misc/lis3lv02d/lis3lv02d.h | 2 +- | |
afe359a8 | 5754 | drivers/misc/mic/scif/scif_rb.c | 8 +- |
6090327c PK |
5755 | drivers/misc/sgi-gru/gruhandles.c | 4 +- |
5756 | drivers/misc/sgi-gru/gruprocfs.c | 8 +- | |
5757 | drivers/misc/sgi-gru/grutables.h | 154 +- | |
5758 | drivers/misc/sgi-xp/xp.h | 2 +- | |
5759 | drivers/misc/sgi-xp/xpc.h | 3 +- | |
da1216b9 | 5760 | drivers/misc/sgi-xp/xpc_main.c | 2 +- |
6090327c | 5761 | drivers/mmc/card/block.c | 2 +- |
6090327c PK |
5762 | drivers/mmc/host/dw_mmc.h | 2 +- |
5763 | drivers/mmc/host/mmci.c | 4 +- | |
0986ccbe | 5764 | drivers/mmc/host/omap_hsmmc.c | 4 +- |
6090327c PK |
5765 | drivers/mmc/host/sdhci-esdhc-imx.c | 7 +- |
5766 | drivers/mmc/host/sdhci-s3c.c | 8 +- | |
5767 | drivers/mtd/chips/cfi_cmdset_0020.c | 2 +- | |
5768 | drivers/mtd/nand/denali.c | 1 + | |
0986ccbe | 5769 | drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 2 +- |
6090327c PK |
5770 | drivers/mtd/nftlmount.c | 1 + |
5771 | drivers/mtd/sm_ftl.c | 2 +- | |
5772 | drivers/net/bonding/bond_netlink.c | 2 +- | |
0986ccbe | 5773 | drivers/net/caif/caif_hsi.c | 2 +- |
6090327c | 5774 | drivers/net/can/Kconfig | 2 +- |
0986ccbe PK |
5775 | drivers/net/can/dev.c | 2 +- |
5776 | drivers/net/can/vcan.c | 2 +- | |
5777 | drivers/net/dummy.c | 2 +- | |
6090327c PK |
5778 | drivers/net/ethernet/8390/ax88796.c | 4 +- |
5779 | drivers/net/ethernet/altera/altera_tse_main.c | 4 +- | |
a8b227b4 | 5780 | drivers/net/ethernet/amd/xgbe/xgbe-common.h | 4 +- |
0986ccbe | 5781 | drivers/net/ethernet/amd/xgbe/xgbe-dcb.c | 4 +- |
e8242a6d | 5782 | drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 27 +- |
afe359a8 PK |
5783 | drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 143 +- |
5784 | drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 64 +- | |
5785 | drivers/net/ethernet/amd/xgbe/xgbe-ethtool.c | 10 +- | |
5786 | drivers/net/ethernet/amd/xgbe/xgbe-main.c | 15 +- | |
5787 | drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 27 +- | |
a8b227b4 | 5788 | drivers/net/ethernet/amd/xgbe/xgbe-ptp.c | 4 +- |
afe359a8 | 5789 | drivers/net/ethernet/amd/xgbe/xgbe.h | 10 +- |
6090327c PK |
5790 | drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h | 2 +- |
5791 | drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c | 11 +- | |
5792 | drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h | 3 +- | |
5793 | drivers/net/ethernet/broadcom/tg3.h | 1 + | |
afe359a8 PK |
5794 | drivers/net/ethernet/cavium/liquidio/lio_ethtool.c | 6 +- |
5795 | drivers/net/ethernet/cavium/liquidio/lio_main.c | 11 +- | |
6090327c | 5796 | drivers/net/ethernet/chelsio/cxgb3/l2t.h | 2 +- |
6090327c PK |
5797 | drivers/net/ethernet/dec/tulip/de4x5.c | 4 +- |
5798 | drivers/net/ethernet/emulex/benet/be_main.c | 2 +- | |
5799 | drivers/net/ethernet/faraday/ftgmac100.c | 2 + | |
5800 | drivers/net/ethernet/faraday/ftmac100.c | 2 + | |
5801 | drivers/net/ethernet/intel/i40e/i40e_ptp.c | 2 +- | |
5802 | drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c | 2 +- | |
0986ccbe | 5803 | drivers/net/ethernet/mellanox/mlx4/en_tx.c | 4 +- |
afe359a8 | 5804 | drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 +- |
6090327c PK |
5805 | drivers/net/ethernet/neterion/vxge/vxge-config.c | 7 +- |
5806 | .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c | 4 +- | |
5807 | .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c | 12 +- | |
5808 | .../net/ethernet/qlogic/qlcnic/qlcnic_minidump.c | 2 +- | |
5809 | drivers/net/ethernet/realtek/r8169.c | 8 +- | |
5810 | drivers/net/ethernet/sfc/ptp.c | 2 +- | |
5811 | drivers/net/ethernet/stmicro/stmmac/mmc_core.c | 4 +- | |
e8242a6d | 5812 | drivers/net/ethernet/via/via-rhine.c | 2 +- |
6090327c PK |
5813 | drivers/net/hyperv/hyperv_net.h | 2 +- |
5814 | drivers/net/hyperv/rndis_filter.c | 4 +- | |
0986ccbe | 5815 | drivers/net/ifb.c | 2 +- |
afe359a8 | 5816 | drivers/net/ipvlan/ipvlan_core.c | 2 +- |
6090327c | 5817 | drivers/net/macvlan.c | 20 +- |
0986ccbe PK |
5818 | drivers/net/macvtap.c | 6 +- |
5819 | drivers/net/nlmon.c | 2 +- | |
8cf17962 | 5820 | drivers/net/phy/phy_device.c | 6 +- |
6090327c PK |
5821 | drivers/net/ppp/ppp_generic.c | 4 +- |
5822 | drivers/net/slip/slhc.c | 2 +- | |
0986ccbe PK |
5823 | drivers/net/team/team.c | 4 +- |
5824 | drivers/net/tun.c | 7 +- | |
6090327c PK |
5825 | drivers/net/usb/hso.c | 23 +- |
5826 | drivers/net/usb/r8152.c | 2 +- | |
5827 | drivers/net/usb/sierra_net.c | 4 +- | |
5828 | drivers/net/virtio_net.c | 2 +- | |
5829 | drivers/net/vxlan.c | 4 +- | |
5830 | drivers/net/wimax/i2400m/rx.c | 2 +- | |
5831 | drivers/net/wireless/airo.c | 2 +- | |
5832 | drivers/net/wireless/at76c50x-usb.c | 2 +- | |
5833 | drivers/net/wireless/ath/ath10k/htc.c | 7 +- | |
5834 | drivers/net/wireless/ath/ath10k/htc.h | 4 +- | |
a8b227b4 PK |
5835 | drivers/net/wireless/ath/ath9k/ar9002_mac.c | 36 +- |
5836 | drivers/net/wireless/ath/ath9k/ar9003_mac.c | 64 +- | |
6090327c | 5837 | drivers/net/wireless/ath/ath9k/hw.h | 4 +- |
a8b227b4 | 5838 | drivers/net/wireless/ath/ath9k/main.c | 22 +- |
6090327c PK |
5839 | drivers/net/wireless/b43/phy_lp.c | 2 +- |
5840 | drivers/net/wireless/iwlegacy/3945-mac.c | 4 +- | |
5841 | drivers/net/wireless/iwlwifi/dvm/debugfs.c | 34 +- | |
5842 | drivers/net/wireless/iwlwifi/pcie/trans.c | 4 +- | |
5843 | drivers/net/wireless/mac80211_hwsim.c | 28 +- | |
5844 | drivers/net/wireless/rndis_wlan.c | 2 +- | |
5845 | drivers/net/wireless/rt2x00/rt2x00.h | 2 +- | |
5846 | drivers/net/wireless/rt2x00/rt2x00queue.c | 4 +- | |
5847 | drivers/net/wireless/ti/wl1251/sdio.c | 12 +- | |
5848 | drivers/net/wireless/ti/wl12xx/main.c | 8 +- | |
5849 | drivers/net/wireless/ti/wl18xx/main.c | 6 +- | |
5850 | drivers/nfc/nfcwilink.c | 2 +- | |
e8242a6d | 5851 | drivers/of/fdt.c | 4 +- |
6090327c PK |
5852 | drivers/oprofile/buffer_sync.c | 8 +- |
5853 | drivers/oprofile/event_buffer.c | 2 +- | |
5854 | drivers/oprofile/oprof.c | 2 +- | |
5855 | drivers/oprofile/oprofile_files.c | 2 +- | |
5856 | drivers/oprofile/oprofile_stats.c | 10 +- | |
5857 | drivers/oprofile/oprofile_stats.h | 10 +- | |
5858 | drivers/oprofile/oprofilefs.c | 6 +- | |
5859 | drivers/oprofile/timer_int.c | 2 +- | |
5860 | drivers/parport/procfs.c | 4 +- | |
e8242a6d | 5861 | drivers/pci/host/pci-host-generic.c | 24 +- |
