]> git.ipfire.org Git - thirdparty/grsecurity-scrape.git/blame - test/changelog-test.txt
projects / thirdparty / grsecurity-scrape.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Auto commit, 1 new patch{es}.
[thirdparty/grsecurity-scrape.git] / test / changelog-test.txt
CommitLineData
fee0510d
PK		 1commit 08df80079f2039f577c94cbb78479b4166e964a6
2Author: Brad Spengler <spender@grsecurity.net>
3Date: Wed Dec 9 22:44:52 2015 -0500
4
5 fix harmless compiler warning
6
7 kernel/ptrace.c | 2 +-
8 1 files changed, 1 insertions(+), 1 deletions(-)
9
10commit 7df1e03db2cc00d6927d174088d715d545f6caca
11Author: Brad Spengler <spender@grsecurity.net>
12Date: Wed Dec 9 22:43:52 2015 -0500
13
14 Update size_overflow hash table
15
16 .../size_overflow_plugin/size_overflow_hash.data | 3 ++-
17 1 files changed, 2 insertions(+), 1 deletions(-)
18
19commit 4f99b6c5ed05452d23fa480834dfc08ae7197d51
20Merge: 015e832 2ddeae1
21Author: Brad Spengler <spender@grsecurity.net>
22Date: Wed Dec 9 21:49:14 2015 -0500
23
24 Merge branch 'pax-test' into grsec-test
25
26 Conflicts:
27 arch/x86/kvm/svm.c
28 fs/proc/base.c
29
30commit 2ddeae161726b8316b4f2740f9e2ff7ac282c844
31Merge: 6ddfdb5 7317505
32Author: Brad Spengler <spender@grsecurity.net>
33Date: Wed Dec 9 21:45:41 2015 -0500
34
35 Merge branch 'linux-4.2.y' into pax-test
36
37 Conflicts:
38 arch/x86/kernel/fpu/xstate.c
39 arch/x86/kernel/head_64.S
40 drivers/tty/tty_audit.c
41 include/linux/tty.h
42
43commit 015e832266e2aba7984ed94b688d15a00c091edf
44Merge: 1798180 6ddfdb5
45Author: Brad Spengler <spender@grsecurity.net>
46Date: Wed Dec 9 21:44:11 2015 -0500
47
48 Merge branch 'pax-test' into grsec-test
49
50 Conflicts:
51 drivers/tty/tty_audit.c
52 include/linux/tty.h
53
54commit 6ddfdb5a2291947e1479615b89ed8f0f6529b276
55Author: Brad Spengler <spender@grsecurity.net>
56Date: Wed Dec 9 21:42:28 2015 -0500
57
58 Update to pax-linux-4.2.6-test27.patch:
59 - fixed __get_user on x86 to lie less about the size of the load, reported by peetaur (https://forums.grsecurity.net/viewtopic.php?f=3&t=4332)
60 - Emese fixed an intentional overflow caused by gcc, reported by saironiq (https://forums.grsecurity.net/viewtopic.php?f=3&t=4333)
61 - Emese fixed a false positive overflow report in the forcedeth driver, reported by fx3 (https://forums.grsecurity.net/viewtopic.php?t=4334)
62 - Emese fixed a false positive overflow report in KVM's emulator, reported by fx3 (https://forums.grsecurity.net/viewtopic.php?f=3&t=4336)
63 - Emese fixed the initify plugin to detect some captured use of __func__, reported by Rasmus Villemoes <linux@rasmusvillemoes.dk>
64 - constrained shmmax and shmall to avoid triggering size overflow checks, reported by Mathias Krause <minipli@ld-linux.so>
65 - the checker plugin can partially handle sparse's locking context annotations, it's context insensitive and thus not exactly useful for now, also see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=59856
66
67 Makefile | 6 +
68 arch/x86/include/asm/cacheflush.h | 2 +-
69 arch/x86/include/asm/compat.h | 4 +
70 arch/x86/include/asm/dma.h | 2 +
71 arch/x86/include/asm/uaccess.h | 20 +-
72 arch/x86/kernel/apic/vector.c | 6 +-
73 arch/x86/kernel/cpu/mtrr/generic.c | 6 +-
74 arch/x86/kernel/cpu/perf_event_intel.c | 28 +-
75 arch/x86/kvm/i8259.c | 10 +-
76 arch/x86/kvm/ioapic.c | 2 +
77 arch/x86/kvm/x86.c | 2 +
78 arch/x86/lib/usercopy_64.c | 2 +-
79 arch/x86/mm/mpx.c | 4 +-
80 arch/x86/mm/pageattr.c | 7 +
81 drivers/base/devres.c | 4 +-
82 drivers/base/power/runtime.c | 6 +-
83 drivers/base/regmap/regmap.c | 4 +-
84 drivers/block/drbd/drbd_receiver.c | 4 +-
85 drivers/block/drbd/drbd_worker.c | 6 +-
86 drivers/block/nbd.c | 2 +-
87 drivers/char/virtio_console.c | 6 +-
88 drivers/md/dm.c | 12 +-
89 drivers/net/ethernet/nvidia/forcedeth.c | 4 +-
90 drivers/net/macvtap.c | 4 +-
91 drivers/tty/n_tty.c | 2 +-
92 drivers/tty/tty_audit.c | 2 +-
93 drivers/video/fbdev/core/fbmem.c | 10 +-
94 fs/compat.c | 3 +-
95 fs/coredump.c | 2 +-
96 fs/dcache.c | 13 +-
97 fs/fhandle.c | 2 +-
98 fs/file.c | 14 +-
99 fs/fs-writeback.c | 11 +-
100 fs/overlayfs/copy_up.c | 2 +-
101 fs/readdir.c | 3 +-
102 fs/super.c | 3 +-
103 include/linux/compiler.h | 36 ++-
104 include/linux/rcupdate.h | 8 +
105 include/linux/sched.h | 4 +-
106 include/linux/seqlock.h | 10 +
107 include/linux/spinlock.h | 17 +-
108 include/linux/srcu.h | 5 +-
109 include/linux/syscalls.h | 2 +-
110 include/linux/tty.h | 4 +-
111 include/linux/writeback.h | 3 +-
112 include/uapi/linux/swab.h | 6 +-
113 ipc/ipc_sysctl.c | 6 +
114 kernel/exit.c | 25 +-
115 kernel/resource.c | 4 +-
116 kernel/signal.c | 12 +-
117 kernel/user.c | 2 +-
118 kernel/workqueue.c | 6 +-
119 lib/rhashtable.c | 4 +-
120 net/compat.c | 2 +-
121 net/ipv4/xfrm4_mode_transport.c | 2 +-
122 security/keys/internal.h | 8 +-
123 security/keys/keyring.c | 4 -
124 sound/core/seq/seq_clientmgr.c | 8 +-
125 sound/core/seq/seq_compat.c | 2 +-
126 sound/core/seq/seq_memory.c | 6 +-
127 tools/gcc/checker_plugin.c | 415 +++++++++++++++++++-
128 tools/gcc/gcc-common.h | 1 +
129 tools/gcc/initify_plugin.c | 33 ++-
130 .../disable_size_overflow_hash.data | 1 +
131 .../size_overflow_plugin/size_overflow_hash.data | 1 -
132 65 files changed, 713 insertions(+), 144 deletions(-)
133
134commit 1798180b176cfdedf4ca09877dc09ad2298cd014
135Author: Peter Hurley <peter@hurleysoftware.com>
136Date: Sun Nov 8 08:52:31 2015 -0500
137
138 tty: audit: Fix audit source
139
140 The data to audit/record is in the 'from' buffer (ie., the input
141 read buffer).
142
143 Fixes: 72586c6061ab ("n_tty: Fix auditing support for cannonical mode")
144 Cc: stable <stable@vger.kernel.org> # 4.1+
145 Cc: Miloslav Trmač <mitr@redhat.com>
146 Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
147 Acked-by: Laura Abbott <labbott@fedoraproject.org>
148 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
149
150 drivers/tty/n_tty.c | 2 +-
151 drivers/tty/tty_audit.c | 2 +-
152 include/linux/tty.h | 6 +++---
153 3 files changed, 5 insertions(+), 5 deletions(-)
154
155commit 558c7e73286735e7f8d81727843c389f3e564ed2
156Author: Al Viro <viro@zeniv.linux.org.uk>
157Date: Tue Dec 8 03:07:22 2015 -0500
158
159 9p: ->evict_inode() should kick out ->i_data, not ->i_mapping
160
161 For block devices the pagecache is associated with the inode
162 on bdevfs, not with the aliasing ones on the mountable filesystems.
163 The latter have its own ->i_data empty and ->i_mapping pointing
164 to the (unique per major/minor) bdevfs inode. That guarantees
165 cache coherence between all block device inodes with the same
166 device number.
167
168 Eviction of an alias inode has no business trying to evict the
169 pages belonging to bdevfs one; moreover, ->i_mapping is only
170 safe to access when the thing is opened. At the time of
171 ->evict_inode() the victim is definitely *not* opened. We are
172 about to kill the address space embedded into struct inode
173 (inode->i_data) and that's what we need to empty of any pages.
174
175 9p instance tries to empty inode->i_mapping instead, which is
176 both unsafe and bogus - if we have several device nodes with
177 the same device number in different places, closing one of them
178 should not try to empty the (shared) page cache.
179
180 Fortunately, other instances in the tree are OK; they are
181 evicting from &inode->i_data instead, as 9p one should.
182
183 Cc: stable@vger.kernel.org # v2.6.32+, ones prior to 2.6.36 need only half of that
184 Reported-by: "Suzuki K. Poulose" <Suzuki.Poulose@arm.com>
185 Tested-by: "Suzuki K. Poulose" <Suzuki.Poulose@arm.com>
186 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
187
188 fs/9p/vfs_inode.c | 4 ++--
189 1 files changed, 2 insertions(+), 2 deletions(-)
190
191commit 037f7332eaf1c065207db9d9123562a0a5459e88
192Author: Jan Stancek <jstancek@redhat.com>
193Date: Tue Dec 8 13:57:51 2015 -0500
194
195 ipmi: move timer init to before irq is setup
196
197 We encountered a panic on boot in ipmi_si on a dell per320 due to an
198 uninitialized timer as follows.
199
200 static int smi_start_processing(void *send_info,
201 ipmi_smi_t intf)
202 {
203 /* Try to claim any interrupts. */
204 if (new_smi->irq_setup)
205 new_smi->irq_setup(new_smi);
206
207 --> IRQ arrives here and irq handler tries to modify uninitialized timer
208
209 which triggers BUG_ON(!timer->function) in __mod_timer().
210
211 Call Trace:
212 <IRQ>
213 [<ffffffffa0532617>] start_new_msg+0x47/0x80 [ipmi_si]
214 [<ffffffffa053269e>] start_check_enables+0x4e/0x60 [ipmi_si]
215 [<ffffffffa0532bd8>] smi_event_handler+0x1e8/0x640 [ipmi_si]
216 [<ffffffff810f5584>] ? __rcu_process_callbacks+0x54/0x350
217 [<ffffffffa053327c>] si_irq_handler+0x3c/0x60 [ipmi_si]
218 [<ffffffff810efaf0>] handle_IRQ_event+0x60/0x170
219 [<ffffffff810f245e>] handle_edge_irq+0xde/0x180
220 [<ffffffff8100fc59>] handle_irq+0x49/0xa0
221 [<ffffffff8154643c>] do_IRQ+0x6c/0xf0
222 [<ffffffff8100ba53>] ret_from_intr+0x0/0x11
223
224 /* Set up the timer that drives the interface. */
225 setup_timer(&new_smi->si_timer, smi_timeout, (long)new_smi);
226
227 The following patch fixes the problem.
228
229 To: Openipmi-developer@lists.sourceforge.net
230 To: Corey Minyard <minyard@acm.org>
231 CC: linux-kernel@vger.kernel.org
232
233 Signed-off-by: Jan Stancek <jstancek@redhat.com>
234 Signed-off-by: Tony Camuso <tcamuso@redhat.com>
235 Signed-off-by: Corey Minyard <cminyard@mvista.com>
236 Cc: stable@vger.kernel.org # Applies cleanly to 3.10-, needs small rework before
237
238 drivers/char/ipmi/ipmi_si_intf.c | 8 ++++----
239 1 files changed, 4 insertions(+), 4 deletions(-)
240
241commit e15b4ee2742c5619359c2ee8c345cfdde6dddde4
242Author: Sasha Levin <sasha.levin@oracle.com>
243Date: Thu Dec 3 22:04:01 2015 -0500
244
245 bitops.h: correctly handle rol32 with 0 byte shift
246
247 ROL on a 32 bit integer with a shift of 32 or more is undefined and the
248 result is arch-dependent. Avoid this by handling the trivial case of
249 roling by 0 correctly.
250
251 The trivial solution of checking if shift is 0 breaks gcc's detection
252 of this code as a ROL instruction, which is unacceptable.
253
254 This bug was reported and fixed in GCC
255 (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57157):
256
257 The standard rotate idiom,
258
259 (x << n) | (x >> (32 - n))
260
261 is recognized by gcc (for concreteness, I discuss only the case that x
262 is an uint32_t here).
263
264 However, this is portable C only for n in the range 0 < n < 32. For n
265 == 0, we get x >> 32 which gives undefined behaviour according to the
266 C standard (6.5.7, Bitwise shift operators). To portably support n ==
267 0, one has to write the rotate as something like
268
269 (x << n) | (x >> ((-n) & 31))
270
271 And this is apparently not recognized by gcc.
272
273 Note that this is broken on older GCCs and will result in slower ROL.
274
275 Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
276 Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
277 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
278
279 include/linux/bitops.h | 2 +-
280 1 files changed, 1 insertions(+), 1 deletions(-)
281
282commit ce8356f6a992579d7cb2fd5c9bbe72d71d7e0ae7
283Author: Eric Dumazet <edumazet@google.com>
284Date: Mon Nov 9 17:51:23 2015 -0800
285
286 net: fix a race in dst_release()
287
288 [ Upstream commit d69bbf88c8d0b367cf3e3a052f6daadf630ee566 ]
289
290 Only cpu seeing dst refcount going to 0 can safely
291 dereference dst->flags.
292
293 Otherwise an other cpu might already have freed the dst.
294
295 Fixes: 27b75c95f10d ("net: avoid RCU for NOCACHE dst")
296 Reported-by: Greg Thelen <gthelen@google.com>
297 Signed-off-by: Eric Dumazet <edumazet@google.com>
298 Signed-off-by: David S. Miller <davem@davemloft.net>
299 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
300
301 Conflicts:
302
303 net/core/dst.c
304
305 net/core/dst.c | 2 +-
306 1 files changed, 1 insertions(+), 1 deletions(-)
307
308commit fd6d066be125ec23856c705101701e6df3eae799
309Author: Brad Spengler <spender@grsecurity.net>
310Date: Tue Dec 8 20:55:51 2015 -0500
311
312 Backport: ptrace: use fsuid, fsgid, effective creds for fs access checks
313
314 By checking the effective credentials instead of the real UID / permitted
315 capabilities, ensure that the calling process actually intended to use its
316 credentials.
317
318 To ensure that all ptrace checks use the correct caller credentials (e.g.
319 in case out-of-tree code or newly added code omits the PTRACE_MODE_*CREDS
320 flag), use two new flags and require one of them to be set.
321
322 The problem was that when a privileged task had temporarily dropped its
323 privileges, e.g. by calling setreuid(0, user_uid), with the intent to
324 perform following syscalls with the credentials of a user, it still passed
325 ptrace access checks that the user would not be able to pass.
326
327 While an attacker should not be able to convince the privileged task to
328 perform a ptrace() syscall, this is a problem because the ptrace access
329 check is reused for things in procfs.
330
331 In particular, the following somewhat interesting procfs entries only rely
332 on ptrace access checks:
333
334 /proc/$pid/stat - uses the check for determining whether pointers
335 should be visible, useful for bypassing ASLR
336 /proc/$pid/maps - also useful for bypassing ASLR
337 /proc/$pid/cwd - useful for gaining access to restricted
338 directories that contain files with lax permissions, e.g. in
339 this scenario:
340 lrwxrwxrwx root root /proc/13020/cwd -> /root/foobar
341 drwx------ root root /root
342 drwxr-xr-x root root /root/foobar
343 -rw-r--r-- root root /root/foobar/secret
344
345 Therefore, on a system where a root-owned mode 6755 binary changes its
346 effective credentials as described and then dumps a user-specified file,
347 this could be used by an attacker to reveal the memory layout of root's
348 processes or reveal the contents of files he is not allowed to access
349 (through /proc/$pid/cwd).
350
351 Signed-off-by: Jann Horn <jann@thejh.net>
352 Acked-by: Kees Cook <keescook@chromium.org>
353 Cc: Casey Schaufler <casey@schaufler-ca.com>
354 Cc: Oleg Nesterov <oleg@redhat.com>
355 Cc: Ingo Molnar <mingo@redhat.com>
356 Cc: James Morris <james.l.morris@oracle.com>
357 Cc: "Serge E. Hallyn" <serge.hallyn@ubuntu.com>
358 Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
359 Cc: Andy Lutomirski <luto@kernel.org>
360 Cc: Al Viro <viro@zeniv.linux.org.uk>
361 Cc: "Eric W. Biederman" <ebiederm@xmission.com>
362 Cc: Willy Tarreau <w@1wt.eu>
363 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
364
365 fs/proc/array.c | 2 +-
366 fs/proc/base.c | 24 ++++++++++++------------
367 fs/proc/namespaces.c | 4 ++--
368 fs/proc/task_mmu.c | 2 +-
369 include/linux/ptrace.h | 24 +++++++++++++++++++++++-
370 kernel/events/core.c | 2 +-
371 kernel/futex.c | 2 +-
372 kernel/futex_compat.c | 2 +-
373 kernel/kcmp.c | 4 ++--
374 kernel/ptrace.c | 36 +++++++++++++++++++++++++++++-------
375 mm/process_vm_access.c | 2 +-
376 security/commoncap.c | 7 ++++++-
377 12 files changed, 80 insertions(+), 31 deletions(-)
378
379commit 60bfe5c382e5e97ae8d558224ec40a108437307f
380Author: Brad Spengler <spender@grsecurity.net>
381Date: Tue Dec 8 20:40:02 2015 -0500
382
383 Backport: security: let security modules use PTRACE_MODE_* with bitmasks
384
385 It looks like smack and yama weren't aware that the ptrace mode
386 can have flags ORed into it - PTRACE_MODE_NOAUDIT until now, but
387 only for /proc/$pid/stat, and with the PTRACE_MODE_*CREDS patch,
388 all modes have flags ORed into them.
389
390 Signed-off-by: Jann Horn <jann@thejh.net>
391 Acked-by: Kees Cook <keescook@chromium.org>
392 Acked-by: Casey Schaufler <casey@schaufler-ca.com>
393 Cc: Oleg Nesterov <oleg@redhat.com>
394 Cc: Ingo Molnar <mingo@redhat.com>
395 Cc: James Morris <james.l.morris@oracle.com>
396 Cc: "Serge E. Hallyn" <serge.hallyn@ubuntu.com>
397 Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
398 Cc: Andy Lutomirski <luto@kernel.org>
399 Cc: Al Viro <viro@zeniv.linux.org.uk>
400 Cc: "Eric W. Biederman" <ebiederm@xmission.com>
401 Cc: Willy Tarreau <w@1wt.eu>
402 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
403
404 security/smack/smack_lsm.c | 8 +++-----
405 security/yama/yama_lsm.c | 4 ++--
406 2 files changed, 5 insertions(+), 7 deletions(-)
407
408commit 2744e9cf5a84c515268784034f99bc839a359747
409Author: Brad Spengler <spender@grsecurity.net>
410Date: Tue Dec 8 20:13:37 2015 -0500
411
412 Update mm_access in anticipation of upstream /proc security fixes, reported by Jann Horn
413
414 kernel/fork.c | 2 +-
415 1 files changed, 1 insertions(+), 1 deletions(-)
416
417commit 4d0bf7315334418044d567eb47c9e36c1df73ba0
418Author: Al Viro <viro@zeniv.linux.org.uk>
419Date: Sun Dec 6 12:33:02 2015 -0500
420
421 Don't reset ->total_link_count on nested calls of vfs_path_lookup()
422
423 we already zero it on outermost set_nameidata(), so initialization in
424 path_init() is pointless and wrong. The same DoS exists on pre-4.2
425 kernels, but there a slightly different fix will be needed.
426
427 Cc: stable@vger.kernel.org # v4.2
428 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
429
430 Conflicts:
431
432 fs/namei.c
433
434 fs/namei.c | 1 -
435 1 files changed, 0 insertions(+), 1 deletions(-)
436
437commit e16faf47cc7dcb32105830b0af6d2c35f8724455
438Author: Miklos Szeredi <miklos@szeredi.hu>
439Date: Fri Dec 4 19:18:48 2015 +0100
440
441 ovl: fix permission checking for setattr
442
443 [Al Viro] The bug is in being too enthusiastic about optimizing ->setattr()
444 away - instead of "copy verbatim with metadata" + "chmod/chown/utimes"
445 (with the former being always safe and the latter failing in case of
446 insufficient permissions) it tries to combine these two. Note that copyup
447 itself will have to do ->setattr() anyway; _that_ is where the elevated
448 capabilities are right. Having these two ->setattr() (one to set verbatim
449 copy of metadata, another to do what overlayfs ->setattr() had been asked
450 to do in the first place) combined is where it breaks.
451
452 Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
453 Cc: <stable@vger.kernel.org>
454 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
455
456 fs/overlayfs/inode.c | 8 ++++----
457 1 files changed, 4 insertions(+), 4 deletions(-)
458
a085e527
PK		 459commit 24ce7d83ff71aa7102231f41c41aaf44f949751a
460Author: David Gstir <david@sigma-star.at>
461Date: Sun Nov 15 17:14:41 2015 +0100
462
463 crypto: nx - Fix timing leak in GCM and CCM decryption
464
465 Using non-constant time memcmp() makes the verification of the authentication
466 tag in the decrypt path vulnerable to timing attacks. Fix this by using
467 crypto_memneq() instead.
468
469 Cc: stable@vger.kernel.org
470 Signed-off-by: David Gstir <david@sigma-star.at>
471 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
472
473 drivers/crypto/nx/nx-aes-ccm.c | 2 +-
474 drivers/crypto/nx/nx-aes-gcm.c | 2 +-
475 2 files changed, 2 insertions(+), 2 deletions(-)
476
477commit 5c001f6d281406b32d79cf9b7851413adb658641
478Author: David Gstir <david@sigma-star.at>
479Date: Sun Nov 15 17:14:42 2015 +0100
480
481 crypto: talitos - Fix timing leak in ESP ICV verification
482
483 Using non-constant time memcmp() makes the verification of the authentication
484 tag in the decrypt path vulnerable to timing attacks. Fix this by using
485 crypto_memneq() instead.
486
487 Cc: stable@vger.kernel.org
488 Signed-off-by: David Gstir <david@sigma-star.at>
489 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
490
491 Conflicts:
492
493 drivers/crypto/talitos.c
494
495 drivers/crypto/talitos.c | 4 ++--
496 1 files changed, 2 insertions(+), 2 deletions(-)
497
498commit 66e9fe2d958fcdce01c6dadf415864e8cdeb06cb
499Author: Brad Spengler <spender@grsecurity.net>
500Date: Fri Dec 4 23:40:00 2015 -0500
501
502 Fix a size_overflow report caused by __get_user not fully initializing a register when
503 reading in less than a register-width from userland, reported by peetaur at:
504 https://forums.grsecurity.net/viewtopic.php?f=3&t=4332
505 Fix is from the PaX Team
506
507 arch/x86/include/asm/uaccess.h | 2 +-
508 1 files changed, 1 insertions(+), 1 deletions(-)
509
510commit 8599b6467ba41cf3d4e9a96495b5d71d44e74f6c
511Author: Eric Dumazet <edumazet@google.com>
512Date: Thu Nov 26 08:18:14 2015 -0800
513
514 tcp: initialize tp->copied_seq in case of cross SYN connection
515
516 Dmitry provided a syzkaller (http://github.com/google/syzkaller)
517 generated program that triggers the WARNING at
518 net/ipv4/tcp.c:1729 in tcp_recvmsg() :
519
520 WARN_ON(tp->copied_seq != tp->rcv_nxt &&
521 !(flags & (MSG_PEEK | MSG_TRUNC)));
522
523 His program is specifically attempting a Cross SYN TCP exchange,
524 that we support (for the pleasure of hackers ?), but it looks we
525 lack proper tcp->copied_seq initialization.
526
527 Thanks again Dmitry for your report and testings.
528
529 Signed-off-by: Eric Dumazet <edumazet@google.com>
530 Reported-by: Dmitry Vyukov <dvyukov@google.com>
531 Tested-by: Dmitry Vyukov <dvyukov@google.com>
532 Signed-off-by: David S. Miller <davem@davemloft.net>
533
534 net/ipv4/tcp_input.c | 1 +
535 1 files changed, 1 insertions(+), 0 deletions(-)
536
537commit 73c0ec9194319dc262011dbe7196c55cb450f29a
538Author: Guillaume Nault <g.nault@alphalink.fr>
539Date: Thu Dec 3 16:49:32 2015 +0100
540
541 pppoe: fix memory corruption in padt work structure
542
543 pppoe_connect() mustn't touch the padt_work field of pppoe sockets
544 because that work could be already pending.
545
546 [ 21.473147] BUG: unable to handle kernel NULL pointer dereference at 00000004
547 [ 21.474523] IP: [<c1043177>] process_one_work+0x29/0x31c
548 [ 21.475164] *pde = 00000000
549 [ 21.475513] Oops: 0000 [#1] SMP
550 [ 21.475910] Modules linked in: pppoe pppox ppp_generic slhc crc32c_intel aesni_intel virtio_net xts aes_i586 lrw gf128mul ablk_helper cryptd evdev acpi_cpufreq processor serio_raw button ext4 crc16 mbcache jbd2 virtio_blk virtio_pci virtio_ring virtio
551 [ 21.476168] CPU: 2 PID: 164 Comm: kworker/2:2 Not tainted 4.4.0-rc1 #1
552 [ 21.476168] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
553 [ 21.476168] task: f5f83c00 ti: f5e28000 task.ti: f5e28000
554 [ 21.476168] EIP: 0060:[<c1043177>] EFLAGS: 00010046 CPU: 2
555 [ 21.476168] EIP is at process_one_work+0x29/0x31c
556 [ 21.484082] EAX: 00000000 EBX: f678b2a0 ECX: 00000004 EDX: 00000000
557 [ 21.484082] ESI: f6c69940 EDI: f5e29ef0 EBP: f5e29f0c ESP: f5e29edc
558 [ 21.484082] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
559 [ 21.484082] CR0: 80050033 CR2: 000000a4 CR3: 317ad000 CR4: 00040690
560 [ 21.484082] Stack:
561 [ 21.484082] 00000000 f6c69950 00000000 f6c69940 c0042338 f5e29f0c c1327945 00000000
562 [ 21.484082] 00000008 f678b2a0 f6c69940 f678b2b8 f5e29f30 c1043984 f5f83c00 f6c69970
563 [ 21.484082] f678b2a0 c10437d3 f6775e80 f678b2a0 c10437d3 f5e29fac c1047059 f5e29f74
564 [ 21.484082] Call Trace:
565 [ 21.484082] [<c1327945>] ? _raw_spin_lock_irq+0x28/0x30
566 [ 21.484082] [<c1043984>] worker_thread+0x1b1/0x244
567 [ 21.484082] [<c10437d3>] ? rescuer_thread+0x229/0x229
568 [ 21.484082] [<c10437d3>] ? rescuer_thread+0x229/0x229
569 [ 21.484082] [<c1047059>] kthread+0x8f/0x94
570 [ 21.484082] [<c1327a32>] ? _raw_spin_unlock_irq+0x22/0x26
571 [ 21.484082] [<c1327ee9>] ret_from_kernel_thread+0x21/0x38
572 [ 21.484082] [<c1046fca>] ? kthread_parkme+0x19/0x19
573 [ 21.496082] Code: 5d c3 55 89 e5 57 56 53 89 c3 83 ec 24 89 d0 89 55 e0 8d 7d e4 e8 6c d8 ff ff b9 04 00 00 00 89 45 d8 8b 43 24 89 45 dc 8b 45 d8 <8b> 40 04 8b 80 e0 00 00 00 c1 e8 05 24 01 88 45 d7 8b 45 e0 8d
574 [ 21.496082] EIP: [<c1043177>] process_one_work+0x29/0x31c SS:ESP 0068:f5e29edc
575 [ 21.496082] CR2: 0000000000000004
576 [ 21.496082] ---[ end trace e362cc9cf10dae89 ]---
577
578 Reported-by: Andrew <nitr0@seti.kr.ua>
579 Fixes: 287f3a943fef ("pppoe: Use workqueue to die properly when a PADT is received")
580 Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
581 Signed-off-by: David S. Miller <davem@davemloft.net>
582
583 drivers/net/ppp/pppoe.c | 14 ++++++++++----
584 1 files changed, 10 insertions(+), 4 deletions(-)
585
586commit 909cb25969d65dbdd08c69486c72cb09cf30131a
587Merge: 2fd6be6 b27a8b0
588Author: Brad Spengler <spender@grsecurity.net>
589Date: Fri Dec 4 19:40:10 2015 -0500
590
591 Merge branch 'pax-test' into grsec-test
592
593 Conflicts:
594 Makefile
595
596commit b27a8b0f99304f0bc3ea3a8e55f04f6bb57bbe8f
597Author: Brad Spengler <spender@grsecurity.net>
598Date: Fri Dec 4 19:38:31 2015 -0500
599
600 Update to pax-linux-4.2.6-test26.patch:
601 - fixed integer truncation check in md introduced by upstream commits 284ae7cab0f7335c9e0aa8992b28415ef1a54c7c and 58c0fed400603a802968b23ddf78f029c5a84e41, reported by BeiKed9o (https://forums.grsecurity.net/viewtopic.php?f=3&t=4328)
602 - gcc plugin compilation problems will now also produce the output of the checking script to make diagnosis easier, reported by hunger
603 - Emese fixed a false positive size overflow report in __vhost_add_used_n, reported by quasar366 (https://forums.grsecurity.net/viewtopic.php?f=3&t=4329)
604 - fixed a potential integer truncation error in the raid1 code caught by the size overflow plugin, reported by d1b (https://forums.grsecurity.net/viewtopic.php?f=3&t=4331)
605
606 Makefile | 5 +++
607 drivers/md/md.c | 5 ++-
608 drivers/md/raid1.c | 2 +-
609 fs/proc/task_mmu.c | 3 ++
610 .../disable_size_overflow_hash.data | 4 ++-
611 .../size_overflow_plugin/intentional_overflow.c | 32 ++++++++++++++++---
612 .../size_overflow_plugin/size_overflow_hash.data | 2 -
613 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
614 8 files changed, 43 insertions(+), 12 deletions(-)
615
616commit 2fd6be640143ad13633518208bb1ba5730bf4949
617Author: Eric Dumazet <edumazet@google.com>
618Date: Tue Dec 1 20:08:51 2015 -0800
619
620 net_sched: fix qdisc_tree_decrease_qlen() races
621
622 qdisc_tree_decrease_qlen() suffers from two problems on multiqueue
623 devices.
624
625 One problem is that it updates sch->q.qlen and sch->qstats.drops
626 on the mq/mqprio root qdisc, while it should not : Daniele
627 reported underflows errors :
628 [ 681.774821] PAX: sch->q.qlen: 0 n: 1
629 [ 681.774825] PAX: size overflow detected in function qdisc_tree_decrease_qlen net/sched/sch_api.c:769 cicus.693_49 min, count: 72, decl: qlen; num: 0; context: sk_buff_head;
630 [ 681.774954] CPU: 2 PID: 19 Comm: ksoftirqd/2 Tainted: G O 4.2.6.201511282239-1-grsec #1
631 [ 681.774955] Hardware name: ASUSTeK COMPUTER INC. X302LJ/X302LJ, BIOS X302LJ.202 03/05/2015
632 [ 681.774956] ffffffffa9a04863 0000000000000000 0000000000000000 ffffffffa990ff7c
633 [ 681.774959] ffffc90000d3bc38 ffffffffa95d2810 0000000000000007 ffffffffa991002b
634 [ 681.774960] ffffc90000d3bc68 ffffffffa91a44f4 0000000000000001 0000000000000001
635 [ 681.774962] Call Trace:
636 [ 681.774967] [<ffffffffa95d2810>] dump_stack+0x4c/0x7f
637 [ 681.774970] [<ffffffffa91a44f4>] report_size_overflow+0x34/0x50
638 [ 681.774972] [<ffffffffa94d17e2>] qdisc_tree_decrease_qlen+0x152/0x160
639 [ 681.774976] [<ffffffffc02694b1>] fq_codel_dequeue+0x7b1/0x820 [sch_fq_codel]
640 [ 681.774978] [<ffffffffc02680a0>] ? qdisc_peek_dequeued+0xa0/0xa0 [sch_fq_codel]
641 [ 681.774980] [<ffffffffa94cd92d>] __qdisc_run+0x4d/0x1d0
642 [ 681.774983] [<ffffffffa949b2b2>] net_tx_action+0xc2/0x160
643 [ 681.774985] [<ffffffffa90664c1>] __do_softirq+0xf1/0x200
644 [ 681.774987] [<ffffffffa90665ee>] run_ksoftirqd+0x1e/0x30
645 [ 681.774989] [<ffffffffa90896b0>] smpboot_thread_fn+0x150/0x260
646 [ 681.774991] [<ffffffffa9089560>] ? sort_range+0x40/0x40
647 [ 681.774992] [<ffffffffa9085fe4>] kthread+0xe4/0x100
648 [ 681.774994] [<ffffffffa9085f00>] ? kthread_worker_fn+0x170/0x170
649 [ 681.774995] [<ffffffffa95d8d1e>] ret_from_fork+0x3e/0x70
650
651 mq/mqprio have their own ways to report qlen/drops by folding stats on
652 all their queues, with appropriate locking.
653
654 A second problem is that qdisc_tree_decrease_qlen() calls qdisc_lookup()
655 without proper locking : concurrent qdisc updates could corrupt the list
656 that qdisc_match_from_root() parses to find a qdisc given its handle.
657
658 Fix first problem adding a TCQ_F_NOPARENT qdisc flag that
659 qdisc_tree_decrease_qlen() can use to abort its tree traversal,
660 as soon as it meets a mq/mqprio qdisc children.
661
662 Second problem can be fixed by RCU protection.
663 Qdisc are already freed after RCU grace period, so qdisc_list_add() and
664 qdisc_list_del() simply have to use appropriate rcu list variants.
665
666 A future patch will add a per struct netdev_queue list anchor, so that
667 qdisc_tree_decrease_qlen() can have more efficient lookups.
668
669 Reported-by: Daniele Fucini <dfucini@gmail.com>
670 Signed-off-by: Eric Dumazet <edumazet@google.com>
671 Cc: Cong Wang <cwang@twopensource.com>
672 Cc: Jamal Hadi Salim <jhs@mojatatu.com>
673 Signed-off-by: David S. Miller <davem@davemloft.net>
674
675 Conflicts:
676
677 net/sched/sch_generic.c
678
679 include/net/sch_generic.h | 3 +++
680 net/sched/sch_api.c | 27 ++++++++++++++++++---------
681 net/sched/sch_generic.c | 2 +-
682 net/sched/sch_mq.c | 4 ++--
683 net/sched/sch_mqprio.c | 4 ++--
684 5 files changed, 26 insertions(+), 14 deletions(-)
685
686commit 47e3db55fb66525b7a769de3e2275b5d75a03f39
687Author: Eric Dumazet <edumazet@google.com>
688Date: Tue Dec 1 07:20:07 2015 -0800
689
690 ipv6: sctp: implement sctp_v6_destroy_sock()
691
692 Dmitry Vyukov reported a memory leak using IPV6 SCTP sockets.
693
694 We need to call inet6_destroy_sock() to properly release
695 inet6 specific fields.
696
697 Reported-by: Dmitry Vyukov <dvyukov@google.com>
698 Signed-off-by: Eric Dumazet <edumazet@google.com>
699 Acked-by: Daniel Borkmann <daniel@iogearbox.net>
700 Signed-off-by: David S. Miller <davem@davemloft.net>
701
702 net/sctp/socket.c | 9 ++++++++-
703 1 files changed, 8 insertions(+), 1 deletions(-)
704
705commit c97f798d6e4fb454a7bfbb39fc073c8f538863c9
706Author: Jan Engelhardt <jengelh@inai.de>
707Date: Mon Nov 23 17:46:32 2015 +0100
708
709 target: fix COMPARE_AND_WRITE non zero SGL offset data corruption
710
711 target_core_sbc's compare_and_write functionality suffers from taking
712 data at the wrong memory location when writing a CAW request to disk
713 when a SGL offset is non-zero.
714
715 This can happen with loopback and vhost-scsi fabric drivers when
716 SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC is used to map existing user-space
717 SGL memory into COMPARE_AND_WRITE READ/WRITE payload buffers.
718
719 Given the following sample LIO subtopology,
720
721 % targetcli ls /loopback/
722 o- loopback ................................. [1 Target]
723 o- naa.6001405ebb8df14a ....... [naa.60014059143ed2b3]
724 o- luns ................................... [2 LUNs]
725 o- lun0 ................ [iblock/ram0 (/dev/ram0)]
726 o- lun1 ................ [iblock/ram1 (/dev/ram1)]
727 % lsscsi -g
728 [3:0:1:0] disk LIO-ORG IBLOCK 4.0 /dev/sdc /dev/sg3
729 [3:0:1:1] disk LIO-ORG IBLOCK 4.0 /dev/sdd /dev/sg4
730
731 the following bug can be observed in Linux 4.3 and 4.4~rc1:
732
733 % perl -e 'print chr$_ for 0..255,reverse 0..255' >rand
734 % perl -e 'print "\0" x 512' >zero
735 % cat rand >/dev/sdd
736 % sg_compare_and_write -i rand -D zero --lba 0 /dev/sdd
737 % sg_compare_and_write -i zero -D rand --lba 0 /dev/sdd
738 Miscompare reported
739 % hexdump -Cn 512 /dev/sdd
740 00000000 0f 0e 0d 0c 0b 0a 09 08 07 06 05 04 03 02 01 00
741 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
742 *
743 00000200
744
745 Rather than writing all-zeroes as instructed with the -D file, it
746 corrupts the data in the sector by splicing some of the original
747 bytes in. The page of the first entry of cmd->t_data_sg includes the
748 CDB, and sg->offset is set to a position past the CDB. I presume that
749 sg->offset is also the right choice to use for subsequent sglist
750 members.
751
752 Signed-off-by: Jan Engelhardt <jengelh@netitwork.de>
753 Tested-by: Douglas Gilbert <dgilbert@interlog.com>
754 Cc: <stable@vger.kernel.org> # v3.12+
755 Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
756
757 drivers/target/target_core_sbc.c | 4 ++--
758 1 files changed, 2 insertions(+), 2 deletions(-)
759
760commit 43aa1ca4268298d8f65be2411d627573f33afb3e
761Author: Nicholas Bellinger <nab@linux-iscsi.org>
762Date: Thu Nov 5 23:37:59 2015 -0800
763
764 target: Fix race for SCF_COMPARE_AND_WRITE_POST checking
765
766 This patch addresses a race + use after free where the first
767 stage of COMPARE_AND_WRITE in compare_and_write_callback()
768 is rescheduled after the backend sends the secondary WRITE,
769 resulting in second stage compare_and_write_post() callback
770 completing in target_complete_ok_work() before the first
771 can return.
772
773 Because current code depends on checking se_cmd->se_cmd_flags
774 after return from se_cmd->transport_complete_callback(),
775 this results in first stage having SCF_COMPARE_AND_WRITE_POST
776 set, which incorrectly falls through into second stage CAW
777 processing code, eventually triggering a NULL pointer
778 dereference due to use after free.
779
780 To address this bug, pass in a new *post_ret parameter into
781 se_cmd->transport_complete_callback(), and depend upon this
782 value instead of ->se_cmd_flags to determine when to return
783 or fall through into ->queue_status() code for CAW.
784
785 Cc: Sagi Grimberg <sagig@mellanox.com>
786 Cc: <stable@vger.kernel.org> # v3.12+
787 Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
788
789 drivers/target/target_core_sbc.c | 13 +++++++++----
790 drivers/target/target_core_transport.c | 14 ++++++++------
791 include/target/target_core_base.h | 2 +-
792 3 files changed, 18 insertions(+), 11 deletions(-)
793
794commit c26b157afe2cbde205fcdd36c0b0cc6ca36c2a6e
795Author: Hannes Frederic Sowa <hannes@stressinduktion.org>
796Date: Thu Nov 26 12:08:18 2015 +0100
797
798 af-unix: passcred support for sendpage
799
800 sendpage did not care about credentials at all. This could lead to
801 situations in which because of fd passing between processes we could
802 append data to skbs with different scm data. It is illegal to splice those
803 skbs together. Instead we have to allocate a new skb and if requested
804 fill out the scm details.
805
806 Fixes: 869e7c62486ec ("net: af_unix: implement stream sendpage support")
807 Reported-by: Al Viro <viro@zeniv.linux.org.uk>
808 Cc: Al Viro <viro@zeniv.linux.org.uk>
809 Cc: Eric Dumazet <edumazet@google.com>
810 Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
811 Signed-off-by: David S. Miller <davem@davemloft.net>
812
813 net/unix/af_unix.c | 79 ++++++++++++++++++++++++++++++++++++++++++----------
814 1 files changed, 64 insertions(+), 15 deletions(-)
815
816commit db1370c0dee2dfc22c3549eff6791afd19aaa365
817Author: Peter Hurley <peter@hurleysoftware.com>
818Date: Fri Nov 27 14:18:39 2015 -0500
819
820 wan/x25: Fix use-after-free in x25_asy_open_tty()
821
822 The N_X25 line discipline may access the previous line discipline's closed
823 and already-freed private data on open [1].
824
825 The tty->disc_data field _never_ refers to valid data on entry to the
826 line discipline's open() method. Rather, the ldisc is expected to
827 initialize that field for its own use for the lifetime of the instance
828 (ie. from open() to close() only).
829
830 [1]
831 [ 634.336761] ==================================================================
832 [ 634.338226] BUG: KASAN: use-after-free in x25_asy_open_tty+0x13d/0x490 at addr ffff8800a743efd0
833 [ 634.339558] Read of size 4 by task syzkaller_execu/8981
834 [ 634.340359] =============================================================================
835 [ 634.341598] BUG kmalloc-512 (Not tainted): kasan: bad access detected
836 ...
837 [ 634.405018] Call Trace:
838 [ 634.405277] dump_stack (lib/dump_stack.c:52)
839 [ 634.405775] print_trailer (mm/slub.c:655)
840 [ 634.406361] object_err (mm/slub.c:662)
841 [ 634.406824] kasan_report_error (mm/kasan/report.c:138 mm/kasan/report.c:236)
842 [ 634.409581] __asan_report_load4_noabort (mm/kasan/report.c:279)
843 [ 634.411355] x25_asy_open_tty (drivers/net/wan/x25_asy.c:559 (discriminator 1))
844 [ 634.413997] tty_ldisc_open.isra.2 (drivers/tty/tty_ldisc.c:447)
845 [ 634.414549] tty_set_ldisc (drivers/tty/tty_ldisc.c:567)
846 [ 634.415057] tty_ioctl (drivers/tty/tty_io.c:2646 drivers/tty/tty_io.c:2879)
847 [ 634.423524] do_vfs_ioctl (fs/ioctl.c:43 fs/ioctl.c:607)
848 [ 634.427491] SyS_ioctl (fs/ioctl.c:622 fs/ioctl.c:613)
849 [ 634.427945] entry_SYSCALL_64_fastpath (arch/x86/entry/entry_64.S:188)
850
851 Reported-and-tested-by: Sasha Levin <sasha.levin@oracle.com>
852 Cc: <stable@vger.kernel.org>
853 Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
854 Signed-off-by: David S. Miller <davem@davemloft.net>
855
856 drivers/net/wan/x25_asy.c | 6 +-----
857 1 files changed, 1 insertions(+), 5 deletions(-)
858
859commit 39f32f33dc362f9704113cc7874238792f8294c9
860Author: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
861Date: Mon Nov 30 14:32:54 2015 -0200
862
863 sctp: use GFP_USER for user-controlled kmalloc
864
865 Dmitry Vyukov reported that the user could trigger a kernel warning by
866 using a large len value for getsockopt SCTP_GET_LOCAL_ADDRS, as that
867 value directly affects the value used as a kmalloc() parameter.
868
869 This patch thus switches the allocation flags from all user-controllable
870 kmalloc size to GFP_USER to put some more restrictions on it and also
871 disables the warn, as they are not necessary.
872
873 Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
874 Acked-by: Daniel Borkmann <daniel@iogearbox.net>
875 Signed-off-by: David S. Miller <davem@davemloft.net>
876
877 net/sctp/socket.c | 4 ++--
878 1 files changed, 2 insertions(+), 2 deletions(-)
879
18e926a4
PK		 880commit 70614db891859ff8474665fc0e982e772c5baf6c
881Merge: 2aa7479 7f57ad4
882Author: Brad Spengler <spender@grsecurity.net>
883Date: Sat Nov 28 21:58:09 2015 -0500
884
885 Merge branch 'pax-test' into grsec-test
886
887commit 7f57ad48fc90cc2c942ef8cad44804ea6cdbfc67
888Author: Brad Spengler <spender@grsecurity.net>
889Date: Sat Nov 28 21:57:41 2015 -0500
890
891 Update to pax-linux-4.2.6-test25.patch:
892 - fixed constify regression, reported by spender
893
894 tools/gcc/constify_plugin.c | 14 +++++++-------
895 tools/gcc/initify_plugin.c | 2 +-
896 .../size_overflow_plugin/size_overflow_transform.c | 13 ++++++-------
897 tools/gcc/structleak_plugin.c | 2 +-
898 4 files changed, 15 insertions(+), 16 deletions(-)
899
900commit 2aa74790571aaea3d90191b1d235f580600d109f
901Merge: e10e76a 0851e20
902Author: Brad Spengler <spender@grsecurity.net>
903Date: Fri Nov 27 21:02:06 2015 -0500
904
905 Merge branch 'pax-test' into grsec-test
906
907commit 0851e206a7d21e18d353984cb3f827158ce4237b
908Author: Brad Spengler <spender@grsecurity.net>
909Date: Fri Nov 27 21:01:41 2015 -0500
910
911 Update to pax-linux-4.2.6-test24.patch:
912 - Emese fixed a few false positive overflow reports due to intentional overflows introduced by gcc, reported by Arnaud, kdave (https://forums.grsecurity.net/viewtopic.php?t=4287&p=15813#p15799) and rfnx (https://forums.grsecurity.net/viewtopic.php?t=4322)
913 - Emese fixed a false positive size overflow report in ext4, reported by saironiq (https://forums.grsecurity.net/viewtopic.php?f=3&t=4324)
914 - fixed a potential integer truncation error in the raid10 code caught by the size overflow plugin, reported by Alexander Tsoy (https://bugs.gentoo.org/show_bug.cgi?id=566316#c10)
915 - fixed a few integer sign conversion errors in the kernel's zlib code caught by the size overflow plugin, reported by audiocricket (https://forums.grsecurity.net/viewtopic.php?f=3&t=4325)
916 - fixed the handling of the no-constify constify plugin parameter
917 - constified kvm_x86_ops
918 - fixed macro param usage in access_ok, reported by gcc-6
919 - turned off ipa-icf on the size overflow plugin as gcc-5 compiles it very slowly
920 - fixed all plugins for gcc-6
921
922 arch/arm/kvm/arm.c | 2 +-
923 arch/mips/kvm/mips.c | 2 +-
924 arch/powerpc/kvm/powerpc.c | 2 +-
925 arch/x86/include/asm/uaccess.h | 2 +-
926 arch/x86/kvm/svm.c | 2 +-
927 arch/x86/kvm/vmx.c | 24 ++++----
928 arch/x86/kvm/x86.c | 2 +-
929 crypto/zlib.c | 8 +-
930 drivers/md/raid10.c | 2 +-
931 include/linux/kvm_host.h | 4 +-
932 scripts/Makefile.host | 6 ++
933 tools/gcc/constify_plugin.c | 27 +++++---
934 tools/gcc/initify_plugin.c | 6 +-
935 tools/gcc/kernexec_plugin.c | 10 +--
936 tools/gcc/size_overflow_plugin/Makefile | 2 +
937 .../disable_size_overflow_hash.data | 3 +
938 .../insert_size_overflow_asm.c | 2 +-
939 .../size_overflow_plugin/intentional_overflow.c | 63 ++++++++++++++++++++
940 tools/gcc/size_overflow_plugin/size_overflow.h | 1 +
941 .../gcc/size_overflow_plugin/size_overflow_debug.c | 2 +-
942 .../size_overflow_plugin/size_overflow_hash.data | 3 -
943 tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 2 +-
944 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
945 .../size_overflow_plugin/size_overflow_transform.c | 14 +++--
946 .../size_overflow_transform_core.c | 2 +
947 virt/kvm/kvm_main.c | 2 +-
948 26 files changed, 140 insertions(+), 57 deletions(-)
949
950commit e10e76a7ca9aab3528a613e91b556fd2f961c446
951Author: Brad Spengler <spender@grsecurity.net>
952Date: Fri Nov 27 20:04:14 2015 -0500
953
954 update RANDSTRUCT for gcc6
955
956 tools/gcc/randomize_layout_plugin.c | 2 +-
957 1 files changed, 1 insertions(+), 1 deletions(-)
958
959commit dd166b8680fdf8a72b44f175630803f33f442428
960Author: Filipe Manana <fdmanana@suse.com>
961Date: Fri Oct 16 12:34:25 2015 +0100
962
963 Btrfs: fix truncation of compressed and inlined extents
964
965 When truncating a file to a smaller size which consists of an inline
966 extent that is compressed, we did not discard (or made unusable) the
967 data between the new file size and the old file size, wasting metadata
968 space and allowing for the truncated data to be leaked and the data
969 corruption/loss mentioned below.
