X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fgrsecurity-scrape.git;a=blobdiff_plain;f=test%2Fchangelog-test.txt;h=d9d04e79a72dc1b39ce18afd8986c4afacf3b2f2;hp=f3997bd7f5ebf1758386ba3d9bf85724b07d1a17;hb=21439aa39bc38016a3788891b192c07bdab80059;hpb=e30f14e03e7c62c6dd3b4f7b268120cacb346c05 diff --git a/test/changelog-test.txt b/test/changelog-test.txt index f3997bd..d9d04e7 100644 --- a/test/changelog-test.txt +++ b/test/changelog-test.txt @@ -1,3 +1,819 @@ +commit a0b31ddd80510c595b1db203edd009a721e68cfa +Merge: f9c6bb9 c8102ee +Author: Brad Spengler +Date: Sun Mar 5 18:02:18 2017 -0500 + + Merge branch 'pax-test' into grsec-test + +commit c8102eef049988a1905817e4dc4e859287c2923e +Author: Brad Spengler +Date: Sun Mar 5 18:01:22 2017 -0500 + + Update to pax-linux-4.9.13-test6.patch: + - fixed a regression where on amd64 STACKLEAK instrumented functions executed in IRQ context caused a preempt counter overdecrement, by Jason A. Donenfeld , reported by nail (https://forums.grsecurity.net/viewtopic.php?f=3&t=4668) + - fixed an unbalanced pax_open_kernel call that would trigger a BUG in the zt5550 driver + +commit f9c6bb92aa1205f0402085e363fa914ea34beceb +Author: Brad Spengler +Date: Mon Feb 27 06:55:25 2017 -0500 + + Fix softirq warnings reported by nail at: + https://forums.grsecurity.net/viewtopic.php?f=3&t=4668 + and reported and debugged by Jason Donenfeld. + + A stray put_cpu() was left in the pax_check_alloca code when + porting to Linux 4.9, which would cause a preempt imbalance + on interrupts making use of alloca() (either explicitly or through + variable length arrays). + +commit 8019276815d5d50fb57b4a1bd9f33af0c5cd7615 +Author: Brad Spengler +Date: Sun Feb 26 10:28:40 2017 -0500 + + Update size_overflow hash table, from Toralf Foerster + +commit 5996b10c778c1b3378219a3c29ae90b504482a50 +Merge: 1d6d9f9 ef547fe +Author: Brad Spengler +Date: Sun Feb 26 07:41:37 2017 -0500 + + Merge branch 'pax-test' into grsec-test + +commit ef547fea89fc7818dec64af7db1c7528fc3c1436 +Merge: bce7062 3737a5f +Author: Brad Spengler +Date: Sun Feb 26 07:41:28 2017 -0500 + + Merge branch 'linux-4.9.y' into pax-test + +commit 1d6d9f9363ebed20318f0c047dccb5a39a4441e7 +Author: Brad Spengler +Date: Fri Feb 24 07:11:39 2017 -0500 + + Silence a compiler warning, reported by Etienne Buira + +commit e47311b356a178a1652c88cf47aea011f0211061 +Author: Brad Spengler +Date: Thu Feb 23 18:25:41 2017 -0500 + + Update size_overflow hash table + +commit 7852bd5868a61b1a9c4210c0214ef8c1d3e0e7e2 +Merge: 15fc570 bce7062 +Author: Brad Spengler +Date: Thu Feb 23 17:41:07 2017 -0500 + + Merge branch 'pax-test' into grsec-test + +commit bce7062ee9c933a4188dec2691155442df3a79e8 +Merge: b26ab25 ae7d431 +Author: Brad Spengler +Date: Thu Feb 23 17:40:59 2017 -0500 + + Merge branch 'linux-4.9.y' into pax-test + +commit 15fc5704b74ec1d5c4a9ecd00c9e24e9955a1e24 +Author: Brad Spengler +Date: Thu Feb 23 17:35:05 2017 -0500 + + Fix !GRKERNSEC_KMEM && GRKERNSEC_SYSFS_RESTRICT incompatibility with + KVM, reported at https://bugs.gentoo.org/show_bug.cgi?id=597554 + by Christian Roessner, Miro Rovis, and Étienne Buira + +commit c26d7750fb91d084a1ba3fbf84fa892cabf2cee9 +Merge: f0e6f87 b26ab25 +Author: Brad Spengler +Date: Wed Feb 22 20:46:04 2017 -0500 + + Merge branch 'pax-test' into grsec-test + +commit b26ab25c73a41147b14a8edb35eec6a08fafd927 +Author: Brad Spengler +Date: Wed Feb 22 20:45:31 2017 -0500 + + Update to