1 commit 24ce7d83ff71aa7102231f41c41aaf44f949751a
2 Author: David Gstir <david@sigma-star.at>
3 Date: Sun Nov 15 17:14:41 2015 +0100
5 crypto: nx - Fix timing leak in GCM and CCM decryption
7 Using non-constant time memcmp() makes the verification of the authentication
8 tag in the decrypt path vulnerable to timing attacks. Fix this by using
9 crypto_memneq() instead.
11 Cc: stable@vger.kernel.org
12 Signed-off-by: David Gstir <david@sigma-star.at>
13 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
15 drivers/crypto/nx/nx-aes-ccm.c | 2 +-
16 drivers/crypto/nx/nx-aes-gcm.c | 2 +-
17 2 files changed, 2 insertions(+), 2 deletions(-)
19 commit 5c001f6d281406b32d79cf9b7851413adb658641
20 Author: David Gstir <david@sigma-star.at>
21 Date: Sun Nov 15 17:14:42 2015 +0100
23 crypto: talitos - Fix timing leak in ESP ICV verification
25 Using non-constant time memcmp() makes the verification of the authentication
26 tag in the decrypt path vulnerable to timing attacks. Fix this by using
27 crypto_memneq() instead.
29 Cc: stable@vger.kernel.org
30 Signed-off-by: David Gstir <david@sigma-star.at>
31 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
35 drivers/crypto/talitos.c
37 drivers/crypto/talitos.c | 4 ++--
38 1 files changed, 2 insertions(+), 2 deletions(-)
40 commit 66e9fe2d958fcdce01c6dadf415864e8cdeb06cb
41 Author: Brad Spengler <spender@grsecurity.net>
42 Date: Fri Dec 4 23:40:00 2015 -0500
44 Fix a size_overflow report caused by __get_user not fully initializing a register when
45 reading in less than a register-width from userland, reported by peetaur at:
46 https://forums.grsecurity.net/viewtopic.php?f=3&t=4332
47 Fix is from the PaX Team
49 arch/x86/include/asm/uaccess.h | 2 +-
50 1 files changed, 1 insertions(+), 1 deletions(-)
52 commit 8599b6467ba41cf3d4e9a96495b5d71d44e74f6c
53 Author: Eric Dumazet <edumazet@google.com>
54 Date: Thu Nov 26 08:18:14 2015 -0800
56 tcp: initialize tp->copied_seq in case of cross SYN connection
58 Dmitry provided a syzkaller (http://github.com/google/syzkaller)
59 generated program that triggers the WARNING at
60 net/ipv4/tcp.c:1729 in tcp_recvmsg() :
62 WARN_ON(tp->copied_seq != tp->rcv_nxt &&
63 !(flags & (MSG_PEEK | MSG_TRUNC)));
65 His program is specifically attempting a Cross SYN TCP exchange,
66 that we support (for the pleasure of hackers ?), but it looks we
67 lack proper tcp->copied_seq initialization.
69 Thanks again Dmitry for your report and testings.
71 Signed-off-by: Eric Dumazet <edumazet@google.com>
72 Reported-by: Dmitry Vyukov <dvyukov@google.com>
73 Tested-by: Dmitry Vyukov <dvyukov@google.com>
74 Signed-off-by: David S. Miller <davem@davemloft.net>
76 net/ipv4/tcp_input.c | 1 +
77 1 files changed, 1 insertions(+), 0 deletions(-)
79 commit 73c0ec9194319dc262011dbe7196c55cb450f29a
80 Author: Guillaume Nault <g.nault@alphalink.fr>
81 Date: Thu Dec 3 16:49:32 2015 +0100
83 pppoe: fix memory corruption in padt work structure
85 pppoe_connect() mustn't touch the padt_work field of pppoe sockets
86 because that work could be already pending.
88 [ 21.473147] BUG: unable to handle kernel NULL pointer dereference at 00000004
89 [ 21.474523] IP: [<c1043177>] process_one_work+0x29/0x31c
90 [ 21.475164] *pde = 00000000
91 [ 21.475513] Oops: 0000 [#1] SMP
92 [ 21.475910] Modules linked in: pppoe pppox ppp_generic slhc crc32c_intel aesni_intel virtio_net xts aes_i586 lrw gf128mul ablk_helper cryptd evdev acpi_cpufreq processor serio_raw button ext4 crc16 mbcache jbd2 virtio_blk virtio_pci virtio_ring virtio
93 [ 21.476168] CPU: 2 PID: 164 Comm: kworker/2:2 Not tainted 4.4.0-rc1 #1
94 [ 21.476168] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
95 [ 21.476168] task: f5f83c00 ti: f5e28000 task.ti: f5e28000
96 [ 21.476168] EIP: 0060:[<c1043177>] EFLAGS: 00010046 CPU: 2
97 [ 21.476168] EIP is at process_one_work+0x29/0x31c
98 [ 21.484082] EAX: 00000000 EBX: f678b2a0 ECX: 00000004 EDX: 00000000
99 [ 21.484082] ESI: f6c69940 EDI: f5e29ef0 EBP: f5e29f0c ESP: f5e29edc
100 [ 21.484082] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
101 [ 21.484082] CR0: 80050033 CR2: 000000a4 CR3: 317ad000 CR4: 00040690
103 [ 21.484082] 00000000 f6c69950 00000000 f6c69940 c0042338 f5e29f0c c1327945 00000000
104 [ 21.484082] 00000008 f678b2a0 f6c69940 f678b2b8 f5e29f30 c1043984 f5f83c00 f6c69970
105 [ 21.484082] f678b2a0 c10437d3 f6775e80 f678b2a0 c10437d3 f5e29fac c1047059 f5e29f74
106 [ 21.484082] Call Trace:
107 [ 21.484082] [<c1327945>] ? _raw_spin_lock_irq+0x28/0x30
108 [ 21.484082] [<c1043984>] worker_thread+0x1b1/0x244
109 [ 21.484082] [<c10437d3>] ? rescuer_thread+0x229/0x229
110 [ 21.484082] [<c10437d3>] ? rescuer_thread+0x229/0x229
111 [ 21.484082] [<c1047059>] kthread+0x8f/0x94
112 [ 21.484082] [<c1327a32>] ? _raw_spin_unlock_irq+0x22/0x26
113 [ 21.484082] [<c1327ee9>] ret_from_kernel_thread+0x21/0x38
114 [ 21.484082] [<c1046fca>] ? kthread_parkme+0x19/0x19
115 [ 21.496082] Code: 5d c3 55 89 e5 57 56 53 89 c3 83 ec 24 89 d0 89 55 e0 8d 7d e4 e8 6c d8 ff ff b9 04 00 00 00 89 45 d8 8b 43 24 89 45 dc 8b 45 d8 <8b> 40 04 8b 80 e0 00 00 00 c1 e8 05 24 01 88 45 d7 8b 45 e0 8d
116 [ 21.496082] EIP: [<c1043177>] process_one_work+0x29/0x31c SS:ESP 0068:f5e29edc
117 [ 21.496082] CR2: 0000000000000004
118 [ 21.496082] ---[ end trace e362cc9cf10dae89 ]---
120 Reported-by: Andrew <nitr0@seti.kr.ua>
121 Fixes: 287f3a943fef ("pppoe: Use workqueue to die properly when a PADT is received")
122 Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
123 Signed-off-by: David S. Miller <davem@davemloft.net>
125 drivers/net/ppp/pppoe.c | 14 ++++++++++----
126 1 files changed, 10 insertions(+), 4 deletions(-)
128 commit 909cb25969d65dbdd08c69486c72cb09cf30131a
129 Merge: 2fd6be6 b27a8b0
130 Author: Brad Spengler <spender@grsecurity.net>
131 Date: Fri Dec 4 19:40:10 2015 -0500
133 Merge branch 'pax-test' into grsec-test
138 commit b27a8b0f99304f0bc3ea3a8e55f04f6bb57bbe8f
139 Author: Brad Spengler <spender@grsecurity.net>
140 Date: Fri Dec 4 19:38:31 2015 -0500
142 Update to pax-linux-4.2.6-test26.patch:
143 - fixed integer truncation check in md introduced by upstream commits 284ae7cab0f7335c9e0aa8992b28415ef1a54c7c and 58c0fed400603a802968b23ddf78f029c5a84e41, reported by BeiKed9o (https://forums.grsecurity.net/viewtopic.php?f=3&t=4328)
144 - gcc plugin compilation problems will now also produce the output of the checking script to make diagnosis easier, reported by hunger
145 - Emese fixed a false positive size overflow report in __vhost_add_used_n, reported by quasar366 (https://forums.grsecurity.net/viewtopic.php?f=3&t=4329)
146 - fixed a potential integer truncation error in the raid1 code caught by the size overflow plugin, reported by d1b (https://forums.grsecurity.net/viewtopic.php?f=3&t=4331)
149 drivers/md/md.c | 5 ++-
150 drivers/md/raid1.c | 2 +-
151 fs/proc/task_mmu.c | 3 ++
152 .../disable_size_overflow_hash.data | 4 ++-
153 .../size_overflow_plugin/intentional_overflow.c | 32 ++++++++++++++++---
154 .../size_overflow_plugin/size_overflow_hash.data | 2 -
155 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
156 8 files changed, 43 insertions(+), 12 deletions(-)
158 commit 2fd6be640143ad13633518208bb1ba5730bf4949
159 Author: Eric Dumazet <edumazet@google.com>
160 Date: Tue Dec 1 20:08:51 2015 -0800
162 net_sched: fix qdisc_tree_decrease_qlen() races
164 qdisc_tree_decrease_qlen() suffers from two problems on multiqueue
167 One problem is that it updates sch->q.qlen and sch->qstats.drops
168 on the mq/mqprio root qdisc, while it should not : Daniele
169 reported underflows errors :
170 [ 681.774821] PAX: sch->q.qlen: 0 n: 1
171 [ 681.774825] PAX: size overflow detected in function qdisc_tree_decrease_qlen net/sched/sch_api.c:769 cicus.693_49 min, count: 72, decl: qlen; num: 0; context: sk_buff_head;
172 [ 681.774954] CPU: 2 PID: 19 Comm: ksoftirqd/2 Tainted: G O 4.2.6.201511282239-1-grsec #1
173 [ 681.774955] Hardware name: ASUSTeK COMPUTER INC. X302LJ/X302LJ, BIOS X302LJ.202 03/05/2015
174 [ 681.774956] ffffffffa9a04863 0000000000000000 0000000000000000 ffffffffa990ff7c
175 [ 681.774959] ffffc90000d3bc38 ffffffffa95d2810 0000000000000007 ffffffffa991002b
176 [ 681.774960] ffffc90000d3bc68 ffffffffa91a44f4 0000000000000001 0000000000000001
177 [ 681.774962] Call Trace:
178 [ 681.774967] [<ffffffffa95d2810>] dump_stack+0x4c/0x7f
179 [ 681.774970] [<ffffffffa91a44f4>] report_size_overflow+0x34/0x50
180 [ 681.774972] [<ffffffffa94d17e2>] qdisc_tree_decrease_qlen+0x152/0x160
181 [ 681.774976] [<ffffffffc02694b1>] fq_codel_dequeue+0x7b1/0x820 [sch_fq_codel]
182 [ 681.774978] [<ffffffffc02680a0>] ? qdisc_peek_dequeued+0xa0/0xa0 [sch_fq_codel]
183 [ 681.774980] [<ffffffffa94cd92d>] __qdisc_run+0x4d/0x1d0
184 [ 681.774983] [<ffffffffa949b2b2>] net_tx_action+0xc2/0x160
185 [ 681.774985] [<ffffffffa90664c1>] __do_softirq+0xf1/0x200
186 [ 681.774987] [<ffffffffa90665ee>] run_ksoftirqd+0x1e/0x30
187 [ 681.774989] [<ffffffffa90896b0>] smpboot_thread_fn+0x150/0x260
188 [ 681.774991] [<ffffffffa9089560>] ? sort_range+0x40/0x40
189 [ 681.774992] [<ffffffffa9085fe4>] kthread+0xe4/0x100
190 [ 681.774994] [<ffffffffa9085f00>] ? kthread_worker_fn+0x170/0x170
191 [ 681.774995] [<ffffffffa95d8d1e>] ret_from_fork+0x3e/0x70
193 mq/mqprio have their own ways to report qlen/drops by folding stats on
194 all their queues, with appropriate locking.
196 A second problem is that qdisc_tree_decrease_qlen() calls qdisc_lookup()
197 without proper locking : concurrent qdisc updates could corrupt the list
198 that qdisc_match_from_root() parses to find a qdisc given its handle.
200 Fix first problem adding a TCQ_F_NOPARENT qdisc flag that
201 qdisc_tree_decrease_qlen() can use to abort its tree traversal,
202 as soon as it meets a mq/mqprio qdisc children.
204 Second problem can be fixed by RCU protection.
205 Qdisc are already freed after RCU grace period, so qdisc_list_add() and
206 qdisc_list_del() simply have to use appropriate rcu list variants.
208 A future patch will add a per struct netdev_queue list anchor, so that
209 qdisc_tree_decrease_qlen() can have more efficient lookups.
211 Reported-by: Daniele Fucini <dfucini@gmail.com>
212 Signed-off-by: Eric Dumazet <edumazet@google.com>
213 Cc: Cong Wang <cwang@twopensource.com>
214 Cc: Jamal Hadi Salim <jhs@mojatatu.com>
215 Signed-off-by: David S. Miller <davem@davemloft.net>
219 net/sched/sch_generic.c
221 include/net/sch_generic.h | 3 +++
222 net/sched/sch_api.c | 27 ++++++++++++++++++---------
223 net/sched/sch_generic.c | 2 +-
224 net/sched/sch_mq.c | 4 ++--
225 net/sched/sch_mqprio.c | 4 ++--
226 5 files changed, 26 insertions(+), 14 deletions(-)
228 commit 47e3db55fb66525b7a769de3e2275b5d75a03f39
229 Author: Eric Dumazet <edumazet@google.com>
230 Date: Tue Dec 1 07:20:07 2015 -0800
232 ipv6: sctp: implement sctp_v6_destroy_sock()
234 Dmitry Vyukov reported a memory leak using IPV6 SCTP sockets.
236 We need to call inet6_destroy_sock() to properly release
237 inet6 specific fields.
239 Reported-by: Dmitry Vyukov <dvyukov@google.com>
240 Signed-off-by: Eric Dumazet <edumazet@google.com>
241 Acked-by: Daniel Borkmann <daniel@iogearbox.net>
242 Signed-off-by: David S. Miller <davem@davemloft.net>
244 net/sctp/socket.c | 9 ++++++++-
245 1 files changed, 8 insertions(+), 1 deletions(-)
247 commit c97f798d6e4fb454a7bfbb39fc073c8f538863c9
248 Author: Jan Engelhardt <jengelh@inai.de>
249 Date: Mon Nov 23 17:46:32 2015 +0100
251 target: fix COMPARE_AND_WRITE non zero SGL offset data corruption
253 target_core_sbc's compare_and_write functionality suffers from taking
254 data at the wrong memory location when writing a CAW request to disk
255 when a SGL offset is non-zero.
257 This can happen with loopback and vhost-scsi fabric drivers when
258 SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC is used to map existing user-space
259 SGL memory into COMPARE_AND_WRITE READ/WRITE payload buffers.
261 Given the following sample LIO subtopology,
263 % targetcli ls /loopback/
264 o- loopback ................................. [1 Target]
265 o- naa.6001405ebb8df14a ....... [naa.60014059143ed2b3]
266 o- luns ................................... [2 LUNs]
267 o- lun0 ................ [iblock/ram0 (/dev/ram0)]
268 o- lun1 ................ [iblock/ram1 (/dev/ram1)]
270 [3:0:1:0] disk LIO-ORG IBLOCK 4.0 /dev/sdc /dev/sg3
271 [3:0:1:1] disk LIO-ORG IBLOCK 4.0 /dev/sdd /dev/sg4
273 the following bug can be observed in Linux 4.3 and 4.4~rc1:
275 % perl -e 'print chr$_ for 0..255,reverse 0..255' >rand
276 % perl -e 'print "\0" x 512' >zero
278 % sg_compare_and_write -i rand -D zero --lba 0 /dev/sdd
279 % sg_compare_and_write -i zero -D rand --lba 0 /dev/sdd
281 % hexdump -Cn 512 /dev/sdd
282 00000000 0f 0e 0d 0c 0b 0a 09 08 07 06 05 04 03 02 01 00
283 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
287 Rather than writing all-zeroes as instructed with the -D file, it
288 corrupts the data in the sector by splicing some of the original
289 bytes in. The page of the first entry of cmd->t_data_sg includes the
290 CDB, and sg->offset is set to a position past the CDB. I presume that
291 sg->offset is also the right choice to use for subsequent sglist
294 Signed-off-by: Jan Engelhardt <jengelh@netitwork.de>
295 Tested-by: Douglas Gilbert <dgilbert@interlog.com>
296 Cc: <stable@vger.kernel.org> # v3.12+
297 Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
299 drivers/target/target_core_sbc.c | 4 ++--
300 1 files changed, 2 insertions(+), 2 deletions(-)
302 commit 43aa1ca4268298d8f65be2411d627573f33afb3e
303 Author: Nicholas Bellinger <nab@linux-iscsi.org>
304 Date: Thu Nov 5 23:37:59 2015 -0800
306 target: Fix race for SCF_COMPARE_AND_WRITE_POST checking
308 This patch addresses a race + use after free where the first
309 stage of COMPARE_AND_WRITE in compare_and_write_callback()
310 is rescheduled after the backend sends the secondary WRITE,
311 resulting in second stage compare_and_write_post() callback
312 completing in target_complete_ok_work() before the first
315 Because current code depends on checking se_cmd->se_cmd_flags
316 after return from se_cmd->transport_complete_callback(),
317 this results in first stage having SCF_COMPARE_AND_WRITE_POST
318 set, which incorrectly falls through into second stage CAW
319 processing code, eventually triggering a NULL pointer
320 dereference due to use after free.
322 To address this bug, pass in a new *post_ret parameter into
323 se_cmd->transport_complete_callback(), and depend upon this
324 value instead of ->se_cmd_flags to determine when to return
325 or fall through into ->queue_status() code for CAW.
327 Cc: Sagi Grimberg <sagig@mellanox.com>
328 Cc: <stable@vger.kernel.org> # v3.12+
329 Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
331 drivers/target/target_core_sbc.c | 13 +++++++++----
332 drivers/target/target_core_transport.c | 14 ++++++++------
333 include/target/target_core_base.h | 2 +-
334 3 files changed, 18 insertions(+), 11 deletions(-)
336 commit c26b157afe2cbde205fcdd36c0b0cc6ca36c2a6e
337 Author: Hannes Frederic Sowa <hannes@stressinduktion.org>
338 Date: Thu Nov 26 12:08:18 2015 +0100
340 af-unix: passcred support for sendpage
342 sendpage did not care about credentials at all. This could lead to
343 situations in which because of fd passing between processes we could
344 append data to skbs with different scm data. It is illegal to splice those
345 skbs together. Instead we have to allocate a new skb and if requested
346 fill out the scm details.
348 Fixes: 869e7c62486ec ("net: af_unix: implement stream sendpage support")
349 Reported-by: Al Viro <viro@zeniv.linux.org.uk>
350 Cc: Al Viro <viro@zeniv.linux.org.uk>
351 Cc: Eric Dumazet <edumazet@google.com>
352 Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
353 Signed-off-by: David S. Miller <davem@davemloft.net>
355 net/unix/af_unix.c | 79 ++++++++++++++++++++++++++++++++++++++++++----------
356 1 files changed, 64 insertions(+), 15 deletions(-)
358 commit db1370c0dee2dfc22c3549eff6791afd19aaa365
359 Author: Peter Hurley <peter@hurleysoftware.com>
360 Date: Fri Nov 27 14:18:39 2015 -0500
362 wan/x25: Fix use-after-free in x25_asy_open_tty()
364 The N_X25 line discipline may access the previous line discipline's closed
365 and already-freed private data on open [1].
367 The tty->disc_data field _never_ refers to valid data on entry to the
368 line discipline's open() method. Rather, the ldisc is expected to
369 initialize that field for its own use for the lifetime of the instance
370 (ie. from open() to close() only).
373 [ 634.336761] ==================================================================
374 [ 634.338226] BUG: KASAN: use-after-free in x25_asy_open_tty+0x13d/0x490 at addr ffff8800a743efd0
375 [ 634.339558] Read of size 4 by task syzkaller_execu/8981
376 [ 634.340359] =============================================================================
377 [ 634.341598] BUG kmalloc-512 (Not tainted): kasan: bad access detected
379 [ 634.405018] Call Trace:
380 [ 634.405277] dump_stack (lib/dump_stack.c:52)
381 [ 634.405775] print_trailer (mm/slub.c:655)
382 [ 634.406361] object_err (mm/slub.c:662)
383 [ 634.406824] kasan_report_error (mm/kasan/report.c:138 mm/kasan/report.c:236)
384 [ 634.409581] __asan_report_load4_noabort (mm/kasan/report.c:279)
385 [ 634.411355] x25_asy_open_tty (drivers/net/wan/x25_asy.c:559 (discriminator 1))
386 [ 634.413997] tty_ldisc_open.isra.2 (drivers/tty/tty_ldisc.c:447)
387 [ 634.414549] tty_set_ldisc (drivers/tty/tty_ldisc.c:567)
388 [ 634.415057] tty_ioctl (drivers/tty/tty_io.c:2646 drivers/tty/tty_io.c:2879)
389 [ 634.423524] do_vfs_ioctl (fs/ioctl.c:43 fs/ioctl.c:607)
390 [ 634.427491] SyS_ioctl (fs/ioctl.c:622 fs/ioctl.c:613)
391 [ 634.427945] entry_SYSCALL_64_fastpath (arch/x86/entry/entry_64.S:188)
393 Reported-and-tested-by: Sasha Levin <sasha.levin@oracle.com>
394 Cc: <stable@vger.kernel.org>
395 Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
396 Signed-off-by: David S. Miller <davem@davemloft.net>
398 drivers/net/wan/x25_asy.c | 6 +-----
399 1 files changed, 1 insertions(+), 5 deletions(-)
401 commit 39f32f33dc362f9704113cc7874238792f8294c9
402 Author: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
403 Date: Mon Nov 30 14:32:54 2015 -0200
405 sctp: use GFP_USER for user-controlled kmalloc
407 Dmitry Vyukov reported that the user could trigger a kernel warning by
408 using a large len value for getsockopt SCTP_GET_LOCAL_ADDRS, as that
409 value directly affects the value used as a kmalloc() parameter.
411 This patch thus switches the allocation flags from all user-controllable
412 kmalloc size to GFP_USER to put some more restrictions on it and also
413 disables the warn, as they are not necessary.
415 Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
416 Acked-by: Daniel Borkmann <daniel@iogearbox.net>
417 Signed-off-by: David S. Miller <davem@davemloft.net>
419 net/sctp/socket.c | 4 ++--
420 1 files changed, 2 insertions(+), 2 deletions(-)
422 commit 70614db891859ff8474665fc0e982e772c5baf6c
423 Merge: 2aa7479 7f57ad4
424 Author: Brad Spengler <spender@grsecurity.net>
425 Date: Sat Nov 28 21:58:09 2015 -0500
427 Merge branch 'pax-test' into grsec-test
429 commit 7f57ad48fc90cc2c942ef8cad44804ea6cdbfc67
430 Author: Brad Spengler <spender@grsecurity.net>
431 Date: Sat Nov 28 21:57:41 2015 -0500
433 Update to pax-linux-4.2.6-test25.patch:
434 - fixed constify regression, reported by spender
436 tools/gcc/constify_plugin.c | 14 +++++++-------
437 tools/gcc/initify_plugin.c | 2 +-
438 .../size_overflow_plugin/size_overflow_transform.c | 13 ++++++-------
439 tools/gcc/structleak_plugin.c | 2 +-
440 4 files changed, 15 insertions(+), 16 deletions(-)
442 commit 2aa74790571aaea3d90191b1d235f580600d109f
443 Merge: e10e76a 0851e20
444 Author: Brad Spengler <spender@grsecurity.net>
445 Date: Fri Nov 27 21:02:06 2015 -0500
447 Merge branch 'pax-test' into grsec-test
449 commit 0851e206a7d21e18d353984cb3f827158ce4237b
450 Author: Brad Spengler <spender@grsecurity.net>
451 Date: Fri Nov 27 21:01:41 2015 -0500
453 Update to pax-linux-4.2.6-test24.patch:
454 - Emese fixed a few false positive overflow reports due to intentional overflows introduced by gcc, reported by Arnaud, kdave (https://forums.grsecurity.net/viewtopic.php?t=4287&p=15813#p15799) and rfnx (https://forums.grsecurity.net/viewtopic.php?t=4322)
455 - Emese fixed a false positive size overflow report in ext4, reported by saironiq (https://forums.grsecurity.net/viewtopic.php?f=3&t=4324)
456 - fixed a potential integer truncation error in the raid10 code caught by the size overflow plugin, reported by Alexander Tsoy (https://bugs.gentoo.org/show_bug.cgi?id=566316#c10)
457 - fixed a few integer sign conversion errors in the kernel's zlib code caught by the size overflow plugin, reported by audiocricket (https://forums.grsecurity.net/viewtopic.php?f=3&t=4325)
458 - fixed the handling of the no-constify constify plugin parameter
459 - constified kvm_x86_ops
460 - fixed macro param usage in access_ok, reported by gcc-6
461 - turned off ipa-icf on the size overflow plugin as gcc-5 compiles it very slowly
462 - fixed all plugins for gcc-6
464 arch/arm/kvm/arm.c | 2 +-
465 arch/mips/kvm/mips.c | 2 +-
466 arch/powerpc/kvm/powerpc.c | 2 +-
467 arch/x86/include/asm/uaccess.h | 2 +-
468 arch/x86/kvm/svm.c | 2 +-
469 arch/x86/kvm/vmx.c | 24 ++++----
470 arch/x86/kvm/x86.c | 2 +-
472 drivers/md/raid10.c | 2 +-
473 include/linux/kvm_host.h | 4 +-
474 scripts/Makefile.host | 6 ++
475 tools/gcc/constify_plugin.c | 27 +++++---
476 tools/gcc/initify_plugin.c | 6 +-
477 tools/gcc/kernexec_plugin.c | 10 +--
478 tools/gcc/size_overflow_plugin/Makefile | 2 +
479 .../disable_size_overflow_hash.data | 3 +
480 .../insert_size_overflow_asm.c | 2 +-
481 .../size_overflow_plugin/intentional_overflow.c | 63 ++++++++++++++++++++
482 tools/gcc/size_overflow_plugin/size_overflow.h | 1 +
483 .../gcc/size_overflow_plugin/size_overflow_debug.c | 2 +-
484 .../size_overflow_plugin/size_overflow_hash.data | 3 -
485 tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 2 +-
486 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
487 .../size_overflow_plugin/size_overflow_transform.c | 14 +++--
488 .../size_overflow_transform_core.c | 2 +
489 virt/kvm/kvm_main.c | 2 +-
490 26 files changed, 140 insertions(+), 57 deletions(-)
492 commit e10e76a7ca9aab3528a613e91b556fd2f961c446
493 Author: Brad Spengler <spender@grsecurity.net>
494 Date: Fri Nov 27 20:04:14 2015 -0500
496 update RANDSTRUCT for gcc6
498 tools/gcc/randomize_layout_plugin.c | 2 +-
499 1 files changed, 1 insertions(+), 1 deletions(-)
501 commit dd166b8680fdf8a72b44f175630803f33f442428
502 Author: Filipe Manana <fdmanana@suse.com>
503 Date: Fri Oct 16 12:34:25 2015 +0100
505 Btrfs: fix truncation of compressed and inlined extents
507 When truncating a file to a smaller size which consists of an inline
508 extent that is compressed, we did not discard (or made unusable) the
509 data between the new file size and the old file size, wasting metadata
510 space and allowing for the truncated data to be leaked and the data
511 corruption/loss mentioned below.
512 We were also not correctly decrementing the number of bytes used by the
513 inode, we were setting it to zero, giving a wrong report for callers of
514 the stat(2) syscall. The fsck tool also reported an error about a mismatch
515 between the nbytes of the file versus the real space used by the file.
517 Now because we weren't discarding the truncated region of the file, it
518 was possible for a caller of the clone ioctl to actually read the data
519 that was truncated, allowing for a security breach without requiring root
520 access to the system, using only standard filesystem operations. The
521 scenario is the following:
523 1) User A creates a file which consists of an inline and compressed
524 extent with a size of 2000 bytes - the file is not accessible to
525 any other users (no read, write or execution permission for anyone
528 2) The user truncates the file to a size of 1000 bytes;
530 3) User A makes the file world readable;
532 4) User B creates a file consisting of an inline extent of 2000 bytes;
534 5) User B issues a clone operation from user A's file into its own
535 file (using a length argument of 0, clone the whole range);
537 6) User B now gets to see the 1000 bytes that user A truncated from
538 its file before it made its file world readbale. User B also lost
539 the bytes in the range [1000, 2000[ bytes from its own file, but
540 that might be ok if his/her intention was reading stale data from
541 user A that was never supposed to be public.
543 Note that this contrasts with the case where we truncate a file from 2000
544 bytes to 1000 bytes and then truncate it back from 1000 to 2000 bytes. In
545 this case reading any byte from the range [1000, 2000[ will return a value
546 of 0x00, instead of the original data.
548 This problem exists since the clone ioctl was added and happens both with
549 and without my recent data loss and file corruption fixes for the clone
550 ioctl (patch "Btrfs: fix file corruption and data loss after cloning
553 So fix this by truncating the compressed inline extents as we do for the
554 non-compressed case, which involves decompressing, if the data isn't already
555 in the page cache, compressing the truncated version of the extent, writing
556 the compressed content into the inline extent and then truncate it.
558 The following test case for fstests reproduces the problem. In order for
559 the test to pass both this fix and my previous fix for the clone ioctl
560 that forbids cloning a smaller inline extent into a larger one,
561 which is titled "Btrfs: fix file corruption and data loss after cloning
562 inline extents", are needed. Without that other fix the test fails in a
563 different way that does not leak the truncated data, instead part of
564 destination file gets replaced with zeroes (because the destination file
565 has a larger inline extent than the source).
568 seqres=$RESULT_DIR/$seq
569 echo "QA output created by $seq"
571 status=1 # failure is the default!
572 trap "_cleanup; exit \$status" 0 1 2 3 15
579 # get standard environment, filters and checks
583 # real QA test starts here
592 _scratch_mkfs >>$seqres.full 2>&1
593 _scratch_mount "-o compress"
595 # Create our test files. File foo is going to be the source of a clone operation
596 # and consists of a single inline extent with an uncompressed size of 512 bytes,
597 # while file bar consists of a single inline extent with an uncompressed size of
598 # 256 bytes. For our test's purpose, it's important that file bar has an inline
599 # extent with a size smaller than foo's inline extent.
600 $XFS_IO_PROG -f -c "pwrite -S 0xa1 0 128" \
601 -c "pwrite -S 0x2a 128 384" \
602 $SCRATCH_MNT/foo | _filter_xfs_io
603 $XFS_IO_PROG -f -c "pwrite -S 0xbb 0 256" $SCRATCH_MNT/bar | _filter_xfs_io
605 # Now durably persist all metadata and data. We do this to make sure that we get
606 # on disk an inline extent with a size of 512 bytes for file foo.
609 # Now truncate our file foo to a smaller size. Because it consists of a
610 # compressed and inline extent, btrfs did not shrink the inline extent to the
611 # new size (if the extent was not compressed, btrfs would shrink it to 128
612 # bytes), it only updates the inode's i_size to 128 bytes.
613 $XFS_IO_PROG -c "truncate 128" $SCRATCH_MNT/foo
615 # Now clone foo's inline extent into bar.
616 # This clone operation should fail with errno EOPNOTSUPP because the source
617 # file consists only of an inline extent and the file's size is smaller than
618 # the inline extent of the destination (128 bytes < 256 bytes). However the
619 # clone ioctl was not prepared to deal with a file that has a size smaller
620 # than the size of its inline extent (something that happens only for compressed
621 # inline extents), resulting in copying the full inline extent from the source
622 # file into the destination file.
624 # Note that btrfs' clone operation for inline extents consists of removing the
625 # inline extent from the destination inode and copy the inline extent from the
626 # source inode into the destination inode, meaning that if the destination
627 # inode's inline extent is larger (N bytes) than the source inode's inline
628 # extent (M bytes), some bytes (N - M bytes) will be lost from the destination
629 # file. Btrfs could copy the source inline extent's data into the destination's
630 # inline extent so that we would not lose any data, but that's currently not
631 # done due to the complexity that would be needed to deal with such cases
632 # (specially when one or both extents are compressed), returning EOPNOTSUPP, as
633 # it's normally not a very common case to clone very small files (only case
634 # where we get inline extents) and copying inline extents does not save any
635 # space (unlike for normal, non-inlined extents).
636 $CLONER_PROG -s 0 -d 0 -l 0 $SCRATCH_MNT/foo $SCRATCH_MNT/bar
638 # Now because the above clone operation used to succeed, and due to foo's inline
639 # extent not being shinked by the truncate operation, our file bar got the whole
640 # inline extent copied from foo, making us lose the last 128 bytes from bar
641 # which got replaced by the bytes in range [128, 256[ from foo before foo was
642 # truncated - in other words, data loss from bar and being able to read old and
643 # stale data from foo that should not be possible to read anymore through normal
644 # filesystem operations. Contrast with the case where we truncate a file from a
645 # size N to a smaller size M, truncate it back to size N and then read the range
646 # [M, N[, we should always get the value 0x00 for all the bytes in that range.
648 # We expected the clone operation to fail with errno EOPNOTSUPP and therefore
649 # not modify our file's bar data/metadata. So its content should be 256 bytes
650 # long with all bytes having the value 0xbb.
652 # Without the btrfs bug fix, the clone operation succeeded and resulted in
653 # leaking truncated data from foo, the bytes that belonged to its range
654 # [128, 256[, and losing data from bar in that same range. So reading the
655 # file gave us the following content:
657 # 0000000 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1 a1
659 # 0000200 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a
662 echo "File bar's content after the clone operation:"
663 od -t x1 $SCRATCH_MNT/bar
665 # Also because the foo's inline extent was not shrunk by the truncate
666 # operation, btrfs' fsck, which is run by the fstests framework everytime a
667 # test completes, failed reporting the following error:
669 # root 5 inode 257 errors 400, nbytes wrong
674 Cc: stable@vger.kernel.org
675 Signed-off-by: Filipe Manana <fdmanana@suse.com>
677 fs/btrfs/inode.c | 82 ++++++++++++++++++++++++++++++++++++++++++++---------
678 1 files changed, 68 insertions(+), 14 deletions(-)
680 commit fe6936fd0f41ee2dccce47f5642251649a54e4d4
681 Author: Christoph Biedl <linux-kernel.bfrz@manchmal.in-ulm.de>
682 Date: Wed Nov 25 07:47:40 2015 +0100
684 isdn: Partially revert debug format string usage clean up
686 Commit 35a4a57 ("isdn: clean up debug format string usage") introduced
687 a safeguard to avoid accidential format string interpolation of data
688 when calling debugl1 or HiSax_putstatus. This did however not take into
689 account VHiSax_putstatus (called by HiSax_putstatus) does *not* call
690 vsprintf if the head parameter is NULL - the format string is treated
691 as plain text then instead. As a result, the string "%s" is processed
692 literally, and the actual information is lost. This affects the isdnlog
693 userspace program which stopped logging information since that commit.
695 So revert the HiSax_putstatus invocations to the previous state.
697 Fixes: 35a4a5733b0a ("isdn: clean up debug format string usage")
698 Cc: Kees Cook <keescook@chromium.org>
699 Cc: Karsten Keil <isdn@linux-pingi.de>
700 Signed-off-by: Christoph Biedl <linux-kernel.bfrz@manchmal.in-ulm.de>
701 Signed-off-by: David S. Miller <davem@davemloft.net>
703 drivers/isdn/hisax/config.c | 2 +-
704 drivers/isdn/hisax/hfc_pci.c | 2 +-
705 drivers/isdn/hisax/hfc_sx.c | 2 +-
706 drivers/isdn/hisax/q931.c | 6 +++---
707 4 files changed, 6 insertions(+), 6 deletions(-)
709 commit 574035e44b3d49a71f1c0737b7b49bf60ddf0ce7
710 Author: Brad Spengler <spender@grsecurity.net>
711 Date: Wed Nov 25 20:24:52 2015 -0500
713 future-proof the code against users of VM_NO_GUARD, mark KASAN as an incompatibility with KSTACKOVERFLOW
715 lib/Kconfig.kasan | 2 +-
717 2 files changed, 3 insertions(+), 1 deletions(-)
719 commit 8a355f2c56ecd40ada14fd16717105ea9a9ac0b5
720 Author: Al Viro <viro@zeniv.linux.org.uk>
721 Date: Mon Nov 23 21:11:08 2015 -0500
725 The thing got broken back in 2002 - sysvfs does *not* have inline
726 symlinks; even short ones have bodies stored in the first block
727 of file. sysv_symlink() handles that correctly; unfortunately,
728 attempting to look an existing symlink up will end up confusing
729 them for inline symlinks, and interpret the block number containing
730 the body as the body itself.
732 Nobody has noticed until now, which says something about the level
733 of testing sysvfs gets ;-/
735 Cc: stable@vger.kernel.org # all of them, not that anyone cared
736 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
738 fs/sysv/inode.c | 11 ++---------
739 1 files changed, 2 insertions(+), 9 deletions(-)
741 commit 195f1b816ff4cdcc8defc2dc0424cf25a0d937fb
742 Author: Jan Kara <jack@suse.cz>
743 Date: Mon Nov 23 13:09:50 2015 +0100
745 vfs: Make sendfile(2) killable even better
747 Commit 296291cdd162 (mm: make sendfile(2) killable) fixed an issue where
748 sendfile(2) was doing a lot of tiny writes into a filesystem and thus
749 was unkillable for a long time. However sendfile(2) can be (mis)used to
750 issue lots of writes into arbitrary file descriptor such as evenfd or
751 similar special file descriptors which never hit the standard filesystem
752 write path and thus are still unkillable. E.g. the following example
753 from Dmitry burns CPU for ~16s on my test system without possibility to
756 int r1 = eventfd(0, 0);
757 int r2 = memfd_create("", 0);
758 unsigned long n = 1<<30;
759 fallocate(r2, 0, 0, n);
760 sendfile(r1, r2, 0, n);
762 There are actually quite a few tests for pending signals in sendfile
763 code however we data to write is always available none of them seems to
764 trigger. So fix the problem by adding a test for pending signal into
765 splice_from_pipe_next() also before the loop waiting for pipe buffers to
766 be available. This should fix all the lockup issues with sendfile of the
767 do-ton-of-tiny-writes nature.
769 CC: stable@vger.kernel.org
770 Reported-by: Dmitry Vyukov <dvyukov@google.com>
771 Signed-off-by: Jan Kara <jack@suse.cz>
772 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
774 fs/splice.c | 7 +++++++
775 1 files changed, 7 insertions(+), 0 deletions(-)
777 commit 92470552efa5a49718308238c7da9ba2579a1147
778 Author: Jan Kara <jack@suse.cz>
779 Date: Mon Nov 23 13:09:51 2015 +0100
781 vfs: Avoid softlockups with sendfile(2)
783 The following test program from Dmitry can cause softlockups or RCU
784 stalls as it copies 1GB from tmpfs into eventfd and we don't have any
785 scheduling point at that path in sendfile(2) implementation:
787 int r1 = eventfd(0, 0);
788 int r2 = memfd_create("", 0);
789 unsigned long n = 1<<30;
790 fallocate(r2, 0, 0, n);
791 sendfile(r1, r2, 0, n);
793 Add cond_resched() into __splice_from_pipe() to fix the problem.
795 CC: Dmitry Vyukov <dvyukov@google.com>
796 CC: stable@vger.kernel.org
797 Signed-off-by: Jan Kara <jack@suse.cz>
798 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
801 1 files changed, 1 insertions(+), 0 deletions(-)
803 commit 28ab97eb348dca6653eccb40d012103786d03ae6
804 Author: Eric Dumazet <edumazet@google.com>
805 Date: Tue Nov 24 11:39:54 2015 -0800
807 pidns: fix NULL dereference in __task_pid_nr_ns()
809 I got a crash during a "perf top" session that was caused by a race in
812 pid_nr_ns() was inlined, but apparently compiler chose to read
813 task->pids[type].pid twice, and the pid->level dereference crashed
814 because we got a NULL pointer at the second read :
816 if (pid && ns->level <= pid->level) { // CRASH
818 Just use RCU API properly to solve this race, and not worry about "perf
819 top" crashing hosts :(
821 get_task_pid() can benefit from same fix.