6090327c PK |
5862 | drivers/pci/hotplug/acpiphp_ibm.c | 4 +- |
5863 | drivers/pci/hotplug/cpcihp_generic.c | 6 +- | |
5864 | drivers/pci/hotplug/cpcihp_zt5550.c | 14 +- | |
0986ccbe | 5865 | drivers/pci/hotplug/cpqphp_nvram.c | 2 + |
6090327c PK |
5866 | drivers/pci/hotplug/pci_hotplug_core.c | 6 +- |
5867 | drivers/pci/hotplug/pciehp_core.c | 2 +- | |
afe359a8 | 5868 | drivers/pci/msi.c | 21 +- |
6090327c PK |
5869 | drivers/pci/pci-sysfs.c | 6 +- |
5870 | drivers/pci/pci.h | 2 +- | |
5871 | drivers/pci/pcie/aspm.c | 6 +- | |
e8242a6d | 5872 | drivers/pci/pcie/portdrv_pci.c | 2 +- |
6090327c | 5873 | drivers/pci/probe.c | 2 +- |
afe359a8 | 5874 | drivers/pinctrl/pinctrl-at91.c | 5 +- |
e8242a6d | 5875 | drivers/platform/chrome/chromeos_pstore.c | 2 +- |
6090327c | 5876 | drivers/platform/x86/alienware-wmi.c | 4 +- |
e8242a6d PK |
5877 | drivers/platform/x86/compal-laptop.c | 2 +- |
5878 | drivers/platform/x86/hdaps.c | 2 +- | |
5879 | drivers/platform/x86/ibm_rtl.c | 2 +- | |
5880 | drivers/platform/x86/intel_oaktrail.c | 2 +- | |
5881 | drivers/platform/x86/msi-laptop.c | 16 +- | |
6090327c | 5882 | drivers/platform/x86/msi-wmi.c | 2 +- |
e8242a6d PK |
5883 | drivers/platform/x86/samsung-laptop.c | 2 +- |
5884 | drivers/platform/x86/samsung-q10.c | 2 +- | |
5885 | drivers/platform/x86/sony-laptop.c | 14 +- | |
da1216b9 | 5886 | drivers/platform/x86/thinkpad_acpi.c | 2 +- |
6090327c | 5887 | drivers/pnp/pnpbios/bioscalls.c | 14 +- |
e8242a6d | 5888 | drivers/pnp/pnpbios/core.c | 2 +- |
6090327c PK |
5889 | drivers/power/pda_power.c | 7 +- |
5890 | drivers/power/power_supply.h | 4 +- | |
5891 | drivers/power/power_supply_core.c | 7 +- | |
5892 | drivers/power/power_supply_sysfs.c | 6 +- | |
afe359a8 | 5893 | drivers/power/reset/at91-reset.c | 9 +- |
6090327c PK |
5894 | drivers/powercap/powercap_sys.c | 136 +- |
5895 | drivers/ptp/ptp_private.h | 2 +- | |
5896 | drivers/ptp/ptp_sysfs.c | 2 +- | |
5897 | drivers/regulator/core.c | 4 +- | |
5898 | drivers/regulator/max8660.c | 6 +- | |
afe359a8 | 5899 | drivers/regulator/max8973-regulator.c | 16 +- |
8cf17962 | 5900 | drivers/regulator/mc13892-regulator.c | 8 +- |
afe359a8 | 5901 | drivers/rtc/rtc-armada38x.c | 7 +- |
6090327c PK |
5902 | drivers/rtc/rtc-cmos.c | 4 +- |
5903 | drivers/rtc/rtc-ds1307.c | 2 +- | |
5904 | drivers/rtc/rtc-m48t59.c | 4 +- | |
afe359a8 PK |
5905 | drivers/rtc/rtc-test.c | 6 +- |
5906 | drivers/scsi/be2iscsi/be_main.c | 2 +- | |
6090327c PK |
5907 | drivers/scsi/bfa/bfa_fcpim.h | 2 +- |
5908 | drivers/scsi/bfa/bfa_ioc.h | 4 +- | |
5909 | drivers/scsi/fcoe/fcoe_sysfs.c | 12 +- | |
5910 | drivers/scsi/hosts.c | 4 +- | |
afe359a8 | 5911 | drivers/scsi/hpsa.c | 38 +- |
6090327c PK |
5912 | drivers/scsi/hpsa.h | 2 +- |
5913 | drivers/scsi/libfc/fc_exch.c | 50 +- | |
5914 | drivers/scsi/libsas/sas_ata.c | 2 +- | |
5915 | drivers/scsi/lpfc/lpfc.h | 8 +- | |
5916 | drivers/scsi/lpfc/lpfc_debugfs.c | 18 +- | |
5917 | drivers/scsi/lpfc/lpfc_init.c | 6 +- | |
5918 | drivers/scsi/lpfc/lpfc_scsi.c | 10 +- | |
5919 | drivers/scsi/mpt2sas/mpt2sas_scsih.c | 8 +- | |
5920 | drivers/scsi/pmcraid.c | 20 +- | |
5921 | drivers/scsi/pmcraid.h | 8 +- | |
5922 | drivers/scsi/qla2xxx/qla_attr.c | 4 +- | |
5923 | drivers/scsi/qla2xxx/qla_gbl.h | 4 +- | |
5924 | drivers/scsi/qla2xxx/qla_os.c | 6 +- | |
5925 | drivers/scsi/qla4xxx/ql4_def.h | 2 +- | |
5926 | drivers/scsi/qla4xxx/ql4_os.c | 6 +- | |
da1216b9 | 5927 | drivers/scsi/scsi.c | 2 +- |
8cf17962 | 5928 | drivers/scsi/scsi_lib.c | 8 +- |
6090327c | 5929 | drivers/scsi/scsi_sysfs.c | 2 +- |
6090327c PK |
5930 | drivers/scsi/scsi_transport_fc.c | 8 +- |
5931 | drivers/scsi/scsi_transport_iscsi.c | 6 +- | |
5932 | drivers/scsi/scsi_transport_srp.c | 6 +- | |
da1216b9 | 5933 | drivers/scsi/sd.c | 6 +- |
6090327c | 5934 | drivers/scsi/sg.c | 2 +- |
afe359a8 | 5935 | drivers/scsi/sr.c | 21 +- |
0986ccbe | 5936 | drivers/soc/tegra/fuse/fuse-tegra.c | 2 +- |
6090327c | 5937 | drivers/spi/spi.c | 2 +- |
afe359a8 | 5938 | drivers/spi/spidev.c | 2 +- |
6090327c | 5939 | drivers/staging/android/timed_output.c | 6 +- |
8cf17962 | 5940 | drivers/staging/comedi/comedi_fops.c | 8 +- |
e8242a6d PK |
5941 | drivers/staging/fbtft/fbtft-core.c | 2 +- |
5942 | drivers/staging/fbtft/fbtft.h | 2 +- | |
6090327c | 5943 | drivers/staging/gdm724x/gdm_tty.c | 2 +- |
afe359a8 PK |
5944 | drivers/staging/iio/accel/lis3l02dq_ring.c | 2 +- |
5945 | drivers/staging/iio/adc/ad7280a.c | 4 +- | |
6090327c PK |
5946 | drivers/staging/lustre/lnet/selftest/brw_test.c | 12 +- |
5947 | drivers/staging/lustre/lnet/selftest/framework.c | 4 - | |
5948 | drivers/staging/lustre/lnet/selftest/ping_test.c | 14 +- | |
5949 | drivers/staging/lustre/lustre/include/lustre_dlm.h | 2 +- | |
5950 | drivers/staging/lustre/lustre/include/obd.h | 2 +- | |
da1216b9 | 5951 | drivers/staging/lustre/lustre/libcfs/module.c | 6 +- |
6090327c PK |
5952 | drivers/staging/octeon/ethernet-rx.c | 12 +- |
5953 | drivers/staging/octeon/ethernet.c | 8 +- | |
5954 | drivers/staging/rtl8188eu/include/hal_intf.h | 2 +- | |
6090327c | 5955 | drivers/staging/rtl8712/rtl871x_io.h | 2 +- |
afe359a8 PK |
5956 | drivers/staging/sm750fb/sm750.c | 14 +- |
5957 | drivers/staging/unisys/visorbus/visorbus_private.h | 4 +- | |
6090327c PK |
5958 | drivers/target/sbp/sbp_target.c | 4 +- |
5959 | drivers/target/target_core_device.c | 2 +- | |
5960 | drivers/target/target_core_transport.c | 2 +- | |
afe359a8 | 5961 | drivers/thermal/cpu_cooling.c | 9 +- |
0986ccbe | 5962 | drivers/thermal/int340x_thermal/int3400_thermal.c | 6 +- |
8cf17962 | 5963 | drivers/thermal/of-thermal.c | 17 +- |
e8242a6d | 5964 | drivers/thermal/x86_pkg_temp_thermal.c | 2 +- |
6090327c PK |
5965 | drivers/tty/cyclades.c | 6 +- |
5966 | drivers/tty/hvc/hvc_console.c | 14 +- | |
5967 | drivers/tty/hvc/hvcs.c | 21 +- | |
5968 | drivers/tty/hvc/hvsi.c | 22 +- | |
5969 | drivers/tty/hvc/hvsi_lib.c | 4 +- | |
5970 | drivers/tty/ipwireless/tty.c | 27 +- | |
5971 | drivers/tty/moxa.c | 2 +- | |
5972 | drivers/tty/n_gsm.c | 4 +- | |
5973 | drivers/tty/n_tty.c | 5 +- | |
5974 | drivers/tty/pty.c | 4 +- | |
5975 | drivers/tty/rocket.c | 6 +- | |
afe359a8 PK |
5976 | drivers/tty/serial/8250/8250_core.c | 10 +- |
5977 | drivers/tty/serial/ifx6x60.c | 2 +- | |
6090327c PK |