970 We were also not correctly decrementing the number of bytes used by the
971 inode, we were setting it to zero, giving a wrong report for callers of
972 the stat(2) syscall. The fsck tool also reported an error about a mismatch
973 between the nbytes of the file versus the real space used by the file.
974
975 Now because we weren't discarding the truncated region of the file, it
976 was possible for a caller of the clone ioctl to actually read the data
977 that was truncated, allowing for a security breach without requiring root
978 access to the system, using only standard filesystem operations. The
979 scenario is the following:
980
981 1) User A creates a file which consists of an inline and compressed
982 extent with a size of 2000 bytes - the file is not accessible to
983 any other users (no read, write or execution permission for anyone
984 else);
985
986 2) The user truncates the file to a size of 1000 bytes;
987
988 3) User A makes the file world readable;
989
990 4) User B creates a file consisting of an inline extent of 2000 bytes;
991
992 5) User B issues a clone operation from user A's file into its own
993 file (using a length argument of 0, clone the whole range);
994
995 6) User B now gets to see the 1000 bytes that user A truncated from
996 its file before it made its file world readbale. User B also lost
997 the bytes in the range [1000, 2000[ bytes from its own file, but
998 that might be ok if his/her intention was reading stale data from
999 user A that was never supposed to be public.
1000
1001 Note that this contrasts with the case where we truncate a file from 2000
1002 bytes to 1000 bytes and then truncate it back from 1000 to 2000 bytes. In
1003 this case reading any byte from the range [1000, 2000[ will return a value
1004 of 0x00, instead of the original data.
1005
1006 This problem exists since the clone ioctl was added and happens both with
1007 and without my recent data loss and file corruption fixes for the clone
1008 ioctl (patch "Btrfs: fix file corruption and data loss after cloning
1009 inline extents").
1010
1011 So fix this by truncating the compressed inline extents as we do for the
1012 non-compressed case, which involves decompressing, if the data isn't already
1013 in the page cache, compressing the truncated version of the extent, writing
1014 the compressed content into the inline extent and then truncate it.
1015
1016 The following test case for fstests reproduces the problem. In order for
1017 the test to pass both this fix and my previous fix for the clone ioctl
1018 that forbids cloning a smaller inline extent into a larger one,
1019 which is titled "Btrfs: fix file corruption and data loss after cloning
1020 inline extents", are needed. Without that other fix the test fails in a
1021 different way that does not leak the truncated data, instead part of
1022 destination file gets replaced with zeroes (because the destination file
1023 has a larger inline extent than the source).
1024
1025 seq=`basename $0`
1026 seqres=$RESULT_DIR/$seq
1027 echo "QA output created by $seq"
1028 tmp=/tmp/$$
1029 status=1 # failure is the default!
1030 trap "_cleanup; exit \$status" 0 1 2 3 15
1031
1032 _cleanup()
1033 {
1034 rm -f $tmp.*
1035 }
1036
1037 # get standard environment, filters and checks
1038 . ./common/rc
1039 . ./common/filter
1040
1041 # real QA test starts here
1042 _need_to_be_root
1043 _supported_fs btrfs
1044 _supported_os Linux
1045 _require_scratch
1046 _require_cloner
1047
1048 rm -f $seqres.full
1049
1050 _scratch_mkfs >>$seqres.full 2>&1
1051 _scratch_mount "-o compress"
1052
1053 # Create our test files. File foo is going to be the source of a clone operation
1054 # and consists of a single inline extent with an uncompressed size of 512 bytes,
1055 # while file bar consists of a single inline extent with an uncompressed size of
1056 # 256 bytes. For our test's purpose, it's important that file bar has an inline
1057 # extent with a size smaller than foo's inline extent.
1058 $XFS_IO_PROG -f -c "pwrite -S 0xa1 0 128" \
1059 -c "pwrite -S 0x2a 128 384" \
1060 $SCRATCH_MNT/foo | _filter_xfs_io
1061 $XFS_IO_PROG -f -c "pwrite -S 0xbb 0 256" $SCRATCH_MNT/bar | _filter_xfs_io
1062
1063 # Now durably persist all metadata and data. We do this to make sure that we get
1064 # on disk an inline extent with a size of 512 bytes for file foo.
1065 sync
1066
1067 # Now truncate our file foo to a smaller size. Because it consists of a
1068 # compressed and inline extent, btrfs did not shrink the inline extent to the
1069 # new size (if the extent was not compressed, btrfs would shrink it to 128
1070 # bytes), it only updates the inode's i_size to 128 bytes.
1071 $XFS_IO_PROG -c "truncate 128" $SCRATCH_MNT/foo
1072
1073 # Now clone foo's inline extent into bar.
1074 # This clone operation should fail with errno EOPNOTSUPP because the source
1075 # file consists only of an inline extent and the file's size is smaller than
1076 # the inline extent of the destination (128 bytes < 256 bytes). However the
1077 # clone ioctl was not prepared to deal with a file that has a size smaller
1078 # than the size of its inline extent (something that happens only for compressed
1079 # inline extents), resulting in copying the full inline extent from the source
1080 # file into the destination file.
1081 #
1082 # Note that btrfs' clone operation for inline extents consists of removing the
1083 # inline extent from the destination inode and copy the inline extent from the
1084 # source inode into the destination inode, meaning that if the destination
1085 # inode's inline extent is larger (N bytes) than the source inode's inline
1086 # extent (M bytes), some bytes (N - M bytes) will be lost from the destination
1087 # file. Btrfs could copy the source inline extent's data into the destination's
1088 # inline extent so that we would not lose any data, but that's currently not
1089 # done due to the complexity that would be needed to deal with such cases
1090 # (specially when one or both extents are compressed), returning EOPNOTSUPP, as
1091 # it's normally not a very common case to clone very small files (only case
1092 # where we get inline extents) and copying inline extents does not save any
1093 # space (unlike for normal, non-inlined extents).
1094 $CLONER_PROG -s 0 -d 0 -l 0 $SCRATCH_MNT/foo $SCRATCH_MNT/bar
1095
1096 # Now because the above clone operation used to succeed, and due to foo's inline
1097 # extent not being shinked by the truncate operation, our file bar got the whole
1098 # inline extent copied from foo, making us lose the last 128 bytes from bar
1099 # which got replaced by the bytes in range [128, 256[ from foo before foo was
1100 # truncated - in other words, data loss from bar and being able to read old and
1101 # stale data from foo that should not be possible to read anymore through normal
1102 # filesystem operations. Contrast with the case where we truncate a file from a
1103 # size N to a smaller size M, truncate it back to size N and then read the range
1104 # [M, N[, we should always get the value 0x00 for all the bytes in that range.
1105
1106 # We expected the clone operation to fail with errno EOPNOTSUPP and therefore
1107 # not modify our file's bar data/metadata. So its content should be 256 bytes
1108 # long with all bytes having the value 0xbb.
1109 #
1110 # Without the btrfs bug fix, the clone operation succeeded and resulted in
1111 # leaking truncated data from foo, the bytes that belonged to its range
1112 # [128, 256[, and losing data from bar in that same range. So reading the
1113 # file gave us the following content:
1114 #
1115 # 0000000 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1
1116 # *
1117 # 0000200 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a
1118 # *
1119 # 0000400
1120 echo "File bar's content after the clone operation:"
1121 od -t x1 $SCRATCH_MNT/bar
1122
1123 # Also because the foo's inline extent was not shrunk by the truncate
1124 # operation, btrfs' fsck, which is run by the fstests framework everytime a
1125 # test completes, failed reporting the following error:
1126 #
1127 # root 5 inode 257 errors 400, nbytes wrong
1128
1129 status=0
1130 exit
1131
1132 Cc: stable@vger.kernel.org
1133 Signed-off-by: Filipe Manana <fdmanana@suse.com>
1134
1135 fs/btrfs/inode.c | 82 ++++++++++++++++++++++++++++++++++++++++++++---------
1136 1 files changed, 68 insertions(+), 14 deletions(-)
1137
1138commit fe6936fd0f41ee2dccce47f5642251649a54e4d4
1139Author: Christoph Biedl <linux-kernel.bfrz@manchmal.in-ulm.de>
1140Date: Wed Nov 25 07:47:40 2015 +0100
1141
1142 isdn: Partially revert debug format string usage clean up
1143
1144 Commit 35a4a57 ("isdn: clean up debug format string usage") introduced
1145 a safeguard to avoid accidential format string interpolation of data
1146 when calling debugl1 or HiSax_putstatus. This did however not take into
1147 account VHiSax_putstatus (called by HiSax_putstatus) does *not* call
1148 vsprintf if the head parameter is NULL - the format string is treated
1149 as plain text then instead. As a result, the string "%s" is processed
1150 literally, and the actual information is lost. This affects the isdnlog
1151 userspace program which stopped logging information since that commit.
1152
1153 So revert the HiSax_putstatus invocations to the previous state.
1154
1155 Fixes: 35a4a5733b0a ("isdn: clean up debug format string usage")
1156 Cc: Kees Cook <keescook@chromium.org>
1157 Cc: Karsten Keil <isdn@linux-pingi.de>
1158 Signed-off-by: Christoph Biedl <linux-kernel.bfrz@manchmal.in-ulm.de>
1159 Signed-off-by: David S. Miller <davem@davemloft.net>
1160
1161 drivers/isdn/hisax/config.c | 2 +-
1162 drivers/isdn/hisax/hfc_pci.c | 2 +-
1163 drivers/isdn/hisax/hfc_sx.c | 2 +-
1164 drivers/isdn/hisax/q931.c | 6 +++---
1165 4 files changed, 6 insertions(+), 6 deletions(-)
1166
1167commit 574035e44b3d49a71f1c0737b7b49bf60ddf0ce7
1168Author: Brad Spengler <spender@grsecurity.net>
1169Date: Wed Nov 25 20:24:52 2015 -0500
1170
1171 future-proof the code against users of VM_NO_GUARD, mark KASAN as an incompatibility with KSTACKOVERFLOW
1172
1173 lib/Kconfig.kasan | 2 +-
1174 mm/vmalloc.c | 2 ++
1175 2 files changed, 3 insertions(+), 1 deletions(-)
1176
1177commit 8a355f2c56ecd40ada14fd16717105ea9a9ac0b5
1178Author: Al Viro <viro@zeniv.linux.org.uk>
1179Date: Mon Nov 23 21:11:08 2015 -0500
1180
1181 fix sysvfs symlinks
1182
1183 The thing got broken back in 2002 - sysvfs does *not* have inline
1184 symlinks; even short ones have bodies stored in the first block
1185 of file. sysv_symlink() handles that correctly; unfortunately,
1186 attempting to look an existing symlink up will end up confusing
1187 them for inline symlinks, and interpret the block number containing
1188 the body as the body itself.
1189
1190 Nobody has noticed until now, which says something about the level
1191 of testing sysvfs gets ;-/
1192
1193 Cc: stable@vger.kernel.org # all of them, not that anyone cared
1194 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
1195
1196 fs/sysv/inode.c | 11 ++---------
1197 1 files changed, 2 insertions(+), 9 deletions(-)
1198
1199commit 195f1b816ff4cdcc8defc2dc0424cf25a0d937fb
1200Author: Jan Kara <jack@suse.cz>
1201Date: Mon Nov 23 13:09:50 2015 +0100
1202
1203 vfs: Make sendfile(2) killable even better
1204
1205 Commit 296291cdd162 (mm: make sendfile(2) killable) fixed an issue where
1206 sendfile(2) was doing a lot of tiny writes into a filesystem and thus
1207 was unkillable for a long time. However sendfile(2) can be (mis)used to
1208 issue lots of writes into arbitrary file descriptor such as evenfd or
1209 similar special file descriptors which never hit the standard filesystem
1210 write path and thus are still unkillable. E.g. the following example
1211 from Dmitry burns CPU for ~16s on my test system without possibility to
1212 be killed:
1213
1214 int r1 = eventfd(0, 0);
1215 int r2 = memfd_create("", 0);
1216 unsigned long n = 1<<30;
1217 fallocate(r2, 0, 0, n);
1218 sendfile(r1, r2, 0, n);
1219
1220 There are actually quite a few tests for pending signals in sendfile
1221 code however we data to write is always available none of them seems to
1222 trigger. So fix the problem by adding a test for pending signal into
1223 splice_from_pipe_next() also before the loop waiting for pipe buffers to
1224 be available. This should fix all the lockup issues with sendfile of the
1225 do-ton-of-tiny-writes nature.
1226
1227 CC: stable@vger.kernel.org
1228 Reported-by: Dmitry Vyukov <dvyukov@google.com>
1229 Signed-off-by: Jan Kara <jack@suse.cz>
1230 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
1231
1232 fs/splice.c | 7 +++++++
1233 1 files changed, 7 insertions(+), 0 deletions(-)
1234
1235commit 92470552efa5a49718308238c7da9ba2579a1147
1236Author: Jan Kara <jack@suse.cz>
1237Date: Mon Nov 23 13:09:51 2015 +0100
1238
1239 vfs: Avoid softlockups with sendfile(2)
1240
1241 The following test program from Dmitry can cause softlockups or RCU
1242 stalls as it copies 1GB from tmpfs into eventfd and we don't have any
1243 scheduling point at that path in sendfile(2) implementation:
1244
1245 int r1 = eventfd(0, 0);
1246 int r2 = memfd_create("", 0);
1247 unsigned long n = 1<<30;
1248 fallocate(r2, 0, 0, n);
1249 sendfile(r1, r2, 0, n);
1250
1251 Add cond_resched() into __splice_from_pipe() to fix the problem.
1252
1253 CC: Dmitry Vyukov <dvyukov@google.com>
1254 CC: stable@vger.kernel.org
1255 Signed-off-by: Jan Kara <jack@suse.cz>
1256 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
1257
1258 fs/splice.c | 1 +
1259 1 files changed, 1 insertions(+), 0 deletions(-)
1260
1261commit 28ab97eb348dca6653eccb40d012103786d03ae6
1262Author: Eric Dumazet <edumazet@google.com>
1263Date: Tue Nov 24 11:39:54 2015 -0800
1264
1265 pidns: fix NULL dereference in __task_pid_nr_ns()
1266
1267 I got a crash during a "perf top" session that was caused by a race in
1268 __task_pid_nr_ns() :
1269
1270 pid_nr_ns() was inlined, but apparently compiler chose to read
1271 task->pids[type].pid twice, and the pid->level dereference crashed
1272 because we got a NULL pointer at the second read :
1273
1274 if (pid && ns->level <= pid->level) { // CRASH
1275
1276 Just use RCU API properly to solve this race, and not worry about "perf
1277 top" crashing hosts :(
1278
1279 get_task_pid() can benefit from same fix.
1280
1281 Signed-off-by: Eric Dumazet <edumazet@google.com>
1282 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1283
1284 kernel/pid.c | 4 ++--
1285 1 files changed, 2 insertions(+), 2 deletions(-)
1286
347ea7b0
PK		 1287commit 2545f7485c4676c52855750b992d8c1921e559c4
1288Merge: 93a41eb 83df348
1289Author: Brad Spengler <spender@grsecurity.net>
1290Date: Mon Nov 23 20:30:33 2015 -0500
1291
1292 Merge branch 'pax-test' into grsec-test
1293
1294commit 83df3482b33ef4d8192a253a6852e9a9db1f7dca
1295Author: Brad Spengler <spender@grsecurity.net>
1296Date: Mon Nov 23 20:30:16 2015 -0500
1297
1298 Update to pax-linux-4.2.6-test23.patch:
1299 - fixed gcc-common.h regression under gcc-5, reported by Arnaud and coldhak
1300 - fixed ath10k compile error with the size overflow plugin, reported by victor and careta (https://forums.grsecurity.net/viewtopic.php?t=4323)
1301
1302 drivers/net/wireless/ath/ath10k/ce.c | 4 ++--
1303 tools/gcc/gcc-common.h | 13 ++++++-------
1304 2 files changed, 8 insertions(+), 9 deletions(-)
1305
1306commit 93a41eb6e3a7ab9446658b6d2ec4623014b55232
1307Author: Brad Spengler <spender@grsecurity.net>
1308Date: Sun Nov 22 17:14:38 2015 -0500
1309
1310 update gcc-common.h
1311
1312 tools/gcc/gcc-common.h | 13 ++++++-------
1313 1 files changed, 6 insertions(+), 7 deletions(-)
1314
1315commit 7da11be9f025bd8193f03f9b32697bc1ce8ac650
1316Author: Andrew Cooper <andrew.cooper3@citrix.com>
1317Date: Wed Jun 3 10:31:14 2015 +0100
1318
1319 x86/cpu: Fix SMAP check in PVOPS environments
1320
1321 There appears to be no formal statement of what pv_irq_ops.save_fl() is
1322 supposed to return precisely. Native returns the full flags, while lguest and
1323 Xen only return the Interrupt Flag, and both have comments by the
1324 implementations stating that only the Interrupt Flag is looked at. This may
1325 have been true when initially implemented, but no longer is.
1326
1327 To make matters worse, the Xen PVOP leaves the upper bits undefined, making
1328 the BUG_ON() undefined behaviour. Experimentally, this now trips for 32bit PV
1329 guests on Broadwell hardware. The BUG_ON() is consistent for an individual
1330 build, but not consistent for all builds. It has also been a sitting timebomb
1331 since SMAP support was introduced.
1332
1333 Use native_save_fl() instead, which will obtain an accurate view of the AC
1334 flag.
1335
1336 Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
1337 Reviewed-by: David Vrabel <david.vrabel@citrix.com>
1338 Tested-by: Rusty Russell <rusty@rustcorp.com.au>
1339 Cc: Rusty Russell <rusty@rustcorp.com.au>
1340 Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
1341 Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
1342 Cc: <lguest@lists.ozlabs.org>
1343 Cc: Xen-devel <xen-devel@lists.xen.org>
1344 CC: stable@vger.kernel.org
1345 Link: http://lkml.kernel.org/r/1433323874-6927-1-git-send-email-andrew.cooper3@citrix.com
1346 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
1347
1348 arch/x86/kernel/cpu/common.c | 3 +--
1349 1 files changed, 1 insertions(+), 2 deletions(-)
1350
1351commit 08ce34cf092b9f1b5311f156df4182a282bf7acc
1352Author: Dave Hansen <dave.hansen@linux.intel.com>
1353Date: Wed Nov 11 10:19:31 2015 -0800
1354
1355 x86/mpx: Do proper get_user() when running 32-bit binaries on 64-bit kernels
1356
1357 When you call get_user(foo, bar), you effectively do a
1358
1359 copy_from_user(&foo, bar, sizeof(*bar));
1360
1361 Note that the sizeof() is implicit.
1362
1363 When we reach out to userspace to try to zap an entire "bounds
1364 table" we need to go read a "bounds directory entry" in order to
1365 locate the table's address. The size of a "directory entry"
1366 depends on the binary being run and is always the size of a
1367 pointer.
1368
1369 But, when we have a 64-bit kernel and a 32-bit application, the
1370 directory entry is still only 32-bits long, but we fetch it with
1371 a 64-bit pointer which makes get_user() does a 64-bit fetch.
1372 Reading 4 extra bytes isn't harmful, unless we are at the end of
1373 and run off the table. It might also cause the zero page to get
1374 faulted in unnecessarily even if you are not at the end.
1375
1376 Fix it up by doing a special 32-bit get_user() via a cast when
1377 we have 32-bit userspace.
1378
1379 Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
1380 Cc: <stable@vger.kernel.org>
1381 Cc: Andy Lutomirski <luto@amacapital.net>
1382 Cc: Borislav Petkov <bp@alien8.de>
1383 Cc: Brian Gerst <brgerst@gmail.com>
1384 Cc: Dave Hansen <dave@sr71.net>
1385 Cc: Denys Vlasenko <dvlasenk@redhat.com>
1386 Cc: H. Peter Anvin <hpa@zytor.com>
1387 Cc: Linus Torvalds <torvalds@linux-foundation.org>
1388 Cc: Peter Zijlstra <peterz@infradead.org>
1389 Cc: Thomas Gleixner <tglx@linutronix.de>
1390 Link: http://lkml.kernel.org/r/20151111181931.3ACF6822@viggo.jf.intel.com
1391 Signed-off-by: Ingo Molnar <mingo@kernel.org>
1392
1393 arch/x86/mm/mpx.c | 25 ++++++++++++++++++++++++-
1394 1 files changed, 24 insertions(+), 1 deletions(-)
1395
1396commit 9e1e1d1d6f6f41b13a6e85f25e27aee4410f58bf
1397Author: Dave Hansen <dave.hansen@linux.intel.com>
1398Date: Wed Nov 11 10:19:34 2015 -0800
1399
1400 x86/mpx: Fix 32-bit address space calculation
1401
1402 I received a bug report that running 32-bit MPX binaries on
1403 64-bit kernels was broken. I traced it down to this little code
1404 snippet. We were switching our "number of bounds directory
1405 entries" calculation correctly. But, we didn't switch the other
1406 side of the calculation: the virtual space size.
1407
1408 This meant that we were calculating an absurd size for
1409 bd_entry_virt_space() on 32-bit because we used the 64-bit
1410 virt_space.
1411
1412 This was _also_ broken for 32-bit kernels running on 64-bit
1413 hardware since boot_cpu_data.x86_virt_bits=48 even when running
1414 in 32-bit mode.
1415
1416 Correct that and properly handle all 3 possible cases:
1417
1418 1. 32-bit binary on 64-bit kernel
1419 2. 64-bit binary on 64-bit kernel
1420 3. 32-bit binary on 32-bit kernel
1421
1422 This manifested in having bounds tables not properly unmapped.
1423 It "leaked" memory but had no functional impact otherwise.
1424
1425 Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
1426 Cc: <stable@vger.kernel.org>
1427 Cc: Andy Lutomirski <luto@amacapital.net>
1428 Cc: Borislav Petkov <bp@alien8.de>
1429 Cc: Brian Gerst <brgerst@gmail.com>
1430 Cc: Dave Hansen <dave@sr71.net>
1431 Cc: Denys Vlasenko <dvlasenk@redhat.com>
1432 Cc: H. Peter Anvin <hpa@zytor.com>
1433 Cc: Linus Torvalds <torvalds@linux-foundation.org>
1434 Cc: Peter Zijlstra <peterz@infradead.org>
1435 Cc: Thomas Gleixner <tglx@linutronix.de>
1436 Link: http://lkml.kernel.org/r/20151111181934.FA7FAC34@viggo.jf.intel.com
1437 Signed-off-by: Ingo Molnar <mingo@kernel.org>
1438
1439 arch/x86/mm/mpx.c | 22 +++++++++++++++++-----
1440 1 files changed, 17 insertions(+), 5 deletions(-)
1441
1442commit c197eee75054d90aafe695c0edb4f25feb469292
1443Author: Huaitong Han <huaitong.han@intel.com>
1444Date: Fri Nov 6 17:00:23 2015 +0800
1445
1446 x86/fpu: Fix get_xsave_addr() behavior under virtualization
1447
1448 KVM uses the get_xsave_addr() function in a different fashion from
1449 the native kernel, in that the 'xsave' parameter belongs to guest vcpu,
1450 not the currently running task.
1451
1452 But 'xsave' is replaced with current task's (host) xsave structure, so
1453 get_xsave_addr() will incorrectly return the bad xsave address to KVM.
1454
1455 Fix it so that the passed in 'xsave' address is used - as intended
1456 originally.
1457
1458 Signed-off-by: Huaitong Han <huaitong.han@intel.com>
1459 Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
1460 Cc: <stable@vger.kernel.org>
1461 Cc: Andy Lutomirski <luto@amacapital.net>
1462 Cc: Paolo Bonzini <pbonzini@redhat.com>
1463 Cc: Borislav Petkov <bp@alien8.de>
1464 Cc: Fenghua Yu <fenghua.yu@intel.com>
1465 Cc: H. Peter Anvin <hpa@zytor.com>
1466 Cc: Linus Torvalds <torvalds@linux-foundation.org>
1467 Cc: Oleg Nesterov <oleg@redhat.com>
1468 Cc: Peter Zijlstra <peterz@infradead.org>
1469 Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com>
1470 Cc: Thomas Gleixner <tglx@linutronix.de>
1471 Cc: dave.hansen@intel.com
1472 Link: http://lkml.kernel.org/r/1446800423-21622-1-git-send-email-huaitong.han@intel.com
1473 [ Tidied up the changelog. ]
1474 Signed-off-by: Ingo Molnar <mingo@kernel.org>
1475
1476 Conflicts:
1477
1478 arch/x86/kernel/fpu/xstate.c
1479
1480 arch/x86/kernel/fpu/xstate.c | 1 -
1481 1 files changed, 0 insertions(+), 1 deletions(-)
1482
1483commit 460cdd8a9a19731ce27333866943eed81cba1d96
1484Author: Dave Hansen <dave.hansen@linux.intel.com>
1485Date: Tue Nov 10 16:23:54 2015 -0800
1486
1487 x86/fpu: Fix 32-bit signal frame handling
1488
1489 (This should have gone to LKML originally. Sorry for the extra
1490 noise, folks on the cc.)
1491
1492 Background:
1493
1494 Signal frames on x86 have two formats:
1495
1496 1. For 32-bit executables (whether on a real 32-bit kernel or
1497 under 32-bit emulation on a 64-bit kernel) we have a
1498 'fpregset_t' that includes the "FSAVE" registers.
1499
1500 2. For 64-bit executables (on 64-bit kernels obviously), the
1501 'fpregset_t' is smaller and does not contain the "FSAVE"
1502 state.
1503
1504 When creating the signal frame, we have to be aware of whether
1505 we are running a 32 or 64-bit executable so we create the
1506 correct format signal frame.
1507
1508 Problem:
1509
1510 save_xstate_epilog() uses 'fx_sw_reserved_ia32' whenever it is
1511 called for a 32-bit executable. This is for real 32-bit and
1512 ia32 emulation.
1513
1514 But, fpu__init_prepare_fx_sw_frame() only initializes
1515 'fx_sw_reserved_ia32' when emulation is enabled, *NOT* for real
1516 32-bit kernels.
1517
1518 This leads to really wierd situations where 32-bit programs
1519 lose their extended state when returning from a signal handler.
1520 The kernel copies the uninitialized (zero) 'fx_sw_reserved_ia32'
1521 out to userspace in save_xstate_epilog(). But when returning
1522 from the signal, the kernel errors out in check_for_xstate()
1523 when it does not see FP_XSTATE_MAGIC1 present (because it was
1524 zeroed). This leads to the FPU/XSAVE state being initialized.
1525
1526 For MPX, this leads to the most permissive state and means we
1527 silently lose bounds violations. I think this would also mean
1528 that we could lose *ANY* FPU/SSE/AVX state. I'm not sure why
1529 no one has spotted this bug.
1530
1531 I believe this was broken by:
1532
1533 72a671ced66d ("x86, fpu: Unify signal handling code paths for x86 and x86_64 kernels")
1534
1535 way back in 2012.
1536
1537 Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
1538 Cc: <stable@vger.kernel.org>
1539 Cc: Andy Lutomirski <luto@amacapital.net>
1540 Cc: Borislav Petkov <bp@alien8.de>
1541 Cc: Brian Gerst <brgerst@gmail.com>
1542 Cc: Denys Vlasenko <dvlasenk@redhat.com>
1543 Cc: H. Peter Anvin <hpa@zytor.com>
1544 Cc: Linus Torvalds <torvalds@linux-foundation.org>
1545 Cc: Peter Zijlstra <peterz@infradead.org>
1546 Cc: Thomas Gleixner <tglx@linutronix.de>
1547 Cc: dave@sr71.net
1548 Cc: fenghua.yu@intel.com
1549 Cc: yu-cheng.yu@intel.com
1550 Link: http://lkml.kernel.org/r/20151111002354.A0799571@viggo.jf.intel.com
1551 Signed-off-by: Ingo Molnar <mingo@kernel.org>
1552
1553 arch/x86/kernel/fpu/signal.c | 11 +++++------
1554 1 files changed, 5 insertions(+), 6 deletions(-)
1555
a375b63a
PK		 1556commit c3f2cc8921a08fff1fbad9127dd7a30c4a953e88
1557Author: Brad Spengler <spender@grsecurity.net>
1558Date: Sat Nov 21 18:36:58 2015 -0500
1559
1560 Fix gcc 5.x compilation, reported by Arnaud and coldhak
1561
1562 tools/gcc/gcc-common.h | 2 +-
1563 1 files changed, 1 insertions(+), 1 deletions(-)
1564
d53f4099
PK		 1565commit f0ea1bc982c60c1c39d0f95d9f3db0ec799387ca
1566Merge: 3929e88 c692401
1567Author: Brad Spengler <spender@grsecurity.net>
1568Date: Sat Nov 21 15:41:38 2015 -0500
1569
1570 Merge branch 'pax-test' into grsec-test
1571
1572commit c69240179ca6ff101670f4859bb0e9a9deb85359
1573Author: Brad Spengler <spender@grsecurity.net>
1574Date: Sat Nov 21 15:41:06 2015 -0500
1575
1576 Update to pax-linux-4.2.6-test22.patch:
1577 - made the previous READ_ONCE/WRITE_ONCE fix compatible with gcc PR 58145
1578
1579 include/linux/compiler.h | 11 +++++++----
1580 1 files changed, 7 insertions(+), 4 deletions(-)
1581
1582commit 3929e882e451b177af1a615858f0a96a7cd734b1
1583Author: Brad Spengler <spender@grsecurity.net>
1584Date: Sat Nov 21 13:14:25 2015 -0500
1585
1586 remove disable_kill option entirely for the final 4.2 release
1587
1588 fs/exec.c | 11 -----------
1589 security/Kconfig | 5 -----
1590 2 files changed, 0 insertions(+), 16 deletions(-)
1591
1592commit 91633d0eebc41553ea77b5fa7559aa806a60008c
1593Author: Brad Spengler <spender@grsecurity.net>
1594Date: Sat Nov 21 07:38:10 2015 -0500
1595
1596 compile fix
1597
1598 net/unix/af_unix.c | 1 +
1599 1 files changed, 1 insertions(+), 0 deletions(-)
1600
1601commit 0afc2f69e7f948995522f6e1dbb957ed84abd9b9
1602Author: Brad Spengler <spender@grsecurity.net>
1603Date: Sat Nov 21 07:14:43 2015 -0500
1604
1605 Revert previous AF_UNIX fix:
1606 http://www.spinics.net/lists/netdev/msg318826.html
1607 and apply new one by Jason Baron:
1608 https://lkml.org/lkml/2015/9/29/825
1609
1610 include/net/af_unix.h | 1 +
1611 net/unix/af_unix.c | 36 ++++++++++++++++++++++++++++++------
1612 2 files changed, 31 insertions(+), 6 deletions(-)
1613
1614commit 0a3eec2b3d110042af4e0a9f1e87458262fce1eb
1615Merge: 917a60c 8fd74af
1616Author: Brad Spengler <spender@grsecurity.net>
1617Date: Sat Nov 21 06:50:33 2015 -0500
1618
1619 Merge branch 'pax-test' into grsec-test
1620
1621commit 8fd74afe08ee45516a9daf2593f31c176516cb55
1622Author: Brad Spengler <spender@grsecurity.net>
1623Date: Sat Nov 21 06:49:57 2015 -0500
1624
1625 Update to pax-linux-4.2.6-test21.patch:
1626 - fixed a size overflow plugin bug that could cause a compiler error
1627 - Emese fixed a size overflow false positive in xfrm4_mode_tunnel_input, reported by Arnaud <arnaud@drno.eu>
1628 - updated gcc-common.h to support gcc-6
1629 - fixed some undefined behaviour in READ_ONCE/WRITE_ONCE
1630
1631 include/linux/compiler.h | 38 +++----------------
1632 tools/gcc/gcc-common.h | 39 ++++++++++++++++----
1633 tools/gcc/initify_plugin.c | 4 +-
1634 .../disable_size_overflow_hash.data | 7 +++-
1635 .../size_overflow_plugin/intentional_overflow.c | 2 +-
1636 .../size_overflow_plugin/size_overflow_hash.data | 9 +----
1637 .../size_overflow_plugin/size_overflow_transform.c | 4 +-
1638 7 files changed, 50 insertions(+), 53 deletions(-)
1639
6e783cc3
PK		 1640commit 917a60c749d80121229a1752874ff8a606778fc5
1641Merge: 76fc822 77d474f
1642Author: Brad Spengler <spender@grsecurity.net>
1643Date: Wed Nov 18 19:58:31 2015 -0500
1644
1645 Merge branch 'pax-test' into grsec-test
1646
1647commit 77d474f0bcb2e5acafc78c66c456d1aebaac14b3
1648Author: Brad Spengler <spender@grsecurity.net>
1649Date: Wed Nov 18 19:58:08 2015 -0500
1650
1651 Update to pax-linux-4.2.6-test20.patch:
1652 - constified some vdso/vsyscall related code/data
1653
1654 arch/x86/entry/vdso/vdso2c.h | 4 ++--
1655 arch/x86/entry/vsyscall/vsyscall_emu_64.S | 2 +-
1656 arch/x86/mm/ioremap.c | 2 +-
1657 mm/debug.c | 3 +++
1658 4 files changed, 7 insertions(+), 4 deletions(-)
1659
1660commit 76fc8223b2e6b6c950702adfdb055dd5da90657c
1661Author: Brad Spengler <spender@grsecurity.net>
1662Date: Wed Nov 18 17:40:27 2015 -0500
1663
1664 Allow processes with CAP_SYS_PTRACE to ignore /proc/pid restrictions,
1665 as reported by Andrew
1666
1667 fs/proc/base.c | 2 +-
1668 1 files changed, 1 insertions(+), 1 deletions(-)
1669
fb116cbb
PK		 1670commit 708c2e025f8a05b76f319cfa5fa624d37d8ef6f3
1671Author: Brad Spengler <spender@grsecurity.net>
1672Date: Tue Nov 17 18:43:24 2015 -0500
1673
1674 Fix multiple character encodings in patch, reported by IooNag on the forums
1675
1676 grsecurity/Makefile | 2 +-
1677 net/netfilter/xt_gradm.c | 2 +-
1678 2 files changed, 2 insertions(+), 2 deletions(-)
1679
1680commit d1f7534df8687fd05858fd45805b1185eafe38a7
1681Author: Hannes Frederic Sowa <hannes@stressinduktion.org>
1682Date: Tue Nov 17 15:10:59 2015 +0100
1683
1684 af_unix: take receive queue lock while appending new skb
1685
1686 While possibly in future we don't necessarily need to use
1687 sk_buff_head.lock this is a rather larger change, as it affects the
1688 af_unix fd garbage collector, diag and socket cleanups. This is too much
1689 for a stable patch.
1690
1691 For the time being grab sk_buff_head.lock without disabling bh and irqs,
1692 so don't use locked skb_queue_tail.
1693
1694 Fixes: 869e7c62486e ("net: af_unix: implement stream sendpage support")
1695 Cc: Eric Dumazet <edumazet@google.com>
1696 Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
1697 Reported-by: Eric Dumazet <edumazet@google.com>
1698 Acked-by: Eric Dumazet <edumazet@google.com>
1699 Signed-off-by: David S. Miller <davem@davemloft.net>
1700
1701 net/unix/af_unix.c | 5 ++++-
1702 1 files changed, 4 insertions(+), 1 deletions(-)
1703
1704commit 0df914e7a66a4807bac7762ab33ba3020944ef6b
1705Author: Hannes Frederic Sowa <hannes@stressinduktion.org>
1706Date: Mon Nov 16 16:25:56 2015 +0100
1707
1708 af_unix: don't append consumed skbs to sk_receive_queue
1709
1710 In case multiple writes to a unix stream socket race we could end up in a
1711 situation where we pre-allocate a new skb for use in unix_stream_sendpage
1712 but have to free it again in the locked section because another skb
1713 has been appended meanwhile, which we must use. Accidentally we didn't
1714 clear the pointer after consuming it and so we touched freed memory
1715 while appending it to the sk_receive_queue. So, clear the pointer after
1716 consuming the skb.
1717
1718 This bug has been found with syzkaller
1719 (http://github.com/google/syzkaller) by Dmitry Vyukov.
1720
1721 Fixes: 869e7c62486e ("net: af_unix: implement stream sendpage support")
1722 Reported-by: Dmitry Vyukov <dvyukov@google.com>
1723 Cc: Dmitry Vyukov <dvyukov@google.com>
1724 Cc: Eric Dumazet <eric.dumazet@gmail.com>
1725 Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
1726 Acked-by: Eric Dumazet <edumazet@google.com>
1727 Signed-off-by: David S. Miller <davem@davemloft.net>
1728
1729 net/unix/af_unix.c | 1 +
1730 1 files changed, 1 insertions(+), 0 deletions(-)
1731
1732commit ac8466abcd0ae871cd38d868e1a4e903b92ffc48
1733Author: Jason A. Donenfeld <Jason@zx2c4.com>
1734Date: Thu Nov 12 17:35:58 2015 +0100
1735
1736 ip_tunnel: disable preemption when updating per-cpu tstats
1737
1738 Drivers like vxlan use the recently introduced
1739 udp_tunnel_xmit_skb/udp_tunnel6_xmit_skb APIs. udp_tunnel6_xmit_skb
1740 makes use of ip6tunnel_xmit, and ip6tunnel_xmit, after sending the
1741 packet, updates the struct stats using the usual
1742 u64_stats_update_begin/end calls on this_cpu_ptr(dev->tstats).
1743 udp_tunnel_xmit_skb makes use of iptunnel_xmit, which doesn't touch
1744 tstats, so drivers like vxlan, immediately after, call
1745 iptunnel_xmit_stats, which does the same thing - calls
1746 u64_stats_update_begin/end on this_cpu_ptr(dev->tstats).
1747
1748 While vxlan is probably fine (I don't know?), calling a similar function
1749 from, say, an unbound workqueue, on a fully preemptable kernel causes
1750 real issues:
1751
1752 [ 188.434537] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u8:0/6
1753 [ 188.435579] caller is debug_smp_processor_id+0x17/0x20
1754 [ 188.435583] CPU: 0 PID: 6 Comm: kworker/u8:0 Not tainted 4.2.6 #2
1755 [ 188.435607] Call Trace:
1756 [ 188.435611] [<ffffffff8234e936>] dump_stack+0x4f/0x7b
1757 [ 188.435615] [<ffffffff81915f3d>] check_preemption_disabled+0x19d/0x1c0
1758 [ 188.435619] [<ffffffff81915f77>] debug_smp_processor_id+0x17/0x20
1759
1760 The solution would be to protect the whole
1761 this_cpu_ptr(dev->tstats)/u64_stats_update_begin/end blocks with
1762 disabling preemption and then reenabling it.
1763
1764 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
1765 Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
1766 Signed-off-by: David S. Miller <davem@davemloft.net>
1767
1768 include/net/ip6_tunnel.h | 3 ++-
1769 include/net/ip_tunnels.h | 3 ++-
1770 2 files changed, 4 insertions(+), 2 deletions(-)
1771
1772commit 44665148f06b73ea0c253a1a34d15689674d7421
1773Author: Mathias Krause <minipli@googlemail.com>
1774Date: Fri Nov 6 16:30:38 2015 -0800
1775
1776 printk: prevent userland from spoofing kernel messages
1777
1778 The following statement of ABI/testing/dev-kmsg is not quite right:
1779
1780 It is not possible to inject messages from userspace with the
1781 facility number LOG_KERN (0), to make sure that the origin of the
1782 messages can always be reliably determined.
1783
1784 Userland actually can inject messages with a facility of 0 by abusing the
1785 fact that the facility is stored in a u8 data type. By using a facility
1786 which is a multiple of 256 the assignment of msg->facility in log_store()
1787 implicitly truncates it to 0, i.e. LOG_KERN, allowing users of /dev/kmsg
1788 to spoof kernel messages as shown below:
1789
1790 The following call...
1791 # printf '<%d>Kernel panic - not syncing: beer empty\n' 0 >/dev/kmsg
1792 ...leads to the following log entry (dmesg -x | tail -n 1):
1793 user :emerg : [ 66.137758] Kernel panic - not syncing: beer empty
1794
1795 However, this call...
1796 # printf '<%d>Kernel panic - not syncing: beer empty\n' 0x800 >/dev/kmsg
1797 ...leads to the slightly different log entry (note the kernel facility):
1798 kern :emerg : [ 74.177343] Kernel panic - not syncing: beer empty
1799
1800 Fix that by limiting the user provided facility to 8 bit right from the
1801 beginning and catch the truncation early.
1802
1803 Fixes: 7ff9554bb578 ("printk: convert byte-buffer to variable-length...")
1804 Signed-off-by: Mathias Krause <minipli@googlemail.com>
1805 Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1806 Cc: Petr Mladek <pmladek@suse.cz>
1807 Cc: Alex Elder <elder@linaro.org>
1808 Cc: Joe Perches <joe@perches.com>
1809 Cc: Kay Sievers <kay@vrfy.org>
1810 Cc: <stable@vger.kernel.org>
1811 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
1812 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1813
1814 kernel/printk/printk.c | 13 ++++++++-----
1815 1 files changed, 8 insertions(+), 5 deletions(-)
1816
1817commit bef8fb168317597f02c00ab4075ff094dcdfd2c6
1818Author: Borislav Petkov <bp@suse.de>
1819Date: Thu Nov 5 16:57:56 2015 +0100
1820
1821 x86/cpu: Call verify_cpu() after having entered long mode too
1822
1823 When we get loaded by a 64-bit bootloader, kernel entry point is
1824 startup_64 in head_64.S. We don't trust any and all bootloaders because
1825 some will fiddle with CPU configuration so we go ahead and massage each
1826 CPU into sanity again.
1827
1828 For example, some dell BIOSes have this XD disable feature which set
1829 IA32_MISC_ENABLE[34] and disable NX. This might be some dumb workaround
1830 for other OSes but Linux sure doesn't need it.
1831
1832 A similar thing is present in the Surface 3 firmware - see
1833 https://bugzilla.kernel.org/show_bug.cgi?id=106051 - which sets this bit
1834 only on the BSP:
1835
1836 # rdmsr -a 0x1a0
1837 400850089
1838 850089
1839 850089
1840 850089
1841
1842 I know, right?!
1843
1844 There's not even an off switch in there.
1845
1846 So fix all those cases by sanitizing the 64-bit entry point too. For
1847 that, make verify_cpu() callable in 64-bit mode also.
1848
1849 Requested-and-debugged-by: "H. Peter Anvin" <hpa@zytor.com>
1850 Reported-and-tested-by: Bastien Nocera <bugzilla@hadess.net>
1851 Signed-off-by: Borislav Petkov <bp@suse.de>
1852 Cc: Matt Fleming <matt@codeblueprint.co.uk>
1853 Cc: Peter Zijlstra <peterz@infradead.org>
1854 Cc: stable@vger.kernel.org
1855 Link: http://lkml.kernel.org/r/1446739076-21303-1-git-send-email-bp@alien8.de
1856 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
1857
1858 Conflicts:
1859
1860 arch/x86/kernel/head_64.S
1861
1862 arch/x86/kernel/head_64.S | 9 +++++++++
1863 arch/x86/kernel/verify_cpu.S | 12 +++++++-----
1864 2 files changed, 16 insertions(+), 5 deletions(-)
1865
1866commit 9cb084208a9589a6a5be01d2b7df88843f4b01a4
1867Author: Hannes Frederic Sowa <hannes@stressinduktion.org>
1868Date: Tue Nov 10 16:23:15 2015 +0100
1869
1870 af-unix: fix use-after-free with concurrent readers while splicing
1871
1872 During splicing an af-unix socket to a pipe we have to drop all
1873 af-unix socket locks. While doing so we allow another reader to enter
1874 unix_stream_read_generic which can read, copy and finally free another
1875 skb. If exactly this skb is just in process of being spliced we get a
1876 use-after-free report by kasan.
1877
1878 First, we must make sure to not have a free while the skb is used during
1879 the splice operation. We simply increment its use counter before unlocking
1880 the reader lock.
1881
1882 Stream sockets have the nice characteristic that we don't care about
1883 zero length writes and they never reach the peer socket's queue. That
1884 said, we can take the UNIXCB.consumed field as the indicator if the
1885 skb was already freed from the socket's receive queue. If the skb was
1886 fully consumed after we locked the reader side again we know it has been
1887 dropped by a second reader. We indicate a short read to user space and
1888 abort the current splice operation.
1889
1890 This bug has been found with syzkaller
1891 (http://github.com/google/syzkaller) by Dmitry Vyukov.