pax-linux-4.9.10-test5.patch: + - fixed resume regression on i386/UDEREF caused by upstream commit ffa64eff956a25548cad0391dbc14c672827be7b, reported by corsac + - fixed compile regression on i386/XEN, reported by bugmenot (https://forums.grsecurity.net/viewtopic.php?f=3&t=4677) + - worked around an intentional integer overflow caused by the amdgpu driver that was caught by the size overflow plugin, reported by foxxx0 (https://forums.grsecurity.net/viewtopic.php?f=3&t=4667) + - made better use of upstream's idea of invpcid + +commit f0e6f87d2d7d767eba1534fd8c1fa4e8e26e00c8 +Author: Andrey Konovalov +Date: Thu Feb 16 17:22:46 2017 +0100 + + dccp: fix freeing skb too early for IPV6_RECVPKTINFO + + In the current DCCP implementation an skb for a DCCP_PKT_REQUEST packet + is forcibly freed via __kfree_skb in dccp_rcv_state_process if + dccp_v6_conn_request successfully returns. + + However, if IPV6_RECVPKTINFO is set on a socket, the address of the skb + is saved to ireq->pktopts and the ref count for skb is incremented in + dccp_v6_conn_request, so skb is still in use. Nevertheless, it gets freed + in dccp_rcv_state_process. + + Fix by calling consume_skb instead of doing goto discard and therefore + calling __kfree_skb. + + Similar fixes for TCP: + + fb7e2399ec17f1004c0e0ccfd17439f8759ede01 [TCP]: skb is unexpectedly freed. + 0aea76d35c9651d55bbaf746e7914e5f9ae5a25d tcp: SYN packets are now + simply consumed + + Signed-off-by: Andrey Konovalov + Acked-by: Eric Dumazet + Signed-off-by: David S. Miller + +commit 9f575ef66df46cb78f751e0d8d509171afe3933e +Author: Brad Spengler +Date: Sat Feb 18 13:09:26 2017 -0500 + + Update size_overflow hash table + +commit e927308508ef20392a61e493bc411e73d597682f +Merge: 55d2e75 d711991 +Author: Brad Spengler +Date: Sat Feb 18 11:35:11 2017 -0500 + + Merge branch 'pax-test' into grsec-test + +commit d711991b1628e84076fde9b2c94d25920cca7882 +Merge: 70fbe2f eee1550 +Author: Brad Spengler +Date: Sat Feb 18 11:34:56 2017 -0500 + + Merge branch 'linux-4.9.y' into pax-test + +commit 55d2e7501a1db909073644bb1b5c58effb627754 +Author: Brad Spengler +Date: Thu Feb 16 19:47:51 2017 -0500 + + Allow symbol printing for softirq change + +commit e489c2948bc9e1d9643c84667bf81ac8387293e0 +Merge: d7b63ba 70fbe2f +Author: Brad Spengler +Date: Thu Feb 16 19:47:37 2017 -0500 + + Merge branch 'pax-test' into grsec-test + + n why this merge is necessary, + +commit 70fbe2fc1540632d2cc67e770d826f9637b5b73f +Author: Brad Spengler +Date: Thu Feb 16 19:46:55 2017 -0500 + + Update to pax-linux-4.9.10-test4.patch: + - worked around a gcc induced integer truncation that triggered a size overflow, reported by René Korthaus (https://bugs.gentoo.org/show_bug.cgi?id=609500) + - disabled size overflow checking on qdisc_tree_reduce_backlog for good as newer gcc is smart enough to get around the previous workaround, reported by craftyguy (https://forums.grsecurity.net/viewtopic.php?f=3&t=4640) + - fixed a SEGMEXEC/vma mirroring regression, reported by osea (https://forums.grsecurity.net/viewtopic.php?f=3&t=4643) + +commit d7b63bad761e0ca8897ec9c5df4482483aa20201 +Merge: d310a9c b6296dc +Author: Brad Spengler +Date: Wed Feb 15 20:18:47 2017 -0500 + + Merge branch 'pax-test' into grsec-test + +commit b6296dc3544b4a4543a45777a5cc1ecb2ce51042 +Author: Brad Spengler +Date: Wed Feb 15 20:16:32 2017 -0500 + + Update to pax-linux-4.9.9-test3.patch: + - fixed a compile error on i386 with