5978 | drivers/tty/serial/ioc4_serial.c | 6 +- |
5979 | drivers/tty/serial/kgdb_nmi.c | 4 +- | |
5980 | drivers/tty/serial/kgdboc.c | 32 +- | |
5981 | drivers/tty/serial/msm_serial.c | 4 +- | |
5982 | drivers/tty/serial/samsung.c | 9 +- | |
5983 | drivers/tty/serial/serial_core.c | 8 +- | |
5984 | drivers/tty/synclink.c | 34 +- | |
5985 | drivers/tty/synclink_gt.c | 28 +- | |
5986 | drivers/tty/synclinkmp.c | 34 +- | |
5987 | drivers/tty/tty_io.c | 2 +- | |
5988 | drivers/tty/tty_ldisc.c | 8 +- | |
5989 | drivers/tty/tty_port.c | 22 +- | |
0986ccbe | 5990 | drivers/uio/uio.c | 13 +- |
6090327c PK |
5991 | drivers/usb/atm/cxacru.c | 2 +- |
5992 | drivers/usb/atm/usbatm.c | 24 +- | |
5993 | drivers/usb/core/devices.c | 6 +- | |
5994 | drivers/usb/core/devio.c | 10 +- | |
5995 | drivers/usb/core/hcd.c | 4 +- | |
5996 | drivers/usb/core/message.c | 6 +- | |
5997 | drivers/usb/core/sysfs.c | 2 +- | |
5998 | drivers/usb/core/usb.c | 2 +- | |
6090327c | 5999 | drivers/usb/early/ehci-dbgp.c | 16 +- |
a8b227b4 | 6000 | drivers/usb/gadget/function/u_serial.c | 22 +- |
afe359a8 PK |
6001 | drivers/usb/gadget/udc/dummy_hcd.c | 2 +- |
6002 | drivers/usb/host/ehci-hcd.c | 2 +- | |
6090327c | 6003 | drivers/usb/host/ehci-hub.c | 4 +- |
afe359a8 PK |
6004 | drivers/usb/host/ehci-q.c | 4 +- |
6005 | drivers/usb/host/fotg210-hcd.c | 2 +- | |
6006 | drivers/usb/host/fusbh200-hcd.c | 2 +- | |
6007 | drivers/usb/host/hwa-hc.c | 2 +- | |
6008 | drivers/usb/host/ohci-hcd.c | 2 +- | |
6009 | drivers/usb/host/r8a66597.h | 2 +- | |
6010 | drivers/usb/host/uhci-hcd.c | 2 +- | |
6011 | drivers/usb/host/xhci-pci.c | 2 +- | |
6012 | drivers/usb/host/xhci.c | 2 +- | |
6090327c PK |
6013 | drivers/usb/misc/appledisplay.c | 4 +- |
6014 | drivers/usb/serial/console.c | 8 +- | |
afe359a8 | 6015 | drivers/usb/storage/usb.c | 2 +- |
6090327c | 6016 | drivers/usb/storage/usb.h | 2 +- |
a8b227b4 PK |
6017 | drivers/usb/usbip/vhci.h | 2 +- |
6018 | drivers/usb/usbip/vhci_hcd.c | 6 +- | |
6019 | drivers/usb/usbip/vhci_rx.c | 2 +- | |
6090327c PK |
6020 | drivers/usb/wusbcore/wa-hc.h | 4 +- |
6021 | drivers/usb/wusbcore/wa-xfer.c | 2 +- | |
6022 | drivers/vfio/vfio.c | 2 +- | |
6023 | drivers/vhost/vringh.c | 20 +- | |
6024 | drivers/video/backlight/kb3886_bl.c | 2 +- | |
6025 | drivers/video/fbdev/aty/aty128fb.c | 2 +- | |
6026 | drivers/video/fbdev/aty/atyfb_base.c | 8 +- | |
6027 | drivers/video/fbdev/aty/mach64_cursor.c | 5 +- | |
6028 | drivers/video/fbdev/core/fb_defio.c | 6 +- | |
6029 | drivers/video/fbdev/core/fbmem.c | 2 +- | |
6030 | drivers/video/fbdev/hyperv_fb.c | 4 +- | |
6031 | drivers/video/fbdev/i810/i810_accel.c | 1 + | |
afe359a8 | 6032 | drivers/video/fbdev/matrox/matroxfb_base.c | 2 +- |
6090327c PK |
6033 | drivers/video/fbdev/mb862xx/mb862xxfb_accel.c | 16 +- |
6034 | drivers/video/fbdev/nvidia/nvidia.c | 27 +- | |
6035 | drivers/video/fbdev/omap2/dss/display.c | 8 +- | |
6036 | drivers/video/fbdev/s1d13xxxfb.c | 6 +- | |
6037 | drivers/video/fbdev/smscufx.c | 4 +- | |
6038 | drivers/video/fbdev/udlfb.c | 36 +- | |
6039 | drivers/video/fbdev/uvesafb.c | 52 +- | |
6040 | drivers/video/fbdev/vesafb.c | 58 +- | |
6041 | drivers/video/fbdev/via/via_clock.h | 2 +- | |
e8242a6d | 6042 | drivers/xen/events/events_base.c | 6 +- |
afe359a8 | 6043 | drivers/xen/evtchn.c | 4 +- |
6090327c PK |
6044 | fs/Kconfig.binfmt | 2 +- |
6045 | fs/afs/inode.c | 4 +- | |
6046 | fs/aio.c | 2 +- | |
6047 | fs/autofs4/waitq.c | 2 +- | |
6048 | fs/befs/endian.h | 6 +- | |
6049 | fs/binfmt_aout.c | 23 +- | |
afe359a8 PK |
6050 | fs/binfmt_elf.c | 672 +- |
6051 | fs/binfmt_elf_fdpic.c | 2 +- | |
6090327c PK |
6052 | fs/block_dev.c | 2 +- |
6053 | fs/btrfs/ctree.c | 9 +- | |
6054 | fs/btrfs/delayed-inode.c | 6 +- | |
6055 | fs/btrfs/delayed-inode.h | 4 +- | |
6056 | fs/btrfs/super.c | 2 +- | |
6057 | fs/btrfs/sysfs.c | 2 +- | |
0986ccbe | 6058 | fs/btrfs/tests/free-space-tests.c | 8 +- |
6090327c PK |
6059 | fs/btrfs/tree-log.h | 2 +- |
6060 | fs/buffer.c | 2 +- | |
6061 | fs/cachefiles/bind.c | 6 +- | |
6062 | fs/cachefiles/daemon.c | 8 +- | |
6063 | fs/cachefiles/internal.h | 12 +- | |
6064 | fs/cachefiles/namei.c | 2 +- | |
6065 | fs/cachefiles/proc.c | 12 +- | |
afe359a8 | 6066 | fs/ceph/dir.c | 12 +- |
6090327c PK |
6067 | fs/ceph/super.c | 4 +- |
6068 | fs/cifs/cifs_debug.c | 12 +- | |
6069 | fs/cifs/cifsfs.c | 8 +- | |
6070 | fs/cifs/cifsglob.h | 54 +- | |
6071 | fs/cifs/file.c | 10 +- | |
6072 | fs/cifs/misc.c | 4 +- | |
6073 | fs/cifs/smb1ops.c | 80 +- | |
6074 | fs/cifs/smb2ops.c | 84 +- | |
6075 | fs/cifs/smb2pdu.c | 3 +- | |
6076 | fs/coda/cache.c | 10 +- | |
6077 | fs/compat.c | 4 +- | |
6078 | fs/compat_binfmt_elf.c | 2 + | |
6079 | fs/compat_ioctl.c | 12 +- | |
6080 | fs/configfs/dir.c | 10 +- | |
6081 | fs/coredump.c | 16 +- | |
e8242a6d | 6082 | fs/dcache.c | 51 +- |
6090327c PK |
6083 | fs/ecryptfs/inode.c | 2 +- |
6084 | fs/ecryptfs/miscdev.c | 2 +- | |
8cf17962 | 6085 | fs/exec.c | 362 +- |
6090327c PK |
6086 | fs/ext2/xattr.c | 5 +- |
6087 | fs/ext3/xattr.c | 5 +- | |
6088 | fs/ext4/ext4.h | 20 +- | |
6089 | fs/ext4/mballoc.c | 44 +- | |
6090 | fs/ext4/mmp.c | 2 +- | |
e8242a6d | 6091 | fs/ext4/resize.c | 16 +- |
6090327c PK |
6092 | fs/ext4/super.c | 4 +- |
6093 | fs/ext4/xattr.c | 5 +- | |
6094 | fs/fhandle.c | 3 +- | |
6095 | fs/file.c | 4 +- | |
6096 | fs/fs_struct.c | 8 +- | |
6097 | fs/fscache/cookie.c | 40 +- | |
afe359a8 | 6098 | fs/fscache/internal.h | 202 +- |
6090327c | 6099 | fs/fscache/object.c | 26 +- |
afe359a8 | 6100 | fs/fscache/operation.c | 38 +- |
6090327c | 6101 | fs/fscache/page.c | 110 +- |
afe359a8 | 6102 | fs/fscache/stats.c | 348 +- |
6090327c PK |
6103 | fs/fuse/cuse.c | 10 +- |
6104 | fs/fuse/dev.c | 4 +- | |
e8242a6d PK |
6105 | fs/gfs2/glock.c | 22 +- |
6106 | fs/gfs2/glops.c | 4 +- | |
6107 | fs/gfs2/quota.c | 6 +- | |
6090327c PK |
6108 | fs/hugetlbfs/inode.c | 13 +- |
6109 | fs/inode.c | 4 +- | |
6110 | fs/jffs2/erase.c | 3 +- | |
6111 | fs/jffs2/wbuf.c | 3 +- | |
6112 | fs/jfs/super.c | 2 +- | |
6113 | fs/kernfs/dir.c | 2 +- | |
e8242a6d | 6114 | fs/kernfs/file.c | 20 +- |
afe359a8 | 6115 | fs/libfs.c | 10 +- |
6090327c | 6116 | fs/lockd/clntproc.c | 4 +- |
afe359a8 | 6117 | fs/namei.c | 16 +- |
6090327c PK |
6118 | fs/namespace.c | 16 +- |
6119 | fs/nfs/callback_xdr.c | 2 +- | |