823 Signed-off-by: Eric Dumazet <edumazet@google.com>
824 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
826 kernel/pid.c | 4 ++--
827 1 files changed, 2 insertions(+), 2 deletions(-)
829 commit 2545f7485c4676c52855750b992d8c1921e559c4
830 Merge: 93a41eb 83df348
831 Author: Brad Spengler <spender@grsecurity.net>
832 Date: Mon Nov 23 20:30:33 2015 -0500
834 Merge branch 'pax-test' into grsec-test
836 commit 83df3482b33ef4d8192a253a6852e9a9db1f7dca
837 Author: Brad Spengler <spender@grsecurity.net>
838 Date: Mon Nov 23 20:30:16 2015 -0500
840 Update to pax-linux-4.2.6-test23.patch:
841 - fixed gcc-common.h regression under gcc-5, reported by Arnaud and coldhak
842 - fixed ath10k compile error with the size overflow plugin, reported by victor and careta (https://forums.grsecurity.net/viewtopic.php?t=4323)
844 drivers/net/wireless/ath/ath10k/ce.c | 4 ++--
845 tools/gcc/gcc-common.h | 13 ++++++-------
846 2 files changed, 8 insertions(+), 9 deletions(-)
848 commit 93a41eb6e3a7ab9446658b6d2ec4623014b55232
849 Author: Brad Spengler <spender@grsecurity.net>
850 Date: Sun Nov 22 17:14:38 2015 -0500
854 tools/gcc/gcc-common.h | 13 ++++++-------
855 1 files changed, 6 insertions(+), 7 deletions(-)
857 commit 7da11be9f025bd8193f03f9b32697bc1ce8ac650
858 Author: Andrew Cooper <andrew.cooper3@citrix.com>
859 Date: Wed Jun 3 10:31:14 2015 +0100
861 x86/cpu: Fix SMAP check in PVOPS environments
863 There appears to be no formal statement of what pv_irq_ops.save_fl() is
864 supposed to return precisely. Native returns the full flags, while lguest and
865 Xen only return the Interrupt Flag, and both have comments by the
866 implementations stating that only the Interrupt Flag is looked at. This may
867 have been true when initially implemented, but no longer is.
869 To make matters worse, the Xen PVOP leaves the upper bits undefined, making
870 the BUG_ON() undefined behaviour. Experimentally, this now trips for 32bit PV
871 guests on Broadwell hardware. The BUG_ON() is consistent for an individual
872 build, but not consistent for all builds. It has also been a sitting timebomb
873 since SMAP support was introduced.
875 Use native_save_fl() instead, which will obtain an accurate view of the AC
878 Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
879 Reviewed-by: David Vrabel <david.vrabel@citrix.com>
880 Tested-by: Rusty Russell <rusty@rustcorp.com.au>
881 Cc: Rusty Russell <rusty@rustcorp.com.au>
882 Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
883 Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
884 Cc: <lguest@lists.ozlabs.org>
885 Cc: Xen-devel <xen-devel@lists.xen.org>
886 CC: stable@vger.kernel.org
887 Link: http://lkml.kernel.org/r/1433323874-6927-1-git-send-email-andrew.cooper3@citrix.com
888 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
890 arch/x86/kernel/cpu/common.c | 3 +--
891 1 files changed, 1 insertions(+), 2 deletions(-)
893 commit 08ce34cf092b9f1b5311f156df4182a282bf7acc
894 Author: Dave Hansen <dave.hansen@linux.intel.com>
895 Date: Wed Nov 11 10:19:31 2015 -0800
897 x86/mpx: Do proper get_user() when running 32-bit binaries on 64-bit kernels
899 When you call get_user(foo, bar), you effectively do a
901 copy_from_user(&foo, bar, sizeof(*bar));
903 Note that the sizeof() is implicit.
905 When we reach out to userspace to try to zap an entire "bounds
906 table" we need to go read a "bounds directory entry" in order to
907 locate the table's address. The size of a "directory entry"
908 depends on the binary being run and is always the size of a
911 But, when we have a 64-bit kernel and a 32-bit application, the
912 directory entry is still only 32-bits long, but we fetch it with
913 a 64-bit pointer which makes get_user() does a 64-bit fetch.
914 Reading 4 extra bytes isn't harmful, unless we are at the end of
915 and run off the table. It might also cause the zero page to get
916 faulted in unnecessarily even if you are not at the end.
918 Fix it up by doing a special 32-bit get_user() via a cast when
919 we have 32-bit userspace.
921 Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
922 Cc: <stable@vger.kernel.org>
923 Cc: Andy Lutomirski <luto@amacapital.net>
924 Cc: Borislav Petkov <bp@alien8.de>
925 Cc: Brian Gerst <brgerst@gmail.com>
926 Cc: Dave Hansen <dave@sr71.net>
927 Cc: Denys Vlasenko <dvlasenk@redhat.com>
928 Cc: H. Peter Anvin <hpa@zytor.com>
929 Cc: Linus Torvalds <torvalds@linux-foundation.org>
930 Cc: Peter Zijlstra <peterz@infradead.org>
931 Cc: Thomas Gleixner <tglx@linutronix.de>
932 Link: http://lkml.kernel.org/r/20151111181931.3ACF6822@viggo.jf.intel.com
933 Signed-off-by: Ingo Molnar <mingo@kernel.org>
935 arch/x86/mm/mpx.c | 25 ++++++++++++++++++++++++-
936 1 files changed, 24 insertions(+), 1 deletions(-)
938 commit 9e1e1d1d6f6f41b13a6e85f25e27aee4410f58bf
939 Author: Dave Hansen <dave.hansen@linux.intel.com>
940 Date: Wed Nov 11 10:19:34 2015 -0800
942 x86/mpx: Fix 32-bit address space calculation
944 I received a bug report that running 32-bit MPX binaries on
945 64-bit kernels was broken. I traced it down to this little code
946 snippet. We were switching our "number of bounds directory
947 entries" calculation correctly. But, we didn't switch the other
948 side of the calculation: the virtual space size.
950 This meant that we were calculating an absurd size for
951 bd_entry_virt_space() on 32-bit because we used the 64-bit
954 This was _also_ broken for 32-bit kernels running on 64-bit
955 hardware since boot_cpu_data.x86_virt_bits=48 even when running
958 Correct that and properly handle all 3 possible cases:
960 1. 32-bit binary on 64-bit kernel
961 2. 64-bit binary on 64-bit kernel
962 3. 32-bit binary on 32-bit kernel
964 This manifested in having bounds tables not properly unmapped.
965 It "leaked" memory but had no functional impact otherwise.
967 Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
968 Cc: <stable@vger.kernel.org>
969 Cc: Andy Lutomirski <luto@amacapital.net>
970 Cc: Borislav Petkov <bp@alien8.de>
971 Cc: Brian Gerst <brgerst@gmail.com>
972 Cc: Dave Hansen <dave@sr71.net>
973 Cc: Denys Vlasenko <dvlasenk@redhat.com>
974 Cc: H. Peter Anvin <hpa@zytor.com>
975 Cc: Linus Torvalds <torvalds@linux-foundation.org>
976 Cc: Peter Zijlstra <peterz@infradead.org>
977 Cc: Thomas Gleixner <tglx@linutronix.de>
978 Link: http://lkml.kernel.org/r/20151111181934.FA7FAC34@viggo.jf.intel.com
979 Signed-off-by: Ingo Molnar <mingo@kernel.org>
981 arch/x86/mm/mpx.c | 22 +++++++++++++++++-----
982 1 files changed, 17 insertions(+), 5 deletions(-)
984 commit c197eee75054d90aafe695c0edb4f25feb469292
985 Author: Huaitong Han <huaitong.han@intel.com>
986 Date: Fri Nov 6 17:00:23 2015 +0800
988 x86/fpu: Fix get_xsave_addr() behavior under virtualization
990 KVM uses the get_xsave_addr() function in a different fashion from
991 the native kernel, in that the 'xsave' parameter belongs to guest vcpu,
992 not the currently running task.
994 But 'xsave' is replaced with current task's (host) xsave structure, so
995 get_xsave_addr() will incorrectly return the bad xsave address to KVM.
997 Fix it so that the passed in 'xsave' address is used - as intended
1000 Signed-off-by: Huaitong Han <huaitong.han@intel.com>
1001 Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
1002 Cc: <stable@vger.kernel.org>
1003 Cc: Andy Lutomirski <luto@amacapital.net>
1004 Cc: Paolo Bonzini <pbonzini@redhat.com>
1005 Cc: Borislav Petkov <bp@alien8.de>
1006 Cc: Fenghua Yu <fenghua.yu@intel.com>
1007 Cc: H. Peter Anvin <hpa@zytor.com>
1008 Cc: Linus Torvalds <torvalds@linux-foundation.org>
1009 Cc: Oleg Nesterov <oleg@redhat.com>
1010 Cc: Peter Zijlstra <peterz@infradead.org>
1011 Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com>
1012 Cc: Thomas Gleixner <tglx@linutronix.de>
1013 Cc: dave.hansen@intel.com
1014 Link: http://lkml.kernel.org/r/1446800423-21622-1-git-send-email-huaitong.han@intel.com
1015 [ Tidied up the changelog. ]
1016 Signed-off-by: Ingo Molnar <mingo@kernel.org>
1020 arch/x86/kernel/fpu/xstate.c
1022 arch/x86/kernel/fpu/xstate.c | 1 -
1023 1 files changed, 0 insertions(+), 1 deletions(-)
1025 commit 460cdd8a9a19731ce27333866943eed81cba1d96
1026 Author: Dave Hansen <dave.hansen@linux.intel.com>
1027 Date: Tue Nov 10 16:23:54 2015 -0800
1029 x86/fpu: Fix 32-bit signal frame handling
1031 (This should have gone to LKML originally. Sorry for the extra
1032 noise, folks on the cc.)
1036 Signal frames on x86 have two formats:
1038 1. For 32-bit executables (whether on a real 32-bit kernel or
1039 under 32-bit emulation on a 64-bit kernel) we have a
1040 'fpregset_t' that includes the "FSAVE" registers.
1042 2. For 64-bit executables (on 64-bit kernels obviously), the
1043 'fpregset_t' is smaller and does not contain the "FSAVE"
1046 When creating the signal frame, we have to be aware of whether
1047 we are running a 32 or 64-bit executable so we create the
1048 correct format signal frame.
1052 save_xstate_epilog() uses 'fx_sw_reserved_ia32' whenever it is
1053 called for a 32-bit executable. This is for real 32-bit and
1056 But, fpu__init_prepare_fx_sw_frame() only initializes
1057 'fx_sw_reserved_ia32' when emulation is enabled, *NOT* for real
1060 This leads to really wierd situations where 32-bit programs
1061 lose their extended state when returning from a signal handler.
1062 The kernel copies the uninitialized (zero) 'fx_sw_reserved_ia32'
1063 out to userspace in save_xstate_epilog(). But when returning
1064 from the signal, the kernel errors out in check_for_xstate()
1065 when it does not see FP_XSTATE_MAGIC1 present (because it was
1066 zeroed). This leads to the FPU/XSAVE state being initialized.
1068 For MPX, this leads to the most permissive state and means we
1069 silently lose bounds violations. I think this would also mean
1070 that we could lose *ANY* FPU/SSE/AVX state. I'm not sure why
1071 no one has spotted this bug.
1073 I believe this was broken by:
1075 72a671ced66d ("x86, fpu: Unify signal handling code paths for x86 and x86_64 kernels")
1079 Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
1080 Cc: <stable@vger.kernel.org>
1081 Cc: Andy Lutomirski <luto@amacapital.net>
1082 Cc: Borislav Petkov <bp@alien8.de>
1083 Cc: Brian Gerst <brgerst@gmail.com>
1084 Cc: Denys Vlasenko <dvlasenk@redhat.com>
1085 Cc: H. Peter Anvin <hpa@zytor.com>
1086 Cc: Linus Torvalds <torvalds@linux-foundation.org>
1087 Cc: Peter Zijlstra <peterz@infradead.org>
1088 Cc: Thomas Gleixner <tglx@linutronix.de>
1090 Cc: fenghua.yu@intel.com
1091 Cc: yu-cheng.yu@intel.com
1092 Link: http://lkml.kernel.org/r/20151111002354.A0799571@viggo.jf.intel.com
1093 Signed-off-by: Ingo Molnar <mingo@kernel.org>
1095 arch/x86/kernel/fpu/signal.c | 11 +++++------
1096 1 files changed, 5 insertions(+), 6 deletions(-)
1098 commit c3f2cc8921a08fff1fbad9127dd7a30c4a953e88
1099 Author: Brad Spengler <spender@grsecurity.net>
1100 Date: Sat Nov 21 18:36:58 2015 -0500
1102 Fix gcc 5.x compilation, reported by Arnaud and coldhak
1104 tools/gcc/gcc-common.h | 2 +-
1105 1 files changed, 1 insertions(+), 1 deletions(-)
1107 commit f0ea1bc982c60c1c39d0f95d9f3db0ec799387ca
1108 Merge: 3929e88 c692401
1109 Author: Brad Spengler <spender@grsecurity.net>
1110 Date: Sat Nov 21 15:41:38 2015 -0500
1112 Merge branch 'pax-test' into grsec-test
1114 commit c69240179ca6ff101670f4859bb0e9a9deb85359
1115 Author: Brad Spengler <spender@grsecurity.net>
1116 Date: Sat Nov 21 15:41:06 2015 -0500
1118 Update to pax-linux-4.2.6-test22.patch:
1119 - made the previous READ_ONCE/WRITE_ONCE fix compatible with gcc PR 58145
1121 include/linux/compiler.h | 11 +++++++----
1122 1 files changed, 7 insertions(+), 4 deletions(-)
1124 commit 3929e882e451b177af1a615858f0a96a7cd734b1
1125 Author: Brad Spengler <spender@grsecurity.net>
1126 Date: Sat Nov 21 13:14:25 2015 -0500
1128 remove disable_kill option entirely for the final 4.2 release
1130 fs/exec.c | 11 -----------
1131 security/Kconfig | 5 -----
1132 2 files changed, 0 insertions(+), 16 deletions(-)
1134 commit 91633d0eebc41553ea77b5fa7559aa806a60008c
1135 Author: Brad Spengler <spender@grsecurity.net>
1136 Date: Sat Nov 21 07:38:10 2015 -0500
1140 net/unix/af_unix.c | 1 +
1141 1 files changed, 1 insertions(+), 0 deletions(-)
1143 commit 0afc2f69e7f948995522f6e1dbb957ed84abd9b9
1144 Author: Brad Spengler <spender@grsecurity.net>
1145 Date: Sat Nov 21 07:14:43 2015 -0500
1147 Revert previous AF_UNIX fix:
1148 http://www.spinics.net/lists/netdev/msg318826.html
1149 and apply new one by Jason Baron:
1150 https://lkml.org/lkml/2015/9/29/825
1152 include/net/af_unix.h | 1 +
1153 net/unix/af_unix.c | 36 ++++++++++++++++++++++++++++++------
1154 2 files changed, 31 insertions(+), 6 deletions(-)
1156 commit 0a3eec2b3d110042af4e0a9f1e87458262fce1eb
1157 Merge: 917a60c 8fd74af
1158 Author: Brad Spengler <spender@grsecurity.net>
1159 Date: Sat Nov 21 06:50:33 2015 -0500
1161 Merge branch 'pax-test' into grsec-test
1163 commit 8fd74afe08ee45516a9daf2593f31c176516cb55
1164 Author: Brad Spengler <spender@grsecurity.net>
1165 Date: Sat Nov 21 06:49:57 2015 -0500
1167 Update to pax-linux-4.2.6-test21.patch:
1168 - fixed a size overflow plugin bug that could cause a compiler error
1169 - Emese fixed a size overflow false positive in xfrm4_mode_tunnel_input, reported by Arnaud <arnaud@drno.eu>
1170 - updated gcc-common.h to support gcc-6
1171 - fixed some undefined behaviour in READ_ONCE/WRITE_ONCE
1173 include/linux/compiler.h | 38 +++----------------
1174 tools/gcc/gcc-common.h | 39 ++++++++++++++++----
1175 tools/gcc/initify_plugin.c | 4 +-
1176 .../disable_size_overflow_hash.data | 7 +++-
1177 .../size_overflow_plugin/intentional_overflow.c | 2 +-
1178 .../size_overflow_plugin/size_overflow_hash.data | 9 +----
1179 .../size_overflow_plugin/size_overflow_transform.c | 4 +-
1180 7 files changed, 50 insertions(+), 53 deletions(-)
1182 commit 917a60c749d80121229a1752874ff8a606778fc5
1183 Merge: 76fc822 77d474f
1184 Author: Brad Spengler <spender@grsecurity.net>
1185 Date: Wed Nov 18 19:58:31 2015 -0500
1187 Merge branch 'pax-test' into grsec-test
1189 commit 77d474f0bcb2e5acafc78c66c456d1aebaac14b3
1190 Author: Brad Spengler <spender@grsecurity.net>
1191 Date: Wed Nov 18 19:58:08 2015 -0500
1193 Update to pax-linux-4.2.6-test20.patch:
1194 - constified some vdso/vsyscall related code/data
1196 arch/x86/entry/vdso/vdso2c.h | 4 ++--
1197 arch/x86/entry/vsyscall/vsyscall_emu_64.S | 2 +-
1198 arch/x86/mm/ioremap.c | 2 +-
1200 4 files changed, 7 insertions(+), 4 deletions(-)
1202 commit 76fc8223b2e6b6c950702adfdb055dd5da90657c
1203 Author: Brad Spengler <spender@grsecurity.net>
1204 Date: Wed Nov 18 17:40:27 2015 -0500
1206 Allow processes with CAP_SYS_PTRACE to ignore /proc/pid restrictions,
1207 as reported by Andrew
1209 fs/proc/base.c | 2 +-
1210 1 files changed, 1 insertions(+), 1 deletions(-)
1212 commit 708c2e025f8a05b76f319cfa5fa624d37d8ef6f3
1213 Author: Brad Spengler <spender@grsecurity.net>
1214 Date: Tue Nov 17 18:43:24 2015 -0500
1216 Fix multiple character encodings in patch, reported by IooNag on the forums
1218 grsecurity/Makefile | 2 +-
1219 net/netfilter/xt_gradm.c | 2 +-
1220 2 files changed, 2 insertions(+), 2 deletions(-)
1222 commit d1f7534df8687fd05858fd45805b1185eafe38a7
1223 Author: Hannes Frederic Sowa <hannes@stressinduktion.org>
1224 Date: Tue Nov 17 15:10:59 2015 +0100
1226 af_unix: take receive queue lock while appending new skb
1228 While possibly in future we don't necessarily need to use
1229 sk_buff_head.lock this is a rather larger change, as it affects the
1230 af_unix fd garbage collector, diag and socket cleanups. This is too much
1233 For the time being grab sk_buff_head.lock without disabling bh and irqs,
1234 so don't use locked skb_queue_tail.
1236 Fixes: 869e7c62486e ("net: af_unix: implement stream sendpage support")
1237 Cc: Eric Dumazet <edumazet@google.com>
1238 Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
1239 Reported-by: Eric Dumazet <edumazet@google.com>
1240 Acked-by: Eric Dumazet <edumazet@google.com>
1241 Signed-off-by: David S. Miller <davem@davemloft.net>
1243 net/unix/af_unix.c | 5 ++++-
1244 1 files changed, 4 insertions(+), 1 deletions(-)
1246 commit 0df914e7a66a4807bac7762ab33ba3020944ef6b
1247 Author: Hannes Frederic Sowa <hannes@stressinduktion.org>
1248 Date: Mon Nov 16 16:25:56 2015 +0100
1250 af_unix: don't append consumed skbs to sk_receive_queue
1252 In case multiple writes to a unix stream socket race we could end up in a
1253 situation where we pre-allocate a new skb for use in unix_stream_sendpage
1254 but have to free it again in the locked section because another skb
1255 has been appended meanwhile, which we must use. Accidentally we didn't
1256 clear the pointer after consuming it and so we touched freed memory
1257 while appending it to the sk_receive_queue. So, clear the pointer after
1260 This bug has been found with syzkaller
1261 (http://github.com/google/syzkaller) by Dmitry Vyukov.
1263 Fixes: 869e7c62486e ("net: af_unix: implement stream sendpage support")
1264 Reported-by: Dmitry Vyukov <dvyukov@google.com>
1265 Cc: Dmitry Vyukov <dvyukov@google.com>
1266 Cc: Eric Dumazet <eric.dumazet@gmail.com>
1267 Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
1268 Acked-by: Eric Dumazet <edumazet@google.com>
1269 Signed-off-by: David S. Miller <davem@davemloft.net>
1271 net/unix/af_unix.c | 1 +
1272 1 files changed, 1 insertions(+), 0 deletions(-)
1274 commit ac8466abcd0ae871cd38d868e1a4e903b92ffc48
1275 Author: Jason A. Donenfeld <Jason@zx2c4.com>
1276 Date: Thu Nov 12 17:35:58 2015 +0100
1278 ip_tunnel: disable preemption when updating per-cpu tstats
1280 Drivers like vxlan use the recently introduced
1281 udp_tunnel_xmit_skb/udp_tunnel6_xmit_skb APIs. udp_tunnel6_xmit_skb
1282 makes use of ip6tunnel_xmit, and ip6tunnel_xmit, after sending the
1283 packet, updates the struct stats using the usual
1284 u64_stats_update_begin/end calls on this_cpu_ptr(dev->tstats).
1285 udp_tunnel_xmit_skb makes use of iptunnel_xmit, which doesn't touch
1286 tstats, so drivers like vxlan, immediately after, call
1287 iptunnel_xmit_stats, which does the same thing - calls
1288 u64_stats_update_begin/end on this_cpu_ptr(dev->tstats).
1290 While vxlan is probably fine (I don't know?), calling a similar function
1291 from, say, an unbound workqueue, on a fully preemptable kernel causes
1294 [ 188.434537] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u8:0/6
1295 [ 188.435579] caller is debug_smp_processor_id+0x17/0x20
1296 [ 188.435583] CPU: 0 PID: 6 Comm: kworker/u8:0 Not tainted 4.2.6 #2
1297 [ 188.435607] Call Trace:
1298 [ 188.435611] [<ffffffff8234e936>] dump_stack+0x4f/0x7b
1299 [ 188.435615] [<ffffffff81915f3d>] check_preemption_disabled+0x19d/0x1c0
1300 [ 188.435619] [<ffffffff81915f77>] debug_smp_processor_id+0x17/0x20
1302 The solution would be to protect the whole
1303 this_cpu_ptr(dev->tstats)/u64_stats_update_begin/end blocks with
1304 disabling preemption and then reenabling it.
1306 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
1307 Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
1308 Signed-off-by: David S. Miller <davem@davemloft.net>
1310 include/net/ip6_tunnel.h | 3 ++-
1311 include/net/ip_tunnels.h | 3 ++-
1312 2 files changed, 4 insertions(+), 2 deletions(-)
1314 commit 44665148f06b73ea0c253a1a34d15689674d7421
1315 Author: Mathias Krause <minipli@googlemail.com>
1316 Date: Fri Nov 6 16:30:38 2015 -0800
1318 printk: prevent userland from spoofing kernel messages
1320 The following statement of ABI/testing/dev-kmsg is not quite right:
1322 It is not possible to inject messages from userspace with the
1323 facility number LOG_KERN (0), to make sure that the origin of the
1324 messages can always be reliably determined.
1326 Userland actually can inject messages with a facility of 0 by abusing the
1327 fact that the facility is stored in a u8 data type. By using a facility
1328 which is a multiple of 256 the assignment of msg->facility in log_store()
1329 implicitly truncates it to 0, i.e. LOG_KERN, allowing users of /dev/kmsg
1330 to spoof kernel messages as shown below:
1332 The following call...
1333 # printf '<%d>Kernel panic - not syncing: beer empty\n' 0 >/dev/kmsg
1334 ...leads to the following log entry (dmesg -x | tail -n 1):
1335 user :emerg : [ 66.137758] Kernel panic - not syncing: beer empty
1337 However, this call...
1338 # printf '<%d>Kernel panic - not syncing: beer empty\n' 0x800 >/dev/kmsg
1339 ...leads to the slightly different log entry (note the kernel facility):
1340 kern :emerg : [ 74.177343] Kernel panic - not syncing: beer empty
1342 Fix that by limiting the user provided facility to 8 bit right from the
1343 beginning and catch the truncation early.
1345 Fixes: 7ff9554bb578 ("printk: convert byte-buffer to variable-length...")
1346 Signed-off-by: Mathias Krause <minipli@googlemail.com>
1347 Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1348 Cc: Petr Mladek <pmladek@suse.cz>
1349 Cc: Alex Elder <elder@linaro.org>
1350 Cc: Joe Perches <joe@perches.com>
1351 Cc: Kay Sievers <kay@vrfy.org>
1352 Cc: <stable@vger.kernel.org>
1353 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
1354 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1356 kernel/printk/printk.c | 13 ++++++++-----
1357 1 files changed, 8 insertions(+), 5 deletions(-)
1359 commit bef8fb168317597f02c00ab4075ff094dcdfd2c6
1360 Author: Borislav Petkov <bp@suse.de>
1361 Date: Thu Nov 5 16:57:56 2015 +0100
1363 x86/cpu: Call verify_cpu() after having entered long mode too
1365 When we get loaded by a 64-bit bootloader, kernel entry point is
1366 startup_64 in head_64.S. We don't trust any and all bootloaders because
1367 some will fiddle with CPU configuration so we go ahead and massage each
1368 CPU into sanity again.
1370 For example, some dell BIOSes have this XD disable feature which set
1371 IA32_MISC_ENABLE[34] and disable NX. This might be some dumb workaround
1372 for other OSes but Linux sure doesn't need it.
1374 A similar thing is present in the Surface 3 firmware - see
1375 https://bugzilla.kernel.org/show_bug.cgi?id=106051 - which sets this bit
1386 There's not even an off switch in there.
1388 So fix all those cases by sanitizing the 64-bit entry point too. For
1389 that, make verify_cpu() callable in 64-bit mode also.
1391 Requested-and-debugged-by: "H. Peter Anvin" <hpa@zytor.com>
1392 Reported-and-tested-by: Bastien Nocera <bugzilla@hadess.net>
1393 Signed-off-by: Borislav Petkov <bp@suse.de>
1394 Cc: Matt Fleming <matt@codeblueprint.co.uk>
1395 Cc: Peter Zijlstra <peterz@infradead.org>
1396 Cc: stable@vger.kernel.org
1397 Link: http://lkml.kernel.org/r/1446739076-21303-1-git-send-email-bp@alien8.de
1398 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
1402 arch/x86/kernel/head_64.S
1404 arch/x86/kernel/head_64.S | 9 +++++++++
1405 arch/x86/kernel/verify_cpu.S | 12 +++++++-----
1406 2 files changed, 16 insertions(+), 5 deletions(-)
1408 commit 9cb084208a9589a6a5be01d2b7df88843f4b01a4
1409 Author: Hannes Frederic Sowa <hannes@stressinduktion.org>
1410 Date: Tue Nov 10 16:23:15 2015 +0100
1412 af-unix: fix use-after-free with concurrent readers while splicing
1414 During splicing an af-unix socket to a pipe we have to drop all
1415 af-unix socket locks. While doing so we allow another reader to enter
1416 unix_stream_read_generic which can read, copy and finally free another
1417 skb. If exactly this skb is just in process of being spliced we get a
1418 use-after-free report by kasan.
1420 First, we must make sure to not have a free while the skb is used during
1421 the splice operation. We simply increment its use counter before unlocking
1424 Stream sockets have the nice characteristic that we don't care about
1425 zero length writes and they never reach the peer socket's queue. That
1426 said, we can take the UNIXCB.consumed field as the indicator if the
1427 skb was already freed from the socket's receive queue. If the skb was
1428 fully consumed after we locked the reader side again we know it has been
1429 dropped by a second reader. We indicate a short read to user space and
1430 abort the current splice operation.
1432 This bug has been found with syzkaller
1433 (http://github.com/google/syzkaller) by Dmitry Vyukov.
1435 Fixes: 2b514574f7e8 ("net: af_unix: implement splice for stream af_unix sockets")
1436 Reported-by: Dmitry Vyukov <dvyukov@google.com>
1437 Cc: Dmitry Vyukov <dvyukov@google.com>
1438 Cc: Eric Dumazet <eric.dumazet@gmail.com>
1439 Acked-by: Eric Dumazet <edumazet@google.com>
1440 Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
1441 Signed-off-by: David S. Miller <davem@davemloft.net>
1443 net/unix/af_unix.c | 18 ++++++++++++++++++
1444 1 files changed, 18 insertions(+), 0 deletions(-)
1446 commit 4e75d2b7d6546add44f0951e78410b131a1e660d
1447 Author: Brad Spengler <spender@grsecurity.net>
1448 Date: Sat Nov 14 15:08:46 2015 -0500
1450 switch the default for SIZE_OVERFLOW_KILL to n, later we'll remove
1452 Distros should make sure their users report all overflows printed to the
1453 kernel logs so the underlying issues can be fixed
1455 security/Kconfig | 2 +-
1456 1 files changed, 1 insertions(+), 1 deletions(-)
1458 commit 2e37eb35e0f1ba5a0feac5264a7b24d89376d0a2
1459 Author: Brad Spengler <spender@grsecurity.net>
1460 Date: Sat Nov 14 15:07:51 2015 -0500
1464 fs/btrfs/inode.c | 12 ++++++++++++
1465 1 files changed, 12 insertions(+), 0 deletions(-)
1467 commit 2f63d2552f38c700902d17bf9b591d82f39a3fb5
1468 Merge: 5e0ec21 823b1bc
1469 Author: Brad Spengler <spender@grsecurity.net>
1470 Date: Sat Nov 14 14:29:16 2015 -0500
1472 Merge branch 'pax-test' into grsec-test
1474 commit 823b1bc5a8e670f7ddfa98ee0d83762bffab28fb
1475 Author: Brad Spengler <spender@grsecurity.net>
1476 Date: Sat Nov 14 14:28:35 2015 -0500
1478 Update to pax-linux-4.2.6-test19.patch:
1479 - David Sterba updated the fix for one of the previous btrfs problems
1480 - Emese and Rasmus Villemoes <linux@rasmusvillemoes.dk> fixed a few bugs in the initify plugin
1481 - fixed debian package generation to support building out-of-tree modules with plugins, reported by Elie Roudninski <elie.roudninski@gmail.com>
1483 fs/btrfs/delayed-inode.c | 3 +-
1484 fs/btrfs/delayed-inode.h | 2 +-
1485 fs/btrfs/inode.c | 2 +-
1486 scripts/package/builddeb | 2 +-
1487 tools/gcc/initify_plugin.c | 264 ++++++++++++++++++++++++++++++--------------
1488 5 files changed, 188 insertions(+), 85 deletions(-)
1490 commit 5e0ec21349bb3aeead0701ef51df3086ad377979
1491 Author: Brad Spengler <spender@grsecurity.net>
1492 Date: Thu Nov 12 19:54:21 2015 -0500
1494 Revert https://patchwork.kernel.org/patch/7585611/ for now as it's been reported
1495 to cause userland hangs, similar to previous bugs seen in the past
1497 fs/btrfs/inode.c | 12 ------------
1498 1 files changed, 0 insertions(+), 12 deletions(-)
1500 commit 65402b5a6125cc95c3223a0da8f2817e13bf18ec
1501 Author: françois romieu <romieu@fr.zoreil.com>
1502 Date: Wed Nov 11 23:35:18 2015 +0100
1504 r8169: fix kasan reported skb use-after-free.
1506 Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
1507 Reported-by: Dave Jones <davej@codemonkey.org.uk>
1508 Fixes: d7d2d89d4b0af ("r8169: Add software counter for multicast packages")
1509 Acked-by: Eric Dumazet <edumazet@google.com>
1510 Acked-by: Corinna Vinschen <vinschen@redhat.com>
1511 Signed-off-by: David S. Miller <davem@davemloft.net>
1513 drivers/net/ethernet/realtek/r8169.c | 3 +++
1514 1 files changed, 3 insertions(+), 0 deletions(-)
1516 commit bbfcbb7b1e086062aa17358927e14e394830b8a3
1517 Author: Anthony Lineham <anthony.lineham@alliedtelesis.co.nz>
1518 Date: Thu Oct 22 11:17:03 2015 +1300
1520 netfilter: Fix removal of GRE expectation entries created by PPTP
1522 The uninitialized tuple structure caused incorrect hash calculation
1523 and the lookup failed.
1525 Link: https://bugzilla.kernel.org/show_bug.cgi?id=106441
1526 Signed-off-by: Anthony Lineham <anthony.lineham@alliedtelesis.co.nz>
1527 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
1529 net/ipv4/netfilter/nf_nat_pptp.c | 2 +-
1530 1 files changed, 1 insertions(+), 1 deletions(-)
1532 commit d7cb19f37a91603021e2bed6417766ecca315bd0
1533 Author: Paolo Bonzini <pbonzini@redhat.com>
1534 Date: Tue Nov 10 09:14:39 2015 +0100
1536 KVM: svm: unconditionally intercept #DB
1538 This is needed to avoid the possibility that the guest triggers
1539 an infinite stream of #DB exceptions (CVE-2015-8104).
1541 VMX is not affected: because it does not save DR6 in the VMCS,
1542 it already intercepts #DB unconditionally.
1544 Reported-by: Jan Beulich <jbeulich@suse.com>
1545 Cc: stable@vger.kernel.org
1546 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
1548 arch/x86/kvm/svm.c | 14 +++-----------
1549 1 files changed, 3 insertions(+), 11 deletions(-)
1551 commit 5b241ac6551e1675e1cbbc4a74fa1c698ada28f4
1552 Author: Eric Northup <digitaleric@google.com>
1553 Date: Tue Nov 3 18:03:53 2015 +0100
1555 KVM: x86: work around infinite loop in microcode when #AC is delivered
1557 It was found that a guest can DoS a host by triggering an infinite
1558 stream of "alignment check" (#AC) exceptions. This causes the
1559 microcode to enter an infinite loop where the core never receives
1560 another interrupt. The host kernel panics pretty quickly due to the
1561 effects (CVE-2015-5307).
1563 Signed-off-by: Eric Northup <digitaleric@google.com>
1564 Cc: stable@vger.kernel.org
1565 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
1567 arch/x86/include/uapi/asm/svm.h | 1 +
1568 arch/x86/kvm/svm.c | 8 ++++++++
1569 arch/x86/kvm/vmx.c | 5 ++++-
1570 3 files changed, 13 insertions(+), 1 deletions(-)
1572 commit 6113725aaaf6626522b93732f29dd36370695a89
1573 Author: Daniel Borkmann <daniel@iogearbox.net>
1574 Date: Thu Nov 5 00:01:51 2015 +0100
1576 debugfs: fix refcount imbalance in start_creating
1578 In debugfs' start_creating(), we pin the file system to safely access
1579 its root. When we failed to create a file, we unpin the file system via
1580 failed_creating() to release the mount count and eventually the reference
1583 However, when we run into an error during lookup_one_len() when still
1584 in start_creating(), we only release the parent's mutex but not so the
1585 reference on the mount. Looks like it was done in the past, but after
1586 splitting portions of __create_file() into start_creating() and
1587 end_creating() via 190afd81e4a5 ("debugfs: split the beginning and the
1588 end of __create_file() off"), this seemed missed. Noticed during code
1591 Fixes: 190afd81e4a5 ("debugfs: split the beginning and the end of __create_file() off")
1592 Cc: stable@vger.kernel.org # v4.0+
1593 Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
1594 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
1596 fs/debugfs/inode.c | 6 +++++-
1597 1 files changed, 5 insertions(+), 1 deletions(-)
1599 commit e91f8a6717837a8a64b6e86317a1373ec9cd6c04
1600 Author: Maciej W. Rozycki <macro@imgtec.com>
1601 Date: Mon Oct 26 15:48:19 2015 +0000
1603 binfmt_elf: Don't clobber passed executable's file header
1605 Do not clobber the buffer space passed from `search_binary_handler' and
1606 originally preloaded by `prepare_binprm' with the executable's file
1607 header by overwriting it with its interpreter's file header. Instead
1608 keep the buffer space intact and directly use the data structure locally
1609 allocated for the interpreter's file header, fixing a bug introduced in
1610 2.1.14 with loadable module support (linux-mips.org commit beb11695
1611 [Import of Linux/MIPS 2.1.14], predating kernel.org repo's history).
1612 Adjust the amount of data read from the interpreter's file accordingly.
1614 This was not an issue before loadable module support, because back then
1615 `load_elf_binary' was executed only once for a given ELF executable,
1616 whether the function succeeded or failed.
1618 With loadable module support supported and enabled, upon a failure of
1619 `load_elf_binary' -- which may for example be caused by architecture
1620 code rejecting an executable due to a missing hardware feature requested
1621 in the file header -- a module load is attempted and then the function
1622 reexecuted by `search_binary_handler'. With the executable's file
1623 header replaced with its interpreter's file header the executable can
1624 then be erroneously accepted in this subsequent attempt.
1626 Cc: stable@vger.kernel.org # all the way back
1627 Signed-off-by: Maciej W. Rozycki <macro@imgtec.com>
1628 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
1630 fs/binfmt_elf.c | 10 +++++-----
1631 1 files changed, 5 insertions(+), 5 deletions(-)
1633 commit 9c49029fe4cb9a52cb174aebfd5946a9d26b9956
1634 Merge: 5482e7e 7033393
1635 Author: Brad Spengler <spender@grsecurity.net>
1636 Date: Mon Nov 9 19:51:58 2015 -0500
1638 Merge branch 'pax-test' into grsec-test
1640 commit 70333935932c9f3eb333a354dd760b4233efcc37
1641 Author: Brad Spengler <spender@grsecurity.net>
1642 Date: Mon Nov 9 19:51:19 2015 -0500
1644 Update to pax-linux-4.2.6-test18.patch:
1645 - cleaned up the last of the FPU changes, by spender
1646 - fixed a few KERNEXEC regressions (backported from 4.3)
1647 - Emese fixed a few size overflow false positives in kvm, reported by Christian Roessner (https://bugs.gentoo.org/show_bug.cgi?id=558138#c23)
1648 - David Sterba fixed a few integer overflows in btrfs caught by the size overflow plugin (https://patchwork.kernel.org/patch/7585611/ and https://patchwork.kernel.org/patch/7582351/), reported by Victor, Stebalien and alan.d (https://forums.grsecurity.net/viewtopic.php?f=1&t=4284)
1650 arch/x86/include/asm/fpu/internal.h | 2 +-
1651 arch/x86/include/asm/fpu/types.h | 1 -
1652 arch/x86/kernel/apic/apic.c | 4 ++-
1653 arch/x86/kernel/fpu/init.c | 36 --------------------
1654 arch/x86/kernel/process_64.c | 6 +--
1655 arch/x86/kernel/vsmp_64.c | 13 +++++--
1656 drivers/acpi/video_detect.c | 2 +-
1657 drivers/lguest/core.c | 2 +-
1658 fs/btrfs/file.c | 10 ++++--
1659 fs/btrfs/inode.c | 12 ++++++
1660 .../disable_size_overflow_hash.data | 5 ++-
1661 .../size_overflow_plugin/size_overflow_hash.data | 7 +---
1662 12 files changed, 42 insertions(+), 58 deletions(-)
1664 commit 5482e7eb4ba3c5cc90472ccdb1bfe2cec64413e2
1665 Merge: 81e2642 682ba19
1666 Author: Brad Spengler <spender@grsecurity.net>
1667 Date: Mon Nov 9 18:19:48 2015 -0500
1669 Merge branch 'pax-test' into grsec-test
1672 drivers/pci/pci-sysfs.c
1674 commit 682ba19ce305f501c9bc5c42a76f2c7442aa22fc
1675 Merge: 7755256 1c02865
1676 Author: Brad Spengler <spender@grsecurity.net>
1677 Date: Mon Nov 9 18:18:24 2015 -0500
1679 Merge branch 'linux-4.2.y' into pax-test
1681 commit 81e26429b7a36f0c75de3ab42754256720c0a159
1682 Author: Brad Spengler <spender@grsecurity.net>
1683 Date: Mon Nov 9 07:37:30 2015 -0500
1685 btrfs: fix signed overflow in btrfs_sync_file
1687 The calculation of range length in btrfs_sync_file leads to signed
1688 overflow. This was caught by PaX gcc SIZE_OVERFLOW plugin.
1690 https://forums.grsecurity.net/viewtopic.php?f=1&t=4284
1692 The fsync call passes 0 and LLONG_MAX, the range length does not fit to
1693 loff_t and overflows, but the value is converted to u64 so it silently
1696 The minimal fix is a typecast to u64, switching functions to take
1697 (start, end) instead of (start, len) would be more intrusive.
1699 Coccinelle script found that there's one more opencoded calculation of
1709 CC: stable@vger.kernel.org
1710 Signed-off-by: David Sterba <dsterba@suse.com>
1712 fs/btrfs/file.c | 10 +++++++---
1713 1 files changed, 7 insertions(+), 3 deletions(-)
1715 commit 07fd498a96e2d589ad743851c0dec482a92e0429
1716 Author: Brad Spengler <spender@grsecurity.net>
1717 Date: Sun Nov 8 17:04:31 2015 -0500
1719 Fix an upstream type confusion bug exposed by RANDSTRUCT:
1720 at the beginning of each sem_array/shmid_kernel/msg_queue
1721 struct is an kern_ipc_perm struct. Unlike every other place in the
1722 kernel where some field must be at an explicit location, there's
1723 no documentation at all that the kern_ipc_perm must be at the beginning
1724 of these structs. Previously, shmid_kernel and kern_ipc_perm were both
1725 randomized with RANDSTRUCT. The problem arises due to the show() handler
1726 for /proc for msg/sem/shm -- what it is provided is a pointer to
1727 a kern_ipc_perm struct (as a void *) which each show() handler then
1728 assumes can be implicitly cast to its own particular struct type without
1729 any kind of container_of being performed. Fix this by doing the proper
1730 type conversions for each via container_of, and randomize the sem and msg
1731 structs while we're at it.