1892
1893 Fixes: 2b514574f7e8 ("net: af_unix: implement splice for stream af_unix sockets")
1894 Reported-by: Dmitry Vyukov <dvyukov@google.com>
1895 Cc: Dmitry Vyukov <dvyukov@google.com>
1896 Cc: Eric Dumazet <eric.dumazet@gmail.com>
1897 Acked-by: Eric Dumazet <edumazet@google.com>
1898 Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
1899 Signed-off-by: David S. Miller <davem@davemloft.net>
1900
1901 net/unix/af_unix.c | 18 ++++++++++++++++++
1902 1 files changed, 18 insertions(+), 0 deletions(-)
1903
90cab73e
PK		 1904commit 4e75d2b7d6546add44f0951e78410b131a1e660d
1905Author: Brad Spengler <spender@grsecurity.net>
1906Date: Sat Nov 14 15:08:46 2015 -0500
1907
1908 switch the default for SIZE_OVERFLOW_KILL to n, later we'll remove
1909 the option entirely
1910 Distros should make sure their users report all overflows printed to the
1911 kernel logs so the underlying issues can be fixed
1912
1913 security/Kconfig | 2 +-
1914 1 files changed, 1 insertions(+), 1 deletions(-)
1915
1916commit 2e37eb35e0f1ba5a0feac5264a7b24d89376d0a2
1917Author: Brad Spengler <spender@grsecurity.net>
1918Date: Sat Nov 14 15:07:51 2015 -0500
1919
1920 Resync with PaX
1921
1922 fs/btrfs/inode.c | 12 ++++++++++++
1923 1 files changed, 12 insertions(+), 0 deletions(-)
1924
1925commit 2f63d2552f38c700902d17bf9b591d82f39a3fb5
1926Merge: 5e0ec21 823b1bc
1927Author: Brad Spengler <spender@grsecurity.net>
1928Date: Sat Nov 14 14:29:16 2015 -0500
1929
1930 Merge branch 'pax-test' into grsec-test
1931
1932commit 823b1bc5a8e670f7ddfa98ee0d83762bffab28fb
1933Author: Brad Spengler <spender@grsecurity.net>
1934Date: Sat Nov 14 14:28:35 2015 -0500
1935
1936 Update to pax-linux-4.2.6-test19.patch:
1937 - David Sterba updated the fix for one of the previous btrfs problems
1938 - Emese and Rasmus Villemoes <linux@rasmusvillemoes.dk> fixed a few bugs in the initify plugin
1939 - fixed debian package generation to support building out-of-tree modules with plugins, reported by Elie Roudninski <elie.roudninski@gmail.com>
1940
1941 fs/btrfs/delayed-inode.c | 3 +-
1942 fs/btrfs/delayed-inode.h | 2 +-
1943 fs/btrfs/inode.c | 2 +-
1944 scripts/package/builddeb | 2 +-
1945 tools/gcc/initify_plugin.c | 264 ++++++++++++++++++++++++++++++--------------
1946 5 files changed, 188 insertions(+), 85 deletions(-)
1947
76e55d26
PK		 1948commit 5e0ec21349bb3aeead0701ef51df3086ad377979
1949Author: Brad Spengler <spender@grsecurity.net>
1950Date: Thu Nov 12 19:54:21 2015 -0500
1951
1952 Revert https://patchwork.kernel.org/patch/7585611/ for now as it's been reported
1953 to cause userland hangs, similar to previous bugs seen in the past
1954
1955 fs/btrfs/inode.c | 12 ------------
1956 1 files changed, 0 insertions(+), 12 deletions(-)
1957
1958commit 65402b5a6125cc95c3223a0da8f2817e13bf18ec
1959Author: françois romieu <romieu@fr.zoreil.com>
1960Date: Wed Nov 11 23:35:18 2015 +0100
1961
1962 r8169: fix kasan reported skb use-after-free.
1963
1964 Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
1965 Reported-by: Dave Jones <davej@codemonkey.org.uk>
1966 Fixes: d7d2d89d4b0af ("r8169: Add software counter for multicast packages")
1967 Acked-by: Eric Dumazet <edumazet@google.com>
1968 Acked-by: Corinna Vinschen <vinschen@redhat.com>
1969 Signed-off-by: David S. Miller <davem@davemloft.net>
1970
1971 drivers/net/ethernet/realtek/r8169.c | 3 +++
1972 1 files changed, 3 insertions(+), 0 deletions(-)
1973
1974commit bbfcbb7b1e086062aa17358927e14e394830b8a3
1975Author: Anthony Lineham <anthony.lineham@alliedtelesis.co.nz>
1976Date: Thu Oct 22 11:17:03 2015 +1300
1977
1978 netfilter: Fix removal of GRE expectation entries created by PPTP
1979
1980 The uninitialized tuple structure caused incorrect hash calculation
1981 and the lookup failed.
1982
1983 Link: https://bugzilla.kernel.org/show_bug.cgi?id=106441
1984 Signed-off-by: Anthony Lineham <anthony.lineham@alliedtelesis.co.nz>
1985 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
1986
1987 net/ipv4/netfilter/nf_nat_pptp.c | 2 +-
1988 1 files changed, 1 insertions(+), 1 deletions(-)
1989
1990commit d7cb19f37a91603021e2bed6417766ecca315bd0
1991Author: Paolo Bonzini <pbonzini@redhat.com>
1992Date: Tue Nov 10 09:14:39 2015 +0100
1993
1994 KVM: svm: unconditionally intercept #DB
1995
1996 This is needed to avoid the possibility that the guest triggers
1997 an infinite stream of #DB exceptions (CVE-2015-8104).
1998
1999 VMX is not affected: because it does not save DR6 in the VMCS,
2000 it already intercepts #DB unconditionally.
2001
2002 Reported-by: Jan Beulich <jbeulich@suse.com>
2003 Cc: stable@vger.kernel.org
2004 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2005
2006 arch/x86/kvm/svm.c | 14 +++-----------
2007 1 files changed, 3 insertions(+), 11 deletions(-)
2008
2009commit 5b241ac6551e1675e1cbbc4a74fa1c698ada28f4
2010Author: Eric Northup <digitaleric@google.com>
2011Date: Tue Nov 3 18:03:53 2015 +0100
2012
2013 KVM: x86: work around infinite loop in microcode when #AC is delivered
2014
2015 It was found that a guest can DoS a host by triggering an infinite
2016 stream of "alignment check" (#AC) exceptions. This causes the
2017 microcode to enter an infinite loop where the core never receives
2018 another interrupt. The host kernel panics pretty quickly due to the
2019 effects (CVE-2015-5307).
2020
2021 Signed-off-by: Eric Northup <digitaleric@google.com>
2022 Cc: stable@vger.kernel.org
2023 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2024
2025 arch/x86/include/uapi/asm/svm.h | 1 +
2026 arch/x86/kvm/svm.c | 8 ++++++++
2027 arch/x86/kvm/vmx.c | 5 ++++-
2028 3 files changed, 13 insertions(+), 1 deletions(-)
2029
2030commit 6113725aaaf6626522b93732f29dd36370695a89
2031Author: Daniel Borkmann <daniel@iogearbox.net>
2032Date: Thu Nov 5 00:01:51 2015 +0100
2033
2034 debugfs: fix refcount imbalance in start_creating
2035
2036 In debugfs' start_creating(), we pin the file system to safely access
2037 its root. When we failed to create a file, we unpin the file system via
2038 failed_creating() to release the mount count and eventually the reference
2039 of the vfsmount.
2040
2041 However, when we run into an error during lookup_one_len() when still
2042 in start_creating(), we only release the parent's mutex but not so the
2043 reference on the mount. Looks like it was done in the past, but after
2044 splitting portions of __create_file() into start_creating() and
2045 end_creating() via 190afd81e4a5 ("debugfs: split the beginning and the
2046 end of __create_file() off"), this seemed missed. Noticed during code
2047 review.
2048
2049 Fixes: 190afd81e4a5 ("debugfs: split the beginning and the end of __create_file() off")
2050 Cc: stable@vger.kernel.org # v4.0+
2051 Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2052 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2053
2054 fs/debugfs/inode.c | 6 +++++-
2055 1 files changed, 5 insertions(+), 1 deletions(-)
2056
2057commit e91f8a6717837a8a64b6e86317a1373ec9cd6c04
2058Author: Maciej W. Rozycki <macro@imgtec.com>
2059Date: Mon Oct 26 15:48:19 2015 +0000
2060
2061 binfmt_elf: Don't clobber passed executable's file header
2062
2063 Do not clobber the buffer space passed from `search_binary_handler' and
2064 originally preloaded by `prepare_binprm' with the executable's file
2065 header by overwriting it with its interpreter's file header. Instead
2066 keep the buffer space intact and directly use the data structure locally
2067 allocated for the interpreter's file header, fixing a bug introduced in
2068 2.1.14 with loadable module support (linux-mips.org commit beb11695
2069 [Import of Linux/MIPS 2.1.14], predating kernel.org repo's history).
2070 Adjust the amount of data read from the interpreter's file accordingly.
2071
2072 This was not an issue before loadable module support, because back then
2073 `load_elf_binary' was executed only once for a given ELF executable,
2074 whether the function succeeded or failed.
2075
2076 With loadable module support supported and enabled, upon a failure of
2077 `load_elf_binary' -- which may for example be caused by architecture
2078 code rejecting an executable due to a missing hardware feature requested
2079 in the file header -- a module load is attempted and then the function
2080 reexecuted by `search_binary_handler'. With the executable's file
2081 header replaced with its interpreter's file header the executable can
2082 then be erroneously accepted in this subsequent attempt.
2083
2084 Cc: stable@vger.kernel.org # all the way back
2085 Signed-off-by: Maciej W. Rozycki <macro@imgtec.com>
2086 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2087
2088 fs/binfmt_elf.c | 10 +++++-----
2089 1 files changed, 5 insertions(+), 5 deletions(-)
2090
2d1b3edc
PK		 2091commit 9c49029fe4cb9a52cb174aebfd5946a9d26b9956
2092Merge: 5482e7e 7033393
2093Author: Brad Spengler <spender@grsecurity.net>
2094Date: Mon Nov 9 19:51:58 2015 -0500
2095
2096 Merge branch 'pax-test' into grsec-test
2097
2098commit 70333935932c9f3eb333a354dd760b4233efcc37
2099Author: Brad Spengler <spender@grsecurity.net>
2100Date: Mon Nov 9 19:51:19 2015 -0500
2101
2102 Update to pax-linux-4.2.6-test18.patch:
2103 - cleaned up the last of the FPU changes, by spender
2104 - fixed a few KERNEXEC regressions (backported from 4.3)
2105 - Emese fixed a few size overflow false positives in kvm, reported by Christian Roessner (https://bugs.gentoo.org/show_bug.cgi?id=558138#c23)
2106 - David Sterba fixed a few integer overflows in btrfs caught by the size overflow plugin (https://patchwork.kernel.org/patch/7585611/ and https://patchwork.kernel.org/patch/7582351/), reported by Victor, Stebalien and alan.d (https://forums.grsecurity.net/viewtopic.php?f=1&t=4284)
2107
2108 arch/x86/include/asm/fpu/internal.h | 2 +-
2109 arch/x86/include/asm/fpu/types.h | 1 -
2110 arch/x86/kernel/apic/apic.c | 4 ++-
2111 arch/x86/kernel/fpu/init.c | 36 --------------------
2112 arch/x86/kernel/process_64.c | 6 +--
2113 arch/x86/kernel/vsmp_64.c | 13 +++++--
2114 drivers/acpi/video_detect.c | 2 +-
2115 drivers/lguest/core.c | 2 +-
2116 fs/btrfs/file.c | 10 ++++--
2117 fs/btrfs/inode.c | 12 ++++++
2118 .../disable_size_overflow_hash.data | 5 ++-
2119 .../size_overflow_plugin/size_overflow_hash.data | 7 +---
2120 12 files changed, 42 insertions(+), 58 deletions(-)
2121
2122commit 5482e7eb4ba3c5cc90472ccdb1bfe2cec64413e2
2123Merge: 81e2642 682ba19
2124Author: Brad Spengler <spender@grsecurity.net>
2125Date: Mon Nov 9 18:19:48 2015 -0500
2126
2127 Merge branch 'pax-test' into grsec-test
2128
2129 Conflicts:
2130 drivers/pci/pci-sysfs.c
2131
2132commit 682ba19ce305f501c9bc5c42a76f2c7442aa22fc
2133Merge: 7755256 1c02865
2134Author: Brad Spengler <spender@grsecurity.net>
2135Date: Mon Nov 9 18:18:24 2015 -0500
2136
2137 Merge branch 'linux-4.2.y' into pax-test
2138
29c15a34
PK		 2139commit 81e26429b7a36f0c75de3ab42754256720c0a159
2140Author: Brad Spengler <spender@grsecurity.net>
2141Date: Mon Nov 9 07:37:30 2015 -0500
2142
2143 btrfs: fix signed overflow in btrfs_sync_file
2144
2145 The calculation of range length in btrfs_sync_file leads to signed
2146 overflow. This was caught by PaX gcc SIZE_OVERFLOW plugin.
2147
2148 https://forums.grsecurity.net/viewtopic.php?f=1&t=4284
2149
2150 The fsync call passes 0 and LLONG_MAX, the range length does not fit to
2151 loff_t and overflows, but the value is converted to u64 so it silently
2152 works as expected.
2153
2154 The minimal fix is a typecast to u64, switching functions to take
2155 (start, end) instead of (start, len) would be more intrusive.
2156
2157 Coccinelle script found that there's one more opencoded calculation of
2158 the length.
2159
2160 <smpl>
2161 @@
2162 loff_t start, end;
2163 @@
2164 * end - start
2165 </smpl>
2166
2167 CC: stable@vger.kernel.org
2168 Signed-off-by: David Sterba <dsterba@suse.com>
2169
2170 fs/btrfs/file.c | 10 +++++++---
2171 1 files changed, 7 insertions(+), 3 deletions(-)
2172
4d865a41
PK		 2173commit 07fd498a96e2d589ad743851c0dec482a92e0429
2174Author: Brad Spengler <spender@grsecurity.net>
2175Date: Sun Nov 8 17:04:31 2015 -0500
2176
2177 Fix an upstream type confusion bug exposed by RANDSTRUCT:
2178 at the beginning of each sem_array/shmid_kernel/msg_queue
2179 struct is an kern_ipc_perm struct. Unlike every other place in the
2180 kernel where some field must be at an explicit location, there's
2181 no documentation at all that the kern_ipc_perm must be at the beginning
2182 of these structs. Previously, shmid_kernel and kern_ipc_perm were both
2183 randomized with RANDSTRUCT. The problem arises due to the show() handler
2184 for /proc for msg/sem/shm -- what it is provided is a pointer to
2185 a kern_ipc_perm struct (as a void *) which each show() handler then
2186 assumes can be implicitly cast to its own particular struct type without
2187 any kind of container_of being performed. Fix this by doing the proper
2188 type conversions for each via container_of, and randomize the sem and msg
2189 structs while we're at it.
2190
2191 include/linux/msg.h | 2 +-
2192 include/linux/sem.h | 2 +-
2193 ipc/msg.c | 3 ++-
2194 ipc/sem.c | 3 ++-
2195 ipc/shm.c | 3 ++-
2196 5 files changed, 8 insertions(+), 5 deletions(-)
2197
2198commit 6591e1a526c544936975cd3515d8def09e8026f0
2199Author: Brad Spengler <spender@grsecurity.net>
2200Date: Tue Nov 3 19:36:05 2015 -0500
2201
2202 Properly fix the PCI sysfs node check that was recently improperly fixed
2203 upstream (it's under CAP_SYS_ADMIN so it's not really serious)
2204 Reported by Mathias Krause
2205
2206 drivers/pci/pci-sysfs.c | 2 +-
2207 1 files changed, 1 insertions(+), 1 deletions(-)
2208
2209commit ece03d4d07f29634687b2ea5edb7cab23888cff3
2210Merge: 715e674 7755256
2211Author: Brad Spengler <spender@grsecurity.net>
2212Date: Mon Nov 2 21:32:10 2015 -0500
2213
2214 Merge branch 'pax-test' into grsec-test
2215
2216commit 775525660a6353feb261ad6232f6acbc23826bf4
2217Author: Brad Spengler <spender@grsecurity.net>
2218Date: Mon Nov 2 21:31:21 2015 -0500
2219
2220 Update to pax-linux-4.2.5-test17.patch:
2221 - Emese fixed a bunch of size overflow reports:
2222 - https://forums.grsecurity.net/viewtopic.php?f=3&t=4290
2223 - https://forums.grsecurity.net/viewtopic.php?f=3&t=4291
2224 - https://forums.grsecurity.net/viewtopic.php?f=3&t=4288
2225 - https://forums.grsecurity.net/viewtopic.php?f=3&t=4285
2226 - https://forums.grsecurity.net/viewtopic.php?f=3&t=4283
2227 - https://forums.grsecurity.net/viewtopic.php?f=3&t=4287
2228 - https://forums.grsecurity.net/viewtopic.php?f=3&t=4289
2229 - https://bugs.archlinux.org/task/46798
2230 - fixed the x86 fpu code some more, reported by spender and others (https://bugs.gentoo.org/show_bug.cgi?id=563804, https://bugs.archlinux.org/task/46764)
2231
2232 arch/x86/include/asm/fpu/internal.h | 4 +-
2233 arch/x86/kernel/fpu/core.c | 2 +-
2234 arch/x86/kernel/process.c | 3 +-
2235 arch/x86/kernel/process_64.c | 6 +-
2236 drivers/usb/class/cdc-acm.h | 2 +-
2237 drivers/video/console/fbcon.c | 2 +-
2238 fs/dlm/lowcomms.c | 2 +-
2239 include/linux/usb.h | 8 +-
2240 .../disable_size_overflow_hash.data | 15 +-
2241 .../size_overflow_plugin/intentional_overflow.c | 3 +
2242 .../size_overflow_plugin/size_overflow_hash.data | 373 ++++++++++++++++----
2243 tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 3 +-
2244 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
2245 13 files changed, 329 insertions(+), 96 deletions(-)
2246
0a2b3309
PK		 2247commit 715e674a838f08748044bce459380762e9c1cd29
2248Author: Sasha Levin <sasha.levin@oracle.com>
2249Date: Wed Oct 7 11:03:28 2015 -0500
2250
2251 PCI: Prevent out of bounds access in numa_node override
2252
2253 63692df103e9 ("PCI: Allow numa_node override via sysfs") didn't check that
2254 the numa node provided by userspace is valid. Passing a node number too
2255 high would attempt to access invalid memory and trigger a kernel panic.
2256
2257 Fixes: 63692df103e9 ("PCI: Allow numa_node override via sysfs")
2258 Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
2259 Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
2260 CC: stable@vger.kernel.org # v3.19+
2261
2262 drivers/pci/pci-sysfs.c | 2 +-
2263 1 files changed, 1 insertions(+), 1 deletions(-)
2264
2265commit 6abe1bb892fe394df80dd4267a8bd2874d537e4e
2266Author: David Howells <dhowells@redhat.com>
2267Date: Fri Sep 18 11:45:12 2015 +0100
2268
2269 ovl: use O_LARGEFILE in ovl_copy_up()
2270
2271 Open the lower file with O_LARGEFILE in ovl_copy_up().
2272
2273 Pass O_LARGEFILE unconditionally in ovl_copy_up_data() as it's purely for
2274 catching 32-bit userspace dealing with a file large enough that it'll be
2275 mishandled if the application isn't aware that there might be an integer
2276 overflow. Inside the kernel, there shouldn't be any problems.
2277
2278 Reported-by: Ulrich Obergfell <uobergfe@redhat.com>
2279 Signed-off-by: David Howells <dhowells@redhat.com>
2280 Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
2281 Cc: <stable@vger.kernel.org> # v3.18+
2282
2283 fs/overlayfs/copy_up.c | 4 ++--
2284 1 files changed, 2 insertions(+), 2 deletions(-)
2285
2286commit bf5e23398e4a82e28fe0801337a4b78ca951a1d9
2287Author: David Howells <dhowells@redhat.com>
2288Date: Fri Sep 18 11:45:22 2015 +0100
2289
2290 ovl: fix dentry reference leak
2291
2292 In ovl_copy_up_locked(), newdentry is leaked if the function exits through
2293 out_cleanup as this just to out after calling ovl_cleanup() - which doesn't
2294 actually release the ref on newdentry.
2295
2296 The out_cleanup segment should instead exit through out2 as certainly
2297 newdentry leaks - and possibly upper does also, though this isn't caught
2298 given the catch of newdentry.
2299
2300 Without this fix, something like the following is seen:
2301
2302 BUG: Dentry ffff880023e9eb20{i=f861,n=#ffff880023e82d90} still in use (1) [unmount of tmpfs tmpfs]
2303 BUG: Dentry ffff880023ece640{i=0,n=bigfile} still in use (1) [unmount of tmpfs tmpfs]
2304
2305 when unmounting the upper layer after an error occurred in copyup.
2306
2307 An error can be induced by creating a big file in a lower layer with
2308 something like:
2309
2310 dd if=/dev/zero of=/lower/a/bigfile bs=65536 count=1 seek=$((0xf000))
2311
2312 to create a large file (4.1G). Overlay an upper layer that is too small
2313 (on tmpfs might do) and then induce a copy up by opening it writably.
2314
2315 Reported-by: Ulrich Obergfell <uobergfe@redhat.com>
2316 Signed-off-by: David Howells <dhowells@redhat.com>
2317 Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
2318 Cc: <stable@vger.kernel.org> # v3.18+
2319
2320 fs/overlayfs/copy_up.c | 2 +-
2321 1 files changed, 1 insertions(+), 1 deletions(-)
2322
2323commit da93976d3355abae09d9fd6a68e7dea77ed619d1
2324Author: Miklos Szeredi <miklos@szeredi.hu>
2325Date: Mon Oct 12 15:56:20 2015 +0200
2326
2327 ovl: fix open in stacked overlay
2328
2329 If two overlayfs filesystems are stacked on top of each other, then we need
2330 recursion in ovl_d_select_inode().
2331
2332 I guess d_backing_inode() is supposed to do that. But currently it doesn't
2333 and that functionality is open coded in vfs_open(). This is now copied
2334 into ovl_d_select_inode() to fix this regression.
2335
2336 Reported-by: Alban Crequy <alban.crequy@gmail.com>
2337 Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
2338 Fixes: 4bacc9c9234c ("overlayfs: Make f_path always point to the overlay...")
2339 Cc: David Howells <dhowells@redhat.com>
2340 Cc: <stable@vger.kernel.org> # v4.2+
2341
2342 fs/overlayfs/inode.c | 3 +++
2343 1 files changed, 3 insertions(+), 0 deletions(-)
2344
2345commit 0ddd9cf6149717882b81c946149bf55332d763ae
2346Author: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
2347Date: Mon Aug 24 15:57:18 2015 +0300
2348
2349 ovl: free stack of paths in ovl_fill_super
2350
2351 This fixes small memory leak after mount.
2352
2353 Kmemleak report:
2354
2355 unreferenced object 0xffff88003683fe00 (size 16):
2356 comm "mount", pid 2029, jiffies 4294909563 (age 33.380s)
2357 hex dump (first 16 bytes):
2358 20 27 1f bb 00 88 ff ff 40 4b 0f 36 02 88 ff ff '......@K.6....
2359 backtrace:
2360 [<ffffffff811f8cd4>] create_object+0x124/0x2c0
2361 [<ffffffff817a059b>] kmemleak_alloc+0x7b/0xc0
2362 [<ffffffff811dffe6>] __kmalloc+0x106/0x340
2363 [<ffffffffa01b7a29>] ovl_fill_super+0x389/0x9a0 [overlay]
2364 [<ffffffff81200ac4>] mount_nodev+0x54/0xa0
2365 [<ffffffffa01b7118>] ovl_mount+0x18/0x20 [overlay]
2366 [<ffffffff81201ab3>] mount_fs+0x43/0x170
2367 [<ffffffff81220d34>] vfs_kern_mount+0x74/0x170
2368 [<ffffffff812233ad>] do_mount+0x22d/0xdf0
2369 [<ffffffff812242cb>] SyS_mount+0x7b/0xc0
2370 [<ffffffff817b6bee>] entry_SYSCALL_64_fastpath+0x12/0x76
2371 [<ffffffffffffffff>] 0xffffffffffffffff
2372
2373 Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
2374 Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
2375 Fixes: a78d9f0d5d5c ("ovl: support multiple lower layers")
2376 Cc: <stable@vger.kernel.org> # v4.0+
2377
2378 fs/overlayfs/super.c | 1 +
2379 1 files changed, 1 insertions(+), 0 deletions(-)
2380
2381commit b86575c9973b9ad55d659fd8a6be8f864435ad0e
2382Author: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
2383Date: Mon Aug 24 15:57:19 2015 +0300
2384
2385 ovl: free lower_mnt array in ovl_put_super
2386
2387 This fixes memory leak after umount.
2388
2389 Kmemleak report:
2390
2391 unreferenced object 0xffff8800ba791010 (size 8):
2392 comm "mount", pid 2394, jiffies 4294996294 (age 53.920s)
2393 hex dump (first 8 bytes):
2394 20 1c 13 02 00 88 ff ff .......
2395 backtrace:
2396 [<ffffffff811f8cd4>] create_object+0x124/0x2c0
2397 [<ffffffff817a059b>] kmemleak_alloc+0x7b/0xc0
2398 [<ffffffff811dffe6>] __kmalloc+0x106/0x340
2399 [<ffffffffa0152bfc>] ovl_fill_super+0x55c/0x9b0 [overlay]
2400 [<ffffffff81200ac4>] mount_nodev+0x54/0xa0
2401 [<ffffffffa0152118>] ovl_mount+0x18/0x20 [overlay]
2402 [<ffffffff81201ab3>] mount_fs+0x43/0x170
2403 [<ffffffff81220d34>] vfs_kern_mount+0x74/0x170
2404 [<ffffffff812233ad>] do_mount+0x22d/0xdf0
2405 [<ffffffff812242cb>] SyS_mount+0x7b/0xc0
2406 [<ffffffff817b6bee>] entry_SYSCALL_64_fastpath+0x12/0x76
2407 [<ffffffffffffffff>] 0xffffffffffffffff
2408
2409 Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
2410 Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
2411 Fixes: dd662667e6d3 ("ovl: add mutli-layer infrastructure")
2412 Cc: <stable@vger.kernel.org> # v4.0+
2413
2414 fs/overlayfs/super.c | 1 +
2415 1 files changed, 1 insertions(+), 0 deletions(-)
2416
2417commit 9f49b5376fae99cd590d13726e2633bc0a53b6db
2418Author: Linus Torvalds <torvalds@linux-foundation.org>
2419Date: Sun Nov 1 17:09:15 2015 -0800
2420
2421 mm: get rid of 'vmalloc_info' from /proc/meminfo
2422
2423 It turns out that at least some versions of glibc end up reading
2424 /proc/meminfo at every single startup, because glibc wants to know the
2425 amount of memory the machine has. And while that's arguably insane,
2426 it's just how things are.
2427
2428 And it turns out that it's not all that expensive most of the time, but
2429 the vmalloc information statistics (amount of virtual memory used in the
2430 vmalloc space, and the biggest remaining chunk) can be rather expensive
2431 to compute.
2432
2433 The 'get_vmalloc_info()' function actually showed up on my profiles as
2434 4% of the CPU usage of "make test" in the git source repository, because
2435 the git tests are lots of very short-lived shell-scripts etc.
2436
2437 It turns out that apparently this same silly vmalloc info gathering
2438 shows up on the facebook servers too, according to Dave Jones. So it's
2439 not just "make test" for git.
2440
2441 We had two patches to just cache the information (one by me, one by
2442 Ingo) to mitigate this issue, but the whole vmalloc information of of
2443 rather dubious value to begin with, and people who *actually* want to
2444 know what the situation is wrt the vmalloc area should just look at the
2445 much more complete /proc/vmallocinfo instead.
2446
2447 In fact, according to my testing - and perhaps more importantly,
2448 according to that big search engine in the sky: Google - there is
2449 nothing out there that actually cares about those two expensive fields:
2450 VmallocUsed and VmallocChunk.
2451
2452 So let's try to just remove them entirely. Actually, this just removes
2453 the computation and reports the numbers as zero for now, just to try to
2454 be minimally intrusive.
2455
2456 If this breaks anything, we'll obviously have to re-introduce the code
2457 to compute this all and add the caching patches on top. But if given
2458 the option, I'd really prefer to just remove this bad idea entirely
2459 rather than add even more code to work around our historical mistake
2460 that likely nobody really cares about.
2461
2462 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2463
2464 fs/proc/meminfo.c | 7 ++-----
2465 include/linux/vmalloc.h | 12 ------------
2466 mm/vmalloc.c | 47 -----------------------------------------------
2467 3 files changed, 2 insertions(+), 64 deletions(-)
2468
2469commit 66425129a550275398f886498d957284539bb331
2470Author: Marek Vasut <marex@denx.de>
2471Date: Fri Oct 30 13:48:19 2015 +0100
2472
2473 can: Use correct type in sizeof() in nla_put()
2474
2475 The sizeof() is invoked on an incorrect variable, likely due to some
2476 copy-paste error, and this might result in memory corruption. Fix this.
2477
2478 Signed-off-by: Marek Vasut <marex@denx.de>
2479 Cc: Wolfgang Grandegger <wg@grandegger.com>
2480 Cc: netdev@vger.kernel.org
2481 Cc: linux-stable <stable@vger.kernel.org>
2482 Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2483
2484 drivers/net/can/dev.c | 2 +-
2485 1 files changed, 1 insertions(+), 1 deletions(-)
2486
2487commit 8c8e802a86f8faf2519710db043339e1cc953bc4
2488Author: Brad Spengler <spender@grsecurity.net>
2489Date: Mon Nov 2 17:20:52 2015 -0500
2490
2491 Fix the FPU code properly by copying the dynamically-sized FPU state on
2492 each clone of the task struct, making it equivalent to the new FPU-in-task-struct code
2493
2494 Fix is from the PaX Team
2495
2496 arch/x86/kernel/process.c | 2 ++
2497 1 files changed, 2 insertions(+), 0 deletions(-)
2498
2499commit 036bc2e2231c76f7eb470bfef67b6bc26187aeae
2500Author: Brad Spengler <spender@grsecurity.net>
2501Date: Mon Nov 2 17:19:43 2015 -0500
2502
2503 Revert the forced eagerfpu since it's now fixed properly
2504
2505 arch/x86/kernel/fpu/init.c | 3 ---
2506 1 files changed, 0 insertions(+), 3 deletions(-)
2507
2508commit a08ab82bcf321704f6a228c7924b860510c6d610
2509Author: Carol L Soto <clsoto@linux.vnet.ibm.com>
2510Date: Tue Oct 27 17:36:20 2015 +0200
2511
2512 net/mlx4: Copy/set only sizeof struct mlx4_eqe bytes
2513
2514 When doing memcpy/memset of EQEs, we should use sizeof struct
2515 mlx4_eqe as the base size and not caps.eqe_size which could be bigger.
2516
2517 If caps.eqe_size is bigger than the struct mlx4_eqe then we corrupt
2518 data in the master context.
2519
2520 When using a 64 byte stride, the memcpy copied over 63 bytes to the
2521 slave_eq structure. This resulted in copying over the entire eqe of
2522 interest, including its ownership bit -- and also 31 bytes of garbage
2523 into the next WQE in the slave EQ -- which did NOT include the ownership
2524 bit (and therefore had no impact).
2525
2526 However, once the stride is increased to 128, we are overwriting the
2527 ownership bits of *three* eqes in the slave_eq struct. This results
2528 in an incorrect ownership bit for those eqes, which causes the eq to
2529 seem to be full. The issue therefore surfaced only once 128-byte EQEs
2530 started being used in SRIOV and (overarchitectures that have 128/256
2531 byte cache-lines such as PPC) - e.g after commit 77507aa249ae
2532 "net/mlx4_core: Enable CQE/EQE stride support".
2533
2534 Fixes: 08ff32352d6f ('mlx4: 64-byte CQE/EQE support')
2535 Signed-off-by: Carol L Soto <clsoto@linux.vnet.ibm.com>
2536 Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
2537 Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
2538 Signed-off-by: David S. Miller <davem@davemloft.net>
2539
2540 drivers/net/ethernet/mellanox/mlx4/cmd.c | 2 +-
2541 drivers/net/ethernet/mellanox/mlx4/eq.c | 2 +-
2542 2 files changed, 2 insertions(+), 2 deletions(-)
2543
2544commit 811ab3b52935612def289efa5e9e2aa973f16f26
2545Author: Hannes Frederic Sowa <hannes@stressinduktion.org>
2546Date: Wed Oct 28 13:21:04 2015 +0100
2547
2548 ipv6: protect mtu calculation of wrap-around and infinite loop by rounding issues
2549
2550 Raw sockets with hdrincl enabled can insert ipv6 extension headers
2551 right into the data stream. In case we need to fragment those packets,
2552 we reparse the options header to find the place where we can insert
2553 the fragment header. If the extension headers exceed the link's MTU we
2554 actually cannot make progress in such a case.
2555
2556 Instead of ending up in broken arithmetic or rounding towards 0 and
2557 entering an endless loop in ip6_fragment, just prevent those cases by
2558 aborting early and signal -EMSGSIZE to user space.
2559
2560 This is the second version of the patch which doesn't use the
2561 overflow_usub function, which got reverted for now.
2562
2563 Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
2564 Cc: Linus Torvalds <torvalds@linux-foundation.org>
2565 Reported-by: Dmitry Vyukov <dvyukov@google.com>
2566 Cc: Dmitry Vyukov <dvyukov@google.com>
2567 Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
2568 Signed-off-by: David S. Miller <davem@davemloft.net>
2569
2570 net/ipv6/ip6_output.c | 2 ++
2571 1 files changed, 2 insertions(+), 0 deletions(-)
2572
2573commit f074980442c7c3ff4a75c711ff18204dfb4131b8
2574Author: Brad Spengler <spender@grsecurity.net>
2575Date: Thu Oct 29 18:19:02 2015 -0400
2576
2577 Revert "ipv6: protect mtu calculation of wrap-around and infinite loop by rounding issues"
2578
2579 This reverts commit 18d5034650b637ec479f41d98e3912398b3e3efc.
2580
2581 net/ipv6/ip6_output.c | 6 +-----
2582 1 files changed, 1 insertions(+), 5 deletions(-)
2583
2584commit 53e629c2d13ed09f4c889925482606f82a65bd1d
2585Author: Brad Spengler <spender@grsecurity.net>
2586Date: Thu Oct 29 18:18:55 2015 -0400
2587
2588 Revert "overflow-arith: begin to add support for overflow builtin functions"
2589
2590 This reverts commit cfd0008de8db38841f7f06b979482900994717b9.
2591
2592 Conflicts:
2593
2594 include/linux/compiler-gcc.h
2595
2596 include/linux/compiler-gcc.h | 4 ----
2597 include/linux/overflow-arith.h | 18 ------------------
2598 2 files changed, 0 insertions(+), 22 deletions(-)
2599
2600commit 225122602b5b7fd58ec5c2a4a1a4a9a29fe7a02a
2601Author: Brad Spengler <spender@grsecurity.net>
2602Date: Thu Oct 29 09:00:11 2015 -0400
2603
2604 Update size_overflow plugin
2605
2606 .../size_overflow_plugin/intentional_overflow.c | 3 +++
2607 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
2608 2 files changed, 4 insertions(+), 1 deletions(-)
2609
c3f73f4b
PK		 2610commit 2bf85cb1c3df45d59d8b59aeacf63cbbee360175
2611Author: Brad Spengler <spender@grsecurity.net>
2612Date: Thu Oct 29 08:52:07 2015 -0400
2613
2614 Temporarily disable the builtin_overflow again as the kernexec plugin also has problems with it
2615
2616 include/linux/compiler-gcc.h | 2 +-
2617 1 files changed, 1 insertions(+), 1 deletions(-)
2618
d60a514c
PK		 2619commit a41c8c4d880b6005e874bf5440e24713da8483cd
2620Author: Brad Spengler <spender@grsecurity.net>
2621Date: Wed Oct 28 19:28:30 2015 -0400
2622
2623 temporarily work around issue with the dynamic FPU state and lazy FPU mode
2624 upstream configures FPU mode based on the eagerfpu variable before it's ever actually
2625 set by the commandline parser (so eagerfpu= on the commandline has no effect)
2626
2627 arch/x86/kernel/fpu/init.c | 3 +++
2628 1 files changed, 3 insertions(+), 0 deletions(-)
2629
2630commit 8452f9d5cfabda9228496050a16bc8728c0ebbb7
2631Author: Brad Spengler <spender@grsecurity.net>
2632Date: Wed Oct 28 19:25:55 2015 -0400
2633
2634 Remove/reorder some code due to the reverting of the FPU-state-in-task_struct code
2635
2636 arch/x86/include/asm/fpu/types.h | 69 ++++++++++++++++++--------------------
2637 arch/x86/include/asm/processor.h | 10 ++----
2638 arch/x86/kernel/fpu/init.c | 20 -----------
2639 include/linux/sched.h | 4 +-
2640 4 files changed, 38 insertions(+), 65 deletions(-)
2641
2642commit c2127bd4215f8f02a1391bef3bde55d0bb1c19bc
2643Author: Brad Spengler <spender@grsecurity.net>
2644Date: Tue Oct 27 23:38:11 2015 -0400
2645
2646 fix typo
2647
2648 tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 2 +-
2649 1 files changed, 1 insertions(+), 1 deletions(-)
2650
2651commit c588def7b5713c31fef2b848bfebf0d727791b82
2652Author: Brad Spengler <spender@grsecurity.net>
2653Date: Tue Oct 27 21:09:04 2015 -0400
2654
2655 remove the PAGE_SIZE padding from fpregs_state since it's not included as part
2656 of the task struct
2657
2658 arch/x86/include/asm/fpu/types.h | 1 -
2659 1 files changed, 0 insertions(+), 1 deletions(-)
2660
2661commit 3bd1e5915353fee1f347577f0e80d925910695f9
2662Author: Herbert Xu <herbert@gondor.apana.org.au>
2663Date: Mon Oct 19 18:23:57 2015 +0800
2664
2665 crypto: api - Only abort operations on fatal signal
2666
2667 Currently a number of Crypto API operations may fail when a signal
2668 occurs. This causes nasty problems as the caller of those operations
2669 are often not in a good position to restart the operation.
2670
2671 In fact there is currently no need for those operations to be
2672 interrupted by user signals at all. All we need is for them to
2673 be killable.
2674
2675 This patch replaces the relevant calls of signal_pending with
2676 fatal_signal_pending, and wait_for_completion_interruptible with
2677 wait_for_completion_killable, respectively.
2678
2679 Cc: stable@vger.kernel.org
2680 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2681
2682 crypto/ablkcipher.c | 2 +-
2683 crypto/algapi.c | 2 +-
2684 crypto/api.c | 6 +++---
2685 crypto/crypto_user.c | 2 +-
2686 4 files changed, 6 insertions(+), 6 deletions(-)
2687
2688commit 2b278f02de77bd3d0ffb4c64bc56b702d4e27e49
2689Author: Brad Spengler <spender@grsecurity.net>
2690Date: Tue Oct 27 18:02:42 2015 -0400
2691
2692 Update a comment
2693
2694 arch/x86/include/asm/fpu/internal.h | 2 +-
2695 1 files changed, 1 insertions(+), 1 deletions(-)
2696
2697commit 66cbab70d87485c22946485bfd375c3e88140213
2698Merge: cad84c5 8610c94
2699Author: Brad Spengler <spender@grsecurity.net>
2700Date: Tue Oct 27 07:44:23 2015 -0400
2701
2702 Merge branch 'pax-test' into grsec-test
2703
2704commit 8610c949a76ac2a09b334f41c35cb8e7a04a0ce8
2705Merge: a851b41 f69d603
2706Author: Brad Spengler <spender@grsecurity.net>
2707Date: Tue Oct 27 07:44:14 2015 -0400
2708
2709 Merge branch 'linux-4.2.y' into pax-test
2710
2711commit cad84c52f547c8ba47ddcf39d1f260f55350f0c2
2712Author: Brad Spengler <spender@grsecurity.net>
2713Date: Mon Oct 26 07:33:21 2015 -0400
2714
2715 re-enable builtin_overflow support
2716
2717 include/linux/compiler-gcc.h | 3 +--
2718 1 files changed, 1 insertions(+), 2 deletions(-)
2719
2720commit 6e281aebbf456c27ce530055d5668bc5829c02a8
2721Author: Brad Spengler <spender@grsecurity.net>
2722Date: Mon Oct 26 07:32:15 2015 -0400
2723
2724 Update the size_overflow plugin from Emese to fix the ICE on builtin_overflow use
2725
2726 tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 3 ++-
2727 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
2728 2 files changed, 3 insertions(+), 2 deletions(-)
2729
2730commit 75ed97df02fc6eb862df511da6ca690de3d0f15c
2731Author: Brad Spengler <spender@grsecurity.net>
2732Date: Mon Oct 26 07:17:00 2015 -0400
2733
2734 Fix from Emese for a size_overflow report in the fbcon code on the
2735 'softback_lines' global variable
2736
2737 drivers/video/console/fbcon.c | 2 +-
2738 1 files changed, 1 insertions(+), 1 deletions(-)
2739
134f4180
PK		 2740commit b088cabd42c6fe825baa27f40ab450ad75e571d3
2741Author: Brad Spengler <spender@grsecurity.net>
2742Date: Sun Oct 25 18:09:55 2015 -0400
2743
2744 Temporarily work around an ICE on GCC >= 5 reported by Daniel Micay due to
2745 backporting of __builtin_usub_overflow
2746
2747 include/linux/compiler-gcc.h | 3 ++-
2748 1 files changed, 2 insertions(+), 1 deletions(-)
2749
2750commit ba858f46865c6751af3ddba03b176e4d5ecf85c1
2751Author: Brad Spengler <spender@grsecurity.net>
2752Date: Sun Oct 25 17:59:17 2015 -0400
2753
2754 Update size_overflow hash table
2755
2756 .../disable_size_overflow_hash.data | 7 +++++++
2757 .../size_overflow_plugin/size_overflow_hash.data | 9 +--------
2758 2 files changed, 8 insertions(+), 8 deletions(-)
2759
2760commit ba803bceaea0283b38e91c1d3176bf0671786269
2761Author: Brad Spengler <spender@grsecurity.net>
2762Date: Sun Oct 25 15:31:17 2015 -0400
2763
2764 Fix oversight in pipacs' removal of FPU state from the task struct:
2765 fpu_copy was performing an OOB copy starting from the address of the 'state'
2766 pointer in the fpu struct instead of starting from the address pointed
2767 to by the state pointer. Reported at:
2768 https://bugs.archlinux.org/task/46764
2769
2770 arch/x86/include/asm/fpu/internal.h | 4 ++--
2771 arch/x86/kernel/fpu/core.c | 2 +-
2772 2 files changed, 3 insertions(+), 3 deletions(-)
2773
46c36e49
PK		 2774commit 26e7d31c5b5c970c50297d2b8be165e9c9ab9d83
2775Merge: 85d8735 a851b41
2776Author: Brad Spengler <spender@grsecurity.net>
2777Date: Sun Oct 25 13:39:21 2015 -0400
2778
2779 Merge branch 'pax-test' into grsec-test
2780
2781commit a851b41415a0402d76f10712b6950ddff3872a22
2782Author: Brad Spengler <spender@grsecurity.net>
2783Date: Sun Oct 25 13:38:25 2015 -0400
2784
2785 Update to latest size_overflow plugin release:
2786 Temporarily ignore bitfield types: https://bugs.archlinux.org/task/46798
2787 Use SI or wider type for the size_overflow type: https://forums.grsecurity.net/viewtopic.php?t=4293&p=15655#p15655
2788
2789 .../size_overflow_plugin/intentional_overflow.c | 3 +++
2790 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
2791 .../size_overflow_plugin/size_overflow_transform.c | 7 +++++++
2792 .../size_overflow_transform_core.c | 2 --
2793 4 files changed, 11 insertions(+), 3 deletions(-)
2794
2795commit 85d8735a1d1190e3ad2e3f032ae88f811090fdfc
2796Author: Brad Spengler <spender@grsecurity.net>
2797Date: Sun Oct 25 13:01:32 2015 -0400
2798
2799 fpu doesn't live on the task_struct with PaX, so don't even bother computing some task_size
2800 variable that isn't used for anything
2801
2802 arch/x86/kernel/fpu/init.c | 14 --------------
2803 1 files changed, 0 insertions(+), 14 deletions(-)
2804
2805commit cfd0008de8db38841f7f06b979482900994717b9
2806Author: Hannes Frederic Sowa <hannes@stressinduktion.org>
2807Date: Fri Oct 16 11:32:42 2015 +0200
2808
2809 overflow-arith: begin to add support for overflow builtin functions
2810
2811 The idea of the overflow-arith.h header is to collect overflow checking
2812 functions in one central place.
2813
2814 If gcc compiler supports the __builtin_overflow_* builtins we use them
2815 because they might give better performance, otherwise the code falls
2816 back to normal overflow checking functions.
2817
2818 The builtin_overflow functions are supported by gcc-5 and clang. The
2819 matter of supporting clang is to just provide a corresponding
2820 CC_HAVE_BUILTIN_OVERFLOW, because the specific overflow checking builtins
2821 don't differ between gcc and clang.
2822
2823 I just provide overflow_usub function here as I intend this to get merged
2824 into net, more functions will definitely follow as they are needed.
2825
2826 Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
2827 Signed-off-by: David S. Miller <davem@davemloft.net>
2828
2829 include/linux/compiler-gcc.h | 4 ++++
2830 include/linux/overflow-arith.h | 18 ++++++++++++++++++
2831 2 files changed, 22 insertions(+), 0 deletions(-)
2832
2833commit 18d5034650b637ec479f41d98e3912398b3e3efc
2834Author: Hannes Frederic Sowa <hannes@stressinduktion.org>
2835Date: Fri Oct 16 11:32:43 2015 +0200
2836
2837 ipv6: protect mtu calculation of wrap-around and infinite loop by rounding issues
2838
2839 Raw sockets with hdrincl enabled can insert ipv6 extension headers
2840 right into the data stream. In case we need to fragment those packets,
2841 we reparse the options header to find the place where we can insert
2842 the fragment header. If the extension headers exceed the link's MTU we
2843 actually cannot make progress in such a case.
2844
2845 Instead of ending up in broken arithmetic or rounding towards 0 and
2846 entering an endless loop in ip6_fragment, just prevent those cases by
2847 aborting early and signal -EMSGSIZE to user space.
2848
2849 Reported-by: Dmitry Vyukov <dvyukov@google.com>
2850 Cc: Dmitry Vyukov <dvyukov@google.com>
2851 Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
2852 Signed-off-by: David S. Miller <davem@davemloft.net>
2853
2854 net/ipv6/ip6_output.c | 6 +++++-
2855 1 files changed, 5 insertions(+), 1 deletions(-)
2856
2857commit 0e1d1c0f1981b4049a70d23dce4c69daf19f020b
2858Merge: c81314c 9470e78
2859Author: Brad Spengler <spender@grsecurity.net>
2860Date: Sun Oct 25 11:51:44 2015 -0400
2861
2862 Merge branch 'pax-test' into grsec-test
2863
2864commit 9470e7893a9a1bf15f9b7d412dc09bebb59105e8
2865Author: Brad Spengler <spender@grsecurity.net>
2866Date: Sun Oct 25 11:50:54 2015 -0400
2867
2868 Temporary squelching of overflow warning on skb_transport_offset(), will be fixed properly after H2HC
2869
2870 include/linux/skbuff.h | 2 +-
2871 1 files changed, 1 insertions(+), 1 deletions(-)
2872
2873commit c81314ce278e9cfa3322881a6133c2c7e53b9430
2874Author: Brad Spengler <spender@grsecurity.net>
2875Date: Sat Oct 24 23:13:36 2015 -0400
2876
2877 Update recordmcount/fixdep paths in RPM spec, from Andrew
2878
2879 scripts/package/mkspec | 4 ++--
2880 1 files changed, 2 insertions(+), 2 deletions(-)
2881
2882commit 798e4296bd55778b5e77f1db69c1bb972419590f
2883Author: Brad Spengler <spender@grsecurity.net>
2884Date: Sat Oct 24 23:11:22 2015 -0400
2885
2886 Update size_overflow hash table
2887
2888 .../disable_size_overflow_hash.data | 3 +++
2889 .../size_overflow_plugin/size_overflow_hash.data | 5 +----
2890 2 files changed, 4 insertions(+), 4 deletions(-)
2891
68b0b791
PK		 2892commit d9ef04f20fc634595883d1c1950c32a8fe04df22
2893Author: Brad Spengler <spender@grsecurity.net>
2894Date: Sat Oct 24 08:27:29 2015 -0400
2895
2896 Fix from Emese for https://forums.grsecurity.net/viewtopic.php?f=3&t=4291
2897
2898 drivers/usb/class/cdc-acm.h | 2 +-
2899 include/linux/usb.h | 8 ++++----
2900 2 files changed, 5 insertions(+), 5 deletions(-)
2901
2902commit eea46f1d247f5f63e3762da91a41cba76567800f
2903Author: Brad Spengler <spender@grsecurity.net>
2904Date: Fri Oct 23 18:24:57 2015 -0400
2905
2906 Update size_overflow hash tables
2907
2908 .../disable_size_overflow_hash.data | 5 ++++-
2909 .../size_overflow_plugin/size_overflow_hash.data | 5 +----
2910 2 files changed, 5 insertions(+), 5 deletions(-)
2911
31a7c07c
PK		 2912commit 8f521b864bd7428f3ad42613416c106d1d619c4d
2913Merge: 26adf00 285f0d1
2914Author: Brad Spengler <spender@grsecurity.net>
2915Date: Thu Oct 22 19:41:57 2015 -0400
2916
2917 Merge branch 'pax-test' into grsec-test
2918
2919 Conflicts:
2920 drivers/gpu/drm/drm_lock.c
2921
2922commit 285f0d1cda31b45ee217b90861677c032cb6550b
2923Merge: d6dc25f 190bd21
2924Author: Brad Spengler <spender@grsecurity.net>
2925Date: Thu Oct 22 19:40:34 2015 -0400
2926
2927 Merge branch 'linux-4.2.y' into pax-test
2928
2929 Conflicts:
2930 arch/x86/kernel/process_64.c
2931
2932commit 26adf00caf8f4ebf155422082d4e8b8e4eb60eef
2933Author: Eric W. Biederman <ebiederm@xmission.com>
2934Date: Sat Aug 15 13:36:12 2015 -0500
2935
2936 dcache: Handle escaped paths in prepend_path
2937
2938 A rename can result in a dentry that by walking up d_parent
2939 will never reach it's mnt_root. For lack of a better term
2940 I call this an escaped path.
2941
2942 prepend_path is called by four different functions __d_path,
2943 d_absolute_path, d_path, and getcwd.