6120 | fs/nfs/inode.c | 6 +- | |
6121 | fs/nfsd/nfs4proc.c | 2 +- | |
6122 | fs/nfsd/nfs4xdr.c | 2 +- | |
a8b227b4 | 6123 | fs/nfsd/nfscache.c | 11 +- |
6090327c | 6124 | fs/nfsd/vfs.c | 6 +- |
a8b227b4 | 6125 | fs/nls/nls_base.c | 26 +- |
6090327c PK |
6126 | fs/nls/nls_euc-jp.c | 6 +- |
6127 | fs/nls/nls_koi8-ru.c | 6 +- | |
6128 | fs/notify/fanotify/fanotify_user.c | 4 +- | |
6129 | fs/notify/notification.c | 4 +- | |
6130 | fs/ntfs/dir.c | 2 +- | |
6090327c PK |
6131 | fs/ntfs/super.c | 6 +- |
6132 | fs/ocfs2/localalloc.c | 2 +- | |
6133 | fs/ocfs2/ocfs2.h | 10 +- | |
6134 | fs/ocfs2/suballoc.c | 12 +- | |
6135 | fs/ocfs2/super.c | 20 +- | |
da1216b9 | 6136 | fs/pipe.c | 72 +- |
6090327c PK |
6137 | fs/posix_acl.c | 4 +- |
6138 | fs/proc/array.c | 20 + | |
6139 | fs/proc/base.c | 4 +- | |
e8242a6d | 6140 | fs/proc/kcore.c | 34 +- |
6090327c PK |
6141 | fs/proc/meminfo.c | 2 +- |
6142 | fs/proc/nommu.c | 2 +- | |
afe359a8 | 6143 | fs/proc/proc_sysctl.c | 26 +- |
6090327c PK |
6144 | fs/proc/task_mmu.c | 39 +- |
6145 | fs/proc/task_nommu.c | 4 +- | |
6146 | fs/proc/vmcore.c | 16 +- | |
6147 | fs/qnx6/qnx6.h | 4 +- | |
6148 | fs/quota/netlink.c | 4 +- | |
6149 | fs/read_write.c | 2 +- | |
6150 | fs/reiserfs/do_balan.c | 2 +- | |
6151 | fs/reiserfs/procfs.c | 2 +- | |
6152 | fs/reiserfs/reiserfs.h | 4 +- | |
6153 | fs/seq_file.c | 4 +- | |
6154 | fs/splice.c | 43 +- | |
da1216b9 | 6155 | fs/squashfs/xattr.c | 12 +- |
6090327c | 6156 | fs/sysv/sysv.h | 2 +- |
afe359a8 | 6157 | fs/tracefs/inode.c | 8 +- |
6090327c PK |
6158 | fs/ubifs/io.c | 2 +- |
6159 | fs/udf/misc.c | 2 +- | |
6160 | fs/ufs/swab.h | 4 +- | |
6161 | fs/xattr.c | 21 + | |
a8b227b4 | 6162 | fs/xfs/libxfs/xfs_bmap.c | 2 +- |
6090327c PK |
6163 | fs/xfs/xfs_dir2_readdir.c | 7 +- |
6164 | fs/xfs/xfs_ioctl.c | 2 +- | |
0986ccbe | 6165 | fs/xfs/xfs_linux.h | 4 +- |
6090327c | 6166 | include/asm-generic/4level-fixup.h | 2 + |
0986ccbe | 6167 | include/asm-generic/atomic-long.h | 214 +- |
6090327c PK |
6168 | include/asm-generic/atomic64.h | 12 + |
6169 | include/asm-generic/barrier.h | 2 +- | |
6170 | include/asm-generic/bitops/__fls.h | 2 +- | |
6171 | include/asm-generic/bitops/fls.h | 2 +- | |
6172 | include/asm-generic/bitops/fls64.h | 4 +- | |
da1216b9 | 6173 | include/asm-generic/bug.h | 6 +- |
6090327c PK |
6174 | include/asm-generic/cache.h | 4 +- |
6175 | include/asm-generic/emergency-restart.h | 2 +- | |
6176 | include/asm-generic/kmap_types.h | 4 +- | |
6177 | include/asm-generic/local.h | 13 + | |
6178 | include/asm-generic/pgtable-nopmd.h | 18 +- | |
6179 | include/asm-generic/pgtable-nopud.h | 15 +- | |
6180 | include/asm-generic/pgtable.h | 16 + | |
6181 | include/asm-generic/uaccess.h | 16 + | |
da1216b9 | 6182 | include/asm-generic/vmlinux.lds.h | 13 +- |
6090327c PK |
6183 | include/crypto/algapi.h | 2 +- |
6184 | include/drm/drmP.h | 16 +- | |
6185 | include/drm/drm_crtc_helper.h | 2 +- | |
afe359a8 | 6186 | include/drm/drm_mm.h | 2 +- |
6090327c | 6187 | include/drm/i915_pciids.h | 2 +- |
afe359a8 | 6188 | include/drm/intel-gtt.h | 4 +- |
6090327c PK |
6189 | include/drm/ttm/ttm_memory.h | 2 +- |
6190 | include/drm/ttm/ttm_page_alloc.h | 1 + | |
6191 | include/keys/asymmetric-subtype.h | 2 +- | |
6192 | include/linux/atmdev.h | 4 +- | |
8cf17962 | 6193 | include/linux/atomic.h | 2 +- |
6090327c PK |
6194 | include/linux/audit.h | 2 +- |
6195 | include/linux/binfmts.h | 3 +- | |
8cf17962 | 6196 | include/linux/bitmap.h | 2 +- |
afe359a8 | 6197 | include/linux/bitops.h | 8 +- |
6090327c PK |
6198 | include/linux/blkdev.h | 2 +- |
6199 | include/linux/blktrace_api.h | 2 +- | |
6200 | include/linux/cache.h | 8 + | |
6201 | include/linux/cdrom.h | 1 - | |
6202 | include/linux/cleancache.h | 2 +- | |
6203 | include/linux/clk-provider.h | 1 + | |
da1216b9 | 6204 | include/linux/compat.h | 6 +- |
afe359a8 PK |
6205 | include/linux/compiler-gcc.h | 28 +- |
6206 | include/linux/compiler.h | 95 +- | |
6090327c PK |
6207 | include/linux/completion.h | 12 +- |
6208 | include/linux/configfs.h | 2 +- | |
6209 | include/linux/cpufreq.h | 3 +- | |
6210 | include/linux/cpuidle.h | 5 +- | |
8cf17962 | 6211 | include/linux/cpumask.h | 14 +- |
afe359a8 | 6212 | include/linux/crypto.h | 4 +- |
6090327c | 6213 | include/linux/ctype.h | 2 +- |
e8242a6d | 6214 | include/linux/dcache.h | 4 +- |
6090327c PK |
6215 | include/linux/decompress/mm.h | 2 +- |
6216 | include/linux/devfreq.h | 2 +- | |
6217 | include/linux/device.h | 7 +- | |
6218 | include/linux/dma-mapping.h | 2 +- | |
6090327c PK |
6219 | include/linux/efi.h | 1 + |
6220 | include/linux/elf.h | 2 + | |
6221 | include/linux/err.h | 4 +- | |
6222 | include/linux/extcon.h | 2 +- | |
e8242a6d | 6223 | include/linux/fb.h | 3 +- |
6090327c | 6224 | include/linux/fdtable.h | 2 +- |
da1216b9 | 6225 | include/linux/fs.h | 5 +- |
6090327c | 6226 | include/linux/fs_struct.h | 2 +- |
afe359a8 | 6227 | include/linux/fscache-cache.h | 2 +- |
6090327c PK |
6228 | include/linux/fscache.h | 2 +- |
6229 | include/linux/fsnotify.h | 2 +- | |
6230 | include/linux/genhd.h | 4 +- | |
6231 | include/linux/genl_magic_func.h | 2 +- | |
6232 | include/linux/gfp.h | 12 +- | |
6090327c PK |
6233 | include/linux/highmem.h | 12 + |
6234 | include/linux/hwmon-sysfs.h | 6 +- | |
6235 | include/linux/i2c.h | 1 + | |
6090327c PK |
6236 | include/linux/if_pppox.h | 2 +- |
6237 | include/linux/init.h | 12 +- | |
6238 | include/linux/init_task.h | 7 + | |
6239 | include/linux/interrupt.h | 6 +- | |
6240 | include/linux/iommu.h | 2 +- | |
6241 | include/linux/ioport.h | 2 +- | |
afe359a8 PK |
6242 | include/linux/ipc.h | 2 +- |
6243 | include/linux/irq.h | 5 +- | |
8cf17962 | 6244 | include/linux/irqdesc.h | 2 +- |
afe359a8 PK |
6245 | include/linux/irqdomain.h | 3 + |
6246 | include/linux/jiffies.h | 30 +- | |
8cf17962 | 6247 | include/linux/kernel.h | 2 +- |
6090327c PK |
6248 | include/linux/key-type.h | 2 +- |
6249 | include/linux/kgdb.h | 6 +- | |
8cf17962 | 6250 | include/linux/kmemleak.h | 4 +- |
6090327c PK |
6251 | include/linux/kobject.h | 3 +- |
6252 | include/linux/kobject_ns.h | 2 +- | |
6253 | include/linux/kref.h | 2 +- | |
6254 | include/linux/kvm_host.h | 4 +- | |
6255 | include/linux/libata.h | 2 +- | |
6256 | include/linux/linkage.h | 1 + | |