1733 include/linux/msg.h | 2 +-
1734 include/linux/sem.h | 2 +-
1738 5 files changed, 8 insertions(+), 5 deletions(-)
1740 commit 6591e1a526c544936975cd3515d8def09e8026f0
1741 Author: Brad Spengler <spender@grsecurity.net>
1742 Date: Tue Nov 3 19:36:05 2015 -0500
1744 Properly fix the PCI sysfs node check that was recently improperly fixed
1745 upstream (it's under CAP_SYS_ADMIN so it's not really serious)
1746 Reported by Mathias Krause
1748 drivers/pci/pci-sysfs.c | 2 +-
1749 1 files changed, 1 insertions(+), 1 deletions(-)
1751 commit ece03d4d07f29634687b2ea5edb7cab23888cff3
1752 Merge: 715e674 7755256
1753 Author: Brad Spengler <spender@grsecurity.net>
1754 Date: Mon Nov 2 21:32:10 2015 -0500
1756 Merge branch 'pax-test' into grsec-test
1758 commit 775525660a6353feb261ad6232f6acbc23826bf4
1759 Author: Brad Spengler <spender@grsecurity.net>
1760 Date: Mon Nov 2 21:31:21 2015 -0500
1762 Update to pax-linux-4.2.5-test17.patch:
1763 - Emese fixed a bunch of size overflow reports:
1764 - https://forums.grsecurity.net/viewtopic.php?f=3&t=4290
1765 - https://forums.grsecurity.net/viewtopic.php?f=3&t=4291
1766 - https://forums.grsecurity.net/viewtopic.php?f=3&t=4288
1767 - https://forums.grsecurity.net/viewtopic.php?f=3&t=4285
1768 - https://forums.grsecurity.net/viewtopic.php?f=3&t=4283
1769 - https://forums.grsecurity.net/viewtopic.php?f=3&t=4287
1770 - https://forums.grsecurity.net/viewtopic.php?f=3&t=4289
1771 - https://bugs.archlinux.org/task/46798
1772 - fixed the x86 fpu code some more, reported by spender and others (https://bugs.gentoo.org/show_bug.cgi?id=563804, https://bugs.archlinux.org/task/46764)
1774 arch/x86/include/asm/fpu/internal.h | 4 +-
1775 arch/x86/kernel/fpu/core.c | 2 +-
1776 arch/x86/kernel/process.c | 3 +-
1777 arch/x86/kernel/process_64.c | 6 +-
1778 drivers/usb/class/cdc-acm.h | 2 +-
1779 drivers/video/console/fbcon.c | 2 +-
1780 fs/dlm/lowcomms.c | 2 +-
1781 include/linux/usb.h | 8 +-
1782 .../disable_size_overflow_hash.data | 15 +-
1783 .../size_overflow_plugin/intentional_overflow.c | 3 +
1784 .../size_overflow_plugin/size_overflow_hash.data | 373 ++++++++++++++++----
1785 tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 3 +-
1786 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
1787 13 files changed, 329 insertions(+), 96 deletions(-)
1789 commit 715e674a838f08748044bce459380762e9c1cd29
1790 Author: Sasha Levin <sasha.levin@oracle.com>
1791 Date: Wed Oct 7 11:03:28 2015 -0500
1793 PCI: Prevent out of bounds access in numa_node override
1795 63692df103e9 ("PCI: Allow numa_node override via sysfs") didn't check that
1796 the numa node provided by userspace is valid. Passing a node number too
1797 high would attempt to access invalid memory and trigger a kernel panic.
1799 Fixes: 63692df103e9 ("PCI: Allow numa_node override via sysfs")
1800 Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
1801 Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
1802 CC: stable@vger.kernel.org # v3.19+
1804 drivers/pci/pci-sysfs.c | 2 +-
1805 1 files changed, 1 insertions(+), 1 deletions(-)
1807 commit 6abe1bb892fe394df80dd4267a8bd2874d537e4e
1808 Author: David Howells <dhowells@redhat.com>
1809 Date: Fri Sep 18 11:45:12 2015 +0100
1811 ovl: use O_LARGEFILE in ovl_copy_up()
1813 Open the lower file with O_LARGEFILE in ovl_copy_up().
1815 Pass O_LARGEFILE unconditionally in ovl_copy_up_data() as it's purely for
1816 catching 32-bit userspace dealing with a file large enough that it'll be
1817 mishandled if the application isn't aware that there might be an integer
1818 overflow. Inside the kernel, there shouldn't be any problems.
1820 Reported-by: Ulrich Obergfell <uobergfe@redhat.com>
1821 Signed-off-by: David Howells <dhowells@redhat.com>
1822 Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
1823 Cc: <stable@vger.kernel.org> # v3.18+
1825 fs/overlayfs/copy_up.c | 4 ++--
1826 1 files changed, 2 insertions(+), 2 deletions(-)
1828 commit bf5e23398e4a82e28fe0801337a4b78ca951a1d9
1829 Author: David Howells <dhowells@redhat.com>
1830 Date: Fri Sep 18 11:45:22 2015 +0100
1832 ovl: fix dentry reference leak
1834 In ovl_copy_up_locked(), newdentry is leaked if the function exits through
1835 out_cleanup as this just to out after calling ovl_cleanup() - which doesn't
1836 actually release the ref on newdentry.
1838 The out_cleanup segment should instead exit through out2 as certainly
1839 newdentry leaks - and possibly upper does also, though this isn't caught
1840 given the catch of newdentry.
1842 Without this fix, something like the following is seen:
1844 BUG: Dentry ffff880023e9eb20{i=f861,n=#ffff880023e82d90} still in use (1) [unmount of tmpfs tmpfs]
1845 BUG: Dentry ffff880023ece640{i=0,n=bigfile} still in use (1) [unmount of tmpfs tmpfs]
1847 when unmounting the upper layer after an error occurred in copyup.
1849 An error can be induced by creating a big file in a lower layer with
1852 dd if=/dev/zero of=/lower/a/bigfile bs=65536 count=1 seek=$((0xf000))
1854 to create a large file (4.1G). Overlay an upper layer that is too small
1855 (on tmpfs might do) and then induce a copy up by opening it writably.
1857 Reported-by: Ulrich Obergfell <uobergfe@redhat.com>
1858 Signed-off-by: David Howells <dhowells@redhat.com>
1859 Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
1860 Cc: <stable@vger.kernel.org> # v3.18+
1862 fs/overlayfs/copy_up.c | 2 +-
1863 1 files changed, 1 insertions(+), 1 deletions(-)
1865 commit da93976d3355abae09d9fd6a68e7dea77ed619d1
1866 Author: Miklos Szeredi <miklos@szeredi.hu>
1867 Date: Mon Oct 12 15:56:20 2015 +0200
1869 ovl: fix open in stacked overlay
1871 If two overlayfs filesystems are stacked on top of each other, then we need
1872 recursion in ovl_d_select_inode().
1874 I guess d_backing_inode() is supposed to do that. But currently it doesn't
1875 and that functionality is open coded in vfs_open(). This is now copied
1876 into ovl_d_select_inode() to fix this regression.
1878 Reported-by: Alban Crequy <alban.crequy@gmail.com>
1879 Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
1880 Fixes: 4bacc9c9234c ("overlayfs: Make f_path always point to the overlay...")
1881 Cc: David Howells <dhowells@redhat.com>
1882 Cc: <stable@vger.kernel.org> # v4.2+
1884 fs/overlayfs/inode.c | 3 +++
1885 1 files changed, 3 insertions(+), 0 deletions(-)
1887 commit 0ddd9cf6149717882b81c946149bf55332d763ae
1888 Author: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
1889 Date: Mon Aug 24 15:57:18 2015 +0300
1891 ovl: free stack of paths in ovl_fill_super
1893 This fixes small memory leak after mount.
1897 unreferenced object 0xffff88003683fe00 (size 16):
1898 comm "mount", pid 2029, jiffies 4294909563 (age 33.380s)
1899 hex dump (first 16 bytes):
1900 20 27 1f bb 00 88 ff ff 40 4b 0f 36 02 88 ff ff '......@K.6....
1902 [<ffffffff811f8cd4>] create_object+0x124/0x2c0
1903 [<ffffffff817a059b>] kmemleak_alloc+0x7b/0xc0
1904 [<ffffffff811dffe6>] __kmalloc+0x106/0x340
1905 [<ffffffffa01b7a29>] ovl_fill_super+0x389/0x9a0 [overlay]
1906 [<ffffffff81200ac4>] mount_nodev+0x54/0xa0
1907 [<ffffffffa01b7118>] ovl_mount+0x18/0x20 [overlay]
1908 [<ffffffff81201ab3>] mount_fs+0x43/0x170
1909 [<ffffffff81220d34>] vfs_kern_mount+0x74/0x170
1910 [<ffffffff812233ad>] do_mount+0x22d/0xdf0
1911 [<ffffffff812242cb>] SyS_mount+0x7b/0xc0
1912 [<ffffffff817b6bee>] entry_SYSCALL_64_fastpath+0x12/0x76
1913 [<ffffffffffffffff>] 0xffffffffffffffff
1915 Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
1916 Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
1917 Fixes: a78d9f0d5d5c ("ovl: support multiple lower layers")
1918 Cc: <stable@vger.kernel.org> # v4.0+
1920 fs/overlayfs/super.c | 1 +
1921 1 files changed, 1 insertions(+), 0 deletions(-)
1923 commit b86575c9973b9ad55d659fd8a6be8f864435ad0e
1924 Author: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
1925 Date: Mon Aug 24 15:57:19 2015 +0300
1927 ovl: free lower_mnt array in ovl_put_super
1929 This fixes memory leak after umount.
1933 unreferenced object 0xffff8800ba791010 (size 8):
1934 comm "mount", pid 2394, jiffies 4294996294 (age 53.920s)
1935 hex dump (first 8 bytes):
1936 20 1c 13 02 00 88 ff ff .......
1938 [<ffffffff811f8cd4>] create_object+0x124/0x2c0
1939 [<ffffffff817a059b>] kmemleak_alloc+0x7b/0xc0
1940 [<ffffffff811dffe6>] __kmalloc+0x106/0x340
1941 [<ffffffffa0152bfc>] ovl_fill_super+0x55c/0x9b0 [overlay]
1942 [<ffffffff81200ac4>] mount_nodev+0x54/0xa0
1943 [<ffffffffa0152118>] ovl_mount+0x18/0x20 [overlay]
1944 [<ffffffff81201ab3>] mount_fs+0x43/0x170
1945 [<ffffffff81220d34>] vfs_kern_mount+0x74/0x170
1946 [<ffffffff812233ad>] do_mount+0x22d/0xdf0
1947 [<ffffffff812242cb>] SyS_mount+0x7b/0xc0
1948 [<ffffffff817b6bee>] entry_SYSCALL_64_fastpath+0x12/0x76
1949 [<ffffffffffffffff>] 0xffffffffffffffff
1951 Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
1952 Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
1953 Fixes: dd662667e6d3 ("ovl: add mutli-layer infrastructure")
1954 Cc: <stable@vger.kernel.org> # v4.0+
1956 fs/overlayfs/super.c | 1 +
1957 1 files changed, 1 insertions(+), 0 deletions(-)
1959 commit 9f49b5376fae99cd590d13726e2633bc0a53b6db
1960 Author: Linus Torvalds <torvalds@linux-foundation.org>
1961 Date: Sun Nov 1 17:09:15 2015 -0800
1963 mm: get rid of 'vmalloc_info' from /proc/meminfo
1965 It turns out that at least some versions of glibc end up reading
1966 /proc/meminfo at every single startup, because glibc wants to know the
1967 amount of memory the machine has. And while that's arguably insane,
1968 it's just how things are.
1970 And it turns out that it's not all that expensive most of the time, but
1971 the vmalloc information statistics (amount of virtual memory used in the
1972 vmalloc space, and the biggest remaining chunk) can be rather expensive
1975 The 'get_vmalloc_info()' function actually showed up on my profiles as
1976 4% of the CPU usage of "make test" in the git source repository, because
1977 the git tests are lots of very short-lived shell-scripts etc.
1979 It turns out that apparently this same silly vmalloc info gathering
1980 shows up on the facebook servers too, according to Dave Jones. So it's
1981 not just "make test" for git.
1983 We had two patches to just cache the information (one by me, one by
1984 Ingo) to mitigate this issue, but the whole vmalloc information of of
1985 rather dubious value to begin with, and people who *actually* want to
1986 know what the situation is wrt the vmalloc area should just look at the
1987 much more complete /proc/vmallocinfo instead.
1989 In fact, according to my testing - and perhaps more importantly,
1990 according to that big search engine in the sky: Google - there is
1991 nothing out there that actually cares about those two expensive fields:
1992 VmallocUsed and VmallocChunk.
1994 So let's try to just remove them entirely. Actually, this just removes
1995 the computation and reports the numbers as zero for now, just to try to
1996 be minimally intrusive.
1998 If this breaks anything, we'll obviously have to re-introduce the code
1999 to compute this all and add the caching patches on top. But if given
2000 the option, I'd really prefer to just remove this bad idea entirely
2001 rather than add even more code to work around our historical mistake
2002 that likely nobody really cares about.
2004 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2006 fs/proc/meminfo.c | 7 ++-----
2007 include/linux/vmalloc.h | 12 ------------
2008 mm/vmalloc.c | 47 -----------------------------------------------
2009 3 files changed, 2 insertions(+), 64 deletions(-)
2011 commit 66425129a550275398f886498d957284539bb331
2012 Author: Marek Vasut <marex@denx.de>
2013 Date: Fri Oct 30 13:48:19 2015 +0100
2015 can: Use correct type in sizeof() in nla_put()
2017 The sizeof() is invoked on an incorrect variable, likely due to some
2018 copy-paste error, and this might result in memory corruption. Fix this.
2020 Signed-off-by: Marek Vasut <marex@denx.de>
2021 Cc: Wolfgang Grandegger <wg@grandegger.com>
2022 Cc: netdev@vger.kernel.org
2023 Cc: linux-stable <stable@vger.kernel.org>
2024 Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2026 drivers/net/can/dev.c | 2 +-
2027 1 files changed, 1 insertions(+), 1 deletions(-)
2029 commit 8c8e802a86f8faf2519710db043339e1cc953bc4
2030 Author: Brad Spengler <spender@grsecurity.net>
2031 Date: Mon Nov 2 17:20:52 2015 -0500
2033 Fix the FPU code properly by copying the dynamically-sized FPU state on
2034 each clone of the task struct, making it equivalent to the new FPU-in-task-struct code
2036 Fix is from the PaX Team
2038 arch/x86/kernel/process.c | 2 ++
2039 1 files changed, 2 insertions(+), 0 deletions(-)
2041 commit 036bc2e2231c76f7eb470bfef67b6bc26187aeae
2042 Author: Brad Spengler <spender@grsecurity.net>
2043 Date: Mon Nov 2 17:19:43 2015 -0500
2045 Revert the forced eagerfpu since it's now fixed properly
2047 arch/x86/kernel/fpu/init.c | 3 ---
2048 1 files changed, 0 insertions(+), 3 deletions(-)
2050 commit a08ab82bcf321704f6a228c7924b860510c6d610
2051 Author: Carol L Soto <clsoto@linux.vnet.ibm.com>
2052 Date: Tue Oct 27 17:36:20 2015 +0200
2054 net/mlx4: Copy/set only sizeof struct mlx4_eqe bytes
2056 When doing memcpy/memset of EQEs, we should use sizeof struct
2057 mlx4_eqe as the base size and not caps.eqe_size which could be bigger.
2059 If caps.eqe_size is bigger than the struct mlx4_eqe then we corrupt
2060 data in the master context.
2062 When using a 64 byte stride, the memcpy copied over 63 bytes to the
2063 slave_eq structure. This resulted in copying over the entire eqe of
2064 interest, including its ownership bit -- and also 31 bytes of garbage
2065 into the next WQE in the slave EQ -- which did NOT include the ownership
2066 bit (and therefore had no impact).
2068 However, once the stride is increased to 128, we are overwriting the
2069 ownership bits of *three* eqes in the slave_eq struct. This results
2070 in an incorrect ownership bit for those eqes, which causes the eq to
2071 seem to be full. The issue therefore surfaced only once 128-byte EQEs
2072 started being used in SRIOV and (overarchitectures that have 128/256
2073 byte cache-lines such as PPC) - e.g after commit 77507aa249ae
2074 "net/mlx4_core: Enable CQE/EQE stride support".
2076 Fixes: 08ff32352d6f ('mlx4: 64-byte CQE/EQE support')
2077 Signed-off-by: Carol L Soto <clsoto@linux.vnet.ibm.com>
2078 Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
2079 Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
2080 Signed-off-by: David S. Miller <davem@davemloft.net>
2082 drivers/net/ethernet/mellanox/mlx4/cmd.c | 2 +-
2083 drivers/net/ethernet/mellanox/mlx4/eq.c | 2 +-
2084 2 files changed, 2 insertions(+), 2 deletions(-)
2086 commit 811ab3b52935612def289efa5e9e2aa973f16f26
2087 Author: Hannes Frederic Sowa <hannes@stressinduktion.org>
2088 Date: Wed Oct 28 13:21:04 2015 +0100
2090 ipv6: protect mtu calculation of wrap-around and infinite loop by rounding issues
2092 Raw sockets with hdrincl enabled can insert ipv6 extension headers
2093 right into the data stream. In case we need to fragment those packets,
2094 we reparse the options header to find the place where we can insert
2095 the fragment header. If the extension headers exceed the link's MTU we
2096 actually cannot make progress in such a case.
2098 Instead of ending up in broken arithmetic or rounding towards 0 and
2099 entering an endless loop in ip6_fragment, just prevent those cases by
2100 aborting early and signal -EMSGSIZE to user space.
2102 This is the second version of the patch which doesn't use the
2103 overflow_usub function, which got reverted for now.
2105 Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
2106 Cc: Linus Torvalds <torvalds@linux-foundation.org>
2107 Reported-by: Dmitry Vyukov <dvyukov@google.com>
2108 Cc: Dmitry Vyukov <dvyukov@google.com>
2109 Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
2110 Signed-off-by: David S. Miller <davem@davemloft.net>
2112 net/ipv6/ip6_output.c | 2 ++
2113 1 files changed, 2 insertions(+), 0 deletions(-)
2115 commit f074980442c7c3ff4a75c711ff18204dfb4131b8
2116 Author: Brad Spengler <spender@grsecurity.net>
2117 Date: Thu Oct 29 18:19:02 2015 -0400
2119 Revert "ipv6: protect mtu calculation of wrap-around and infinite loop by rounding issues"
2121 This reverts commit 18d5034650b637ec479f41d98e3912398b3e3efc.
2123 net/ipv6/ip6_output.c | 6 +-----
2124 1 files changed, 1 insertions(+), 5 deletions(-)
2126 commit 53e629c2d13ed09f4c889925482606f82a65bd1d
2127 Author: Brad Spengler <spender@grsecurity.net>
2128 Date: Thu Oct 29 18:18:55 2015 -0400
2130 Revert "overflow-arith: begin to add support for overflow builtin functions"
2132 This reverts commit cfd0008de8db38841f7f06b979482900994717b9.
2136 include/linux/compiler-gcc.h
2138 include/linux/compiler-gcc.h | 4 ----
2139 include/linux/overflow-arith.h | 18 ------------------
2140 2 files changed, 0 insertions(+), 22 deletions(-)
2142 commit 225122602b5b7fd58ec5c2a4a1a4a9a29fe7a02a
2143 Author: Brad Spengler <spender@grsecurity.net>
2144 Date: Thu Oct 29 09:00:11 2015 -0400
2146 Update size_overflow plugin
2148 .../size_overflow_plugin/intentional_overflow.c | 3 +++
2149 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
2150 2 files changed, 4 insertions(+), 1 deletions(-)
2152 commit 2bf85cb1c3df45d59d8b59aeacf63cbbee360175
2153 Author: Brad Spengler <spender@grsecurity.net>
2154 Date: Thu Oct 29 08:52:07 2015 -0400
2156 Temporarily disable the builtin_overflow again as the kernexec plugin also has problems with it
2158 include/linux/compiler-gcc.h | 2 +-
2159 1 files changed, 1 insertions(+), 1 deletions(-)
2161 commit a41c8c4d880b6005e874bf5440e24713da8483cd
2162 Author: Brad Spengler <spender@grsecurity.net>
2163 Date: Wed Oct 28 19:28:30 2015 -0400
2165 temporarily work around issue with the dynamic FPU state and lazy FPU mode
2166 upstream configures FPU mode based on the eagerfpu variable before it's ever actually
2167 set by the commandline parser (so eagerfpu= on the commandline has no effect)
2169 arch/x86/kernel/fpu/init.c | 3 +++
2170 1 files changed, 3 insertions(+), 0 deletions(-)
2172 commit 8452f9d5cfabda9228496050a16bc8728c0ebbb7
2173 Author: Brad Spengler <spender@grsecurity.net>
2174 Date: Wed Oct 28 19:25:55 2015 -0400
2176 Remove/reorder some code due to the reverting of the FPU-state-in-task_struct code
2178 arch/x86/include/asm/fpu/types.h | 69 ++++++++++++++++++--------------------
2179 arch/x86/include/asm/processor.h | 10 ++----
2180 arch/x86/kernel/fpu/init.c | 20 -----------
2181 include/linux/sched.h | 4 +-
2182 4 files changed, 38 insertions(+), 65 deletions(-)
2184 commit c2127bd4215f8f02a1391bef3bde55d0bb1c19bc
2185 Author: Brad Spengler <spender@grsecurity.net>
2186 Date: Tue Oct 27 23:38:11 2015 -0400
2190 tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 2 +-
2191 1 files changed, 1 insertions(+), 1 deletions(-)
2193 commit c588def7b5713c31fef2b848bfebf0d727791b82
2194 Author: Brad Spengler <spender@grsecurity.net>
2195 Date: Tue Oct 27 21:09:04 2015 -0400
2197 remove the PAGE_SIZE padding from fpregs_state since it's not included as part
2200 arch/x86/include/asm/fpu/types.h | 1 -
2201 1 files changed, 0 insertions(+), 1 deletions(-)
2203 commit 3bd1e5915353fee1f347577f0e80d925910695f9
2204 Author: Herbert Xu <herbert@gondor.apana.org.au>
2205 Date: Mon Oct 19 18:23:57 2015 +0800
2207 crypto: api - Only abort operations on fatal signal
2209 Currently a number of Crypto API operations may fail when a signal
2210 occurs. This causes nasty problems as the caller of those operations
2211 are often not in a good position to restart the operation.
2213 In fact there is currently no need for those operations to be
2214 interrupted by user signals at all. All we need is for them to
2217 This patch replaces the relevant calls of signal_pending with
2218 fatal_signal_pending, and wait_for_completion_interruptible with
2219 wait_for_completion_killable, respectively.
2221 Cc: stable@vger.kernel.org
2222 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2224 crypto/ablkcipher.c | 2 +-
2225 crypto/algapi.c | 2 +-
2226 crypto/api.c | 6 +++---
2227 crypto/crypto_user.c | 2 +-
2228 4 files changed, 6 insertions(+), 6 deletions(-)
2230 commit 2b278f02de77bd3d0ffb4c64bc56b702d4e27e49
2231 Author: Brad Spengler <spender@grsecurity.net>
2232 Date: Tue Oct 27 18:02:42 2015 -0400
2236 arch/x86/include/asm/fpu/internal.h | 2 +-
2237 1 files changed, 1 insertions(+), 1 deletions(-)
2239 commit 66cbab70d87485c22946485bfd375c3e88140213
2240 Merge: cad84c5 8610c94
2241 Author: Brad Spengler <spender@grsecurity.net>
2242 Date: Tue Oct 27 07:44:23 2015 -0400
2244 Merge branch 'pax-test' into grsec-test
2246 commit 8610c949a76ac2a09b334f41c35cb8e7a04a0ce8
2247 Merge: a851b41 f69d603
2248 Author: Brad Spengler <spender@grsecurity.net>
2249 Date: Tue Oct 27 07:44:14 2015 -0400
2251 Merge branch 'linux-4.2.y' into pax-test
2253 commit cad84c52f547c8ba47ddcf39d1f260f55350f0c2
2254 Author: Brad Spengler <spender@grsecurity.net>
2255 Date: Mon Oct 26 07:33:21 2015 -0400
2257 re-enable builtin_overflow support
2259 include/linux/compiler-gcc.h | 3 +--
2260 1 files changed, 1 insertions(+), 2 deletions(-)
2262 commit 6e281aebbf456c27ce530055d5668bc5829c02a8
2263 Author: Brad Spengler <spender@grsecurity.net>
2264 Date: Mon Oct 26 07:32:15 2015 -0400
2266 Update the size_overflow plugin from Emese to fix the ICE on builtin_overflow use
2268 tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 3 ++-
2269 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
2270 2 files changed, 3 insertions(+), 2 deletions(-)
2272 commit 75ed97df02fc6eb862df511da6ca690de3d0f15c
2273 Author: Brad Spengler <spender@grsecurity.net>
2274 Date: Mon Oct 26 07:17:00 2015 -0400
2276 Fix from Emese for a size_overflow report in the fbcon code on the
2277 'softback_lines' global variable
2279 drivers/video/console/fbcon.c | 2 +-
2280 1 files changed, 1 insertions(+), 1 deletions(-)
2282 commit b088cabd42c6fe825baa27f40ab450ad75e571d3
2283 Author: Brad Spengler <spender@grsecurity.net>
2284 Date: Sun Oct 25 18:09:55 2015 -0400
2286 Temporarily work around an ICE on GCC >= 5 reported by Daniel Micay due to
2287 backporting of __builtin_usub_overflow
2289 include/linux/compiler-gcc.h | 3 ++-
2290 1 files changed, 2 insertions(+), 1 deletions(-)
2292 commit ba858f46865c6751af3ddba03b176e4d5ecf85c1
2293 Author: Brad Spengler <spender@grsecurity.net>
2294 Date: Sun Oct 25 17:59:17 2015 -0400
2296 Update size_overflow hash table
2298 .../disable_size_overflow_hash.data | 7 +++++++
2299 .../size_overflow_plugin/size_overflow_hash.data | 9 +--------
2300 2 files changed, 8 insertions(+), 8 deletions(-)
2302 commit ba803bceaea0283b38e91c1d3176bf0671786269
2303 Author: Brad Spengler <spender@grsecurity.net>
2304 Date: Sun Oct 25 15:31:17 2015 -0400
2306 Fix oversight in pipacs' removal of FPU state from the task struct:
2307 fpu_copy was performing an OOB copy starting from the address of the 'state'
2308 pointer in the fpu struct instead of starting from the address pointed
2309 to by the state pointer. Reported at:
2310 https://bugs.archlinux.org/task/46764
2312 arch/x86/include/asm/fpu/internal.h | 4 ++--
2313 arch/x86/kernel/fpu/core.c | 2 +-
2314 2 files changed, 3 insertions(+), 3 deletions(-)
2316 commit 26e7d31c5b5c970c50297d2b8be165e9c9ab9d83
2317 Merge: 85d8735 a851b41
2318 Author: Brad Spengler <spender@grsecurity.net>
2319 Date: Sun Oct 25 13:39:21 2015 -0400
2321 Merge branch 'pax-test' into grsec-test
2323 commit a851b41415a0402d76f10712b6950ddff3872a22
2324 Author: Brad Spengler <spender@grsecurity.net>
2325 Date: Sun Oct 25 13:38:25 2015 -0400
2327 Update to latest size_overflow plugin release:
2328 Temporarily ignore bitfield types: https://bugs.archlinux.org/task/46798
2329 Use SI or wider type for the size_overflow type: https://forums.grsecurity.net/viewtopic.php?t=4293&p=15655#p15655
2331 .../size_overflow_plugin/intentional_overflow.c | 3 +++
2332 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
2333 .../size_overflow_plugin/size_overflow_transform.c | 7 +++++++
2334 .../size_overflow_transform_core.c | 2 --
2335 4 files changed, 11 insertions(+), 3 deletions(-)
2337 commit 85d8735a1d1190e3ad2e3f032ae88f811090fdfc
2338 Author: Brad Spengler <spender@grsecurity.net>
2339 Date: Sun Oct 25 13:01:32 2015 -0400
2341 fpu doesn't live on the task_struct with PaX, so don't even bother computing some task_size
2342 variable that isn't used for anything
2344 arch/x86/kernel/fpu/init.c | 14 --------------
2345 1 files changed, 0 insertions(+), 14 deletions(-)
2347 commit cfd0008de8db38841f7f06b979482900994717b9
2348 Author: Hannes Frederic Sowa <hannes@stressinduktion.org>
2349 Date: Fri Oct 16 11:32:42 2015 +0200
2351 overflow-arith: begin to add support for overflow builtin functions
2353 The idea of the overflow-arith.h header is to collect overflow checking
2354 functions in one central place.
2356 If gcc compiler supports the __builtin_overflow_* builtins we use them
2357 because they might give better performance, otherwise the code falls
2358 back to normal overflow checking functions.
2360 The builtin_overflow functions are supported by gcc-5 and clang. The
2361 matter of supporting clang is to just provide a corresponding
2362 CC_HAVE_BUILTIN_OVERFLOW, because the specific overflow checking builtins
2363 don't differ between gcc and clang.
2365 I just provide overflow_usub function here as I intend this to get merged
2366 into net, more functions will definitely follow as they are needed.
2368 Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
2369 Signed-off-by: David S. Miller <davem@davemloft.net>
2371 include/linux/compiler-gcc.h | 4 ++++
2372 include/linux/overflow-arith.h | 18 ++++++++++++++++++
2373 2 files changed, 22 insertions(+), 0 deletions(-)
2375 commit 18d5034650b637ec479f41d98e3912398b3e3efc
2376 Author: Hannes Frederic Sowa <hannes@stressinduktion.org>
2377 Date: Fri Oct 16 11:32:43 2015 +0200
2379 ipv6: protect mtu calculation of wrap-around and infinite loop by rounding issues
2381 Raw sockets with hdrincl enabled can insert ipv6 extension headers
2382 right into the data stream. In case we need to fragment those packets,
2383 we reparse the options header to find the place where we can insert
2384 the fragment header. If the extension headers exceed the link's MTU we
2385 actually cannot make progress in such a case.
2387 Instead of ending up in broken arithmetic or rounding towards 0 and
2388 entering an endless loop in ip6_fragment, just prevent those cases by
2389 aborting early and signal -EMSGSIZE to user space.
2391 Reported-by: Dmitry Vyukov <dvyukov@google.com>
2392 Cc: Dmitry Vyukov <dvyukov@google.com>
2393 Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
2394 Signed-off-by: David S. Miller <davem@davemloft.net>
2396 net/ipv6/ip6_output.c | 6 +++++-
2397 1 files changed, 5 insertions(+), 1 deletions(-)
2399 commit 0e1d1c0f1981b4049a70d23dce4c69daf19f020b
2400 Merge: c81314c 9470e78
2401 Author: Brad Spengler <spender@grsecurity.net>
2402 Date: Sun Oct 25 11:51:44 2015 -0400
2404 Merge branch 'pax-test' into grsec-test
2406 commit 9470e7893a9a1bf15f9b7d412dc09bebb59105e8
2407 Author: Brad Spengler <spender@grsecurity.net>
2408 Date: Sun Oct 25 11:50:54 2015 -0400
2410 Temporary squelching of overflow warning on skb_transport_offset(), will be fixed properly after H2HC
2412 include/linux/skbuff.h | 2 +-
2413 1 files changed, 1 insertions(+), 1 deletions(-)
2415 commit c81314ce278e9cfa3322881a6133c2c7e53b9430
2416 Author: Brad Spengler <spender@grsecurity.net>
2417 Date: Sat Oct 24 23:13:36 2015 -0400
2419 Update recordmcount/fixdep paths in RPM spec, from Andrew
2421 scripts/package/mkspec | 4 ++--
2422 1 files changed, 2 insertions(+), 2 deletions(-)
2424 commit 798e4296bd55778b5e77f1db69c1bb972419590f
2425 Author: Brad Spengler <spender@grsecurity.net>
2426 Date: Sat Oct 24 23:11:22 2015 -0400
2428 Update size_overflow hash table
2430 .../disable_size_overflow_hash.data | 3 +++
2431 .../size_overflow_plugin/size_overflow_hash.data | 5 +----
2432 2 files changed, 4 insertions(+), 4 deletions(-)
2434 commit d9ef04f20fc634595883d1c1950c32a8fe04df22
2435 Author: Brad Spengler <spender@grsecurity.net>
2436 Date: Sat Oct 24 08:27:29 2015 -0400
2438 Fix from Emese for https://forums.grsecurity.net/viewtopic.php?f=3&t=4291
2440 drivers/usb/class/cdc-acm.h | 2 +-
2441 include/linux/usb.h | 8 ++++----
2442 2 files changed, 5 insertions(+), 5 deletions(-)
2444 commit eea46f1d247f5f63e3762da91a41cba76567800f
2445 Author: Brad Spengler <spender@grsecurity.net>
2446 Date: Fri Oct 23 18:24:57 2015 -0400
2448 Update size_overflow hash tables
2450 .../disable_size_overflow_hash.data | 5 ++++-
2451 .../size_overflow_plugin/size_overflow_hash.data | 5 +----
2452 2 files changed, 5 insertions(+), 5 deletions(-)
2454 commit 8f521b864bd7428f3ad42613416c106d1d619c4d
2455 Merge: 26adf00 285f0d1
2456 Author: Brad Spengler <spender@grsecurity.net>
2457 Date: Thu Oct 22 19:41:57 2015 -0400
2459 Merge branch 'pax-test' into grsec-test
2462 drivers/gpu/drm/drm_lock.c
2464 commit 285f0d1cda31b45ee217b90861677c032cb6550b
2465 Merge: d6dc25f 190bd21
2466 Author: Brad Spengler <spender@grsecurity.net>
2467 Date: Thu Oct 22 19:40:34 2015 -0400
2469 Merge branch 'linux-4.2.y' into pax-test
2472 arch/x86/kernel/process_64.c
2474 commit 26adf00caf8f4ebf155422082d4e8b8e4eb60eef
2475 Author: Eric W. Biederman <ebiederm@xmission.com>
2476 Date: Sat Aug 15 13:36:12 2015 -0500
2478 dcache: Handle escaped paths in prepend_path
2480 A rename can result in a dentry that by walking up d_parent
2481 will never reach it's mnt_root. For lack of a better term
2482 I call this an escaped path.
2484 prepend_path is called by four different functions __d_path,
2485 d_absolute_path, d_path, and getcwd.
2487 __d_path only wants to see paths are connected to the root it passes
2488 in. So __d_path needs prepend_path to return an error.
2490 d_absolute_path similarly wants to see paths that are connected to
2491 some root. Escaped paths are not connected to any mnt_root so
2492 d_absolute_path needs prepend_path to return an error greater
2493 than 1. So escaped paths will be treated like paths on lazily
2496 getcwd needs to prepend "(unreachable)" so getcwd also needs
2497 prepend_path to return an error.
2499 d_path is the interesting hold out. d_path just wants to print
2500 something, and does not care about the weird cases. Which raises
2501 the question what should be printed?
2503 Given that <escaped_path>/<anything> should result in -ENOENT I
2504 believe it is desirable for escaped paths to be printed as empty
2505 paths. As there are not really any meaninful path components when
2506 considered from the perspective of a mount tree.
2508 So tweak prepend_path to return an empty path with an new error
2509 code of 3 when it encounters an escaped path.
2511 Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2512 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2514 fs/dcache.c | 7 +++++++
2515 1 files changed, 7 insertions(+), 0 deletions(-)
2517 commit d402147a7689356c29bfd46a7cfa6594e517ab95
2518 Author: Salva Peiró <speirofr@gmail.com>
2519 Date: Wed Oct 14 17:48:02 2015 +0200
2521 staging/dgnc: fix info leak in ioctl
2523 The dgnc_mgmt_ioctl() code fails to initialize the 16 _reserved bytes of
2524 struct digi_dinfo after the ->dinfo_nboards member. Add an explicit
2525 memset(0) before filling the structure to avoid the info leak.
2527 Signed-off-by: Salva Peiró <speirofr@gmail.com>
2528 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2530 drivers/staging/dgnc/dgnc_mgmt.c | 1 +
2531 1 files changed, 1 insertions(+), 0 deletions(-)
2533 commit bafc510c4fb4e8a5e69531fdc3a733e58c4bbdbf
2534 Author: Salva Peiró <speirofr@gmail.com>
2535 Date: Wed Oct 7 07:09:26 2015 -0300
2537 [media] media/vivid-osd: fix info leak in ioctl
2539 The vivid_fb_ioctl() code fails to initialize the 16 _reserved bytes of
2540 struct fb_vblank after the ->hcount member. Add an explicit
2541 memset(0) before filling the structure to avoid the info leak.
2543 Signed-off-by: Salva Peiró <speirofr@gmail.com>
2544 Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
2545 Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
2547 drivers/media/platform/vivid/vivid-osd.c | 1 +
2548 1 files changed, 1 insertions(+), 0 deletions(-)
2550 commit 980a903796ae06366fd5acbcd179ee2dc57fbabf
2551 Author: David Howells <dhowells@redhat.com>
2552 Date: Mon Oct 19 11:20:28 2015 +0100
2554 KEYS: Don't permit request_key() to construct a new keyring
2556 If request_key() is used to find a keyring, only do the search part - don't
2557 do the construction part if the keyring was not found by the search. We
2558 don't really want keyrings in the negative instantiated state since the
2559 rejected/negative instantiation error value in the payload is unioned with
2562 Now the kernel gives an error:
2564 request_key("keyring", "#selinux,bdekeyring", "keyring", KEY_SPEC_USER_SESSION_KEYRING) = -1 EPERM (Operation not permitted)
2566 Signed-off-by: David Howells <dhowells@redhat.com>
2568 security/keys/request_key.c | 3 +++
2569 1 files changed, 3 insertions(+), 0 deletions(-)
2571 commit f705c157ed6f8a9c4c0cf552fd5f054d9d500550
2572 Author: Dan Carpenter <dan.carpenter@oracle.com>
2573 Date: Mon Oct 19 13:16:49 2015 +0300
2575 irda: precedence bug in irlmp_seq_hb_idx()
2577 This is decrementing the pointer, instead of the value stored in the
2578 pointer. KASan detects it as an out of bounds reference.
2580 Reported-by: "Berry Cheng 程君(成淼)" <chengmiao.cj@alibaba-inc.com>
2581 Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
2582 Signed-off-by: David S. Miller <davem@davemloft.net>
2584 net/irda/irlmp.c | 2 +-
2585 1 files changed, 1 insertions(+), 1 deletions(-)
2587 commit 4a110451298bfce895ed224e6bbd9201d8605b2b
2588 Author: Brad Spengler <spender@grsecurity.net>
2589 Date: Tue Oct 20 19:25:13 2015 -0400
2591 Ratelimit the dump_stack as well, both to 15s with a burst of 3, enough not to completely
2594 fs/exec.c | 11 +++++++++--
2595 1 files changed, 9 insertions(+), 2 deletions(-)
2597 commit 183fc2ae7d90e077fd27623998d82916260a2223
2598 Merge: a240939 d6dc25f
2599 Author: Brad Spengler <spender@grsecurity.net>
2600 Date: Tue Oct 20 19:16:04 2015 -0400
2602 Merge branch 'pax-test' into grsec-test
2605 tools/gcc/size_overflow_plugin/size_overflow_plugin.c
2607 commit d6dc25f193a832e08d8e7cf097d7f70b3dc24776
2608 Author: Brad Spengler <spender@grsecurity.net>
2609 Date: Tue Oct 20 19:14:41 2015 -0400
2611 Update to pax-linux-4.2.3-test16.patch:
2612 - fixed undefined integer shift in proc_do_submiturb, reported by Arnaud <arnaud@drno.eu>
2613 - fixed integer underflow in scm_detach_fds (similar to 1ac70e7ad24a88710cf9b6d7ababaefa2b575df0 upstream), reported by kdave (https://forums.grsecurity.net/viewtopic.php?f=1&t=4286)
2614 - Emese added a temporary workaround for miscompiling the ath10k driver, reported by victor
2615 - Emese fixed a false positive that affected the iwlwifi driver among others, reported by victor
2616 - Emese disabled size overflow checking in acpi_ex_do_math_op and on acpi_object_integer, reported by xxterry1xx and rfnx (https://forums.grsecurity.net/viewtopic.php?f=3&t=4287)
2618 drivers/net/wireless/ath/ath10k/ce.c | 2 +-
2619 drivers/usb/core/devio.c | 2 +-
2620 fs/dlm/lowcomms.c | 2 +-
2621 net/core/scm.c | 6 ++-
2622 .../disable_size_overflow_hash.data | 4 +-
2623 .../size_overflow_plugin/intentional_overflow.c | 44 --------------------
2624 tools/gcc/size_overflow_plugin/size_overflow.h | 1 -
2625 .../size_overflow_plugin/size_overflow_hash.data | 4 +-
2626 .../size_overflow_plugin/size_overflow_plugin.c | 4 +-
2627 .../size_overflow_plugin/size_overflow_transform.c | 3 -
2628 .../size_overflow_transform_core.c | 6 +++
2629 11 files changed, 19 insertions(+), 59 deletions(-)
2631 commit a2409394c2b0d97a9f02bf62ca4c0254602e58a6
2632 Author: Brad Spengler <spender@grsecurity.net>
2633 Date: Tue Oct 20 08:58:25 2015 -0400
2637 security/Kconfig | 1 +
2638 1 files changed, 1 insertions(+), 0 deletions(-)
2640 commit 3abe24117389419654da44adc87a9a03ad7e3f38
2641 Author: Brad Spengler <spender@grsecurity.net>
2642 Date: Tue Oct 20 08:08:32 2015 -0400
2644 Add a new config option from Emese to allow SIZE_OVERFLOW to be enabled
2645 while having it not kill the userland process in an overflow condition.