2944
2945 __d_path only wants to see paths are connected to the root it passes
2946 in. So __d_path needs prepend_path to return an error.
2947
2948 d_absolute_path similarly wants to see paths that are connected to
2949 some root. Escaped paths are not connected to any mnt_root so
2950 d_absolute_path needs prepend_path to return an error greater
2951 than 1. So escaped paths will be treated like paths on lazily
2952 unmounted mounts.
2953
2954 getcwd needs to prepend "(unreachable)" so getcwd also needs
2955 prepend_path to return an error.
2956
2957 d_path is the interesting hold out. d_path just wants to print
2958 something, and does not care about the weird cases. Which raises
2959 the question what should be printed?
2960
2961 Given that <escaped_path>/<anything> should result in -ENOENT I
2962 believe it is desirable for escaped paths to be printed as empty
2963 paths. As there are not really any meaninful path components when
2964 considered from the perspective of a mount tree.
2965
2966 So tweak prepend_path to return an empty path with an new error
2967 code of 3 when it encounters an escaped path.
2968
2969 Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2970 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2971
2972 fs/dcache.c | 7 +++++++
2973 1 files changed, 7 insertions(+), 0 deletions(-)
2974
2975commit d402147a7689356c29bfd46a7cfa6594e517ab95
2976Author: Salva Peiró <speirofr@gmail.com>
2977Date: Wed Oct 14 17:48:02 2015 +0200
2978
2979 staging/dgnc: fix info leak in ioctl
2980
2981 The dgnc_mgmt_ioctl() code fails to initialize the 16 _reserved bytes of
2982 struct digi_dinfo after the ->dinfo_nboards member. Add an explicit
2983 memset(0) before filling the structure to avoid the info leak.
2984
2985 Signed-off-by: Salva Peiró <speirofr@gmail.com>
2986 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2987
2988 drivers/staging/dgnc/dgnc_mgmt.c | 1 +
2989 1 files changed, 1 insertions(+), 0 deletions(-)
2990
2991commit bafc510c4fb4e8a5e69531fdc3a733e58c4bbdbf
2992Author: Salva Peiró <speirofr@gmail.com>
2993Date: Wed Oct 7 07:09:26 2015 -0300
2994
2995 [media] media/vivid-osd: fix info leak in ioctl
2996
2997 The vivid_fb_ioctl() code fails to initialize the 16 _reserved bytes of
2998 struct fb_vblank after the ->hcount member. Add an explicit
2999 memset(0) before filling the structure to avoid the info leak.
3000
3001 Signed-off-by: Salva Peiró <speirofr@gmail.com>
3002 Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
3003 Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
3004
3005 drivers/media/platform/vivid/vivid-osd.c | 1 +
3006 1 files changed, 1 insertions(+), 0 deletions(-)
3007
3008commit 980a903796ae06366fd5acbcd179ee2dc57fbabf
3009Author: David Howells <dhowells@redhat.com>
3010Date: Mon Oct 19 11:20:28 2015 +0100
3011
3012 KEYS: Don't permit request_key() to construct a new keyring
3013
3014 If request_key() is used to find a keyring, only do the search part - don't
3015 do the construction part if the keyring was not found by the search. We
3016 don't really want keyrings in the negative instantiated state since the
3017 rejected/negative instantiation error value in the payload is unioned with
3018 keyring metadata.
3019
3020 Now the kernel gives an error:
3021
3022 request_key("keyring", "#selinux,bdekeyring", "keyring", KEY_SPEC_USER_SESSION_KEYRING) = -1 EPERM (Operation not permitted)
3023
3024 Signed-off-by: David Howells <dhowells@redhat.com>
3025
3026 security/keys/request_key.c | 3 +++
3027 1 files changed, 3 insertions(+), 0 deletions(-)
3028
3029commit f705c157ed6f8a9c4c0cf552fd5f054d9d500550
3030Author: Dan Carpenter <dan.carpenter@oracle.com>
3031Date: Mon Oct 19 13:16:49 2015 +0300
3032
3033 irda: precedence bug in irlmp_seq_hb_idx()
3034
3035 This is decrementing the pointer, instead of the value stored in the
3036 pointer. KASan detects it as an out of bounds reference.
3037
3038 Reported-by: "Berry Cheng 程君(成淼)" <chengmiao.cj@alibaba-inc.com>
3039 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
3040 Signed-off-by: David S. Miller <davem@davemloft.net>
3041
3042 net/irda/irlmp.c | 2 +-
3043 1 files changed, 1 insertions(+), 1 deletions(-)
3044
dc085147
PK		 3045commit 4a110451298bfce895ed224e6bbd9201d8605b2b
3046Author: Brad Spengler <spender@grsecurity.net>
3047Date: Tue Oct 20 19:25:13 2015 -0400
3048
3049 Ratelimit the dump_stack as well, both to 15s with a burst of 3, enough not to completely
3050 flood syslog
3051
3052 fs/exec.c | 11 +++++++++--
3053 1 files changed, 9 insertions(+), 2 deletions(-)
3054
3055commit 183fc2ae7d90e077fd27623998d82916260a2223
fee0510d 3056Merge: a2409394 d6dc25f
dc085147
PK		 3057Author: Brad Spengler <spender@grsecurity.net>
3058Date: Tue Oct 20 19:16:04 2015 -0400
3059
3060 Merge branch 'pax-test' into grsec-test
3061
3062 Conflicts:
3063 tools/gcc/size_overflow_plugin/size_overflow_plugin.c
3064
3065commit d6dc25f193a832e08d8e7cf097d7f70b3dc24776
3066Author: Brad Spengler <spender@grsecurity.net>
3067Date: Tue Oct 20 19:14:41 2015 -0400
3068
3069 Update to pax-linux-4.2.3-test16.patch:
3070 - fixed undefined integer shift in proc_do_submiturb, reported by Arnaud <arnaud@drno.eu>
3071 - fixed integer underflow in scm_detach_fds (similar to 1ac70e7ad24a88710cf9b6d7ababaefa2b575df0 upstream), reported by kdave (https://forums.grsecurity.net/viewtopic.php?f=1&t=4286)
3072 - Emese added a temporary workaround for miscompiling the ath10k driver, reported by victor
3073 - Emese fixed a false positive that affected the iwlwifi driver among others, reported by victor
3074 - Emese disabled size overflow checking in acpi_ex_do_math_op and on acpi_object_integer, reported by xxterry1xx and rfnx (https://forums.grsecurity.net/viewtopic.php?f=3&t=4287)
3075
3076 drivers/net/wireless/ath/ath10k/ce.c | 2 +-
3077 drivers/usb/core/devio.c | 2 +-
3078 fs/dlm/lowcomms.c | 2 +-
3079 net/core/scm.c | 6 ++-
3080 .../disable_size_overflow_hash.data | 4 +-
3081 .../size_overflow_plugin/intentional_overflow.c | 44 --------------------
3082 tools/gcc/size_overflow_plugin/size_overflow.h | 1 -
3083 .../size_overflow_plugin/size_overflow_hash.data | 4 +-
3084 .../size_overflow_plugin/size_overflow_plugin.c | 4 +-
3085 .../size_overflow_plugin/size_overflow_transform.c | 3 -
3086 .../size_overflow_transform_core.c | 6 +++
3087 11 files changed, 19 insertions(+), 59 deletions(-)
3088
a129fb97
PK		 3089commit a2409394c2b0d97a9f02bf62ca4c0254602e58a6
3090Author: Brad Spengler <spender@grsecurity.net>
3091Date: Tue Oct 20 08:58:25 2015 -0400
3092
3093 set default to y
3094
3095 security/Kconfig | 1 +
3096 1 files changed, 1 insertions(+), 0 deletions(-)
3097
3098commit 3abe24117389419654da44adc87a9a03ad7e3f38
3099Author: Brad Spengler <spender@grsecurity.net>
3100Date: Tue Oct 20 08:08:32 2015 -0400
3101
3102 Add a new config option from Emese to allow SIZE_OVERFLOW to be enabled
3103 while having it not kill the userland process in an overflow condition.
3104 This will help us obtain reports over the next few weeks while not making
3105 some percentage of users' machines unusable.
3106
3107 To enable this option, set CONFIG_PAX_SIZE_OVERFLOW_DISABLE_KILL=y in .config
3108
3109 fs/exec.c | 5 +++++
3110 security/Kconfig | 4 ++++
3111 .../size_overflow_plugin/size_overflow_plugin.c | 4 ++--
3112 3 files changed, 11 insertions(+), 2 deletions(-)
3113
07330232
PK		 3114commit bcae982f720ce0b3463a81f2b72a4807cb89048b
3115Merge: 0e55d80 128d3a5
3116Author: Brad Spengler <spender@grsecurity.net>
3117Date: Mon Oct 19 18:56:09 2015 -0400
3118
3119 Merge branch 'pax-test' into grsec-test
3120
3121commit 128d3a5452ab001b29235b05eb0be3334fff3998
3122Author: Brad Spengler <spender@grsecurity.net>
3123Date: Mon Oct 19 18:55:37 2015 -0400
3124
3125 Update to pax-linux-4.2.3-test14.patch:
3126 - Emese fixed a false positive size overflow report, reported by gus (https://forums.grsecurity.net/viewtopic.php?t=4280)
3127 - fixed an integer sign mixup in usb_stor_invoke_transport, reported by Arnaud <arnaud@drno.eu>
3128
3129 drivers/usb/storage/transport.c | 2 +-
3130 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
3131 .../size_overflow_plugin/size_overflow_transform.c | 15 +++-
3132 .../size_overflow_transform_core.c | 90 ++++++++++++++-----
3133 4 files changed, 81 insertions(+), 28 deletions(-)
3134
ed16389b
PK		 3135commit 0e55d80a65998266cab71804131a072fcc8ee558
3136Merge: a61fd15 9c4310f
3137Author: Brad Spengler <spender@grsecurity.net>
3138Date: Sat Oct 17 23:15:36 2015 -0400
3139
3140 Merge branch 'pax-test' into grsec-test
3141
3142commit 9c4310fdb2d19f83affc62eb2698d3763ce8c36b
3143Author: Brad Spengler <spender@grsecurity.net>
3144Date: Sat Oct 17 23:15:13 2015 -0400
3145
3146 Update to pax-linux-4.2.3-test14.patch:
3147 - reverted some page table hardening that caused too much slowdown under virtualization, reported by quasar366 (https://forums.grsecurity.net/viewtopic.php?f=3&t=4275)
3148
3149 arch/x86/include/asm/pgtable-2level.h | 18 ++----------------
3150 arch/x86/include/asm/pgtable-3level.h | 10 ----------
3151 arch/x86/include/asm/pgtable_32.h | 2 ++
3152 arch/x86/include/asm/pgtable_64.h | 18 ++----------------
3153 arch/x86/mm/highmem_32.c | 2 ++
3154 arch/x86/mm/init_64.c | 2 ++
3155 arch/x86/mm/iomap_32.c | 4 ++++
3156 arch/x86/mm/pageattr.c | 4 ++++
3157 arch/x86/mm/pgtable.c | 2 ++
3158 arch/x86/mm/pgtable_32.c | 3 +++
3159 mm/highmem.c | 5 +++++
3160 mm/vmalloc.c | 7 +++++++
3161 12 files changed, 35 insertions(+), 42 deletions(-)
3162
609ac19a
PK		 3163commit a61fd152e87bd3ed91194b07f6b1fcbcd165093b
3164Merge: 00f1afa db7a8e5
3165Author: Brad Spengler <spender@grsecurity.net>
3166Date: Sat Oct 17 18:33:48 2015 -0400
3167
3168 Merge branch 'pax-test' into grsec-test
3169
3170commit db7a8e5c284179889014b5929a40298e1b228fbc
3171Author: Brad Spengler <spender@grsecurity.net>
3172Date: Sat Oct 17 18:33:22 2015 -0400
3173
3174 Update to pax-linux-4.2.3-test13.patch:
3175 - Emese worked around a sign mixup with wiphy.rts_threshold, reported by gus (https://forums.grsecurity.net/viewtopic.php?f=3&t=4278)
3176
3177 .../disable_size_overflow_hash.data | 2 ++
3178 .../size_overflow_plugin/size_overflow_hash.data | 2 --
3179 2 files changed, 2 insertions(+), 2 deletions(-)
3180
5bf3f0b0
PK		 3181commit 00f1afa694317365e9bd6dc77d2e3e96ae3a68ec
3182Merge: 7098385 57dc21d
3183Author: Brad Spengler <spender@grsecurity.net>
3184Date: Sat Oct 17 11:04:56 2015 -0400
3185
3186 Merge branch 'pax-test' into grsec-test
3187
3188commit 57dc21d203a9fa1312a4abc608da5b3644d29078
3189Author: Brad Spengler <spender@grsecurity.net>
3190Date: Sat Oct 17 11:04:34 2015 -0400
3191
3192 Update to pax-linux-4.2.3-test12.patch:
3193 - removed size_overflow_hash.data.prev that was left behind by accident
3194 - Emese fixed a false positive overflow report in the megaraid driver due to a gcc limitation, reported by vortex (https://forums.grsecurity.net/viewtopic.php?f=3&t=4277)
3195
3196 drivers/scsi/megaraid/megaraid_sas.h | 2 +-
3197 1 files changed, 1 insertions(+), 1 deletions(-)
3198
c84fce4e
PK		 3199commit 7098385851c43dea6692508c71cd5fbcce3187b2
3200Merge: bc6d23e 78b0f64
3201Author: Brad Spengler <spender@grsecurity.net>
3202Date: Fri Oct 16 17:45:06 2015 -0400
3203
3204 Merge branch 'pax-test' into grsec-test
3205
3206 Conflicts:
3207 tools/gcc/size_overflow_plugin/intentional_overflow.c
3208
3209commit 78b0f643d8d2b870e8ad5df075d4ab79befa4266
3210Author: Brad Spengler <spender@grsecurity.net>
3211Date: Fri Oct 16 17:44:18 2015 -0400
3212
3213 Update to pax-linux-4.2.3-test11.patch:
3214 - Emese fixed a few false positives caused by error codes
3215 - simplified the switch_mm code on x86 a bit
3216
3217 arch/x86/include/asm/mmu_context.h | 118 +++++--------
3218 include/drm/drm_mm.h | 2 +-
3219 .../size_overflow_plugin/intentional_overflow.c | 11 +-
3220 tools/gcc/size_overflow_plugin/size_overflow.h | 19 ++-
3221 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
3222 .../size_overflow_plugin/size_overflow_transform.c | 178 +++++++++-----------
3223 .../size_overflow_transform_core.c | 31 ++--
3224 7 files changed, 169 insertions(+), 192 deletions(-)
3225
3226commit bc6d23e3408e389f8a96134f6bc915e9fc8b370b
3227Author: Brad Spengler <spender@grsecurity.net>
3228Date: Fri Oct 16 17:28:54 2015 -0400
3229
3230 Update rpm devel spec, thanks to Andrew
3231
3232 scripts/package/mkspec | 3 +++
3233 1 files changed, 3 insertions(+), 0 deletions(-)
3234
3235commit b3f30cb9207a72a6aa4a78f23f8c5353be0bb27b
3236Author: Brad Spengler <spender@grsecurity.net>
3237Date: Thu Oct 15 20:10:56 2015 -0400
3238
3239 disable tracing support with GRKERNSEC_KMEM (it forces debugfs support on)
3240
3241 kernel/trace/Kconfig | 2 +-
3242 1 files changed, 1 insertions(+), 1 deletions(-)
3243
3244commit 82a0c12587f14add438ddf3b558e2278fcb7a387
3245Author: Brad Spengler <spender@grsecurity.net>
3246Date: Thu Oct 15 19:19:43 2015 -0400
3247
3248 Force DEBUG_FS off the hard way, since 'select' can cause it to be
3249 inadvertently enabled. Add a backup check that fails the build if
3250 GRKERNSEC_KMEM is enabled with DEBUG_FS
3251 Ditto for PROC_PAGE_MONITOR
3252
3253 arch/arc/Kconfig | 1 +
3254 arch/arm/Kconfig.debug | 1 +
3255 arch/arm64/Kconfig.debug | 1 +
3256 arch/blackfin/Kconfig.debug | 1 +
3257 arch/s390/Kconfig.debug | 1 +
3258 arch/x86/Kconfig.debug | 2 ++
3259 drivers/iommu/Kconfig | 1 +
3260 drivers/md/bcache/Kconfig | 1 +
3261 drivers/net/wireless/ath/ath9k/Kconfig | 1 -
3262 include/linux/grsecurity.h | 6 ++++++
3263 init/Kconfig | 1 +
3264 kernel/trace/Kconfig | 2 ++
3265 lib/Kconfig.debug | 6 +++++-
3266 mm/Kconfig | 3 +++
3267 net/sunrpc/Kconfig | 1 +
3268 15 files changed, 27 insertions(+), 2 deletions(-)
3269
3270commit 1b6f8fc8b8100292647638c713326776a0865705
3271Author: Brad Spengler <spender@grsecurity.net>
3272Date: Thu Oct 15 17:58:59 2015 -0400
3273
3274 Force DEBUG_FS off in the kernel config, even having it present is a security
3275 risk
3276
3277 Conflicts:
3278
3279 lib/Kconfig.debug
3280
3281 lib/Kconfig.debug | 1 +
3282 1 files changed, 1 insertions(+), 0 deletions(-)
3283
3284commit 21057fc30571f96aa46acf8922417311905d0f2b
3285Author: Brad Spengler <spender@grsecurity.net>
3286Date: Thu Oct 15 08:15:33 2015 -0400
3287
3288 Backport fix from: https://patchwork.kernel.org/patch/6853351/
3289 The debug_read_tlb() uses the sprintf() functions directly on the buffer
3290 allocated by buf = kmalloc(count), without taking into account the size
3291 of the buffer, with the consequence corrupting the heap, depending on
3292 the count requested by the user.
3293
3294 The patch fixes the issue replacing sprintf() by seq_printf().
3295
3296 Signed-off-by: Salva Peiró <speirofr@gmail.com>
3297
3298 drivers/iommu/omap-iommu-debug.c | 26 +++++++-------------------
3299 drivers/iommu/omap-iommu.c | 28 +++++++++++-----------------
3300 drivers/iommu/omap-iommu.h | 3 +--
3301 3 files changed, 19 insertions(+), 38 deletions(-)
3302
3303commit ba936d19274485bad900a69d679878a50faa50aa
3304Author: Joe Perches <joe@perches.com>
3305Date: Wed Oct 14 01:09:40 2015 -0700
3306
3307 ethtool: Use kcalloc instead of kmalloc for ethtool_get_strings
3308
3309 It seems that kernel memory can leak into userspace by a
3310 kmalloc, ethtool_get_strings, then copy_to_user sequence.
3311
3312 Avoid this by using kcalloc to zero fill the copied buffer.
3313
3314 Signed-off-by: Joe Perches <joe@perches.com>
3315 Acked-by: Ben Hutchings <ben@decadent.org.uk>
3316 Signed-off-by: David S. Miller <davem@davemloft.net>
3317
3318 net/core/ethtool.c | 2 +-
3319 1 files changed, 1 insertions(+), 1 deletions(-)
3320
3321commit bae0a8209962cede6a0d486cf2414cac1747f91b
3322Author: Brad Spengler <spender@grsecurity.net>
3323Date: Wed Oct 14 19:54:27 2015 -0400
3324
3325 Update size_overflow hash table
3326
3327 .../size_overflow_plugin/size_overflow_hash.data | 53 +++++++++++++++++--
3328 1 files changed, 47 insertions(+), 6 deletions(-)
3329
3330commit 1d840cc98b8f9b62d3c906ae24385f79c9131e29
3331Author: Brad Spengler <spender@grsecurity.net>
3332Date: Wed Oct 14 19:50:48 2015 -0400
3333
3334 Update size_overflow hash table
3335
3336 .../size_overflow_plugin/size_overflow_hash.data | 1 +
3337 1 files changed, 1 insertions(+), 0 deletions(-)
3338
3339commit fca9b7af6aebd1d80f364d6d849470e917919004
3340Author: Brad Spengler <spender@grsecurity.net>
3341Date: Wed Oct 14 19:47:21 2015 -0400
3342
3343 Update size_overflow hash table
3344
3345 .../size_overflow_plugin/size_overflow_hash.data | 300 ++++++++++++++++----
3346 1 files changed, 244 insertions(+), 56 deletions(-)
3347
3348commit 07cadc277ba83222698c99091c7da2c28275981f
3349Author: Brad Spengler <spender@grsecurity.net>
3350Date: Wed Oct 14 19:39:44 2015 -0400
3351
3352 squelch some informational messages only used by Emese
3353
3354 .../size_overflow_plugin/intentional_overflow.c | 6 +++---
3355 1 files changed, 3 insertions(+), 3 deletions(-)
3356
3357commit 77eeeac20bde1e0ebd72efe0f7b5c52786411bc7
3358Author: Brad Spengler <spender@grsecurity.net>
3359Date: Wed Oct 14 19:15:56 2015 -0400
3360
3361 Re-enable size_overflow
3362
3363 security/Kconfig | 1 -
3364 1 files changed, 0 insertions(+), 1 deletions(-)
3365
3366commit cb8efa1fd63be1bbcf5e585396cc0ed562d0c624
3367Merge: 913cbf6 4c48a7f
3368Author: Brad Spengler <spender@grsecurity.net>
3369Date: Wed Oct 14 17:14:42 2015 -0400
3370
3371 Merge branch 'pax-test' into grsec-test
3372
3373 Conflicts:
3374 tools/gcc/size_overflow_plugin/size_overflow_hash.data
3375
3376commit 4c48a7fc8df9310f994708b42fe1102a2943917c
3377Author: Brad Spengler <spender@grsecurity.net>
3378Date: Wed Oct 14 17:12:54 2015 -0400
3379
3380 Update to pax-linux-4.2.3-test10.patch:
3381 - fixed accidentally dropped csum_partial_copy_generic_to_user entry point for pre-P6 i386 configs, by minipli
3382 - Emese fixed a bunch of false positives with the size overflow plugin, let's see how it goes in the real world :)
3383
3384 arch/x86/include/asm/processor.h | 2 +-
3385 arch/x86/include/asm/ptrace.h | 8 +-
3386 arch/x86/lib/checksum_32.S | 2 +
3387 arch/x86/xen/mmu.c | 2 +-
3388 drivers/ata/libahci.c | 2 +-
3389 drivers/i2c/busses/i2c-diolan-u2c.c | 2 +-
3390 drivers/oprofile/oprofile_files.c | 2 +-
3391 drivers/spi/spidev.c | 2 +-
3392 drivers/tty/n_tty.c | 2 +-
3393 drivers/usb/core/message.c | 6 +-
3394 fs/binfmt_elf.c | 2 +-
3395 fs/ubifs/io.c | 2 +-
3396 include/drm/drm_mm.h | 2 +-
3397 include/linux/completion.h | 12 +-
3398 include/linux/jiffies.h | 10 +-
3399 include/linux/kernel.h | 2 +-
3400 include/linux/mm.h | 2 +-
3401 include/linux/random.h | 4 +-
3402 include/linux/sched.h | 2 +-
3403 include/linux/usb.h | 2 +-
3404 kernel/sched/completion.c | 6 +-
3405 kernel/time/timer.c | 2 +-
3406 lib/bitmap.c | 2 +-
3407 mm/internal.h | 2 +-
3408 net/sunrpc/svcauth_unix.c | 2 +-
3409 .../disable_size_overflow_hash.data |22980 +++++++++++---------
3410 .../insert_size_overflow_asm.c | 7 +
3411 .../size_overflow_plugin/intentional_overflow.c | 10 +-
3412 tools/gcc/size_overflow_plugin/size_overflow.h | 29 +-
3413 .../gcc/size_overflow_plugin/size_overflow_debug.c | 20 +-
3414 .../size_overflow_plugin/size_overflow_hash.data |14092 ++++++++----
3415 tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 252 +-
3416 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
3417 .../size_overflow_plugin_hash.c | 13 +-
3418 .../size_overflow_plugin/size_overflow_transform.c | 205 +-
3419 .../size_overflow_transform_core.c | 4 +-
3420 36 files changed, 21958 insertions(+), 15740 deletions(-)
3421
3422commit 913cbf6a23fcad570b776b1a5a71242b909c5c99
3423Author: Dave Kleikamp <dave.kleikamp@oracle.com>
3424Date: Mon Oct 5 10:08:51 2015 -0500
3425
3426 crypto: sparc - initialize blkcipher.ivsize
3427
3428 Some of the crypto algorithms write to the initialization vector,
3429 but no space has been allocated for it. This clobbers adjacent memory.
3430
3431 Cc: stable@vger.kernel.org
3432 Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
3433 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3434
3435 arch/sparc/crypto/aes_glue.c | 2 ++
3436 arch/sparc/crypto/camellia_glue.c | 1 +
3437 arch/sparc/crypto/des_glue.c | 2 ++
3438 3 files changed, 5 insertions(+), 0 deletions(-)
3439
ebfb31c7
PK		 3440commit 7af7ad1e287067b7ea659dc0dd3e2e355588e246
3441Author: Brad Spengler <spender@grsecurity.net>
3442Date: Tue Oct 13 08:03:51 2015 -0400
3443
3444 Apply fix by Tejun Heo for upstream bug reported on the forums by Fuxino:
3445 https://forums.grsecurity.net/viewtopic.php?f=3&t=4276#p15570
3446
3447 Probably made more easily reproducible via SANITIZE, but we won't know for
3448 sure without a full oops report.
3449
3450 For some reason even though this patch was marked for 4.2+ stable over a month
3451 ago, it still hasn't hit Greg's tree.
3452
3453 block/blk-cgroup.c | 3 +++
3454 1 files changed, 3 insertions(+), 0 deletions(-)
3455
3456commit 8e1f29f9e1af36f71d12213ea6530eb77014c00c
3457Author: Dmitry Vyukov <dvyukov@google.com>
3458Date: Thu Sep 17 17:17:10 2015 +0200
3459
3460 tty: fix data race on tty_buffer.commit
3461
3462 Race on buffer data happens when newly committed data is
3463 picked up by an old flush work in the following scenario:
3464 __tty_buffer_request_room does a plain write of tail->commit,
3465 no barriers were executed before that.
3466 At this point flush_to_ldisc reads this new value of commit,
3467 and reads buffer data, no barriers in between.
3468 The committed buffer data is not necessary visible to flush_to_ldisc.
3469
3470 Similar bug happens when tty_schedule_flip commits data.
3471
3472 Update commit with smp_store_release and read commit with
3473 smp_load_acquire, as it is commit that signals data readiness.
3474 This is orthogonal to the existing synchronization on tty_buffer.next,
3475 which is required to not dismiss a buffer with unconsumed data.
3476
3477 The data race was found with KernelThreadSanitizer (KTSAN).
3478
3479 Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
3480 Reviewed-by: Peter Hurley <peter@hurleysoftware.com>
3481 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
3482
3483 drivers/tty/tty_buffer.c | 15 ++++++++++++---
3484 1 files changed, 12 insertions(+), 3 deletions(-)
3485
3486commit d62db216e7182e24317596471c1a3a2a9fb9d1f5
3487Author: Peter Hurley <peter@hurleysoftware.com>
3488Date: Sun Jul 12 20:50:49 2015 -0400
3489
3490 tty: Replace smp_rmb/smp_wmb with smp_load_acquire/smp_store_release
3491
3492 Clarify flip buffer producer/consumer operation; the use of
3493 smp_load_acquire() and smp_store_release() more clearly indicates
3494 which memory access requires a barrier.
3495
3496 Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
3497 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
3498
3499 drivers/tty/tty_buffer.c | 10 ++++------
3500 1 files changed, 4 insertions(+), 6 deletions(-)
3501
3502commit c6bbe8a6097f869b6a3d3c40d456727180573dd9
3503Author: Kosuke Tatsukawa <tatsu@ab.jp.nec.com>
3504Date: Fri Oct 2 08:27:05 2015 +0000
3505
3506 tty: fix stall caused by missing memory barrier in drivers/tty/n_tty.c
3507
3508 My colleague ran into a program stall on a x86_64 server, where
3509 n_tty_read() was waiting for data even if there was data in the buffer
3510 in the pty. kernel stack for the stuck process looks like below.
3511 #0 [ffff88303d107b58] __schedule at ffffffff815c4b20
3512 #1 [ffff88303d107bd0] schedule at ffffffff815c513e
3513 #2 [ffff88303d107bf0] schedule_timeout at ffffffff815c7818
3514 #3 [ffff88303d107ca0] wait_woken at ffffffff81096bd2
3515 #4 [ffff88303d107ce0] n_tty_read at ffffffff8136fa23
3516 #5 [ffff88303d107dd0] tty_read at ffffffff81368013
3517 #6 [ffff88303d107e20] __vfs_read at ffffffff811a3704
3518 #7 [ffff88303d107ec0] vfs_read at ffffffff811a3a57
3519 #8 [ffff88303d107f00] sys_read at ffffffff811a4306
3520 #9 [ffff88303d107f50] entry_SYSCALL_64_fastpath at ffffffff815c86d7
3521
3522 There seems to be two problems causing this issue.
3523
3524 First, in drivers/tty/n_tty.c, __receive_buf() stores the data and
3525 updates ldata->commit_head using smp_store_release() and then checks
3526 the wait queue using waitqueue_active(). However, since there is no
3527 memory barrier, __receive_buf() could return without calling
3528 wake_up_interactive_poll(), and at the same time, n_tty_read() could
3529 start to wait in wait_woken() as in the following chart.
3530
3531 __receive_buf() n_tty_read()
3532 ------------------------------------------------------------------------
3533 if (waitqueue_active(&tty->read_wait))
3534 /* Memory operations issued after the
3535 RELEASE may be completed before the
3536 RELEASE operation has completed */
3537 add_wait_queue(&tty->read_wait, &wait);
3538 ...
3539 if (!input_available_p(tty, 0)) {
3540 smp_store_release(&ldata->commit_head,
3541 ldata->read_head);
3542 ...
3543 timeout = wait_woken(&wait,
3544 TASK_INTERRUPTIBLE, timeout);
3545 ------------------------------------------------------------------------
3546
3547 The second problem is that n_tty_read() also lacks a memory barrier
3548 call and could also cause __receive_buf() to return without calling
3549 wake_up_interactive_poll(), and n_tty_read() to wait in wait_woken()
3550 as in the chart below.
3551
3552 __receive_buf() n_tty_read()
3553 ------------------------------------------------------------------------
3554 spin_lock_irqsave(&q->lock, flags);
3555 /* from add_wait_queue() */
3556 ...
3557 if (!input_available_p(tty, 0)) {
3558 /* Memory operations issued after the
3559 RELEASE may be completed before the
3560 RELEASE operation has completed */
3561 smp_store_release(&ldata->commit_head,
3562 ldata->read_head);
3563 if (waitqueue_active(&tty->read_wait))
3564 __add_wait_queue(q, wait);
3565 spin_unlock_irqrestore(&q->lock,flags);
3566 /* from add_wait_queue() */
3567 ...
3568 timeout = wait_woken(&wait,
3569 TASK_INTERRUPTIBLE, timeout);
3570 ------------------------------------------------------------------------
3571
3572 There are also other places in drivers/tty/n_tty.c which have similar
3573 calls to waitqueue_active(), so instead of adding many memory barrier
3574 calls, this patch simply removes the call to waitqueue_active(),
3575 leaving just wake_up*() behind.
3576
3577 This fixes both problems because, even though the memory access before
3578 or after the spinlocks in both wake_up*() and add_wait_queue() can
3579 sneak into the critical section, it cannot go past it and the critical
3580 section assures that they will be serialized (please see "INTER-CPU
3581 ACQUIRING BARRIER EFFECTS" in Documentation/memory-barriers.txt for a
3582 better explanation). Moreover, the resulting code is much simpler.
3583
3584 Latency measurement using a ping-pong test over a pty doesn't show any
3585 visible performance drop.
3586
3587 Signed-off-by: Kosuke Tatsukawa <tatsu@ab.jp.nec.com>
3588 Cc: stable@vger.kernel.org
3589 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
3590
3591 drivers/tty/n_tty.c | 15 +++++----------
3592 1 files changed, 5 insertions(+), 10 deletions(-)
3593
3594commit 3af2011ac1a085a3e8c57ca3a840aec393b37db3
3595Author: Dmitry Vyukov <dvyukov@google.com>
3596Date: Thu Sep 17 17:17:08 2015 +0200
3597
3598 tty: fix data race in flush_to_ldisc
3599
3600 flush_to_ldisc reads port->itty and checks that it is not NULL,
3601 concurrently release_tty sets port->itty to NULL. It is possible
3602 that flush_to_ldisc loads port->itty once, ensures that it is
3603 not NULL, but then reloads it again and uses. The second load
3604 can already return NULL, which will cause a crash.
3605
3606 Use READ_ONCE to read port->itty.
3607
3608 The data race was found with KernelThreadSanitizer (KTSAN).
3609
3610 Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
3611 Reviewed-by: Peter Hurley <peter@hurleysoftware.com>
3612 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
3613
3614 drivers/tty/tty_buffer.c | 2 +-
3615 1 files changed, 1 insertions(+), 1 deletions(-)
3616
3617commit 4a433f384b0a5b7e39f969ee8df89c56537d078d
3618Author: Dmitry Vyukov <dvyukov@google.com>
3619Date: Thu Sep 17 17:17:09 2015 +0200
3620
3621 tty: fix data race in tty_buffer_flush
3622
3623 tty_buffer_flush frees not acquired buffers.
3624 As the result, for example, read of b->size in tty_buffer_free
3625 can return garbage value which will lead to a huge buffer
3626 hanging in the freelist. This is just the benignest
3627 manifestation of freeing of a not acquired object.
3628 If the object is passed to kfree, heap can be corrupted.
3629
3630 Acquire visibility over the buffer before freeing it.
3631
3632 The data race was found with KernelThreadSanitizer (KTSAN).
3633
3634 Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
3635 Reviewed-by: Peter Hurley <peter@hurleysoftware.com>
3636 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
3637
3638 drivers/tty/tty_buffer.c | 5 ++++-
3639 1 files changed, 4 insertions(+), 1 deletions(-)
3640
3641commit 1477c439d65debf45ac3164a1615504131fad1ff
3642Author: Jann Horn <jann@thejh.net>
3643Date: Sun Oct 4 19:29:12 2015 +0200
3644
3645 drivers/tty: require read access for controlling terminal
3646
3647 This is mostly a hardening fix, given that write-only access to other
3648 users' ttys is usually only given through setgid tty executables.
3649
3650 Signed-off-by: Jann Horn <jann@thejh.net>
3651 Cc: stable@vger.kernel.org
3652 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
3653
3654 drivers/tty/tty_io.c | 31 +++++++++++++++++++++++++++----
3655 1 files changed, 27 insertions(+), 4 deletions(-)
3656
3657commit c2d51348729aa244b827216715db7734daf07155
3658Author: Brad Spengler <spender@grsecurity.net>
3659Date: Mon Oct 12 07:19:03 2015 -0400
3660
3661 Don't auto-enable UDEREF on x64 with a VirtualBox host
3662
3663 Conflicts:
3664
3665 security/Kconfig
3666
3667 security/Kconfig | 2 +-
3668 1 files changed, 1 insertions(+), 1 deletions(-)
3669
cf7c63af
PK		 3670commit 45ff0fe97624b7133be6f0280ab8fda4610b7937
3671Merge: ca6828e 1c527d2
3672Author: Brad Spengler <spender@grsecurity.net>
3673Date: Sun Oct 11 17:17:58 2015 -0400
3674
3675 Merge branch 'pax-test' into grsec-test
3676
3677 Conflicts:
3678 arch/x86/mm/pgtable.c
3679
3680commit 1c527d25ad2ece4cdb4723047625d96b942a3b91
3681Author: Brad Spengler <spender@grsecurity.net>
3682Date: Sun Oct 11 17:16:49 2015 -0400
3683
3684 Update to pax-linux-4.2.3-test9.patch:
3685 - really fixed vsyscall/pvclock regression caused by the recent page table hardening, reported by kamil (https://forums.grsecurity.net/viewtopic.php?f=3&t=4272) and quasar366 (https://forums.grsecurity.net/viewtopic.php?f=3&t=4275)
3686 - fixed a compilation error caused by the above regression, reported by spender
3687 - fixed an arm compilation error, reported by Emese
3688
3689 arch/arm/kernel/module-plts.c | 7 +------
3690 arch/x86/mm/pgtable.c | 21 +++++++++++++++++++--
3691 2 files changed, 20 insertions(+), 8 deletions(-)
3692
3693commit ca6828e73b10b4a7537b16a37c2c0280523171e1
3694Author: Trond Myklebust <trond.myklebust@primarydata.com>
3695Date: Fri Oct 9 13:44:34 2015 -0400
3696
3697 namei: results of d_is_negative() should be checked after dentry revalidation
3698
3699 Leandro Awa writes:
3700 "After switching to version 4.1.6, our parallelized and distributed
3701 workflows now fail consistently with errors of the form:
3702
3703 T34: ./regex.c:39:22: error: config.h: No such file or directory
3704
3705 From our 'git bisect' testing, the following commit appears to be the
3706 possible cause of the behavior we've been seeing: commit 766c4cbfacd8"
3707
3708 Al Viro says:
3709 "What happens is that 766c4cbfacd8 got the things subtly wrong.
3710
3711 We used to treat d_is_negative() after lookup_fast() as "fall with
3712 ENOENT". That was wrong - checking ->d_flags outside of ->d_seq
3713 protection is unreliable and failing with hard error on what should've
3714 fallen back to non-RCU pathname resolution is a bug.
3715
3716 Unfortunately, we'd pulled the test too far up and ran afoul of
3717 another kind of staleness. The dentry might have been absolutely
3718 stable from the RCU point of view (and we might be on UP, etc), but
3719 stale from the remote fs point of view. If ->d_revalidate() returns
3720 "it's actually stale", dentry gets thrown away and the original code
3721 wouldn't even have looked at its ->d_flags.
3722
3723 What we need is to check ->d_flags where 766c4cbfacd8 does (prior to
3724 ->d_seq validation) but only use the result in cases where we do not
3725 discard this dentry outright"
3726
3727 Reported-by: Leandro Awa <lawa@nvidia.com>
3728 Link: https://bugzilla.kernel.org/show_bug.cgi?id=104911
3729 Fixes: 766c4cbfacd8 ("namei: d_is_negative() should be checked...")
3730 Tested-by: Leandro Awa <lawa@nvidia.com>
3731 Cc: stable@vger.kernel.org # v4.1+
3732 Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
3733 Acked-by: Al Viro <viro@zeniv.linux.org.uk>
3734 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3735
3736 fs/namei.c | 8 ++++++--
3737 1 files changed, 6 insertions(+), 2 deletions(-)
3738
3739commit c0181260ce096a814637ad60e45a64c94840fffa
3740Author: Matt Fleming <matt.fleming@intel.com>
3741Date: Fri Sep 25 23:02:18 2015 +0100
3742
3743 x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime, instead of top-down
3744
3745 Beginning with UEFI v2.5 EFI_PROPERTIES_TABLE was introduced
3746 that signals that the firmware PE/COFF loader supports splitting
3747 code and data sections of PE/COFF images into separate EFI
3748 memory map entries. This allows the kernel to map those regions
3749 with strict memory protections, e.g. EFI_MEMORY_RO for code,
3750 EFI_MEMORY_XP for data, etc.
3751
3752 Unfortunately, an unwritten requirement of this new feature is
3753 that the regions need to be mapped with the same offsets
3754 relative to each other as observed in the EFI memory map. If
3755 this is not done crashes like this may occur,
3756
3757 BUG: unable to handle kernel paging request at fffffffefe6086dd
3758 IP: [<fffffffefe6086dd>] 0xfffffffefe6086dd
3759 Call Trace:
3760 [<ffffffff8104c90e>] efi_call+0x7e/0x100
3761 [<ffffffff81602091>] ? virt_efi_set_variable+0x61/0x90
3762 [<ffffffff8104c583>] efi_delete_dummy_variable+0x63/0x70
3763 [<ffffffff81f4e4aa>] efi_enter_virtual_mode+0x383/0x392
3764 [<ffffffff81f37e1b>] start_kernel+0x38a/0x417
3765 [<ffffffff81f37495>] x86_64_start_reservations+0x2a/0x2c
3766 [<ffffffff81f37582>] x86_64_start_kernel+0xeb/0xef
3767
3768 Here 0xfffffffefe6086dd refers to an address the firmware
3769 expects to be mapped but which the OS never claimed was mapped.
3770 The issue is that included in these regions are relative
3771 addresses to other regions which were emitted by the firmware
3772 toolchain before the "splitting" of sections occurred at
3773 runtime.
3774
3775 Needless to say, we don't satisfy this unwritten requirement on
3776 x86_64 and instead map the EFI memory map entries in reverse
3777 order. The above crash is almost certainly triggerable with any
3778 kernel newer than v3.13 because that's when we rewrote the EFI
3779 runtime region mapping code, in commit d2f7cbe7b26a ("x86/efi:
3780 Runtime services virtual mapping"). For kernel versions before
3781 v3.13 things may work by pure luck depending on the
3782 fragmentation of the kernel virtual address space at the time we
3783 map the EFI regions.
3784
3785 Instead of mapping the EFI memory map entries in reverse order,
3786 where entry N has a higher virtual address than entry N+1, map
3787 them in the same order as they appear in the EFI memory map to
3788 preserve this relative offset between regions.
3789
3790 This patch has been kept as small as possible with the intention
3791 that it should be applied aggressively to stable and
3792 distribution kernels. It is very much a bugfix rather than
3793 support for a new feature, since when EFI_PROPERTIES_TABLE is
3794 enabled we must map things as outlined above to even boot - we
3795 have no way of asking the firmware not to split the code/data
3796 regions.
3797
3798 In fact, this patch doesn't even make use of the more strict
3799 memory protections available in UEFI v2.5. That will come later.
3800
3801 Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
3802 Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
3803 Signed-off-by: Matt Fleming <matt.fleming@intel.com>
3804 Cc: <stable@vger.kernel.org>
3805 Cc: Borislav Petkov <bp@suse.de>
3806 Cc: Chun-Yi <jlee@suse.com>
3807 Cc: Dave Young <dyoung@redhat.com>
3808 Cc: H. Peter Anvin <hpa@zytor.com>
3809 Cc: James Bottomley <JBottomley@Odin.com>
3810 Cc: Lee, Chun-Yi <jlee@suse.com>
3811 Cc: Leif Lindholm <leif.lindholm@linaro.org>
3812 Cc: Linus Torvalds <torvalds@linux-foundation.org>
3813 Cc: Matthew Garrett <mjg59@srcf.ucam.org>
3814 Cc: Mike Galbraith <efault@gmx.de>
3815 Cc: Peter Jones <pjones@redhat.com>
3816 Cc: Peter Zijlstra <peterz@infradead.org>
3817 Cc: Thomas Gleixner <tglx@linutronix.de>
3818 Cc: linux-kernel@vger.kernel.org
3819 Link: http://lkml.kernel.org/r/1443218539-7610-2-git-send-email-matt@codeblueprint.co.uk
3820 Signed-off-by: Ingo Molnar <mingo@kernel.org>
3821
3822 arch/x86/platform/efi/efi.c | 67 ++++++++++++++++++++++++++++++++++++++++++-
3823 1 files changed, 66 insertions(+), 1 deletions(-)
3824
3825commit 9377caab146791c8c587da3750d6eddcd01bdfba
3826Author: Ard Biesheuvel <ard.biesheuvel@linaro.org>
3827Date: Fri Sep 25 23:02:19 2015 +0100
3828
3829 arm64/efi: Fix boot crash by not padding between EFI_MEMORY_RUNTIME regions
3830
3831 The new Properties Table feature introduced in UEFIv2.5 may
3832 split memory regions that cover PE/COFF memory images into
3833 separate code and data regions. Since these regions only differ
3834 in the type (runtime code vs runtime data) and the permission
3835 bits, but not in the memory type attributes (UC/WC/WT/WB), the
3836 spec does not require them to be aligned to 64 KB.
3837
3838 Since the relative offset of PE/COFF .text and .data segments
3839 cannot be changed on the fly, this means that we can no longer
3840 pad out those regions to be mappable using 64 KB pages.
3841 Unfortunately, there is no annotation in the UEFI memory map
3842 that identifies data regions that were split off from a code
3843 region, so we must apply this logic to all adjacent runtime
3844 regions whose attributes only differ in the permission bits.
3845
3846 So instead of rounding each memory region to 64 KB alignment at
3847 both ends, only round down regions that are not directly
3848 preceded by another runtime region with the same type
3849 attributes. Since the UEFI spec does not mandate that the memory
3850 map be sorted, this means we also need to sort it first.
3851
3852 Note that this change will result in all EFI_MEMORY_RUNTIME
3853 regions whose start addresses are not aligned to the OS page
3854 size to be mapped with executable permissions (i.e., on kernels
3855 compiled with 64 KB pages). However, since these mappings are
3856 only active during the time that UEFI Runtime Services are being
3857 invoked, the window for abuse is rather small.
3858
3859 Tested-by: Mark Salter <msalter@redhat.com>
3860 Tested-by: Mark Rutland <mark.rutland@arm.com> [UEFI 2.4 only]
3861 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
3862 Signed-off-by: Matt Fleming <matt.fleming@intel.com>
3863 Reviewed-by: Mark Salter <msalter@redhat.com>
3864 Reviewed-by: Mark Rutland <mark.rutland@arm.com>
3865 Cc: <stable@vger.kernel.org> # v4.0+
3866 Cc: Catalin Marinas <catalin.marinas@arm.com>
3867 Cc: Leif Lindholm <leif.lindholm@linaro.org>
3868 Cc: Linus Torvalds <torvalds@linux-foundation.org>
3869 Cc: Mike Galbraith <efault@gmx.de>
3870 Cc: Peter Zijlstra <peterz@infradead.org>
3871 Cc: Thomas Gleixner <tglx@linutronix.de>
3872 Cc: Will Deacon <will.deacon@arm.com>
3873 Cc: linux-kernel@vger.kernel.org
3874 Link: http://lkml.kernel.org/r/1443218539-7610-3-git-send-email-matt@codeblueprint.co.uk
3875 Signed-off-by: Ingo Molnar <mingo@kernel.org>
3876
3877 arch/arm64/kernel/efi.c | 3 +-
3878 drivers/firmware/efi/libstub/arm-stub.c | 88 +++++++++++++++++++++++++-----
3879 2 files changed, 75 insertions(+), 16 deletions(-)
3880
3881commit 189124f1e733622c44d72060832af3c68d7ee8bc
3882Author: Ralf Baechle <ralf@linux-mips.org>
3883Date: Fri Oct 2 09:48:57 2015 +0200
3884
3885 MIPS: BPF: Fix load delay slots.
3886
3887 The entire bpf_jit_asm.S is written in noreorder mode because "we know
3888 better" according to a comment. This also prevented the assembler from
3889 throwing in the required NOPs for MIPS I processors which have no
3890 load-use interlock, thus the load's consumer might end up using the
3891 old value of the register from prior to the load.