6257 | include/linux/list.h | 15 + | |
e8242a6d | 6258 | include/linux/lockref.h | 26 +- |
6090327c PK |
6259 | include/linux/math64.h | 10 +- |
6260 | include/linux/mempolicy.h | 7 + | |
0986ccbe | 6261 | include/linux/mm.h | 104 +- |
6090327c PK |
6262 | include/linux/mm_types.h | 20 + |
6263 | include/linux/mmiotrace.h | 4 +- | |
6264 | include/linux/mmzone.h | 2 +- | |
6265 | include/linux/mod_devicetable.h | 4 +- | |
afe359a8 | 6266 | include/linux/module.h | 69 +- |
6090327c PK |
6267 | include/linux/moduleloader.h | 16 + |
6268 | include/linux/moduleparam.h | 4 +- | |
6090327c PK |
6269 | include/linux/net.h | 2 +- |
6270 | include/linux/netdevice.h | 7 +- | |
6271 | include/linux/netfilter.h | 2 +- | |
6272 | include/linux/netfilter/nfnetlink.h | 2 +- | |
a8b227b4 | 6273 | include/linux/nls.h | 4 +- |
6090327c PK |
6274 | include/linux/notifier.h | 3 +- |
6275 | include/linux/oprofile.h | 4 +- | |
6276 | include/linux/padata.h | 2 +- | |
6277 | include/linux/pci_hotplug.h | 3 +- | |
8cf17962 | 6278 | include/linux/percpu.h | 2 +- |
da1216b9 | 6279 | include/linux/perf_event.h | 12 +- |
6090327c PK |
6280 | include/linux/pipe_fs_i.h | 8 +- |
6281 | include/linux/pm.h | 1 + | |
6282 | include/linux/pm_domain.h | 4 +- | |
6283 | include/linux/pm_runtime.h | 2 +- | |
6284 | include/linux/pnp.h | 2 +- | |
6285 | include/linux/poison.h | 4 +- | |
6286 | include/linux/power/smartreflex.h | 2 +- | |
6287 | include/linux/ppp-comp.h | 2 +- | |
6288 | include/linux/preempt.h | 21 + | |
6289 | include/linux/proc_ns.h | 2 +- | |
6290 | include/linux/quota.h | 2 +- | |
6291 | include/linux/random.h | 23 +- | |
afe359a8 | 6292 | include/linux/rculist.h | 16 + |
6090327c PK |
6293 | include/linux/reboot.h | 14 +- |
6294 | include/linux/regset.h | 3 +- | |
6295 | include/linux/relay.h | 2 +- | |
6296 | include/linux/rio.h | 2 +- | |
6297 | include/linux/rmap.h | 4 +- | |
afe359a8 | 6298 | include/linux/sched.h | 74 +- |
6090327c | 6299 | include/linux/sched/sysctl.h | 1 + |
6090327c PK |
6300 | include/linux/semaphore.h | 2 +- |
6301 | include/linux/seq_file.h | 1 + | |
6302 | include/linux/signal.h | 2 +- | |
8cf17962 | 6303 | include/linux/skbuff.h | 10 +- |
da1216b9 | 6304 | include/linux/slab.h | 47 +- |
6090327c PK |
6305 | include/linux/slab_def.h | 14 +- |
6306 | include/linux/slub_def.h | 2 +- | |
6307 | include/linux/smp.h | 2 + | |
6308 | include/linux/sock_diag.h | 2 +- | |
6309 | include/linux/sonet.h | 2 +- | |
6310 | include/linux/sunrpc/addr.h | 8 +- | |
6311 | include/linux/sunrpc/clnt.h | 2 +- | |
6312 | include/linux/sunrpc/svc.h | 2 +- | |
6313 | include/linux/sunrpc/svc_rdma.h | 18 +- | |
6314 | include/linux/sunrpc/svcauth.h | 2 +- | |
6315 | include/linux/swiotlb.h | 3 +- | |
da1216b9 | 6316 | include/linux/syscalls.h | 21 +- |
6090327c | 6317 | include/linux/syscore_ops.h | 2 +- |
a8b227b4 | 6318 | include/linux/sysctl.h | 3 +- |
6090327c PK |
6319 | include/linux/sysfs.h | 9 +- |
6320 | include/linux/sysrq.h | 3 +- | |
afe359a8 | 6321 | include/linux/tcp.h | 14 +- |
6090327c PK |
6322 | include/linux/thread_info.h | 7 + |
6323 | include/linux/tty.h | 4 +- | |
6324 | include/linux/tty_driver.h | 2 +- | |
6325 | include/linux/tty_ldisc.h | 2 +- | |
6326 | include/linux/types.h | 16 + | |
6327 | include/linux/uaccess.h | 6 +- | |
0986ccbe | 6328 | include/linux/uio_driver.h | 2 +- |
6090327c | 6329 | include/linux/unaligned/access_ok.h | 24 +- |
afe359a8 PK |
6330 | include/linux/usb.h | 6 +- |
6331 | include/linux/usb/hcd.h | 1 + | |
6090327c PK |
6332 | include/linux/usb/renesas_usbhs.h | 2 +- |
6333 | include/linux/vermagic.h | 21 +- | |
6334 | include/linux/vga_switcheroo.h | 8 +- | |
6335 | include/linux/vmalloc.h | 7 +- | |
6336 | include/linux/vmstat.h | 24 +- | |
6337 | include/linux/xattr.h | 5 +- | |
6338 | include/linux/zlib.h | 3 +- | |
6339 | include/media/v4l2-dev.h | 2 +- | |
6340 | include/media/v4l2-device.h | 2 +- | |
6341 | include/net/9p/transport.h | 2 +- | |
6342 | include/net/bluetooth/l2cap.h | 2 +- | |
8cf17962 | 6343 | include/net/bonding.h | 2 +- |
6090327c PK |
6344 | include/net/caif/cfctrl.h | 6 +- |
6345 | include/net/flow.h | 2 +- | |
6346 | include/net/genetlink.h | 2 +- | |
6347 | include/net/gro_cells.h | 2 +- | |
6348 | include/net/inet_connection_sock.h | 2 +- | |
afe359a8 | 6349 | include/net/inet_sock.h | 2 +- |
6090327c PK |
6350 | include/net/inetpeer.h | 2 +- |
6351 | include/net/ip_fib.h | 2 +- | |
6352 | include/net/ip_vs.h | 8 +- | |
6353 | include/net/irda/ircomm_tty.h | 1 + | |
6354 | include/net/iucv/af_iucv.h | 2 +- | |
6355 | include/net/llc_c_ac.h | 2 +- | |
6356 | include/net/llc_c_ev.h | 4 +- | |
6357 | include/net/llc_c_st.h | 2 +- | |
6358 | include/net/llc_s_ac.h | 2 +- | |
6359 | include/net/llc_s_st.h | 2 +- | |
6360 | include/net/mac80211.h | 2 +- | |
6361 | include/net/neighbour.h | 2 +- | |
afe359a8 | 6362 | include/net/net_namespace.h | 18 +- |
6090327c PK |
6363 | include/net/netlink.h | 2 +- |
6364 | include/net/netns/conntrack.h | 6 +- | |
6365 | include/net/netns/ipv4.h | 4 +- | |
6366 | include/net/netns/ipv6.h | 4 +- | |
6367 | include/net/netns/xfrm.h | 2 +- | |
6368 | include/net/ping.h | 2 +- | |
6369 | include/net/protocol.h | 4 +- | |
6370 | include/net/rtnetlink.h | 2 +- | |
6371 | include/net/sctp/checksum.h | 4 +- | |
6372 | include/net/sctp/sm.h | 4 +- | |
6373 | include/net/sctp/structs.h | 2 +- | |
afe359a8 | 6374 | include/net/sock.h | 12 +- |
6090327c PK |
6375 | include/net/tcp.h | 8 +- |
6376 | include/net/xfrm.h | 13 +- | |
6377 | include/rdma/iw_cm.h | 2 +- | |
6378 | include/scsi/libfc.h | 3 +- | |
6379 | include/scsi/scsi_device.h | 6 +- | |
da1216b9 | 6380 | include/scsi/scsi_driver.h | 2 +- |
6090327c | 6381 | include/scsi/scsi_transport_fc.h | 3 +- |
afe359a8 | 6382 | include/scsi/sg.h | 2 +- |
6090327c PK |
6383 | include/sound/compress_driver.h | 2 +- |
6384 | include/sound/soc.h | 4 +- | |
6385 | include/target/target_core_base.h | 2 +- | |
6386 | include/trace/events/irq.h | 4 +- | |
6387 | include/uapi/linux/a.out.h | 8 + | |
6388 | include/uapi/linux/bcache.h | 5 +- | |
6389 | include/uapi/linux/byteorder/little_endian.h | 28 +- | |
afe359a8 | 6390 | include/uapi/linux/connector.h | 2 +- |
6090327c PK |
6391 | include/uapi/linux/elf.h | 28 + |