2646 This will help us obtain reports over the next few weeks while not making
2647 some percentage of users' machines unusable.
2649 To enable this option, set CONFIG_PAX_SIZE_OVERFLOW_DISABLE_KILL=y in .config
2652 security/Kconfig | 4 ++++
2653 .../size_overflow_plugin/size_overflow_plugin.c | 4 ++--
2654 3 files changed, 11 insertions(+), 2 deletions(-)
2656 commit bcae982f720ce0b3463a81f2b72a4807cb89048b
2657 Merge: 0e55d80 128d3a5
2658 Author: Brad Spengler <spender@grsecurity.net>
2659 Date: Mon Oct 19 18:56:09 2015 -0400
2661 Merge branch 'pax-test' into grsec-test
2663 commit 128d3a5452ab001b29235b05eb0be3334fff3998
2664 Author: Brad Spengler <spender@grsecurity.net>
2665 Date: Mon Oct 19 18:55:37 2015 -0400
2667 Update to pax-linux-4.2.3-test14.patch:
2668 - Emese fixed a false positive size overflow report, reported by gus (https://forums.grsecurity.net/viewtopic.php?t=4280)
2669 - fixed an integer sign mixup in usb_stor_invoke_transport, reported by Arnaud <arnaud@drno.eu>
2671 drivers/usb/storage/transport.c | 2 +-
2672 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
2673 .../size_overflow_plugin/size_overflow_transform.c | 15 +++-
2674 .../size_overflow_transform_core.c | 90 ++++++++++++++-----
2675 4 files changed, 81 insertions(+), 28 deletions(-)
2677 commit 0e55d80a65998266cab71804131a072fcc8ee558
2678 Merge: a61fd15 9c4310f
2679 Author: Brad Spengler <spender@grsecurity.net>
2680 Date: Sat Oct 17 23:15:36 2015 -0400
2682 Merge branch 'pax-test' into grsec-test
2684 commit 9c4310fdb2d19f83affc62eb2698d3763ce8c36b
2685 Author: Brad Spengler <spender@grsecurity.net>
2686 Date: Sat Oct 17 23:15:13 2015 -0400
2688 Update to pax-linux-4.2.3-test14.patch:
2689 - reverted some page table hardening that caused too much slowdown under virtualization, reported by quasar366 (https://forums.grsecurity.net/viewtopic.php?f=3&t=4275)
2691 arch/x86/include/asm/pgtable-2level.h | 18 ++----------------
2692 arch/x86/include/asm/pgtable-3level.h | 10 ----------
2693 arch/x86/include/asm/pgtable_32.h | 2 ++
2694 arch/x86/include/asm/pgtable_64.h | 18 ++----------------
2695 arch/x86/mm/highmem_32.c | 2 ++
2696 arch/x86/mm/init_64.c | 2 ++
2697 arch/x86/mm/iomap_32.c | 4 ++++
2698 arch/x86/mm/pageattr.c | 4 ++++
2699 arch/x86/mm/pgtable.c | 2 ++
2700 arch/x86/mm/pgtable_32.c | 3 +++
2701 mm/highmem.c | 5 +++++
2702 mm/vmalloc.c | 7 +++++++
2703 12 files changed, 35 insertions(+), 42 deletions(-)
2705 commit a61fd152e87bd3ed91194b07f6b1fcbcd165093b
2706 Merge: 00f1afa db7a8e5
2707 Author: Brad Spengler <spender@grsecurity.net>
2708 Date: Sat Oct 17 18:33:48 2015 -0400
2710 Merge branch 'pax-test' into grsec-test
2712 commit db7a8e5c284179889014b5929a40298e1b228fbc
2713 Author: Brad Spengler <spender@grsecurity.net>
2714 Date: Sat Oct 17 18:33:22 2015 -0400
2716 Update to pax-linux-4.2.3-test13.patch:
2717 - Emese worked around a sign mixup with wiphy.rts_threshold, reported by gus (https://forums.grsecurity.net/viewtopic.php?f=3&t=4278)
2719 .../disable_size_overflow_hash.data | 2 ++
2720 .../size_overflow_plugin/size_overflow_hash.data | 2 --
2721 2 files changed, 2 insertions(+), 2 deletions(-)
2723 commit 00f1afa694317365e9bd6dc77d2e3e96ae3a68ec
2724 Merge: 7098385 57dc21d
2725 Author: Brad Spengler <spender@grsecurity.net>
2726 Date: Sat Oct 17 11:04:56 2015 -0400
2728 Merge branch 'pax-test' into grsec-test
2730 commit 57dc21d203a9fa1312a4abc608da5b3644d29078
2731 Author: Brad Spengler <spender@grsecurity.net>
2732 Date: Sat Oct 17 11:04:34 2015 -0400
2734 Update to pax-linux-4.2.3-test12.patch:
2735 - removed size_overflow_hash.data.prev that was left behind by accident
2736 - Emese fixed a false positive overflow report in the megaraid driver due to a gcc limitation, reported by vortex (https://forums.grsecurity.net/viewtopic.php?f=3&t=4277)
2738 drivers/scsi/megaraid/megaraid_sas.h | 2 +-
2739 1 files changed, 1 insertions(+), 1 deletions(-)
2741 commit 7098385851c43dea6692508c71cd5fbcce3187b2
2742 Merge: bc6d23e 78b0f64
2743 Author: Brad Spengler <spender@grsecurity.net>
2744 Date: Fri Oct 16 17:45:06 2015 -0400
2746 Merge branch 'pax-test' into grsec-test
2749 tools/gcc/size_overflow_plugin/intentional_overflow.c
2751 commit 78b0f643d8d2b870e8ad5df075d4ab79befa4266
2752 Author: Brad Spengler <spender@grsecurity.net>
2753 Date: Fri Oct 16 17:44:18 2015 -0400
2755 Update to pax-linux-4.2.3-test11.patch:
2756 - Emese fixed a few false positives caused by error codes
2757 - simplified the switch_mm code on x86 a bit
2759 arch/x86/include/asm/mmu_context.h | 118 +++++--------
2760 include/drm/drm_mm.h | 2 +-
2761 .../size_overflow_plugin/intentional_overflow.c | 11 +-
2762 tools/gcc/size_overflow_plugin/size_overflow.h | 19 ++-
2763 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
2764 .../size_overflow_plugin/size_overflow_transform.c | 178 +++++++++-----------
2765 .../size_overflow_transform_core.c | 31 ++--
2766 7 files changed, 169 insertions(+), 192 deletions(-)
2768 commit bc6d23e3408e389f8a96134f6bc915e9fc8b370b
2769 Author: Brad Spengler <spender@grsecurity.net>
2770 Date: Fri Oct 16 17:28:54 2015 -0400
2772 Update rpm devel spec, thanks to Andrew
2774 scripts/package/mkspec | 3 +++
2775 1 files changed, 3 insertions(+), 0 deletions(-)
2777 commit b3f30cb9207a72a6aa4a78f23f8c5353be0bb27b
2778 Author: Brad Spengler <spender@grsecurity.net>
2779 Date: Thu Oct 15 20:10:56 2015 -0400
2781 disable tracing support with GRKERNSEC_KMEM (it forces debugfs support on)
2783 kernel/trace/Kconfig | 2 +-
2784 1 files changed, 1 insertions(+), 1 deletions(-)
2786 commit 82a0c12587f14add438ddf3b558e2278fcb7a387
2787 Author: Brad Spengler <spender@grsecurity.net>
2788 Date: Thu Oct 15 19:19:43 2015 -0400
2790 Force DEBUG_FS off the hard way, since 'select' can cause it to be
2791 inadvertently enabled. Add a backup check that fails the build if
2792 GRKERNSEC_KMEM is enabled with DEBUG_FS
2793 Ditto for PROC_PAGE_MONITOR
2795 arch/arc/Kconfig | 1 +
2796 arch/arm/Kconfig.debug | 1 +
2797 arch/arm64/Kconfig.debug | 1 +
2798 arch/blackfin/Kconfig.debug | 1 +
2799 arch/s390/Kconfig.debug | 1 +
2800 arch/x86/Kconfig.debug | 2 ++
2801 drivers/iommu/Kconfig | 1 +
2802 drivers/md/bcache/Kconfig | 1 +
2803 drivers/net/wireless/ath/ath9k/Kconfig | 1 -
2804 include/linux/grsecurity.h | 6 ++++++
2806 kernel/trace/Kconfig | 2 ++
2807 lib/Kconfig.debug | 6 +++++-
2809 net/sunrpc/Kconfig | 1 +
2810 15 files changed, 27 insertions(+), 2 deletions(-)
2812 commit 1b6f8fc8b8100292647638c713326776a0865705
2813 Author: Brad Spengler <spender@grsecurity.net>
2814 Date: Thu Oct 15 17:58:59 2015 -0400
2816 Force DEBUG_FS off in the kernel config, even having it present is a security
2823 lib/Kconfig.debug | 1 +
2824 1 files changed, 1 insertions(+), 0 deletions(-)
2826 commit 21057fc30571f96aa46acf8922417311905d0f2b
2827 Author: Brad Spengler <spender@grsecurity.net>
2828 Date: Thu Oct 15 08:15:33 2015 -0400
2830 Backport fix from: https://patchwork.kernel.org/patch/6853351/
2831 The debug_read_tlb() uses the sprintf() functions directly on the buffer
2832 allocated by buf = kmalloc(count), without taking into account the size
2833 of the buffer, with the consequence corrupting the heap, depending on
2834 the count requested by the user.
2836 The patch fixes the issue replacing sprintf() by seq_printf().
2838 Signed-off-by: Salva Peiró <speirofr@gmail.com>
2840 drivers/iommu/omap-iommu-debug.c | 26 +++++++-------------------
2841 drivers/iommu/omap-iommu.c | 28 +++++++++++-----------------
2842 drivers/iommu/omap-iommu.h | 3 +--
2843 3 files changed, 19 insertions(+), 38 deletions(-)
2845 commit ba936d19274485bad900a69d679878a50faa50aa
2846 Author: Joe Perches <joe@perches.com>
2847 Date: Wed Oct 14 01:09:40 2015 -0700
2849 ethtool: Use kcalloc instead of kmalloc for ethtool_get_strings
2851 It seems that kernel memory can leak into userspace by a
2852 kmalloc, ethtool_get_strings, then copy_to_user sequence.
2854 Avoid this by using kcalloc to zero fill the copied buffer.
2856 Signed-off-by: Joe Perches <joe@perches.com>
2857 Acked-by: Ben Hutchings <ben@decadent.org.uk>
2858 Signed-off-by: David S. Miller <davem@davemloft.net>
2860 net/core/ethtool.c | 2 +-
2861 1 files changed, 1 insertions(+), 1 deletions(-)
2863 commit bae0a8209962cede6a0d486cf2414cac1747f91b
2864 Author: Brad Spengler <spender@grsecurity.net>
2865 Date: Wed Oct 14 19:54:27 2015 -0400
2867 Update size_overflow hash table
2869 .../size_overflow_plugin/size_overflow_hash.data | 53 +++++++++++++++++--
2870 1 files changed, 47 insertions(+), 6 deletions(-)
2872 commit 1d840cc98b8f9b62d3c906ae24385f79c9131e29
2873 Author: Brad Spengler <spender@grsecurity.net>
2874 Date: Wed Oct 14 19:50:48 2015 -0400
2876 Update size_overflow hash table
2878 .../size_overflow_plugin/size_overflow_hash.data | 1 +
2879 1 files changed, 1 insertions(+), 0 deletions(-)
2881 commit fca9b7af6aebd1d80f364d6d849470e917919004
2882 Author: Brad Spengler <spender@grsecurity.net>
2883 Date: Wed Oct 14 19:47:21 2015 -0400
2885 Update size_overflow hash table
2887 .../size_overflow_plugin/size_overflow_hash.data | 300 ++++++++++++++++----
2888 1 files changed, 244 insertions(+), 56 deletions(-)
2890 commit 07cadc277ba83222698c99091c7da2c28275981f
2891 Author: Brad Spengler <spender@grsecurity.net>
2892 Date: Wed Oct 14 19:39:44 2015 -0400
2894 squelch some informational messages only used by Emese
2896 .../size_overflow_plugin/intentional_overflow.c | 6 +++---
2897 1 files changed, 3 insertions(+), 3 deletions(-)
2899 commit 77eeeac20bde1e0ebd72efe0f7b5c52786411bc7
2900 Author: Brad Spengler <spender@grsecurity.net>
2901 Date: Wed Oct 14 19:15:56 2015 -0400
2903 Re-enable size_overflow
2905 security/Kconfig | 1 -
2906 1 files changed, 0 insertions(+), 1 deletions(-)
2908 commit cb8efa1fd63be1bbcf5e585396cc0ed562d0c624
2909 Merge: 913cbf6 4c48a7f
2910 Author: Brad Spengler <spender@grsecurity.net>
2911 Date: Wed Oct 14 17:14:42 2015 -0400
2913 Merge branch 'pax-test' into grsec-test
2916 tools/gcc/size_overflow_plugin/size_overflow_hash.data
2918 commit 4c48a7fc8df9310f994708b42fe1102a2943917c
2919 Author: Brad Spengler <spender@grsecurity.net>
2920 Date: Wed Oct 14 17:12:54 2015 -0400
2922 Update to pax-linux-4.2.3-test10.patch:
2923 - fixed accidentally dropped csum_partial_copy_generic_to_user entry point for pre-P6 i386 configs, by minipli
2924 - Emese fixed a bunch of false positives with the size overflow plugin, let's see how it goes in the real world :)
2926 arch/x86/include/asm/processor.h | 2 +-
2927 arch/x86/include/asm/ptrace.h | 8 +-
2928 arch/x86/lib/checksum_32.S | 2 +
2929 arch/x86/xen/mmu.c | 2 +-
2930 drivers/ata/libahci.c | 2 +-
2931 drivers/i2c/busses/i2c-diolan-u2c.c | 2 +-
2932 drivers/oprofile/oprofile_files.c | 2 +-
2933 drivers/spi/spidev.c | 2 +-
2934 drivers/tty/n_tty.c | 2 +-
2935 drivers/usb/core/message.c | 6 +-
2936 fs/binfmt_elf.c | 2 +-
2937 fs/ubifs/io.c | 2 +-
2938 include/drm/drm_mm.h | 2 +-
2939 include/linux/completion.h | 12 +-
2940 include/linux/jiffies.h | 10 +-
2941 include/linux/kernel.h | 2 +-
2942 include/linux/mm.h | 2 +-
2943 include/linux/random.h | 4 +-
2944 include/linux/sched.h | 2 +-
2945 include/linux/usb.h | 2 +-
2946 kernel/sched/completion.c | 6 +-
2947 kernel/time/timer.c | 2 +-
2949 mm/internal.h | 2 +-
2950 net/sunrpc/svcauth_unix.c | 2 +-
2951 .../disable_size_overflow_hash.data |22980 +++++++++++---------
2952 .../insert_size_overflow_asm.c | 7 +
2953 .../size_overflow_plugin/intentional_overflow.c | 10 +-
2954 tools/gcc/size_overflow_plugin/size_overflow.h | 29 +-
2955 .../gcc/size_overflow_plugin/size_overflow_debug.c | 20 +-
2956 .../size_overflow_plugin/size_overflow_hash.data |14092 ++++++++----
2957 tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 252 +-
2958 .../size_overflow_plugin/size_overflow_plugin.c | 2 +-
2959 .../size_overflow_plugin_hash.c | 13 +-
2960 .../size_overflow_plugin/size_overflow_transform.c | 205 +-
2961 .../size_overflow_transform_core.c | 4 +-
2962 36 files changed, 21958 insertions(+), 15740 deletions(-)
2964 commit 913cbf6a23fcad570b776b1a5a71242b909c5c99
2965 Author: Dave Kleikamp <dave.kleikamp@oracle.com>
2966 Date: Mon Oct 5 10:08:51 2015 -0500
2968 crypto: sparc - initialize blkcipher.ivsize
2970 Some of the crypto algorithms write to the initialization vector,
2971 but no space has been allocated for it. This clobbers adjacent memory.
2973 Cc: stable@vger.kernel.org
2974 Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
2975 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2977 arch/sparc/crypto/aes_glue.c | 2 ++
2978 arch/sparc/crypto/camellia_glue.c | 1 +
2979 arch/sparc/crypto/des_glue.c | 2 ++
2980 3 files changed, 5 insertions(+), 0 deletions(-)
2982 commit 7af7ad1e287067b7ea659dc0dd3e2e355588e246
2983 Author: Brad Spengler <spender@grsecurity.net>
2984 Date: Tue Oct 13 08:03:51 2015 -0400
2986 Apply fix by Tejun Heo for upstream bug reported on the forums by Fuxino:
2987 https://forums.grsecurity.net/viewtopic.php?f=3&t=4276#p15570
2989 Probably made more easily reproducible via SANITIZE, but we won't know for
2990 sure without a full oops report.
2992 For some reason even though this patch was marked for 4.2+ stable over a month
2993 ago, it still hasn't hit Greg's tree.
2995 block/blk-cgroup.c | 3 +++
2996 1 files changed, 3 insertions(+), 0 deletions(-)
2998 commit 8e1f29f9e1af36f71d12213ea6530eb77014c00c
2999 Author: Dmitry Vyukov <dvyukov@google.com>
3000 Date: Thu Sep 17 17:17:10 2015 +0200
3002 tty: fix data race on tty_buffer.commit
3004 Race on buffer data happens when newly committed data is
3005 picked up by an old flush work in the following scenario:
3006 __tty_buffer_request_room does a plain write of tail->commit,
3007 no barriers were executed before that.
3008 At this point flush_to_ldisc reads this new value of commit,
3009 and reads buffer data, no barriers in between.
3010 The committed buffer data is not necessary visible to flush_to_ldisc.
3012 Similar bug happens when tty_schedule_flip commits data.
3014 Update commit with smp_store_release and read commit with
3015 smp_load_acquire, as it is commit that signals data readiness.
3016 This is orthogonal to the existing synchronization on tty_buffer.next,
3017 which is required to not dismiss a buffer with unconsumed data.
3019 The data race was found with KernelThreadSanitizer (KTSAN).
3021 Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
3022 Reviewed-by: Peter Hurley <peter@hurleysoftware.com>
3023 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
3025 drivers/tty/tty_buffer.c | 15 ++++++++++++---
3026 1 files changed, 12 insertions(+), 3 deletions(-)
3028 commit d62db216e7182e24317596471c1a3a2a9fb9d1f5
3029 Author: Peter Hurley <peter@hurleysoftware.com>
3030 Date: Sun Jul 12 20:50:49 2015 -0400
3032 tty: Replace smp_rmb/smp_wmb with smp_load_acquire/smp_store_release
3034 Clarify flip buffer producer/consumer operation; the use of
3035 smp_load_acquire() and smp_store_release() more clearly indicates
3036 which memory access requires a barrier.
3038 Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
3039 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
3041 drivers/tty/tty_buffer.c | 10 ++++------
3042 1 files changed, 4 insertions(+), 6 deletions(-)
3044 commit c6bbe8a6097f869b6a3d3c40d456727180573dd9
3045 Author: Kosuke Tatsukawa <tatsu@ab.jp.nec.com>
3046 Date: Fri Oct 2 08:27:05 2015 +0000
3048 tty: fix stall caused by missing memory barrier in drivers/tty/n_tty.c
3050 My colleague ran into a program stall on a x86_64 server, where
3051 n_tty_read() was waiting for data even if there was data in the buffer
3052 in the pty. kernel stack for the stuck process looks like below.
3053 #0 [ffff88303d107b58] __schedule at ffffffff815c4b20
3054 #1 [ffff88303d107bd0] schedule at ffffffff815c513e
3055 #2 [ffff88303d107bf0] schedule_timeout at ffffffff815c7818
3056 #3 [ffff88303d107ca0] wait_woken at ffffffff81096bd2
3057 #4 [ffff88303d107ce0] n_tty_read at ffffffff8136fa23
3058 #5 [ffff88303d107dd0] tty_read at ffffffff81368013
3059 #6 [ffff88303d107e20] __vfs_read at ffffffff811a3704
3060 #7 [ffff88303d107ec0] vfs_read at ffffffff811a3a57
3061 #8 [ffff88303d107f00] sys_read at ffffffff811a4306
3062 #9 [ffff88303d107f50] entry_SYSCALL_64_fastpath at ffffffff815c86d7
3064 There seems to be two problems causing this issue.
3066 First, in drivers/tty/n_tty.c, __receive_buf() stores the data and
3067 updates ldata->commit_head using smp_store_release() and then checks
3068 the wait queue using waitqueue_active(). However, since there is no
3069 memory barrier, __receive_buf() could return without calling
3070 wake_up_interactive_poll(), and at the same time, n_tty_read() could
3071 start to wait in wait_woken() as in the following chart.
3073 __receive_buf() n_tty_read()
3074 ------------------------------------------------------------------------
3075 if (waitqueue_active(&tty->read_wait))
3076 /* Memory operations issued after the
3077 RELEASE may be completed before the
3078 RELEASE operation has completed */
3079 add_wait_queue(&tty->read_wait, &wait);
3081 if (!input_available_p(tty, 0)) {
3082 smp_store_release(&ldata->commit_head,
3085 timeout = wait_woken(&wait,
3086 TASK_INTERRUPTIBLE, timeout);
3087 ------------------------------------------------------------------------
3089 The second problem is that n_tty_read() also lacks a memory barrier
3090 call and could also cause __receive_buf() to return without calling
3091 wake_up_interactive_poll(), and n_tty_read() to wait in wait_woken()
3092 as in the chart below.
3094 __receive_buf() n_tty_read()
3095 ------------------------------------------------------------------------
3096 spin_lock_irqsave(&q->lock, flags);
3097 /* from add_wait_queue() */
3099 if (!input_available_p(tty, 0)) {
3100 /* Memory operations issued after the
3101 RELEASE may be completed before the
3102 RELEASE operation has completed */
3103 smp_store_release(&ldata->commit_head,
3105 if (waitqueue_active(&tty->read_wait))
3106 __add_wait_queue(q, wait);
3107 spin_unlock_irqrestore(&q->lock,flags);
3108 /* from add_wait_queue() */
3110 timeout = wait_woken(&wait,
3111 TASK_INTERRUPTIBLE, timeout);
3112 ------------------------------------------------------------------------
3114 There are also other places in drivers/tty/n_tty.c which have similar
3115 calls to waitqueue_active(), so instead of adding many memory barrier
3116 calls, this patch simply removes the call to waitqueue_active(),
3117 leaving just wake_up*() behind.
3119 This fixes both problems because, even though the memory access before
3120 or after the spinlocks in both wake_up*() and add_wait_queue() can
3121 sneak into the critical section, it cannot go past it and the critical
3122 section assures that they will be serialized (please see "INTER-CPU
3123 ACQUIRING BARRIER EFFECTS" in Documentation/memory-barriers.txt for a
3124 better explanation). Moreover, the resulting code is much simpler.
3126 Latency measurement using a ping-pong test over a pty doesn't show any
3127 visible performance drop.
3129 Signed-off-by: Kosuke Tatsukawa <tatsu@ab.jp.nec.com>
3130 Cc: stable@vger.kernel.org
3131 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
3133 drivers/tty/n_tty.c | 15 +++++----------
3134 1 files changed, 5 insertions(+), 10 deletions(-)
3136 commit 3af2011ac1a085a3e8c57ca3a840aec393b37db3
3137 Author: Dmitry Vyukov <dvyukov@google.com>
3138 Date: Thu Sep 17 17:17:08 2015 +0200
3140 tty: fix data race in flush_to_ldisc
3142 flush_to_ldisc reads port->itty and checks that it is not NULL,
3143 concurrently release_tty sets port->itty to NULL. It is possible
3144 that flush_to_ldisc loads port->itty once, ensures that it is
3145 not NULL, but then reloads it again and uses. The second load
3146 can already return NULL, which will cause a crash.
3148 Use READ_ONCE to read port->itty.
3150 The data race was found with KernelThreadSanitizer (KTSAN).
3152 Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
3153 Reviewed-by: Peter Hurley <peter@hurleysoftware.com>
3154 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
3156 drivers/tty/tty_buffer.c | 2 +-
3157 1 files changed, 1 insertions(+), 1 deletions(-)
3159 commit 4a433f384b0a5b7e39f969ee8df89c56537d078d
3160 Author: Dmitry Vyukov <dvyukov@google.com>
3161 Date: Thu Sep 17 17:17:09 2015 +0200
3163 tty: fix data race in tty_buffer_flush
3165 tty_buffer_flush frees not acquired buffers.
3166 As the result, for example, read of b->size in tty_buffer_free
3167 can return garbage value which will lead to a huge buffer
3168 hanging in the freelist. This is just the benignest
3169 manifestation of freeing of a not acquired object.
3170 If the object is passed to kfree, heap can be corrupted.
3172 Acquire visibility over the buffer before freeing it.
3174 The data race was found with KernelThreadSanitizer (KTSAN).
3176 Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
3177 Reviewed-by: Peter Hurley <peter@hurleysoftware.com>
3178 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
3180 drivers/tty/tty_buffer.c | 5 ++++-
3181 1 files changed, 4 insertions(+), 1 deletions(-)
3183 commit 1477c439d65debf45ac3164a1615504131fad1ff
3184 Author: Jann Horn <jann@thejh.net>
3185 Date: Sun Oct 4 19:29:12 2015 +0200
3187 drivers/tty: require read access for controlling terminal
3189 This is mostly a hardening fix, given that write-only access to other
3190 users' ttys is usually only given through setgid tty executables.
3192 Signed-off-by: Jann Horn <jann@thejh.net>
3193 Cc: stable@vger.kernel.org
3194 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
3196 drivers/tty/tty_io.c | 31 +++++++++++++++++++++++++++----
3197 1 files changed, 27 insertions(+), 4 deletions(-)
3199 commit c2d51348729aa244b827216715db7734daf07155
3200 Author: Brad Spengler <spender@grsecurity.net>
3201 Date: Mon Oct 12 07:19:03 2015 -0400
3203 Don't auto-enable UDEREF on x64 with a VirtualBox host
3209 security/Kconfig | 2 +-
3210 1 files changed, 1 insertions(+), 1 deletions(-)
3212 commit 45ff0fe97624b7133be6f0280ab8fda4610b7937
3213 Merge: ca6828e 1c527d2
3214 Author: Brad Spengler <spender@grsecurity.net>
3215 Date: Sun Oct 11 17:17:58 2015 -0400
3217 Merge branch 'pax-test' into grsec-test
3220 arch/x86/mm/pgtable.c
3222 commit 1c527d25ad2ece4cdb4723047625d96b942a3b91
3223 Author: Brad Spengler <spender@grsecurity.net>
3224 Date: Sun Oct 11 17:16:49 2015 -0400
3226 Update to pax-linux-4.2.3-test9.patch:
3227 - really fixed vsyscall/pvclock regression caused by the recent page table hardening, reported by kamil (https://forums.grsecurity.net/viewtopic.php?f=3&t=4272) and quasar366 (https://forums.grsecurity.net/viewtopic.php?f=3&t=4275)
3228 - fixed a compilation error caused by the above regression, reported by spender
3229 - fixed an arm compilation error, reported by Emese
3231 arch/arm/kernel/module-plts.c | 7 +------
3232 arch/x86/mm/pgtable.c | 21 +++++++++++++++++++--
3233 2 files changed, 20 insertions(+), 8 deletions(-)
3235 commit ca6828e73b10b4a7537b16a37c2c0280523171e1
3236 Author: Trond Myklebust <trond.myklebust@primarydata.com>
3237 Date: Fri Oct 9 13:44:34 2015 -0400
3239 namei: results of d_is_negative() should be checked after dentry revalidation
3242 "After switching to version 4.1.6, our parallelized and distributed
3243 workflows now fail consistently with errors of the form:
3245 T34: ./regex.c:39:22: error: config.h: No such file or directory
3247 From our 'git bisect' testing, the following commit appears to be the
3248 possible cause of the behavior we've been seeing: commit 766c4cbfacd8"
3251 "What happens is that 766c4cbfacd8 got the things subtly wrong.
3253 We used to treat d_is_negative() after lookup_fast() as "fall with
3254 ENOENT". That was wrong - checking ->d_flags outside of ->d_seq
3255 protection is unreliable and failing with hard error on what should've
3256 fallen back to non-RCU pathname resolution is a bug.
3258 Unfortunately, we'd pulled the test too far up and ran afoul of
3259 another kind of staleness. The dentry might have been absolutely
3260 stable from the RCU point of view (and we might be on UP, etc), but
3261 stale from the remote fs point of view. If ->d_revalidate() returns
3262 "it's actually stale", dentry gets thrown away and the original code
3263 wouldn't even have looked at its ->d_flags.
3265 What we need is to check ->d_flags where 766c4cbfacd8 does (prior to
3266 ->d_seq validation) but only use the result in cases where we do not
3267 discard this dentry outright"
3269 Reported-by: Leandro Awa <lawa@nvidia.com>
3270 Link: https://bugzilla.kernel.org/show_bug.cgi?id=104911
3271 Fixes: 766c4cbfacd8 ("namei: d_is_negative() should be checked...")
3272 Tested-by: Leandro Awa <lawa@nvidia.com>
3273 Cc: stable@vger.kernel.org # v4.1+
3274 Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
3275 Acked-by: Al Viro <viro@zeniv.linux.org.uk>
3276 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3278 fs/namei.c | 8 ++++++--
3279 1 files changed, 6 insertions(+), 2 deletions(-)
3281 commit c0181260ce096a814637ad60e45a64c94840fffa
3282 Author: Matt Fleming <matt.fleming@intel.com>
3283 Date: Fri Sep 25 23:02:18 2015 +0100
3285 x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime, instead of top-down
3287 Beginning with UEFI v2.5 EFI_PROPERTIES_TABLE was introduced
3288 that signals that the firmware PE/COFF loader supports splitting
3289 code and data sections of PE/COFF images into separate EFI
3290 memory map entries. This allows the kernel to map those regions
3291 with strict memory protections, e.g. EFI_MEMORY_RO for code,
3292 EFI_MEMORY_XP for data, etc.
3294 Unfortunately, an unwritten requirement of this new feature is
3295 that the regions need to be mapped with the same offsets
3296 relative to each other as observed in the EFI memory map. If
3297 this is not done crashes like this may occur,
3299 BUG: unable to handle kernel paging request at fffffffefe6086dd
3300 IP: [<fffffffefe6086dd>] 0xfffffffefe6086dd
3302 [<ffffffff8104c90e>] efi_call+0x7e/0x100
3303 [<ffffffff81602091>] ? virt_efi_set_variable+0x61/0x90
3304 [<ffffffff8104c583>] efi_delete_dummy_variable+0x63/0x70
3305 [<ffffffff81f4e4aa>] efi_enter_virtual_mode+0x383/0x392
3306 [<ffffffff81f37e1b>] start_kernel+0x38a/0x417
3307 [<ffffffff81f37495>] x86_64_start_reservations+0x2a/0x2c
3308 [<ffffffff81f37582>] x86_64_start_kernel+0xeb/0xef
3310 Here 0xfffffffefe6086dd refers to an address the firmware
3311 expects to be mapped but which the OS never claimed was mapped.
3312 The issue is that included in these regions are relative
3313 addresses to other regions which were emitted by the firmware
3314 toolchain before the "splitting" of sections occurred at
3317 Needless to say, we don't satisfy this unwritten requirement on
3318 x86_64 and instead map the EFI memory map entries in reverse
3319 order. The above crash is almost certainly triggerable with any
3320 kernel newer than v3.13 because that's when we rewrote the EFI
3321 runtime region mapping code, in commit d2f7cbe7b26a ("x86/efi:
3322 Runtime services virtual mapping"). For kernel versions before
3323 v3.13 things may work by pure luck depending on the
3324 fragmentation of the kernel virtual address space at the time we
3325 map the EFI regions.
3327 Instead of mapping the EFI memory map entries in reverse order,
3328 where entry N has a higher virtual address than entry N+1, map
3329 them in the same order as they appear in the EFI memory map to
3330 preserve this relative offset between regions.
3332 This patch has been kept as small as possible with the intention
3333 that it should be applied aggressively to stable and
3334 distribution kernels. It is very much a bugfix rather than
3335 support for a new feature, since when EFI_PROPERTIES_TABLE is
3336 enabled we must map things as outlined above to even boot - we
3337 have no way of asking the firmware not to split the code/data
3340 In fact, this patch doesn't even make use of the more strict
3341 memory protections available in UEFI v2.5. That will come later.
3343 Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
3344 Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
3345 Signed-off-by: Matt Fleming <matt.fleming@intel.com>
3346 Cc: <stable@vger.kernel.org>
3347 Cc: Borislav Petkov <bp@suse.de>
3348 Cc: Chun-Yi <jlee@suse.com>
3349 Cc: Dave Young <dyoung@redhat.com>
3350 Cc: H. Peter Anvin <hpa@zytor.com>
3351 Cc: James Bottomley <JBottomley@Odin.com>
3352 Cc: Lee, Chun-Yi <jlee@suse.com>
3353 Cc: Leif Lindholm <leif.lindholm@linaro.org>
3354 Cc: Linus Torvalds <torvalds@linux-foundation.org>
3355 Cc: Matthew Garrett <mjg59@srcf.ucam.org>
3356 Cc: Mike Galbraith <efault@gmx.de>
3357 Cc: Peter Jones <pjones@redhat.com>
3358 Cc: Peter Zijlstra <peterz@infradead.org>
3359 Cc: Thomas Gleixner <tglx@linutronix.de>
3360 Cc: linux-kernel@vger.kernel.org
3361 Link: http://lkml.kernel.org/r/1443218539-7610-2-git-send-email-matt@codeblueprint.co.uk
3362 Signed-off-by: Ingo Molnar <mingo@kernel.org>
3364 arch/x86/platform/efi/efi.c | 67 ++++++++++++++++++++++++++++++++++++++++++-
3365 1 files changed, 66 insertions(+), 1 deletions(-)
3367 commit 9377caab146791c8c587da3750d6eddcd01bdfba
3368 Author: Ard Biesheuvel <ard.biesheuvel@linaro.org>
3369 Date: Fri Sep 25 23:02:19 2015 +0100
3371 arm64/efi: Fix boot crash by not padding between EFI_MEMORY_RUNTIME regions
3373 The new Properties Table feature introduced in UEFIv2.5 may
3374 split memory regions that cover PE/COFF memory images into
3375 separate code and data regions. Since these regions only differ
3376 in the type (runtime code vs runtime data) and the permission
3377 bits, but not in the memory type attributes (UC/WC/WT/WB), the
3378 spec does not require them to be aligned to 64 KB.
3380 Since the relative offset of PE/COFF .text and .data segments
3381 cannot be changed on the fly, this means that we can no longer
3382 pad out those regions to be mappable using 64 KB pages.
3383 Unfortunately, there is no annotation in the UEFI memory map
3384 that identifies data regions that were split off from a code
3385 region, so we must apply this logic to all adjacent runtime
3386 regions whose attributes only differ in the permission bits.
3388 So instead of rounding each memory region to 64 KB alignment at
3389 both ends, only round down regions that are not directly
3390 preceded by another runtime region with the same type
3391 attributes. Since the UEFI spec does not mandate that the memory
3392 map be sorted, this means we also need to sort it first.
3394 Note that this change will result in all EFI_MEMORY_RUNTIME
3395 regions whose start addresses are not aligned to the OS page
3396 size to be mapped with executable permissions (i.e., on kernels
3397 compiled with 64 KB pages). However, since these mappings are
3398 only active during the time that UEFI Runtime Services are being
3399 invoked, the window for abuse is rather small.
3401 Tested-by: Mark Salter <msalter@redhat.com>
3402 Tested-by: Mark Rutland <mark.rutland@arm.com> [UEFI 2.4 only]
3403 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
3404 Signed-off-by: Matt Fleming <matt.fleming@intel.com>
3405 Reviewed-by: Mark Salter <msalter@redhat.com>
3406 Reviewed-by: Mark Rutland <mark.rutland@arm.com>
3407 Cc: <stable@vger.kernel.org> # v4.0+
3408 Cc: Catalin Marinas <catalin.marinas@arm.com>
3409 Cc: Leif Lindholm <leif.lindholm@linaro.org>
3410 Cc: Linus Torvalds <torvalds@linux-foundation.org>
3411 Cc: Mike Galbraith <efault@gmx.de>
3412 Cc: Peter Zijlstra <peterz@infradead.org>
3413 Cc: Thomas Gleixner <tglx@linutronix.de>
3414 Cc: Will Deacon <will.deacon@arm.com>
3415 Cc: linux-kernel@vger.kernel.org
3416 Link: http://lkml.kernel.org/r/1443218539-7610-3-git-send-email-matt@codeblueprint.co.uk
3417 Signed-off-by: Ingo Molnar <mingo@kernel.org>
3419 arch/arm64/kernel/efi.c | 3 +-
3420 drivers/firmware/efi/libstub/arm-stub.c | 88 +++++++++++++++++++++++++-----
3421 2 files changed, 75 insertions(+), 16 deletions(-)
3423 commit 189124f1e733622c44d72060832af3c68d7ee8bc
3424 Author: Ralf Baechle <ralf@linux-mips.org>
3425 Date: Fri Oct 2 09:48:57 2015 +0200
3427 MIPS: BPF: Fix load delay slots.
3429 The entire bpf_jit_asm.S is written in noreorder mode because "we know
3430 better" according to a comment. This also prevented the assembler from
3431 throwing in the required NOPs for MIPS I processors which have no
3432 load-use interlock, thus the load's consumer might end up using the
3433 old value of the register from prior to the load.
3435 Fixed by putting the assembler in reorder mode for just the affected
3436 load instructions. This is not enough for gas to actually try to be
3437 clever by looking at the next instruction and inserting a nop only
3438 when needed but as the comment said "we know better", so getting gas
3439 to unconditionally emit a NOP is just right in this case and prevents
3440 adding further ifdefery.
3442 Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
3444 arch/mips/net/bpf_jit_asm.S | 4 ++++
3445 1 files changed, 4 insertions(+), 0 deletions(-)
3447 commit b4b012d6599fbc3c6e81f0a03cd59eb9f0095ed8
3448 Author: Lee, Chun-Yi <joeyli.kernel@gmail.com>
3449 Date: Tue Sep 29 20:58:57 2015 +0800
3451 x86/kexec: Fix kexec crash in syscall kexec_file_load()
3453 The original bug is a page fault crash that sometimes happens
3454 on big machines when preparing ELF headers:
3456 BUG: unable to handle kernel paging request at ffffc90613fc9000
3457 IP: [<ffffffff8103d645>] prepare_elf64_ram_headers_callback+0x165/0x260
3459 The bug is caused by us under-counting the number of memory ranges
3460 and subsequently not allocating enough ELF header space for them.
3461 The bug is typically masked on smaller systems, because the ELF header
3462 allocation is rounded up to the next page.
3464 This patch modifies the code in fill_up_crash_elf_data() by using
3465 walk_system_ram_res() instead of walk_system_ram_range() to correctly
3466 count the max number of crash memory ranges. That's because the
3467 walk_system_ram_range() filters out small memory regions that
3468 reside in the same page, but walk_system_ram_res() does not.
3470 Here's how I found the bug:
3472 After tracing prepare_elf64_headers() and prepare_elf64_ram_headers_callback(),
3473 the code uses walk_system_ram_res() to fill-in crash memory regions information
3474 to the program header, so it counts those small memory regions that
3475 reside in a page area.
3477 But, when the kernel was using walk_system_ram_range() in
3478 fill_up_crash_elf_data() to count the number of crash memory regions,
3479 it filters out small regions.
3481 I printed those small memory regions, for example:
3483 kexec: Get nr_ram ranges. vaddr=0xffff880077592258 paddr=0x77592258, sz=0xdc0
3485 Based on the code in walk_system_ram_range(), this memory region
3486 will be filtered out:
3488 pfn = (0x77592258 + 0x1000 - 1) >> 12 = 0x77593
3489 end_pfn = (0x77592258 + 0xfc0 -1 + 1) >> 12 = 0x77593
3490 end_pfn - pfn = 0x77593 - 0x77593 = 0 <=== if (end_pfn > pfn) is FALSE
3492 So, the max_nr_ranges that's counted by the kernel doesn't include
3493 small memory regions - causing us to under-allocate the required space.