X86_CMPXCHG64=n, by Natanael Copa + - Emese fixed a few section mismatches and compile errors caused by the initify plugin, reported by Kees Cook, hunger and Valdis Kletnieks + - fixed a compile error caused by type mismatches on i386, reported by spender + +commit d310a9c0ab751121a5f97196857bfe4e90d86adf +Author: Brad Spengler +Date: Wed Feb 15 20:03:55 2017 -0500 + + compile fix, reported by ncopa + +commit f6fed850d763aca4162bc24b29afe5bb23d49d91 +Merge: c3fff1a 1971888 +Author: Brad Spengler +Date: Wed Feb 15 17:21:00 2017 -0500 + + Merge branch 'pax-test' into grsec-test + +commit 19718886c80977af99f8181fe8e91b0f6f1fb5f7 +Merge: b608a1f 390caee +Author: Brad Spengler +Date: Wed Feb 15 17:20:51 2017 -0500 + + Merge branch 'linux-4.9.y' into pax-test + +commit c3fff1a653824ad47021d536dec50e8c937e6347 +Merge: 57a5c6d b608a1f +Author: Brad Spengler +Date: Sun Feb 12 20:14:55 2017 -0500 + + Merge branch 'pax-test' into grsec-test + +commit b608a1f8eadf8287e6accf031da5f5e26964e79a +Author: Brad Spengler +Date: Sun Feb 12 20:14:47 2017 -0500 + + compile fix + +commit 57a5c6d747cce4a1dd99e3677ddb564c47c5305a +Merge: f1a2106 0851ca2 +Author: Brad Spengler +Date: Sun Feb 12 20:13:15 2017 -0500 + + Merge branch 'pax-test' into grsec-test + +commit 0851ca2f75213d1f9aabe2d10f98553bf642e024 +Author: Brad Spengler +Date: Sun Feb 12 20:13:02 2017 -0500 + + compile fix + +commit f1a2106f030f628edd9d729e8a4cf7a7cbaffe70 +Merge: fb5b3e7 5cff6ef +Author: Brad Spengler +Date: Sun Feb 12 20:05:35 2017 -0500 + + Merge branch 'pax-test' into grsec-test + +commit 5cff6ef64e73635a287a5635ed89db37b4860336 +Author: Brad Spengler +Date: Sun Feb 12 20:05:28 2017 -0500 + + compile fix + +commit fb5b3e71be3a859d01a3e935762125808f8dcff4 +Merge: 005e22e a85c589 +Author: Brad Spengler +Date: Sun Feb 12 19:54:55 2017 -0500 + + Merge branch 'pax-test' into grsec-test + +commit a85c5893051fbbc5b97ab6504747f60d9359dabe +Author: Brad Spengler +Date: Sun Feb 12 19:54:47 2017 -0500 + + compile fix + +commit 005e22eb6f5f0630dc47c5bf4c37fe72cb8d5afa +Merge: 230f6cf e376f96 +Author: Brad Spengler +Date: Sun Feb 12 19:49:23 2017 -0500 + + Merge branch 'pax-test' into grsec-test + +commit e376f965ed749044bc294004f16b36f4ca7fab28 +Author: Brad Spengler +Date: Sun Feb 12 19:49:16 2017 -0500 + + compile fix + +commit 230f6cf74a165b342fdc05c8202422e8e243b528 +Merge: a60f9ee f4cbdea +Author: Brad Spengler +Date: Sun Feb 12 19:38:05 2017 -0500 + + Merge branch 'pax-test' into grsec-test + +commit f4cbdeaa06cfd3658346f94abb5b6e11fe025961 +Author: Brad Spengler +Date: Sun Feb 12 19:37:57 2017 -0500 + + compile fix + +commit a60f9eef51ff4133c0a713bc89c5e2137999e74c +Merge: dc07488 d545a4c +Author: Brad Spengler +Date: Sun Feb 12 19:24:32 2017 -0500 + + Merge branch 'pax-test' into grsec-test + +commit d545a4c83b3191aeee56ebda071a8476a046eb40 +Author: Brad Spengler +Date: Sun Feb 12 19:22:21 2017 -0500 + + Update to pax-linux-4.9.8-test2.patch: + - switched to upstream commit 76bee23411f8510fbf5fc5641bae2c203b726eb6 to fix LTO builds + - fixed the symbol export of cpu_gdt_table on x86, by corsac + - fixed a bunch of compile warnings, by Mathias Krause + - fixed PARAVIRT/RAP boot problems, reported by quasar366 (https://forums.grsecurity.net/viewtopic.php?f=3&t=4663) and Rhett M. Bowen (https://bugs.archlinux.org/task/52881#comment155215), tested by pierrecap@yahoo.fr + - fixed KERNEXEC/UEFI boot problems, reported by anoteros (https://bugs.gentoo.org/show_bug.cgi?id=608680) and Clayton Craft (https://bugs.archlinux.org/task/52881#comment155250) + +commit dc07488c378373e2bf6b60df31709da5ff767afd +Author: Sean Rees +Date: Wed Feb 8 14:30:59 2017 -0800 + + Another bug from this pointless mitigation + see also: https://twitter.com/halvarflake/status/827613317296508928 + + mm/slub.c: fix random_seq offset destruction + + Commit 210e7a43fa90 ("mm: SLUB freelist randomization") broke USB hub + initialisation as described in + + https://bugzilla.kernel.org/show_bug.cgi?id=177551. + + Bail out early from init_cache_random_seq if s->random_seq is already + initialised. This prevents destroying the previously computed + random_seq offsets later in the function. + + If the offsets are destroyed, then shuffle_freelist will truncate + page->freelist to just the first object (orphaning the rest). + + Fixes: 210e7a43fa90 ("mm: SLUB freelist randomization") + Link: http://lkml.kernel.org/r/20170207140707.20824-1-sean@erifax.org + Signed-off-by: Sean Rees + Reported-by: + Cc: Christoph Lameter + Cc: Pekka Enberg + Cc: David Rientjes + Cc: Joonsoo Kim + Cc: Thomas Garnier + Cc: + Signed-off-by: Andrew Morton + Signed-off-by: Linus Torvalds + +commit 7bb22c6cffa5d31bd953b6161db96000edd9eb23 +Merge: a86976a8 9d73aa5 +Author: Brad Spengler +Date: Thu Feb 9 07:22:12 2017 -0500 + + Merge branch 'pax-test' into grsec-test + +commit 9d73aa5a4dee061781926c89c592a7d447804e7d +Merge: 709a650 d2e4b66 +Author: Brad Spengler +Date: Thu Feb 9 07:22:05 2017 -0500 + + Merge branch 'linux-4.9.y' into pax-test + +commit a86976a86e06bb353a436c2486b1ccfb471f9c50 +Author: Brad Spengler +Date: Tue Feb 7 08:31:41 2017 -0500 + + compile fix + +commit 6261adb89e218739e07dc2e55fc87534ea2da325 +Author: Brad Spengler +Date: Tue Feb 7 07:43:30 2017 -0500 + + Relax /proc/pid/auxv check to match what was present in previous patches. + Many thanks to M. Vefa Bicakci for the report and fix! + +commit cabfb9cbd9201438006865d5e67d10105d8430bc +Author: Brad Spengler +Date: Tue Feb 7 07:31:48 2017 -0500 + + Cleanup from Mathias Krause + +commit 24cf8c373075b002719617a16a180bcd1c281c83 +Author: Brad Spengler +Date: Tue Feb 7 07:28:52 2017 -0500 + + Fix driver error case that we had correct but which broke when merging + upstream's ripoff of our code, reported by Mathias Krause + +commit d467970a05a441b364d247d5b4366913e44ad7ef +Merge: cd0b761 709a650 +Author: Brad Spengler +Date: Sun Feb 5 10:00:34 2017 -0500 + + Merge branch 'pax-test' into grsec-test + +commit 709a650aee15f96f6f564e8f4753ce4d2ce4d666 +Author: Brad Spengler +Date: Sun Feb 5 10:00:20 2017 -0500 + + Update to pax-linux-4.9.8-test1x.patch + +commit cd0b7618163bb40398b593d3649920ded2e1af33 +Author: Brad Spengler +Date: Sat Feb 4 15:58:39 2017 -0500 + + Update size_overflow hash table + +commit a6ac7f5e6378cef84c4c00a051725c023a63021b +Author: Brad Spengler +Date: Sat Feb 4 14:58:33 2017 -0500 + + Update size_overflow hash tables + +commit ae5d77fb41c008fcc8b504c350fe3556b43c3973 +Author: Brad Spengler +Date: Sat Feb 4 12:35:54 2017 -0500 + + Update size_overflow hash table + +commit 25a2af42cf8bd480755fb946623e868e297a3136 +Author: Brad Spengler +Date: Sat Feb 4 12:25:45 2017 -0500 + + Initial import of grsecurity 3.1 for Linux 4.9.8 + +commit e3932cb3abbbcfa7e0c7414541fdbd0a27453d4d +Author: Brad Spengler +Date: Sat Feb 4 11:52:14 2017 -0500 + + Update to pax-linux-4.9.8-test1.patch + +commit 