3892
3893 Fixed by putting the assembler in reorder mode for just the affected
3894 load instructions. This is not enough for gas to actually try to be
3895 clever by looking at the next instruction and inserting a nop only
3896 when needed but as the comment said "we know better", so getting gas
3897 to unconditionally emit a NOP is just right in this case and prevents
3898 adding further ifdefery.
3899
3900 Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
3901
3902 arch/mips/net/bpf_jit_asm.S | 4 ++++
3903 1 files changed, 4 insertions(+), 0 deletions(-)
3904
3905commit b4b012d6599fbc3c6e81f0a03cd59eb9f0095ed8
3906Author: Lee, Chun-Yi <joeyli.kernel@gmail.com>
3907Date: Tue Sep 29 20:58:57 2015 +0800
3908
3909 x86/kexec: Fix kexec crash in syscall kexec_file_load()
3910
3911 The original bug is a page fault crash that sometimes happens
3912 on big machines when preparing ELF headers:
3913
3914 BUG: unable to handle kernel paging request at ffffc90613fc9000
3915 IP: [<ffffffff8103d645>] prepare_elf64_ram_headers_callback+0x165/0x260
3916
3917 The bug is caused by us under-counting the number of memory ranges
3918 and subsequently not allocating enough ELF header space for them.
3919 The bug is typically masked on smaller systems, because the ELF header
3920 allocation is rounded up to the next page.
3921
3922 This patch modifies the code in fill_up_crash_elf_data() by using
3923 walk_system_ram_res() instead of walk_system_ram_range() to correctly
3924 count the max number of crash memory ranges. That's because the
3925 walk_system_ram_range() filters out small memory regions that
3926 reside in the same page, but walk_system_ram_res() does not.
3927
3928 Here's how I found the bug:
3929
3930 After tracing prepare_elf64_headers() and prepare_elf64_ram_headers_callback(),
3931 the code uses walk_system_ram_res() to fill-in crash memory regions information
3932 to the program header, so it counts those small memory regions that
3933 reside in a page area.
3934
3935 But, when the kernel was using walk_system_ram_range() in
3936 fill_up_crash_elf_data() to count the number of crash memory regions,
3937 it filters out small regions.
3938
3939 I printed those small memory regions, for example:
3940
3941 kexec: Get nr_ram ranges. vaddr=0xffff880077592258 paddr=0x77592258, sz=0xdc0
3942
3943 Based on the code in walk_system_ram_range(), this memory region
3944 will be filtered out:
3945
3946 pfn = (0x77592258 + 0x1000 - 1) >> 12 = 0x77593
3947 end_pfn = (0x77592258 + 0xfc0 -1 + 1) >> 12 = 0x77593
3948 end_pfn - pfn = 0x77593 - 0x77593 = 0 <=== if (end_pfn > pfn) is FALSE
3949
3950 So, the max_nr_ranges that's counted by the kernel doesn't include
3951 small memory regions - causing us to under-allocate the required space.
3952 That causes the page fault crash that happens in a later code path
3953 when preparing ELF headers.
3954
3955 This bug is not easy to reproduce on small machines that have few
3956 CPUs, because the allocated page aligned ELF buffer has more free
3957 space to cover those small memory regions' PT_LOAD headers.
3958
3959 Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
3960 Cc: Andy Lutomirski <luto@kernel.org>
3961 Cc: Baoquan He <bhe@redhat.com>
3962 Cc: Jiang Liu <jiang.liu@linux.intel.com>
3963 Cc: Linus Torvalds <torvalds@linux-foundation.org>
3964 Cc: Mike Galbraith <efault@gmx.de>
3965 Cc: Peter Zijlstra <peterz@infradead.org>
3966 Cc: Stephen Rothwell <sfr@canb.auug.org.au>
3967 Cc: Takashi Iwai <tiwai@suse.de>
3968 Cc: Thomas Gleixner <tglx@linutronix.de>
3969 Cc: Viresh Kumar <viresh.kumar@linaro.org>
3970 Cc: Vivek Goyal <vgoyal@redhat.com>
3971 Cc: kexec@lists.infradead.org
3972 Cc: linux-kernel@vger.kernel.org
3973 Cc: <stable@vger.kernel.org>
3974 Link: http://lkml.kernel.org/r/1443531537-29436-1-git-send-email-jlee@suse.com
3975 Signed-off-by: Ingo Molnar <mingo@kernel.org>
3976
3977 arch/x86/kernel/crash.c | 7 +++----
3978 1 files changed, 3 insertions(+), 4 deletions(-)
3979
3980commit bf91f1e0162bdd27ebd1411090a81fd9188daa4f
3981Author: Elad Raz <eladr@mellanox.com>
3982Date: Sat Aug 22 08:44:11 2015 +0300
3983
3984 netfilter: ipset: Fixing unnamed union init
3985
3986 In continue to proposed Vinson Lee's post [1], this patch fixes compilation
3987 issues founded at gcc 4.4.7. The initialization of .cidr field of unnamed
3988 unions causes compilation error in gcc 4.4.x.
3989
3990 References
3991
3992 Visible links
3993 [1] https://lkml.org/lkml/2015/7/5/74
3994
3995 Signed-off-by: Elad Raz <eladr@mellanox.com>
3996 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
3997
3998 net/netfilter/ipset/ip_set_hash_netnet.c | 20 ++++++++++++++++++--
3999 net/netfilter/ipset/ip_set_hash_netportnet.c | 20 ++++++++++++++++++--
4000 2 files changed, 36 insertions(+), 4 deletions(-)
4001
40d5ff9e
PK		 4002commit fed13a5012b8d7e87a6f9efa2e40e0be28eaecd9
4003Author: Brad Spengler <spender@grsecurity.net>
4004Date: Fri Oct 9 23:12:43 2015 -0400
4005
4006 compile fix
4007
4008 arch/x86/mm/pgtable.c | 2 ++
4009 1 files changed, 2 insertions(+), 0 deletions(-)
4010
4011commit 58edc15a668a6dd90b3f66abc84b509f8fba7505
4012Author: Daniel Borkmann <daniel@iogearbox.net>
4013Date: Mon Aug 31 19:11:02 2015 +0200
4014
4015 netfilter: conntrack: use nf_ct_tmpl_free in CT/synproxy error paths
4016
4017 Commit 0838aa7fcfcd ("netfilter: fix netns dependencies with conntrack
4018 templates") migrated templates to the new allocator api, but forgot to
4019 update error paths for them in CT and synproxy to use nf_ct_tmpl_free()
4020 instead of nf_conntrack_free().
4021
4022 Due to that, memory is being freed into the wrong kmemcache, but also
4023 we drop the per net reference count of ct objects causing an imbalance.
4024
4025 In Brad's case, this leads to a wrap-around of net->ct.count and thus
4026 lets __nf_conntrack_alloc() refuse to create a new ct object:
4027
4028 [ 10.340913] xt_addrtype: ipv6 does not support BROADCAST matching
4029 [ 10.810168] nf_conntrack: table full, dropping packet
4030 [ 11.917416] r8169 0000:07:00.0 eth0: link up
4031 [ 11.917438] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
4032 [ 12.815902] nf_conntrack: table full, dropping packet
4033 [ 15.688561] nf_conntrack: table full, dropping packet
4034 [ 15.689365] nf_conntrack: table full, dropping packet
4035 [ 15.690169] nf_conntrack: table full, dropping packet
4036 [ 15.690967] nf_conntrack: table full, dropping packet
4037 [...]
4038
4039 With slab debugging, it also reports the wrong kmemcache (kmalloc-512 vs.
4040 nf_conntrack_ffffffff81ce75c0) and reports poison overwrites, etc. Thus,
4041 to fix the problem, export and use nf_ct_tmpl_free() instead.
4042
4043 Fixes: 0838aa7fcfcd ("netfilter: fix netns dependencies with conntrack templates")
4044 Reported-by: Brad Jackson <bjackson0971@gmail.com>
4045 Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
4046 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
4047
4048 include/net/netfilter/nf_conntrack.h | 1 +
4049 net/netfilter/nf_conntrack_core.c | 3 ++-
4050 net/netfilter/nf_synproxy_core.c | 2 +-
4051 net/netfilter/xt_CT.c | 2 +-
4052 4 files changed, 5 insertions(+), 3 deletions(-)
4053
4054commit 37d26e44573aaa9c3b1f0c36ec9d4bddc008fc03
4055Author: Brad Spengler <spender@grsecurity.net>
4056Date: Fri Oct 9 18:22:54 2015 -0400
4057
4058 Fix BUG() in scatterwalk_map_and_copy caused by virt_to_page being
4059 called on the KSTACKOVERFLOW's vmalloc'd stack. Thanks to
4060 Yves-Alexis Perez for the report
4061
4062 crypto/scatterwalk.c | 10 ++++++++--
4063 1 files changed, 8 insertions(+), 2 deletions(-)
4064
4065commit 8137d53d2b60023587a48004f0b67946ed6db4a8
4066Merge: 147420b a9c991f
4067Author: Brad Spengler <spender@grsecurity.net>
4068Date: Fri Oct 9 18:20:32 2015 -0400
4069
4070 Merge branch 'pax-test' into grsec-test
4071
4072commit a9c991f727bb8daf15838296e301683791c17071
4073Author: Brad Spengler <spender@grsecurity.net>
4074Date: Fri Oct 9 18:20:07 2015 -0400
4075
4076 Update to pax-linux-4.2.3-test8.patch:
4077 - fixed vsyscall/pvclock regression caused by the recent page table hardening, reported by kamil (https://forums.grsecurity.net/viewtopic.php?f=3&t=4272)
4078
4079 arch/x86/kernel/espfix_64.c | 4 +---
4080 arch/x86/kernel/kvmclock.c | 20 ++++++--------------
4081 arch/x86/mm/highmem_32.c | 2 ++
4082 arch/x86/mm/pgtable.c | 33 +++++++++++++++++++++++++++++++++
4083 4 files changed, 42 insertions(+), 17 deletions(-)
4084
4085commit 147420b0f00c7f20f354e1dfa460b904a3af432b
4086Author: Brad Spengler <spender@grsecurity.net>
4087Date: Fri Oct 9 08:54:24 2015 -0400
4088
4089 Properly fix the bug reported at:
4090 https://code.google.com/p/android/issues/detail?id=187973
4091
4092 drivers/net/slip/slhc.c | 3 +++
4093 1 files changed, 3 insertions(+), 0 deletions(-)
4094
afe359a8
PK		 4095commit 4918a68ea80e1185ec8f3a94d3a2210552ed0bb5
4096Merge: 4e736d9 7e02f35
0a9c1e67 4097Author: Brad Spengler <spender@grsecurity.net>
afe359a8 4098Date: Wed Oct 7 20:57:21 2015 -0400
0a9c1e67 4099
afe359a8 4100 Merge branch 'pax-test' into grsec-test
ee1b9a5f 4101
da1216b9 4102 Conflicts:
afe359a8 4103 arch/x86/kernel/espfix_64.c
da1216b9 4104
afe359a8
PK		 4105commit 7e02f35880fd6bdb2f4e7ba07a13d6df1d121008
4106Author: Brad Spengler <spender@grsecurity.net>
4107Date: Wed Oct 7 20:54:36 2015 -0400
da1216b9 4108
afe359a8
PK		 4109 Update to pax-linux-4.2.3-test7.patch:
4110 - backported vanilla commits b763ec17ac762470eec5be8ebcc43e4f8b2c2b82 and 176fc2d5770a0990eebff903ba680d2edd32e718
4111 - constified a few more page tables for ESPFIX/amd64
4112 - fixed xen and the recently added level1_modules_pgt page tables on amd64
ee1b9a5f 4113
afe359a8
PK		 4114 arch/x86/include/asm/pgtable_64.h | 1 +
4115 arch/x86/kernel/espfix_64.c | 35 +++++++++++++++++++++++----------
4116 arch/x86/xen/mmu.c | 4 +++
4117 drivers/base/regmap/regmap-debugfs.c | 14 +++++-------
4118 4 files changed, 35 insertions(+), 19 deletions(-)
ee1b9a5f 4119
afe359a8
PK		 4120commit 4e736d9e568f6cc0d08dfe7519abf9a5d58a5418
4121Author: Robin Murphy <robin.murphy@arm.com>
4122Date: Thu Oct 1 15:37:19 2015 -0700
ee1b9a5f 4123
afe359a8 4124 dmapool: fix overflow condition in pool_find_page()
ee1b9a5f 4125
afe359a8
PK		 4126 If a DMA pool lies at the very top of the dma_addr_t range (as may
4127 happen with an IOMMU involved), the calculated end address of the pool
4128 wraps around to zero, and page lookup always fails.
ee1b9a5f 4129
afe359a8 4130 Tweak the relevant calculation to be overflow-proof.
da1216b9 4131
afe359a8
PK		 4132 Signed-off-by: Robin Murphy <robin.murphy@arm.com>
4133 Cc: Arnd Bergmann <arnd@arndb.de>
4134 Cc: Marek Szyprowski <m.szyprowski@samsung.com>
4135 Cc: Sumit Semwal <sumit.semwal@linaro.org>
4136 Cc: Sakari Ailus <sakari.ailus@iki.fi>
4137 Cc: Russell King <rmk+kernel@arm.linux.org.uk>
da1216b9
PK		 4138 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
4139 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
ee1b9a5f 4140
afe359a8 4141 mm/dmapool.c | 2 +-
578d7714
PK		 4142 1 files changed, 1 insertions(+), 1 deletions(-)
4143
afe359a8
PK		 4144commit 96a101a9b4208a6e5f2a0db7599881142e70ba43
4145Author: Greg Thelen <gthelen@google.com>
4146Date: Thu Oct 1 15:37:05 2015 -0700
578d7714 4147
afe359a8 4148 memcg: make mem_cgroup_read_stat() unsigned
da1216b9 4149
afe359a8
PK		 4150 mem_cgroup_read_stat() returns a page count by summing per cpu page
4151 counters. The summing is racy wrt. updates, so a transient negative
4152 sum is possible. Callers don't want negative values:
578d7714 4153
afe359a8
PK		 4154 - mem_cgroup_wb_stats() doesn't want negative nr_dirty or nr_writeback.
4155 This could confuse dirty throttling.
da1216b9 4156
afe359a8 4157 - oom reports and memory.stat shouldn't show confusing negative usage.
da1216b9 4158
afe359a8 4159 - tree_usage() already avoids negatives.
da1216b9 4160
afe359a8
PK		 4161 Avoid returning negative page counts from mem_cgroup_read_stat() and
4162 convert it to unsigned.
da1216b9 4163
afe359a8
PK		 4164 [akpm@linux-foundation.org: fix old typo while we're in there]
4165 Signed-off-by: Greg Thelen <gthelen@google.com>
4166 Cc: Johannes Weiner <hannes@cmpxchg.org>
4167 Acked-by: Michal Hocko <mhocko@suse.com>
4168 Cc: <stable@vger.kernel.org> [4.2+]
4169 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
4170 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
eeed91c5 4171
afe359a8
PK		 4172 mm/memcontrol.c | 30 ++++++++++++++++++------------
4173 1 files changed, 18 insertions(+), 12 deletions(-)
eeed91c5 4174
afe359a8 4175commit b7808c46650d5f4c09f071566de991af36eb9d37
da1216b9 4176Author: Daniel Borkmann <daniel@iogearbox.net>
afe359a8
PK		 4177Date: Fri Oct 2 12:06:03 2015 +0200
4178
4179 bpf: fix panic in SO_GET_FILTER with native ebpf programs
4180
4181 When sockets have a native eBPF program attached through
4182 setsockopt(sk, SOL_SOCKET, SO_ATTACH_BPF, ...), and then try to
4183 dump these over getsockopt(sk, SOL_SOCKET, SO_GET_FILTER, ...),
4184 the following panic appears:
4185
4186 [49904.178642] BUG: unable to handle kernel NULL pointer dereference at (null)
4187 [49904.178762] IP: [<ffffffff81610fd9>] sk_get_filter+0x39/0x90
4188 [49904.182000] PGD 86fc9067 PUD 531a1067 PMD 0
4189 [49904.185196] Oops: 0000 [#1] SMP
4190 [...]
4191 [49904.224677] Call Trace:
4192 [49904.226090] [<ffffffff815e3d49>] sock_getsockopt+0x319/0x740
4193 [49904.227535] [<ffffffff812f59e3>] ? sock_has_perm+0x63/0x70
4194 [49904.228953] [<ffffffff815e2fc8>] ? release_sock+0x108/0x150
4195 [49904.230380] [<ffffffff812f5a43>] ? selinux_socket_getsockopt+0x23/0x30
4196 [49904.231788] [<ffffffff815dff36>] SyS_getsockopt+0xa6/0xc0
4197 [49904.233267] [<ffffffff8171b9ae>] entry_SYSCALL_64_fastpath+0x12/0x71
4198
4199 The underlying issue is the very same as in commit b382c0865600
4200 ("sock, diag: fix panic in sock_diag_put_filterinfo"), that is,
4201 native eBPF programs don't store an original program since this
4202 is only needed in cBPF ones.
4203
4204 However, sk_get_filter() wasn't updated to test for this at the
4205 time when eBPF could be attached. Just throw an error to the user
4206 to indicate that eBPF cannot be dumped over this interface.
4207 That way, it can also be known that a program _is_ attached (as
4208 opposed to just return 0), and a different (future) method needs
4209 to be consulted for a dump.
4210
4211 Fixes: 89aa075832b0 ("net: sock: allow eBPF programs to be attached to sockets")
da1216b9 4212 Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
afe359a8 4213 Acked-by: Alexei Starovoitov <ast@plumgrid.com>
da1216b9 4214 Signed-off-by: David S. Miller <davem@davemloft.net>
32ca80f1 4215
afe359a8
PK		 4216 net/core/filter.c | 6 +++++-
4217 1 files changed, 5 insertions(+), 1 deletions(-)
32ca80f1 4218
afe359a8
PK		 4219commit 40853c884afb5fc2dcb9f7fc34ef446162566fcc
4220Author: Steve French <smfrench@gmail.com>
4221Date: Mon Sep 28 17:21:07 2015 -0500
32ca80f1 4222
afe359a8 4223 [SMB3] Do not fall back to SMBWriteX in set_file_size error cases
e1f904d0 4224
afe359a8 4225 The error paths in set_file_size for cifs and smb3 are incorrect.
e1f904d0 4226
afe359a8
PK		 4227 In the unlikely event that a server did not support set file info
4228 of the file size, the code incorrectly falls back to trying SMBWriteX
4229 (note that only the original core SMB Write, used for example by DOS,
4230 can set the file size this way - this actually does not work for the more
4231 recent SMBWriteX). The idea was since the old DOS SMB Write could set
4232 the file size if you write zero bytes at that offset then use that if
4233 server rejects the normal set file info call.
da1216b9 4234
afe359a8
PK		 4235 Fortunately the SMBWriteX will never be sent on the wire (except when
4236 file size is zero) since the length and offset fields were reversed
4237 in the two places in this function that call SMBWriteX causing
4238 the fall back path to return an error. It is also important to never call
4239 an SMB request from an SMB2/sMB3 session (which theoretically would
4240 be possible, and can cause a brief session drop, although the client
4241 recovers) so this should be fixed. In practice this path does not happen
4242 with modern servers but the error fall back to SMBWriteX is clearly wrong.
e1f904d0 4243
afe359a8 4244 Removing the calls to SMBWriteX in the error paths in cifs_set_file_size
da1216b9 4245
afe359a8 4246 Pointed out by PaX/grsecurity team
cac6ae42 4247
afe359a8
PK		 4248 Signed-off-by: Steve French <steve.french@primarydata.com>
4249 Reported-by: PaX Team <pageexec@freemail.hu>
4250 CC: Emese Revfy <re.emese@gmail.com>
4251 CC: Brad Spengler <spender@grsecurity.net>
4252 CC: Stable <stable@vger.kernel.org>
3969d2a7 4253
afe359a8
PK		 4254 fs/cifs/inode.c | 34 ----------------------------------
4255 1 files changed, 0 insertions(+), 34 deletions(-)
3969d2a7 4256
afe359a8 4257commit f5fad97c967a08f4a89513969598b1d3c8232a38
3969d2a7 4258Author: Brad Spengler <spender@grsecurity.net>
afe359a8 4259Date: Wed Oct 7 18:22:40 2015 -0400
3969d2a7 4260
afe359a8
PK		 4261 Initial import of grsecurity for Linux 4.2.3
4262 Note that size_overflow is currently marked BROKEN
76e7c0f9 4263
6090327c 4264 Documentation/dontdiff | 2 +
e8242a6d 4265 Documentation/kernel-parameters.txt | 7 +
afe359a8 4266 Documentation/sysctl/kernel.txt | 15 +
a8b227b4 4267 Makefile | 18 +-
6090327c
PK		 4268 arch/alpha/include/asm/cache.h | 4 +-
4269 arch/alpha/kernel/osf_sys.c | 12 +-
4270 arch/arm/Kconfig | 1 +
4271 arch/arm/include/asm/thread_info.h | 9 +-
4272 arch/arm/kernel/process.c | 4 +-
4273 arch/arm/kernel/ptrace.c | 9 +
4274 arch/arm/kernel/traps.c | 7 +-
4275 arch/arm/mm/Kconfig | 2 +-
4276 arch/arm/mm/fault.c | 40 +-
4277 arch/arm/mm/mmap.c | 8 +-
afe359a8 4278 arch/arm/net/bpf_jit_32.c | 51 +-
6090327c
PK		 4279 arch/avr32/include/asm/cache.h | 4 +-
4280 arch/blackfin/include/asm/cache.h | 3 +-
4281 arch/cris/include/arch-v10/arch/cache.h | 3 +-
4282 arch/cris/include/arch-v32/arch/cache.h | 3 +-
4283 arch/frv/include/asm/cache.h | 3 +-
4284 arch/frv/mm/elf-fdpic.c | 4 +-
4285 arch/hexagon/include/asm/cache.h | 6 +-
4286 arch/ia64/Kconfig | 1 +
4287 arch/ia64/include/asm/cache.h | 3 +-
4288 arch/ia64/kernel/sys_ia64.c | 2 +
4289 arch/ia64/mm/hugetlbpage.c | 2 +
4290 arch/m32r/include/asm/cache.h | 4 +-
4291 arch/m68k/include/asm/cache.h | 4 +-
4292 arch/metag/mm/hugetlbpage.c | 1 +
4293 arch/microblaze/include/asm/cache.h | 3 +-
4294 arch/mips/Kconfig | 1 +
4295 arch/mips/include/asm/cache.h | 3 +-
4296 arch/mips/include/asm/thread_info.h | 11 +-
da1216b9 4297 arch/mips/kernel/irq.c | 3 +
6090327c
PK		 4298 arch/mips/kernel/ptrace.c | 9 +
4299 arch/mips/mm/mmap.c | 4 +-
4300 arch/mn10300/proc-mn103e010/include/proc/cache.h | 4 +-
4301 arch/mn10300/proc-mn2ws0050/include/proc/cache.h | 4 +-
4302 arch/openrisc/include/asm/cache.h | 4 +-
4303 arch/parisc/include/asm/cache.h | 5 +-
4304 arch/parisc/kernel/sys_parisc.c | 4 +
4305 arch/powerpc/Kconfig | 1 +
4306 arch/powerpc/include/asm/cache.h | 3 +-
4307 arch/powerpc/include/asm/thread_info.h | 5 +-
4308 arch/powerpc/kernel/Makefile | 2 +
4309 arch/powerpc/kernel/irq.c | 3 +
4310 arch/powerpc/kernel/process.c | 10 +-
4311 arch/powerpc/kernel/ptrace.c | 14 +
4312 arch/powerpc/kernel/traps.c | 5 +
6090327c 4313 arch/powerpc/mm/slice.c | 2 +-
6090327c
PK		 4314 arch/s390/include/asm/cache.h | 4 +-
4315 arch/score/include/asm/cache.h | 4 +-
4316 arch/sh/include/asm/cache.h | 3 +-
4317 arch/sh/mm/mmap.c | 6 +-
4318 arch/sparc/include/asm/cache.h | 4 +-
0986ccbe
PK		 4319 arch/sparc/include/asm/pgalloc_64.h | 1 +
4320 arch/sparc/include/asm/thread_info_64.h | 8 +-
6090327c
PK		 4321 arch/sparc/kernel/process_32.c | 6 +-
4322 arch/sparc/kernel/process_64.c | 8 +-
4323 arch/sparc/kernel/ptrace_64.c | 14 +
4324 arch/sparc/kernel/sys_sparc_64.c | 8 +-
4325 arch/sparc/kernel/syscalls.S | 8 +-
4326 arch/sparc/kernel/traps_32.c | 8 +-
4327 arch/sparc/kernel/traps_64.c | 28 +-
4328 arch/sparc/kernel/unaligned_64.c | 2 +-
4329 arch/sparc/mm/fault_64.c | 2 +-
4330 arch/sparc/mm/hugetlbpage.c | 15 +-
4331 arch/tile/Kconfig | 1 +
4332 arch/tile/include/asm/cache.h | 3 +-
4333 arch/tile/mm/hugetlbpage.c | 2 +
4334 arch/um/include/asm/cache.h | 3 +-
4335 arch/unicore32/include/asm/cache.h | 6 +-
afe359a8
PK		 4336 arch/x86/Kconfig | 21 +
4337 arch/x86/entry/entry_32.S | 2 +-
4338 arch/x86/entry/entry_64.S | 2 +-
6090327c
PK		 4339 arch/x86/ia32/ia32_aout.c | 2 +
4340 arch/x86/include/asm/floppy.h | 20 +-
4341 arch/x86/include/asm/io.h | 2 +-
4342 arch/x86/include/asm/page.h | 12 +-
4343 arch/x86/include/asm/paravirt_types.h | 23 +-
4344 arch/x86/include/asm/processor.h | 2 +-
4345 arch/x86/include/asm/thread_info.h | 8 +-
a8b227b4 4346 arch/x86/kernel/dumpstack.c | 10 +-
6090327c
PK		 4347 arch/x86/kernel/dumpstack_32.c | 2 +-
4348 arch/x86/kernel/dumpstack_64.c | 2 +-
8cf17962 4349 arch/x86/kernel/espfix_64.c | 2 +-
afe359a8 4350 arch/x86/kernel/fpu/init.c | 4 +-
6090327c
PK		 4351 arch/x86/kernel/ioport.c | 13 +
4352 arch/x86/kernel/irq_32.c | 3 +
4353 arch/x86/kernel/irq_64.c | 4 +
afe359a8 4354 arch/x86/kernel/ldt.c | 18 +
6090327c
PK		 4355 arch/x86/kernel/msr.c | 10 +
4356 arch/x86/kernel/ptrace.c | 28 +
4357 arch/x86/kernel/signal.c | 9 +-
4358 arch/x86/kernel/sys_i386_32.c | 9 +-
4359 arch/x86/kernel/sys_x86_64.c | 8 +-
4360 arch/x86/kernel/traps.c | 5 +
4361 arch/x86/kernel/verify_cpu.S | 1 +
4362 arch/x86/kernel/vm86_32.c | 16 +
4363 arch/x86/mm/fault.c | 12 +-
4364 arch/x86/mm/hugetlbpage.c | 15 +-
4365 arch/x86/mm/init.c | 66 +-
4366 arch/x86/mm/init_32.c | 6 +-
0986ccbe 4367 arch/x86/net/bpf_jit_comp.c | 4 +
a8b227b4 4368 arch/x86/platform/efi/efi_64.c | 2 +-
6090327c
PK		 4369 arch/x86/xen/Kconfig | 1 +
4370 arch/xtensa/variants/dc232b/include/variant/core.h | 2 +-
4371 arch/xtensa/variants/fsf/include/variant/core.h | 3 +-
6090327c
PK		 4372 drivers/acpi/acpica/hwxfsleep.c | 11 +-
4373 drivers/acpi/custom_method.c | 4 +
4374 drivers/block/cciss.h | 30 +-
6090327c
PK		 4375 drivers/block/smart1,2.h | 40 +-
4376 drivers/cdrom/cdrom.c | 2 +-
4377 drivers/char/Kconfig | 4 +-
4378 drivers/char/genrtc.c | 1 +
4379 drivers/char/mem.c | 17 +
4380 drivers/char/random.c | 5 +-
4381 drivers/cpufreq/sparc-us3-cpufreq.c | 2 -
4382 drivers/firewire/ohci.c | 4 +
da1216b9
PK		 4383 drivers/gpu/drm/drm_context.c | 50 +-
4384 drivers/gpu/drm/drm_drv.c | 11 +-
4385 drivers/gpu/drm/drm_lock.c | 18 +-
4386 drivers/gpu/drm/i915/i915_dma.c | 2 +
4387 drivers/gpu/drm/nouveau/nouveau_drm.c | 3 +-
6090327c
PK		 4388 drivers/gpu/drm/nouveau/nouveau_ttm.c | 30 +-
4389 drivers/gpu/drm/ttm/ttm_bo_manager.c | 10 +-
afe359a8 4390 drivers/gpu/drm/virtio/virtgpu_ttm.c | 10 +-
6090327c 4391 drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c | 10 +-
6090327c
PK		 4392 drivers/hid/hid-wiimote-debug.c | 2 +-
4393 drivers/infiniband/hw/nes/nes_cm.c | 22 +-
0986ccbe 4394 drivers/iommu/amd_iommu.c | 14 +-
6090327c
PK		 4395 drivers/isdn/gigaset/bas-gigaset.c | 32 +-
4396 drivers/isdn/gigaset/ser-gigaset.c | 32 +-
4397 drivers/isdn/gigaset/usb-gigaset.c | 32 +-
4398 drivers/isdn/i4l/isdn_concap.c | 6 +-
4399 drivers/isdn/i4l/isdn_x25iface.c | 16 +-
a8b227b4
PK		 4400 drivers/md/raid5.c | 8 +
4401 drivers/media/pci/solo6x10/solo6x10-g723.c | 2 +-
6090327c 4402 drivers/media/radio/radio-cadet.c | 5 +-
a8b227b4
PK		 4403 drivers/media/usb/dvb-usb/cinergyT2-core.c | 91 +-
4404 drivers/media/usb/dvb-usb/cinergyT2-fe.c | 182 +-
6090327c
PK		 4405 drivers/media/usb/dvb-usb/dvb-usb-firmware.c | 37 +-
4406 drivers/media/usb/dvb-usb/technisat-usb2.c | 75 +-
4407 drivers/message/fusion/mptbase.c | 9 +
4408 drivers/misc/sgi-xp/xp_main.c | 12 +-
6090327c
PK		 4409 drivers/net/ethernet/brocade/bna/bna_enet.c | 8 +-
4410 drivers/net/wan/lmc/lmc_media.c | 97 +-
4411 drivers/net/wan/z85230.c | 24 +-
4412 drivers/net/wireless/zd1211rw/zd_usb.c | 2 +-
4413 drivers/pci/proc.c | 9 +
4414 drivers/platform/x86/asus-wmi.c | 12 +
4415 drivers/rtc/rtc-dev.c | 3 +
4416 drivers/scsi/bfa/bfa_fcs.c | 19 +-
4417 drivers/scsi/bfa/bfa_fcs_lport.c | 29 +-
4418 drivers/scsi/bfa/bfa_modules.h | 12 +-
e8242a6d 4419 drivers/scsi/hpsa.h | 40 +-
6090327c
PK		 4420 drivers/staging/lustre/lustre/ldlm/ldlm_flock.c | 2 +-
4421 drivers/staging/lustre/lustre/libcfs/module.c | 10 +-
afe359a8
PK		 4422 drivers/staging/sm750fb/sm750.c | 3 +
4423 drivers/tty/serial/uartlite.c | 4 +-
6090327c
PK		 4424 drivers/tty/sysrq.c | 2 +-
4425 drivers/tty/vt/keyboard.c | 22 +-
4426 drivers/uio/uio.c | 6 +-
4427 drivers/usb/core/hub.c | 5 +
a8b227b4
PK		 4428 drivers/usb/gadget/function/f_uac1.c | 1 +
4429 drivers/usb/gadget/function/u_uac1.c | 1 +
6090327c 4430 drivers/usb/host/hwa-hc.c | 9 +-
afe359a8 4431 drivers/usb/usbip/vhci_sysfs.c | 2 +-
6090327c
PK		 4432 drivers/video/fbdev/arcfb.c | 2 +-
4433 drivers/video/fbdev/matrox/matroxfb_DAC1064.c | 10 +-
4434 drivers/video/fbdev/matrox/matroxfb_Ti3026.c | 5 +-
4435 drivers/video/fbdev/sh_mobile_lcdcfb.c | 6 +-
da1216b9 4436 drivers/video/logo/logo_linux_clut224.ppm | 2720 ++++-----
6090327c 4437 drivers/xen/xenfs/xenstored.c | 5 +
afe359a8
PK		 4438 firmware/Makefile | 2 +
4439 firmware/WHENCE | 20 +-
4440 firmware/bnx2/bnx2-mips-06-6.2.3.fw.ihex | 5804 +++++++++++++++++
da1216b9 4441 firmware/bnx2/bnx2-mips-09-6.2.1b.fw.ihex | 6496 ++++++++++++++++++++
6090327c
PK		 4442 fs/attr.c | 1 +
4443 fs/autofs4/waitq.c | 9 +
4444 fs/binfmt_aout.c | 7 +
4445 fs/binfmt_elf.c | 40 +-
6090327c
PK		 4446 fs/compat.c | 20 +-
4447 fs/coredump.c | 17 +-
8cf17962 4448 fs/dcache.c | 3 +
da1216b9
PK		 4449 fs/debugfs/inode.c | 11 +-
4450 fs/exec.c | 218 +-
6090327c 4451 fs/ext2/balloc.c | 4 +-
0986ccbe 4452 fs/ext2/super.c | 8 +-
6090327c 4453 fs/ext3/balloc.c | 4 +-
0986ccbe 4454 fs/ext3/super.c | 8 +-
6090327c 4455 fs/ext4/balloc.c | 4 +-
0986ccbe 4456 fs/fcntl.c | 4 +
da1216b9 4457 fs/fhandle.c | 3 +-
6090327c
PK		 4458 fs/file.c | 4 +
4459 fs/filesystems.c | 4 +
e8242a6d 4460 fs/fs_struct.c | 20 +-
6090327c 4461 fs/hugetlbfs/inode.c | 5 +-
afe359a8 4462 fs/inode.c | 8 +-
8cf17962 4463 fs/kernfs/dir.c | 6 +
6090327c 4464 fs/mount.h | 4 +-
afe359a8 4465 fs/namei.c | 285 +-
8cf17962 4466 fs/namespace.c | 24 +
a8b227b4 4467 fs/nfsd/nfscache.c | 2 +-
6090327c 4468 fs/open.c | 38 +
afe359a8 4469 fs/overlayfs/inode.c | 3 +
da1216b9 4470 fs/overlayfs/super.c | 6 +-
6090327c
PK		 4471 fs/pipe.c | 2 +-
4472 fs/posix_acl.c | 15 +-
4473 fs/proc/Kconfig | 10 +-
0986ccbe 4474 fs/proc/array.c | 66 +-
afe359a8 4475 fs/proc/base.c | 168 +-
6090327c
PK		 4476 fs/proc/cmdline.c | 4 +
4477 fs/proc/devices.c | 4 +
4478 fs/proc/fd.c | 17 +-
e8242a6d 4479 fs/proc/generic.c | 64 +
6090327c 4480 fs/proc/inode.c | 17 +
0986ccbe 4481 fs/proc/internal.h | 11 +-
6090327c
PK		 4482 fs/proc/interrupts.c | 4 +
4483 fs/proc/kcore.c | 3 +
4484 fs/proc/proc_net.c | 31 +
4485 fs/proc/proc_sysctl.c | 52 +-
4486 fs/proc/root.c | 8 +
4487 fs/proc/stat.c | 69 +-
e8242a6d 4488 fs/proc/task_mmu.c | 66 +-
6090327c
PK		 4489 fs/readdir.c | 19 +
4490 fs/reiserfs/item_ops.c | 24 +-
0986ccbe 4491 fs/reiserfs/super.c | 4 +
6090327c 4492 fs/select.c | 2 +
afe359a8 4493 fs/seq_file.c | 30 +-
6090327c 4494 fs/stat.c | 20 +-
e8242a6d 4495 fs/sysfs/dir.c | 30 +-
6090327c 4496 fs/utimes.c | 7 +
8cf17962 4497 fs/xattr.c | 26 +-
da1216b9 4498 grsecurity/Kconfig | 1182 ++++
6090327c 4499 grsecurity/Makefile | 54 +
da1216b9 4500 grsecurity/gracl.c | 2757 +++++++++
6090327c 4501 grsecurity/gracl_alloc.c | 105 +
a8b227b4 4502 grsecurity/gracl_cap.c | 127 +
da1216b9 4503 grsecurity/gracl_compat.c | 269 +
afe359a8 4504 grsecurity/gracl_fs.c | 448 ++
da1216b9
PK		 4505 grsecurity/gracl_ip.c | 386 ++
4506 grsecurity/gracl_learn.c | 207 +
4507 grsecurity/gracl_policy.c | 1786 ++++++
6090327c 4508 grsecurity/gracl_res.c | 68 +
da1216b9 4509 grsecurity/gracl_segv.c | 304 +
6090327c
PK		 4510 grsecurity/gracl_shm.c | 40 +
4511 grsecurity/grsec_chdir.c | 19 +
da1216b9
PK		 4512 grsecurity/grsec_chroot.c | 467 ++
4513 grsecurity/grsec_disabled.c | 445 ++
4514 grsecurity/grsec_exec.c | 189 +
4515 grsecurity/grsec_fifo.c | 26 +
6090327c 4516 grsecurity/grsec_fork.c | 23 +
da1216b9 4517 grsecurity/grsec_init.c | 290 +
6090327c 4518 grsecurity/grsec_ipc.c | 48 +
afe359a8
PK		 4519 grsecurity/grsec_link.c | 65 +
4520 grsecurity/grsec_log.c | 340 +
6090327c
PK		 4521 grsecurity/grsec_mem.c | 48 +
4522 grsecurity/grsec_mount.c | 65 +
afe359a8 4523 grsecurity/grsec_pax.c | 47 +
6090327c
PK		 4524 grsecurity/grsec_proc.c | 20 +
4525 grsecurity/grsec_ptrace.c | 30 +
da1216b9
PK		 4526 grsecurity/grsec_sig.c | 236 +
4527 grsecurity/grsec_sock.c | 244 +
4528 grsecurity/grsec_sysctl.c | 488 ++
6090327c
PK		 4529 grsecurity/grsec_time.c | 16 +
4530 grsecurity/grsec_tpe.c | 78 +
4531 grsecurity/grsec_usb.c | 15 +
4532 grsecurity/grsum.c | 64 +
da1216b9 4533 include/drm/drmP.h | 23 +-
6090327c 4534 include/linux/binfmts.h | 5 +-
afe359a8
PK		 4535 include/linux/capability.h | 13 +
4536 include/linux/compiler-gcc.h | 5 +
6090327c
PK		 4537 include/linux/compiler.h | 8 +
4538 include/linux/cred.h | 8 +-
8cf17962 4539 include/linux/dcache.h | 5 +-
6090327c
PK		 4540 include/linux/fs.h | 24 +-
4541 include/linux/fs_struct.h | 2 +-
4542 include/linux/fsnotify.h | 6 +
da1216b9
PK		 4543 include/linux/gracl.h | 342 +
4544 include/linux/gracl_compat.h | 156 +
6090327c
PK		 4545 include/linux/gralloc.h | 9 +
4546 include/linux/grdefs.h | 140 +
da1216b9 4547 include/linux/grinternal.h | 230 +
8cf17962 4548 include/linux/grmsg.h | 118 +
afe359a8 4549 include/linux/grsecurity.h | 249 +
6090327c 4550 include/linux/grsock.h | 19 +
afe359a8 4551 include/linux/ipc.h | 2 +-
6090327c
PK		 4552 include/linux/ipc_namespace.h | 2 +-
4553 include/linux/kallsyms.h | 18 +-
4554 include/linux/kmod.h | 5 +
4555 include/linux/kobject.h | 2 +-
afe359a8 4556 include/linux/lsm_hooks.h | 4 +-
8cf17962 4557 include/linux/mm.h | 12 +
6090327c 4558 include/linux/mm_types.h | 4 +-
afe359a8 4559 include/linux/module.h | 5 +-
6090327c
PK		 4560 include/linux/mount.h | 2 +-
4561 include/linux/netfilter/xt_gradm.h | 9 +
4562 include/linux/path.h | 4 +-
4563 include/linux/perf_event.h | 13 +-
4564 include/linux/pid_namespace.h | 2 +-
8cf17962 4565 include/linux/printk.h | 2 +-
6090327c
PK		 4566 include/linux/proc_fs.h | 22 +-
4567 include/linux/proc_ns.h | 2 +-
4568 include/linux/random.h | 2 +-
4569 include/linux/rbtree_augmented.h | 4 +-
da1216b9 4570 include/linux/scatterlist.h | 12 +-
afe359a8 4571 include/linux/sched.h | 110 +-
6090327c
PK		 4572 include/linux/security.h | 3 +-
4573 include/linux/seq_file.h | 5 +
afe359a8 4574 include/linux/shm.h | 6 +-
6090327c
PK		 4575 include/linux/skbuff.h | 3 +
4576 include/linux/slab.h | 9 -
afe359a8 4577 include/linux/sysctl.h | 8 +-
6090327c
PK		 4578 include/linux/thread_info.h | 6 +-
4579 include/linux/tty.h | 2 +-
4580 include/linux/tty_driver.h | 4 +-
4581 include/linux/uidgid.h | 5 +
4582 include/linux/user_namespace.h | 2 +-
4583 include/linux/utsname.h | 2 +-
4584 include/linux/vermagic.h | 16 +-
afe359a8 4585 include/linux/vmalloc.h | 8 +
6090327c
PK		 4586 include/net/af_unix.h | 2 +-
4587 include/net/ip.h | 2 +-
4588 include/net/neighbour.h | 2 +-
4589 include/net/net_namespace.h | 2 +-
e8242a6d 4590 include/net/sock.h | 2 +-
6090327c 4591 include/trace/events/fs.h | 53 +
da1216b9 4592 include/uapi/drm/i915_drm.h | 1 +
6090327c
PK		 4593 include/uapi/linux/personality.h | 1 +
4594 init/Kconfig | 3 +-
e8242a6d 4595 init/main.c | 35 +-
6090327c 4596 ipc/mqueue.c | 1 +
afe359a8
PK		 4597 ipc/msg.c | 14 +-
4598 ipc/shm.c | 36 +-
4599 ipc/util.c | 14 +-
da1216b9 4600 kernel/auditsc.c | 2 +-
0986ccbe 4601 kernel/bpf/syscall.c | 8 +-
6090327c 4602 kernel/capability.c | 41 +-
0986ccbe 4603 kernel/cgroup.c | 5 +-
6090327c
PK		 4604 kernel/compat.c | 1 +
4605 kernel/configs.c | 11 +
afe359a8 4606 kernel/cred.c | 112 +-
6090327c
PK		 4607 kernel/events/core.c | 14 +-
4608 kernel/exit.c | 10 +-
4609 kernel/fork.c | 86 +-
4610 kernel/futex.c | 4 +-
4611 kernel/kallsyms.c | 9 +
4612 kernel/kcmp.c | 4 +