3494 That causes the page fault crash that happens in a later code path
3495 when preparing ELF headers.
3497 This bug is not easy to reproduce on small machines that have few
3498 CPUs, because the allocated page aligned ELF buffer has more free
3499 space to cover those small memory regions' PT_LOAD headers.
3501 Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
3502 Cc: Andy Lutomirski <luto@kernel.org>
3503 Cc: Baoquan He <bhe@redhat.com>
3504 Cc: Jiang Liu <jiang.liu@linux.intel.com>
3505 Cc: Linus Torvalds <torvalds@linux-foundation.org>
3506 Cc: Mike Galbraith <efault@gmx.de>
3507 Cc: Peter Zijlstra <peterz@infradead.org>
3508 Cc: Stephen Rothwell <sfr@canb.auug.org.au>
3509 Cc: Takashi Iwai <tiwai@suse.de>
3510 Cc: Thomas Gleixner <tglx@linutronix.de>
3511 Cc: Viresh Kumar <viresh.kumar@linaro.org>
3512 Cc: Vivek Goyal <vgoyal@redhat.com>
3513 Cc: kexec@lists.infradead.org
3514 Cc: linux-kernel@vger.kernel.org
3515 Cc: <stable@vger.kernel.org>
3516 Link: http://lkml.kernel.org/r/1443531537-29436-1-git-send-email-jlee@suse.com
3517 Signed-off-by: Ingo Molnar <mingo@kernel.org>
3519 arch/x86/kernel/crash.c | 7 +++----
3520 1 files changed, 3 insertions(+), 4 deletions(-)
3522 commit bf91f1e0162bdd27ebd1411090a81fd9188daa4f
3523 Author: Elad Raz <eladr@mellanox.com>
3524 Date: Sat Aug 22 08:44:11 2015 +0300
3526 netfilter: ipset: Fixing unnamed union init
3528 In continue to proposed Vinson Lee's post [1], this patch fixes compilation
3529 issues founded at gcc 4.4.7. The initialization of .cidr field of unnamed
3530 unions causes compilation error in gcc 4.4.x.
3535 [1] https://lkml.org/lkml/2015/7/5/74
3537 Signed-off-by: Elad Raz <eladr@mellanox.com>
3538 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
3540 net/netfilter/ipset/ip_set_hash_netnet.c | 20 ++++++++++++++++++--
3541 net/netfilter/ipset/ip_set_hash_netportnet.c | 20 ++++++++++++++++++--
3542 2 files changed, 36 insertions(+), 4 deletions(-)
3544 commit fed13a5012b8d7e87a6f9efa2e40e0be28eaecd9
3545 Author: Brad Spengler <spender@grsecurity.net>
3546 Date: Fri Oct 9 23:12:43 2015 -0400
3550 arch/x86/mm/pgtable.c | 2 ++
3551 1 files changed, 2 insertions(+), 0 deletions(-)
3553 commit 58edc15a668a6dd90b3f66abc84b509f8fba7505
3554 Author: Daniel Borkmann <daniel@iogearbox.net>
3555 Date: Mon Aug 31 19:11:02 2015 +0200
3557 netfilter: conntrack: use nf_ct_tmpl_free in CT/synproxy error paths
3559 Commit 0838aa7fcfcd ("netfilter: fix netns dependencies with conntrack
3560 templates") migrated templates to the new allocator api, but forgot to
3561 update error paths for them in CT and synproxy to use nf_ct_tmpl_free()
3562 instead of nf_conntrack_free().
3564 Due to that, memory is being freed into the wrong kmemcache, but also
3565 we drop the per net reference count of ct objects causing an imbalance.
3567 In Brad's case, this leads to a wrap-around of net->ct.count and thus
3568 lets __nf_conntrack_alloc() refuse to create a new ct object:
3570 [ 10.340913] xt_addrtype: ipv6 does not support BROADCAST matching
3571 [ 10.810168] nf_conntrack: table full, dropping packet
3572 [ 11.917416] r8169 0000:07:00.0 eth0: link up
3573 [ 11.917438] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
3574 [ 12.815902] nf_conntrack: table full, dropping packet
3575 [ 15.688561] nf_conntrack: table full, dropping packet
3576 [ 15.689365] nf_conntrack: table full, dropping packet
3577 [ 15.690169] nf_conntrack: table full, dropping packet
3578 [ 15.690967] nf_conntrack: table full, dropping packet
3581 With slab debugging, it also reports the wrong kmemcache (kmalloc-512 vs.
3582 nf_conntrack_ffffffff81ce75c0) and reports poison overwrites, etc. Thus,
3583 to fix the problem, export and use nf_ct_tmpl_free() instead.
3585 Fixes: 0838aa7fcfcd ("netfilter: fix netns dependencies with conntrack templates")
3586 Reported-by: Brad Jackson <bjackson0971@gmail.com>
3587 Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
3588 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
3590 include/net/netfilter/nf_conntrack.h | 1 +
3591 net/netfilter/nf_conntrack_core.c | 3 ++-
3592 net/netfilter/nf_synproxy_core.c | 2 +-
3593 net/netfilter/xt_CT.c | 2 +-
3594 4 files changed, 5 insertions(+), 3 deletions(-)
3596 commit 37d26e44573aaa9c3b1f0c36ec9d4bddc008fc03
3597 Author: Brad Spengler <spender@grsecurity.net>
3598 Date: Fri Oct 9 18:22:54 2015 -0400
3600 Fix BUG() in scatterwalk_map_and_copy caused by virt_to_page being
3601 called on the KSTACKOVERFLOW's vmalloc'd stack. Thanks to
3602 Yves-Alexis Perez for the report
3604 crypto/scatterwalk.c | 10 ++++++++--
3605 1 files changed, 8 insertions(+), 2 deletions(-)
3607 commit 8137d53d2b60023587a48004f0b67946ed6db4a8
3608 Merge: 147420b a9c991f
3609 Author: Brad Spengler <spender@grsecurity.net>
3610 Date: Fri Oct 9 18:20:32 2015 -0400
3612 Merge branch 'pax-test' into grsec-test
3614 commit a9c991f727bb8daf15838296e301683791c17071
3615 Author: Brad Spengler <spender@grsecurity.net>
3616 Date: Fri Oct 9 18:20:07 2015 -0400
3618 Update to pax-linux-4.2.3-test8.patch:
3619 - fixed vsyscall/pvclock regression caused by the recent page table hardening, reported by kamil (https://forums.grsecurity.net/viewtopic.php?f=3&t=4272)
3621 arch/x86/kernel/espfix_64.c | 4 +---
3622 arch/x86/kernel/kvmclock.c | 20 ++++++--------------
3623 arch/x86/mm/highmem_32.c | 2 ++
3624 arch/x86/mm/pgtable.c | 33 +++++++++++++++++++++++++++++++++
3625 4 files changed, 42 insertions(+), 17 deletions(-)
3627 commit 147420b0f00c7f20f354e1dfa460b904a3af432b
3628 Author: Brad Spengler <spender@grsecurity.net>
3629 Date: Fri Oct 9 08:54:24 2015 -0400
3631 Properly fix the bug reported at:
3632 https://code.google.com/p/android/issues/detail?id=187973
3634 drivers/net/slip/slhc.c | 3 +++
3635 1 files changed, 3 insertions(+), 0 deletions(-)
3637 commit 4918a68ea80e1185ec8f3a94d3a2210552ed0bb5
3638 Merge: 4e736d9 7e02f35
3639 Author: Brad Spengler <spender@grsecurity.net>
3640 Date: Wed Oct 7 20:57:21 2015 -0400
3642 Merge branch 'pax-test' into grsec-test
3645 arch/x86/kernel/espfix_64.c
3647 commit 7e02f35880fd6bdb2f4e7ba07a13d6df1d121008
3648 Author: Brad Spengler <spender@grsecurity.net>
3649 Date: Wed Oct 7 20:54:36 2015 -0400
3651 Update to pax-linux-4.2.3-test7.patch:
3652 - backported vanilla commits b763ec17ac762470eec5be8ebcc43e4f8b2c2b82 and 176fc2d5770a0990eebff903ba680d2edd32e718
3653 - constified a few more page tables for ESPFIX/amd64
3654 - fixed xen and the recently added level1_modules_pgt page tables on amd64
3656 arch/x86/include/asm/pgtable_64.h | 1 +
3657 arch/x86/kernel/espfix_64.c | 35 +++++++++++++++++++++++----------
3658 arch/x86/xen/mmu.c | 4 +++
3659 drivers/base/regmap/regmap-debugfs.c | 14 +++++-------
3660 4 files changed, 35 insertions(+), 19 deletions(-)
3662 commit 4e736d9e568f6cc0d08dfe7519abf9a5d58a5418
3663 Author: Robin Murphy <robin.murphy@arm.com>
3664 Date: Thu Oct 1 15:37:19 2015 -0700
3666 dmapool: fix overflow condition in pool_find_page()
3668 If a DMA pool lies at the very top of the dma_addr_t range (as may
3669 happen with an IOMMU involved), the calculated end address of the pool
3670 wraps around to zero, and page lookup always fails.
3672 Tweak the relevant calculation to be overflow-proof.
3674 Signed-off-by: Robin Murphy <robin.murphy@arm.com>
3675 Cc: Arnd Bergmann <arnd@arndb.de>
3676 Cc: Marek Szyprowski <m.szyprowski@samsung.com>
3677 Cc: Sumit Semwal <sumit.semwal@linaro.org>
3678 Cc: Sakari Ailus <sakari.ailus@iki.fi>
3679 Cc: Russell King <rmk+kernel@arm.linux.org.uk>
3680 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
3681 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3684 1 files changed, 1 insertions(+), 1 deletions(-)
3686 commit 96a101a9b4208a6e5f2a0db7599881142e70ba43
3687 Author: Greg Thelen <gthelen@google.com>
3688 Date: Thu Oct 1 15:37:05 2015 -0700
3690 memcg: make mem_cgroup_read_stat() unsigned
3692 mem_cgroup_read_stat() returns a page count by summing per cpu page
3693 counters. The summing is racy wrt. updates, so a transient negative
3694 sum is possible. Callers don't want negative values:
3696 - mem_cgroup_wb_stats() doesn't want negative nr_dirty or nr_writeback.
3697 This could confuse dirty throttling.
3699 - oom reports and memory.stat shouldn't show confusing negative usage.
3701 - tree_usage() already avoids negatives.
3703 Avoid returning negative page counts from mem_cgroup_read_stat() and
3704 convert it to unsigned.
3706 [akpm@linux-foundation.org: fix old typo while we're in there]
3707 Signed-off-by: Greg Thelen <gthelen@google.com>
3708 Cc: Johannes Weiner <hannes@cmpxchg.org>
3709 Acked-by: Michal Hocko <mhocko@suse.com>
3710 Cc: <stable@vger.kernel.org> [4.2+]
3711 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
3712 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
3714 mm/memcontrol.c | 30 ++++++++++++++++++------------
3715 1 files changed, 18 insertions(+), 12 deletions(-)
3717 commit b7808c46650d5f4c09f071566de991af36eb9d37
3718 Author: Daniel Borkmann <daniel@iogearbox.net>
3719 Date: Fri Oct 2 12:06:03 2015 +0200
3721 bpf: fix panic in SO_GET_FILTER with native ebpf programs
3723 When sockets have a native eBPF program attached through
3724 setsockopt(sk, SOL_SOCKET, SO_ATTACH_BPF, ...), and then try to
3725 dump these over getsockopt(sk, SOL_SOCKET, SO_GET_FILTER, ...),
3726 the following panic appears:
3728 [49904.178642] BUG: unable to handle kernel NULL pointer dereference at (null)
3729 [49904.178762] IP: [<ffffffff81610fd9>] sk_get_filter+0x39/0x90
3730 [49904.182000] PGD 86fc9067 PUD 531a1067 PMD 0
3731 [49904.185196] Oops: 0000 [#1] SMP
3733 [49904.224677] Call Trace:
3734 [49904.226090] [<ffffffff815e3d49>] sock_getsockopt+0x319/0x740
3735 [49904.227535] [<ffffffff812f59e3>] ? sock_has_perm+0x63/0x70
3736 [49904.228953] [<ffffffff815e2fc8>] ? release_sock+0x108/0x150
3737 [49904.230380] [<ffffffff812f5a43>] ? selinux_socket_getsockopt+0x23/0x30
3738 [49904.231788] [<ffffffff815dff36>] SyS_getsockopt+0xa6/0xc0
3739 [49904.233267] [<ffffffff8171b9ae>] entry_SYSCALL_64_fastpath+0x12/0x71
3741 The underlying issue is the very same as in commit b382c0865600
3742 ("sock, diag: fix panic in sock_diag_put_filterinfo"), that is,
3743 native eBPF programs don't store an original program since this
3744 is only needed in cBPF ones.
3746 However, sk_get_filter() wasn't updated to test for this at the
3747 time when eBPF could be attached. Just throw an error to the user
3748 to indicate that eBPF cannot be dumped over this interface.
3749 That way, it can also be known that a program _is_ attached (as
3750 opposed to just return 0), and a different (future) method needs
3751 to be consulted for a dump.
3753 Fixes: 89aa075832b0 ("net: sock: allow eBPF programs to be attached to sockets")
3754 Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
3755 Acked-by: Alexei Starovoitov <ast@plumgrid.com>
3756 Signed-off-by: David S. Miller <davem@davemloft.net>
3758 net/core/filter.c | 6 +++++-
3759 1 files changed, 5 insertions(+), 1 deletions(-)
3761 commit 40853c884afb5fc2dcb9f7fc34ef446162566fcc
3762 Author: Steve French <smfrench@gmail.com>
3763 Date: Mon Sep 28 17:21:07 2015 -0500
3765 [SMB3] Do not fall back to SMBWriteX in set_file_size error cases
3767 The error paths in set_file_size for cifs and smb3 are incorrect.
3769 In the unlikely event that a server did not support set file info
3770 of the file size, the code incorrectly falls back to trying SMBWriteX
3771 (note that only the original core SMB Write, used for example by DOS,
3772 can set the file size this way - this actually does not work for the more
3773 recent SMBWriteX). The idea was since the old DOS SMB Write could set
3774 the file size if you write zero bytes at that offset then use that if
3775 server rejects the normal set file info call.
3777 Fortunately the SMBWriteX will never be sent on the wire (except when
3778 file size is zero) since the length and offset fields were reversed
3779 in the two places in this function that call SMBWriteX causing
3780 the fall back path to return an error. It is also important to never call
3781 an SMB request from an SMB2/sMB3 session (which theoretically would
3782 be possible, and can cause a brief session drop, although the client
3783 recovers) so this should be fixed. In practice this path does not happen
3784 with modern servers but the error fall back to SMBWriteX is clearly wrong.
3786 Removing the calls to SMBWriteX in the error paths in cifs_set_file_size
3788 Pointed out by PaX/grsecurity team
3790 Signed-off-by: Steve French <steve.french@primarydata.com>
3791 Reported-by: PaX Team <pageexec@freemail.hu>
3792 CC: Emese Revfy <re.emese@gmail.com>
3793 CC: Brad Spengler <spender@grsecurity.net>
3794 CC: Stable <stable@vger.kernel.org>
3796 fs/cifs/inode.c | 34 ----------------------------------
3797 1 files changed, 0 insertions(+), 34 deletions(-)
3799 commit f5fad97c967a08f4a89513969598b1d3c8232a38
3800 Author: Brad Spengler <spender@grsecurity.net>
3801 Date: Wed Oct 7 18:22:40 2015 -0400
3803 Initial import of grsecurity for Linux 4.2.3
3804 Note that size_overflow is currently marked BROKEN
3806 Documentation/dontdiff | 2 +
3807 Documentation/kernel-parameters.txt | 7 +
3808 Documentation/sysctl/kernel.txt | 15 +
3810 arch/alpha/include/asm/cache.h | 4 +-
3811 arch/alpha/kernel/osf_sys.c | 12 +-
3812 arch/arm/Kconfig | 1 +
3813 arch/arm/include/asm/thread_info.h | 9 +-
3814 arch/arm/kernel/process.c | 4 +-
3815 arch/arm/kernel/ptrace.c | 9 +
3816 arch/arm/kernel/traps.c | 7 +-
3817 arch/arm/mm/Kconfig | 2 +-
3818 arch/arm/mm/fault.c | 40 +-
3819 arch/arm/mm/mmap.c | 8 +-
3820 arch/arm/net/bpf_jit_32.c | 51 +-
3821 arch/avr32/include/asm/cache.h | 4 +-
3822 arch/blackfin/include/asm/cache.h | 3 +-
3823 arch/cris/include/arch-v10/arch/cache.h | 3 +-
3824 arch/cris/include/arch-v32/arch/cache.h | 3 +-
3825 arch/frv/include/asm/cache.h | 3 +-
3826 arch/frv/mm/elf-fdpic.c | 4 +-
3827 arch/hexagon/include/asm/cache.h | 6 +-
3828 arch/ia64/Kconfig | 1 +
3829 arch/ia64/include/asm/cache.h | 3 +-
3830 arch/ia64/kernel/sys_ia64.c | 2 +
3831 arch/ia64/mm/hugetlbpage.c | 2 +
3832 arch/m32r/include/asm/cache.h | 4 +-
3833 arch/m68k/include/asm/cache.h | 4 +-
3834 arch/metag/mm/hugetlbpage.c | 1 +
3835 arch/microblaze/include/asm/cache.h | 3 +-
3836 arch/mips/Kconfig | 1 +
3837 arch/mips/include/asm/cache.h | 3 +-
3838 arch/mips/include/asm/thread_info.h | 11 +-
3839 arch/mips/kernel/irq.c | 3 +
3840 arch/mips/kernel/ptrace.c | 9 +
3841 arch/mips/mm/mmap.c | 4 +-
3842 arch/mn10300/proc-mn103e010/include/proc/cache.h | 4 +-
3843 arch/mn10300/proc-mn2ws0050/include/proc/cache.h | 4 +-
3844 arch/openrisc/include/asm/cache.h | 4 +-
3845 arch/parisc/include/asm/cache.h | 5 +-
3846 arch/parisc/kernel/sys_parisc.c | 4 +
3847 arch/powerpc/Kconfig | 1 +
3848 arch/powerpc/include/asm/cache.h | 3 +-
3849 arch/powerpc/include/asm/thread_info.h | 5 +-
3850 arch/powerpc/kernel/Makefile | 2 +
3851 arch/powerpc/kernel/irq.c | 3 +
3852 arch/powerpc/kernel/process.c | 10 +-
3853 arch/powerpc/kernel/ptrace.c | 14 +
3854 arch/powerpc/kernel/traps.c | 5 +
3855 arch/powerpc/mm/slice.c | 2 +-
3856 arch/s390/include/asm/cache.h | 4 +-
3857 arch/score/include/asm/cache.h | 4 +-
3858 arch/sh/include/asm/cache.h | 3 +-
3859 arch/sh/mm/mmap.c | 6 +-
3860 arch/sparc/include/asm/cache.h | 4 +-
3861 arch/sparc/include/asm/pgalloc_64.h | 1 +
3862 arch/sparc/include/asm/thread_info_64.h | 8 +-
3863 arch/sparc/kernel/process_32.c | 6 +-
3864 arch/sparc/kernel/process_64.c | 8 +-
3865 arch/sparc/kernel/ptrace_64.c | 14 +
3866 arch/sparc/kernel/sys_sparc_64.c | 8 +-
3867 arch/sparc/kernel/syscalls.S | 8 +-
3868 arch/sparc/kernel/traps_32.c | 8 +-
3869 arch/sparc/kernel/traps_64.c | 28 +-
3870 arch/sparc/kernel/unaligned_64.c | 2 +-
3871 arch/sparc/mm/fault_64.c | 2 +-
3872 arch/sparc/mm/hugetlbpage.c | 15 +-
3873 arch/tile/Kconfig | 1 +
3874 arch/tile/include/asm/cache.h | 3 +-
3875 arch/tile/mm/hugetlbpage.c | 2 +
3876 arch/um/include/asm/cache.h | 3 +-
3877 arch/unicore32/include/asm/cache.h | 6 +-
3878 arch/x86/Kconfig | 21 +
3879 arch/x86/entry/entry_32.S | 2 +-
3880 arch/x86/entry/entry_64.S | 2 +-
3881 arch/x86/ia32/ia32_aout.c | 2 +
3882 arch/x86/include/asm/floppy.h | 20 +-
3883 arch/x86/include/asm/io.h | 2 +-
3884 arch/x86/include/asm/page.h | 12 +-
3885 arch/x86/include/asm/paravirt_types.h | 23 +-
3886 arch/x86/include/asm/processor.h | 2 +-
3887 arch/x86/include/asm/thread_info.h | 8 +-
3888 arch/x86/kernel/dumpstack.c | 10 +-
3889 arch/x86/kernel/dumpstack_32.c | 2 +-
3890 arch/x86/kernel/dumpstack_64.c | 2 +-
3891 arch/x86/kernel/espfix_64.c | 2 +-
3892 arch/x86/kernel/fpu/init.c | 4 +-
3893 arch/x86/kernel/ioport.c | 13 +
3894 arch/x86/kernel/irq_32.c | 3 +
3895 arch/x86/kernel/irq_64.c | 4 +
3896 arch/x86/kernel/ldt.c | 18 +
3897 arch/x86/kernel/msr.c | 10 +
3898 arch/x86/kernel/ptrace.c | 28 +
3899 arch/x86/kernel/signal.c | 9 +-
3900 arch/x86/kernel/sys_i386_32.c | 9 +-
3901 arch/x86/kernel/sys_x86_64.c | 8 +-
3902 arch/x86/kernel/traps.c | 5 +
3903 arch/x86/kernel/verify_cpu.S | 1 +
3904 arch/x86/kernel/vm86_32.c | 16 +
3905 arch/x86/mm/fault.c | 12 +-
3906 arch/x86/mm/hugetlbpage.c | 15 +-
3907 arch/x86/mm/init.c | 66 +-
3908 arch/x86/mm/init_32.c | 6 +-
3909 arch/x86/net/bpf_jit_comp.c | 4 +
3910 arch/x86/platform/efi/efi_64.c | 2 +-
3911 arch/x86/xen/Kconfig | 1 +
3912 arch/xtensa/variants/dc232b/include/variant/core.h | 2 +-
3913 arch/xtensa/variants/fsf/include/variant/core.h | 3 +-
3914 drivers/acpi/acpica/hwxfsleep.c | 11 +-
3915 drivers/acpi/custom_method.c | 4 +
3916 drivers/block/cciss.h | 30 +-
3917 drivers/block/smart1,2.h | 40 +-
3918 drivers/cdrom/cdrom.c | 2 +-
3919 drivers/char/Kconfig | 4 +-
3920 drivers/char/genrtc.c | 1 +
3921 drivers/char/mem.c | 17 +
3922 drivers/char/random.c | 5 +-
3923 drivers/cpufreq/sparc-us3-cpufreq.c | 2 -
3924 drivers/firewire/ohci.c | 4 +
3925 drivers/gpu/drm/drm_context.c | 50 +-
3926 drivers/gpu/drm/drm_drv.c | 11 +-
3927 drivers/gpu/drm/drm_lock.c | 18 +-
3928 drivers/gpu/drm/i915/i915_dma.c | 2 +
3929 drivers/gpu/drm/nouveau/nouveau_drm.c | 3 +-
3930 drivers/gpu/drm/nouveau/nouveau_ttm.c | 30 +-
3931 drivers/gpu/drm/ttm/ttm_bo_manager.c | 10 +-
3932 drivers/gpu/drm/virtio/virtgpu_ttm.c | 10 +-
3933 drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c | 10 +-
3934 drivers/hid/hid-wiimote-debug.c | 2 +-
3935 drivers/infiniband/hw/nes/nes_cm.c | 22 +-
3936 drivers/iommu/amd_iommu.c | 14 +-
3937 drivers/isdn/gigaset/bas-gigaset.c | 32 +-
3938 drivers/isdn/gigaset/ser-gigaset.c | 32 +-
3939 drivers/isdn/gigaset/usb-gigaset.c | 32 +-
3940 drivers/isdn/i4l/isdn_concap.c | 6 +-
3941 drivers/isdn/i4l/isdn_x25iface.c | 16 +-
3942 drivers/md/raid5.c | 8 +
3943 drivers/media/pci/solo6x10/solo6x10-g723.c | 2 +-
3944 drivers/media/radio/radio-cadet.c | 5 +-
3945 drivers/media/usb/dvb-usb/cinergyT2-core.c | 91 +-
3946 drivers/media/usb/dvb-usb/cinergyT2-fe.c | 182 +-
3947 drivers/media/usb/dvb-usb/dvb-usb-firmware.c | 37 +-
3948 drivers/media/usb/dvb-usb/technisat-usb2.c | 75 +-
3949 drivers/message/fusion/mptbase.c | 9 +
3950 drivers/misc/sgi-xp/xp_main.c | 12 +-
3951 drivers/net/ethernet/brocade/bna/bna_enet.c | 8 +-
3952 drivers/net/wan/lmc/lmc_media.c | 97 +-
3953 drivers/net/wan/z85230.c | 24 +-
3954 drivers/net/wireless/zd1211rw/zd_usb.c | 2 +-
3955 drivers/pci/proc.c | 9 +
3956 drivers/platform/x86/asus-wmi.c | 12 +
3957 drivers/rtc/rtc-dev.c | 3 +
3958 drivers/scsi/bfa/bfa_fcs.c | 19 +-
3959 drivers/scsi/bfa/bfa_fcs_lport.c | 29 +-
3960 drivers/scsi/bfa/bfa_modules.h | 12 +-
3961 drivers/scsi/hpsa.h | 40 +-
3962 drivers/staging/lustre/lustre/ldlm/ldlm_flock.c | 2 +-
3963 drivers/staging/lustre/lustre/libcfs/module.c | 10 +-
3964 drivers/staging/sm750fb/sm750.c | 3 +
3965 drivers/tty/serial/uartlite.c | 4 +-
3966 drivers/tty/sysrq.c | 2 +-
3967 drivers/tty/vt/keyboard.c | 22 +-
3968 drivers/uio/uio.c | 6 +-
3969 drivers/usb/core/hub.c | 5 +
3970 drivers/usb/gadget/function/f_uac1.c | 1 +
3971 drivers/usb/gadget/function/u_uac1.c | 1 +
3972 drivers/usb/host/hwa-hc.c | 9 +-
3973 drivers/usb/usbip/vhci_sysfs.c | 2 +-
3974 drivers/video/fbdev/arcfb.c | 2 +-
3975 drivers/video/fbdev/matrox/matroxfb_DAC1064.c | 10 +-
3976 drivers/video/fbdev/matrox/matroxfb_Ti3026.c | 5 +-
3977 drivers/video/fbdev/sh_mobile_lcdcfb.c | 6 +-
3978 drivers/video/logo/logo_linux_clut224.ppm | 2720 ++++-----
3979 drivers/xen/xenfs/xenstored.c | 5 +
3980 firmware/Makefile | 2 +
3981 firmware/WHENCE | 20 +-
3982 firmware/bnx2/bnx2-mips-06-6.2.3.fw.ihex | 5804 +++++++++++++++++
3983 firmware/bnx2/bnx2-mips-09-6.2.1b.fw.ihex | 6496 ++++++++++++++++++++
3985 fs/autofs4/waitq.c | 9 +
3986 fs/binfmt_aout.c | 7 +
3987 fs/binfmt_elf.c | 40 +-
3989 fs/coredump.c | 17 +-
3991 fs/debugfs/inode.c | 11 +-
3993 fs/ext2/balloc.c | 4 +-
3994 fs/ext2/super.c | 8 +-
3995 fs/ext3/balloc.c | 4 +-
3996 fs/ext3/super.c | 8 +-
3997 fs/ext4/balloc.c | 4 +-
4001 fs/filesystems.c | 4 +
4002 fs/fs_struct.c | 20 +-
4003 fs/hugetlbfs/inode.c | 5 +-
4005 fs/kernfs/dir.c | 6 +
4008 fs/namespace.c | 24 +
4009 fs/nfsd/nfscache.c | 2 +-
4011 fs/overlayfs/inode.c | 3 +
4012 fs/overlayfs/super.c | 6 +-
4014 fs/posix_acl.c | 15 +-
4015 fs/proc/Kconfig | 10 +-
4016 fs/proc/array.c | 66 +-
4017 fs/proc/base.c | 168 +-
4018 fs/proc/cmdline.c | 4 +
4019 fs/proc/devices.c | 4 +
4020 fs/proc/fd.c | 17 +-
4021 fs/proc/generic.c | 64 +
4022 fs/proc/inode.c | 17 +
4023 fs/proc/internal.h | 11 +-
4024 fs/proc/interrupts.c | 4 +
4025 fs/proc/kcore.c | 3 +
4026 fs/proc/proc_net.c | 31 +
4027 fs/proc/proc_sysctl.c | 52 +-
4028 fs/proc/root.c | 8 +
4029 fs/proc/stat.c | 69 +-
4030 fs/proc/task_mmu.c | 66 +-
4032 fs/reiserfs/item_ops.c | 24 +-
4033 fs/reiserfs/super.c | 4 +
4035 fs/seq_file.c | 30 +-
4037 fs/sysfs/dir.c | 30 +-
4040 grsecurity/Kconfig | 1182 ++++
4041 grsecurity/Makefile | 54 +
4042 grsecurity/gracl.c | 2757 +++++++++
4043 grsecurity/gracl_alloc.c | 105 +
4044 grsecurity/gracl_cap.c | 127 +
4045 grsecurity/gracl_compat.c | 269 +
4046 grsecurity/gracl_fs.c | 448 ++
4047 grsecurity/gracl_ip.c | 386 ++
4048 grsecurity/gracl_learn.c | 207 +
4049 grsecurity/gracl_policy.c | 1786 ++++++
4050 grsecurity/gracl_res.c | 68 +
4051 grsecurity/gracl_segv.c | 304 +
4052 grsecurity/gracl_shm.c | 40 +
4053 grsecurity/grsec_chdir.c | 19 +
4054 grsecurity/grsec_chroot.c | 467 ++
4055 grsecurity/grsec_disabled.c | 445 ++
4056 grsecurity/grsec_exec.c | 189 +
4057 grsecurity/grsec_fifo.c | 26 +
4058 grsecurity/grsec_fork.c | 23 +
4059 grsecurity/grsec_init.c | 290 +
4060 grsecurity/grsec_ipc.c | 48 +
4061 grsecurity/grsec_link.c | 65 +
4062 grsecurity/grsec_log.c | 340 +
4063 grsecurity/grsec_mem.c | 48 +
4064 grsecurity/grsec_mount.c | 65 +
4065 grsecurity/grsec_pax.c | 47 +
4066 grsecurity/grsec_proc.c | 20 +
4067 grsecurity/grsec_ptrace.c | 30 +
4068 grsecurity/grsec_sig.c | 236 +
4069 grsecurity/grsec_sock.c | 244 +
4070 grsecurity/grsec_sysctl.c | 488 ++
4071 grsecurity/grsec_time.c | 16 +
4072 grsecurity/grsec_tpe.c | 78 +
4073 grsecurity/grsec_usb.c | 15 +
4074 grsecurity/grsum.c | 64 +
4075 include/drm/drmP.h | 23 +-
4076 include/linux/binfmts.h | 5 +-
4077 include/linux/capability.h | 13 +
4078 include/linux/compiler-gcc.h | 5 +
4079 include/linux/compiler.h | 8 +
4080 include/linux/cred.h | 8 +-
4081 include/linux/dcache.h | 5 +-
4082 include/linux/fs.h | 24 +-
4083 include/linux/fs_struct.h | 2 +-
4084 include/linux/fsnotify.h | 6 +
4085 include/linux/gracl.h | 342 +
4086 include/linux/gracl_compat.h | 156 +
4087 include/linux/gralloc.h | 9 +
4088 include/linux/grdefs.h | 140 +
4089 include/linux/grinternal.h | 230 +
4090 include/linux/grmsg.h | 118 +
4091 include/linux/grsecurity.h | 249 +
4092 include/linux/grsock.h | 19 +
4093 include/linux/ipc.h | 2 +-
4094 include/linux/ipc_namespace.h | 2 +-
4095 include/linux/kallsyms.h | 18 +-
4096 include/linux/kmod.h | 5 +
4097 include/linux/kobject.h | 2 +-
4098 include/linux/lsm_hooks.h | 4 +-
4099 include/linux/mm.h | 12 +
4100 include/linux/mm_types.h | 4 +-
4101 include/linux/module.h | 5 +-
4102 include/linux/mount.h | 2 +-
4103 include/linux/netfilter/xt_gradm.h | 9 +
4104 include/linux/path.h | 4 +-
4105 include/linux/perf_event.h | 13 +-
4106 include/linux/pid_namespace.h | 2 +-
4107 include/linux/printk.h | 2 +-
4108 include/linux/proc_fs.h | 22 +-
4109 include/linux/proc_ns.h | 2 +-
4110 include/linux/random.h | 2 +-
4111 include/linux/rbtree_augmented.h | 4 +-
4112 include/linux/scatterlist.h | 12 +-
4113 include/linux/sched.h | 110 +-
4114 include/linux/security.h | 3 +-
4115 include/linux/seq_file.h | 5 +
4116 include/linux/shm.h | 6 +-
4117 include/linux/skbuff.h | 3 +
4118 include/linux/slab.h | 9 -
4119 include/linux/sysctl.h | 8 +-
4120 include/linux/thread_info.h | 6 +-
4121 include/linux/tty.h | 2 +-
4122 include/linux/tty_driver.h | 4 +-
4123 include/linux/uidgid.h | 5 +
4124 include/linux/user_namespace.h | 2 +-
4125 include/linux/utsname.h | 2 +-
4126 include/linux/vermagic.h | 16 +-
4127 include/linux/vmalloc.h | 8 +
4128 include/net/af_unix.h | 2 +-
4129 include/net/ip.h | 2 +-
4130 include/net/neighbour.h | 2 +-
4131 include/net/net_namespace.h | 2 +-
4132 include/net/sock.h | 2 +-
4133 include/trace/events/fs.h | 53 +
4134 include/uapi/drm/i915_drm.h | 1 +
4135 include/uapi/linux/personality.h | 1 +
4142 kernel/auditsc.c | 2 +-
4143 kernel/bpf/syscall.c | 8 +-
4144 kernel/capability.c | 41 +-
4145 kernel/cgroup.c | 5 +-
4146 kernel/compat.c | 1 +
4147 kernel/configs.c | 11 +
4148 kernel/cred.c | 112 +-
4149 kernel/events/core.c | 14 +-
4150 kernel/exit.c | 10 +-
4151 kernel/fork.c | 86 +-
4152 kernel/futex.c | 4 +-
4153 kernel/kallsyms.c | 9 +
4155 kernel/kexec.c | 2 +-
4156 kernel/kmod.c | 95 +-
4157 kernel/kprobes.c | 7 +-
4158 kernel/ksysfs.c | 2 +
4159 kernel/locking/lockdep_proc.c | 10 +-
4160 kernel/module.c | 108 +-
4161 kernel/panic.c | 4 +-
4162 kernel/pid.c | 19 +-
4163 kernel/power/Kconfig | 2 +
4164 kernel/printk/printk.c | 7 +-
4165 kernel/ptrace.c | 20 +-
4166 kernel/resource.c | 10 +
4167 kernel/sched/core.c | 11 +-
4168 kernel/signal.c | 37 +-
4169 kernel/sys.c | 64 +-
4170 kernel/sysctl.c | 180 +-
4171 kernel/taskstats.c | 6 +
4172 kernel/time/posix-timers.c | 8 +
4173 kernel/time/time.c | 5 +
4174 kernel/time/timekeeping.c | 3 +
4175 kernel/time/timer_list.c | 13 +-
4176 kernel/time/timer_stats.c | 10 +-
4177 kernel/trace/trace_syscalls.c | 8 +
4178 kernel/user_namespace.c | 15 +
4179 lib/Kconfig.debug | 7 +-
4180 lib/is_single_threaded.c | 3 +
4181 lib/list_debug.c | 65 +-
4184 lib/vsprintf.c | 39 +-
4185 localversion-grsec | 1 +
4187 mm/Kconfig.debug | 1 +
4190 mm/kmemleak.c | 4 +-
4192 mm/mempolicy.c | 12 +-
4197 mm/page_alloc.c | 2 +-
4198 mm/process_vm_access.c | 6 +
4201 mm/slab_common.c | 2 +-
4205 mm/vmalloc.c | 80 +-
4207 net/appletalk/atalk_proc.c | 2 +-
4208 net/atm/lec.c | 6 +-
4209 net/atm/mpoa_caches.c | 42 +-
4210 net/can/bcm.c | 2 +-
4211 net/can/proc.c | 2 +-
4212 net/core/dev_ioctl.c | 7 +-
4213 net/core/filter.c | 8 +-
4214 net/core/net-procfs.c | 17 +-
4215 net/core/pktgen.c | 2 +-
4216 net/core/sock.c | 3 +-
4217 net/core/sysctl_net_core.c | 2 +-
4218 net/decnet/dn_dev.c | 2 +-
4219 net/ipv4/devinet.c | 6 +-
4220 net/ipv4/inet_hashtables.c | 5 +
4221 net/ipv4/ip_input.c | 7 +
4222 net/ipv4/ip_sockglue.c | 3 +-
4223 net/ipv4/netfilter/ipt_CLUSTERIP.c | 2 +-
4224 net/ipv4/route.c | 6 +-
4225 net/ipv4/tcp_input.c | 4 +-
4226 net/ipv4/tcp_ipv4.c | 24 +-
4227 net/ipv4/tcp_minisocks.c | 9 +-
4228 net/ipv4/tcp_timer.c | 11 +
4229 net/ipv4/udp.c | 24 +
4230 net/ipv6/addrconf.c | 13 +-
4231 net/ipv6/proc.c | 2 +-