979bddf15aa0dbb73dcd418d18ff2fd30ff1b38e +Merge: d93b949 c8ea2f3 +Author: Brad Spengler +Date: Sat Feb 4 04:27:39 2017 -0500 + + Merge branch 'linux-4.9.y' into pax-test + +commit d93b94991428cb11d0f66e209c070b1ba884bf83 +Author: Brad Spengler +Date: Thu Feb 2 17:26:16 2017 -0500 + + Update to pax-linux-4.9.6-test1xxxxxy.patch + +commit c5ecf5720061b63b90eb0ae6dcac9a7b88edd723 +Author: Brad Spengler +Date: Wed Feb 1 21:22:36 2017 -0500 + + Update to pax-linux-4.9.6-test1xxxxx.patch + +commit aede64e292980acc6c5784bb18864cd7fabec093 +Author: Brad Spengler +Date: Wed Feb 1 20:34:33 2017 -0500 + + Update to pax-linux-4.9.6-test1xxxx.patch + +commit 24a41127f3313bba134e0b68ab9da40f2b0f1ab5 +Author: Brad Spengler +Date: Wed Feb 1 19:32:39 2017 -0500 + + Update to pax-linux-4.9.6-test1xxx.patch + +commit 5ed38e522dd7df25d0102f9faf97fca62ba84102 +Merge: a2e84e3 fd2ffe5 +Author: Brad Spengler +Date: Wed Feb 1 08:14:15 2017 -0500 + + Merge branch 'linux-4.9.y' into pax-test + +commit a2e84e35dd4c940ddf23d70de6b29a48cbcaa39c +Author: Brad Spengler +Date: Wed Feb 1 07:40:25 2017 -0500 + + Update to pax-linux-4.9.6-test1xx.patch + +commit a06453c00dca1885a8f638b5a4e0dfa703a2094f +Author: Brad Spengler +Date: Tue Jan 31 19:50:03 2017 -0500 + + Update to pax-linux-4.9.6-test1x.patch + +commit a78566f6da3985944fee653782344976e37a5dea +Author: Brad Spengler +Date: Fri Jan 27 21:41:39 2017 -0500 + + Initial import of pax-linux-4.9.6-test1.patch +commit e5800118f68fd1553ac02b1f05bc3d567a884e22 +Author: Brad Spengler +Date: Sun Jan 15 15:50:04 2017 -0500 + + Fix size_overflow FP with gcc 6 reported by craftyguy at: + https://forums.grsecurity.net/viewtopic.php?f=3&t=4640 + + scripts/gcc-plugins/size_overflow_plugin/disable.data | 1 + + scripts/gcc-plugins/size_overflow_plugin/e_fields.data | 1 - + 2 files changed, 1 insertion(+), 1 deletion(-) + +commit 5861d0ad8a1c929257f1eda7f97dadbc1818112f +Author: Brad Spengler +Date: Sun Jan 15 14:17:09 2017 -0500 + + Initify plugin updates from Emese Revfy: + + Fixed a logical error that caused a section mismatch + Forgot to handle callees from a caller that is marked by BOTH. + + WARNING: vmlinux.o(.text.unlikely+0x1b1): Section mismatch in + reference from the function uncore_pci_exit.part.22() to the function + .init.text:uncore_free_pcibus_map() + The function uncore_pci_exit.part.22() references + the function __init uncore_free_pcibus_map(). + This is often because uncore_pci_exit.part.22 lacks a __init + annotation or the annotation of uncore_free_pcibus_map is wrong. + + Reported-by: Kees Cook + + Examine all clones as well for __init/__exit eligibility + WARNING: vmlinux.o(.text+0x1087e7): Section mismatch in reference from + the function rebind_subsystems() to the variable + .init.rodata.str:__func__.4400 + The function rebind_subsystems() references + the variable __initconst __func__.4400. + This is often because rebind_subsystems lacks a __initconst + annotation or the annotation of __func__.4400 is wrong. + + Reported-by: Kees Cook + + scripts/gcc-plugins/initify_plugin.c | 76 ++++++++++++++++++++++++------------ + 1 file changed, 51 insertions(+), 25 deletions(-) + +commit 08e03c1434f26e9b56f00a6ce8236320bd557494 +Author: Brad Spengler +Date: Sun Jan 15 14:08:04 2017 -0500 + + After over a year of hard work, KSPP has finally released its first + ever contribution back to grsecurity, the project from which KSPP + plagiarizes^Wobtains every useful improvement to Linux security. We are proud to + announce in this joint release the fruits of their hard work: a typo fix + to change 'unkown' to 'unknown' when reporting incorrect GCC plugin + command line arguments. Many thanks to Kees Cook and KSPP for this + innovation in spell check, and we look forward to many future + contributions of the same ilk from their capable hands. 