afe359a8 4613 kernel/kexec.c | 2 +-
e8242a6d 4614 kernel/kmod.c | 95 +-
6090327c
PK		 4615 kernel/kprobes.c | 7 +-
4616 kernel/ksysfs.c | 2 +
4617 kernel/locking/lockdep_proc.c | 10 +-
afe359a8 4618 kernel/module.c | 108 +-
6090327c
PK		 4619 kernel/panic.c | 4 +-
4620 kernel/pid.c | 19 +-
6090327c 4621 kernel/power/Kconfig | 2 +
afe359a8 4622 kernel/printk/printk.c | 7 +-
6090327c 4623 kernel/ptrace.c | 20 +-
6090327c
PK		 4624 kernel/resource.c | 10 +
4625 kernel/sched/core.c | 11 +-
4626 kernel/signal.c | 37 +-
a8b227b4 4627 kernel/sys.c | 64 +-
afe359a8 4628 kernel/sysctl.c | 180 +-
6090327c 4629 kernel/taskstats.c | 6 +
a8b227b4
PK		 4630 kernel/time/posix-timers.c | 8 +
4631 kernel/time/time.c | 5 +
6090327c 4632 kernel/time/timekeeping.c | 3 +
afe359a8 4633 kernel/time/timer_list.c | 13 +-
6090327c 4634 kernel/time/timer_stats.c | 10 +-
0986ccbe 4635 kernel/trace/trace_syscalls.c | 8 +
6090327c
PK		 4636 kernel/user_namespace.c | 15 +
4637 lib/Kconfig.debug | 7 +-
4638 lib/is_single_threaded.c | 3 +
4639 lib/list_debug.c | 65 +-
e8242a6d 4640 lib/nlattr.c | 2 +
6090327c 4641 lib/rbtree.c | 4 +-
afe359a8 4642 lib/vsprintf.c | 39 +-
6090327c
PK		 4643 localversion-grsec | 1 +
4644 mm/Kconfig | 5 +-
e8242a6d 4645 mm/Kconfig.debug | 1 +
6090327c 4646 mm/filemap.c | 1 +
afe359a8 4647 mm/hugetlb.c | 8 +
6090327c 4648 mm/kmemleak.c | 4 +-
da1216b9 4649 mm/memory.c | 2 +-
6090327c
PK		 4650 mm/mempolicy.c | 12 +-
4651 mm/migrate.c | 3 +-
4652 mm/mlock.c | 6 +-
e8242a6d 4653 mm/mmap.c | 93 +-
6090327c 4654 mm/mprotect.c | 8 +
e8242a6d 4655 mm/page_alloc.c | 2 +-
6090327c
PK		 4656 mm/process_vm_access.c | 6 +
4657 mm/shmem.c | 2 +-
afe359a8 4658 mm/slab.c | 27 +-
6090327c 4659 mm/slab_common.c | 2 +-
afe359a8
PK		 4660 mm/slob.c | 12 +
4661 mm/slub.c | 33 +-
6090327c 4662 mm/util.c | 3 +
afe359a8 4663 mm/vmalloc.c | 80 +-
6090327c
PK		 4664 mm/vmstat.c | 29 +-
4665 net/appletalk/atalk_proc.c | 2 +-
4666 net/atm/lec.c | 6 +-
4667 net/atm/mpoa_caches.c | 42 +-
4668 net/can/bcm.c | 2 +-
4669 net/can/proc.c | 2 +-
0986ccbe 4670 net/core/dev_ioctl.c | 7 +-
6090327c
PK		 4671 net/core/filter.c | 8 +-
4672 net/core/net-procfs.c | 17 +-
4673 net/core/pktgen.c | 2 +-
e8242a6d 4674 net/core/sock.c | 3 +-
0986ccbe 4675 net/core/sysctl_net_core.c | 2 +-
6090327c 4676 net/decnet/dn_dev.c | 2 +-
0986ccbe 4677 net/ipv4/devinet.c | 6 +-
6090327c 4678 net/ipv4/inet_hashtables.c | 5 +
a8b227b4 4679 net/ipv4/ip_input.c | 7 +
6090327c
PK		 4680 net/ipv4/ip_sockglue.c | 3 +-
4681 net/ipv4/netfilter/ipt_CLUSTERIP.c | 2 +-
4682 net/ipv4/route.c | 6 +-
da1216b9 4683 net/ipv4/tcp_input.c | 4 +-
6090327c
PK		 4684 net/ipv4/tcp_ipv4.c | 24 +-
4685 net/ipv4/tcp_minisocks.c | 9 +-
4686 net/ipv4/tcp_timer.c | 11 +
4687 net/ipv4/udp.c | 24 +
e8242a6d 4688 net/ipv6/addrconf.c | 13 +-
6090327c
PK		 4689 net/ipv6/proc.c | 2 +-
4690 net/ipv6/tcp_ipv6.c | 23 +-
4691 net/ipv6/udp.c | 7 +
4692 net/ipx/ipx_proc.c | 2 +-
4693 net/irda/irproc.c | 2 +-
4694 net/llc/llc_proc.c | 2 +-
4695 net/netfilter/Kconfig | 10 +
4696 net/netfilter/Makefile | 1 +
4697 net/netfilter/nf_conntrack_core.c | 8 +
4698 net/netfilter/xt_gradm.c | 51 +
4699 net/netfilter/xt_hashlimit.c | 4 +-
4700 net/netfilter/xt_recent.c | 2 +-
8cf17962 4701 net/socket.c | 71 +-
6090327c
PK		 4702 net/sunrpc/cache.c | 2 +-
4703 net/sunrpc/stats.c | 2 +-
4704 net/sysctl_net.c | 2 +-
e8242a6d 4705 net/unix/af_unix.c | 52 +-
6090327c
PK		 4706 net/vmw_vsock/vmci_transport_notify.c | 30 +-
4707 net/vmw_vsock/vmci_transport_notify_qstate.c | 30 +-
4708 net/x25/sysctl_net_x25.c | 2 +-
4709 net/x25/x25_proc.c | 2 +-
0986ccbe
PK		 4710 scripts/package/Makefile | 2 +-
4711 scripts/package/mkspec | 38 +-
afe359a8 4712 security/Kconfig | 370 +-
6090327c
PK		 4713 security/apparmor/file.c | 4 +-
4714 security/apparmor/lsm.c | 8 +-
4715 security/commoncap.c | 29 +
4716 security/min_addr.c | 2 +
4717 security/tomoyo/file.c | 12 +-
4718 security/tomoyo/mount.c | 4 +
da1216b9 4719 security/tomoyo/tomoyo.c | 20 +-
6090327c 4720 security/yama/Kconfig | 2 +-
6090327c 4721 sound/synth/emux/emux_seq.c | 14 +-
e8242a6d
PK		 4722 sound/usb/line6/driver.c | 40 +-
4723 sound/usb/line6/toneport.c | 12 +-
6090327c
PK		 4724 tools/gcc/.gitignore | 1 +
4725 tools/gcc/Makefile | 12 +
4726 tools/gcc/gen-random-seed.sh | 8 +
afe359a8
PK		 4727 tools/gcc/randomize_layout_plugin.c | 930 +++
4728 tools/gcc/size_overflow_plugin/.gitignore | 1 +
4729 .../size_overflow_plugin/size_overflow_hash.data | 320 +-
4730 466 files changed, 32295 insertions(+), 2907 deletions(-)
4731
4732commit fc19197ab5a42069863a7d88f1d41eb687697fe9
4733Author: Brad Spengler <spender@grsecurity.net>
4734Date: Sun Oct 4 20:43:51 2015 -0400
4735
4736 Update to pax-linux-4.2.3-test6.patch:
4737 - fixed a KERNEXEC/x86 and early ioremap regression, reported by spender
4738 - sanitized a few more top level page table entries on amd64
76e7c0f9 4739
afe359a8
PK		 4740 arch/x86/kernel/espfix_64.c | 2 +-
4741 arch/x86/kernel/head_64.S | 8 ++++----
4742 arch/x86/mm/ioremap.c | 6 +++++-
4743 3 files changed, 10 insertions(+), 6 deletions(-)
4744
4745commit 23ac5415b9ef394e10b1516d3b314c742c6a3e59
4746Author: Brad Spengler <spender@grsecurity.net>
4747Date: Sun Oct 4 17:47:37 2015 -0400
4748
4749 Resync with pax-linux-4.2.3-test5.patch
4750
4751 arch/x86/include/asm/pgtable-2level.h | 20 ++++++++++++++++----
4752 arch/x86/include/asm/pgtable-3level.h | 8 ++++++++
4753 arch/x86/include/asm/pgtable_32.h | 2 --
4754 arch/x86/include/asm/pgtable_64.h | 20 ++++++++++++++++----
4755 arch/x86/mm/highmem_32.c | 2 --
4756 arch/x86/mm/init_64.c | 2 --
4757 arch/x86/mm/iomap_32.c | 4 ----
4758 arch/x86/mm/ioremap.c | 2 +-
4759 arch/x86/mm/pgtable.c | 2 --
4760 arch/x86/mm/pgtable_32.c | 3 ---
4761 mm/highmem.c | 6 +-----
4762 mm/vmalloc.c | 12 +-----------
4763 .../size_overflow_plugin/size_overflow_hash.data | 2 --
4764 13 files changed, 43 insertions(+), 42 deletions(-)
4765
4766commit 25f4bed80f0d87783793a70d6c20080031a1fd38
4767Author: Brad Spengler <spender@grsecurity.net>
4768Date: Sun Oct 4 13:06:32 2015 -0400
4769
4770 Update to pax-linux-4.2.3-test5.patch:
4771 - forward port to 4.2.3
4772 - fixed integer sign conversion errors caused by ieee80211_tx_rate_control.max_rate_idx, caught by the size overflow plugin
4773 - fixed a bug in try_preserve_large_page that caused unnecessary large page split ups
4774 - increased the number of statically allocated kernel page tables under KERNEXEC/amd64
4775
4776 arch/x86/include/asm/pgtable-2level.h | 2 ++
4777 arch/x86/include/asm/pgtable-3level.h | 5 +++++
4778 arch/x86/include/asm/pgtable_64.h | 2 ++
4779 arch/x86/kernel/cpu/bugs_64.c | 2 ++
4780 arch/x86/kernel/head_64.S | 28 +++++++++++++++++++++++-----
4781 arch/x86/kernel/vmlinux.lds.S | 8 +++++++-
4782 arch/x86/mm/init.c | 18 ++++++++++++++----
4783 arch/x86/mm/ioremap.c | 8 ++++++--
4784 arch/x86/mm/pageattr.c | 5 ++---
4785 arch/x86/mm/pgtable.c | 2 ++
4786 include/asm-generic/sections.h | 1 +
4787 include/asm-generic/vmlinux.lds.h | 2 ++
4788 include/net/mac80211.h | 2 +-
4789 mm/vmalloc.c | 7 ++++++-
4790 14 files changed, 75 insertions(+), 17 deletions(-)
4791
4792commit a2dce7cb2e3c389b7ef6c76c15ccdbf506007ddd
4793Merge: d113ff6 fcba09f
4794Author: Brad Spengler <spender@grsecurity.net>
4795Date: Sat Oct 3 09:12:31 2015 -0400
4796
4797 Merge branch 'linux-4.2.y' into pax-test
4798
4799commit d113ff6e7835e89e2b954503b1a100750ddb43c7
4800Author: Brad Spengler <spender@grsecurity.net>
4801Date: Thu Oct 1 21:34:12 2015 -0400
4802
4803 Update to pax-linux-4.2.2-test5.patch:
4804 - fixed a RANDKSTACK regression, reported by spender
4805 - fixed some more compiler warnings due to the ktla_ktva changes, reported by spender
4806
4807 arch/x86/entry/entry_64.S | 2 ++
4808 arch/x86/kernel/process.c | 1 +
4809 drivers/hv/hv.c | 2 +-
4810 drivers/lguest/x86/core.c | 4 ++--
4811 drivers/misc/kgdbts.c | 4 ++--
4812 drivers/video/fbdev/uvesafb.c | 4 ++--
4813 fs/binfmt_elf_fdpic.c | 2 +-
4814 7 files changed, 11 insertions(+), 8 deletions(-)
4815
4816commit 149e32a4dddfae46e2490f011870cd4492ca946c
4817Author: Brad Spengler <spender@grsecurity.net>
4818Date: Tue Sep 29 16:31:50 2015 -0400
4819
4820 Update to pax-linux-4.2.2-test4.patch:
4821 - fixed a few compiler warnings caused by the recently reworked ktla_ktva/ktva_ktla functions, reported by spender
4822 - Emese fixed a size overflow false positive in the IDE driver, reported by spender
4823
4824 arch/x86/lib/insn.c | 2 +-
4825 drivers/ide/ide-disk.c | 2 +-
4826 drivers/video/fbdev/vesafb.c | 4 ++--
4827 fs/binfmt_elf.c | 2 +-
4828 .../size_overflow_plugin/size_overflow_plugin.c | 4 ++--
4829 .../size_overflow_transform_core.c | 11 +++++------
4830 6 files changed, 12 insertions(+), 13 deletions(-)
4831
4832commit 02c41b848fbaddf82ce98690b23d3d85a94d55fe
4833Merge: b8b2f5b 7659db3
6090327c 4834Author: Brad Spengler <spender@grsecurity.net>
afe359a8 4835Date: Tue Sep 29 15:50:40 2015 -0400
76e7c0f9 4836
afe359a8
PK		 4837 Merge branch 'linux-4.2.y' into pax-test
4838
4839 Conflicts:
4840 fs/nfs/inode.c
4841
4842commit b8b2f5bc93ced0ca9a8366d0f3fa09abd1ca7ac6
4843Author: Brad Spengler <spender@grsecurity.net>
4844Date: Tue Sep 29 09:13:54 2015 -0400
4845
4846 Initial import of pax-linux-4.2.1-test3.patch
76e7c0f9 4847
6090327c 4848 Documentation/dontdiff | 47 +-
a8b227b4 4849 Documentation/kbuild/makefiles.txt | 39 +-
0986ccbe 4850 Documentation/kernel-parameters.txt | 28 +
da1216b9 4851 Makefile | 108 +-
6090327c
PK		 4852 arch/alpha/include/asm/atomic.h | 10 +
4853 arch/alpha/include/asm/elf.h | 7 +
4854 arch/alpha/include/asm/pgalloc.h | 6 +
4855 arch/alpha/include/asm/pgtable.h | 11 +
4856 arch/alpha/kernel/module.c | 2 +-
4857 arch/alpha/kernel/osf_sys.c | 8 +-
4858 arch/alpha/mm/fault.c | 141 +-
4859 arch/arm/Kconfig | 2 +-
8cf17962 4860 arch/arm/include/asm/atomic.h | 319 +-
6090327c
PK		 4861 arch/arm/include/asm/barrier.h | 2 +-
4862 arch/arm/include/asm/cache.h | 5 +-
4863 arch/arm/include/asm/cacheflush.h | 2 +-
4864 arch/arm/include/asm/checksum.h | 14 +-
afe359a8
PK		 4865 arch/arm/include/asm/cmpxchg.h | 4 +
4866 arch/arm/include/asm/cpuidle.h | 2 +-
6090327c 4867 arch/arm/include/asm/domain.h | 33 +-
da1216b9 4868 arch/arm/include/asm/elf.h | 9 +-
6090327c
PK		 4869 arch/arm/include/asm/fncpy.h | 2 +
4870 arch/arm/include/asm/futex.h | 10 +
4871 arch/arm/include/asm/kmap_types.h | 2 +-
4872 arch/arm/include/asm/mach/dma.h | 2 +-
4873 arch/arm/include/asm/mach/map.h | 16 +-
4874 arch/arm/include/asm/outercache.h | 2 +-
4875 arch/arm/include/asm/page.h | 3 +-
8cf17962
PK		 4876 arch/arm/include/asm/pgalloc.h | 20 +
4877 arch/arm/include/asm/pgtable-2level-hwdef.h | 4 +-
6090327c 4878 arch/arm/include/asm/pgtable-2level.h | 3 +
0986ccbe 4879 arch/arm/include/asm/pgtable-3level.h | 3 +
6090327c
PK		 4880 arch/arm/include/asm/pgtable.h | 54 +-
4881 arch/arm/include/asm/psci.h | 2 +-
4882 arch/arm/include/asm/smp.h | 2 +-
4883 arch/arm/include/asm/thread_info.h | 6 +-
a8b227b4 4884 arch/arm/include/asm/tls.h | 3 +
afe359a8 4885 arch/arm/include/asm/uaccess.h | 100 +-
6090327c
PK		 4886 arch/arm/include/uapi/asm/ptrace.h | 2 +-
4887 arch/arm/kernel/armksyms.c | 8 +-
afe359a8 4888 arch/arm/kernel/cpuidle.c | 2 +-
6090327c
PK		 4889 arch/arm/kernel/entry-armv.S | 110 +-
4890 arch/arm/kernel/entry-common.S | 40 +-
4891 arch/arm/kernel/entry-header.S | 60 +
4892 arch/arm/kernel/fiq.c | 3 +
4893 arch/arm/kernel/head.S | 2 +-
afe359a8 4894 arch/arm/kernel/module.c | 38 +-
6090327c 4895 arch/arm/kernel/patch.c | 2 +
da1216b9 4896 arch/arm/kernel/process.c | 90 +-
6090327c 4897 arch/arm/kernel/psci.c | 2 +-
da1216b9 4898 arch/arm/kernel/reboot.c | 1 +
6090327c
PK		 4899 arch/arm/kernel/setup.c | 20 +-
4900 arch/arm/kernel/signal.c | 35 +-
4901 arch/arm/kernel/smp.c | 2 +-
4902 arch/arm/kernel/tcm.c | 4 +-
a8b227b4 4903 arch/arm/kernel/traps.c | 6 +-
8cf17962 4904 arch/arm/kernel/vmlinux.lds.S | 6 +-
a8b227b4 4905 arch/arm/kvm/arm.c | 10 +-
6090327c
PK		 4906 arch/arm/lib/clear_user.S | 6 +-
4907 arch/arm/lib/copy_from_user.S | 6 +-
4908 arch/arm/lib/copy_page.S | 1 +
4909 arch/arm/lib/copy_to_user.S | 6 +-
4910 arch/arm/lib/csumpartialcopyuser.S | 4 +-
4911 arch/arm/lib/delay.c | 2 +-
afe359a8 4912 arch/arm/lib/uaccess_with_memcpy.c | 8 +-
da1216b9 4913 arch/arm/mach-exynos/suspend.c | 6 +-
a8b227b4 4914 arch/arm/mach-mvebu/coherency.c | 4 +-
6090327c 4915 arch/arm/mach-omap2/board-n8x0.c | 2 +-
6090327c 4916 arch/arm/mach-omap2/omap-mpuss-lowpower.c | 4 +-
e8242a6d 4917 arch/arm/mach-omap2/omap-smp.c | 1 +
6090327c
PK		 4918 arch/arm/mach-omap2/omap-wakeupgen.c | 2 +-
4919 arch/arm/mach-omap2/omap_device.c | 4 +-
4920 arch/arm/mach-omap2/omap_device.h | 4 +-
4921 arch/arm/mach-omap2/omap_hwmod.c | 4 +-
4922 arch/arm/mach-omap2/powerdomains43xx_data.c | 5 +-
4923 arch/arm/mach-omap2/wd_timer.c | 6 +-
afe359a8
PK		 4924 arch/arm/mach-shmobile/platsmp-apmu.c | 5 +-
4925 arch/arm/mach-shmobile/pm-r8a7740.c | 5 +-
4926 arch/arm/mach-shmobile/pm-sh73a0.c | 5 +-
6090327c 4927 arch/arm/mach-tegra/cpuidle-tegra20.c | 2 +-
e8242a6d
PK		 4928 arch/arm/mach-tegra/irq.c | 1 +
4929 arch/arm/mach-ux500/pm.c | 1 +
e8242a6d 4930 arch/arm/mach-zynq/platsmp.c | 1 +
0986ccbe 4931 arch/arm/mm/Kconfig | 6 +-
6090327c
PK		 4932 arch/arm/mm/alignment.c | 8 +
4933 arch/arm/mm/cache-l2x0.c | 2 +-
4934 arch/arm/mm/context.c | 10 +-
0986ccbe 4935 arch/arm/mm/fault.c | 146 +
6090327c 4936 arch/arm/mm/fault.h | 12 +
8cf17962 4937 arch/arm/mm/init.c | 39 +
6090327c
PK		 4938 arch/arm/mm/ioremap.c | 4 +-
4939 arch/arm/mm/mmap.c | 30 +-
4940 arch/arm/mm/mmu.c | 182 +-
0986ccbe 4941 arch/arm/net/bpf_jit_32.c | 3 +
6090327c
PK		 4942 arch/arm/plat-iop/setup.c | 2 +-
4943 arch/arm/plat-omap/sram.c | 2 +
e8242a6d 4944 arch/arm64/include/asm/atomic.h | 10 +
6090327c 4945 arch/arm64/include/asm/barrier.h | 2 +-
8cf17962 4946 arch/arm64/include/asm/percpu.h | 8 +-
e8242a6d 4947 arch/arm64/include/asm/pgalloc.h | 5 +
6090327c 4948 arch/arm64/include/asm/uaccess.h | 1 +
e8242a6d 4949 arch/arm64/mm/dma-mapping.c | 2 +-
6090327c
PK		 4950 arch/avr32/include/asm/elf.h | 8 +-
4951 arch/avr32/include/asm/kmap_types.h | 4 +-
4952 arch/avr32/mm/fault.c | 27 +
4953 arch/frv/include/asm/atomic.h | 10 +
4954 arch/frv/include/asm/kmap_types.h | 2 +-
4955 arch/frv/mm/elf-fdpic.c | 3 +-
a8b227b4 4956 arch/ia64/Makefile | 1 +
6090327c
PK		 4957 arch/ia64/include/asm/atomic.h | 10 +
4958 arch/ia64/include/asm/barrier.h | 2 +-
4959 arch/ia64/include/asm/elf.h | 7 +
4960 arch/ia64/include/asm/pgalloc.h | 12 +
4961 arch/ia64/include/asm/pgtable.h | 13 +-
4962 arch/ia64/include/asm/spinlock.h | 2 +-
4963 arch/ia64/include/asm/uaccess.h | 27 +-
8cf17962 4964 arch/ia64/kernel/module.c | 45 +-
6090327c
PK		 4965 arch/ia64/kernel/palinfo.c | 2 +-
4966 arch/ia64/kernel/sys_ia64.c | 7 +
4967 arch/ia64/kernel/vmlinux.lds.S | 2 +-
4968 arch/ia64/mm/fault.c | 32 +-
a8b227b4 4969 arch/ia64/mm/init.c | 15 +-
6090327c
PK		 4970 arch/m32r/lib/usercopy.c | 6 +
4971 arch/metag/include/asm/barrier.h | 2 +-
4972 arch/mips/cavium-octeon/dma-octeon.c | 2 +-
e8242a6d 4973 arch/mips/include/asm/atomic.h | 355 +-
6090327c 4974 arch/mips/include/asm/barrier.h | 2 +-
da1216b9 4975 arch/mips/include/asm/elf.h | 7 +
6090327c
PK		 4976 arch/mips/include/asm/exec.h | 2 +-
4977 arch/mips/include/asm/hw_irq.h | 2 +-
4978 arch/mips/include/asm/local.h | 57 +
4979 arch/mips/include/asm/page.h | 2 +-
4980 arch/mips/include/asm/pgalloc.h | 5 +
4981 arch/mips/include/asm/pgtable.h | 3 +
4982 arch/mips/include/asm/uaccess.h | 1 +
4983 arch/mips/kernel/binfmt_elfn32.c | 7 +
4984 arch/mips/kernel/binfmt_elfo32.c | 7 +
4985 arch/mips/kernel/i8259.c | 2 +-
4986 arch/mips/kernel/irq-gt641xx.c | 2 +-
4987 arch/mips/kernel/irq.c | 6 +-
4988 arch/mips/kernel/pm-cps.c | 2 +-
4989 arch/mips/kernel/process.c | 12 -
6090327c
PK		 4990 arch/mips/kernel/sync-r4k.c | 24 +-
4991 arch/mips/kernel/traps.c | 13 +-
a8b227b4 4992 arch/mips/kvm/mips.c | 2 +-
6090327c
PK		 4993 arch/mips/mm/fault.c | 25 +
4994 arch/mips/mm/mmap.c | 51 +-
6090327c
PK		 4995 arch/mips/sgi-ip27/ip27-nmi.c | 6 +-
4996 arch/mips/sni/rm200.c | 2 +-
4997 arch/mips/vr41xx/common/icu.c | 2 +-
4998 arch/mips/vr41xx/common/irq.c | 4 +-
4999 arch/parisc/include/asm/atomic.h | 10 +
5000 arch/parisc/include/asm/elf.h | 7 +
5001 arch/parisc/include/asm/pgalloc.h | 6 +
5002 arch/parisc/include/asm/pgtable.h | 11 +
5003 arch/parisc/include/asm/uaccess.h | 4 +-
5004 arch/parisc/kernel/module.c | 50 +-
5005 arch/parisc/kernel/sys_parisc.c | 15 +
5006 arch/parisc/kernel/traps.c | 4 +-
5007 arch/parisc/mm/fault.c | 140 +-
0986ccbe 5008 arch/powerpc/include/asm/atomic.h | 329 +-
6090327c 5009 arch/powerpc/include/asm/barrier.h | 2 +-
da1216b9 5010 arch/powerpc/include/asm/elf.h | 12 +
6090327c
PK		 5011 arch/powerpc/include/asm/exec.h | 2 +-
5012 arch/powerpc/include/asm/kmap_types.h | 2 +-
0986ccbe 5013 arch/powerpc/include/asm/local.h | 46 +
6090327c
PK		 5014 arch/powerpc/include/asm/mman.h | 2 +-
5015 arch/powerpc/include/asm/page.h | 8 +-
5016 arch/powerpc/include/asm/page_64.h | 7 +-
5017 arch/powerpc/include/asm/pgalloc-64.h | 7 +
5018 arch/powerpc/include/asm/pgtable.h | 1 +
5019 arch/powerpc/include/asm/pte-hash32.h | 1 +
5020 arch/powerpc/include/asm/reg.h | 1 +
5021 arch/powerpc/include/asm/smp.h | 2 +-
0986ccbe 5022 arch/powerpc/include/asm/spinlock.h | 42 +-
6090327c 5023 arch/powerpc/include/asm/uaccess.h | 141 +-
8cf17962 5024 arch/powerpc/kernel/Makefile | 5 +
6090327c
PK		 5025 arch/powerpc/kernel/exceptions-64e.S | 4 +-
5026 arch/powerpc/kernel/exceptions-64s.S | 2 +-
5027 arch/powerpc/kernel/module_32.c | 15 +-
8cf17962 5028 arch/powerpc/kernel/process.c | 46 -
6090327c
PK		 5029 arch/powerpc/kernel/signal_32.c | 2 +-
5030 arch/powerpc/kernel/signal_64.c | 2 +-
0986ccbe 5031 arch/powerpc/kernel/traps.c | 21 +
6090327c
PK		 5032 arch/powerpc/kernel/vdso.c | 5 +-
5033 arch/powerpc/kvm/powerpc.c | 2 +-
5034 arch/powerpc/lib/usercopy_64.c | 18 -
e8242a6d 5035 arch/powerpc/mm/fault.c | 56 +-
da1216b9 5036 arch/powerpc/mm/mmap.c | 16 +
6090327c
PK		 5037 arch/powerpc/mm/slice.c | 13 +-
5038 arch/powerpc/platforms/cell/spufs/file.c | 4 +-
5039 arch/s390/include/asm/atomic.h | 10 +
5040 arch/s390/include/asm/barrier.h | 2 +-
da1216b9 5041 arch/s390/include/asm/elf.h | 7 +
6090327c
PK		 5042 arch/s390/include/asm/exec.h | 2 +-
5043 arch/s390/include/asm/uaccess.h | 13 +-
5044 arch/s390/kernel/module.c | 22 +-
e8242a6d 5045 arch/s390/kernel/process.c | 24 -
da1216b9 5046 arch/s390/mm/mmap.c | 16 +
6090327c
PK		 5047 arch/score/include/asm/exec.h | 2 +-
5048 arch/score/kernel/process.c | 5 -
5049 arch/sh/mm/mmap.c | 22 +-
0986ccbe 5050 arch/sparc/include/asm/atomic_64.h | 110 +-
6090327c
PK		 5051 arch/sparc/include/asm/barrier_64.h | 2 +-
5052 arch/sparc/include/asm/cache.h | 2 +-
5053 arch/sparc/include/asm/elf_32.h | 7 +
5054 arch/sparc/include/asm/elf_64.h | 7 +
5055 arch/sparc/include/asm/pgalloc_32.h | 1 +
5056 arch/sparc/include/asm/pgalloc_64.h | 1 +
5057 arch/sparc/include/asm/pgtable.h | 4 +
5058 arch/sparc/include/asm/pgtable_32.h | 15 +-
5059 arch/sparc/include/asm/pgtsrmmu.h | 5 +
5060 arch/sparc/include/asm/setup.h | 4 +-
5061 arch/sparc/include/asm/spinlock_64.h | 35 +-
e8242a6d 5062 arch/sparc/include/asm/thread_info_32.h | 1 +
6090327c
PK		 5063 arch/sparc/include/asm/thread_info_64.h | 2 +
5064 arch/sparc/include/asm/uaccess.h | 1 +
e8242a6d
PK		 5065 arch/sparc/include/asm/uaccess_32.h | 28 +-
5066 arch/sparc/include/asm/uaccess_64.h | 24 +-
6090327c
PK		 5067 arch/sparc/kernel/Makefile | 2 +-
5068 arch/sparc/kernel/prom_common.c | 2 +-
5069 arch/sparc/kernel/smp_64.c | 8 +-
5070 arch/sparc/kernel/sys_sparc_32.c | 2 +-
5071 arch/sparc/kernel/sys_sparc_64.c | 52 +-
5072 arch/sparc/kernel/traps_64.c | 27 +-
5073 arch/sparc/lib/Makefile | 2 +-
0986ccbe
PK		 5074 arch/sparc/lib/atomic_64.S | 57 +-
5075 arch/sparc/lib/ksyms.c | 6 +-
6090327c
PK		 5076 arch/sparc/mm/Makefile | 2 +-
5077 arch/sparc/mm/fault_32.c | 292 +
8cf17962 5078 arch/sparc/mm/fault_64.c | 486 +
6090327c
PK		 5079 arch/sparc/mm/hugetlbpage.c | 22 +-
5080 arch/sparc/mm/init_64.c | 10 +-
5081 arch/tile/include/asm/atomic_64.h | 10 +
5082 arch/tile/include/asm/uaccess.h | 4 +-
5083 arch/um/Makefile | 4 +
5084 arch/um/include/asm/kmap_types.h | 2 +-
5085 arch/um/include/asm/page.h | 3 +
5086 arch/um/include/asm/pgtable-3level.h | 1 +
5087 arch/um/kernel/process.c | 16 -
afe359a8 5088 arch/x86/Kconfig | 15 +-
6090327c
PK		 5089 arch/x86/Kconfig.cpu | 6 +-
5090 arch/x86/Kconfig.debug | 4 +-
a8b227b4 5091 arch/x86/Makefile | 13 +-
6090327c
PK		 5092 arch/x86/boot/Makefile | 3 +
5093 arch/x86/boot/bitops.h | 4 +-
5094 arch/x86/boot/boot.h | 2 +-
5095 arch/x86/boot/compressed/Makefile | 3 +
5096 arch/x86/boot/compressed/efi_stub_32.S | 16 +-
8cf17962 5097 arch/x86/boot/compressed/efi_thunk_64.S | 4 +-
6090327c
PK		 5098 arch/x86/boot/compressed/head_32.S | 4 +-
5099 arch/x86/boot/compressed/head_64.S | 12 +-
5100 arch/x86/boot/compressed/misc.c | 11 +-
5101 arch/x86/boot/cpucheck.c | 16 +-
5102 arch/x86/boot/header.S | 6 +-
5103 arch/x86/boot/memory.c | 2 +-
5104 arch/x86/boot/video-vesa.c | 1 +
5105 arch/x86/boot/video.c | 2 +-
5106 arch/x86/crypto/aes-x86_64-asm_64.S | 4 +
5107 arch/x86/crypto/aesni-intel_asm.S | 106 +-
5108 arch/x86/crypto/blowfish-x86_64-asm_64.S | 7 +
5109 arch/x86/crypto/camellia-aesni-avx-asm_64.S | 10 +
5110 arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 10 +
5111 arch/x86/crypto/camellia-x86_64-asm_64.S | 7 +
5112 arch/x86/crypto/cast5-avx-x86_64-asm_64.S | 51 +-
5113 arch/x86/crypto/cast6-avx-x86_64-asm_64.S | 25 +-
da1216b9 5114 arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 4 +-
6090327c
PK		 5115 arch/x86/crypto/ghash-clmulni-intel_asm.S | 4 +
5116 arch/x86/crypto/salsa20-x86_64-asm_64.S | 4 +
5117 arch/x86/crypto/serpent-avx-x86_64-asm_64.S | 9 +
5118 arch/x86/crypto/serpent-avx2-asm_64.S | 9 +
5119 arch/x86/crypto/serpent-sse2-x86_64-asm_64.S | 4 +
5120 arch/x86/crypto/sha1_ssse3_asm.S | 10 +-
5121 arch/x86/crypto/sha256-avx-asm.S | 2 +
5122 arch/x86/crypto/sha256-avx2-asm.S | 2 +
5123 arch/x86/crypto/sha256-ssse3-asm.S | 2 +
5124 arch/x86/crypto/sha512-avx-asm.S | 2 +
5125 arch/x86/crypto/sha512-avx2-asm.S | 2 +
5126 arch/x86/crypto/sha512-ssse3-asm.S | 2 +
5127 arch/x86/crypto/twofish-avx-x86_64-asm_64.S | 25 +-
5128 arch/x86/crypto/twofish-x86_64-asm_64-3way.S | 4 +
5129 arch/x86/crypto/twofish-x86_64-asm_64.S | 3 +
afe359a8
PK		 5130 arch/x86/entry/calling.h | 92 +-
5131 arch/x86/entry/entry_32.S | 360 +-
5132 arch/x86/entry/entry_64.S | 636 +-
5133 arch/x86/entry/entry_64_compat.S | 159 +-
5134 arch/x86/entry/thunk_64.S | 2 +
5135 arch/x86/entry/vdso/Makefile | 2 +-
5136 arch/x86/entry/vdso/vdso2c.h | 4 +-
5137 arch/x86/entry/vdso/vma.c | 41 +-
5138 arch/x86/entry/vsyscall/vsyscall_64.c | 16 +-
0986ccbe 5139 arch/x86/ia32/ia32_signal.c | 23 +-
afe359a8 5140 arch/x86/ia32/sys_ia32.c | 42 +-
da1216b9 5141 arch/x86/include/asm/alternative-asm.h | 43 +-
6090327c
PK		 5142 arch/x86/include/asm/alternative.h | 4 +-
5143 arch/x86/include/asm/apic.h | 2 +-
5144 arch/x86/include/asm/apm.h | 4 +-
8cf17962 5145 arch/x86/include/asm/atomic.h | 269 +-
6090327c 5146 arch/x86/include/asm/atomic64_32.h | 100 +
0986ccbe 5147 arch/x86/include/asm/atomic64_64.h | 164 +-
6090327c
PK		 5148 arch/x86/include/asm/barrier.h | 4 +-
5149 arch/x86/include/asm/bitops.h | 18 +-
afe359a8 5150 arch/x86/include/asm/boot.h | 2 +-
6090327c 5151 arch/x86/include/asm/cache.h | 5 +-
6090327c
PK		 5152 arch/x86/include/asm/checksum_32.h | 12 +-
5153 arch/x86/include/asm/cmpxchg.h | 39 +
5154 arch/x86/include/asm/compat.h | 2 +-
afe359a8 5155 arch/x86/include/asm/cpufeature.h | 17 +-
6090327c
PK		 5156 arch/x86/include/asm/desc.h | 78 +-
5157 arch/x86/include/asm/desc_defs.h | 6 +
5158 arch/x86/include/asm/div64.h | 2 +-
da1216b9 5159 arch/x86/include/asm/elf.h | 33 +-
6090327c 5160 arch/x86/include/asm/emergency-restart.h | 2 +-
afe359a8
PK		 5161 arch/x86/include/asm/fpu/internal.h | 36 +-
5162 arch/x86/include/asm/fpu/types.h | 5 +-
6090327c
PK		 5163 arch/x86/include/asm/futex.h | 14 +-
5164 arch/x86/include/asm/hw_irq.h | 4 +-
5165 arch/x86/include/asm/i8259.h | 2 +-
afe359a8 5166 arch/x86/include/asm/io.h | 22 +-
6090327c
PK		 5167 arch/x86/include/asm/irqflags.h | 5 +
5168 arch/x86/include/asm/kprobes.h | 9 +-
5169 arch/x86/include/asm/local.h | 106 +-
5170 arch/x86/include/asm/mman.h | 15 +
afe359a8
PK		 5171 arch/x86/include/asm/mmu.h | 14 +-
5172 arch/x86/include/asm/mmu_context.h | 138 +-
6090327c
PK		 5173 arch/x86/include/asm/module.h | 17 +-
5174 arch/x86/include/asm/nmi.h | 19 +-
5175 arch/x86/include/asm/page.h | 1 +
afe359a8
PK		 5176 arch/x86/include/asm/page_32.h | 12 +-
5177 arch/x86/include/asm/page_64.h | 14 +-
6090327c
PK		 5178 arch/x86/include/asm/paravirt.h | 46 +-
5179 arch/x86/include/asm/paravirt_types.h | 15 +-
5180 arch/x86/include/asm/pgalloc.h | 23 +
5181 arch/x86/include/asm/pgtable-2level.h | 2 +
5182 arch/x86/include/asm/pgtable-3level.h | 4 +
da1216b9 5183 arch/x86/include/asm/pgtable.h | 128 +-
6090327c 5184 arch/x86/include/asm/pgtable_32.h | 14 +-
afe359a8 5185 arch/x86/include/asm/pgtable_32_types.h | 24 +-
da1216b9 5186 arch/x86/include/asm/pgtable_64.h | 22 +-
6090327c
PK		 5187 arch/x86/include/asm/pgtable_64_types.h | 5 +
5188 arch/x86/include/asm/pgtable_types.h | 26 +-
5189 arch/x86/include/asm/preempt.h | 2 +-
afe359a8
PK		 5190 arch/x86/include/asm/processor.h | 59 +-
5191 arch/x86/include/asm/ptrace.h | 21 +-
6090327c
PK		 5192 arch/x86/include/asm/qrwlock.h | 4 +-
5193 arch/x86/include/asm/realmode.h | 4 +-
5194 arch/x86/include/asm/reboot.h | 10 +-
5195 arch/x86/include/asm/rmwcc.h | 84 +-
5196 arch/x86/include/asm/rwsem.h | 60 +-
da1216b9
PK		 5197 arch/x86/include/asm/segment.h | 27 +-
5198 arch/x86/include/asm/smap.h | 43 +
6090327c 5199 arch/x86/include/asm/smp.h | 14 +-
6090327c
PK		 5200 arch/x86/include/asm/stackprotector.h | 4 +-
5201 arch/x86/include/asm/stacktrace.h | 32 +-
5202 arch/x86/include/asm/switch_to.h | 4 +-
afe359a8
PK		 5203 arch/x86/include/asm/sys_ia32.h | 6 +-
5204 arch/x86/include/asm/thread_info.h | 27 +-
5205 arch/x86/include/asm/tlbflush.h | 77 +-
e8242a6d 5206 arch/x86/include/asm/uaccess.h | 192 +-
8cf17962
PK		 5207 arch/x86/include/asm/uaccess_32.h | 28 +-
5208 arch/x86/include/asm/uaccess_64.h | 169 +-
6090327c
PK		 5209 arch/x86/include/asm/word-at-a-time.h | 2 +-
5210 arch/x86/include/asm/x86_init.h | 10 +-
5211 arch/x86/include/asm/xen/page.h | 2 +-
6090327c 5212 arch/x86/include/uapi/asm/e820.h | 2 +-
6090327c
PK		 5213 arch/x86/kernel/Makefile | 2 +-
5214 arch/x86/kernel/acpi/boot.c | 4 +-
5215 arch/x86/kernel/acpi/sleep.c | 4 +
5216 arch/x86/kernel/acpi/wakeup_32.S | 6 +-
afe359a8 5217 arch/x86/kernel/alternative.c | 124 +-
6090327c
PK		 5218 arch/x86/kernel/apic/apic.c | 4 +-
5219 arch/x86/kernel/apic/apic_flat_64.c | 4 +-
5220 arch/x86/kernel/apic/apic_noop.c | 2 +-
5221 arch/x86/kernel/apic/bigsmp_32.c | 2 +-
e8242a6d 5222 arch/x86/kernel/apic/io_apic.c | 8 +-
afe359a8 5223 arch/x86/kernel/apic/msi.c | 2 +-
6090327c 5224 arch/x86/kernel/apic/probe_32.c | 2 +-
8cf17962 5225 arch/x86/kernel/apic/vector.c | 4 +-
6090327c
PK		 5226 arch/x86/kernel/apic/x2apic_cluster.c | 4 +-
5227 arch/x86/kernel/apic/x2apic_phys.c | 2 +-
5228 arch/x86/kernel/apic/x2apic_uv_x.c | 2 +-
e8242a6d 5229 arch/x86/kernel/apm_32.c | 21 +-
6090327c
PK		 5230 arch/x86/kernel/asm-offsets.c | 20 +
5231 arch/x86/kernel/asm-offsets_64.c | 1 +
5232 arch/x86/kernel/cpu/Makefile | 4 -
5233 arch/x86/kernel/cpu/amd.c | 2 +-
afe359a8 5234 arch/x86/kernel/cpu/common.c | 202 +-
da1216b9 5235 arch/x86/kernel/cpu/intel_cacheinfo.c | 14 +-
6090327c
PK		 5236 arch/x86/kernel/cpu/mcheck/mce.c | 31 +-
5237 arch/x86/kernel/cpu/mcheck/p5.c | 3 +
5238 arch/x86/kernel/cpu/mcheck/winchip.c | 3 +
5239 arch/x86/kernel/cpu/microcode/core.c | 2 +-
5240 arch/x86/kernel/cpu/microcode/intel.c | 4 +-
5241 arch/x86/kernel/cpu/mtrr/main.c | 2 +-
5242 arch/x86/kernel/cpu/mtrr/mtrr.h | 2 +-
afe359a8 5243 arch/x86/kernel/cpu/perf_event.c | 10 +-
6090327c
PK		 5244 arch/x86/kernel/cpu/perf_event_amd_iommu.c | 2 +-
5245 arch/x86/kernel/cpu/perf_event_intel.c | 6 +-
da1216b9
PK		 5246 arch/x86/kernel/cpu/perf_event_intel_bts.c | 6 +-
5247 arch/x86/kernel/cpu/perf_event_intel_cqm.c | 4 +-
5248 arch/x86/kernel/cpu/perf_event_intel_pt.c | 44 +-
6090327c
PK		 5249 arch/x86/kernel/cpu/perf_event_intel_rapl.c | 2 +-
5250 arch/x86/kernel/cpu/perf_event_intel_uncore.c | 2 +-
5251 arch/x86/kernel/cpu/perf_event_intel_uncore.h | 2 +-
5252 arch/x86/kernel/cpuid.c | 2 +-
6090327c
PK		 5253 arch/x86/kernel/crash_dump_64.c | 2 +-
5254 arch/x86/kernel/doublefault.c | 8 +-
da1216b9
PK		 5255 arch/x86/kernel/dumpstack.c | 24 +-
5256 arch/x86/kernel/dumpstack_32.c | 25 +-
8cf17962 5257 arch/x86/kernel/dumpstack_64.c | 62 +-
6090327c
PK		 5258 arch/x86/kernel/e820.c | 4 +-
5259 arch/x86/kernel/early_printk.c | 1 +
8cf17962 5260 arch/x86/kernel/espfix_64.c | 13 +-
afe359a8
PK		 5261 arch/x86/kernel/fpu/core.c | 22 +-
5262 arch/x86/kernel/fpu/init.c | 8 +-
5263 arch/x86/kernel/fpu/regset.c | 22 +-
5264 arch/x86/kernel/fpu/signal.c | 20 +-
5265 arch/x86/kernel/fpu/xstate.c | 8 +-
da1216b9 5266 arch/x86/kernel/ftrace.c | 18 +-
afe359a8
PK		 5267 arch/x86/kernel/head64.c | 14 +-
5268 arch/x86/kernel/head_32.S | 235 +-
da1216b9 5269 arch/x86/kernel/head_64.S | 149 +-
6090327c 5270 arch/x86/kernel/i386_ksyms_32.c | 12 +
6090327c
PK		 5271 arch/x86/kernel/i8259.c | 10 +-
5272 arch/x86/kernel/io_delay.c | 2 +-
5273 arch/x86/kernel/ioport.c | 2 +-
5274 arch/x86/kernel/irq.c | 8 +-
da1216b9 5275 arch/x86/kernel/irq_32.c | 45 +-
afe359a8 5276 arch/x86/kernel/jump_label.c | 10 +-
da1216b9
PK		 5277 arch/x86/kernel/kgdb.c | 21 +-
5278 arch/x86/kernel/kprobes/core.c | 28 +-
6090327c
PK		 5279 arch/x86/kernel/kprobes/opt.c | 16 +-
5280 arch/x86/kernel/ksysfs.c | 2 +-
afe359a8 5281 arch/x86/kernel/ldt.c | 25 +
e8242a6d 5282 arch/x86/kernel/livepatch.c | 12 +-
6090327c 5283 arch/x86/kernel/machine_kexec_32.c | 6 +-
a8b227b4 5284 arch/x86/kernel/mcount_64.S | 19 +-
6090327c
PK		 5285 arch/x86/kernel/module.c | 78 +-
5286 arch/x86/kernel/msr.c | 2 +-
5287 arch/x86/kernel/nmi.c | 34 +-
5288 arch/x86/kernel/nmi_selftest.c | 4 +-
5289 arch/x86/kernel/paravirt-spinlocks.c | 2 +-
5290 arch/x86/kernel/paravirt.c | 45 +-
8cf17962 5291 arch/x86/kernel/paravirt_patch_64.c | 8 +
6090327c
PK		 5292 arch/x86/kernel/pci-calgary_64.c | 2 +-
5293 arch/x86/kernel/pci-iommu_table.c | 2 +-
5294 arch/x86/kernel/pci-swiotlb.c | 2 +-
afe359a8
PK		 5295 arch/x86/kernel/process.c | 71 +-
5296 arch/x86/kernel/process_32.c | 30 +-
5297 arch/x86/kernel/process_64.c | 19 +-
6090327c
PK		 5298 arch/x86/kernel/ptrace.c | 20 +-
5299 arch/x86/kernel/pvclock.c | 8 +-
e8242a6d 5300 arch/x86/kernel/reboot.c | 44 +-
6090327c
PK		 5301 arch/x86/kernel/reboot_fixups_32.c | 2 +-
5302 arch/x86/kernel/relocate_kernel_64.S | 3 +-
afe359a8 5303 arch/x86/kernel/setup.c | 29 +-
6090327c
PK		 5304 arch/x86/kernel/setup_percpu.c | 29 +-
5305 arch/x86/kernel/signal.c | 17 +-
5306 arch/x86/kernel/smp.c | 2 +-
afe359a8
PK		 5307 arch/x86/kernel/smpboot.c | 29 +-
5308 arch/x86/kernel/step.c | 6 +-
6090327c
PK		 5309 arch/x86/kernel/sys_i386_32.c | 184 +
5310 arch/x86/kernel/sys_x86_64.c | 22 +-
da1216b9
PK		 5311 arch/x86/kernel/tboot.c | 14 +-
5312 arch/x86/kernel/time.c | 8 +-
6090327c
PK		 5313 arch/x86/kernel/tls.c | 7 +-
5314 arch/x86/kernel/tracepoint.c | 4 +-
da1216b9 5315 arch/x86/kernel/traps.c | 53 +-
6090327c 5316 arch/x86/kernel/tsc.c | 2 +-
da1216b9 5317 arch/x86/kernel/uprobes.c | 2 +-
6090327c
PK		 5318 arch/x86/kernel/vm86_32.c | 6 +-
5319 arch/x86/kernel/vmlinux.lds.S | 147 +-
6090327c
PK		 5320 arch/x86/kernel/x8664_ksyms_64.c | 6 +-
5321 arch/x86/kernel/x86_init.c | 6 +-
6090327c 5322 arch/x86/kvm/cpuid.c | 21 +-
8cf17962 5323 arch/x86/kvm/emulate.c | 2 +-
6090327c
PK		 5324 arch/x86/kvm/lapic.c | 2 +-
5325 arch/x86/kvm/paging_tmpl.h | 2 +-
5326 arch/x86/kvm/svm.c | 8 +
e8242a6d 5327 arch/x86/kvm/vmx.c | 82 +-