4232 net/ipv6/tcp_ipv6.c | 23 +-
4233 net/ipv6/udp.c | 7 +
4234 net/ipx/ipx_proc.c | 2 +-
4235 net/irda/irproc.c | 2 +-
4236 net/llc/llc_proc.c | 2 +-
4237 net/netfilter/Kconfig | 10 +
4238 net/netfilter/Makefile | 1 +
4239 net/netfilter/nf_conntrack_core.c | 8 +
4240 net/netfilter/xt_gradm.c | 51 +
4241 net/netfilter/xt_hashlimit.c | 4 +-
4242 net/netfilter/xt_recent.c | 2 +-
4243 net/socket.c | 71 +-
4244 net/sunrpc/cache.c | 2 +-
4245 net/sunrpc/stats.c | 2 +-
4246 net/sysctl_net.c | 2 +-
4247 net/unix/af_unix.c | 52 +-
4248 net/vmw_vsock/vmci_transport_notify.c | 30 +-
4249 net/vmw_vsock/vmci_transport_notify_qstate.c | 30 +-
4250 net/x25/sysctl_net_x25.c | 2 +-
4251 net/x25/x25_proc.c | 2 +-
4252 scripts/package/Makefile | 2 +-
4253 scripts/package/mkspec | 38 +-
4254 security/Kconfig | 370 +-
4255 security/apparmor/file.c | 4 +-
4256 security/apparmor/lsm.c | 8 +-
4257 security/commoncap.c | 29 +
4258 security/min_addr.c | 2 +
4259 security/tomoyo/file.c | 12 +-
4260 security/tomoyo/mount.c | 4 +
4261 security/tomoyo/tomoyo.c | 20 +-
4262 security/yama/Kconfig | 2 +-
4263 sound/synth/emux/emux_seq.c | 14 +-
4264 sound/usb/line6/driver.c | 40 +-
4265 sound/usb/line6/toneport.c | 12 +-
4266 tools/gcc/.gitignore | 1 +
4267 tools/gcc/Makefile | 12 +
4268 tools/gcc/gen-random-seed.sh | 8 +
4269 tools/gcc/randomize_layout_plugin.c | 930 +++
4270 tools/gcc/size_overflow_plugin/.gitignore | 1 +
4271 .../size_overflow_plugin/size_overflow_hash.data | 320 +-
4272 466 files changed, 32295 insertions(+), 2907 deletions(-)
4274 commit fc19197ab5a42069863a7d88f1d41eb687697fe9
4275 Author: Brad Spengler <spender@grsecurity.net>
4276 Date: Sun Oct 4 20:43:51 2015 -0400
4278 Update to pax-linux-4.2.3-test6.patch:
4279 - fixed a KERNEXEC/x86 and early ioremap regression, reported by spender
4280 - sanitized a few more top level page table entries on amd64
4282 arch/x86/kernel/espfix_64.c | 2 +-
4283 arch/x86/kernel/head_64.S | 8 ++++----
4284 arch/x86/mm/ioremap.c | 6 +++++-
4285 3 files changed, 10 insertions(+), 6 deletions(-)
4287 commit 23ac5415b9ef394e10b1516d3b314c742c6a3e59
4288 Author: Brad Spengler <spender@grsecurity.net>
4289 Date: Sun Oct 4 17:47:37 2015 -0400
4291 Resync with pax-linux-4.2.3-test5.patch
4293 arch/x86/include/asm/pgtable-2level.h | 20 ++++++++++++++++----
4294 arch/x86/include/asm/pgtable-3level.h | 8 ++++++++
4295 arch/x86/include/asm/pgtable_32.h | 2 --
4296 arch/x86/include/asm/pgtable_64.h | 20 ++++++++++++++++----
4297 arch/x86/mm/highmem_32.c | 2 --
4298 arch/x86/mm/init_64.c | 2 --
4299 arch/x86/mm/iomap_32.c | 4 ----
4300 arch/x86/mm/ioremap.c | 2 +-
4301 arch/x86/mm/pgtable.c | 2 --
4302 arch/x86/mm/pgtable_32.c | 3 ---
4303 mm/highmem.c | 6 +-----
4304 mm/vmalloc.c | 12 +-----------
4305 .../size_overflow_plugin/size_overflow_hash.data | 2 --
4306 13 files changed, 43 insertions(+), 42 deletions(-)
4308 commit 25f4bed80f0d87783793a70d6c20080031a1fd38
4309 Author: Brad Spengler <spender@grsecurity.net>
4310 Date: Sun Oct 4 13:06:32 2015 -0400
4312 Update to pax-linux-4.2.3-test5.patch:
4313 - forward port to 4.2.3
4314 - fixed integer sign conversion errors caused by ieee80211_tx_rate_control.max_rate_idx, caught by the size overflow plugin
4315 - fixed a bug in try_preserve_large_page that caused unnecessary large page split ups
4316 - increased the number of statically allocated kernel page tables under KERNEXEC/amd64
4318 arch/x86/include/asm/pgtable-2level.h | 2 ++
4319 arch/x86/include/asm/pgtable-3level.h | 5 +++++
4320 arch/x86/include/asm/pgtable_64.h | 2 ++
4321 arch/x86/kernel/cpu/bugs_64.c | 2 ++
4322 arch/x86/kernel/head_64.S | 28 +++++++++++++++++++++++-----
4323 arch/x86/kernel/vmlinux.lds.S | 8 +++++++-
4324 arch/x86/mm/init.c | 18 ++++++++++++++----
4325 arch/x86/mm/ioremap.c | 8 ++++++--
4326 arch/x86/mm/pageattr.c | 5 ++---
4327 arch/x86/mm/pgtable.c | 2 ++
4328 include/asm-generic/sections.h | 1 +
4329 include/asm-generic/vmlinux.lds.h | 2 ++
4330 include/net/mac80211.h | 2 +-
4331 mm/vmalloc.c | 7 ++++++-
4332 14 files changed, 75 insertions(+), 17 deletions(-)
4334 commit a2dce7cb2e3c389b7ef6c76c15ccdbf506007ddd
4335 Merge: d113ff6 fcba09f
4336 Author: Brad Spengler <spender@grsecurity.net>
4337 Date: Sat Oct 3 09:12:31 2015 -0400
4339 Merge branch 'linux-4.2.y' into pax-test
4341 commit d113ff6e7835e89e2b954503b1a100750ddb43c7
4342 Author: Brad Spengler <spender@grsecurity.net>
4343 Date: Thu Oct 1 21:34:12 2015 -0400
4345 Update to pax-linux-4.2.2-test5.patch:
4346 - fixed a RANDKSTACK regression, reported by spender
4347 - fixed some more compiler warnings due to the ktla_ktva changes, reported by spender
4349 arch/x86/entry/entry_64.S | 2 ++
4350 arch/x86/kernel/process.c | 1 +
4351 drivers/hv/hv.c | 2 +-
4352 drivers/lguest/x86/core.c | 4 ++--
4353 drivers/misc/kgdbts.c | 4 ++--
4354 drivers/video/fbdev/uvesafb.c | 4 ++--
4355 fs/binfmt_elf_fdpic.c | 2 +-
4356 7 files changed, 11 insertions(+), 8 deletions(-)
4358 commit 149e32a4dddfae46e2490f011870cd4492ca946c
4359 Author: Brad Spengler <spender@grsecurity.net>
4360 Date: Tue Sep 29 16:31:50 2015 -0400
4362 Update to pax-linux-4.2.2-test4.patch:
4363 - fixed a few compiler warnings caused by the recently reworked ktla_ktva/ktva_ktla functions, reported by spender
4364 - Emese fixed a size overflow false positive in the IDE driver, reported by spender
4366 arch/x86/lib/insn.c | 2 +-
4367 drivers/ide/ide-disk.c | 2 +-
4368 drivers/video/fbdev/vesafb.c | 4 ++--
4369 fs/binfmt_elf.c | 2 +-
4370 .../size_overflow_plugin/size_overflow_plugin.c | 4 ++--
4371 .../size_overflow_transform_core.c | 11 +++++------
4372 6 files changed, 12 insertions(+), 13 deletions(-)
4374 commit 02c41b848fbaddf82ce98690b23d3d85a94d55fe
4375 Merge: b8b2f5b 7659db3
4376 Author: Brad Spengler <spender@grsecurity.net>
4377 Date: Tue Sep 29 15:50:40 2015 -0400
4379 Merge branch 'linux-4.2.y' into pax-test
4384 commit b8b2f5bc93ced0ca9a8366d0f3fa09abd1ca7ac6
4385 Author: Brad Spengler <spender@grsecurity.net>
4386 Date: Tue Sep 29 09:13:54 2015 -0400
4388 Initial import of pax-linux-4.2.1-test3.patch
4390 Documentation/dontdiff | 47 +-
4391 Documentation/kbuild/makefiles.txt | 39 +-
4392 Documentation/kernel-parameters.txt | 28 +
4394 arch/alpha/include/asm/atomic.h | 10 +
4395 arch/alpha/include/asm/elf.h | 7 +
4396 arch/alpha/include/asm/pgalloc.h | 6 +
4397 arch/alpha/include/asm/pgtable.h | 11 +
4398 arch/alpha/kernel/module.c | 2 +-
4399 arch/alpha/kernel/osf_sys.c | 8 +-
4400 arch/alpha/mm/fault.c | 141 +-
4401 arch/arm/Kconfig | 2 +-
4402 arch/arm/include/asm/atomic.h | 319 +-
4403 arch/arm/include/asm/barrier.h | 2 +-
4404 arch/arm/include/asm/cache.h | 5 +-
4405 arch/arm/include/asm/cacheflush.h | 2 +-
4406 arch/arm/include/asm/checksum.h | 14 +-
4407 arch/arm/include/asm/cmpxchg.h | 4 +
4408 arch/arm/include/asm/cpuidle.h | 2 +-
4409 arch/arm/include/asm/domain.h | 33 +-
4410 arch/arm/include/asm/elf.h | 9 +-
4411 arch/arm/include/asm/fncpy.h | 2 +
4412 arch/arm/include/asm/futex.h | 10 +
4413 arch/arm/include/asm/kmap_types.h | 2 +-
4414 arch/arm/include/asm/mach/dma.h | 2 +-
4415 arch/arm/include/asm/mach/map.h | 16 +-
4416 arch/arm/include/asm/outercache.h | 2 +-
4417 arch/arm/include/asm/page.h | 3 +-
4418 arch/arm/include/asm/pgalloc.h | 20 +
4419 arch/arm/include/asm/pgtable-2level-hwdef.h | 4 +-
4420 arch/arm/include/asm/pgtable-2level.h | 3 +
4421 arch/arm/include/asm/pgtable-3level.h | 3 +
4422 arch/arm/include/asm/pgtable.h | 54 +-
4423 arch/arm/include/asm/psci.h | 2 +-
4424 arch/arm/include/asm/smp.h | 2 +-
4425 arch/arm/include/asm/thread_info.h | 6 +-
4426 arch/arm/include/asm/tls.h | 3 +
4427 arch/arm/include/asm/uaccess.h | 100 +-
4428 arch/arm/include/uapi/asm/ptrace.h | 2 +-
4429 arch/arm/kernel/armksyms.c | 8 +-
4430 arch/arm/kernel/cpuidle.c | 2 +-
4431 arch/arm/kernel/entry-armv.S | 110 +-
4432 arch/arm/kernel/entry-common.S | 40 +-
4433 arch/arm/kernel/entry-header.S | 60 +
4434 arch/arm/kernel/fiq.c | 3 +
4435 arch/arm/kernel/head.S | 2 +-
4436 arch/arm/kernel/module.c | 38 +-
4437 arch/arm/kernel/patch.c | 2 +
4438 arch/arm/kernel/process.c | 90 +-
4439 arch/arm/kernel/psci.c | 2 +-
4440 arch/arm/kernel/reboot.c | 1 +
4441 arch/arm/kernel/setup.c | 20 +-
4442 arch/arm/kernel/signal.c | 35 +-
4443 arch/arm/kernel/smp.c | 2 +-
4444 arch/arm/kernel/tcm.c | 4 +-
4445 arch/arm/kernel/traps.c | 6 +-
4446 arch/arm/kernel/vmlinux.lds.S | 6 +-
4447 arch/arm/kvm/arm.c | 10 +-
4448 arch/arm/lib/clear_user.S | 6 +-
4449 arch/arm/lib/copy_from_user.S | 6 +-
4450 arch/arm/lib/copy_page.S | 1 +
4451 arch/arm/lib/copy_to_user.S | 6 +-
4452 arch/arm/lib/csumpartialcopyuser.S | 4 +-
4453 arch/arm/lib/delay.c | 2 +-
4454 arch/arm/lib/uaccess_with_memcpy.c | 8 +-
4455 arch/arm/mach-exynos/suspend.c | 6 +-
4456 arch/arm/mach-mvebu/coherency.c | 4 +-
4457 arch/arm/mach-omap2/board-n8x0.c | 2 +-
4458 arch/arm/mach-omap2/omap-mpuss-lowpower.c | 4 +-
4459 arch/arm/mach-omap2/omap-smp.c | 1 +
4460 arch/arm/mach-omap2/omap-wakeupgen.c | 2 +-
4461 arch/arm/mach-omap2/omap_device.c | 4 +-
4462 arch/arm/mach-omap2/omap_device.h | 4 +-
4463 arch/arm/mach-omap2/omap_hwmod.c | 4 +-
4464 arch/arm/mach-omap2/powerdomains43xx_data.c | 5 +-
4465 arch/arm/mach-omap2/wd_timer.c | 6 +-
4466 arch/arm/mach-shmobile/platsmp-apmu.c | 5 +-
4467 arch/arm/mach-shmobile/pm-r8a7740.c | 5 +-
4468 arch/arm/mach-shmobile/pm-sh73a0.c | 5 +-
4469 arch/arm/mach-tegra/cpuidle-tegra20.c | 2 +-
4470 arch/arm/mach-tegra/irq.c | 1 +
4471 arch/arm/mach-ux500/pm.c | 1 +
4472 arch/arm/mach-zynq/platsmp.c | 1 +
4473 arch/arm/mm/Kconfig | 6 +-
4474 arch/arm/mm/alignment.c | 8 +
4475 arch/arm/mm/cache-l2x0.c | 2 +-
4476 arch/arm/mm/context.c | 10 +-
4477 arch/arm/mm/fault.c | 146 +
4478 arch/arm/mm/fault.h | 12 +
4479 arch/arm/mm/init.c | 39 +
4480 arch/arm/mm/ioremap.c | 4 +-
4481 arch/arm/mm/mmap.c | 30 +-
4482 arch/arm/mm/mmu.c | 182 +-
4483 arch/arm/net/bpf_jit_32.c | 3 +
4484 arch/arm/plat-iop/setup.c | 2 +-
4485 arch/arm/plat-omap/sram.c | 2 +
4486 arch/arm64/include/asm/atomic.h | 10 +
4487 arch/arm64/include/asm/barrier.h | 2 +-
4488 arch/arm64/include/asm/percpu.h | 8 +-
4489 arch/arm64/include/asm/pgalloc.h | 5 +
4490 arch/arm64/include/asm/uaccess.h | 1 +
4491 arch/arm64/mm/dma-mapping.c | 2 +-
4492 arch/avr32/include/asm/elf.h | 8 +-
4493 arch/avr32/include/asm/kmap_types.h | 4 +-
4494 arch/avr32/mm/fault.c | 27 +
4495 arch/frv/include/asm/atomic.h | 10 +
4496 arch/frv/include/asm/kmap_types.h | 2 +-
4497 arch/frv/mm/elf-fdpic.c | 3 +-
4498 arch/ia64/Makefile | 1 +
4499 arch/ia64/include/asm/atomic.h | 10 +
4500 arch/ia64/include/asm/barrier.h | 2 +-
4501 arch/ia64/include/asm/elf.h | 7 +
4502 arch/ia64/include/asm/pgalloc.h | 12 +
4503 arch/ia64/include/asm/pgtable.h | 13 +-
4504 arch/ia64/include/asm/spinlock.h | 2 +-
4505 arch/ia64/include/asm/uaccess.h | 27 +-
4506 arch/ia64/kernel/module.c | 45 +-
4507 arch/ia64/kernel/palinfo.c | 2 +-
4508 arch/ia64/kernel/sys_ia64.c | 7 +
4509 arch/ia64/kernel/vmlinux.lds.S | 2 +-
4510 arch/ia64/mm/fault.c | 32 +-
4511 arch/ia64/mm/init.c | 15 +-
4512 arch/m32r/lib/usercopy.c | 6 +
4513 arch/metag/include/asm/barrier.h | 2 +-
4514 arch/mips/cavium-octeon/dma-octeon.c | 2 +-
4515 arch/mips/include/asm/atomic.h | 355 +-
4516 arch/mips/include/asm/barrier.h | 2 +-
4517 arch/mips/include/asm/elf.h | 7 +
4518 arch/mips/include/asm/exec.h | 2 +-
4519 arch/mips/include/asm/hw_irq.h | 2 +-
4520 arch/mips/include/asm/local.h | 57 +
4521 arch/mips/include/asm/page.h | 2 +-
4522 arch/mips/include/asm/pgalloc.h | 5 +
4523 arch/mips/include/asm/pgtable.h | 3 +
4524 arch/mips/include/asm/uaccess.h | 1 +
4525 arch/mips/kernel/binfmt_elfn32.c | 7 +
4526 arch/mips/kernel/binfmt_elfo32.c | 7 +
4527 arch/mips/kernel/i8259.c | 2 +-
4528 arch/mips/kernel/irq-gt641xx.c | 2 +-
4529 arch/mips/kernel/irq.c | 6 +-
4530 arch/mips/kernel/pm-cps.c | 2 +-
4531 arch/mips/kernel/process.c | 12 -
4532 arch/mips/kernel/sync-r4k.c | 24 +-
4533 arch/mips/kernel/traps.c | 13 +-
4534 arch/mips/kvm/mips.c | 2 +-
4535 arch/mips/mm/fault.c | 25 +
4536 arch/mips/mm/mmap.c | 51 +-
4537 arch/mips/sgi-ip27/ip27-nmi.c | 6 +-
4538 arch/mips/sni/rm200.c | 2 +-
4539 arch/mips/vr41xx/common/icu.c | 2 +-
4540 arch/mips/vr41xx/common/irq.c | 4 +-
4541 arch/parisc/include/asm/atomic.h | 10 +
4542 arch/parisc/include/asm/elf.h | 7 +
4543 arch/parisc/include/asm/pgalloc.h | 6 +
4544 arch/parisc/include/asm/pgtable.h | 11 +
4545 arch/parisc/include/asm/uaccess.h | 4 +-
4546 arch/parisc/kernel/module.c | 50 +-
4547 arch/parisc/kernel/sys_parisc.c | 15 +
4548 arch/parisc/kernel/traps.c | 4 +-
4549 arch/parisc/mm/fault.c | 140 +-
4550 arch/powerpc/include/asm/atomic.h | 329 +-
4551 arch/powerpc/include/asm/barrier.h | 2 +-
4552 arch/powerpc/include/asm/elf.h | 12 +
4553 arch/powerpc/include/asm/exec.h | 2 +-
4554 arch/powerpc/include/asm/kmap_types.h | 2 +-
4555 arch/powerpc/include/asm/local.h | 46 +
4556 arch/powerpc/include/asm/mman.h | 2 +-
4557 arch/powerpc/include/asm/page.h | 8 +-
4558 arch/powerpc/include/asm/page_64.h | 7 +-
4559 arch/powerpc/include/asm/pgalloc-64.h | 7 +
4560 arch/powerpc/include/asm/pgtable.h | 1 +
4561 arch/powerpc/include/asm/pte-hash32.h | 1 +
4562 arch/powerpc/include/asm/reg.h | 1 +
4563 arch/powerpc/include/asm/smp.h | 2 +-
4564 arch/powerpc/include/asm/spinlock.h | 42 +-
4565 arch/powerpc/include/asm/uaccess.h | 141 +-
4566 arch/powerpc/kernel/Makefile | 5 +
4567 arch/powerpc/kernel/exceptions-64e.S | 4 +-
4568 arch/powerpc/kernel/exceptions-64s.S | 2 +-
4569 arch/powerpc/kernel/module_32.c | 15 +-
4570 arch/powerpc/kernel/process.c | 46 -
4571 arch/powerpc/kernel/signal_32.c | 2 +-
4572 arch/powerpc/kernel/signal_64.c | 2 +-
4573 arch/powerpc/kernel/traps.c | 21 +
4574 arch/powerpc/kernel/vdso.c | 5 +-
4575 arch/powerpc/kvm/powerpc.c | 2 +-
4576 arch/powerpc/lib/usercopy_64.c | 18 -
4577 arch/powerpc/mm/fault.c | 56 +-
4578 arch/powerpc/mm/mmap.c | 16 +
4579 arch/powerpc/mm/slice.c | 13 +-
4580 arch/powerpc/platforms/cell/spufs/file.c | 4 +-
4581 arch/s390/include/asm/atomic.h | 10 +
4582 arch/s390/include/asm/barrier.h | 2 +-
4583 arch/s390/include/asm/elf.h | 7 +
4584 arch/s390/include/asm/exec.h | 2 +-
4585 arch/s390/include/asm/uaccess.h | 13 +-
4586 arch/s390/kernel/module.c | 22 +-
4587 arch/s390/kernel/process.c | 24 -
4588 arch/s390/mm/mmap.c | 16 +
4589 arch/score/include/asm/exec.h | 2 +-
4590 arch/score/kernel/process.c | 5 -
4591 arch/sh/mm/mmap.c | 22 +-
4592 arch/sparc/include/asm/atomic_64.h | 110 +-
4593 arch/sparc/include/asm/barrier_64.h | 2 +-
4594 arch/sparc/include/asm/cache.h | 2 +-
4595 arch/sparc/include/asm/elf_32.h | 7 +
4596 arch/sparc/include/asm/elf_64.h | 7 +
4597 arch/sparc/include/asm/pgalloc_32.h | 1 +
4598 arch/sparc/include/asm/pgalloc_64.h | 1 +
4599 arch/sparc/include/asm/pgtable.h | 4 +
4600 arch/sparc/include/asm/pgtable_32.h | 15 +-
4601 arch/sparc/include/asm/pgtsrmmu.h | 5 +
4602 arch/sparc/include/asm/setup.h | 4 +-
4603 arch/sparc/include/asm/spinlock_64.h | 35 +-
4604 arch/sparc/include/asm/thread_info_32.h | 1 +
4605 arch/sparc/include/asm/thread_info_64.h | 2 +
4606 arch/sparc/include/asm/uaccess.h | 1 +
4607 arch/sparc/include/asm/uaccess_32.h | 28 +-
4608 arch/sparc/include/asm/uaccess_64.h | 24 +-
4609 arch/sparc/kernel/Makefile | 2 +-
4610 arch/sparc/kernel/prom_common.c | 2 +-
4611 arch/sparc/kernel/smp_64.c | 8 +-
4612 arch/sparc/kernel/sys_sparc_32.c | 2 +-
4613 arch/sparc/kernel/sys_sparc_64.c | 52 +-
4614 arch/sparc/kernel/traps_64.c | 27 +-
4615 arch/sparc/lib/Makefile | 2 +-
4616 arch/sparc/lib/atomic_64.S | 57 +-
4617 arch/sparc/lib/ksyms.c | 6 +-
4618 arch/sparc/mm/Makefile | 2 +-
4619 arch/sparc/mm/fault_32.c | 292 +
4620 arch/sparc/mm/fault_64.c | 486 +
4621 arch/sparc/mm/hugetlbpage.c | 22 +-
4622 arch/sparc/mm/init_64.c | 10 +-
4623 arch/tile/include/asm/atomic_64.h | 10 +
4624 arch/tile/include/asm/uaccess.h | 4 +-
4625 arch/um/Makefile | 4 +
4626 arch/um/include/asm/kmap_types.h | 2 +-
4627 arch/um/include/asm/page.h | 3 +
4628 arch/um/include/asm/pgtable-3level.h | 1 +
4629 arch/um/kernel/process.c | 16 -
4630 arch/x86/Kconfig | 15 +-
4631 arch/x86/Kconfig.cpu | 6 +-
4632 arch/x86/Kconfig.debug | 4 +-
4633 arch/x86/Makefile | 13 +-
4634 arch/x86/boot/Makefile | 3 +
4635 arch/x86/boot/bitops.h | 4 +-
4636 arch/x86/boot/boot.h | 2 +-
4637 arch/x86/boot/compressed/Makefile | 3 +
4638 arch/x86/boot/compressed/efi_stub_32.S | 16 +-
4639 arch/x86/boot/compressed/efi_thunk_64.S | 4 +-
4640 arch/x86/boot/compressed/head_32.S | 4 +-
4641 arch/x86/boot/compressed/head_64.S | 12 +-
4642 arch/x86/boot/compressed/misc.c | 11 +-
4643 arch/x86/boot/cpucheck.c | 16 +-
4644 arch/x86/boot/header.S | 6 +-
4645 arch/x86/boot/memory.c | 2 +-
4646 arch/x86/boot/video-vesa.c | 1 +
4647 arch/x86/boot/video.c | 2 +-
4648 arch/x86/crypto/aes-x86_64-asm_64.S | 4 +
4649 arch/x86/crypto/aesni-intel_asm.S | 106 +-
4650 arch/x86/crypto/blowfish-x86_64-asm_64.S | 7 +
4651 arch/x86/crypto/camellia-aesni-avx-asm_64.S | 10 +
4652 arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 10 +
4653 arch/x86/crypto/camellia-x86_64-asm_64.S | 7 +
4654 arch/x86/crypto/cast5-avx-x86_64-asm_64.S | 51 +-
4655 arch/x86/crypto/cast6-avx-x86_64-asm_64.S | 25 +-
4656 arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 4 +-
4657 arch/x86/crypto/ghash-clmulni-intel_asm.S | 4 +
4658 arch/x86/crypto/salsa20-x86_64-asm_64.S | 4 +
4659 arch/x86/crypto/serpent-avx-x86_64-asm_64.S | 9 +
4660 arch/x86/crypto/serpent-avx2-asm_64.S | 9 +
4661 arch/x86/crypto/serpent-sse2-x86_64-asm_64.S | 4 +
4662 arch/x86/crypto/sha1_ssse3_asm.S | 10 +-
4663 arch/x86/crypto/sha256-avx-asm.S | 2 +
4664 arch/x86/crypto/sha256-avx2-asm.S | 2 +
4665 arch/x86/crypto/sha256-ssse3-asm.S | 2 +
4666 arch/x86/crypto/sha512-avx-asm.S | 2 +
4667 arch/x86/crypto/sha512-avx2-asm.S | 2 +
4668 arch/x86/crypto/sha512-ssse3-asm.S | 2 +
4669 arch/x86/crypto/twofish-avx-x86_64-asm_64.S | 25 +-
4670 arch/x86/crypto/twofish-x86_64-asm_64-3way.S | 4 +
4671 arch/x86/crypto/twofish-x86_64-asm_64.S | 3 +
4672 arch/x86/entry/calling.h | 92 +-
4673 arch/x86/entry/entry_32.S | 360 +-
4674 arch/x86/entry/entry_64.S | 636 +-
4675 arch/x86/entry/entry_64_compat.S | 159 +-
4676 arch/x86/entry/thunk_64.S | 2 +
4677 arch/x86/entry/vdso/Makefile | 2 +-
4678 arch/x86/entry/vdso/vdso2c.h | 4 +-
4679 arch/x86/entry/vdso/vma.c | 41 +-
4680 arch/x86/entry/vsyscall/vsyscall_64.c | 16 +-
4681 arch/x86/ia32/ia32_signal.c | 23 +-
4682 arch/x86/ia32/sys_ia32.c | 42 +-
4683 arch/x86/include/asm/alternative-asm.h | 43 +-
4684 arch/x86/include/asm/alternative.h | 4 +-
4685 arch/x86/include/asm/apic.h | 2 +-
4686 arch/x86/include/asm/apm.h | 4 +-
4687 arch/x86/include/asm/atomic.h | 269 +-
4688 arch/x86/include/asm/atomic64_32.h | 100 +
4689 arch/x86/include/asm/atomic64_64.h | 164 +-
4690 arch/x86/include/asm/barrier.h | 4 +-
4691 arch/x86/include/asm/bitops.h | 18 +-
4692 arch/x86/include/asm/boot.h | 2 +-
4693 arch/x86/include/asm/cache.h | 5 +-
4694 arch/x86/include/asm/checksum_32.h | 12 +-
4695 arch/x86/include/asm/cmpxchg.h | 39 +
4696 arch/x86/include/asm/compat.h | 2 +-
4697 arch/x86/include/asm/cpufeature.h | 17 +-
4698 arch/x86/include/asm/desc.h | 78 +-
4699 arch/x86/include/asm/desc_defs.h | 6 +
4700 arch/x86/include/asm/div64.h | 2 +-
4701 arch/x86/include/asm/elf.h | 33 +-
4702 arch/x86/include/asm/emergency-restart.h | 2 +-
4703 arch/x86/include/asm/fpu/internal.h | 36 +-
4704 arch/x86/include/asm/fpu/types.h | 5 +-
4705 arch/x86/include/asm/futex.h | 14 +-
4706 arch/x86/include/asm/hw_irq.h | 4 +-
4707 arch/x86/include/asm/i8259.h | 2 +-
4708 arch/x86/include/asm/io.h | 22 +-
4709 arch/x86/include/asm/irqflags.h | 5 +
4710 arch/x86/include/asm/kprobes.h | 9 +-
4711 arch/x86/include/asm/local.h | 106 +-
4712 arch/x86/include/asm/mman.h | 15 +
4713 arch/x86/include/asm/mmu.h | 14 +-
4714 arch/x86/include/asm/mmu_context.h | 138 +-
4715 arch/x86/include/asm/module.h | 17 +-
4716 arch/x86/include/asm/nmi.h | 19 +-
4717 arch/x86/include/asm/page.h | 1 +
4718 arch/x86/include/asm/page_32.h | 12 +-
4719 arch/x86/include/asm/page_64.h | 14 +-
4720 arch/x86/include/asm/paravirt.h | 46 +-
4721 arch/x86/include/asm/paravirt_types.h | 15 +-
4722 arch/x86/include/asm/pgalloc.h | 23 +
4723 arch/x86/include/asm/pgtable-2level.h | 2 +
4724 arch/x86/include/asm/pgtable-3level.h | 4 +
4725 arch/x86/include/asm/pgtable.h | 128 +-
4726 arch/x86/include/asm/pgtable_32.h | 14 +-
4727 arch/x86/include/asm/pgtable_32_types.h | 24 +-
4728 arch/x86/include/asm/pgtable_64.h | 22 +-
4729 arch/x86/include/asm/pgtable_64_types.h | 5 +
4730 arch/x86/include/asm/pgtable_types.h | 26 +-
4731 arch/x86/include/asm/preempt.h | 2 +-
4732 arch/x86/include/asm/processor.h | 59 +-
4733 arch/x86/include/asm/ptrace.h | 21 +-
4734 arch/x86/include/asm/qrwlock.h | 4 +-
4735 arch/x86/include/asm/realmode.h | 4 +-
4736 arch/x86/include/asm/reboot.h | 10 +-
4737 arch/x86/include/asm/rmwcc.h | 84 +-
4738 arch/x86/include/asm/rwsem.h | 60 +-
4739 arch/x86/include/asm/segment.h | 27 +-
4740 arch/x86/include/asm/smap.h | 43 +
4741 arch/x86/include/asm/smp.h | 14 +-
4742 arch/x86/include/asm/stackprotector.h | 4 +-
4743 arch/x86/include/asm/stacktrace.h | 32 +-
4744 arch/x86/include/asm/switch_to.h | 4 +-
4745 arch/x86/include/asm/sys_ia32.h | 6 +-
4746 arch/x86/include/asm/thread_info.h | 27 +-
4747 arch/x86/include/asm/tlbflush.h | 77 +-
4748 arch/x86/include/asm/uaccess.h | 192 +-
4749 arch/x86/include/asm/uaccess_32.h | 28 +-
4750 arch/x86/include/asm/uaccess_64.h | 169 +-
4751 arch/x86/include/asm/word-at-a-time.h | 2 +-
4752 arch/x86/include/asm/x86_init.h | 10 +-
4753 arch/x86/include/asm/xen/page.h | 2 +-
4754 arch/x86/include/uapi/asm/e820.h | 2 +-
4755 arch/x86/kernel/Makefile | 2 +-
4756 arch/x86/kernel/acpi/boot.c | 4 +-
4757 arch/x86/kernel/acpi/sleep.c | 4 +
4758 arch/x86/kernel/acpi/wakeup_32.S | 6 +-
4759 arch/x86/kernel/alternative.c | 124 +-
4760 arch/x86/kernel/apic/apic.c | 4 +-
4761 arch/x86/kernel/apic/apic_flat_64.c | 4 +-
4762 arch/x86/kernel/apic/apic_noop.c | 2 +-
4763 arch/x86/kernel/apic/bigsmp_32.c | 2 +-
4764 arch/x86/kernel/apic/io_apic.c | 8 +-
4765 arch/x86/kernel/apic/msi.c | 2 +-
4766 arch/x86/kernel/apic/probe_32.c | 2 +-
4767 arch/x86/kernel/apic/vector.c | 4 +-
4768 arch/x86/kernel/apic/x2apic_cluster.c | 4 +-
4769 arch/x86/kernel/apic/x2apic_phys.c | 2 +-
4770 arch/x86/kernel/apic/x2apic_uv_x.c | 2 +-
4771 arch/x86/kernel/apm_32.c | 21 +-
4772 arch/x86/kernel/asm-offsets.c | 20 +
4773 arch/x86/kernel/asm-offsets_64.c | 1 +
4774 arch/x86/kernel/cpu/Makefile | 4 -
4775 arch/x86/kernel/cpu/amd.c | 2 +-
4776 arch/x86/kernel/cpu/common.c | 202 +-
4777 arch/x86/kernel/cpu/intel_cacheinfo.c | 14 +-
4778 arch/x86/kernel/cpu/mcheck/mce.c | 31 +-
4779 arch/x86/kernel/cpu/mcheck/p5.c | 3 +
4780 arch/x86/kernel/cpu/mcheck/winchip.c | 3 +
4781 arch/x86/kernel/cpu/microcode/core.c | 2 +-
4782 arch/x86/kernel/cpu/microcode/intel.c | 4 +-
4783 arch/x86/kernel/cpu/mtrr/main.c | 2 +-
4784 arch/x86/kernel/cpu/mtrr/mtrr.h | 2 +-
4785 arch/x86/kernel/cpu/perf_event.c | 10 +-
4786 arch/x86/kernel/cpu/perf_event_amd_iommu.c | 2 +-
4787 arch/x86/kernel/cpu/perf_event_intel.c | 6 +-
4788 arch/x86/kernel/cpu/perf_event_intel_bts.c | 6 +-
4789 arch/x86/kernel/cpu/perf_event_intel_cqm.c | 4 +-
4790 arch/x86/kernel/cpu/perf_event_intel_pt.c | 44 +-
4791 arch/x86/kernel/cpu/perf_event_intel_rapl.c | 2 +-
4792 arch/x86/kernel/cpu/perf_event_intel_uncore.c | 2 +-
4793 arch/x86/kernel/cpu/perf_event_intel_uncore.h | 2 +-
4794 arch/x86/kernel/cpuid.c | 2 +-
4795 arch/x86/kernel/crash_dump_64.c | 2 +-
4796 arch/x86/kernel/doublefault.c | 8 +-
4797 arch/x86/kernel/dumpstack.c | 24 +-
4798 arch/x86/kernel/dumpstack_32.c | 25 +-
4799 arch/x86/kernel/dumpstack_64.c | 62 +-
4800 arch/x86/kernel/e820.c | 4 +-
4801 arch/x86/kernel/early_printk.c | 1 +
4802 arch/x86/kernel/espfix_64.c | 13 +-
4803 arch/x86/kernel/fpu/core.c | 22 +-
4804 arch/x86/kernel/fpu/init.c | 8 +-
4805 arch/x86/kernel/fpu/regset.c | 22 +-
4806 arch/x86/kernel/fpu/signal.c | 20 +-
4807 arch/x86/kernel/fpu/xstate.c | 8 +-
4808 arch/x86/kernel/ftrace.c | 18 +-
4809 arch/x86/kernel/head64.c | 14 +-
4810 arch/x86/kernel/head_32.S | 235 +-
4811 arch/x86/kernel/head_64.S | 149 +-
4812 arch/x86/kernel/i386_ksyms_32.c | 12 +
4813 arch/x86/kernel/i8259.c | 10 +-
4814 arch/x86/kernel/io_delay.c | 2 +-
4815 arch/x86/kernel/ioport.c | 2 +-
4816 arch/x86/kernel/irq.c | 8 +-
4817 arch/x86/kernel/irq_32.c | 45 +-
4818 arch/x86/kernel/jump_label.c | 10 +-
4819 arch/x86/kernel/kgdb.c | 21 +-
4820 arch/x86/kernel/kprobes/core.c | 28 +-
4821 arch/x86/kernel/kprobes/opt.c | 16 +-
4822 arch/x86/kernel/ksysfs.c | 2 +-
4823 arch/x86/kernel/ldt.c | 25 +
4824 arch/x86/kernel/livepatch.c | 12 +-
4825 arch/x86/kernel/machine_kexec_32.c | 6 +-
4826 arch/x86/kernel/mcount_64.S | 19 +-
4827 arch/x86/kernel/module.c | 78 +-
4828 arch/x86/kernel/msr.c | 2 +-
4829 arch/x86/kernel/nmi.c | 34 +-
4830 arch/x86/kernel/nmi_selftest.c | 4 +-
4831 arch/x86/kernel/paravirt-spinlocks.c | 2 +-
4832 arch/x86/kernel/paravirt.c | 45 +-
4833 arch/x86/kernel/paravirt_patch_64.c | 8 +
4834 arch/x86/kernel/pci-calgary_64.c | 2 +-
4835 arch/x86/kernel/pci-iommu_table.c | 2 +-
4836 arch/x86/kernel/pci-swiotlb.c | 2 +-
4837 arch/x86/kernel/process.c | 71 +-
4838 arch/x86/kernel/process_32.c | 30 +-
4839 arch/x86/kernel/process_64.c | 19 +-
4840 arch/x86/kernel/ptrace.c | 20 +-
4841 arch/x86/kernel/pvclock.c | 8 +-
4842 arch/x86/kernel/reboot.c | 44 +-
4843 arch/x86/kernel/reboot_fixups_32.c | 2 +-
4844 arch/x86/kernel/relocate_kernel_64.S | 3 +-
4845 arch/x86/kernel/setup.c | 29 +-
4846 arch/x86/kernel/setup_percpu.c | 29 +-
4847 arch/x86/kernel/signal.c | 17 +-
4848 arch/x86/kernel/smp.c | 2 +-
4849 arch/x86/kernel/smpboot.c | 29 +-
4850 arch/x86/kernel/step.c | 6 +-
4851 arch/x86/kernel/sys_i386_32.c | 184 +
4852 arch/x86/kernel/sys_x86_64.c | 22 +-
4853 arch/x86/kernel/tboot.c | 14 +-
4854 arch/x86/kernel/time.c | 8 +-
4855 arch/x86/kernel/tls.c | 7 +-
4856 arch/x86/kernel/tracepoint.c | 4 +-
4857 arch/x86/kernel/traps.c | 53 +-
4858 arch/x86/kernel/tsc.c | 2 +-
4859 arch/x86/kernel/uprobes.c | 2 +-
4860 arch/x86/kernel/vm86_32.c | 6 +-
4861 arch/x86/kernel/vmlinux.lds.S | 147 +-
4862 arch/x86/kernel/x8664_ksyms_64.c | 6 +-
4863 arch/x86/kernel/x86_init.c | 6 +-
4864 arch/x86/kvm/cpuid.c | 21 +-
4865 arch/x86/kvm/emulate.c | 2 +-
4866 arch/x86/kvm/lapic.c | 2 +-
4867 arch/x86/kvm/paging_tmpl.h | 2 +-
4868 arch/x86/kvm/svm.c | 8 +
4869 arch/x86/kvm/vmx.c | 82 +-
4870 arch/x86/kvm/x86.c | 44 +-
4871 arch/x86/lguest/boot.c | 3 +-
4872 arch/x86/lib/atomic64_386_32.S | 164 +
4873 arch/x86/lib/atomic64_cx8_32.S | 98 +-
4874 arch/x86/lib/checksum_32.S | 97 +-
4875 arch/x86/lib/clear_page_64.S | 3 +
4876 arch/x86/lib/cmpxchg16b_emu.S | 3 +
4877 arch/x86/lib/copy_page_64.S | 14 +-
4878 arch/x86/lib/copy_user_64.S | 66 +-
4879 arch/x86/lib/csum-copy_64.S | 14 +-
4880 arch/x86/lib/csum-wrappers_64.c | 8 +-
4881 arch/x86/lib/getuser.S | 74 +-
4882 arch/x86/lib/insn.c | 8 +-
4883 arch/x86/lib/iomap_copy_64.S | 2 +
4884 arch/x86/lib/memcpy_64.S | 6 +
4885 arch/x86/lib/memmove_64.S | 3 +-
4886 arch/x86/lib/memset_64.S | 3 +
4887 arch/x86/lib/mmx_32.c | 243 +-
4888 arch/x86/lib/msr-reg.S | 2 +
4889 arch/x86/lib/putuser.S | 87 +-
4890 arch/x86/lib/rwsem.S | 6 +-
4891 arch/x86/lib/usercopy_32.c | 359 +-
4892 arch/x86/lib/usercopy_64.c | 20 +-
4893 arch/x86/math-emu/fpu_aux.c | 2 +-
4894 arch/x86/math-emu/fpu_entry.c | 4 +-
4895 arch/x86/math-emu/fpu_system.h | 2 +-
4896 arch/x86/mm/Makefile | 4 +
4897 arch/x86/mm/extable.c | 26 +-
4898 arch/x86/mm/fault.c | 570 +-