'This + contribution of a typo fix confirms the high level of respect and + commitment to long-term sustainability KSPP has for grsecurity and its + innovative efforts over the past 16 years in producing the state of the + art in Linux security' said Brad Spengler, President of Open Source + Security Inc. + + "Based on a patch by Kees Cook" (since like much upstream efforts this + one was incomplete in that it missed the rap and size_overflow typos + as they existed in separate directories). + + scripts/gcc-plugins/checker_plugin.c | 2 +- + scripts/gcc-plugins/colorize_plugin.c | 2 +- + scripts/gcc-plugins/constify_plugin.c | 2 +- + scripts/gcc-plugins/initify_plugin.c | 2 +- + scripts/gcc-plugins/kernexec_plugin.c | 2 +- + scripts/gcc-plugins/latent_entropy_plugin.c | 2 +- + scripts/gcc-plugins/randomize_layout_plugin.c | 2 +- + scripts/gcc-plugins/rap_plugin/rap_plugin.c | 2 +- + scripts/gcc-plugins/sancov_plugin.c | 2 +- + scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin.c | 2 +- + scripts/gcc-plugins/stackleak_plugin.c | 2 +- + scripts/gcc-plugins/structleak_plugin.c | 2 +- + 12 files changed, 12 insertions(+), 12 deletions(-) + +commit 9b4ad0aa5ee41a03f02a928e2fd9679044048bde +Author: Brad Spengler +Date: Sun Jan 15 12:18:18 2017 -0500 + + Fix boot hang on 32-bit 4.8 kernels with SEGMEXEC enabled, reported by + osea at: + https://forums.grsecurity.net/viewtopic.php?f=3&t=4643 + + mm/memory.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +commit 2c93d3e0efb5b3d413cf2c0c5ac56faf47fa3e2d +Author: Brad Spengler +Date: Sun Jan 15 08:52:57 2017 -0500 + + Allow USERCOPY to be disabled, was a bug in PaX that somehow slipped through + the holiday cracks + + Reported by Chris Henhawke at: + https://bugs.gentoo.org/show_bug.cgi?id=603188 + + security/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit e86618efec929cb7f77480f35b21154368f2e7d1 +Author: John Sperbeck +Date: Tue Jan 10 16:58:24 2017 -0800 + + From the team that brought you useless improvements to the useless KASLR: + Useless mitigation causing likely privesc, with one of the worst commit messages + of all time (that wasn't written by an upstream developer for once -- to his credit, + Andrew Morton actually demanded more info (albeit receiving it in vague quality), + without which this commit message would have been even more sparse. + + Someone should request a CVE for this: + + mm/slab.c: fix SLAB freelist randomization duplicate entries + + This patch fixes a bug in the freelist randomization code. When a high + random number is used, the freelist will contain duplicate entries. It + will result in different allocations sharing the same chunk. + + It will result in odd behaviours and crashes. It should be uncommon but + it depends on the machines. We saw it happening more often on some + machines (every few hours of running tests). + + Fixes: c7ce4f60ac19 ("mm: SLAB freelist randomization") + Link: http://lkml.kernel.org/r/20170103181908.143178-1-thgarnie@google.com + Signed-off-by: John Sperbeck + Signed-off-by: Thomas Garnier + Cc: Christoph Lameter + Cc: Pekka Enberg + Cc: David Rientjes + Cc: Joonsoo Kim + Cc: + Signed-off-by: Andrew Morton + Signed-off-by: Linus Torvalds + + mm/slab.