afe359a8 5328 arch/x86/kvm/x86.c | 44 +-
6090327c
PK		 5329 arch/x86/lguest/boot.c | 3 +-
5330 arch/x86/lib/atomic64_386_32.S | 164 +
afe359a8
PK		 5331 arch/x86/lib/atomic64_cx8_32.S | 98 +-
5332 arch/x86/lib/checksum_32.S | 97 +-
da1216b9 5333 arch/x86/lib/clear_page_64.S | 3 +
0986ccbe 5334 arch/x86/lib/cmpxchg16b_emu.S | 3 +
afe359a8
PK		 5335 arch/x86/lib/copy_page_64.S | 14 +-
5336 arch/x86/lib/copy_user_64.S | 66 +-
5337 arch/x86/lib/csum-copy_64.S | 14 +-
6090327c
PK		 5338 arch/x86/lib/csum-wrappers_64.c | 8 +-
5339 arch/x86/lib/getuser.S | 74 +-
8cf17962 5340 arch/x86/lib/insn.c | 8 +-
6090327c 5341 arch/x86/lib/iomap_copy_64.S | 2 +
da1216b9
PK		 5342 arch/x86/lib/memcpy_64.S | 6 +
5343 arch/x86/lib/memmove_64.S | 3 +-
5344 arch/x86/lib/memset_64.S | 3 +
6090327c
PK		 5345 arch/x86/lib/mmx_32.c | 243 +-
5346 arch/x86/lib/msr-reg.S | 2 +
afe359a8 5347 arch/x86/lib/putuser.S | 87 +-
6090327c 5348 arch/x86/lib/rwsem.S | 6 +-
afe359a8 5349 arch/x86/lib/usercopy_32.c | 359 +-
da1216b9 5350 arch/x86/lib/usercopy_64.c | 20 +-
afe359a8
PK		 5351 arch/x86/math-emu/fpu_aux.c | 2 +-
5352 arch/x86/math-emu/fpu_entry.c | 4 +-
5353 arch/x86/math-emu/fpu_system.h | 2 +-
6090327c 5354 arch/x86/mm/Makefile | 4 +
afe359a8 5355 arch/x86/mm/extable.c | 26 +-
da1216b9 5356 arch/x86/mm/fault.c | 570 +-
6090327c
PK		 5357 arch/x86/mm/gup.c | 6 +-
5358 arch/x86/mm/highmem_32.c | 4 +
5359 arch/x86/mm/hugetlbpage.c | 24 +-
5360 arch/x86/mm/init.c | 101 +-
5361 arch/x86/mm/init_32.c | 111 +-
8cf17962 5362 arch/x86/mm/init_64.c | 46 +-
6090327c 5363 arch/x86/mm/iomap_32.c | 4 +
afe359a8 5364 arch/x86/mm/ioremap.c | 44 +-
6090327c 5365 arch/x86/mm/kmemcheck/kmemcheck.c | 4 +-
da1216b9 5366 arch/x86/mm/mmap.c | 40 +-
6090327c
PK		 5367 arch/x86/mm/mmio-mod.c | 10 +-
5368 arch/x86/mm/numa.c | 2 +-
5369 arch/x86/mm/pageattr.c | 33 +-
afe359a8 5370 arch/x86/mm/pat.c | 12 +-
6090327c
PK		 5371 arch/x86/mm/pat_rbtree.c | 2 +-
5372 arch/x86/mm/pf_in.c | 10 +-
e8242a6d 5373 arch/x86/mm/pgtable.c | 162 +-
6090327c 5374 arch/x86/mm/pgtable_32.c | 3 +
6090327c
PK		 5375 arch/x86/mm/setup_nx.c | 7 +
5376 arch/x86/mm/tlb.c | 4 +
5377 arch/x86/mm/uderef_64.c | 37 +
5378 arch/x86/net/bpf_jit.S | 11 +
8cf17962 5379 arch/x86/net/bpf_jit_comp.c | 13 +-
da1216b9 5380 arch/x86/oprofile/backtrace.c | 6 +-
6090327c
PK		 5381 arch/x86/oprofile/nmi_int.c | 8 +-
5382 arch/x86/oprofile/op_model_amd.c | 8 +-
5383 arch/x86/oprofile/op_model_ppro.c | 7 +-
5384 arch/x86/oprofile/op_x86_model.h | 2 +-
5385 arch/x86/pci/intel_mid_pci.c | 2 +-
5386 arch/x86/pci/irq.c | 8 +-
5387 arch/x86/pci/pcbios.c | 144 +-
5388 arch/x86/platform/efi/efi_32.c | 24 +
da1216b9 5389 arch/x86/platform/efi/efi_64.c | 26 +-
6090327c 5390 arch/x86/platform/efi/efi_stub_32.S | 64 +-
8cf17962 5391 arch/x86/platform/efi/efi_stub_64.S | 2 +
e8242a6d 5392 arch/x86/platform/intel-mid/intel-mid.c | 5 +-
a8b227b4
PK		 5393 arch/x86/platform/intel-mid/intel_mid_weak_decls.h | 6 +-
5394 arch/x86/platform/intel-mid/mfld.c | 4 +-
5395 arch/x86/platform/intel-mid/mrfl.c | 2 +-
e8242a6d 5396 arch/x86/platform/intel-quark/imr_selftest.c | 2 +-
6090327c
PK		 5397 arch/x86/platform/olpc/olpc_dt.c | 2 +-
5398 arch/x86/power/cpu.c | 11 +-
5399 arch/x86/realmode/init.c | 10 +-
5400 arch/x86/realmode/rm/Makefile | 3 +
5401 arch/x86/realmode/rm/header.S | 4 +-
da1216b9 5402 arch/x86/realmode/rm/reboot.S | 4 +
6090327c
PK		 5403 arch/x86/realmode/rm/trampoline_32.S | 12 +-
5404 arch/x86/realmode/rm/trampoline_64.S | 3 +-
5405 arch/x86/realmode/rm/wakeup_asm.S | 5 +-
5406 arch/x86/tools/Makefile | 2 +-
afe359a8 5407 arch/x86/tools/relocs.c | 96 +-
6090327c
PK		 5408 arch/x86/um/mem_32.c | 2 +-
5409 arch/x86/um/tls_32.c | 2 +-
da1216b9
PK		 5410 arch/x86/xen/enlighten.c | 50 +-
5411 arch/x86/xen/mmu.c | 17 +-
5412 arch/x86/xen/smp.c | 16 +-
6090327c
PK		 5413 arch/x86/xen/xen-asm_32.S | 2 +-
5414 arch/x86/xen/xen-head.S | 11 +
5415 arch/x86/xen/xen-ops.h | 2 -
e8242a6d 5416 block/bio.c | 4 +-
6090327c
PK		 5417 block/blk-iopoll.c | 2 +-
5418 block/blk-map.c | 2 +-
5419 block/blk-softirq.c | 2 +-
5420 block/bsg.c | 12 +-
5421 block/compat_ioctl.c | 4 +-
5422 block/genhd.c | 9 +-
5423 block/partitions/efi.c | 8 +-
5424 block/scsi_ioctl.c | 29 +-
5425 crypto/cryptd.c | 4 +-
5426 crypto/pcrypt.c | 2 +-
e8242a6d 5427 crypto/zlib.c | 4 +-
afe359a8 5428 drivers/acpi/acpi_video.c | 2 +-
6090327c
PK		 5429 drivers/acpi/apei/apei-internal.h | 2 +-
5430 drivers/acpi/apei/ghes.c | 4 +-
5431 drivers/acpi/bgrt.c | 6 +-
5432 drivers/acpi/blacklist.c | 4 +-
e8242a6d 5433 drivers/acpi/bus.c | 4 +-
0986ccbe 5434 drivers/acpi/device_pm.c | 4 +-
e8242a6d
PK		 5435 drivers/acpi/ec.c | 2 +-
5436 drivers/acpi/pci_slot.c | 2 +-
5437 drivers/acpi/processor_driver.c | 2 +-
6090327c 5438 drivers/acpi/processor_idle.c | 2 +-
e8242a6d
PK		 5439 drivers/acpi/processor_pdc.c | 2 +-
5440 drivers/acpi/sleep.c | 2 +-
6090327c 5441 drivers/acpi/sysfs.c | 4 +-
e8242a6d 5442 drivers/acpi/thermal.c | 2 +-
afe359a8 5443 drivers/acpi/video_detect.c | 7 +-
6090327c
PK		 5444 drivers/ata/libahci.c | 2 +-
5445 drivers/ata/libata-core.c | 12 +-
5446 drivers/ata/libata-scsi.c | 2 +-
5447 drivers/ata/libata.h | 2 +-
5448 drivers/ata/pata_arasan_cf.c | 4 +-
5449 drivers/atm/adummy.c | 2 +-
5450 drivers/atm/ambassador.c | 8 +-
5451 drivers/atm/atmtcp.c | 14 +-
5452 drivers/atm/eni.c | 10 +-
5453 drivers/atm/firestream.c | 8 +-
5454 drivers/atm/fore200e.c | 14 +-
5455 drivers/atm/he.c | 18 +-
5456 drivers/atm/horizon.c | 4 +-
5457 drivers/atm/idt77252.c | 36 +-
5458 drivers/atm/iphase.c | 34 +-
5459 drivers/atm/lanai.c | 12 +-
5460 drivers/atm/nicstar.c | 46 +-
5461 drivers/atm/solos-pci.c | 4 +-
5462 drivers/atm/suni.c | 4 +-
5463 drivers/atm/uPD98402.c | 16 +-
5464 drivers/atm/zatm.c | 6 +-
5465 drivers/base/bus.c | 4 +-
5466 drivers/base/devtmpfs.c | 8 +-
5467 drivers/base/node.c | 2 +-
da1216b9 5468 drivers/base/power/domain.c | 11 +-
6090327c
PK		 5469 drivers/base/power/sysfs.c | 2 +-
5470 drivers/base/power/wakeup.c | 8 +-
5471 drivers/base/syscore.c | 4 +-
5472 drivers/block/cciss.c | 28 +-
5473 drivers/block/cciss.h | 2 +-
5474 drivers/block/cpqarray.c | 28 +-
5475 drivers/block/cpqarray.h | 2 +-
a8b227b4 5476 drivers/block/drbd/drbd_bitmap.c | 2 +-
8cf17962 5477 drivers/block/drbd/drbd_int.h | 8 +-
a8b227b4 5478 drivers/block/drbd/drbd_main.c | 12 +-
6090327c 5479 drivers/block/drbd/drbd_nl.c | 4 +-
a8b227b4
PK		 5480 drivers/block/drbd/drbd_receiver.c | 34 +-
5481 drivers/block/drbd/drbd_worker.c | 8 +-
6090327c 5482 drivers/block/pktcdvd.c | 4 +-
8cf17962 5483 drivers/block/rbd.c | 2 +-
6090327c
PK		 5484 drivers/bluetooth/btwilink.c | 2 +-
5485 drivers/cdrom/cdrom.c | 11 +-
5486 drivers/cdrom/gdrom.c | 1 -
5487 drivers/char/agp/compat_ioctl.c | 2 +-
5488 drivers/char/agp/frontend.c | 4 +-
afe359a8 5489 drivers/char/agp/intel-gtt.c | 4 +-
6090327c 5490 drivers/char/hpet.c | 2 +-
6090327c
PK		 5491 drivers/char/ipmi/ipmi_msghandler.c | 8 +-
5492 drivers/char/ipmi/ipmi_si_intf.c | 8 +-
8cf17962 5493 drivers/char/mem.c | 47 +-
6090327c 5494 drivers/char/nvram.c | 2 +-
a8b227b4
PK		 5495 drivers/char/pcmcia/synclink_cs.c | 16 +-
5496 drivers/char/random.c | 12 +-
e8242a6d 5497 drivers/char/sonypi.c | 11 +-
6090327c
PK		 5498 drivers/char/tpm/tpm_acpi.c | 3 +-
5499 drivers/char/tpm/tpm_eventlog.c | 7 +-
5500 drivers/char/virtio_console.c | 4 +-
5501 drivers/clk/clk-composite.c | 2 +-
da1216b9 5502 drivers/clk/samsung/clk.h | 2 +-
6090327c
PK		 5503 drivers/clk/socfpga/clk-gate.c | 9 +-
5504 drivers/clk/socfpga/clk-pll.c | 9 +-
5505 drivers/cpufreq/acpi-cpufreq.c | 17 +-
8cf17962 5506 drivers/cpufreq/cpufreq-dt.c | 4 +-
6090327c 5507 drivers/cpufreq/cpufreq.c | 26 +-
afe359a8 5508 drivers/cpufreq/cpufreq_governor.c | 2 +-
6090327c
PK		 5509 drivers/cpufreq/cpufreq_governor.h | 4 +-
5510 drivers/cpufreq/cpufreq_ondemand.c | 10 +-
0986ccbe 5511 drivers/cpufreq/intel_pstate.c | 33 +-
6090327c
PK		 5512 drivers/cpufreq/p4-clockmod.c | 12 +-
5513 drivers/cpufreq/sparc-us3-cpufreq.c | 67 +-
5514 drivers/cpufreq/speedstep-centrino.c | 7 +-
5515 drivers/cpuidle/driver.c | 2 +-
afe359a8 5516 drivers/cpuidle/dt_idle_states.c | 2 +-
6090327c
PK		 5517 drivers/cpuidle/governor.c | 2 +-
5518 drivers/cpuidle/sysfs.c | 2 +-
5519 drivers/crypto/hifn_795x.c | 4 +-
5520 drivers/devfreq/devfreq.c | 4 +-
5521 drivers/dma/sh/shdma-base.c | 4 +-
5522 drivers/dma/sh/shdmac.c | 2 +-
5523 drivers/edac/edac_device.c | 4 +-
da1216b9 5524 drivers/edac/edac_mc_sysfs.c | 2 +-
6090327c
PK		 5525 drivers/edac/edac_pci.c | 4 +-
5526 drivers/edac/edac_pci_sysfs.c | 22 +-
5527 drivers/edac/mce_amd.h | 2 +-
5528 drivers/firewire/core-card.c | 6 +-
5529 drivers/firewire/core-device.c | 2 +-
5530 drivers/firewire/core-transaction.c | 1 +
5531 drivers/firewire/core.h | 1 +
5532 drivers/firmware/dmi-id.c | 2 +-
afe359a8 5533 drivers/firmware/dmi_scan.c | 12 +-
6090327c
PK		 5534 drivers/firmware/efi/cper.c | 8 +-
5535 drivers/firmware/efi/efi.c | 12 +-
5536 drivers/firmware/efi/efivars.c | 2 +-
e8242a6d
PK		 5537 drivers/firmware/efi/runtime-map.c | 2 +-
5538 drivers/firmware/google/gsmi.c | 2 +-
5539 drivers/firmware/google/memconsole.c | 7 +-
5540 drivers/firmware/memmap.c | 2 +-
afe359a8 5541 drivers/gpio/gpio-davinci.c | 6 +-
6090327c
PK		 5542 drivers/gpio/gpio-em.c | 2 +-
5543 drivers/gpio/gpio-ich.c | 2 +-
afe359a8 5544 drivers/gpio/gpio-omap.c | 4 +-
6090327c
PK		 5545 drivers/gpio/gpio-rcar.c | 2 +-
5546 drivers/gpio/gpio-vr41xx.c | 2 +-
a8b227b4 5547 drivers/gpio/gpiolib.c | 13 +-
afe359a8
PK		 5548 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +-
5549 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 2 +-
5550 drivers/gpu/drm/amd/amdkfd/kfd_device.c | 6 +-
5551 .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 90 +-
5552 .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.h | 8 +-
5553 .../drm/amd/amdkfd/kfd_device_queue_manager_cik.c | 14 +-
5554 .../drm/amd/amdkfd/kfd_device_queue_manager_vi.c | 14 +-
5555 drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c | 4 +-
5556 drivers/gpu/drm/amd/amdkfd/kfd_kernel_queue.c | 2 +-
e8242a6d 5557 drivers/gpu/drm/amd/amdkfd/kfd_kernel_queue.h | 2 +-
afe359a8 5558 .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 16 +-
6090327c 5559 drivers/gpu/drm/drm_crtc.c | 2 +-
a8b227b4 5560 drivers/gpu/drm/drm_drv.c | 2 +-
6090327c
PK		 5561 drivers/gpu/drm/drm_fops.c | 12 +-
5562 drivers/gpu/drm/drm_global.c | 14 +-
5563 drivers/gpu/drm/drm_info.c | 13 +-
5564 drivers/gpu/drm/drm_ioc32.c | 13 +-
a8b227b4 5565 drivers/gpu/drm/drm_ioctl.c | 2 +-
e8242a6d 5566 drivers/gpu/drm/gma500/mdfld_dsi_dpi.c | 10 +-
6090327c 5567 drivers/gpu/drm/i810/i810_drv.h | 4 +-
afe359a8 5568 drivers/gpu/drm/i915/i915_debugfs.c | 2 +-
6090327c
PK		 5569 drivers/gpu/drm/i915/i915_dma.c | 2 +-
5570 drivers/gpu/drm/i915/i915_gem_execbuffer.c | 4 +-
afe359a8
PK		 5571 drivers/gpu/drm/i915/i915_gem_gtt.c | 32 +-
5572 drivers/gpu/drm/i915/i915_gem_gtt.h | 16 +-
5573 drivers/gpu/drm/i915/i915_gem_stolen.c | 2 +-
da1216b9 5574 drivers/gpu/drm/i915/i915_ioc32.c | 16 +-
6090327c 5575 drivers/gpu/drm/i915/intel_display.c | 26 +-
8cf17962 5576 drivers/gpu/drm/imx/imx-drm-core.c | 2 +-
6090327c 5577 drivers/gpu/drm/mga/mga_drv.h | 4 +-
da1216b9 5578 drivers/gpu/drm/mga/mga_ioc32.c | 10 +-
6090327c
PK		 5579 drivers/gpu/drm/mga/mga_irq.c | 8 +-
5580 drivers/gpu/drm/nouveau/nouveau_bios.c | 2 +-
5581 drivers/gpu/drm/nouveau/nouveau_drm.h | 1 -
5582 drivers/gpu/drm/nouveau/nouveau_ioc32.c | 2 +-
5583 drivers/gpu/drm/nouveau/nouveau_vga.c | 2 +-
afe359a8 5584 drivers/gpu/drm/omapdrm/Makefile | 2 +-
6090327c
PK		 5585 drivers/gpu/drm/qxl/qxl_cmd.c | 12 +-
5586 drivers/gpu/drm/qxl/qxl_debugfs.c | 8 +-
5587 drivers/gpu/drm/qxl/qxl_drv.h | 8 +-
5588 drivers/gpu/drm/qxl/qxl_ioctl.c | 10 +-
5589 drivers/gpu/drm/qxl/qxl_irq.c | 16 +-
5590 drivers/gpu/drm/qxl/qxl_ttm.c | 38 +-
5591 drivers/gpu/drm/r128/r128_cce.c | 2 +-
5592 drivers/gpu/drm/r128/r128_drv.h | 4 +-
da1216b9 5593 drivers/gpu/drm/r128/r128_ioc32.c | 10 +-
6090327c
PK		 5594 drivers/gpu/drm/r128/r128_irq.c | 4 +-
5595 drivers/gpu/drm/r128/r128_state.c | 4 +-
5596 drivers/gpu/drm/radeon/mkregtable.c | 4 +-
5597 drivers/gpu/drm/radeon/radeon_device.c | 2 +-
5598 drivers/gpu/drm/radeon/radeon_drv.h | 2 +-
da1216b9 5599 drivers/gpu/drm/radeon/radeon_ioc32.c | 12 +-
6090327c
PK		 5600 drivers/gpu/drm/radeon/radeon_irq.c | 6 +-
5601 drivers/gpu/drm/radeon/radeon_state.c | 4 +-
5602 drivers/gpu/drm/radeon/radeon_ttm.c | 4 +-
5603 drivers/gpu/drm/tegra/dc.c | 2 +-
5604 drivers/gpu/drm/tegra/dsi.c | 2 +-
5605 drivers/gpu/drm/tegra/hdmi.c | 2 +-
afe359a8
PK		 5606 drivers/gpu/drm/tegra/sor.c | 7 +-
5607 drivers/gpu/drm/tilcdc/Makefile | 6 +-
6090327c 5608 drivers/gpu/drm/ttm/ttm_memory.c | 4 +-
0986ccbe
PK		 5609 drivers/gpu/drm/ttm/ttm_page_alloc.c | 18 +-
5610 drivers/gpu/drm/ttm/ttm_page_alloc_dma.c | 18 +-
6090327c
PK		 5611 drivers/gpu/drm/udl/udl_fb.c | 1 -
5612 drivers/gpu/drm/via/via_drv.h | 4 +-
5613 drivers/gpu/drm/via/via_irq.c | 18 +-
afe359a8
PK		 5614 drivers/gpu/drm/virtio/virtgpu_debugfs.c | 2 +-
5615 drivers/gpu/drm/virtio/virtgpu_fence.c | 2 +-
6090327c
PK		 5616 drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 2 +-
5617 drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c | 8 +-
5618 drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c | 4 +-
5619 drivers/gpu/drm/vmwgfx/vmwgfx_irq.c | 4 +-
5620 drivers/gpu/drm/vmwgfx/vmwgfx_marker.c | 2 +-
5621 drivers/gpu/vga/vga_switcheroo.c | 4 +-
5622 drivers/hid/hid-core.c | 4 +-
afe359a8 5623 drivers/hid/hid-sensor-custom.c | 2 +-
e8242a6d 5624 drivers/hv/channel.c | 2 +-
6090327c
PK		 5625 drivers/hv/hv.c | 4 +-
5626 drivers/hv/hv_balloon.c | 18 +-
5627 drivers/hv/hyperv_vmbus.h | 2 +-
e8242a6d 5628 drivers/hwmon/acpi_power_meter.c | 6 +-
6090327c
PK		 5629 drivers/hwmon/applesmc.c | 2 +-
5630 drivers/hwmon/asus_atk0110.c | 10 +-
5631 drivers/hwmon/coretemp.c | 2 +-
afe359a8 5632 drivers/hwmon/dell-smm-hwmon.c | 2 +-
6090327c
PK		 5633 drivers/hwmon/ibmaem.c | 2 +-
5634 drivers/hwmon/iio_hwmon.c | 2 +-
a8b227b4 5635 drivers/hwmon/nct6683.c | 6 +-
6090327c
PK		 5636 drivers/hwmon/nct6775.c | 6 +-
5637 drivers/hwmon/pmbus/pmbus_core.c | 10 +-
5638 drivers/hwmon/sht15.c | 12 +-
5639 drivers/hwmon/via-cputemp.c | 2 +-
5640 drivers/i2c/busses/i2c-amd756-s4882.c | 2 +-
5641 drivers/i2c/busses/i2c-diolan-u2c.c | 2 +-
5642 drivers/i2c/busses/i2c-nforce2-s4985.c | 2 +-
5643 drivers/i2c/i2c-dev.c | 2 +-
5644 drivers/ide/ide-cd.c | 2 +-
5645 drivers/iio/industrialio-core.c | 2 +-
afe359a8 5646 drivers/iio/magnetometer/ak8975.c | 2 +-
6090327c
PK		 5647 drivers/infiniband/core/cm.c | 32 +-
5648 drivers/infiniband/core/fmr_pool.c | 20 +-
e8242a6d 5649 drivers/infiniband/core/uverbs_cmd.c | 3 +
6090327c
PK		 5650 drivers/infiniband/hw/cxgb4/mem.c | 4 +-
5651 drivers/infiniband/hw/ipath/ipath_rc.c | 6 +-
5652 drivers/infiniband/hw/ipath/ipath_ruc.c | 6 +-
5653 drivers/infiniband/hw/mlx4/mad.c | 2 +-
5654 drivers/infiniband/hw/mlx4/mcg.c | 2 +-
5655 drivers/infiniband/hw/mlx4/mlx4_ib.h | 2 +-
5656 drivers/infiniband/hw/mthca/mthca_cmd.c | 8 +-
5657 drivers/infiniband/hw/mthca/mthca_main.c | 2 +-
5658 drivers/infiniband/hw/mthca/mthca_mr.c | 6 +-
5659 drivers/infiniband/hw/mthca/mthca_provider.c | 2 +-
5660 drivers/infiniband/hw/nes/nes.c | 4 +-
5661 drivers/infiniband/hw/nes/nes.h | 40 +-
5662 drivers/infiniband/hw/nes/nes_cm.c | 62 +-
5663 drivers/infiniband/hw/nes/nes_mgt.c | 8 +-
5664 drivers/infiniband/hw/nes/nes_nic.c | 40 +-
5665 drivers/infiniband/hw/nes/nes_verbs.c | 10 +-
5666 drivers/infiniband/hw/qib/qib.h | 1 +
0986ccbe 5667 drivers/infiniband/ulp/ipoib/ipoib_netlink.c | 2 +-
6090327c
PK		 5668 drivers/input/gameport/gameport.c | 4 +-
5669 drivers/input/input.c | 4 +-
5670 drivers/input/joystick/sidewinder.c | 1 +
5671 drivers/input/joystick/xpad.c | 4 +-
5672 drivers/input/misc/ims-pcu.c | 4 +-
5673 drivers/input/mouse/psmouse.h | 2 +-
5674 drivers/input/mousedev.c | 2 +-
5675 drivers/input/serio/serio.c | 4 +-
5676 drivers/input/serio/serio_raw.c | 4 +-
e8242a6d 5677 drivers/input/touchscreen/htcpen.c | 2 +-
da1216b9
PK		 5678 drivers/iommu/arm-smmu.c | 43 +-
5679 drivers/iommu/io-pgtable-arm.c | 101 +-
5680 drivers/iommu/io-pgtable.c | 11 +-
5681 drivers/iommu/io-pgtable.h | 19 +-
0986ccbe 5682 drivers/iommu/iommu.c | 2 +-
da1216b9 5683 drivers/iommu/ipmmu-vmsa.c | 13 +-
afe359a8 5684 drivers/iommu/irq_remapping.c | 2 +-
da1216b9 5685 drivers/irqchip/irq-gic.c | 2 +-
8cf17962 5686 drivers/irqchip/irq-renesas-intc-irqpin.c | 2 +-
6090327c
PK		 5687 drivers/irqchip/irq-renesas-irqc.c | 2 +-
5688 drivers/isdn/capi/capi.c | 10 +-
5689 drivers/isdn/gigaset/interface.c | 8 +-
5690 drivers/isdn/gigaset/usb-gigaset.c | 2 +-
5691 drivers/isdn/hardware/avm/b1.c | 4 +-
5692 drivers/isdn/i4l/isdn_common.c | 2 +
5693 drivers/isdn/i4l/isdn_tty.c | 22 +-
5694 drivers/isdn/icn/icn.c | 2 +-
5695 drivers/isdn/mISDN/dsp_cmx.c | 2 +-
6090327c
PK		 5696 drivers/lguest/core.c | 10 +-
5697 drivers/lguest/page_tables.c | 2 +-
5698 drivers/lguest/x86/core.c | 12 +-
5699 drivers/lguest/x86/switcher_32.S | 27 +-
5700 drivers/md/bcache/closure.h | 2 +-
5701 drivers/md/bitmap.c | 2 +-
5702 drivers/md/dm-ioctl.c | 2 +-
afe359a8 5703 drivers/md/dm-raid1.c | 18 +-
6090327c
PK		 5704 drivers/md/dm-stats.c | 6 +-
5705 drivers/md/dm-stripe.c | 10 +-
0986ccbe 5706 drivers/md/dm-table.c | 2 +-
6090327c
PK		 5707 drivers/md/dm-thin-metadata.c | 4 +-
5708 drivers/md/dm.c | 16 +-
5709 drivers/md/md.c | 26 +-
5710 drivers/md/md.h | 6 +-
5711 drivers/md/persistent-data/dm-space-map-metadata.c | 4 +-
5712 drivers/md/persistent-data/dm-space-map.h | 1 +
5713 drivers/md/raid1.c | 4 +-
5714 drivers/md/raid10.c | 16 +-
e8242a6d 5715 drivers/md/raid5.c | 22 +-
6090327c
PK		 5716 drivers/media/dvb-core/dvbdev.c | 2 +-
5717 drivers/media/dvb-frontends/af9033.h | 2 +-
5718 drivers/media/dvb-frontends/dib3000.h | 2 +-
a8b227b4
PK		 5719 drivers/media/dvb-frontends/dib7000p.h | 2 +-
5720 drivers/media/dvb-frontends/dib8000.h | 2 +-
6090327c
PK		 5721 drivers/media/pci/cx88/cx88-video.c | 6 +-
5722 drivers/media/pci/ivtv/ivtv-driver.c | 2 +-
a8b227b4
PK		 5723 drivers/media/pci/solo6x10/solo6x10-core.c | 2 +-
5724 drivers/media/pci/solo6x10/solo6x10-p2m.c | 2 +-
5725 drivers/media/pci/solo6x10/solo6x10.h | 2 +-
0986ccbe 5726 drivers/media/pci/tw68/tw68-core.c | 2 +-
6090327c
PK		 5727 drivers/media/platform/omap/omap_vout.c | 11 +-
5728 drivers/media/platform/s5p-tv/mixer.h | 2 +-
5729 drivers/media/platform/s5p-tv/mixer_grp_layer.c | 2 +-
5730 drivers/media/platform/s5p-tv/mixer_reg.c | 2 +-
5731 drivers/media/platform/s5p-tv/mixer_video.c | 24 +-
5732 drivers/media/platform/s5p-tv/mixer_vp_layer.c | 2 +-
6090327c
PK		 5733 drivers/media/radio/radio-cadet.c | 2 +
5734 drivers/media/radio/radio-maxiradio.c | 2 +-
5735 drivers/media/radio/radio-shark.c | 2 +-
5736 drivers/media/radio/radio-shark2.c | 2 +-
5737 drivers/media/radio/radio-si476x.c | 2 +-
8cf17962 5738 drivers/media/radio/wl128x/fmdrv_common.c | 2 +-
0986ccbe 5739 drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 12 +-
6090327c
PK		 5740 drivers/media/v4l2-core/v4l2-device.c | 4 +-
5741 drivers/media/v4l2-core/v4l2-ioctl.c | 13 +-
8cf17962 5742 drivers/memory/omap-gpmc.c | 21 +-
6090327c 5743 drivers/message/fusion/mptsas.c | 34 +-
6090327c 5744 drivers/mfd/ab8500-debugfs.c | 2 +-
e8242a6d 5745 drivers/mfd/kempld-core.c | 2 +-
6090327c
PK		 5746 drivers/mfd/max8925-i2c.c | 2 +-
5747 drivers/mfd/tps65910.c | 2 +-
5748 drivers/mfd/twl4030-irq.c | 9 +-
5749 drivers/misc/c2port/core.c | 4 +-
5750 drivers/misc/eeprom/sunxi_sid.c | 4 +-
5751 drivers/misc/kgdbts.c | 4 +-
5752 drivers/misc/lis3lv02d/lis3lv02d.c | 8 +-
5753 drivers/misc/lis3lv02d/lis3lv02d.h | 2 +-
afe359a8 5754 drivers/misc/mic/scif/scif_rb.c | 8 +-
6090327c
PK		 5755 drivers/misc/sgi-gru/gruhandles.c | 4 +-
5756 drivers/misc/sgi-gru/gruprocfs.c | 8 +-
5757 drivers/misc/sgi-gru/grutables.h | 154 +-
5758 drivers/misc/sgi-xp/xp.h | 2 +-
5759 drivers/misc/sgi-xp/xpc.h | 3 +-
da1216b9 5760 drivers/misc/sgi-xp/xpc_main.c | 2 +-
6090327c 5761 drivers/mmc/card/block.c | 2 +-
6090327c
PK		 5762 drivers/mmc/host/dw_mmc.h | 2 +-
5763 drivers/mmc/host/mmci.c | 4 +-
0986ccbe 5764 drivers/mmc/host/omap_hsmmc.c | 4 +-
6090327c
PK		 5765 drivers/mmc/host/sdhci-esdhc-imx.c | 7 +-
5766 drivers/mmc/host/sdhci-s3c.c | 8 +-
5767 drivers/mtd/chips/cfi_cmdset_0020.c | 2 +-
5768 drivers/mtd/nand/denali.c | 1 +
0986ccbe 5769 drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 2 +-
6090327c
PK		 5770 drivers/mtd/nftlmount.c | 1 +
5771 drivers/mtd/sm_ftl.c | 2 +-
5772 drivers/net/bonding/bond_netlink.c | 2 +-
0986ccbe 5773 drivers/net/caif/caif_hsi.c | 2 +-
6090327c 5774 drivers/net/can/Kconfig | 2 +-
0986ccbe
PK		 5775 drivers/net/can/dev.c | 2 +-
5776 drivers/net/can/vcan.c | 2 +-
5777 drivers/net/dummy.c | 2 +-
6090327c
PK		 5778 drivers/net/ethernet/8390/ax88796.c | 4 +-
5779 drivers/net/ethernet/altera/altera_tse_main.c | 4 +-
a8b227b4 5780 drivers/net/ethernet/amd/xgbe/xgbe-common.h | 4 +-
0986ccbe 5781 drivers/net/ethernet/amd/xgbe/xgbe-dcb.c | 4 +-
e8242a6d 5782 drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 27 +-
afe359a8
PK		 5783 drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 143 +-
5784 drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 64 +-
5785 drivers/net/ethernet/amd/xgbe/xgbe-ethtool.c | 10 +-
5786 drivers/net/ethernet/amd/xgbe/xgbe-main.c | 15 +-
5787 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 27 +-
a8b227b4 5788 drivers/net/ethernet/amd/xgbe/xgbe-ptp.c | 4 +-
afe359a8 5789 drivers/net/ethernet/amd/xgbe/xgbe.h | 10 +-
6090327c
PK		 5790 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h | 2 +-
5791 drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c | 11 +-
5792 drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h | 3 +-
5793 drivers/net/ethernet/broadcom/tg3.h | 1 +
afe359a8
PK		 5794 drivers/net/ethernet/cavium/liquidio/lio_ethtool.c | 6 +-
5795 drivers/net/ethernet/cavium/liquidio/lio_main.c | 11 +-
6090327c 5796 drivers/net/ethernet/chelsio/cxgb3/l2t.h | 2 +-
6090327c
PK		 5797 drivers/net/ethernet/dec/tulip/de4x5.c | 4 +-
5798 drivers/net/ethernet/emulex/benet/be_main.c | 2 +-
5799 drivers/net/ethernet/faraday/ftgmac100.c | 2 +
5800 drivers/net/ethernet/faraday/ftmac100.c | 2 +
5801 drivers/net/ethernet/intel/i40e/i40e_ptp.c | 2 +-
5802 drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c | 2 +-
0986ccbe 5803 drivers/net/ethernet/mellanox/mlx4/en_tx.c | 4 +-
afe359a8 5804 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 +-
6090327c
PK		 5805 drivers/net/ethernet/neterion/vxge/vxge-config.c | 7 +-
5806 .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c | 4 +-
5807 .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c | 12 +-
5808 .../net/ethernet/qlogic/qlcnic/qlcnic_minidump.c | 2 +-
5809 drivers/net/ethernet/realtek/r8169.c | 8 +-
5810 drivers/net/ethernet/sfc/ptp.c | 2 +-
5811 drivers/net/ethernet/stmicro/stmmac/mmc_core.c | 4 +-
e8242a6d 5812 drivers/net/ethernet/via/via-rhine.c | 2 +-
6090327c
PK		 5813 drivers/net/hyperv/hyperv_net.h | 2 +-
5814 drivers/net/hyperv/rndis_filter.c | 4 +-
0986ccbe 5815 drivers/net/ifb.c | 2 +-
afe359a8 5816 drivers/net/ipvlan/ipvlan_core.c | 2 +-
6090327c 5817 drivers/net/macvlan.c | 20 +-
0986ccbe
PK		 5818 drivers/net/macvtap.c | 6 +-
5819 drivers/net/nlmon.c | 2 +-
8cf17962 5820 drivers/net/phy/phy_device.c | 6 +-
6090327c
PK		 5821 drivers/net/ppp/ppp_generic.c | 4 +-
5822 drivers/net/slip/slhc.c | 2 +-
0986ccbe
PK		 5823 drivers/net/team/team.c | 4 +-
5824 drivers/net/tun.c | 7 +-
6090327c
PK		 5825 drivers/net/usb/hso.c | 23 +-
5826 drivers/net/usb/r8152.c | 2 +-
5827 drivers/net/usb/sierra_net.c | 4 +-
5828 drivers/net/virtio_net.c | 2 +-
5829 drivers/net/vxlan.c | 4 +-
5830 drivers/net/wimax/i2400m/rx.c | 2 +-
5831 drivers/net/wireless/airo.c | 2 +-
5832 drivers/net/wireless/at76c50x-usb.c | 2 +-
5833 drivers/net/wireless/ath/ath10k/htc.c | 7 +-
5834 drivers/net/wireless/ath/ath10k/htc.h | 4 +-
a8b227b4
PK		 5835 drivers/net/wireless/ath/ath9k/ar9002_mac.c | 36 +-
5836 drivers/net/wireless/ath/ath9k/ar9003_mac.c | 64 +-
6090327c 5837 drivers/net/wireless/ath/ath9k/hw.h | 4 +-
a8b227b4 5838 drivers/net/wireless/ath/ath9k/main.c | 22 +-
6090327c
PK		 5839 drivers/net/wireless/b43/phy_lp.c | 2 +-
5840 drivers/net/wireless/iwlegacy/3945-mac.c | 4 +-
5841 drivers/net/wireless/iwlwifi/dvm/debugfs.c | 34 +-
5842 drivers/net/wireless/iwlwifi/pcie/trans.c | 4 +-
5843 drivers/net/wireless/mac80211_hwsim.c | 28 +-
5844 drivers/net/wireless/rndis_wlan.c | 2 +-
5845 drivers/net/wireless/rt2x00/rt2x00.h | 2 +-
5846 drivers/net/wireless/rt2x00/rt2x00queue.c | 4 +-
5847 drivers/net/wireless/ti/wl1251/sdio.c | 12 +-
5848 drivers/net/wireless/ti/wl12xx/main.c | 8 +-
5849 drivers/net/wireless/ti/wl18xx/main.c | 6 +-
5850 drivers/nfc/nfcwilink.c | 2 +-
e8242a6d 5851 drivers/of/fdt.c | 4 +-
6090327c
PK		 5852 drivers/oprofile/buffer_sync.c | 8 +-
5853 drivers/oprofile/event_buffer.c | 2 +-
5854 drivers/oprofile/oprof.c | 2 +-
5855 drivers/oprofile/oprofile_files.c | 2 +-
5856 drivers/oprofile/oprofile_stats.c | 10 +-
5857 drivers/oprofile/oprofile_stats.h | 10 +-
5858 drivers/oprofile/oprofilefs.c | 6 +-
5859 drivers/oprofile/timer_int.c | 2 +-
5860 drivers/parport/procfs.c | 4 +-
e8242a6d 5861 drivers/pci/host/pci-host-generic.c | 24 +-
6090327c
PK		 5862 drivers/pci/hotplug/acpiphp_ibm.c | 4 +-
5863 drivers/pci/hotplug/cpcihp_generic.c | 6 +-
5864 drivers/pci/hotplug/cpcihp_zt5550.c | 14 +-
0986ccbe 5865 drivers/pci/hotplug/cpqphp_nvram.c | 2 +
6090327c
PK		 5866 drivers/pci/hotplug/pci_hotplug_core.c | 6 +-
5867 drivers/pci/hotplug/pciehp_core.c | 2 +-
afe359a8 5868 drivers/pci/msi.c | 21 +-
6090327c
PK		 5869 drivers/pci/pci-sysfs.c | 6 +-
5870 drivers/pci/pci.h | 2 +-
5871 drivers/pci/pcie/aspm.c | 6 +-
e8242a6d 5872 drivers/pci/pcie/portdrv_pci.c | 2 +-
6090327c 5873 drivers/pci/probe.c | 2 +-
afe359a8 5874 drivers/pinctrl/pinctrl-at91.c | 5 +-
e8242a6d 5875 drivers/platform/chrome/chromeos_pstore.c | 2 +-
6090327c 5876 drivers/platform/x86/alienware-wmi.c | 4 +-
e8242a6d
PK		 5877 drivers/platform/x86/compal-laptop.c | 2 +-
5878 drivers/platform/x86/hdaps.c | 2 +-
5879 drivers/platform/x86/ibm_rtl.c | 2 +-
5880 drivers/platform/x86/intel_oaktrail.c | 2 +-
5881 drivers/platform/x86/msi-laptop.c | 16 +-
6090327c 5882 drivers/platform/x86/msi-wmi.c | 2 +-
e8242a6d
PK		 5883 drivers/platform/x86/samsung-laptop.c | 2 +-
5884 drivers/platform/x86/samsung-q10.c | 2 +-
5885 drivers/platform/x86/sony-laptop.c | 14 +-
da1216b9 5886 drivers/platform/x86/thinkpad_acpi.c | 2 +-
6090327c 5887 drivers/pnp/pnpbios/bioscalls.c | 14 +-
e8242a6d 5888 drivers/pnp/pnpbios/core.c | 2 +-
6090327c
PK		 5889 drivers/power/pda_power.c | 7 +-
5890 drivers/power/power_supply.h | 4 +-
5891 drivers/power/power_supply_core.c | 7 +-
5892 drivers/power/power_supply_sysfs.c | 6 +-
afe359a8 5893 drivers/power/reset/at91-reset.c | 9 +-
6090327c
PK		 5894 drivers/powercap/powercap_sys.c | 136 +-
5895 drivers/ptp/ptp_private.h | 2 +-
5896 drivers/ptp/ptp_sysfs.c | 2 +-
5897 drivers/regulator/core.c | 4 +-
5898 drivers/regulator/max8660.c | 6 +-
afe359a8 5899 drivers/regulator/max8973-regulator.c | 16 +-
8cf17962 5900 drivers/regulator/mc13892-regulator.c | 8 +-
afe359a8 5901 drivers/rtc/rtc-armada38x.c | 7 +-
6090327c
PK		 5902 drivers/rtc/rtc-cmos.c | 4 +-
5903 drivers/rtc/rtc-ds1307.c | 2 +-
5904 drivers/rtc/rtc-m48t59.c | 4 +-
afe359a8
PK		 5905 drivers/rtc/rtc-test.c | 6 +-
5906 drivers/scsi/be2iscsi/be_main.c | 2 +-
6090327c
PK		 5907 drivers/scsi/bfa/bfa_fcpim.h | 2 +-
5908 drivers/scsi/bfa/bfa_ioc.h | 4 +-
5909 drivers/scsi/fcoe/fcoe_sysfs.c | 12 +-
5910 drivers/scsi/hosts.c | 4 +-
afe359a8 5911 drivers/scsi/hpsa.c | 38 +-
6090327c
PK		 5912 drivers/scsi/hpsa.h | 2 +-
5913 drivers/scsi/libfc/fc_exch.c | 50 +-
5914 drivers/scsi/libsas/sas_ata.c | 2 +-
5915 drivers/scsi/lpfc/lpfc.h | 8 +-
5916 drivers/scsi/lpfc/lpfc_debugfs.c | 18 +-
5917 drivers/scsi/lpfc/lpfc_init.c | 6 +-
5918 drivers/scsi/lpfc/lpfc_scsi.c | 10 +-
5919 drivers/scsi/mpt2sas/mpt2sas_scsih.c | 8 +-
5920 drivers/scsi/pmcraid.c | 20 +-
5921 drivers/scsi/pmcraid.h | 8 +-
5922 drivers/scsi/qla2xxx/qla_attr.c | 4 +-
5923 drivers/scsi/qla2xxx/qla_gbl.h | 4 +-
5924 drivers/scsi/qla2xxx/qla_os.c | 6 +-
5925 drivers/scsi/qla4xxx/ql4_def.h | 2 +-
5926 drivers/scsi/qla4xxx/ql4_os.c | 6 +-
da1216b9 5927 drivers/scsi/scsi.c | 2 +-
8cf17962 5928 drivers/scsi/scsi_lib.c | 8 +-
6090327c 5929 drivers/scsi/scsi_sysfs.c | 2 +-
6090327c
PK		 5930 drivers/scsi/scsi_transport_fc.c | 8 +-
5931 drivers/scsi/scsi_transport_iscsi.c | 6 +-
5932 drivers/scsi/scsi_transport_srp.c | 6 +-
da1216b9 5933 drivers/scsi/sd.c | 6 +-
6090327c 5934 drivers/scsi/sg.c | 2 +-
afe359a8 5935 drivers/scsi/sr.c | 21 +-
0986ccbe 5936 drivers/soc/tegra/fuse/fuse-tegra.c | 2 +-
6090327c 5937 drivers/spi/spi.c | 2 +-
afe359a8 5938 drivers/spi/spidev.c | 2 +-
6090327c 5939 drivers/staging/android/timed_output.c | 6 +-
8cf17962 5940 drivers/staging/comedi/comedi_fops.c | 8 +-
e8242a6d
PK		 5941 drivers/staging/fbtft/fbtft-core.c | 2 +-
5942 drivers/staging/fbtft/fbtft.h | 2 +-
6090327c 5943 drivers/staging/gdm724x/gdm_tty.c | 2 +-
afe359a8
PK		 5944 drivers/staging/iio/accel/lis3l02dq_ring.c | 2 +-
5945 drivers/staging/iio/adc/ad7280a.c | 4 +-
6090327c
PK		 5946 drivers/staging/lustre/lnet/selftest/brw_test.c | 12 +-
5947 drivers/staging/lustre/lnet/selftest/framework.c | 4 -
5948 drivers/staging/lustre/lnet/selftest/ping_test.c | 14 +-
5949 drivers/staging/lustre/lustre/include/lustre_dlm.h | 2 +-
5950 drivers/staging/lustre/lustre/include/obd.h | 2 +-
da1216b9 5951 drivers/staging/lustre/lustre/libcfs/module.c | 6 +-
6090327c
PK		 5952 drivers/staging/octeon/ethernet-rx.c | 12 +-
5953 drivers/staging/octeon/ethernet.c | 8 +-
5954 drivers/staging/rtl8188eu/include/hal_intf.h | 2 +-
6090327c 5955 drivers/staging/rtl8712/rtl871x_io.h | 2 +-
afe359a8
PK		 5956 drivers/staging/sm750fb/sm750.c | 14 +-
5957 drivers/staging/unisys/visorbus/visorbus_private.h | 4 +-
6090327c
PK		 5958 drivers/target/sbp/sbp_target.c | 4 +-
5959 drivers/target/target_core_device.c | 2 +-
5960 drivers/target/target_core_transport.c | 2 +-
afe359a8 5961 drivers/thermal/cpu_cooling.c | 9 +-
0986ccbe 5962 drivers/thermal/int340x_thermal/int3400_thermal.c | 6 +-
8cf17962 5963 drivers/thermal/of-thermal.c | 17 +-
e8242a6d 5964 drivers/thermal/x86_pkg_temp_thermal.c | 2 +-
6090327c
PK		 5965 drivers/tty/cyclades.c | 6 +-
5966 drivers/tty/hvc/hvc_console.c | 14 +-
5967 drivers/tty/hvc/hvcs.c | 21 +-
5968 drivers/tty/hvc/hvsi.c | 22 +-
5969 drivers/tty/hvc/hvsi_lib.c | 4 +-
5970 drivers/tty/ipwireless/tty.c | 27 +-
5971 drivers/tty/moxa.c | 2 +-
5972 drivers/tty/n_gsm.c | 4 +-
5973 drivers/tty/n_tty.c | 5 +-
5974 drivers/tty/pty.c | 4 +-
5975 drivers/tty/rocket.c | 6 +-
afe359a8
PK		 5976 drivers/tty/serial/8250/8250_core.c | 10 +-
5977 drivers/tty/serial/ifx6x60.c | 2 +-
6090327c
PK		 5978 drivers/tty/serial/ioc4_serial.c | 6 +-
5979 drivers/tty/serial/kgdb_nmi.c | 4 +-
5980 drivers/tty/serial/kgdboc.c | 32 +-
5981 drivers/tty/serial/msm_serial.c | 4 +-
5982 drivers/tty/serial/samsung.c | 9 +-
5983 drivers/tty/serial/serial_core.c | 8 +-
5984 drivers/tty/synclink.c | 34 +-
5985 drivers/tty/synclink_gt.c | 28 +-
5986 drivers/tty/synclinkmp.c | 34 +-
5987 drivers/tty/tty_io.c | 2 +-
5988 drivers/tty/tty_ldisc.c | 8 +-
5989 drivers/tty/tty_port.c | 22 +-
0986ccbe 5990 drivers/uio/uio.c | 13 +-
6090327c
PK		 5991 drivers/usb/atm/cxacru.c | 2 +-
5992 drivers/usb/atm/usbatm.c | 24 +-
5993 drivers/usb/core/devices.c | 6 +-
5994 drivers/usb/core/devio.c | 10 +-
5995 drivers/usb/core/hcd.c | 4 +-
5996 drivers/usb/core/message.c | 6 +-
5997 drivers/usb/core/sysfs.c | 2 +-
5998 drivers/usb/core/usb.c | 2 +-
6090327c 5999 drivers/usb/early/ehci-dbgp.c | 16 +-
a8b227b4 6000 drivers/usb/gadget/function/u_serial.c | 22 +-
afe359a8
PK		 6001 drivers/usb/gadget/udc/dummy_hcd.c | 2 +-
6002 drivers/usb/host/ehci-hcd.c | 2 +-