6392 | include/uapi/linux/screen_info.h | 3 +- | |
6393 | include/uapi/linux/swab.h | 6 +- | |
6090327c PK |
6394 | include/uapi/linux/xattr.h | 4 + |
6395 | include/video/udlfb.h | 8 +- | |
6396 | include/video/uvesafb.h | 1 + | |
6397 | init/Kconfig | 2 +- | |
6398 | init/Makefile | 3 + | |
6399 | init/do_mounts.c | 14 +- | |
6400 | init/do_mounts.h | 8 +- | |
6401 | init/do_mounts_initrd.c | 30 +- | |
6402 | init/do_mounts_md.c | 6 +- | |
6403 | init/init_task.c | 4 + | |
a8b227b4 | 6404 | init/initramfs.c | 38 +- |
afe359a8 | 6405 | init/main.c | 30 +- |
da1216b9 | 6406 | ipc/compat.c | 4 +- |
8cf17962 | 6407 | ipc/ipc_sysctl.c | 8 +- |
6090327c | 6408 | ipc/mq_sysctl.c | 4 +- |
da1216b9 | 6409 | ipc/sem.c | 4 +- |
6090327c | 6410 | ipc/shm.c | 6 + |
6090327c PK |
6411 | kernel/audit.c | 8 +- |
6412 | kernel/auditsc.c | 4 +- | |
8cf17962 | 6413 | kernel/bpf/core.c | 7 +- |
6090327c PK |
6414 | kernel/capability.c | 3 + |
6415 | kernel/compat.c | 38 +- | |
6416 | kernel/debug/debug_core.c | 16 +- | |
6417 | kernel/debug/kdb/kdb_main.c | 4 +- | |
da1216b9 | 6418 | kernel/events/core.c | 26 +- |
6090327c PK |
6419 | kernel/events/internal.h | 10 +- |
6420 | kernel/events/uprobes.c | 2 +- | |
6421 | kernel/exit.c | 2 +- | |
afe359a8 | 6422 | kernel/fork.c | 165 +- |
6090327c PK |
6423 | kernel/futex.c | 11 +- |
6424 | kernel/futex_compat.c | 2 +- | |
6425 | kernel/gcov/base.c | 7 +- | |
8cf17962 | 6426 | kernel/irq/manage.c | 2 +- |
afe359a8 | 6427 | kernel/irq/msi.c | 20 +- |
8cf17962 | 6428 | kernel/irq/spurious.c | 2 +- |
6090327c | 6429 | kernel/jump_label.c | 5 + |
0986ccbe | 6430 | kernel/kallsyms.c | 37 +- |
6090327c PK |
6431 | kernel/kexec.c | 3 +- |
6432 | kernel/kmod.c | 8 +- | |
6433 | kernel/kprobes.c | 4 +- | |
6434 | kernel/ksysfs.c | 2 +- | |
6435 | kernel/locking/lockdep.c | 7 +- | |
6090327c PK |
6436 | kernel/locking/mutex-debug.c | 12 +- |
6437 | kernel/locking/mutex-debug.h | 4 +- | |
6438 | kernel/locking/mutex.c | 6 +- | |
6439 | kernel/locking/rtmutex-tester.c | 24 +- | |
afe359a8 | 6440 | kernel/module.c | 422 +- |
6090327c PK |
6441 | kernel/notifier.c | 17 +- |
6442 | kernel/padata.c | 4 +- | |
6443 | kernel/panic.c | 5 +- | |
6444 | kernel/pid.c | 2 +- | |
6445 | kernel/pid_namespace.c | 2 +- | |
6090327c PK |
6446 | kernel/power/process.c | 12 +- |
6447 | kernel/profile.c | 14 +- | |
6448 | kernel/ptrace.c | 8 +- | |
0986ccbe | 6449 | kernel/rcu/rcutorture.c | 60 +- |
6090327c | 6450 | kernel/rcu/tiny.c | 4 +- |
afe359a8 | 6451 | kernel/rcu/tree.c | 66 +- |
6090327c | 6452 | kernel/rcu/tree.h | 26 +- |
afe359a8 | 6453 | kernel/rcu/tree_plugin.h | 14 +- |
6090327c | 6454 | kernel/rcu/tree_trace.c | 22 +- |
6090327c PK |
6455 | kernel/sched/auto_group.c | 4 +- |
6456 | kernel/sched/completion.c | 6 +- | |
6457 | kernel/sched/core.c | 45 +- | |
afe359a8 | 6458 | kernel/sched/fair.c | 2 +- |
6090327c PK |
6459 | kernel/sched/sched.h | 2 +- |
6460 | kernel/signal.c | 12 +- | |
6461 | kernel/smpboot.c | 4 +- | |
6462 | kernel/softirq.c | 12 +- | |
6463 | kernel/sys.c | 10 +- | |
6464 | kernel/sysctl.c | 34 +- | |
6465 | kernel/time/alarmtimer.c | 2 +- | |
a8b227b4 PK |
6466 | kernel/time/posix-cpu-timers.c | 4 +- |
6467 | kernel/time/posix-timers.c | 24 +- | |
6468 | kernel/time/timer.c | 4 +- | |
6090327c | 6469 | kernel/time/timer_stats.c | 10 +- |
6090327c | 6470 | kernel/trace/blktrace.c | 6 +- |
0986ccbe | 6471 | kernel/trace/ftrace.c | 15 +- |
e8242a6d | 6472 | kernel/trace/ring_buffer.c | 96 +- |
6090327c PK |
6473 | kernel/trace/trace.c | 2 +- |
6474 | kernel/trace/trace.h | 2 +- | |
6475 | kernel/trace/trace_clock.c | 4 +- | |
6476 | kernel/trace/trace_events.c | 1 - | |
0986ccbe | 6477 | kernel/trace/trace_functions_graph.c | 4 +- |
6090327c | 6478 | kernel/trace/trace_mmiotrace.c | 8 +- |
a8b227b4 PK |
6479 | kernel/trace/trace_output.c | 10 +- |
6480 | kernel/trace/trace_seq.c | 2 +- | |
6090327c PK |
6481 | kernel/trace/trace_stack.c | 2 +- |
6482 | kernel/user_namespace.c | 2 +- | |
6483 | kernel/utsname_sysctl.c | 2 +- | |
6484 | kernel/watchdog.c | 2 +- | |
afe359a8 | 6485 | kernel/workqueue.c | 4 +- |
6090327c PK |
6486 | lib/Kconfig.debug | 8 +- |
6487 | lib/Makefile | 2 +- | |
6488 | lib/average.c | 2 +- | |
8cf17962 | 6489 | lib/bitmap.c | 10 +- |
6090327c PK |
6490 | lib/bug.c | 2 + |
6491 | lib/debugobjects.c | 2 +- | |
da1216b9 PK |
6492 | lib/decompress_bunzip2.c | 3 +- |
6493 | lib/decompress_unlzma.c | 4 +- | |
6090327c PK |
6494 | lib/div64.c | 4 +- |
6495 | lib/dma-debug.c | 4 +- | |
6090327c PK |
6496 | lib/inflate.c | 2 +- |
6497 | lib/ioremap.c | 4 +- | |
6498 | lib/kobject.c | 4 +- | |
6499 | lib/list_debug.c | 126 +- | |
e8242a6d | 6500 | lib/lockref.c | 44 +- |
6090327c PK |
6501 | lib/percpu-refcount.c | 2 +- |
6502 | lib/radix-tree.c | 2 +- | |
6503 | lib/random32.c | 2 +- | |
6504 | lib/show_mem.c | 2 +- | |
6505 | lib/strncpy_from_user.c | 2 +- | |
6506 | lib/strnlen_user.c | 2 +- | |
6507 | lib/swiotlb.c | 2 +- | |
6508 | lib/usercopy.c | 6 + | |
6509 | lib/vsprintf.c | 12 +- | |
6510 | mm/Kconfig | 6 +- | |
6511 | mm/backing-dev.c | 4 +- | |
6512 | mm/filemap.c | 2 +- | |
6090327c PK |
6513 | mm/gup.c | 13 +- |
6514 | mm/highmem.c | 7 +- | |
6515 | mm/hugetlb.c | 70 +- | |
6516 | mm/internal.h | 3 +- | |
6090327c | 6517 | mm/maccess.c | 4 +- |
e8242a6d | 6518 | mm/madvise.c | 37 + |
afe359a8 PK |
6519 | mm/memory-failure.c | 34 +- |
6520 | mm/memory.c | 425 +- | |
6090327c PK |
6521 | mm/mempolicy.c | 25 + |
6522 | mm/mlock.c | 15 +- | |
e8242a6d | 6523 | mm/mm_init.c | 2 +- |
da1216b9 | 6524 | mm/mmap.c | 582 +- |
0986ccbe | 6525 | mm/mprotect.c | 137 +- |
6090327c PK |
6526 | mm/mremap.c | 44 +- |
6527 | mm/nommu.c | 21 +- | |
6528 | mm/page-writeback.c | 2 +- | |
afe359a8 | 6529 | mm/page_alloc.c | 49 +- |
6090327c PK |
6530 | mm/percpu.c | 2 +- |
6531 | mm/process_vm_access.c | 14 +- | |
8cf17962 | 6532 | mm/rmap.c | 45 +- |
6090327c | 6533 | mm/shmem.c | 19 +- |
8cf17962 | 6534 | mm/slab.c | 109 +- |
0986ccbe | 6535 | mm/slab.h | 22 +- |
8cf17962 PK |
6536 | mm/slab_common.c | 86 +- |
6537 | mm/slob.c | 218 +- | |
afe359a8 | 6538 | mm/slub.c | 102 +- |
6090327c PK |
6539 | mm/sparse-vmemmap.c | 4 +- |
6540 | mm/sparse.c | 2 +- | |
da1216b9 | 6541 | mm/swap.c | 2 + |
6090327c PK |
6542 | mm/swapfile.c | 12 +- |