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +commit f7abe91bbcb4950f9c611fadd813b6dbe68db74b +Merge: 124f515 006324d +Author: Brad Spengler +Date: Mon Jan 9 07:22:15 2017 -0500 + + Merge branch 'pax-test' into grsec-test + +commit 006324d50d856bb254eb375407bc0478f8ae95eb +Merge: 2f6e197 3d8f8d0 +Author: Brad Spengler +Date: Mon Jan 9 07:22:06 2017 -0500 + + Merge branch 'linux-4.8.y' into pax-test + +commit 124f5155ead017e547c2a3736a312762870d4b0d +Author: Brad Spengler +Date: Fri Jan 6 18:03:39 2017 -0500 + + compile fix + + fs/exec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 655fffef715aff25550a3a90eaf4a7d06426ed8f +Author: Brad Spengler +Date: Fri Jan 6 17:57:28 2017 -0500 + + compile fix + + fs/exec.c | 2 +- + kernel/ptrace.c | 3 ++- + 2 files changed, 3 insertions(+), 2 deletions(-) + +commit a4f3d168f78cb8d84eaabba7dd501799b1f6e5a1 +Merge: c86a12c 2f6e197 +Author: Brad Spengler +Date: Fri Jan 6 09:01:05 2017 -0500 + + Merge branch 'pax-test' into grsec-test + +commit 2f6e19780747cdf28176251e19d15c2741b58813 +Merge: a685c6f c65ed08 +Author: Brad Spengler +Date: Fri Jan 6 08:01:20 2017 -0500 + + Merge branch 'linux-4.8.y' into pax-test + +commit c86a12c6f8a8551a0025ad531abe9d383e7388d2 +Author: Brad Spengler +Date: Tue Jan 3 17:37:11 2017 -0500 + + Fix an off-by-one in reporting some denied socket families, as reported by + Blub + + grsecurity/gracl_ip.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 85f6681653925320e2040a772aa9526d7bdbe083 +Merge: 9d7ca54 a685c6f +Author: Brad Spengler +Date: Tue Jan 3 17:18:37 2017 -0500 + + Merge branch 'pax-test' into grsec-test + +commit a685c6fc603aac945ce129adfcbeb9b05b0aba62 +Author: Brad Spengler +Date: Tue Jan 3 17:18:07 2017 -0500 + + Update to pax-linux-4.8.15-test9.patch: + - fixed a few compiler warnings due to KERNEXEC and constification, reported by spender + - made a few micro-optimizations to lretq usage on amd64 and BUG_ON + - updated gcc-common.h and the plugins to eliminate some code bloat in pass registration + - fixed the use of build_string in all gcc plugins as it doesn't set TREE_TYPE itself + + arch/x86/kernel/head_64.S | 6 +- + drivers/hv/hv.c | 2 +- + drivers/net/ethernet/amd/xgbe/xgbe.h | 6 +- + include/asm-generic/bug.h | 2 +- + scripts/gcc-plugins/checker_plugin.c | 15 +-- + scripts/gcc-plugins/colorize_plugin.c | 8 +- + scripts/gcc-plugins/constify_plugin.c | 9 +- + scripts/gcc-plugins/cyc_complexity_plugin.c | 8 +- + scripts/gcc-plugins/gcc-common.h | 106 ++++++++++++++++++--- + scripts/gcc-plugins/initify_plugin.c | 12 +-- + scripts/gcc-plugins/kallocstat_plugin.c | 8 +- + scripts/gcc-plugins/kernexec_plugin.c | 28 ++---- + scripts/gcc-plugins/latent_entropy_plugin.c | 10 +- + scripts/gcc-plugins/rap_plugin/rap_plugin.c | 24 ++--- + scripts/gcc-plugins/sancov_plugin.c | 14 ++- + .../insert_size_overflow_asm.c | 6 +- + .../size_overflow_plugin/size_overflow_ipa.c | 2 +- + .../size_overflow_plugin/size_overflow_plugin.c | 26 ++--- + .../size_overflow_plugin/size_overflow_transform.c | 4 +- + .../size_overflow_transform_core.c | 20 +--- + scripts/gcc-plugins/stackleak_plugin.c | 18 +--- + scripts/gcc-plugins/structleak_plugin.c | 8 +- + 22 files changed, 164 insertions(+), 178 deletions(-) + +commit 