6090327c 6003 drivers/usb/host/ehci-hub.c | 4 +-
afe359a8
PK		 6004 drivers/usb/host/ehci-q.c | 4 +-
6005 drivers/usb/host/fotg210-hcd.c | 2 +-
6006 drivers/usb/host/fusbh200-hcd.c | 2 +-
6007 drivers/usb/host/hwa-hc.c | 2 +-
6008 drivers/usb/host/ohci-hcd.c | 2 +-
6009 drivers/usb/host/r8a66597.h | 2 +-
6010 drivers/usb/host/uhci-hcd.c | 2 +-
6011 drivers/usb/host/xhci-pci.c | 2 +-
6012 drivers/usb/host/xhci.c | 2 +-
6090327c
PK		 6013 drivers/usb/misc/appledisplay.c | 4 +-
6014 drivers/usb/serial/console.c | 8 +-
afe359a8 6015 drivers/usb/storage/usb.c | 2 +-
6090327c 6016 drivers/usb/storage/usb.h | 2 +-
a8b227b4
PK		 6017 drivers/usb/usbip/vhci.h | 2 +-
6018 drivers/usb/usbip/vhci_hcd.c | 6 +-
6019 drivers/usb/usbip/vhci_rx.c | 2 +-
6090327c
PK		 6020 drivers/usb/wusbcore/wa-hc.h | 4 +-
6021 drivers/usb/wusbcore/wa-xfer.c | 2 +-
6022 drivers/vfio/vfio.c | 2 +-
6023 drivers/vhost/vringh.c | 20 +-
6024 drivers/video/backlight/kb3886_bl.c | 2 +-
6025 drivers/video/fbdev/aty/aty128fb.c | 2 +-
6026 drivers/video/fbdev/aty/atyfb_base.c | 8 +-
6027 drivers/video/fbdev/aty/mach64_cursor.c | 5 +-
6028 drivers/video/fbdev/core/fb_defio.c | 6 +-
6029 drivers/video/fbdev/core/fbmem.c | 2 +-
6030 drivers/video/fbdev/hyperv_fb.c | 4 +-
6031 drivers/video/fbdev/i810/i810_accel.c | 1 +
afe359a8 6032 drivers/video/fbdev/matrox/matroxfb_base.c | 2 +-
6090327c
PK		 6033 drivers/video/fbdev/mb862xx/mb862xxfb_accel.c | 16 +-
6034 drivers/video/fbdev/nvidia/nvidia.c | 27 +-
6035 drivers/video/fbdev/omap2/dss/display.c | 8 +-
6036 drivers/video/fbdev/s1d13xxxfb.c | 6 +-
6037 drivers/video/fbdev/smscufx.c | 4 +-
6038 drivers/video/fbdev/udlfb.c | 36 +-
6039 drivers/video/fbdev/uvesafb.c | 52 +-
6040 drivers/video/fbdev/vesafb.c | 58 +-
6041 drivers/video/fbdev/via/via_clock.h | 2 +-
e8242a6d 6042 drivers/xen/events/events_base.c | 6 +-
afe359a8 6043 drivers/xen/evtchn.c | 4 +-
6090327c
PK		 6044 fs/Kconfig.binfmt | 2 +-
6045 fs/afs/inode.c | 4 +-
6046 fs/aio.c | 2 +-
6047 fs/autofs4/waitq.c | 2 +-
6048 fs/befs/endian.h | 6 +-
6049 fs/binfmt_aout.c | 23 +-
afe359a8
PK		 6050 fs/binfmt_elf.c | 672 +-
6051 fs/binfmt_elf_fdpic.c | 2 +-
6090327c
PK		 6052 fs/block_dev.c | 2 +-
6053 fs/btrfs/ctree.c | 9 +-
6054 fs/btrfs/delayed-inode.c | 6 +-
6055 fs/btrfs/delayed-inode.h | 4 +-
6056 fs/btrfs/super.c | 2 +-
6057 fs/btrfs/sysfs.c | 2 +-
0986ccbe 6058 fs/btrfs/tests/free-space-tests.c | 8 +-
6090327c
PK		 6059 fs/btrfs/tree-log.h | 2 +-
6060 fs/buffer.c | 2 +-
6061 fs/cachefiles/bind.c | 6 +-
6062 fs/cachefiles/daemon.c | 8 +-
6063 fs/cachefiles/internal.h | 12 +-
6064 fs/cachefiles/namei.c | 2 +-
6065 fs/cachefiles/proc.c | 12 +-
afe359a8 6066 fs/ceph/dir.c | 12 +-
6090327c
PK		 6067 fs/ceph/super.c | 4 +-
6068 fs/cifs/cifs_debug.c | 12 +-
6069 fs/cifs/cifsfs.c | 8 +-
6070 fs/cifs/cifsglob.h | 54 +-
6071 fs/cifs/file.c | 10 +-
6072 fs/cifs/misc.c | 4 +-
6073 fs/cifs/smb1ops.c | 80 +-
6074 fs/cifs/smb2ops.c | 84 +-
6075 fs/cifs/smb2pdu.c | 3 +-
6076 fs/coda/cache.c | 10 +-
6077 fs/compat.c | 4 +-
6078 fs/compat_binfmt_elf.c | 2 +
6079 fs/compat_ioctl.c | 12 +-
6080 fs/configfs/dir.c | 10 +-
6081 fs/coredump.c | 16 +-
e8242a6d 6082 fs/dcache.c | 51 +-
6090327c
PK		 6083 fs/ecryptfs/inode.c | 2 +-
6084 fs/ecryptfs/miscdev.c | 2 +-
8cf17962 6085 fs/exec.c | 362 +-
6090327c
PK		 6086 fs/ext2/xattr.c | 5 +-
6087 fs/ext3/xattr.c | 5 +-
6088 fs/ext4/ext4.h | 20 +-
6089 fs/ext4/mballoc.c | 44 +-
6090 fs/ext4/mmp.c | 2 +-
e8242a6d 6091 fs/ext4/resize.c | 16 +-
6090327c
PK		 6092 fs/ext4/super.c | 4 +-
6093 fs/ext4/xattr.c | 5 +-
6094 fs/fhandle.c | 3 +-
6095 fs/file.c | 4 +-
6096 fs/fs_struct.c | 8 +-
6097 fs/fscache/cookie.c | 40 +-
afe359a8 6098 fs/fscache/internal.h | 202 +-
6090327c 6099 fs/fscache/object.c | 26 +-
afe359a8 6100 fs/fscache/operation.c | 38 +-
6090327c 6101 fs/fscache/page.c | 110 +-
afe359a8 6102 fs/fscache/stats.c | 348 +-
6090327c
PK		 6103 fs/fuse/cuse.c | 10 +-
6104 fs/fuse/dev.c | 4 +-
e8242a6d
PK		 6105 fs/gfs2/glock.c | 22 +-
6106 fs/gfs2/glops.c | 4 +-
6107 fs/gfs2/quota.c | 6 +-
6090327c
PK		 6108 fs/hugetlbfs/inode.c | 13 +-
6109 fs/inode.c | 4 +-
6110 fs/jffs2/erase.c | 3 +-
6111 fs/jffs2/wbuf.c | 3 +-
6112 fs/jfs/super.c | 2 +-
6113 fs/kernfs/dir.c | 2 +-
e8242a6d 6114 fs/kernfs/file.c | 20 +-
afe359a8 6115 fs/libfs.c | 10 +-
6090327c 6116 fs/lockd/clntproc.c | 4 +-
afe359a8 6117 fs/namei.c | 16 +-
6090327c
PK		 6118 fs/namespace.c | 16 +-
6119 fs/nfs/callback_xdr.c | 2 +-
6120 fs/nfs/inode.c | 6 +-
6121 fs/nfsd/nfs4proc.c | 2 +-
6122 fs/nfsd/nfs4xdr.c | 2 +-
a8b227b4 6123 fs/nfsd/nfscache.c | 11 +-
6090327c 6124 fs/nfsd/vfs.c | 6 +-
a8b227b4 6125 fs/nls/nls_base.c | 26 +-
6090327c
PK		 6126 fs/nls/nls_euc-jp.c | 6 +-
6127 fs/nls/nls_koi8-ru.c | 6 +-
6128 fs/notify/fanotify/fanotify_user.c | 4 +-
6129 fs/notify/notification.c | 4 +-
6130 fs/ntfs/dir.c | 2 +-
6090327c
PK		 6131 fs/ntfs/super.c | 6 +-
6132 fs/ocfs2/localalloc.c | 2 +-
6133 fs/ocfs2/ocfs2.h | 10 +-
6134 fs/ocfs2/suballoc.c | 12 +-
6135 fs/ocfs2/super.c | 20 +-
da1216b9 6136 fs/pipe.c | 72 +-
6090327c
PK		 6137 fs/posix_acl.c | 4 +-
6138 fs/proc/array.c | 20 +
6139 fs/proc/base.c | 4 +-
e8242a6d 6140 fs/proc/kcore.c | 34 +-
6090327c
PK		 6141 fs/proc/meminfo.c | 2 +-
6142 fs/proc/nommu.c | 2 +-
afe359a8 6143 fs/proc/proc_sysctl.c | 26 +-
6090327c
PK		 6144 fs/proc/task_mmu.c | 39 +-
6145 fs/proc/task_nommu.c | 4 +-
6146 fs/proc/vmcore.c | 16 +-
6147 fs/qnx6/qnx6.h | 4 +-
6148 fs/quota/netlink.c | 4 +-
6149 fs/read_write.c | 2 +-
6150 fs/reiserfs/do_balan.c | 2 +-
6151 fs/reiserfs/procfs.c | 2 +-
6152 fs/reiserfs/reiserfs.h | 4 +-
6153 fs/seq_file.c | 4 +-
6154 fs/splice.c | 43 +-
da1216b9 6155 fs/squashfs/xattr.c | 12 +-
6090327c 6156 fs/sysv/sysv.h | 2 +-
afe359a8 6157 fs/tracefs/inode.c | 8 +-
6090327c
PK		 6158 fs/ubifs/io.c | 2 +-
6159 fs/udf/misc.c | 2 +-
6160 fs/ufs/swab.h | 4 +-
6161 fs/xattr.c | 21 +
a8b227b4 6162 fs/xfs/libxfs/xfs_bmap.c | 2 +-
6090327c
PK		 6163 fs/xfs/xfs_dir2_readdir.c | 7 +-
6164 fs/xfs/xfs_ioctl.c | 2 +-
0986ccbe 6165 fs/xfs/xfs_linux.h | 4 +-
6090327c 6166 include/asm-generic/4level-fixup.h | 2 +
0986ccbe 6167 include/asm-generic/atomic-long.h | 214 +-
6090327c
PK		 6168 include/asm-generic/atomic64.h | 12 +
6169 include/asm-generic/barrier.h | 2 +-
6170 include/asm-generic/bitops/__fls.h | 2 +-
6171 include/asm-generic/bitops/fls.h | 2 +-
6172 include/asm-generic/bitops/fls64.h | 4 +-
da1216b9 6173 include/asm-generic/bug.h | 6 +-
6090327c
PK		 6174 include/asm-generic/cache.h | 4 +-
6175 include/asm-generic/emergency-restart.h | 2 +-
6176 include/asm-generic/kmap_types.h | 4 +-
6177 include/asm-generic/local.h | 13 +
6178 include/asm-generic/pgtable-nopmd.h | 18 +-
6179 include/asm-generic/pgtable-nopud.h | 15 +-
6180 include/asm-generic/pgtable.h | 16 +
6181 include/asm-generic/uaccess.h | 16 +
da1216b9 6182 include/asm-generic/vmlinux.lds.h | 13 +-
6090327c
PK		 6183 include/crypto/algapi.h | 2 +-
6184 include/drm/drmP.h | 16 +-
6185 include/drm/drm_crtc_helper.h | 2 +-
afe359a8 6186 include/drm/drm_mm.h | 2 +-
6090327c 6187 include/drm/i915_pciids.h | 2 +-
afe359a8 6188 include/drm/intel-gtt.h | 4 +-
6090327c
PK		 6189 include/drm/ttm/ttm_memory.h | 2 +-
6190 include/drm/ttm/ttm_page_alloc.h | 1 +
6191 include/keys/asymmetric-subtype.h | 2 +-
6192 include/linux/atmdev.h | 4 +-
8cf17962 6193 include/linux/atomic.h | 2 +-
6090327c
PK		 6194 include/linux/audit.h | 2 +-
6195 include/linux/binfmts.h | 3 +-
8cf17962 6196 include/linux/bitmap.h | 2 +-
afe359a8 6197 include/linux/bitops.h | 8 +-
6090327c
PK		 6198 include/linux/blkdev.h | 2 +-
6199 include/linux/blktrace_api.h | 2 +-
6200 include/linux/cache.h | 8 +
6201 include/linux/cdrom.h | 1 -
6202 include/linux/cleancache.h | 2 +-
6203 include/linux/clk-provider.h | 1 +
da1216b9 6204 include/linux/compat.h | 6 +-
afe359a8
PK		 6205 include/linux/compiler-gcc.h | 28 +-
6206 include/linux/compiler.h | 95 +-
6090327c
PK		 6207 include/linux/completion.h | 12 +-
6208 include/linux/configfs.h | 2 +-
6209 include/linux/cpufreq.h | 3 +-
6210 include/linux/cpuidle.h | 5 +-
8cf17962 6211 include/linux/cpumask.h | 14 +-
afe359a8 6212 include/linux/crypto.h | 4 +-
6090327c 6213 include/linux/ctype.h | 2 +-
e8242a6d 6214 include/linux/dcache.h | 4 +-
6090327c
PK		 6215 include/linux/decompress/mm.h | 2 +-
6216 include/linux/devfreq.h | 2 +-
6217 include/linux/device.h | 7 +-
6218 include/linux/dma-mapping.h | 2 +-
6090327c
PK		 6219 include/linux/efi.h | 1 +
6220 include/linux/elf.h | 2 +
6221 include/linux/err.h | 4 +-
6222 include/linux/extcon.h | 2 +-
e8242a6d 6223 include/linux/fb.h | 3 +-
6090327c 6224 include/linux/fdtable.h | 2 +-
da1216b9 6225 include/linux/fs.h | 5 +-
6090327c 6226 include/linux/fs_struct.h | 2 +-
afe359a8 6227 include/linux/fscache-cache.h | 2 +-
6090327c
PK		 6228 include/linux/fscache.h | 2 +-
6229 include/linux/fsnotify.h | 2 +-
6230 include/linux/genhd.h | 4 +-
6231 include/linux/genl_magic_func.h | 2 +-
6232 include/linux/gfp.h | 12 +-
6090327c
PK		 6233 include/linux/highmem.h | 12 +
6234 include/linux/hwmon-sysfs.h | 6 +-
6235 include/linux/i2c.h | 1 +
6090327c
PK		 6236 include/linux/if_pppox.h | 2 +-
6237 include/linux/init.h | 12 +-
6238 include/linux/init_task.h | 7 +
6239 include/linux/interrupt.h | 6 +-
6240 include/linux/iommu.h | 2 +-
6241 include/linux/ioport.h | 2 +-
afe359a8
PK		 6242 include/linux/ipc.h | 2 +-
6243 include/linux/irq.h | 5 +-
8cf17962 6244 include/linux/irqdesc.h | 2 +-
afe359a8
PK		 6245 include/linux/irqdomain.h | 3 +
6246 include/linux/jiffies.h | 30 +-
8cf17962 6247 include/linux/kernel.h | 2 +-
6090327c
PK		 6248 include/linux/key-type.h | 2 +-
6249 include/linux/kgdb.h | 6 +-
8cf17962 6250 include/linux/kmemleak.h | 4 +-
6090327c
PK		 6251 include/linux/kobject.h | 3 +-
6252 include/linux/kobject_ns.h | 2 +-
6253 include/linux/kref.h | 2 +-
6254 include/linux/kvm_host.h | 4 +-
6255 include/linux/libata.h | 2 +-
6256 include/linux/linkage.h | 1 +
6257 include/linux/list.h | 15 +
e8242a6d 6258 include/linux/lockref.h | 26 +-
6090327c
PK		 6259 include/linux/math64.h | 10 +-
6260 include/linux/mempolicy.h | 7 +
0986ccbe 6261 include/linux/mm.h | 104 +-
6090327c
PK		 6262 include/linux/mm_types.h | 20 +
6263 include/linux/mmiotrace.h | 4 +-
6264 include/linux/mmzone.h | 2 +-
6265 include/linux/mod_devicetable.h | 4 +-
afe359a8 6266 include/linux/module.h | 69 +-
6090327c
PK		 6267 include/linux/moduleloader.h | 16 +
6268 include/linux/moduleparam.h | 4 +-
6090327c
PK		 6269 include/linux/net.h | 2 +-
6270 include/linux/netdevice.h | 7 +-
6271 include/linux/netfilter.h | 2 +-
6272 include/linux/netfilter/nfnetlink.h | 2 +-
a8b227b4 6273 include/linux/nls.h | 4 +-
6090327c
PK		 6274 include/linux/notifier.h | 3 +-
6275 include/linux/oprofile.h | 4 +-
6276 include/linux/padata.h | 2 +-
6277 include/linux/pci_hotplug.h | 3 +-
8cf17962 6278 include/linux/percpu.h | 2 +-
da1216b9 6279 include/linux/perf_event.h | 12 +-
6090327c
PK		 6280 include/linux/pipe_fs_i.h | 8 +-
6281 include/linux/pm.h | 1 +
6282 include/linux/pm_domain.h | 4 +-
6283 include/linux/pm_runtime.h | 2 +-
6284 include/linux/pnp.h | 2 +-
6285 include/linux/poison.h | 4 +-
6286 include/linux/power/smartreflex.h | 2 +-
6287 include/linux/ppp-comp.h | 2 +-
6288 include/linux/preempt.h | 21 +
6289 include/linux/proc_ns.h | 2 +-
6290 include/linux/quota.h | 2 +-
6291 include/linux/random.h | 23 +-
afe359a8 6292 include/linux/rculist.h | 16 +
6090327c
PK		 6293 include/linux/reboot.h | 14 +-
6294 include/linux/regset.h | 3 +-
6295 include/linux/relay.h | 2 +-
6296 include/linux/rio.h | 2 +-
6297 include/linux/rmap.h | 4 +-
afe359a8 6298 include/linux/sched.h | 74 +-
6090327c 6299 include/linux/sched/sysctl.h | 1 +
6090327c
PK		 6300 include/linux/semaphore.h | 2 +-
6301 include/linux/seq_file.h | 1 +
6302 include/linux/signal.h | 2 +-
8cf17962 6303 include/linux/skbuff.h | 10 +-
da1216b9 6304 include/linux/slab.h | 47 +-
6090327c
PK		 6305 include/linux/slab_def.h | 14 +-
6306 include/linux/slub_def.h | 2 +-
6307 include/linux/smp.h | 2 +
6308 include/linux/sock_diag.h | 2 +-
6309 include/linux/sonet.h | 2 +-
6310 include/linux/sunrpc/addr.h | 8 +-
6311 include/linux/sunrpc/clnt.h | 2 +-
6312 include/linux/sunrpc/svc.h | 2 +-
6313 include/linux/sunrpc/svc_rdma.h | 18 +-
6314 include/linux/sunrpc/svcauth.h | 2 +-
6315 include/linux/swiotlb.h | 3 +-
da1216b9 6316 include/linux/syscalls.h | 21 +-
6090327c 6317 include/linux/syscore_ops.h | 2 +-
a8b227b4 6318 include/linux/sysctl.h | 3 +-
6090327c
PK		 6319 include/linux/sysfs.h | 9 +-
6320 include/linux/sysrq.h | 3 +-
afe359a8 6321 include/linux/tcp.h | 14 +-
6090327c
PK		 6322 include/linux/thread_info.h | 7 +
6323 include/linux/tty.h | 4 +-
6324 include/linux/tty_driver.h | 2 +-
6325 include/linux/tty_ldisc.h | 2 +-
6326 include/linux/types.h | 16 +
6327 include/linux/uaccess.h | 6 +-
0986ccbe 6328 include/linux/uio_driver.h | 2 +-
6090327c 6329 include/linux/unaligned/access_ok.h | 24 +-
afe359a8
PK		 6330 include/linux/usb.h | 6 +-
6331 include/linux/usb/hcd.h | 1 +
6090327c
PK		 6332 include/linux/usb/renesas_usbhs.h | 2 +-
6333 include/linux/vermagic.h | 21 +-
6334 include/linux/vga_switcheroo.h | 8 +-
6335 include/linux/vmalloc.h | 7 +-
6336 include/linux/vmstat.h | 24 +-
6337 include/linux/xattr.h | 5 +-
6338 include/linux/zlib.h | 3 +-
6339 include/media/v4l2-dev.h | 2 +-
6340 include/media/v4l2-device.h | 2 +-
6341 include/net/9p/transport.h | 2 +-
6342 include/net/bluetooth/l2cap.h | 2 +-
8cf17962 6343 include/net/bonding.h | 2 +-
6090327c
PK		 6344 include/net/caif/cfctrl.h | 6 +-
6345 include/net/flow.h | 2 +-
6346 include/net/genetlink.h | 2 +-
6347 include/net/gro_cells.h | 2 +-
6348 include/net/inet_connection_sock.h | 2 +-
afe359a8 6349 include/net/inet_sock.h | 2 +-
6090327c
PK		 6350 include/net/inetpeer.h | 2 +-
6351 include/net/ip_fib.h | 2 +-
6352 include/net/ip_vs.h | 8 +-
6353 include/net/irda/ircomm_tty.h | 1 +
6354 include/net/iucv/af_iucv.h | 2 +-
6355 include/net/llc_c_ac.h | 2 +-
6356 include/net/llc_c_ev.h | 4 +-
6357 include/net/llc_c_st.h | 2 +-
6358 include/net/llc_s_ac.h | 2 +-
6359 include/net/llc_s_st.h | 2 +-
6360 include/net/mac80211.h | 2 +-
6361 include/net/neighbour.h | 2 +-
afe359a8 6362 include/net/net_namespace.h | 18 +-
6090327c
PK		 6363 include/net/netlink.h | 2 +-
6364 include/net/netns/conntrack.h | 6 +-
6365 include/net/netns/ipv4.h | 4 +-
6366 include/net/netns/ipv6.h | 4 +-
6367 include/net/netns/xfrm.h | 2 +-
6368 include/net/ping.h | 2 +-
6369 include/net/protocol.h | 4 +-
6370 include/net/rtnetlink.h | 2 +-
6371 include/net/sctp/checksum.h | 4 +-
6372 include/net/sctp/sm.h | 4 +-
6373 include/net/sctp/structs.h | 2 +-
afe359a8 6374 include/net/sock.h | 12 +-
6090327c
PK		 6375 include/net/tcp.h | 8 +-
6376 include/net/xfrm.h | 13 +-
6377 include/rdma/iw_cm.h | 2 +-
6378 include/scsi/libfc.h | 3 +-
6379 include/scsi/scsi_device.h | 6 +-
da1216b9 6380 include/scsi/scsi_driver.h | 2 +-
6090327c 6381 include/scsi/scsi_transport_fc.h | 3 +-
afe359a8 6382 include/scsi/sg.h | 2 +-
6090327c
PK		 6383 include/sound/compress_driver.h | 2 +-
6384 include/sound/soc.h | 4 +-
6385 include/target/target_core_base.h | 2 +-
6386 include/trace/events/irq.h | 4 +-
6387 include/uapi/linux/a.out.h | 8 +
6388 include/uapi/linux/bcache.h | 5 +-
6389 include/uapi/linux/byteorder/little_endian.h | 28 +-
afe359a8 6390 include/uapi/linux/connector.h | 2 +-
6090327c
PK		 6391 include/uapi/linux/elf.h | 28 +
6392 include/uapi/linux/screen_info.h | 3 +-
6393 include/uapi/linux/swab.h | 6 +-
6090327c
PK		 6394 include/uapi/linux/xattr.h | 4 +
6395 include/video/udlfb.h | 8 +-
6396 include/video/uvesafb.h | 1 +
6397 init/Kconfig | 2 +-
6398 init/Makefile | 3 +
6399 init/do_mounts.c | 14 +-
6400 init/do_mounts.h | 8 +-
6401 init/do_mounts_initrd.c | 30 +-
6402 init/do_mounts_md.c | 6 +-
6403 init/init_task.c | 4 +
a8b227b4 6404 init/initramfs.c | 38 +-
afe359a8 6405 init/main.c | 30 +-
da1216b9 6406 ipc/compat.c | 4 +-
8cf17962 6407 ipc/ipc_sysctl.c | 8 +-
6090327c 6408 ipc/mq_sysctl.c | 4 +-
da1216b9 6409 ipc/sem.c | 4 +-
6090327c 6410 ipc/shm.c | 6 +
6090327c
PK		 6411 kernel/audit.c | 8 +-
6412 kernel/auditsc.c | 4 +-
8cf17962 6413 kernel/bpf/core.c | 7 +-
6090327c
PK		 6414 kernel/capability.c | 3 +
6415 kernel/compat.c | 38 +-
6416 kernel/debug/debug_core.c | 16 +-
6417 kernel/debug/kdb/kdb_main.c | 4 +-
da1216b9 6418 kernel/events/core.c | 26 +-
6090327c
PK		 6419 kernel/events/internal.h | 10 +-
6420 kernel/events/uprobes.c | 2 +-
6421 kernel/exit.c | 2 +-
afe359a8 6422 kernel/fork.c | 165 +-
6090327c
PK		 6423 kernel/futex.c | 11 +-
6424 kernel/futex_compat.c | 2 +-
6425 kernel/gcov/base.c | 7 +-
8cf17962 6426 kernel/irq/manage.c | 2 +-
afe359a8 6427 kernel/irq/msi.c | 20 +-
8cf17962 6428 kernel/irq/spurious.c | 2 +-
6090327c 6429 kernel/jump_label.c | 5 +
0986ccbe 6430 kernel/kallsyms.c | 37 +-
6090327c
PK		 6431 kernel/kexec.c | 3 +-
6432 kernel/kmod.c | 8 +-
6433 kernel/kprobes.c | 4 +-
6434 kernel/ksysfs.c | 2 +-
6435 kernel/locking/lockdep.c | 7 +-
6090327c
PK		 6436 kernel/locking/mutex-debug.c | 12 +-
6437 kernel/locking/mutex-debug.h | 4 +-
6438 kernel/locking/mutex.c | 6 +-
6439 kernel/locking/rtmutex-tester.c | 24 +-
afe359a8 6440 kernel/module.c | 422 +-
6090327c
PK		 6441 kernel/notifier.c | 17 +-
6442 kernel/padata.c | 4 +-
6443 kernel/panic.c | 5 +-
6444 kernel/pid.c | 2 +-
6445 kernel/pid_namespace.c | 2 +-
6090327c
PK		 6446 kernel/power/process.c | 12 +-
6447 kernel/profile.c | 14 +-
6448 kernel/ptrace.c | 8 +-
0986ccbe 6449 kernel/rcu/rcutorture.c | 60 +-
6090327c 6450 kernel/rcu/tiny.c | 4 +-
afe359a8 6451 kernel/rcu/tree.c | 66 +-
6090327c 6452 kernel/rcu/tree.h | 26 +-
afe359a8 6453 kernel/rcu/tree_plugin.h | 14 +-
6090327c 6454 kernel/rcu/tree_trace.c | 22 +-
6090327c
PK		 6455 kernel/sched/auto_group.c | 4 +-
6456 kernel/sched/completion.c | 6 +-
6457 kernel/sched/core.c | 45 +-
afe359a8 6458 kernel/sched/fair.c | 2 +-
6090327c
PK		 6459 kernel/sched/sched.h | 2 +-
6460 kernel/signal.c | 12 +-
6461 kernel/smpboot.c | 4 +-
6462 kernel/softirq.c | 12 +-
6463 kernel/sys.c | 10 +-
6464 kernel/sysctl.c | 34 +-
6465 kernel/time/alarmtimer.c | 2 +-
a8b227b4
PK		 6466 kernel/time/posix-cpu-timers.c | 4 +-
6467 kernel/time/posix-timers.c | 24 +-
6468 kernel/time/timer.c | 4 +-
6090327c 6469 kernel/time/timer_stats.c | 10 +-
6090327c 6470 kernel/trace/blktrace.c | 6 +-
0986ccbe 6471 kernel/trace/ftrace.c | 15 +-
e8242a6d 6472 kernel/trace/ring_buffer.c | 96 +-
6090327c
PK		 6473 kernel/trace/trace.c | 2 +-
6474 kernel/trace/trace.h | 2 +-
6475 kernel/trace/trace_clock.c | 4 +-
6476 kernel/trace/trace_events.c | 1 -
0986ccbe 6477 kernel/trace/trace_functions_graph.c | 4 +-
6090327c 6478 kernel/trace/trace_mmiotrace.c | 8 +-
a8b227b4
PK		 6479 kernel/trace/trace_output.c | 10 +-
6480 kernel/trace/trace_seq.c | 2 +-
6090327c
PK		 6481 kernel/trace/trace_stack.c | 2 +-
6482 kernel/user_namespace.c | 2 +-
6483 kernel/utsname_sysctl.c | 2 +-
6484 kernel/watchdog.c | 2 +-
afe359a8 6485 kernel/workqueue.c | 4 +-
6090327c
PK		 6486 lib/Kconfig.debug | 8 +-
6487 lib/Makefile | 2 +-
6488 lib/average.c | 2 +-
8cf17962 6489 lib/bitmap.c | 10 +-
6090327c
PK		 6490 lib/bug.c | 2 +
6491 lib/debugobjects.c | 2 +-
da1216b9
PK		 6492 lib/decompress_bunzip2.c | 3 +-
6493 lib/decompress_unlzma.c | 4 +-
6090327c
PK		 6494 lib/div64.c | 4 +-
6495 lib/dma-debug.c | 4 +-
6090327c
PK		 6496 lib/inflate.c | 2 +-
6497 lib/ioremap.c | 4 +-
6498 lib/kobject.c | 4 +-
6499 lib/list_debug.c | 126 +-
e8242a6d 6500 lib/lockref.c | 44 +-
6090327c
PK		 6501 lib/percpu-refcount.c | 2 +-
6502 lib/radix-tree.c | 2 +-
6503 lib/random32.c | 2 +-
6504 lib/show_mem.c | 2 +-
6505 lib/strncpy_from_user.c | 2 +-
6506 lib/strnlen_user.c | 2 +-
6507 lib/swiotlb.c | 2 +-
6508 lib/usercopy.c | 6 +
6509 lib/vsprintf.c | 12 +-
6510 mm/Kconfig | 6 +-
6511 mm/backing-dev.c | 4 +-
6512 mm/filemap.c | 2 +-
6090327c
PK		 6513 mm/gup.c | 13 +-
6514 mm/highmem.c | 7 +-
6515 mm/hugetlb.c | 70 +-
6516 mm/internal.h | 3 +-
6090327c 6517 mm/maccess.c | 4 +-
e8242a6d 6518 mm/madvise.c | 37 +
afe359a8
PK		 6519 mm/memory-failure.c | 34 +-
6520 mm/memory.c | 425 +-
6090327c
PK		 6521 mm/mempolicy.c | 25 +
6522 mm/mlock.c | 15 +-
e8242a6d 6523 mm/mm_init.c | 2 +-
da1216b9 6524 mm/mmap.c | 582 +-
0986ccbe 6525 mm/mprotect.c | 137 +-
6090327c
PK		 6526 mm/mremap.c | 44 +-
6527 mm/nommu.c | 21 +-
6528 mm/page-writeback.c | 2 +-
afe359a8 6529 mm/page_alloc.c | 49 +-
6090327c
PK		 6530 mm/percpu.c | 2 +-
6531 mm/process_vm_access.c | 14 +-
8cf17962 6532 mm/rmap.c | 45 +-
6090327c 6533 mm/shmem.c | 19 +-
8cf17962 6534 mm/slab.c | 109 +-
0986ccbe 6535 mm/slab.h | 22 +-
8cf17962
PK		 6536 mm/slab_common.c | 86 +-
6537 mm/slob.c | 218 +-
afe359a8 6538 mm/slub.c | 102 +-
6090327c
PK		 6539 mm/sparse-vmemmap.c | 4 +-
6540 mm/sparse.c | 2 +-
da1216b9 6541 mm/swap.c | 2 +
6090327c
PK		 6542 mm/swapfile.c | 12 +-
6543 mm/util.c | 6 +
e8242a6d 6544 mm/vmalloc.c | 112 +-
6090327c
PK		 6545 mm/vmstat.c | 12 +-
6546 net/8021q/vlan.c | 5 +-
0986ccbe 6547 net/8021q/vlan_netlink.c | 2 +-
6090327c
PK		 6548 net/9p/mod.c | 4 +-
6549 net/9p/trans_fd.c | 2 +-
6550 net/atm/atm_misc.c | 8 +-
6551 net/atm/lec.h | 2 +-
6552 net/atm/proc.c | 6 +-
6553 net/atm/resources.c | 4 +-
6554 net/ax25/sysctl_net_ax25.c | 2 +-
6555 net/batman-adv/bat_iv_ogm.c | 8 +-
6556 net/batman-adv/fragmentation.c | 2 +-
0986ccbe 6557 net/batman-adv/soft-interface.c | 8 +-
6090327c
PK		 6558 net/batman-adv/types.h | 6 +-
6559 net/bluetooth/hci_sock.c | 2 +-
6560 net/bluetooth/l2cap_core.c | 6 +-
6561 net/bluetooth/l2cap_sock.c | 12 +-
6562 net/bluetooth/rfcomm/sock.c | 4 +-
6563 net/bluetooth/rfcomm/tty.c | 4 +-
0986ccbe 6564 net/bridge/br_netlink.c | 2 +-
6090327c
PK		 6565 net/bridge/netfilter/ebtables.c | 6 +-
6566 net/caif/cfctrl.c | 11 +-
0986ccbe 6567 net/caif/chnl_net.c | 2 +-
6090327c
PK		 6568 net/can/af_can.c | 2 +-
6569 net/can/gw.c | 6 +-
6570 net/ceph/messenger.c | 4 +-
8cf17962 6571 net/compat.c | 24 +-
6090327c 6572 net/core/datagram.c | 2 +-
da1216b9 6573 net/core/dev.c | 16 +-
6090327c 6574 net/core/filter.c | 2 +-
e8242a6d 6575 net/core/flow.c | 6 +-
6090327c
PK		 6576 net/core/neighbour.c | 4 +-
6577 net/core/net-sysfs.c | 2 +-
6578 net/core/net_namespace.c | 8 +-
6579 net/core/netpoll.c | 4 +-
6580 net/core/rtnetlink.c | 15 +-
6581 net/core/scm.c | 8 +-
6582 net/core/skbuff.c | 8 +-
afe359a8
PK		 6583 net/core/sock.c | 28 +-
6584 net/core/sock_diag.c | 15 +-
8cf17962 6585 net/core/sysctl_net_core.c | 22 +-
6090327c
PK		 6586 net/decnet/af_decnet.c | 1 +
6587 net/decnet/sysctl_net_decnet.c | 4 +-
afe359a8 6588 net/dsa/dsa.c | 2 +-
0986ccbe 6589 net/hsr/hsr_netlink.c | 2 +-
e8242a6d
PK		 6590 net/ieee802154/6lowpan/core.c | 2 +-
6591 net/ieee802154/6lowpan/reassembly.c | 14 +-
0986ccbe 6592 net/ipv4/af_inet.c | 2 +-
6090327c
PK		 6593 net/ipv4/devinet.c | 18 +-
6594 net/ipv4/fib_frontend.c | 6 +-
6595 net/ipv4/fib_semantics.c | 2 +-
afe359a8
PK		 6596 net/ipv4/inet_connection_sock.c | 4 +-
6597 net/ipv4/inet_timewait_sock.c | 2 +-
6090327c
PK		 6598 net/ipv4/inetpeer.c | 2 +-
6599 net/ipv4/ip_fragment.c | 15 +-
6600 net/ipv4/ip_gre.c | 6 +-
6601 net/ipv4/ip_sockglue.c | 2 +-
6602 net/ipv4/ip_vti.c | 4 +-
6603 net/ipv4/ipconfig.c | 6 +-
6604 net/ipv4/ipip.c | 4 +-
6605 net/ipv4/netfilter/arp_tables.c | 12 +-
6606 net/ipv4/netfilter/ip_tables.c | 12 +-
0986ccbe 6607 net/ipv4/ping.c | 14 +-
6090327c
PK		 6608 net/ipv4/raw.c | 14 +-
6609 net/ipv4/route.c | 32 +-
6610 net/ipv4/sysctl_net_ipv4.c | 22 +-
afe359a8 6611 net/ipv4/tcp_input.c | 6 +-
6090327c
PK		 6612 net/ipv4/tcp_probe.c | 2 +-
6613 net/ipv4/udp.c | 10 +-
6614 net/ipv4/xfrm4_policy.c | 18 +-
da1216b9 6615 net/ipv6/addrconf.c | 16 +-
6090327c
PK		 6616 net/ipv6/af_inet6.c | 2 +-
6617 net/ipv6/datagram.c | 2 +-
6618 net/ipv6/icmp.c | 2 +-
0986ccbe 6619 net/ipv6/ip6_fib.c | 4 +-
6090327c
PK		 6620 net/ipv6/ip6_gre.c | 10 +-
6621 net/ipv6/ip6_tunnel.c | 4 +-
6622 net/ipv6/ip6_vti.c | 4 +-
6623 net/ipv6/ipv6_sockglue.c | 2 +-
6624 net/ipv6/netfilter/ip6_tables.c | 12 +-
6625 net/ipv6/netfilter/nf_conntrack_reasm.c | 14 +-
6626 net/ipv6/ping.c | 33 +-
6627 net/ipv6/raw.c | 17 +-
6628 net/ipv6/reassembly.c | 13 +-
6629 net/ipv6/route.c | 2 +-
6630 net/ipv6/sit.c | 4 +-
6631 net/ipv6/sysctl_net_ipv6.c | 2 +-
6632 net/ipv6/udp.c | 6 +-
afe359a8 6633 net/ipv6/xfrm6_policy.c | 23 +-
6090327c
PK		 6634 net/irda/ircomm/ircomm_tty.c | 18 +-
6635 net/iucv/af_iucv.c | 4 +-
6636 net/iucv/iucv.c | 2 +-
6637 net/key/af_key.c | 4 +-
6638 net/l2tp/l2tp_eth.c | 38 +-
e8242a6d
PK		 6639 net/l2tp/l2tp_ip.c | 2 +-
6640 net/l2tp/l2tp_ip6.c | 2 +-
6090327c
PK		 6641 net/mac80211/cfg.c | 8 +-
6642 net/mac80211/ieee80211_i.h | 3 +-
afe359a8 6643 net/mac80211/iface.c | 20 +-
6090327c 6644 net/mac80211/main.c | 2 +-
da1216b9 6645 net/mac80211/pm.c | 4 +-
6090327c 6646 net/mac80211/rate.c | 2 +-
da1216b9 6647 net/mac80211/sta_info.c | 2 +-
e8242a6d 6648 net/mac80211/util.c | 8 +-
da1216b9 6649 net/mpls/af_mpls.c | 6 +-
6090327c
PK		 6650 net/netfilter/ipset/ip_set_core.c | 2 +-
6651 net/netfilter/ipvs/ip_vs_conn.c | 6 +-
6652 net/netfilter/ipvs/ip_vs_core.c | 4 +-
6653 net/netfilter/ipvs/ip_vs_ctl.c | 14 +-
6654 net/netfilter/ipvs/ip_vs_lblc.c | 2 +-
6655 net/netfilter/ipvs/ip_vs_lblcr.c | 2 +-
6656 net/netfilter/ipvs/ip_vs_sync.c | 6 +-
6657 net/netfilter/ipvs/ip_vs_xmit.c | 4 +-
6658 net/netfilter/nf_conntrack_acct.c | 2 +-
6659 net/netfilter/nf_conntrack_ecache.c | 2 +-
6660 net/netfilter/nf_conntrack_helper.c | 2 +-
6661 net/netfilter/nf_conntrack_proto.c | 2 +-
6662 net/netfilter/nf_conntrack_standalone.c | 2 +-
6663 net/netfilter/nf_conntrack_timestamp.c | 2 +-
6664 net/netfilter/nf_log.c | 10 +-
6665 net/netfilter/nf_sockopt.c | 4 +-
6666 net/netfilter/nfnetlink_log.c | 4 +-
e8242a6d 6667 net/netfilter/nft_compat.c | 9 +-
6090327c
PK		 6668 net/netfilter/xt_statistic.c | 8 +-
6669 net/netlink/af_netlink.c | 4 +-
0986ccbe
PK		 6670 net/openvswitch/vport-internal_dev.c | 2 +-
6671 net/openvswitch/vport.c | 16 +-
6672 net/openvswitch/vport.h | 8 +-
da1216b9 6673 net/packet/af_packet.c | 8 +-
6090327c
PK		 6674 net/phonet/pep.c | 6 +-
6675 net/phonet/socket.c | 2 +-
6676 net/phonet/sysctl.c | 2 +-
6677 net/rds/cong.c | 6 +-
6678 net/rds/ib.h | 2 +-
6679 net/rds/ib_cm.c | 2 +-
6680 net/rds/ib_recv.c | 4 +-
6681 net/rds/iw.h | 2 +-
6682 net/rds/iw_cm.c | 2 +-
6683 net/rds/iw_recv.c | 4 +-
6684 net/rds/rds.h | 2 +-
6685 net/rds/tcp.c | 2 +-
6686 net/rds/tcp_send.c | 2 +-
6687 net/rxrpc/af_rxrpc.c | 2 +-
6688 net/rxrpc/ar-ack.c | 14 +-
6689 net/rxrpc/ar-call.c | 2 +-
6690 net/rxrpc/ar-connection.c | 2 +-
6691 net/rxrpc/ar-connevent.c | 2 +-
6692 net/rxrpc/ar-input.c | 4 +-
6693 net/rxrpc/ar-internal.h | 8 +-
6694 net/rxrpc/ar-local.c | 2 +-
6695 net/rxrpc/ar-output.c | 4 +-
6696 net/rxrpc/ar-peer.c | 2 +-
6697 net/rxrpc/ar-proc.c | 4 +-
6698 net/rxrpc/ar-transport.c | 2 +-
6699 net/rxrpc/rxkad.c | 4 +-
6700 net/sched/sch_generic.c | 4 +-
6701 net/sctp/ipv6.c | 6 +-
6702 net/sctp/protocol.c | 10 +-
6703 net/sctp/sm_sideeffect.c | 2 +-
6704 net/sctp/socket.c | 21 +-
6705 net/sctp/sysctl.c | 10 +-
8cf17962 6706 net/socket.c | 18 +-
6090327c
PK		 6707 net/sunrpc/auth_gss/svcauth_gss.c | 4 +-
6708 net/sunrpc/clnt.c | 4 +-
6709 net/sunrpc/sched.c | 4 +-
6710 net/sunrpc/svc.c | 4 +-
6711 net/sunrpc/svcauth_unix.c | 4 +-
6712 net/sunrpc/xprtrdma/svc_rdma.c | 38 +-
6713 net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 8 +-
6714 net/sunrpc/xprtrdma/svc_rdma_sendto.c | 2 +-
6715 net/sunrpc/xprtrdma/svc_rdma_transport.c | 10 +-
e8242a6d 6716 net/tipc/netlink_compat.c | 12 +-
6090327c 6717 net/tipc/subscr.c | 2 +-
8cf17962 6718 net/unix/af_unix.c | 7 +-
6090327c
PK		 6719 net/unix/sysctl_net_unix.c | 2 +-
6720 net/wireless/wext-core.c | 19 +-
6721 net/xfrm/xfrm_policy.c | 16 +-
6722 net/xfrm/xfrm_state.c | 33 +-
6723 net/xfrm/xfrm_sysctl.c | 2 +-
8cf17962 6724 scripts/Kbuild.include | 2 +-
6090327c
PK		 6725 scripts/Makefile.build | 2 +-
6726 scripts/Makefile.clean | 3 +-
0986ccbe 6727 scripts/Makefile.host | 63 +-
6090327c 6728 scripts/basic/fixdep.c | 12 +-
afe359a8
PK		 6729 scripts/dtc/checks.c | 14 +-
6730 scripts/dtc/data.c | 6 +-
6731 scripts/dtc/flattree.c | 8 +-
6732 scripts/dtc/livetree.c | 4 +-
a8b227b4 6733 scripts/gcc-plugin.sh | 51 +
6090327c 6734 scripts/headers_install.sh | 1 +
afe359a8
PK		 6735 scripts/kallsyms.c | 4 +-
6736 scripts/kconfig/lkc.h | 5 +-
6737 scripts/kconfig/menu.c | 2 +-
6738 scripts/kconfig/symbol.c | 6 +-
6090327c
PK		 6739 scripts/link-vmlinux.sh | 2 +-
6740 scripts/mod/file2alias.c | 14 +-
6741 scripts/mod/modpost.c | 25 +-
6742 scripts/mod/modpost.h | 6 +-
6743 scripts/mod/sumversion.c | 2 +-
6744 scripts/module-common.lds | 4 +
6745 scripts/package/builddeb | 1 +
6746 scripts/pnmtologo.c | 6 +-
6747 scripts/sortextable.h | 6 +-
a8b227b4 6748 scripts/tags.sh | 2 +-
afe359a8 6749 security/Kconfig | 691 +-
6090327c
PK		 6750 security/integrity/ima/ima.h | 4 +-
6751 security/integrity/ima/ima_api.c | 2 +-
6752 security/integrity/ima/ima_fs.c | 4 +-
6753 security/integrity/ima/ima_queue.c | 2 +-
6090327c 6754 security/keys/key.c | 18 +-
6090327c 6755 security/selinux/avc.c | 6 +-
6090327c 6756 security/selinux/include/xfrm.h | 2 +-
afe359a8 6757 security/yama/yama_lsm.c | 2 +-
6090327c
PK		 6758 sound/aoa/codecs/onyx.c | 7 +-
6759 sound/aoa/codecs/onyx.h | 1 +
6760 sound/core/oss/pcm_oss.c | 18 +-
6761 sound/core/pcm_compat.c | 2 +-
6762 sound/core/pcm_native.c | 4 +-
6090327c
PK		 6763 sound/core/sound.c | 2 +-
6764 sound/drivers/mts64.c | 14 +-
6765 sound/drivers/opl4/opl4_lib.c | 2 +-
6766 sound/drivers/portman2x4.c | 3 +-
6767 sound/firewire/amdtp.c | 4 +-
6768 sound/firewire/amdtp.h | 4 +-
6769 sound/firewire/isight.c | 10 +-
6770 sound/firewire/scs1x.c | 8 +-
6771 sound/oss/sb_audio.c | 2 +-
6772 sound/oss/swarm_cs4297a.c | 6 +-
8cf17962 6773 sound/pci/hda/hda_codec.c | 2 +-
6090327c
PK		 6774 sound/pci/ymfpci/ymfpci.h | 2 +-
6775 sound/pci/ymfpci/ymfpci_main.c | 12 +-
8cf17962 6776 sound/soc/soc-ac97.c | 6 +-
e8242a6d 6777 sound/soc/xtensa/xtfpga-i2s.c | 2 +-
da1216b9 6778 tools/gcc/Makefile | 42 +
6090327c 6779 tools/gcc/checker_plugin.c | 150 +
e8242a6d 6780 tools/gcc/colorize_plugin.c | 215 +
da1216b9 6781 tools/gcc/constify_plugin.c | 564 +
afe359a8 6782 tools/gcc/gcc-common.h | 790 +
da1216b9 6783 tools/gcc/initify_plugin.c | 450 +
e8242a6d 6784 tools/gcc/kallocstat_plugin.c | 188 +
afe359a8
PK		 6785 tools/gcc/kernexec_plugin.c | 551 +
6786 tools/gcc/latent_entropy_plugin.c | 470 +
6787 tools/gcc/size_overflow_plugin/.gitignore | 2 +
6788 tools/gcc/size_overflow_plugin/Makefile | 26 +
6789 .../disable_size_overflow_hash.data |11008 ++++++++++++++
6790 .../generate_size_overflow_hash.sh | 103 +
e8242a6d 6791 .../insert_size_overflow_asm.c | 409 +
afe359a8 6792 .../size_overflow_plugin/intentional_overflow.c | 980 ++
8cf17962 6793 .../size_overflow_plugin/remove_unnecessary_dup.c | 137 +
afe359a8
PK		 6794 tools/gcc/size_overflow_plugin/size_overflow.h | 329 +
6795 .../gcc/size_overflow_plugin/size_overflow_debug.c | 192 +
6796 .../size_overflow_plugin/size_overflow_hash.data |15719 ++++++++++++++++++++
6090327c 6797 .../size_overflow_hash_aux.data | 92 +
afe359a8
PK		 6798 tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 1373 ++
6799 .../gcc/size_overflow_plugin/size_overflow_misc.c | 505 +
6800 .../size_overflow_plugin/size_overflow_plugin.c | 318 +
6801 .../size_overflow_plugin_hash.c | 353 +
6802 .../size_overflow_plugin/size_overflow_transform.c | 576 +
6803 .../size_overflow_transform_core.c | 962 ++
6804 tools/gcc/stackleak_plugin.c | 436 +
e8242a6d 6805 tools/gcc/structleak_plugin.c | 287 +
6090327c
PK		 6806 tools/include/linux/compiler.h | 8 +
6807 tools/lib/api/Makefile | 2 +-
6808 tools/perf/util/include/asm/alternative-asm.h | 3 +
6809 tools/virtio/linux/uaccess.h | 2 +-
6810 virt/kvm/kvm_main.c | 44 +-
afe359a8 6811 1963 files changed, 60342 insertions(+), 8946 deletions(-)
Unofficial grsecurity patch archive (https://github.com/slashbeast/grsecurity-scrape)