6543 | mm/util.c | 6 + | |
e8242a6d | 6544 | mm/vmalloc.c | 112 +- |
6090327c PK |
6545 | mm/vmstat.c | 12 +- |
6546 | net/8021q/vlan.c | 5 +- | |
0986ccbe | 6547 | net/8021q/vlan_netlink.c | 2 +- |
6090327c PK |
6548 | net/9p/mod.c | 4 +- |
6549 | net/9p/trans_fd.c | 2 +- | |
6550 | net/atm/atm_misc.c | 8 +- | |
6551 | net/atm/lec.h | 2 +- | |
6552 | net/atm/proc.c | 6 +- | |
6553 | net/atm/resources.c | 4 +- | |
6554 | net/ax25/sysctl_net_ax25.c | 2 +- | |
6555 | net/batman-adv/bat_iv_ogm.c | 8 +- | |
6556 | net/batman-adv/fragmentation.c | 2 +- | |
0986ccbe | 6557 | net/batman-adv/soft-interface.c | 8 +- |
6090327c PK |
6558 | net/batman-adv/types.h | 6 +- |
6559 | net/bluetooth/hci_sock.c | 2 +- | |
6560 | net/bluetooth/l2cap_core.c | 6 +- | |
6561 | net/bluetooth/l2cap_sock.c | 12 +- | |
6562 | net/bluetooth/rfcomm/sock.c | 4 +- | |
6563 | net/bluetooth/rfcomm/tty.c | 4 +- | |
0986ccbe | 6564 | net/bridge/br_netlink.c | 2 +- |
6090327c PK |
6565 | net/bridge/netfilter/ebtables.c | 6 +- |
6566 | net/caif/cfctrl.c | 11 +- | |
0986ccbe | 6567 | net/caif/chnl_net.c | 2 +- |
6090327c PK |
6568 | net/can/af_can.c | 2 +- |
6569 | net/can/gw.c | 6 +- | |
6570 | net/ceph/messenger.c | 4 +- | |
8cf17962 | 6571 | net/compat.c | 24 +- |
6090327c | 6572 | net/core/datagram.c | 2 +- |
da1216b9 | 6573 | net/core/dev.c | 16 +- |
6090327c | 6574 | net/core/filter.c | 2 +- |
e8242a6d | 6575 | net/core/flow.c | 6 +- |
6090327c PK |
6576 | net/core/neighbour.c | 4 +- |
6577 | net/core/net-sysfs.c | 2 +- | |
6578 | net/core/net_namespace.c | 8 +- | |
6579 | net/core/netpoll.c | 4 +- | |
6580 | net/core/rtnetlink.c | 15 +- | |
6581 | net/core/scm.c | 8 +- | |
6582 | net/core/skbuff.c | 8 +- | |
afe359a8 PK |
6583 | net/core/sock.c | 28 +- |
6584 | net/core/sock_diag.c | 15 +- | |
8cf17962 | 6585 | net/core/sysctl_net_core.c | 22 +- |
6090327c PK |
6586 | net/decnet/af_decnet.c | 1 + |
6587 | net/decnet/sysctl_net_decnet.c | 4 +- | |
afe359a8 | 6588 | net/dsa/dsa.c | 2 +- |
0986ccbe | 6589 | net/hsr/hsr_netlink.c | 2 +- |
e8242a6d PK |
6590 | net/ieee802154/6lowpan/core.c | 2 +- |
6591 | net/ieee802154/6lowpan/reassembly.c | 14 +- | |
0986ccbe | 6592 | net/ipv4/af_inet.c | 2 +- |
6090327c PK |
6593 | net/ipv4/devinet.c | 18 +- |
6594 | net/ipv4/fib_frontend.c | 6 +- | |
6595 | net/ipv4/fib_semantics.c | 2 +- | |
afe359a8 PK |
6596 | net/ipv4/inet_connection_sock.c | 4 +- |
6597 | net/ipv4/inet_timewait_sock.c | 2 +- | |
6090327c PK |
6598 | net/ipv4/inetpeer.c | 2 +- |
6599 | net/ipv4/ip_fragment.c | 15 +- | |
6600 | net/ipv4/ip_gre.c | 6 +- | |
6601 | net/ipv4/ip_sockglue.c | 2 +- | |
6602 | net/ipv4/ip_vti.c | 4 +- | |
6603 | net/ipv4/ipconfig.c | 6 +- | |
6604 | net/ipv4/ipip.c | 4 +- | |
6605 | net/ipv4/netfilter/arp_tables.c | 12 +- | |
6606 | net/ipv4/netfilter/ip_tables.c | 12 +- | |
0986ccbe | 6607 | net/ipv4/ping.c | 14 +- |
6090327c PK |
6608 | net/ipv4/raw.c | 14 +- |
6609 | net/ipv4/route.c | 32 +- | |
6610 | net/ipv4/sysctl_net_ipv4.c | 22 +- | |
afe359a8 | 6611 | net/ipv4/tcp_input.c | 6 +- |
6090327c PK |
6612 | net/ipv4/tcp_probe.c | 2 +- |
6613 | net/ipv4/udp.c | 10 +- | |
6614 | net/ipv4/xfrm4_policy.c | 18 +- | |
da1216b9 | 6615 | net/ipv6/addrconf.c | 16 +- |
6090327c PK |
6616 | net/ipv6/af_inet6.c | 2 +- |
6617 | net/ipv6/datagram.c | 2 +- | |
6618 | net/ipv6/icmp.c | 2 +- | |
0986ccbe | 6619 | net/ipv6/ip6_fib.c | 4 +- |
6090327c PK |
6620 | net/ipv6/ip6_gre.c | 10 +- |
6621 | net/ipv6/ip6_tunnel.c | 4 +- | |
6622 | net/ipv6/ip6_vti.c | 4 +- | |
6623 | net/ipv6/ipv6_sockglue.c | 2 +- | |
6624 | net/ipv6/netfilter/ip6_tables.c | 12 +- | |
6625 | net/ipv6/netfilter/nf_conntrack_reasm.c | 14 +- | |
6626 | net/ipv6/ping.c | 33 +- | |
6627 | net/ipv6/raw.c | 17 +- | |
6628 | net/ipv6/reassembly.c | 13 +- | |
6629 | net/ipv6/route.c | 2 +- | |
6630 | net/ipv6/sit.c | 4 +- | |
6631 | net/ipv6/sysctl_net_ipv6.c | 2 +- | |
6632 | net/ipv6/udp.c | 6 +- | |
afe359a8 | 6633 | net/ipv6/xfrm6_policy.c | 23 +- |
6090327c PK |
6634 | net/irda/ircomm/ircomm_tty.c | 18 +- |
6635 | net/iucv/af_iucv.c | 4 +- | |
6636 | net/iucv/iucv.c | 2 +- | |
6637 | net/key/af_key.c | 4 +- | |
6638 | net/l2tp/l2tp_eth.c | 38 +- | |
e8242a6d PK |
6639 | net/l2tp/l2tp_ip.c | 2 +- |
6640 | net/l2tp/l2tp_ip6.c | 2 +- | |
6090327c PK |
6641 | net/mac80211/cfg.c | 8 +- |
6642 | net/mac80211/ieee80211_i.h | 3 +- | |
afe359a8 | 6643 | net/mac80211/iface.c | 20 +- |
6090327c | 6644 | net/mac80211/main.c | 2 +- |
da1216b9 | 6645 | net/mac80211/pm.c | 4 +- |
6090327c | 6646 | net/mac80211/rate.c | 2 +- |
da1216b9 | 6647 | net/mac80211/sta_info.c | 2 +- |
e8242a6d | 6648 | net/mac80211/util.c | 8 +- |
da1216b9 | 6649 | net/mpls/af_mpls.c | 6 +- |
6090327c PK |
6650 | net/netfilter/ipset/ip_set_core.c | 2 +- |
6651 | net/netfilter/ipvs/ip_vs_conn.c | 6 +- | |
6652 | net/netfilter/ipvs/ip_vs_core.c | 4 +- | |
6653 | net/netfilter/ipvs/ip_vs_ctl.c | 14 +- | |
6654 | net/netfilter/ipvs/ip_vs_lblc.c | 2 +- | |
6655 | net/netfilter/ipvs/ip_vs_lblcr.c | 2 +- | |
6656 | net/netfilter/ipvs/ip_vs_sync.c | 6 +- | |
6657 | net/netfilter/ipvs/ip_vs_xmit.c | 4 +- | |
6658 | net/netfilter/nf_conntrack_acct.c | 2 +- | |
6659 | net/netfilter/nf_conntrack_ecache.c | 2 +- | |
6660 | net/netfilter/nf_conntrack_helper.c | 2 +- | |
6661 | net/netfilter/nf_conntrack_proto.c | 2 +- | |
6662 | net/netfilter/nf_conntrack_standalone.c | 2 +- | |
6663 | net/netfilter/nf_conntrack_timestamp.c | 2 +- | |
6664 | net/netfilter/nf_log.c | 10 +- | |
6665 | net/netfilter/nf_sockopt.c | 4 +- | |
6666 | net/netfilter/nfnetlink_log.c | 4 +- | |
e8242a6d | 6667 | net/netfilter/nft_compat.c | 9 +- |
6090327c PK |
6668 | net/netfilter/xt_statistic.c | 8 +- |
6669 | net/netlink/af_netlink.c | 4 +- | |
0986ccbe PK |
6670 | net/openvswitch/vport-internal_dev.c | 2 +- |
6671 | net/openvswitch/vport.c | 16 +- | |
6672 | net/openvswitch/vport.h | 8 +- | |
da1216b9 | 6673 | net/packet/af_packet.c | 8 +- |
6090327c PK |
6674 | net/phonet/pep.c | 6 +- |
6675 | net/phonet/socket.c | 2 +- | |
6676 | net/phonet/sysctl.c | 2 +- | |
6677 | net/rds/cong.c | 6 +- | |
6678 | net/rds/ib.h | 2 +- | |
6679 | net/rds/ib_cm.c | 2 +- | |
6680 | net/rds/ib_recv.c | 4 +- | |
6681 | net/rds/iw.h | 2 +- | |
6682 | net/rds/iw_cm.c | 2 +- | |
6683 | net/rds/iw_recv.c | 4 +- | |