9d7ca543b94c0203affd278739c77992ccaa7ba6 +Author: Brad Spengler +Date: Fri Dec 30 18:21:59 2016 -0500 + + Fix virtualbox host compatibility as reported by aurelf at: + https://forums.grsecurity.net/viewtopic.php?f=3&t=4634 + + This will be reverted once the VirtualBox devs stop disabling + SMAP unnecessarily, which seems like it will happen never. + Anyone who cares about security of their host system shouldn't + use VirtualBox, as it already precludes the use of KERNEXEC, UDEREF, + and RANDKSTACK. + + arch/x86/include/asm/irqflags.h | 4 ++++ + 1 file changed, 4 insertions(+) + +commit cec0b19f2d7ac2d8f8357aee654dddd4418086b8 +Author: Brad Spengler +Date: Thu Dec 22 22:19:33 2016 -0500 + + Make HIDESYM select PAX_USERCOPY instead of the now nonexistent PAX_USERCOPY_SLABS + + grsecurity/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 61c3fa5b25ecc4a7c4f3d531a5cc76adeb89336c +Author: Brad Spengler +Date: Thu Dec 15 18:36:17 2016 -0500 + + Update size_overflow hash table + + scripts/gcc-plugins/size_overflow_plugin/e_fns.data | 1 + + 1 file changed, 1 insertion(+) + +commit 58e3f480aa38ec2007ec86afdbe668cf30238cd2 +Author: Linus Torvalds +Date: Wed Dec 14 12:45:25 2016 -0800 + + vfs,mm: fix return value of read() at s_maxbytes + + We truncated the possible read iterator to s_maxbytes in commit + c2a9737f45e2 ("vfs,mm: fix a dead loop in truncate_inode_pages_range()"), + but our end condition handling was wrong: it's not an error to try to + read at the end of the file. + + Reading past the end should return EOF (0), not EINVAL. + + See for example + + https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1649342 + http://lists.gnu.org/archive/html/bug-coreutils/2016-12/msg00008.html + + where a md5sum of a maximally sized file fails because the final read is + exactly at s_maxbytes. + + Fixes: c2a9737f45e2 ("vfs,mm: fix a dead loop in truncate_inode_pages_range()") + Reported-by: Joseph Salisbury + Cc: Wei Fang + Cc: Christoph Hellwig + Cc: Dave Chinner + Cc: Al Viro + Cc: Andrew Morton + Cc: stable@kernel.org + Signed-off-by: Linus Torvalds + + mm/filemap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 70975981c11bc45fd4ad44e9a6f5e8c2210a14f6 +Merge: 3a0285a 224c7ab +Author: Brad Spengler +Date: Thu Dec 15 17:43:49 2016 -0500 + + Merge branch 'pax-test' into grsec-test + +commit 224c7ab2cacdcf25cc319978f7fbe64f519f03f0 +Merge: ccbe963 8bba2e2 +Author: Brad Spengler +Date: Thu Dec 15 17:43:37 2016 -0500 + + Merge branch 'linux-4.8.y' into pax-test + +commit 3a0285abbc886698581f682e6d269143c1709031 +Merge: eec49c3 ccbe963 +Author: Brad Spengler +Date: Sat Dec 10 17:49:55 2016 -0500 + + Merge branch 'pax-test' into grsec-test + +commit ccbe96350259e7d78fb4178ab1e5ece026641816 +Merge: dd08da6 7b8c57c +Author: Brad Spengler +Date: Sat Dec 10 17:49:17 2016 -0500 + + Update to pax-linux-4.8.14-test8.patch: + - fixed hyperv hypercall page handling when compiled as a module, reported by Kyle Spiers (kyle@atomicorp.com) + - fixed a logic error in initify that initified some ineligible functions triggering a boot crash under hyperv, reported by Kyle Spiers (kyle@atomicorp.com) + - Emese turned the compile time error checking of the nocapture attribute into a warning instead + - prototypes were missing for make_*_pass(), reported by Andrew Donnellan + + Merge branch 'linux-4.8.y' into pax-test + commit eec49c307bcebdfb24cd0c9d1d69282490d30e90 Merge: 2fd4ed6 dd08da6 Author: Brad Spengler