4899 arch/x86/mm/gup.c | 6 +-
4900 arch/x86/mm/highmem_32.c | 4 +
4901 arch/x86/mm/hugetlbpage.c | 24 +-
4902 arch/x86/mm/init.c | 101 +-
4903 arch/x86/mm/init_32.c | 111 +-
4904 arch/x86/mm/init_64.c | 46 +-
4905 arch/x86/mm/iomap_32.c | 4 +
4906 arch/x86/mm/ioremap.c | 44 +-
4907 arch/x86/mm/kmemcheck/kmemcheck.c | 4 +-
4908 arch/x86/mm/mmap.c | 40 +-
4909 arch/x86/mm/mmio-mod.c | 10 +-
4910 arch/x86/mm/numa.c | 2 +-
4911 arch/x86/mm/pageattr.c | 33 +-
4912 arch/x86/mm/pat.c | 12 +-
4913 arch/x86/mm/pat_rbtree.c | 2 +-
4914 arch/x86/mm/pf_in.c | 10 +-
4915 arch/x86/mm/pgtable.c | 162 +-
4916 arch/x86/mm/pgtable_32.c | 3 +
4917 arch/x86/mm/setup_nx.c | 7 +
4918 arch/x86/mm/tlb.c | 4 +
4919 arch/x86/mm/uderef_64.c | 37 +
4920 arch/x86/net/bpf_jit.S | 11 +
4921 arch/x86/net/bpf_jit_comp.c | 13 +-
4922 arch/x86/oprofile/backtrace.c | 6 +-
4923 arch/x86/oprofile/nmi_int.c | 8 +-
4924 arch/x86/oprofile/op_model_amd.c | 8 +-
4925 arch/x86/oprofile/op_model_ppro.c | 7 +-
4926 arch/x86/oprofile/op_x86_model.h | 2 +-
4927 arch/x86/pci/intel_mid_pci.c | 2 +-
4928 arch/x86/pci/irq.c | 8 +-
4929 arch/x86/pci/pcbios.c | 144 +-
4930 arch/x86/platform/efi/efi_32.c | 24 +
4931 arch/x86/platform/efi/efi_64.c | 26 +-
4932 arch/x86/platform/efi/efi_stub_32.S | 64 +-
4933 arch/x86/platform/efi/efi_stub_64.S | 2 +
4934 arch/x86/platform/intel-mid/intel-mid.c | 5 +-
4935 arch/x86/platform/intel-mid/intel_mid_weak_decls.h | 6 +-
4936 arch/x86/platform/intel-mid/mfld.c | 4 +-
4937 arch/x86/platform/intel-mid/mrfl.c | 2 +-
4938 arch/x86/platform/intel-quark/imr_selftest.c | 2 +-
4939 arch/x86/platform/olpc/olpc_dt.c | 2 +-
4940 arch/x86/power/cpu.c | 11 +-
4941 arch/x86/realmode/init.c | 10 +-
4942 arch/x86/realmode/rm/Makefile | 3 +
4943 arch/x86/realmode/rm/header.S | 4 +-
4944 arch/x86/realmode/rm/reboot.S | 4 +
4945 arch/x86/realmode/rm/trampoline_32.S | 12 +-
4946 arch/x86/realmode/rm/trampoline_64.S | 3 +-
4947 arch/x86/realmode/rm/wakeup_asm.S | 5 +-
4948 arch/x86/tools/Makefile | 2 +-
4949 arch/x86/tools/relocs.c | 96 +-
4950 arch/x86/um/mem_32.c | 2 +-
4951 arch/x86/um/tls_32.c | 2 +-
4952 arch/x86/xen/enlighten.c | 50 +-
4953 arch/x86/xen/mmu.c | 17 +-
4954 arch/x86/xen/smp.c | 16 +-
4955 arch/x86/xen/xen-asm_32.S | 2 +-
4956 arch/x86/xen/xen-head.S | 11 +
4957 arch/x86/xen/xen-ops.h | 2 -
4959 block/blk-iopoll.c | 2 +-
4960 block/blk-map.c | 2 +-
4961 block/blk-softirq.c | 2 +-
4963 block/compat_ioctl.c | 4 +-
4964 block/genhd.c | 9 +-
4965 block/partitions/efi.c | 8 +-
4966 block/scsi_ioctl.c | 29 +-
4967 crypto/cryptd.c | 4 +-
4968 crypto/pcrypt.c | 2 +-
4969 crypto/zlib.c | 4 +-
4970 drivers/acpi/acpi_video.c | 2 +-
4971 drivers/acpi/apei/apei-internal.h | 2 +-
4972 drivers/acpi/apei/ghes.c | 4 +-
4973 drivers/acpi/bgrt.c | 6 +-
4974 drivers/acpi/blacklist.c | 4 +-
4975 drivers/acpi/bus.c | 4 +-
4976 drivers/acpi/device_pm.c | 4 +-
4977 drivers/acpi/ec.c | 2 +-
4978 drivers/acpi/pci_slot.c | 2 +-
4979 drivers/acpi/processor_driver.c | 2 +-
4980 drivers/acpi/processor_idle.c | 2 +-
4981 drivers/acpi/processor_pdc.c | 2 +-
4982 drivers/acpi/sleep.c | 2 +-
4983 drivers/acpi/sysfs.c | 4 +-
4984 drivers/acpi/thermal.c | 2 +-
4985 drivers/acpi/video_detect.c | 7 +-
4986 drivers/ata/libahci.c | 2 +-
4987 drivers/ata/libata-core.c | 12 +-
4988 drivers/ata/libata-scsi.c | 2 +-
4989 drivers/ata/libata.h | 2 +-
4990 drivers/ata/pata_arasan_cf.c | 4 +-
4991 drivers/atm/adummy.c | 2 +-
4992 drivers/atm/ambassador.c | 8 +-
4993 drivers/atm/atmtcp.c | 14 +-
4994 drivers/atm/eni.c | 10 +-
4995 drivers/atm/firestream.c | 8 +-
4996 drivers/atm/fore200e.c | 14 +-
4997 drivers/atm/he.c | 18 +-
4998 drivers/atm/horizon.c | 4 +-
4999 drivers/atm/idt77252.c | 36 +-
5000 drivers/atm/iphase.c | 34 +-
5001 drivers/atm/lanai.c | 12 +-
5002 drivers/atm/nicstar.c | 46 +-
5003 drivers/atm/solos-pci.c | 4 +-
5004 drivers/atm/suni.c | 4 +-
5005 drivers/atm/uPD98402.c | 16 +-
5006 drivers/atm/zatm.c | 6 +-
5007 drivers/base/bus.c | 4 +-
5008 drivers/base/devtmpfs.c | 8 +-
5009 drivers/base/node.c | 2 +-
5010 drivers/base/power/domain.c | 11 +-
5011 drivers/base/power/sysfs.c | 2 +-
5012 drivers/base/power/wakeup.c | 8 +-
5013 drivers/base/syscore.c | 4 +-
5014 drivers/block/cciss.c | 28 +-
5015 drivers/block/cciss.h | 2 +-
5016 drivers/block/cpqarray.c | 28 +-
5017 drivers/block/cpqarray.h | 2 +-
5018 drivers/block/drbd/drbd_bitmap.c | 2 +-
5019 drivers/block/drbd/drbd_int.h | 8 +-
5020 drivers/block/drbd/drbd_main.c | 12 +-
5021 drivers/block/drbd/drbd_nl.c | 4 +-
5022 drivers/block/drbd/drbd_receiver.c | 34 +-
5023 drivers/block/drbd/drbd_worker.c | 8 +-
5024 drivers/block/pktcdvd.c | 4 +-
5025 drivers/block/rbd.c | 2 +-
5026 drivers/bluetooth/btwilink.c | 2 +-
5027 drivers/cdrom/cdrom.c | 11 +-
5028 drivers/cdrom/gdrom.c | 1 -
5029 drivers/char/agp/compat_ioctl.c | 2 +-
5030 drivers/char/agp/frontend.c | 4 +-
5031 drivers/char/agp/intel-gtt.c | 4 +-
5032 drivers/char/hpet.c | 2 +-
5033 drivers/char/ipmi/ipmi_msghandler.c | 8 +-
5034 drivers/char/ipmi/ipmi_si_intf.c | 8 +-
5035 drivers/char/mem.c | 47 +-
5036 drivers/char/nvram.c | 2 +-
5037 drivers/char/pcmcia/synclink_cs.c | 16 +-
5038 drivers/char/random.c | 12 +-
5039 drivers/char/sonypi.c | 11 +-
5040 drivers/char/tpm/tpm_acpi.c | 3 +-
5041 drivers/char/tpm/tpm_eventlog.c | 7 +-
5042 drivers/char/virtio_console.c | 4 +-
5043 drivers/clk/clk-composite.c | 2 +-
5044 drivers/clk/samsung/clk.h | 2 +-
5045 drivers/clk/socfpga/clk-gate.c | 9 +-
5046 drivers/clk/socfpga/clk-pll.c | 9 +-
5047 drivers/cpufreq/acpi-cpufreq.c | 17 +-
5048 drivers/cpufreq/cpufreq-dt.c | 4 +-
5049 drivers/cpufreq/cpufreq.c | 26 +-
5050 drivers/cpufreq/cpufreq_governor.c | 2 +-
5051 drivers/cpufreq/cpufreq_governor.h | 4 +-
5052 drivers/cpufreq/cpufreq_ondemand.c | 10 +-
5053 drivers/cpufreq/intel_pstate.c | 33 +-
5054 drivers/cpufreq/p4-clockmod.c | 12 +-
5055 drivers/cpufreq/sparc-us3-cpufreq.c | 67 +-
5056 drivers/cpufreq/speedstep-centrino.c | 7 +-
5057 drivers/cpuidle/driver.c | 2 +-
5058 drivers/cpuidle/dt_idle_states.c | 2 +-
5059 drivers/cpuidle/governor.c | 2 +-
5060 drivers/cpuidle/sysfs.c | 2 +-
5061 drivers/crypto/hifn_795x.c | 4 +-
5062 drivers/devfreq/devfreq.c | 4 +-
5063 drivers/dma/sh/shdma-base.c | 4 +-
5064 drivers/dma/sh/shdmac.c | 2 +-
5065 drivers/edac/edac_device.c | 4 +-
5066 drivers/edac/edac_mc_sysfs.c | 2 +-
5067 drivers/edac/edac_pci.c | 4 +-
5068 drivers/edac/edac_pci_sysfs.c | 22 +-
5069 drivers/edac/mce_amd.h | 2 +-
5070 drivers/firewire/core-card.c | 6 +-
5071 drivers/firewire/core-device.c | 2 +-
5072 drivers/firewire/core-transaction.c | 1 +
5073 drivers/firewire/core.h | 1 +
5074 drivers/firmware/dmi-id.c | 2 +-
5075 drivers/firmware/dmi_scan.c | 12 +-
5076 drivers/firmware/efi/cper.c | 8 +-
5077 drivers/firmware/efi/efi.c | 12 +-
5078 drivers/firmware/efi/efivars.c | 2 +-
5079 drivers/firmware/efi/runtime-map.c | 2 +-
5080 drivers/firmware/google/gsmi.c | 2 +-
5081 drivers/firmware/google/memconsole.c | 7 +-
5082 drivers/firmware/memmap.c | 2 +-
5083 drivers/gpio/gpio-davinci.c | 6 +-
5084 drivers/gpio/gpio-em.c | 2 +-
5085 drivers/gpio/gpio-ich.c | 2 +-
5086 drivers/gpio/gpio-omap.c | 4 +-
5087 drivers/gpio/gpio-rcar.c | 2 +-
5088 drivers/gpio/gpio-vr41xx.c | 2 +-
5089 drivers/gpio/gpiolib.c | 13 +-
5090 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +-
5091 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 2 +-
5092 drivers/gpu/drm/amd/amdkfd/kfd_device.c | 6 +-
5093 .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 90 +-
5094 .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.h | 8 +-
5095 .../drm/amd/amdkfd/kfd_device_queue_manager_cik.c | 14 +-
5096 .../drm/amd/amdkfd/kfd_device_queue_manager_vi.c | 14 +-
5097 drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c | 4 +-
5098 drivers/gpu/drm/amd/amdkfd/kfd_kernel_queue.c | 2 +-
5099 drivers/gpu/drm/amd/amdkfd/kfd_kernel_queue.h | 2 +-
5100 .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 16 +-
5101 drivers/gpu/drm/drm_crtc.c | 2 +-
5102 drivers/gpu/drm/drm_drv.c | 2 +-
5103 drivers/gpu/drm/drm_fops.c | 12 +-
5104 drivers/gpu/drm/drm_global.c | 14 +-
5105 drivers/gpu/drm/drm_info.c | 13 +-
5106 drivers/gpu/drm/drm_ioc32.c | 13 +-
5107 drivers/gpu/drm/drm_ioctl.c | 2 +-
5108 drivers/gpu/drm/gma500/mdfld_dsi_dpi.c | 10 +-
5109 drivers/gpu/drm/i810/i810_drv.h | 4 +-
5110 drivers/gpu/drm/i915/i915_debugfs.c | 2 +-
5111 drivers/gpu/drm/i915/i915_dma.c | 2 +-
5112 drivers/gpu/drm/i915/i915_gem_execbuffer.c | 4 +-
5113 drivers/gpu/drm/i915/i915_gem_gtt.c | 32 +-
5114 drivers/gpu/drm/i915/i915_gem_gtt.h | 16 +-
5115 drivers/gpu/drm/i915/i915_gem_stolen.c | 2 +-
5116 drivers/gpu/drm/i915/i915_ioc32.c | 16 +-
5117 drivers/gpu/drm/i915/intel_display.c | 26 +-
5118 drivers/gpu/drm/imx/imx-drm-core.c | 2 +-
5119 drivers/gpu/drm/mga/mga_drv.h | 4 +-
5120 drivers/gpu/drm/mga/mga_ioc32.c | 10 +-
5121 drivers/gpu/drm/mga/mga_irq.c | 8 +-
5122 drivers/gpu/drm/nouveau/nouveau_bios.c | 2 +-
5123 drivers/gpu/drm/nouveau/nouveau_drm.h | 1 -
5124 drivers/gpu/drm/nouveau/nouveau_ioc32.c | 2 +-
5125 drivers/gpu/drm/nouveau/nouveau_vga.c | 2 +-
5126 drivers/gpu/drm/omapdrm/Makefile | 2 +-
5127 drivers/gpu/drm/qxl/qxl_cmd.c | 12 +-
5128 drivers/gpu/drm/qxl/qxl_debugfs.c | 8 +-
5129 drivers/gpu/drm/qxl/qxl_drv.h | 8 +-
5130 drivers/gpu/drm/qxl/qxl_ioctl.c | 10 +-
5131 drivers/gpu/drm/qxl/qxl_irq.c | 16 +-
5132 drivers/gpu/drm/qxl/qxl_ttm.c | 38 +-
5133 drivers/gpu/drm/r128/r128_cce.c | 2 +-
5134 drivers/gpu/drm/r128/r128_drv.h | 4 +-
5135 drivers/gpu/drm/r128/r128_ioc32.c | 10 +-
5136 drivers/gpu/drm/r128/r128_irq.c | 4 +-
5137 drivers/gpu/drm/r128/r128_state.c | 4 +-
5138 drivers/gpu/drm/radeon/mkregtable.c | 4 +-
5139 drivers/gpu/drm/radeon/radeon_device.c | 2 +-
5140 drivers/gpu/drm/radeon/radeon_drv.h | 2 +-
5141 drivers/gpu/drm/radeon/radeon_ioc32.c | 12 +-
5142 drivers/gpu/drm/radeon/radeon_irq.c | 6 +-
5143 drivers/gpu/drm/radeon/radeon_state.c | 4 +-
5144 drivers/gpu/drm/radeon/radeon_ttm.c | 4 +-
5145 drivers/gpu/drm/tegra/dc.c | 2 +-
5146 drivers/gpu/drm/tegra/dsi.c | 2 +-
5147 drivers/gpu/drm/tegra/hdmi.c | 2 +-
5148 drivers/gpu/drm/tegra/sor.c | 7 +-
5149 drivers/gpu/drm/tilcdc/Makefile | 6 +-
5150 drivers/gpu/drm/ttm/ttm_memory.c | 4 +-
5151 drivers/gpu/drm/ttm/ttm_page_alloc.c | 18 +-
5152 drivers/gpu/drm/ttm/ttm_page_alloc_dma.c | 18 +-
5153 drivers/gpu/drm/udl/udl_fb.c | 1 -
5154 drivers/gpu/drm/via/via_drv.h | 4 +-
5155 drivers/gpu/drm/via/via_irq.c | 18 +-
5156 drivers/gpu/drm/virtio/virtgpu_debugfs.c | 2 +-
5157 drivers/gpu/drm/virtio/virtgpu_fence.c | 2 +-
5158 drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 2 +-
5159 drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c | 8 +-
5160 drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c | 4 +-
5161 drivers/gpu/drm/vmwgfx/vmwgfx_irq.c | 4 +-
5162 drivers/gpu/drm/vmwgfx/vmwgfx_marker.c | 2 +-
5163 drivers/gpu/vga/vga_switcheroo.c | 4 +-
5164 drivers/hid/hid-core.c | 4 +-
5165 drivers/hid/hid-sensor-custom.c | 2 +-
5166 drivers/hv/channel.c | 2 +-
5167 drivers/hv/hv.c | 4 +-
5168 drivers/hv/hv_balloon.c | 18 +-
5169 drivers/hv/hyperv_vmbus.h | 2 +-
5170 drivers/hwmon/acpi_power_meter.c | 6 +-
5171 drivers/hwmon/applesmc.c | 2 +-
5172 drivers/hwmon/asus_atk0110.c | 10 +-
5173 drivers/hwmon/coretemp.c | 2 +-
5174 drivers/hwmon/dell-smm-hwmon.c | 2 +-
5175 drivers/hwmon/ibmaem.c | 2 +-
5176 drivers/hwmon/iio_hwmon.c | 2 +-
5177 drivers/hwmon/nct6683.c | 6 +-
5178 drivers/hwmon/nct6775.c | 6 +-
5179 drivers/hwmon/pmbus/pmbus_core.c | 10 +-
5180 drivers/hwmon/sht15.c | 12 +-
5181 drivers/hwmon/via-cputemp.c | 2 +-
5182 drivers/i2c/busses/i2c-amd756-s4882.c | 2 +-
5183 drivers/i2c/busses/i2c-diolan-u2c.c | 2 +-
5184 drivers/i2c/busses/i2c-nforce2-s4985.c | 2 +-
5185 drivers/i2c/i2c-dev.c | 2 +-
5186 drivers/ide/ide-cd.c | 2 +-
5187 drivers/iio/industrialio-core.c | 2 +-
5188 drivers/iio/magnetometer/ak8975.c | 2 +-
5189 drivers/infiniband/core/cm.c | 32 +-
5190 drivers/infiniband/core/fmr_pool.c | 20 +-
5191 drivers/infiniband/core/uverbs_cmd.c | 3 +
5192 drivers/infiniband/hw/cxgb4/mem.c | 4 +-
5193 drivers/infiniband/hw/ipath/ipath_rc.c | 6 +-
5194 drivers/infiniband/hw/ipath/ipath_ruc.c | 6 +-
5195 drivers/infiniband/hw/mlx4/mad.c | 2 +-
5196 drivers/infiniband/hw/mlx4/mcg.c | 2 +-
5197 drivers/infiniband/hw/mlx4/mlx4_ib.h | 2 +-
5198 drivers/infiniband/hw/mthca/mthca_cmd.c | 8 +-
5199 drivers/infiniband/hw/mthca/mthca_main.c | 2 +-
5200 drivers/infiniband/hw/mthca/mthca_mr.c | 6 +-
5201 drivers/infiniband/hw/mthca/mthca_provider.c | 2 +-
5202 drivers/infiniband/hw/nes/nes.c | 4 +-
5203 drivers/infiniband/hw/nes/nes.h | 40 +-
5204 drivers/infiniband/hw/nes/nes_cm.c | 62 +-
5205 drivers/infiniband/hw/nes/nes_mgt.c | 8 +-
5206 drivers/infiniband/hw/nes/nes_nic.c | 40 +-
5207 drivers/infiniband/hw/nes/nes_verbs.c | 10 +-
5208 drivers/infiniband/hw/qib/qib.h | 1 +
5209 drivers/infiniband/ulp/ipoib/ipoib_netlink.c | 2 +-
5210 drivers/input/gameport/gameport.c | 4 +-
5211 drivers/input/input.c | 4 +-
5212 drivers/input/joystick/sidewinder.c | 1 +
5213 drivers/input/joystick/xpad.c | 4 +-
5214 drivers/input/misc/ims-pcu.c | 4 +-
5215 drivers/input/mouse/psmouse.h | 2 +-
5216 drivers/input/mousedev.c | 2 +-
5217 drivers/input/serio/serio.c | 4 +-
5218 drivers/input/serio/serio_raw.c | 4 +-
5219 drivers/input/touchscreen/htcpen.c | 2 +-
5220 drivers/iommu/arm-smmu.c | 43 +-
5221 drivers/iommu/io-pgtable-arm.c | 101 +-
5222 drivers/iommu/io-pgtable.c | 11 +-
5223 drivers/iommu/io-pgtable.h | 19 +-
5224 drivers/iommu/iommu.c | 2 +-
5225 drivers/iommu/ipmmu-vmsa.c | 13 +-
5226 drivers/iommu/irq_remapping.c | 2 +-
5227 drivers/irqchip/irq-gic.c | 2 +-
5228 drivers/irqchip/irq-renesas-intc-irqpin.c | 2 +-
5229 drivers/irqchip/irq-renesas-irqc.c | 2 +-
5230 drivers/isdn/capi/capi.c | 10 +-
5231 drivers/isdn/gigaset/interface.c | 8 +-
5232 drivers/isdn/gigaset/usb-gigaset.c | 2 +-
5233 drivers/isdn/hardware/avm/b1.c | 4 +-
5234 drivers/isdn/i4l/isdn_common.c | 2 +
5235 drivers/isdn/i4l/isdn_tty.c | 22 +-
5236 drivers/isdn/icn/icn.c | 2 +-
5237 drivers/isdn/mISDN/dsp_cmx.c | 2 +-
5238 drivers/lguest/core.c | 10 +-
5239 drivers/lguest/page_tables.c | 2 +-
5240 drivers/lguest/x86/core.c | 12 +-
5241 drivers/lguest/x86/switcher_32.S | 27 +-
5242 drivers/md/bcache/closure.h | 2 +-
5243 drivers/md/bitmap.c | 2 +-
5244 drivers/md/dm-ioctl.c | 2 +-
5245 drivers/md/dm-raid1.c | 18 +-
5246 drivers/md/dm-stats.c | 6 +-
5247 drivers/md/dm-stripe.c | 10 +-
5248 drivers/md/dm-table.c | 2 +-
5249 drivers/md/dm-thin-metadata.c | 4 +-
5250 drivers/md/dm.c | 16 +-
5251 drivers/md/md.c | 26 +-
5252 drivers/md/md.h | 6 +-
5253 drivers/md/persistent-data/dm-space-map-metadata.c | 4 +-
5254 drivers/md/persistent-data/dm-space-map.h | 1 +
5255 drivers/md/raid1.c | 4 +-
5256 drivers/md/raid10.c | 16 +-
5257 drivers/md/raid5.c | 22 +-
5258 drivers/media/dvb-core/dvbdev.c | 2 +-
5259 drivers/media/dvb-frontends/af9033.h | 2 +-
5260 drivers/media/dvb-frontends/dib3000.h | 2 +-
5261 drivers/media/dvb-frontends/dib7000p.h | 2 +-
5262 drivers/media/dvb-frontends/dib8000.h | 2 +-
5263 drivers/media/pci/cx88/cx88-video.c | 6 +-
5264 drivers/media/pci/ivtv/ivtv-driver.c | 2 +-
5265 drivers/media/pci/solo6x10/solo6x10-core.c | 2 +-
5266 drivers/media/pci/solo6x10/solo6x10-p2m.c | 2 +-
5267 drivers/media/pci/solo6x10/solo6x10.h | 2 +-
5268 drivers/media/pci/tw68/tw68-core.c | 2 +-
5269 drivers/media/platform/omap/omap_vout.c | 11 +-
5270 drivers/media/platform/s5p-tv/mixer.h | 2 +-
5271 drivers/media/platform/s5p-tv/mixer_grp_layer.c | 2 +-
5272 drivers/media/platform/s5p-tv/mixer_reg.c | 2 +-
5273 drivers/media/platform/s5p-tv/mixer_video.c | 24 +-
5274 drivers/media/platform/s5p-tv/mixer_vp_layer.c | 2 +-
5275 drivers/media/radio/radio-cadet.c | 2 +
5276 drivers/media/radio/radio-maxiradio.c | 2 +-
5277 drivers/media/radio/radio-shark.c | 2 +-
5278 drivers/media/radio/radio-shark2.c | 2 +-
5279 drivers/media/radio/radio-si476x.c | 2 +-
5280 drivers/media/radio/wl128x/fmdrv_common.c | 2 +-
5281 drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 12 +-
5282 drivers/media/v4l2-core/v4l2-device.c | 4 +-
5283 drivers/media/v4l2-core/v4l2-ioctl.c | 13 +-
5284 drivers/memory/omap-gpmc.c | 21 +-
5285 drivers/message/fusion/mptsas.c | 34 +-
5286 drivers/mfd/ab8500-debugfs.c | 2 +-
5287 drivers/mfd/kempld-core.c | 2 +-
5288 drivers/mfd/max8925-i2c.c | 2 +-
5289 drivers/mfd/tps65910.c | 2 +-
5290 drivers/mfd/twl4030-irq.c | 9 +-
5291 drivers/misc/c2port/core.c | 4 +-
5292 drivers/misc/eeprom/sunxi_sid.c | 4 +-
5293 drivers/misc/kgdbts.c | 4 +-
5294 drivers/misc/lis3lv02d/lis3lv02d.c | 8 +-
5295 drivers/misc/lis3lv02d/lis3lv02d.h | 2 +-
5296 drivers/misc/mic/scif/scif_rb.c | 8 +-
5297 drivers/misc/sgi-gru/gruhandles.c | 4 +-
5298 drivers/misc/sgi-gru/gruprocfs.c | 8 +-
5299 drivers/misc/sgi-gru/grutables.h | 154 +-
5300 drivers/misc/sgi-xp/xp.h | 2 +-
5301 drivers/misc/sgi-xp/xpc.h | 3 +-
5302 drivers/misc/sgi-xp/xpc_main.c | 2 +-
5303 drivers/mmc/card/block.c | 2 +-
5304 drivers/mmc/host/dw_mmc.h | 2 +-
5305 drivers/mmc/host/mmci.c | 4 +-
5306 drivers/mmc/host/omap_hsmmc.c | 4 +-
5307 drivers/mmc/host/sdhci-esdhc-imx.c | 7 +-
5308 drivers/mmc/host/sdhci-s3c.c | 8 +-
5309 drivers/mtd/chips/cfi_cmdset_0020.c | 2 +-
5310 drivers/mtd/nand/denali.c | 1 +
5311 drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 2 +-
5312 drivers/mtd/nftlmount.c | 1 +
5313 drivers/mtd/sm_ftl.c | 2 +-
5314 drivers/net/bonding/bond_netlink.c | 2 +-
5315 drivers/net/caif/caif_hsi.c | 2 +-
5316 drivers/net/can/Kconfig | 2 +-
5317 drivers/net/can/dev.c | 2 +-
5318 drivers/net/can/vcan.c | 2 +-
5319 drivers/net/dummy.c | 2 +-
5320 drivers/net/ethernet/8390/ax88796.c | 4 +-
5321 drivers/net/ethernet/altera/altera_tse_main.c | 4 +-
5322 drivers/net/ethernet/amd/xgbe/xgbe-common.h | 4 +-
5323 drivers/net/ethernet/amd/xgbe/xgbe-dcb.c | 4 +-
5324 drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 27 +-
5325 drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 143 +-
5326 drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 64 +-
5327 drivers/net/ethernet/amd/xgbe/xgbe-ethtool.c | 10 +-
5328 drivers/net/ethernet/amd/xgbe/xgbe-main.c | 15 +-
5329 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 27 +-
5330 drivers/net/ethernet/amd/xgbe/xgbe-ptp.c | 4 +-
5331 drivers/net/ethernet/amd/xgbe/xgbe.h | 10 +-
5332 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h | 2 +-
5333 drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c | 11 +-
5334 drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h | 3 +-
5335 drivers/net/ethernet/broadcom/tg3.h | 1 +
5336 drivers/net/ethernet/cavium/liquidio/lio_ethtool.c | 6 +-
5337 drivers/net/ethernet/cavium/liquidio/lio_main.c | 11 +-
5338 drivers/net/ethernet/chelsio/cxgb3/l2t.h | 2 +-
5339 drivers/net/ethernet/dec/tulip/de4x5.c | 4 +-
5340 drivers/net/ethernet/emulex/benet/be_main.c | 2 +-
5341 drivers/net/ethernet/faraday/ftgmac100.c | 2 +
5342 drivers/net/ethernet/faraday/ftmac100.c | 2 +
5343 drivers/net/ethernet/intel/i40e/i40e_ptp.c | 2 +-
5344 drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c | 2 +-
5345 drivers/net/ethernet/mellanox/mlx4/en_tx.c | 4 +-
5346 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 +-
5347 drivers/net/ethernet/neterion/vxge/vxge-config.c | 7 +-
5348 .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c | 4 +-
5349 .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c | 12 +-
5350 .../net/ethernet/qlogic/qlcnic/qlcnic_minidump.c | 2 +-
5351 drivers/net/ethernet/realtek/r8169.c | 8 +-
5352 drivers/net/ethernet/sfc/ptp.c | 2 +-
5353 drivers/net/ethernet/stmicro/stmmac/mmc_core.c | 4 +-
5354 drivers/net/ethernet/via/via-rhine.c | 2 +-
5355 drivers/net/hyperv/hyperv_net.h | 2 +-
5356 drivers/net/hyperv/rndis_filter.c | 4 +-
5357 drivers/net/ifb.c | 2 +-
5358 drivers/net/ipvlan/ipvlan_core.c | 2 +-
5359 drivers/net/macvlan.c | 20 +-
5360 drivers/net/macvtap.c | 6 +-
5361 drivers/net/nlmon.c | 2 +-
5362 drivers/net/phy/phy_device.c | 6 +-
5363 drivers/net/ppp/ppp_generic.c | 4 +-
5364 drivers/net/slip/slhc.c | 2 +-
5365 drivers/net/team/team.c | 4 +-
5366 drivers/net/tun.c | 7 +-
5367 drivers/net/usb/hso.c | 23 +-
5368 drivers/net/usb/r8152.c | 2 +-
5369 drivers/net/usb/sierra_net.c | 4 +-
5370 drivers/net/virtio_net.c | 2 +-
5371 drivers/net/vxlan.c | 4 +-
5372 drivers/net/wimax/i2400m/rx.c | 2 +-
5373 drivers/net/wireless/airo.c | 2 +-
5374 drivers/net/wireless/at76c50x-usb.c | 2 +-
5375 drivers/net/wireless/ath/ath10k/htc.c | 7 +-
5376 drivers/net/wireless/ath/ath10k/htc.h | 4 +-
5377 drivers/net/wireless/ath/ath9k/ar9002_mac.c | 36 +-
5378 drivers/net/wireless/ath/ath9k/ar9003_mac.c | 64 +-
5379 drivers/net/wireless/ath/ath9k/hw.h | 4 +-
5380 drivers/net/wireless/ath/ath9k/main.c | 22 +-
5381 drivers/net/wireless/b43/phy_lp.c | 2 +-
5382 drivers/net/wireless/iwlegacy/3945-mac.c | 4 +-
5383 drivers/net/wireless/iwlwifi/dvm/debugfs.c | 34 +-
5384 drivers/net/wireless/iwlwifi/pcie/trans.c | 4 +-
5385 drivers/net/wireless/mac80211_hwsim.c | 28 +-
5386 drivers/net/wireless/rndis_wlan.c | 2 +-
5387 drivers/net/wireless/rt2x00/rt2x00.h | 2 +-
5388 drivers/net/wireless/rt2x00/rt2x00queue.c | 4 +-
5389 drivers/net/wireless/ti/wl1251/sdio.c | 12 +-
5390 drivers/net/wireless/ti/wl12xx/main.c | 8 +-
5391 drivers/net/wireless/ti/wl18xx/main.c | 6 +-
5392 drivers/nfc/nfcwilink.c | 2 +-
5393 drivers/of/fdt.c | 4 +-
5394 drivers/oprofile/buffer_sync.c | 8 +-
5395 drivers/oprofile/event_buffer.c | 2 +-
5396 drivers/oprofile/oprof.c | 2 +-
5397 drivers/oprofile/oprofile_files.c | 2 +-
5398 drivers/oprofile/oprofile_stats.c | 10 +-
5399 drivers/oprofile/oprofile_stats.h | 10 +-
5400 drivers/oprofile/oprofilefs.c | 6 +-
5401 drivers/oprofile/timer_int.c | 2 +-
5402 drivers/parport/procfs.c | 4 +-
5403 drivers/pci/host/pci-host-generic.c | 24 +-
5404 drivers/pci/hotplug/acpiphp_ibm.c | 4 +-
5405 drivers/pci/hotplug/cpcihp_generic.c | 6 +-
5406 drivers/pci/hotplug/cpcihp_zt5550.c | 14 +-
5407 drivers/pci/hotplug/cpqphp_nvram.c | 2 +
5408 drivers/pci/hotplug/pci_hotplug_core.c | 6 +-
5409 drivers/pci/hotplug/pciehp_core.c | 2 +-
5410 drivers/pci/msi.c | 21 +-
5411 drivers/pci/pci-sysfs.c | 6 +-
5412 drivers/pci/pci.h | 2 +-
5413 drivers/pci/pcie/aspm.c | 6 +-
5414 drivers/pci/pcie/portdrv_pci.c | 2 +-
5415 drivers/pci/probe.c | 2 +-
5416 drivers/pinctrl/pinctrl-at91.c | 5 +-
5417 drivers/platform/chrome/chromeos_pstore.c | 2 +-
5418 drivers/platform/x86/alienware-wmi.c | 4 +-
5419 drivers/platform/x86/compal-laptop.c | 2 +-
5420 drivers/platform/x86/hdaps.c | 2 +-
5421 drivers/platform/x86/ibm_rtl.c | 2 +-
5422 drivers/platform/x86/intel_oaktrail.c | 2 +-
5423 drivers/platform/x86/msi-laptop.c | 16 +-
5424 drivers/platform/x86/msi-wmi.c | 2 +-
5425 drivers/platform/x86/samsung-laptop.c | 2 +-
5426 drivers/platform/x86/samsung-q10.c | 2 +-
5427 drivers/platform/x86/sony-laptop.c | 14 +-
5428 drivers/platform/x86/thinkpad_acpi.c | 2 +-
5429 drivers/pnp/pnpbios/bioscalls.c | 14 +-
5430 drivers/pnp/pnpbios/core.c | 2 +-
5431 drivers/power/pda_power.c | 7 +-
5432 drivers/power/power_supply.h | 4 +-
5433 drivers/power/power_supply_core.c | 7 +-
5434 drivers/power/power_supply_sysfs.c | 6 +-
5435 drivers/power/reset/at91-reset.c | 9 +-
5436 drivers/powercap/powercap_sys.c | 136 +-
5437 drivers/ptp/ptp_private.h | 2 +-
5438 drivers/ptp/ptp_sysfs.c | 2 +-
5439 drivers/regulator/core.c | 4 +-
5440 drivers/regulator/max8660.c | 6 +-
5441 drivers/regulator/max8973-regulator.c | 16 +-
5442 drivers/regulator/mc13892-regulator.c | 8 +-
5443 drivers/rtc/rtc-armada38x.c | 7 +-
5444 drivers/rtc/rtc-cmos.c | 4 +-
5445 drivers/rtc/rtc-ds1307.c | 2 +-
5446 drivers/rtc/rtc-m48t59.c | 4 +-
5447 drivers/rtc/rtc-test.c | 6 +-
5448 drivers/scsi/be2iscsi/be_main.c | 2 +-
5449 drivers/scsi/bfa/bfa_fcpim.h | 2 +-
5450 drivers/scsi/bfa/bfa_ioc.h | 4 +-
5451 drivers/scsi/fcoe/fcoe_sysfs.c | 12 +-
5452 drivers/scsi/hosts.c | 4 +-
5453 drivers/scsi/hpsa.c | 38 +-
5454 drivers/scsi/hpsa.h | 2 +-
5455 drivers/scsi/libfc/fc_exch.c | 50 +-
5456 drivers/scsi/libsas/sas_ata.c | 2 +-
5457 drivers/scsi/lpfc/lpfc.h | 8 +-
5458 drivers/scsi/lpfc/lpfc_debugfs.c | 18 +-
5459 drivers/scsi/lpfc/lpfc_init.c | 6 +-
5460 drivers/scsi/lpfc/lpfc_scsi.c | 10 +-
5461 drivers/scsi/mpt2sas/mpt2sas_scsih.c | 8 +-
5462 drivers/scsi/pmcraid.c | 20 +-
5463 drivers/scsi/pmcraid.h | 8 +-
5464 drivers/scsi/qla2xxx/qla_attr.c | 4 +-
5465 drivers/scsi/qla2xxx/qla_gbl.h | 4 +-
5466 drivers/scsi/qla2xxx/qla_os.c | 6 +-
5467 drivers/scsi/qla4xxx/ql4_def.h | 2 +-
5468 drivers/scsi/qla4xxx/ql4_os.c | 6 +-
5469 drivers/scsi/scsi.c | 2 +-
5470 drivers/scsi/scsi_lib.c | 8 +-
5471 drivers/scsi/scsi_sysfs.c | 2 +-
5472 drivers/scsi/scsi_transport_fc.c | 8 +-
5473 drivers/scsi/scsi_transport_iscsi.c | 6 +-
5474 drivers/scsi/scsi_transport_srp.c | 6 +-
5475 drivers/scsi/sd.c | 6 +-
5476 drivers/scsi/sg.c | 2 +-
5477 drivers/scsi/sr.c | 21 +-
5478 drivers/soc/tegra/fuse/fuse-tegra.c | 2 +-
5479 drivers/spi/spi.c | 2 +-
5480 drivers/spi/spidev.c | 2 +-
5481 drivers/staging/android/timed_output.c | 6 +-
5482 drivers/staging/comedi/comedi_fops.c | 8 +-
5483 drivers/staging/fbtft/fbtft-core.c | 2 +-
5484 drivers/staging/fbtft/fbtft.h | 2 +-
5485 drivers/staging/gdm724x/gdm_tty.c | 2 +-
5486 drivers/staging/iio/accel/lis3l02dq_ring.c | 2 +-
5487 drivers/staging/iio/adc/ad7280a.c | 4 +-
5488 drivers/staging/lustre/lnet/selftest/brw_test.c | 12 +-
5489 drivers/staging/lustre/lnet/selftest/framework.c | 4 -
5490 drivers/staging/lustre/lnet/selftest/ping_test.c | 14 +-
5491 drivers/staging/lustre/lustre/include/lustre_dlm.h | 2 +-
5492 drivers/staging/lustre/lustre/include/obd.h | 2 +-
5493 drivers/staging/lustre/lustre/libcfs/module.c | 6 +-
5494 drivers/staging/octeon/ethernet-rx.c | 12 +-
5495 drivers/staging/octeon/ethernet.c | 8 +-
5496 drivers/staging/rtl8188eu/include/hal_intf.h | 2 +-
5497 drivers/staging/rtl8712/rtl871x_io.h | 2 +-
5498 drivers/staging/sm750fb/sm750.c | 14 +-
5499 drivers/staging/unisys/visorbus/visorbus_private.h | 4 +-
5500 drivers/target/sbp/sbp_target.c | 4 +-
5501 drivers/target/target_core_device.c | 2 +-
5502 drivers/target/target_core_transport.c | 2 +-
5503 drivers/thermal/cpu_cooling.c | 9 +-
5504 drivers/thermal/int340x_thermal/int3400_thermal.c | 6 +-
5505 drivers/thermal/of-thermal.c | 17 +-
5506 drivers/thermal/x86_pkg_temp_thermal.c | 2 +-
5507 drivers/tty/cyclades.c | 6 +-
5508 drivers/tty/hvc/hvc_console.c | 14 +-
5509 drivers/tty/hvc/hvcs.c | 21 +-
5510 drivers/tty/hvc/hvsi.c | 22 +-
5511 drivers/tty/hvc/hvsi_lib.c | 4 +-
5512 drivers/tty/ipwireless/tty.c | 27 +-
5513 drivers/tty/moxa.c | 2 +-
5514 drivers/tty/n_gsm.c | 4 +-
5515 drivers/tty/n_tty.c | 5 +-
5516 drivers/tty/pty.c | 4 +-
5517 drivers/tty/rocket.c | 6 +-
5518 drivers/tty/serial/8250/8250_core.c | 10 +-
5519 drivers/tty/serial/ifx6x60.c | 2 +-
5520 drivers/tty/serial/ioc4_serial.c | 6 +-
5521 drivers/tty/serial/kgdb_nmi.c | 4 +-
5522 drivers/tty/serial/kgdboc.c | 32 +-
5523 drivers/tty/serial/msm_serial.c | 4 +-
5524 drivers/tty/serial/samsung.c | 9 +-
5525 drivers/tty/serial/serial_core.c | 8 +-
5526 drivers/tty/synclink.c | 34 +-
5527 drivers/tty/synclink_gt.c | 28 +-
5528 drivers/tty/synclinkmp.c | 34 +-
5529 drivers/tty/tty_io.c | 2 +-
5530 drivers/tty/tty_ldisc.c | 8 +-
5531 drivers/tty/tty_port.c | 22 +-
5532 drivers/uio/uio.c | 13 +-
5533 drivers/usb/atm/cxacru.c | 2 +-
5534 drivers/usb/atm/usbatm.c | 24 +-
5535 drivers/usb/core/devices.c | 6 +-
5536 drivers/usb/core/devio.c | 10 +-
5537 drivers/usb/core/hcd.c | 4 +-
5538 drivers/usb/core/message.c | 6 +-
5539 drivers/usb/core/sysfs.c | 2 +-
5540 drivers/usb/core/usb.c | 2 +-