6684 | net/rds/rds.h | 2 +- | |
6685 | net/rds/tcp.c | 2 +- | |
6686 | net/rds/tcp_send.c | 2 +- | |
6687 | net/rxrpc/af_rxrpc.c | 2 +- | |
6688 | net/rxrpc/ar-ack.c | 14 +- | |
6689 | net/rxrpc/ar-call.c | 2 +- | |
6690 | net/rxrpc/ar-connection.c | 2 +- | |
6691 | net/rxrpc/ar-connevent.c | 2 +- | |
6692 | net/rxrpc/ar-input.c | 4 +- | |
6693 | net/rxrpc/ar-internal.h | 8 +- | |
6694 | net/rxrpc/ar-local.c | 2 +- | |
6695 | net/rxrpc/ar-output.c | 4 +- | |
6696 | net/rxrpc/ar-peer.c | 2 +- | |
6697 | net/rxrpc/ar-proc.c | 4 +- | |
6698 | net/rxrpc/ar-transport.c | 2 +- | |
6699 | net/rxrpc/rxkad.c | 4 +- | |
6700 | net/sched/sch_generic.c | 4 +- | |
6701 | net/sctp/ipv6.c | 6 +- | |
6702 | net/sctp/protocol.c | 10 +- | |
6703 | net/sctp/sm_sideeffect.c | 2 +- | |
6704 | net/sctp/socket.c | 21 +- | |
6705 | net/sctp/sysctl.c | 10 +- | |
8cf17962 | 6706 | net/socket.c | 18 +- |
6090327c PK |
6707 | net/sunrpc/auth_gss/svcauth_gss.c | 4 +- |
6708 | net/sunrpc/clnt.c | 4 +- | |
6709 | net/sunrpc/sched.c | 4 +- | |
6710 | net/sunrpc/svc.c | 4 +- | |
6711 | net/sunrpc/svcauth_unix.c | 4 +- | |
6712 | net/sunrpc/xprtrdma/svc_rdma.c | 38 +- | |
6713 | net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 8 +- | |
6714 | net/sunrpc/xprtrdma/svc_rdma_sendto.c | 2 +- | |
6715 | net/sunrpc/xprtrdma/svc_rdma_transport.c | 10 +- | |
e8242a6d | 6716 | net/tipc/netlink_compat.c | 12 +- |
6090327c | 6717 | net/tipc/subscr.c | 2 +- |
8cf17962 | 6718 | net/unix/af_unix.c | 7 +- |
6090327c PK |
6719 | net/unix/sysctl_net_unix.c | 2 +- |
6720 | net/wireless/wext-core.c | 19 +- | |
6721 | net/xfrm/xfrm_policy.c | 16 +- | |
6722 | net/xfrm/xfrm_state.c | 33 +- | |
6723 | net/xfrm/xfrm_sysctl.c | 2 +- | |
8cf17962 | 6724 | scripts/Kbuild.include | 2 +- |
6090327c PK |
6725 | scripts/Makefile.build | 2 +- |
6726 | scripts/Makefile.clean | 3 +- | |
0986ccbe | 6727 | scripts/Makefile.host | 63 +- |
6090327c | 6728 | scripts/basic/fixdep.c | 12 +- |
afe359a8 PK |
6729 | scripts/dtc/checks.c | 14 +- |
6730 | scripts/dtc/data.c | 6 +- | |
6731 | scripts/dtc/flattree.c | 8 +- | |
6732 | scripts/dtc/livetree.c | 4 +- | |
a8b227b4 | 6733 | scripts/gcc-plugin.sh | 51 + |
6090327c | 6734 | scripts/headers_install.sh | 1 + |
afe359a8 PK |
6735 | scripts/kallsyms.c | 4 +- |
6736 | scripts/kconfig/lkc.h | 5 +- | |
6737 | scripts/kconfig/menu.c | 2 +- | |
6738 | scripts/kconfig/symbol.c | 6 +- | |
6090327c PK |
6739 | scripts/link-vmlinux.sh | 2 +- |
6740 | scripts/mod/file2alias.c | 14 +- | |
6741 | scripts/mod/modpost.c | 25 +- | |
6742 | scripts/mod/modpost.h | 6 +- | |
6743 | scripts/mod/sumversion.c | 2 +- | |
6744 | scripts/module-common.lds | 4 + | |
6745 | scripts/package/builddeb | 1 + | |
6746 | scripts/pnmtologo.c | 6 +- | |
6747 | scripts/sortextable.h | 6 +- | |
a8b227b4 | 6748 | scripts/tags.sh | 2 +- |
afe359a8 | 6749 | security/Kconfig | 691 +- |
6090327c PK |
6750 | security/integrity/ima/ima.h | 4 +- |
6751 | security/integrity/ima/ima_api.c | 2 +- | |
6752 | security/integrity/ima/ima_fs.c | 4 +- | |
6753 | security/integrity/ima/ima_queue.c | 2 +- | |
6090327c | 6754 | security/keys/key.c | 18 +- |
6090327c | 6755 | security/selinux/avc.c | 6 +- |
6090327c | 6756 | security/selinux/include/xfrm.h | 2 +- |
afe359a8 | 6757 | security/yama/yama_lsm.c | 2 +- |
6090327c PK |
6758 | sound/aoa/codecs/onyx.c | 7 +- |
6759 | sound/aoa/codecs/onyx.h | 1 + | |
6760 | sound/core/oss/pcm_oss.c | 18 +- | |
6761 | sound/core/pcm_compat.c | 2 +- | |
6762 | sound/core/pcm_native.c | 4 +- | |
6090327c PK |
6763 | sound/core/sound.c | 2 +- |
6764 | sound/drivers/mts64.c | 14 +- | |
6765 | sound/drivers/opl4/opl4_lib.c | 2 +- | |
6766 | sound/drivers/portman2x4.c | 3 +- | |
6767 | sound/firewire/amdtp.c | 4 +- | |
6768 | sound/firewire/amdtp.h | 4 +- | |
6769 | sound/firewire/isight.c | 10 +- | |
6770 | sound/firewire/scs1x.c | 8 +- | |
6771 | sound/oss/sb_audio.c | 2 +- | |
6772 | sound/oss/swarm_cs4297a.c | 6 +- | |
8cf17962 | 6773 | sound/pci/hda/hda_codec.c | 2 +- |
6090327c PK |
6774 | sound/pci/ymfpci/ymfpci.h | 2 +- |
6775 | sound/pci/ymfpci/ymfpci_main.c | 12 +- | |
8cf17962 | 6776 | sound/soc/soc-ac97.c | 6 +- |
e8242a6d | 6777 | sound/soc/xtensa/xtfpga-i2s.c | 2 +- |
da1216b9 | 6778 | tools/gcc/Makefile | 42 + |
6090327c | 6779 | tools/gcc/checker_plugin.c | 150 + |
e8242a6d | 6780 | tools/gcc/colorize_plugin.c | 215 + |
da1216b9 | 6781 | tools/gcc/constify_plugin.c | 564 + |
afe359a8 | 6782 | tools/gcc/gcc-common.h | 790 + |
da1216b9 | 6783 | tools/gcc/initify_plugin.c | 450 + |
e8242a6d | 6784 | tools/gcc/kallocstat_plugin.c | 188 + |
afe359a8 PK |
6785 | tools/gcc/kernexec_plugin.c | 551 + |
6786 | tools/gcc/latent_entropy_plugin.c | 470 + | |
6787 | tools/gcc/size_overflow_plugin/.gitignore | 2 + | |
6788 | tools/gcc/size_overflow_plugin/Makefile | 26 + | |
6789 | .../disable_size_overflow_hash.data |11008 ++++++++++++++ | |
6790 | .../generate_size_overflow_hash.sh | 103 + | |
e8242a6d | 6791 | .../insert_size_overflow_asm.c | 409 + |
afe359a8 | 6792 | .../size_overflow_plugin/intentional_overflow.c | 980 ++ |
8cf17962 | 6793 | .../size_overflow_plugin/remove_unnecessary_dup.c | 137 + |
afe359a8 PK |
6794 | tools/gcc/size_overflow_plugin/size_overflow.h | 329 + |
6795 | .../gcc/size_overflow_plugin/size_overflow_debug.c | 192 + | |
6796 | .../size_overflow_plugin/size_overflow_hash.data |15719 ++++++++++++++++++++ | |
6090327c | 6797 | .../size_overflow_hash_aux.data | 92 + |
afe359a8 PK |
6798 | tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 1373 ++ |
6799 | .../gcc/size_overflow_plugin/size_overflow_misc.c | 505 + | |
6800 | .../size_overflow_plugin/size_overflow_plugin.c | 318 + | |
6801 | .../size_overflow_plugin_hash.c | 353 + | |
6802 | .../size_overflow_plugin/size_overflow_transform.c | 576 + | |
6803 | .../size_overflow_transform_core.c | 962 ++ | |
6804 | tools/gcc/stackleak_plugin.c | 436 + | |
e8242a6d | 6805 | tools/gcc/structleak_plugin.c | 287 + |
6090327c PK |
6806 | tools/include/linux/compiler.h | 8 + |
6807 | tools/lib/api/Makefile | 2 +- | |
6808 | tools/perf/util/include/asm/alternative-asm.h | 3 + | |
6809 | tools/virtio/linux/uaccess.h | 2 +- | |
6810 | virt/kvm/kvm_main.c | 44 +- | |
afe359a8 | 6811 | 1963 files changed, 60342 insertions(+), 8946 deletions(-) |