5541 drivers/usb/early/ehci-dbgp.c | 16 +-
5542 drivers/usb/gadget/function/u_serial.c | 22 +-
5543 drivers/usb/gadget/udc/dummy_hcd.c | 2 +-
5544 drivers/usb/host/ehci-hcd.c | 2 +-
5545 drivers/usb/host/ehci-hub.c | 4 +-
5546 drivers/usb/host/ehci-q.c | 4 +-
5547 drivers/usb/host/fotg210-hcd.c | 2 +-
5548 drivers/usb/host/fusbh200-hcd.c | 2 +-
5549 drivers/usb/host/hwa-hc.c | 2 +-
5550 drivers/usb/host/ohci-hcd.c | 2 +-
5551 drivers/usb/host/r8a66597.h | 2 +-
5552 drivers/usb/host/uhci-hcd.c | 2 +-
5553 drivers/usb/host/xhci-pci.c | 2 +-
5554 drivers/usb/host/xhci.c | 2 +-
5555 drivers/usb/misc/appledisplay.c | 4 +-
5556 drivers/usb/serial/console.c | 8 +-
5557 drivers/usb/storage/usb.c | 2 +-
5558 drivers/usb/storage/usb.h | 2 +-
5559 drivers/usb/usbip/vhci.h | 2 +-
5560 drivers/usb/usbip/vhci_hcd.c | 6 +-
5561 drivers/usb/usbip/vhci_rx.c | 2 +-
5562 drivers/usb/wusbcore/wa-hc.h | 4 +-
5563 drivers/usb/wusbcore/wa-xfer.c | 2 +-
5564 drivers/vfio/vfio.c | 2 +-
5565 drivers/vhost/vringh.c | 20 +-
5566 drivers/video/backlight/kb3886_bl.c | 2 +-
5567 drivers/video/fbdev/aty/aty128fb.c | 2 +-
5568 drivers/video/fbdev/aty/atyfb_base.c | 8 +-
5569 drivers/video/fbdev/aty/mach64_cursor.c | 5 +-
5570 drivers/video/fbdev/core/fb_defio.c | 6 +-
5571 drivers/video/fbdev/core/fbmem.c | 2 +-
5572 drivers/video/fbdev/hyperv_fb.c | 4 +-
5573 drivers/video/fbdev/i810/i810_accel.c | 1 +
5574 drivers/video/fbdev/matrox/matroxfb_base.c | 2 +-
5575 drivers/video/fbdev/mb862xx/mb862xxfb_accel.c | 16 +-
5576 drivers/video/fbdev/nvidia/nvidia.c | 27 +-
5577 drivers/video/fbdev/omap2/dss/display.c | 8 +-
5578 drivers/video/fbdev/s1d13xxxfb.c | 6 +-
5579 drivers/video/fbdev/smscufx.c | 4 +-
5580 drivers/video/fbdev/udlfb.c | 36 +-
5581 drivers/video/fbdev/uvesafb.c | 52 +-
5582 drivers/video/fbdev/vesafb.c | 58 +-
5583 drivers/video/fbdev/via/via_clock.h | 2 +-
5584 drivers/xen/events/events_base.c | 6 +-
5585 drivers/xen/evtchn.c | 4 +-
5586 fs/Kconfig.binfmt | 2 +-
5587 fs/afs/inode.c | 4 +-
5589 fs/autofs4/waitq.c | 2 +-
5590 fs/befs/endian.h | 6 +-
5591 fs/binfmt_aout.c | 23 +-
5592 fs/binfmt_elf.c | 672 +-
5593 fs/binfmt_elf_fdpic.c | 2 +-
5594 fs/block_dev.c | 2 +-
5595 fs/btrfs/ctree.c | 9 +-
5596 fs/btrfs/delayed-inode.c | 6 +-
5597 fs/btrfs/delayed-inode.h | 4 +-
5598 fs/btrfs/super.c | 2 +-
5599 fs/btrfs/sysfs.c | 2 +-
5600 fs/btrfs/tests/free-space-tests.c | 8 +-
5601 fs/btrfs/tree-log.h | 2 +-
5603 fs/cachefiles/bind.c | 6 +-
5604 fs/cachefiles/daemon.c | 8 +-
5605 fs/cachefiles/internal.h | 12 +-
5606 fs/cachefiles/namei.c | 2 +-
5607 fs/cachefiles/proc.c | 12 +-
5608 fs/ceph/dir.c | 12 +-
5609 fs/ceph/super.c | 4 +-
5610 fs/cifs/cifs_debug.c | 12 +-
5611 fs/cifs/cifsfs.c | 8 +-
5612 fs/cifs/cifsglob.h | 54 +-
5613 fs/cifs/file.c | 10 +-
5614 fs/cifs/misc.c | 4 +-
5615 fs/cifs/smb1ops.c | 80 +-
5616 fs/cifs/smb2ops.c | 84 +-
5617 fs/cifs/smb2pdu.c | 3 +-
5618 fs/coda/cache.c | 10 +-
5620 fs/compat_binfmt_elf.c | 2 +
5621 fs/compat_ioctl.c | 12 +-
5622 fs/configfs/dir.c | 10 +-
5623 fs/coredump.c | 16 +-
5625 fs/ecryptfs/inode.c | 2 +-
5626 fs/ecryptfs/miscdev.c | 2 +-
5628 fs/ext2/xattr.c | 5 +-
5629 fs/ext3/xattr.c | 5 +-
5630 fs/ext4/ext4.h | 20 +-
5631 fs/ext4/mballoc.c | 44 +-
5632 fs/ext4/mmp.c | 2 +-
5633 fs/ext4/resize.c | 16 +-
5634 fs/ext4/super.c | 4 +-
5635 fs/ext4/xattr.c | 5 +-
5638 fs/fs_struct.c | 8 +-
5639 fs/fscache/cookie.c | 40 +-
5640 fs/fscache/internal.h | 202 +-
5641 fs/fscache/object.c | 26 +-
5642 fs/fscache/operation.c | 38 +-
5643 fs/fscache/page.c | 110 +-
5644 fs/fscache/stats.c | 348 +-
5645 fs/fuse/cuse.c | 10 +-
5646 fs/fuse/dev.c | 4 +-
5647 fs/gfs2/glock.c | 22 +-
5648 fs/gfs2/glops.c | 4 +-
5649 fs/gfs2/quota.c | 6 +-
5650 fs/hugetlbfs/inode.c | 13 +-
5652 fs/jffs2/erase.c | 3 +-
5653 fs/jffs2/wbuf.c | 3 +-
5654 fs/jfs/super.c | 2 +-
5655 fs/kernfs/dir.c | 2 +-
5656 fs/kernfs/file.c | 20 +-
5658 fs/lockd/clntproc.c | 4 +-
5660 fs/namespace.c | 16 +-
5661 fs/nfs/callback_xdr.c | 2 +-
5662 fs/nfs/inode.c | 6 +-
5663 fs/nfsd/nfs4proc.c | 2 +-
5664 fs/nfsd/nfs4xdr.c | 2 +-
5665 fs/nfsd/nfscache.c | 11 +-
5666 fs/nfsd/vfs.c | 6 +-
5667 fs/nls/nls_base.c | 26 +-
5668 fs/nls/nls_euc-jp.c | 6 +-
5669 fs/nls/nls_koi8-ru.c | 6 +-
5670 fs/notify/fanotify/fanotify_user.c | 4 +-
5671 fs/notify/notification.c | 4 +-
5672 fs/ntfs/dir.c | 2 +-
5673 fs/ntfs/super.c | 6 +-
5674 fs/ocfs2/localalloc.c | 2 +-
5675 fs/ocfs2/ocfs2.h | 10 +-
5676 fs/ocfs2/suballoc.c | 12 +-
5677 fs/ocfs2/super.c | 20 +-
5679 fs/posix_acl.c | 4 +-
5680 fs/proc/array.c | 20 +
5681 fs/proc/base.c | 4 +-
5682 fs/proc/kcore.c | 34 +-
5683 fs/proc/meminfo.c | 2 +-
5684 fs/proc/nommu.c | 2 +-
5685 fs/proc/proc_sysctl.c | 26 +-
5686 fs/proc/task_mmu.c | 39 +-
5687 fs/proc/task_nommu.c | 4 +-
5688 fs/proc/vmcore.c | 16 +-
5689 fs/qnx6/qnx6.h | 4 +-
5690 fs/quota/netlink.c | 4 +-
5691 fs/read_write.c | 2 +-
5692 fs/reiserfs/do_balan.c | 2 +-
5693 fs/reiserfs/procfs.c | 2 +-
5694 fs/reiserfs/reiserfs.h | 4 +-
5695 fs/seq_file.c | 4 +-
5697 fs/squashfs/xattr.c | 12 +-
5698 fs/sysv/sysv.h | 2 +-
5699 fs/tracefs/inode.c | 8 +-
5700 fs/ubifs/io.c | 2 +-
5701 fs/udf/misc.c | 2 +-
5702 fs/ufs/swab.h | 4 +-
5704 fs/xfs/libxfs/xfs_bmap.c | 2 +-
5705 fs/xfs/xfs_dir2_readdir.c | 7 +-
5706 fs/xfs/xfs_ioctl.c | 2 +-
5707 fs/xfs/xfs_linux.h | 4 +-
5708 include/asm-generic/4level-fixup.h | 2 +
5709 include/asm-generic/atomic-long.h | 214 +-
5710 include/asm-generic/atomic64.h | 12 +
5711 include/asm-generic/barrier.h | 2 +-
5712 include/asm-generic/bitops/__fls.h | 2 +-
5713 include/asm-generic/bitops/fls.h | 2 +-
5714 include/asm-generic/bitops/fls64.h | 4 +-
5715 include/asm-generic/bug.h | 6 +-
5716 include/asm-generic/cache.h | 4 +-
5717 include/asm-generic/emergency-restart.h | 2 +-
5718 include/asm-generic/kmap_types.h | 4 +-
5719 include/asm-generic/local.h | 13 +
5720 include/asm-generic/pgtable-nopmd.h | 18 +-
5721 include/asm-generic/pgtable-nopud.h | 15 +-
5722 include/asm-generic/pgtable.h | 16 +
5723 include/asm-generic/uaccess.h | 16 +
5724 include/asm-generic/vmlinux.lds.h | 13 +-
5725 include/crypto/algapi.h | 2 +-
5726 include/drm/drmP.h | 16 +-
5727 include/drm/drm_crtc_helper.h | 2 +-
5728 include/drm/drm_mm.h | 2 +-
5729 include/drm/i915_pciids.h | 2 +-
5730 include/drm/intel-gtt.h | 4 +-
5731 include/drm/ttm/ttm_memory.h | 2 +-
5732 include/drm/ttm/ttm_page_alloc.h | 1 +
5733 include/keys/asymmetric-subtype.h | 2 +-
5734 include/linux/atmdev.h | 4 +-
5735 include/linux/atomic.h | 2 +-
5736 include/linux/audit.h | 2 +-
5737 include/linux/binfmts.h | 3 +-
5738 include/linux/bitmap.h | 2 +-
5739 include/linux/bitops.h | 8 +-
5740 include/linux/blkdev.h | 2 +-
5741 include/linux/blktrace_api.h | 2 +-
5742 include/linux/cache.h | 8 +
5743 include/linux/cdrom.h | 1 -
5744 include/linux/cleancache.h | 2 +-
5745 include/linux/clk-provider.h | 1 +
5746 include/linux/compat.h | 6 +-
5747 include/linux/compiler-gcc.h | 28 +-
5748 include/linux/compiler.h | 95 +-
5749 include/linux/completion.h | 12 +-
5750 include/linux/configfs.h | 2 +-
5751 include/linux/cpufreq.h | 3 +-
5752 include/linux/cpuidle.h | 5 +-
5753 include/linux/cpumask.h | 14 +-
5754 include/linux/crypto.h | 4 +-
5755 include/linux/ctype.h | 2 +-
5756 include/linux/dcache.h | 4 +-
5757 include/linux/decompress/mm.h | 2 +-
5758 include/linux/devfreq.h | 2 +-
5759 include/linux/device.h | 7 +-
5760 include/linux/dma-mapping.h | 2 +-
5761 include/linux/efi.h | 1 +
5762 include/linux/elf.h | 2 +
5763 include/linux/err.h | 4 +-
5764 include/linux/extcon.h | 2 +-
5765 include/linux/fb.h | 3 +-
5766 include/linux/fdtable.h | 2 +-
5767 include/linux/fs.h | 5 +-
5768 include/linux/fs_struct.h | 2 +-
5769 include/linux/fscache-cache.h | 2 +-
5770 include/linux/fscache.h | 2 +-
5771 include/linux/fsnotify.h | 2 +-
5772 include/linux/genhd.h | 4 +-
5773 include/linux/genl_magic_func.h | 2 +-
5774 include/linux/gfp.h | 12 +-
5775 include/linux/highmem.h | 12 +
5776 include/linux/hwmon-sysfs.h | 6 +-
5777 include/linux/i2c.h | 1 +
5778 include/linux/if_pppox.h | 2 +-
5779 include/linux/init.h | 12 +-
5780 include/linux/init_task.h | 7 +
5781 include/linux/interrupt.h | 6 +-
5782 include/linux/iommu.h | 2 +-
5783 include/linux/ioport.h | 2 +-
5784 include/linux/ipc.h | 2 +-
5785 include/linux/irq.h | 5 +-
5786 include/linux/irqdesc.h | 2 +-
5787 include/linux/irqdomain.h | 3 +
5788 include/linux/jiffies.h | 30 +-
5789 include/linux/kernel.h | 2 +-
5790 include/linux/key-type.h | 2 +-
5791 include/linux/kgdb.h | 6 +-
5792 include/linux/kmemleak.h | 4 +-
5793 include/linux/kobject.h | 3 +-
5794 include/linux/kobject_ns.h | 2 +-
5795 include/linux/kref.h | 2 +-
5796 include/linux/kvm_host.h | 4 +-
5797 include/linux/libata.h | 2 +-
5798 include/linux/linkage.h | 1 +
5799 include/linux/list.h | 15 +
5800 include/linux/lockref.h | 26 +-
5801 include/linux/math64.h | 10 +-
5802 include/linux/mempolicy.h | 7 +
5803 include/linux/mm.h | 104 +-
5804 include/linux/mm_types.h | 20 +
5805 include/linux/mmiotrace.h | 4 +-
5806 include/linux/mmzone.h | 2 +-
5807 include/linux/mod_devicetable.h | 4 +-
5808 include/linux/module.h | 69 +-
5809 include/linux/moduleloader.h | 16 +
5810 include/linux/moduleparam.h | 4 +-
5811 include/linux/net.h | 2 +-
5812 include/linux/netdevice.h | 7 +-
5813 include/linux/netfilter.h | 2 +-
5814 include/linux/netfilter/nfnetlink.h | 2 +-
5815 include/linux/nls.h | 4 +-
5816 include/linux/notifier.h | 3 +-
5817 include/linux/oprofile.h | 4 +-
5818 include/linux/padata.h | 2 +-
5819 include/linux/pci_hotplug.h | 3 +-
5820 include/linux/percpu.h | 2 +-
5821 include/linux/perf_event.h | 12 +-
5822 include/linux/pipe_fs_i.h | 8 +-
5823 include/linux/pm.h | 1 +
5824 include/linux/pm_domain.h | 4 +-
5825 include/linux/pm_runtime.h | 2 +-
5826 include/linux/pnp.h | 2 +-
5827 include/linux/poison.h | 4 +-
5828 include/linux/power/smartreflex.h | 2 +-
5829 include/linux/ppp-comp.h | 2 +-
5830 include/linux/preempt.h | 21 +
5831 include/linux/proc_ns.h | 2 +-
5832 include/linux/quota.h | 2 +-
5833 include/linux/random.h | 23 +-
5834 include/linux/rculist.h | 16 +
5835 include/linux/reboot.h | 14 +-
5836 include/linux/regset.h | 3 +-
5837 include/linux/relay.h | 2 +-
5838 include/linux/rio.h | 2 +-
5839 include/linux/rmap.h | 4 +-
5840 include/linux/sched.h | 74 +-
5841 include/linux/sched/sysctl.h | 1 +
5842 include/linux/semaphore.h | 2 +-
5843 include/linux/seq_file.h | 1 +
5844 include/linux/signal.h | 2 +-
5845 include/linux/skbuff.h | 10 +-
5846 include/linux/slab.h | 47 +-
5847 include/linux/slab_def.h | 14 +-
5848 include/linux/slub_def.h | 2 +-
5849 include/linux/smp.h | 2 +
5850 include/linux/sock_diag.h | 2 +-
5851 include/linux/sonet.h | 2 +-
5852 include/linux/sunrpc/addr.h | 8 +-
5853 include/linux/sunrpc/clnt.h | 2 +-
5854 include/linux/sunrpc/svc.h | 2 +-
5855 include/linux/sunrpc/svc_rdma.h | 18 +-
5856 include/linux/sunrpc/svcauth.h | 2 +-
5857 include/linux/swiotlb.h | 3 +-
5858 include/linux/syscalls.h | 21 +-
5859 include/linux/syscore_ops.h | 2 +-
5860 include/linux/sysctl.h | 3 +-
5861 include/linux/sysfs.h | 9 +-
5862 include/linux/sysrq.h | 3 +-
5863 include/linux/tcp.h | 14 +-
5864 include/linux/thread_info.h | 7 +
5865 include/linux/tty.h | 4 +-
5866 include/linux/tty_driver.h | 2 +-
5867 include/linux/tty_ldisc.h | 2 +-
5868 include/linux/types.h | 16 +
5869 include/linux/uaccess.h | 6 +-
5870 include/linux/uio_driver.h | 2 +-
5871 include/linux/unaligned/access_ok.h | 24 +-
5872 include/linux/usb.h | 6 +-
5873 include/linux/usb/hcd.h | 1 +
5874 include/linux/usb/renesas_usbhs.h | 2 +-
5875 include/linux/vermagic.h | 21 +-
5876 include/linux/vga_switcheroo.h | 8 +-
5877 include/linux/vmalloc.h | 7 +-
5878 include/linux/vmstat.h | 24 +-
5879 include/linux/xattr.h | 5 +-
5880 include/linux/zlib.h | 3 +-
5881 include/media/v4l2-dev.h | 2 +-
5882 include/media/v4l2-device.h | 2 +-
5883 include/net/9p/transport.h | 2 +-
5884 include/net/bluetooth/l2cap.h | 2 +-
5885 include/net/bonding.h | 2 +-
5886 include/net/caif/cfctrl.h | 6 +-
5887 include/net/flow.h | 2 +-
5888 include/net/genetlink.h | 2 +-
5889 include/net/gro_cells.h | 2 +-
5890 include/net/inet_connection_sock.h | 2 +-
5891 include/net/inet_sock.h | 2 +-
5892 include/net/inetpeer.h | 2 +-
5893 include/net/ip_fib.h | 2 +-
5894 include/net/ip_vs.h | 8 +-
5895 include/net/irda/ircomm_tty.h | 1 +
5896 include/net/iucv/af_iucv.h | 2 +-
5897 include/net/llc_c_ac.h | 2 +-
5898 include/net/llc_c_ev.h | 4 +-
5899 include/net/llc_c_st.h | 2 +-
5900 include/net/llc_s_ac.h | 2 +-
5901 include/net/llc_s_st.h | 2 +-
5902 include/net/mac80211.h | 2 +-
5903 include/net/neighbour.h | 2 +-
5904 include/net/net_namespace.h | 18 +-
5905 include/net/netlink.h | 2 +-
5906 include/net/netns/conntrack.h | 6 +-
5907 include/net/netns/ipv4.h | 4 +-
5908 include/net/netns/ipv6.h | 4 +-
5909 include/net/netns/xfrm.h | 2 +-
5910 include/net/ping.h | 2 +-
5911 include/net/protocol.h | 4 +-
5912 include/net/rtnetlink.h | 2 +-
5913 include/net/sctp/checksum.h | 4 +-
5914 include/net/sctp/sm.h | 4 +-
5915 include/net/sctp/structs.h | 2 +-
5916 include/net/sock.h | 12 +-
5917 include/net/tcp.h | 8 +-
5918 include/net/xfrm.h | 13 +-
5919 include/rdma/iw_cm.h | 2 +-
5920 include/scsi/libfc.h | 3 +-
5921 include/scsi/scsi_device.h | 6 +-
5922 include/scsi/scsi_driver.h | 2 +-
5923 include/scsi/scsi_transport_fc.h | 3 +-
5924 include/scsi/sg.h | 2 +-
5925 include/sound/compress_driver.h | 2 +-
5926 include/sound/soc.h | 4 +-
5927 include/target/target_core_base.h | 2 +-
5928 include/trace/events/irq.h | 4 +-
5929 include/uapi/linux/a.out.h | 8 +
5930 include/uapi/linux/bcache.h | 5 +-
5931 include/uapi/linux/byteorder/little_endian.h | 28 +-
5932 include/uapi/linux/connector.h | 2 +-
5933 include/uapi/linux/elf.h | 28 +
5934 include/uapi/linux/screen_info.h | 3 +-
5935 include/uapi/linux/swab.h | 6 +-
5936 include/uapi/linux/xattr.h | 4 +
5937 include/video/udlfb.h | 8 +-
5938 include/video/uvesafb.h | 1 +
5941 init/do_mounts.c | 14 +-
5942 init/do_mounts.h | 8 +-
5943 init/do_mounts_initrd.c | 30 +-
5944 init/do_mounts_md.c | 6 +-
5945 init/init_task.c | 4 +
5946 init/initramfs.c | 38 +-
5949 ipc/ipc_sysctl.c | 8 +-
5950 ipc/mq_sysctl.c | 4 +-
5953 kernel/audit.c | 8 +-
5954 kernel/auditsc.c | 4 +-
5955 kernel/bpf/core.c | 7 +-
5956 kernel/capability.c | 3 +
5957 kernel/compat.c | 38 +-
5958 kernel/debug/debug_core.c | 16 +-
5959 kernel/debug/kdb/kdb_main.c | 4 +-
5960 kernel/events/core.c | 26 +-
5961 kernel/events/internal.h | 10 +-
5962 kernel/events/uprobes.c | 2 +-
5963 kernel/exit.c | 2 +-
5964 kernel/fork.c | 165 +-
5965 kernel/futex.c | 11 +-
5966 kernel/futex_compat.c | 2 +-
5967 kernel/gcov/base.c | 7 +-
5968 kernel/irq/manage.c | 2 +-
5969 kernel/irq/msi.c | 20 +-
5970 kernel/irq/spurious.c | 2 +-
5971 kernel/jump_label.c | 5 +
5972 kernel/kallsyms.c | 37 +-
5973 kernel/kexec.c | 3 +-
5974 kernel/kmod.c | 8 +-
5975 kernel/kprobes.c | 4 +-
5976 kernel/ksysfs.c | 2 +-
5977 kernel/locking/lockdep.c | 7 +-
5978 kernel/locking/mutex-debug.c | 12 +-
5979 kernel/locking/mutex-debug.h | 4 +-
5980 kernel/locking/mutex.c | 6 +-
5981 kernel/locking/rtmutex-tester.c | 24 +-
5982 kernel/module.c | 422 +-
5983 kernel/notifier.c | 17 +-
5984 kernel/padata.c | 4 +-
5985 kernel/panic.c | 5 +-
5987 kernel/pid_namespace.c | 2 +-
5988 kernel/power/process.c | 12 +-
5989 kernel/profile.c | 14 +-
5990 kernel/ptrace.c | 8 +-
5991 kernel/rcu/rcutorture.c | 60 +-
5992 kernel/rcu/tiny.c | 4 +-
5993 kernel/rcu/tree.c | 66 +-
5994 kernel/rcu/tree.h | 26 +-
5995 kernel/rcu/tree_plugin.h | 14 +-
5996 kernel/rcu/tree_trace.c | 22 +-
5997 kernel/sched/auto_group.c | 4 +-
5998 kernel/sched/completion.c | 6 +-
5999 kernel/sched/core.c | 45 +-
6000 kernel/sched/fair.c | 2 +-
6001 kernel/sched/sched.h | 2 +-
6002 kernel/signal.c | 12 +-
6003 kernel/smpboot.c | 4 +-
6004 kernel/softirq.c | 12 +-
6005 kernel/sys.c | 10 +-
6006 kernel/sysctl.c | 34 +-
6007 kernel/time/alarmtimer.c | 2 +-
6008 kernel/time/posix-cpu-timers.c | 4 +-
6009 kernel/time/posix-timers.c | 24 +-
6010 kernel/time/timer.c | 4 +-
6011 kernel/time/timer_stats.c | 10 +-
6012 kernel/trace/blktrace.c | 6 +-
6013 kernel/trace/ftrace.c | 15 +-
6014 kernel/trace/ring_buffer.c | 96 +-
6015 kernel/trace/trace.c | 2 +-
6016 kernel/trace/trace.h | 2 +-
6017 kernel/trace/trace_clock.c | 4 +-
6018 kernel/trace/trace_events.c | 1 -
6019 kernel/trace/trace_functions_graph.c | 4 +-
6020 kernel/trace/trace_mmiotrace.c | 8 +-
6021 kernel/trace/trace_output.c | 10 +-
6022 kernel/trace/trace_seq.c | 2 +-
6023 kernel/trace/trace_stack.c | 2 +-
6024 kernel/user_namespace.c | 2 +-
6025 kernel/utsname_sysctl.c | 2 +-
6026 kernel/watchdog.c | 2 +-
6027 kernel/workqueue.c | 4 +-
6028 lib/Kconfig.debug | 8 +-
6030 lib/average.c | 2 +-
6031 lib/bitmap.c | 10 +-
6033 lib/debugobjects.c | 2 +-
6034 lib/decompress_bunzip2.c | 3 +-
6035 lib/decompress_unlzma.c | 4 +-
6037 lib/dma-debug.c | 4 +-
6038 lib/inflate.c | 2 +-
6039 lib/ioremap.c | 4 +-
6040 lib/kobject.c | 4 +-
6041 lib/list_debug.c | 126 +-
6042 lib/lockref.c | 44 +-
6043 lib/percpu-refcount.c | 2 +-
6044 lib/radix-tree.c | 2 +-
6045 lib/random32.c | 2 +-
6046 lib/show_mem.c | 2 +-
6047 lib/strncpy_from_user.c | 2 +-
6048 lib/strnlen_user.c | 2 +-
6049 lib/swiotlb.c | 2 +-
6050 lib/usercopy.c | 6 +
6051 lib/vsprintf.c | 12 +-
6053 mm/backing-dev.c | 4 +-
6057 mm/hugetlb.c | 70 +-
6058 mm/internal.h | 3 +-
6061 mm/memory-failure.c | 34 +-
6062 mm/memory.c | 425 +-
6063 mm/mempolicy.c | 25 +
6067 mm/mprotect.c | 137 +-
6070 mm/page-writeback.c | 2 +-
6071 mm/page_alloc.c | 49 +-
6073 mm/process_vm_access.c | 14 +-
6078 mm/slab_common.c | 86 +-
6081 mm/sparse-vmemmap.c | 4 +-
6084 mm/swapfile.c | 12 +-
6086 mm/vmalloc.c | 112 +-
6088 net/8021q/vlan.c | 5 +-
6089 net/8021q/vlan_netlink.c | 2 +-
6091 net/9p/trans_fd.c | 2 +-
6092 net/atm/atm_misc.c | 8 +-
6093 net/atm/lec.h | 2 +-
6094 net/atm/proc.c | 6 +-
6095 net/atm/resources.c | 4 +-
6096 net/ax25/sysctl_net_ax25.c | 2 +-
6097 net/batman-adv/bat_iv_ogm.c | 8 +-
6098 net/batman-adv/fragmentation.c | 2 +-
6099 net/batman-adv/soft-interface.c | 8 +-
6100 net/batman-adv/types.h | 6 +-
6101 net/bluetooth/hci_sock.c | 2 +-
6102 net/bluetooth/l2cap_core.c | 6 +-
6103 net/bluetooth/l2cap_sock.c | 12 +-
6104 net/bluetooth/rfcomm/sock.c | 4 +-
6105 net/bluetooth/rfcomm/tty.c | 4 +-
6106 net/bridge/br_netlink.c | 2 +-
6107 net/bridge/netfilter/ebtables.c | 6 +-
6108 net/caif/cfctrl.c | 11 +-
6109 net/caif/chnl_net.c | 2 +-
6110 net/can/af_can.c | 2 +-
6112 net/ceph/messenger.c | 4 +-
6113 net/compat.c | 24 +-
6114 net/core/datagram.c | 2 +-
6115 net/core/dev.c | 16 +-
6116 net/core/filter.c | 2 +-
6117 net/core/flow.c | 6 +-
6118 net/core/neighbour.c | 4 +-
6119 net/core/net-sysfs.c | 2 +-
6120 net/core/net_namespace.c | 8 +-
6121 net/core/netpoll.c | 4 +-
6122 net/core/rtnetlink.c | 15 +-
6123 net/core/scm.c | 8 +-
6124 net/core/skbuff.c | 8 +-
6125 net/core/sock.c | 28 +-
6126 net/core/sock_diag.c | 15 +-
6127 net/core/sysctl_net_core.c | 22 +-
6128 net/decnet/af_decnet.c | 1 +
6129 net/decnet/sysctl_net_decnet.c | 4 +-
6130 net/dsa/dsa.c | 2 +-
6131 net/hsr/hsr_netlink.c | 2 +-
6132 net/ieee802154/6lowpan/core.c | 2 +-
6133 net/ieee802154/6lowpan/reassembly.c | 14 +-
6134 net/ipv4/af_inet.c | 2 +-
6135 net/ipv4/devinet.c | 18 +-
6136 net/ipv4/fib_frontend.c | 6 +-
6137 net/ipv4/fib_semantics.c | 2 +-
6138 net/ipv4/inet_connection_sock.c | 4 +-
6139 net/ipv4/inet_timewait_sock.c | 2 +-
6140 net/ipv4/inetpeer.c | 2 +-
6141 net/ipv4/ip_fragment.c | 15 +-
6142 net/ipv4/ip_gre.c | 6 +-
6143 net/ipv4/ip_sockglue.c | 2 +-
6144 net/ipv4/ip_vti.c | 4 +-
6145 net/ipv4/ipconfig.c | 6 +-
6146 net/ipv4/ipip.c | 4 +-
6147 net/ipv4/netfilter/arp_tables.c | 12 +-
6148 net/ipv4/netfilter/ip_tables.c | 12 +-
6149 net/ipv4/ping.c | 14 +-
6150 net/ipv4/raw.c | 14 +-
6151 net/ipv4/route.c | 32 +-
6152 net/ipv4/sysctl_net_ipv4.c | 22 +-
6153 net/ipv4/tcp_input.c | 6 +-
6154 net/ipv4/tcp_probe.c | 2 +-
6155 net/ipv4/udp.c | 10 +-
6156 net/ipv4/xfrm4_policy.c | 18 +-
6157 net/ipv6/addrconf.c | 16 +-
6158 net/ipv6/af_inet6.c | 2 +-
6159 net/ipv6/datagram.c | 2 +-
6160 net/ipv6/icmp.c | 2 +-
6161 net/ipv6/ip6_fib.c | 4 +-
6162 net/ipv6/ip6_gre.c | 10 +-
6163 net/ipv6/ip6_tunnel.c | 4 +-
6164 net/ipv6/ip6_vti.c | 4 +-
6165 net/ipv6/ipv6_sockglue.c | 2 +-
6166 net/ipv6/netfilter/ip6_tables.c | 12 +-
6167 net/ipv6/netfilter/nf_conntrack_reasm.c | 14 +-
6168 net/ipv6/ping.c | 33 +-
6169 net/ipv6/raw.c | 17 +-
6170 net/ipv6/reassembly.c | 13 +-
6171 net/ipv6/route.c | 2 +-
6172 net/ipv6/sit.c | 4 +-
6173 net/ipv6/sysctl_net_ipv6.c | 2 +-
6174 net/ipv6/udp.c | 6 +-
6175 net/ipv6/xfrm6_policy.c | 23 +-
6176 net/irda/ircomm/ircomm_tty.c | 18 +-
6177 net/iucv/af_iucv.c | 4 +-
6178 net/iucv/iucv.c | 2 +-
6179 net/key/af_key.c | 4 +-
6180 net/l2tp/l2tp_eth.c | 38 +-
6181 net/l2tp/l2tp_ip.c | 2 +-
6182 net/l2tp/l2tp_ip6.c | 2 +-
6183 net/mac80211/cfg.c | 8 +-
6184 net/mac80211/ieee80211_i.h | 3 +-
6185 net/mac80211/iface.c | 20 +-
6186 net/mac80211/main.c | 2 +-
6187 net/mac80211/pm.c | 4 +-
6188 net/mac80211/rate.c | 2 +-
6189 net/mac80211/sta_info.c | 2 +-
6190 net/mac80211/util.c | 8 +-
6191 net/mpls/af_mpls.c | 6 +-
6192 net/netfilter/ipset/ip_set_core.c | 2 +-
6193 net/netfilter/ipvs/ip_vs_conn.c | 6 +-
6194 net/netfilter/ipvs/ip_vs_core.c | 4 +-
6195 net/netfilter/ipvs/ip_vs_ctl.c | 14 +-
6196 net/netfilter/ipvs/ip_vs_lblc.c | 2 +-
6197 net/netfilter/ipvs/ip_vs_lblcr.c | 2 +-
6198 net/netfilter/ipvs/ip_vs_sync.c | 6 +-
6199 net/netfilter/ipvs/ip_vs_xmit.c | 4 +-
6200 net/netfilter/nf_conntrack_acct.c | 2 +-
6201 net/netfilter/nf_conntrack_ecache.c | 2 +-
6202 net/netfilter/nf_conntrack_helper.c | 2 +-
6203 net/netfilter/nf_conntrack_proto.c | 2 +-
6204 net/netfilter/nf_conntrack_standalone.c | 2 +-
6205 net/netfilter/nf_conntrack_timestamp.c | 2 +-
6206 net/netfilter/nf_log.c | 10 +-
6207 net/netfilter/nf_sockopt.c | 4 +-
6208 net/netfilter/nfnetlink_log.c | 4 +-
6209 net/netfilter/nft_compat.c | 9 +-
6210 net/netfilter/xt_statistic.c | 8 +-
6211 net/netlink/af_netlink.c | 4 +-
6212 net/openvswitch/vport-internal_dev.c | 2 +-
6213 net/openvswitch/vport.c | 16 +-
6214 net/openvswitch/vport.h | 8 +-
6215 net/packet/af_packet.c | 8 +-
6216 net/phonet/pep.c | 6 +-
6217 net/phonet/socket.c | 2 +-
6218 net/phonet/sysctl.c | 2 +-
6219 net/rds/cong.c | 6 +-
6221 net/rds/ib_cm.c | 2 +-
6222 net/rds/ib_recv.c | 4 +-
6224 net/rds/iw_cm.c | 2 +-
6225 net/rds/iw_recv.c | 4 +-
6226 net/rds/rds.h | 2 +-
6227 net/rds/tcp.c | 2 +-
6228 net/rds/tcp_send.c | 2 +-
6229 net/rxrpc/af_rxrpc.c | 2 +-
6230 net/rxrpc/ar-ack.c | 14 +-
6231 net/rxrpc/ar-call.c | 2 +-
6232 net/rxrpc/ar-connection.c | 2 +-
6233 net/rxrpc/ar-connevent.c | 2 +-
6234 net/rxrpc/ar-input.c | 4 +-
6235 net/rxrpc/ar-internal.h | 8 +-
6236 net/rxrpc/ar-local.c | 2 +-
6237 net/rxrpc/ar-output.c | 4 +-
6238 net/rxrpc/ar-peer.c | 2 +-
6239 net/rxrpc/ar-proc.c | 4 +-
6240 net/rxrpc/ar-transport.c | 2 +-
6241 net/rxrpc/rxkad.c | 4 +-
6242 net/sched/sch_generic.c | 4 +-
6243 net/sctp/ipv6.c | 6 +-
6244 net/sctp/protocol.c | 10 +-
6245 net/sctp/sm_sideeffect.c | 2 +-
6246 net/sctp/socket.c | 21 +-
6247 net/sctp/sysctl.c | 10 +-
6248 net/socket.c | 18 +-
6249 net/sunrpc/auth_gss/svcauth_gss.c | 4 +-
6250 net/sunrpc/clnt.c | 4 +-
6251 net/sunrpc/sched.c | 4 +-
6252 net/sunrpc/svc.c | 4 +-
6253 net/sunrpc/svcauth_unix.c | 4 +-
6254 net/sunrpc/xprtrdma/svc_rdma.c | 38 +-
6255 net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 8 +-
6256 net/sunrpc/xprtrdma/svc_rdma_sendto.c | 2 +-
6257 net/sunrpc/xprtrdma/svc_rdma_transport.c | 10 +-
6258 net/tipc/netlink_compat.c | 12 +-
6259 net/tipc/subscr.c | 2 +-
6260 net/unix/af_unix.c | 7 +-
6261 net/unix/sysctl_net_unix.c | 2 +-
6262 net/wireless/wext-core.c | 19 +-
6263 net/xfrm/xfrm_policy.c | 16 +-
6264 net/xfrm/xfrm_state.c | 33 +-
6265 net/xfrm/xfrm_sysctl.c | 2 +-
6266 scripts/Kbuild.include | 2 +-
6267 scripts/Makefile.build | 2 +-
6268 scripts/Makefile.clean | 3 +-
6269 scripts/Makefile.host | 63 +-
6270 scripts/basic/fixdep.c | 12 +-
6271 scripts/dtc/checks.c | 14 +-
6272 scripts/dtc/data.c | 6 +-
6273 scripts/dtc/flattree.c | 8 +-
6274 scripts/dtc/livetree.c | 4 +-
6275 scripts/gcc-plugin.sh | 51 +
6276 scripts/headers_install.sh | 1 +
6277 scripts/kallsyms.c | 4 +-
6278 scripts/kconfig/lkc.h | 5 +-
6279 scripts/kconfig/menu.c | 2 +-
6280 scripts/kconfig/symbol.c | 6 +-
6281 scripts/link-vmlinux.sh | 2 +-
6282 scripts/mod/file2alias.c | 14 +-
6283 scripts/mod/modpost.c | 25 +-
6284 scripts/mod/modpost.h | 6 +-
6285 scripts/mod/sumversion.c | 2 +-
6286 scripts/module-common.lds | 4 +
6287 scripts/package/builddeb | 1 +
6288 scripts/pnmtologo.c | 6 +-
6289 scripts/sortextable.h | 6 +-
6290 scripts/tags.sh | 2 +-
6291 security/Kconfig | 691 +-
6292 security/integrity/ima/ima.h | 4 +-
6293 security/integrity/ima/ima_api.c | 2 +-
6294 security/integrity/ima/ima_fs.c | 4 +-
6295 security/integrity/ima/ima_queue.c | 2 +-
6296 security/keys/key.c | 18 +-
6297 security/selinux/avc.c | 6 +-
6298 security/selinux/include/xfrm.h | 2 +-
6299 security/yama/yama_lsm.c | 2 +-
6300 sound/aoa/codecs/onyx.c | 7 +-
6301 sound/aoa/codecs/onyx.h | 1 +
6302 sound/core/oss/pcm_oss.c | 18 +-
6303 sound/core/pcm_compat.c | 2 +-
6304 sound/core/pcm_native.c | 4 +-
6305 sound/core/sound.c | 2 +-
6306 sound/drivers/mts64.c | 14 +-
6307 sound/drivers/opl4/opl4_lib.c | 2 +-
6308 sound/drivers/portman2x4.c | 3 +-
6309 sound/firewire/amdtp.c | 4 +-
6310 sound/firewire/amdtp.h | 4 +-
6311 sound/firewire/isight.c | 10 +-
6312 sound/firewire/scs1x.c | 8 +-
6313 sound/oss/sb_audio.c | 2 +-
6314 sound/oss/swarm_cs4297a.c | 6 +-
6315 sound/pci/hda/hda_codec.c | 2 +-
6316 sound/pci/ymfpci/ymfpci.h | 2 +-
6317 sound/pci/ymfpci/ymfpci_main.c | 12 +-
6318 sound/soc/soc-ac97.c | 6 +-
6319 sound/soc/xtensa/xtfpga-i2s.c | 2 +-
6320 tools/gcc/Makefile | 42 +
6321 tools/gcc/checker_plugin.c | 150 +
6322 tools/gcc/colorize_plugin.c | 215 +
6323 tools/gcc/constify_plugin.c | 564 +
6324 tools/gcc/gcc-common.h | 790 +
6325 tools/gcc/initify_plugin.c | 450 +
6326 tools/gcc/kallocstat_plugin.c | 188 +
6327 tools/gcc/kernexec_plugin.c | 551 +
6328 tools/gcc/latent_entropy_plugin.c | 470 +
6329 tools/gcc/size_overflow_plugin/.gitignore | 2 +
6330 tools/gcc/size_overflow_plugin/Makefile | 26 +
6331 .../disable_size_overflow_hash.data |11008 ++++++++++++++
6332 .../generate_size_overflow_hash.sh | 103 +
6333 .../insert_size_overflow_asm.c | 409 +
6334 .../size_overflow_plugin/intentional_overflow.c | 980 ++
6335 .../size_overflow_plugin/remove_unnecessary_dup.c | 137 +
6336 tools/gcc/size_overflow_plugin/size_overflow.h | 329 +
6337 .../gcc/size_overflow_plugin/size_overflow_debug.c | 192 +
6338 .../size_overflow_plugin/size_overflow_hash.data |15719 ++++++++++++++++++++
6339 .../size_overflow_hash_aux.data | 92 +
6340 tools/gcc/size_overflow_plugin/size_overflow_ipa.c | 1373 ++
6341 .../gcc/size_overflow_plugin/size_overflow_misc.c | 505 +
6342 .../size_overflow_plugin/size_overflow_plugin.c | 318 +
6343 .../size_overflow_plugin_hash.c | 353 +
6344 .../size_overflow_plugin/size_overflow_transform.c | 576 +
6345 .../size_overflow_transform_core.c | 962 ++
6346 tools/gcc/stackleak_plugin.c | 436 +
6347 tools/gcc/structleak_plugin.c | 287 +
6348 tools/include/linux/compiler.h | 8 +
6349 tools/lib/api/Makefile | 2 +-
6350 tools/perf/util/include/asm/alternative-asm.h | 3 +
6351 tools/virtio/linux/uaccess.h | 2 +-
6352 virt/kvm/kvm_main.c | 44 +-
6353 1963 files changed, 60342 insertions(+), 8946 deletions(-)
projects / thirdparty / grsecurity-scrape.git / blob