[kernel] r22540 - in dists/wheezy-backports/linux: . debian debian/patches debian/patches/bugfix/all debian/patches/bugfix/all/access_once debian/patches/bugfix/x86

Ben Hutchings benh at moszumanska.debian.org
Mon Apr 27 19:47:14 UTC 2015


Author: benh
Date: Mon Apr 27 19:47:14 2015
New Revision: 22540

Log:
Merge changes from jessie up to 3.16.7-ckt9-3~deb8u1

Added:
   dists/wheezy-backports/linux/debian/patches/bugfix/all/access_once/
      - copied from r22527, dists/jessie-security/linux/debian/patches/bugfix/all/access_once/
   dists/wheezy-backports/linux/debian/patches/bugfix/all/fs-take-i_mutex-during-prepare_binprm-for-set-ug-id-.patch
      - copied unchanged from r22527, dists/jessie-security/linux/debian/patches/bugfix/all/fs-take-i_mutex-during-prepare_binprm-for-set-ug-id-.patch
   dists/wheezy-backports/linux/debian/patches/bugfix/all/tcp-fix-crash-in-tcp-fast-open.patch
      - copied unchanged from r22527, dists/jessie-security/linux/debian/patches/bugfix/all/tcp-fix-crash-in-tcp-fast-open.patch
   dists/wheezy-backports/linux/debian/patches/bugfix/all/xen-netfront-release-per-queue-Tx-and-Rx-resource-wh.patch
      - copied unchanged from r22527, dists/jessie-security/linux/debian/patches/bugfix/all/xen-netfront-release-per-queue-Tx-and-Rx-resource-wh.patch
   dists/wheezy-backports/linux/debian/patches/bugfix/x86/crypto-aesni-fix-memory-usage-in-GCM-decryption.patch
      - copied unchanged from r22527, dists/jessie-security/linux/debian/patches/bugfix/x86/crypto-aesni-fix-memory-usage-in-GCM-decryption.patch
Modified:
   dists/wheezy-backports/linux/   (props changed)
   dists/wheezy-backports/linux/debian/changelog
   dists/wheezy-backports/linux/debian/patches/series

Modified: dists/wheezy-backports/linux/debian/changelog
==============================================================================
--- dists/wheezy-backports/linux/debian/changelog	Mon Apr 27 19:44:59 2015	(r22539)
+++ dists/wheezy-backports/linux/debian/changelog	Mon Apr 27 19:47:14 2015	(r22540)
@@ -1,3 +1,35 @@
+linux (3.16.7-ckt9-3~deb8u1~bpo70+1) wheezy-backports; urgency=high
+
+  * Rebuild for wheezy:
+    - Disable architectures that weren't part of wheezy
+    - Use gcc-4.6 for all architectures
+    - Change ABI number to 0.bpo.4
+    - [arm] btrfs: Work around bug in gcc-4.6 (fixes FTBFS)
+    - linux-image: Depend on initramfs-tools without any alternatives, so
+      that neither apt nor aptitude will automatically switch to dracut
+
+ -- Ben Hutchings <ben at decadent.org.uk>  Mon, 27 Apr 2015 20:13:07 +0100
+
+linux (3.16.7-ckt9-3~deb8u1) jessie-security; urgency=high
+
+  [ Ben Hutchings ]
+  * [x86] crypto: aesni - fix memory usage in GCM decryption (Closes: #782561)
+    (CVE-2015-3331)
+  * tcp: Fix crash in TCP Fast Open (Closes: #782515) (CVE-2015-3332)
+  * kernel: Provide READ_ONCE and ASSIGN_ONCE
+  * Replace use of ACCESS_ONCE on non-scalar types with READ_ONCE or barriers
+    as appropriate
+  * kernel: tighten rules for ACCESS ONCE
+  * kernel: Change ASSIGN_ONCE(val, x) to WRITE_ONCE(x, val)
+  * fs: take i_mutex during prepare_binprm for set[ug]id executables
+    (CVE-2015-3339)
+
+  [ Ian Campbell ]
+  * [xen] release per-queue Tx and Rx resource when disconnecting, fixing
+    network after save/restore or migration. (Closes: #782698)
+
+ -- Ben Hutchings <ben at decadent.org.uk>  Fri, 24 Apr 2015 03:00:00 +0100
+
 linux (3.16.7-ckt9-2~bpo70+1) wheezy-backports; urgency=medium
 
   * Rebuild for wheezy:

Copied: dists/wheezy-backports/linux/debian/patches/bugfix/all/fs-take-i_mutex-during-prepare_binprm-for-set-ug-id-.patch (from r22527, dists/jessie-security/linux/debian/patches/bugfix/all/fs-take-i_mutex-during-prepare_binprm-for-set-ug-id-.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/wheezy-backports/linux/debian/patches/bugfix/all/fs-take-i_mutex-during-prepare_binprm-for-set-ug-id-.patch	Mon Apr 27 19:47:14 2015	(r22540, copy of r22527, dists/jessie-security/linux/debian/patches/bugfix/all/fs-take-i_mutex-during-prepare_binprm-for-set-ug-id-.patch)
@@ -0,0 +1,112 @@
+From: Jann Horn <jann at thejh.net>
+Date: Sun, 19 Apr 2015 02:48:39 +0200
+Subject: fs: take i_mutex during prepare_binprm for set[ug]id executables
+Origin: https://git.kernel.org/linus/8b01fc86b9f425899f8a3a8fc1c47d73c2c20543
+
+This prevents a race between chown() and execve(), where chowning a
+setuid-user binary to root would momentarily make the binary setuid
+root.
+
+This patch was mostly written by Linus Torvalds.
+
+Signed-off-by: Jann Horn <jann at thejh.net>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+[bwh: Backported to 3.16: s/task_no_new_privs(current)/current->no_new_privs/]
+---
+ fs/exec.c | 76 ++++++++++++++++++++++++++++++++++++++++-----------------------
+ 1 file changed, 48 insertions(+), 28 deletions(-)
+
+--- a/fs/exec.c
++++ b/fs/exec.c
+@@ -1254,6 +1254,53 @@ static void check_unsafe_exec(struct lin
+ 	spin_unlock(&p->fs->lock);
+ }
+ 
++static void bprm_fill_uid(struct linux_binprm *bprm)
++{
++	struct inode *inode;
++	unsigned int mode;
++	kuid_t uid;
++	kgid_t gid;
++
++	/* clear any previous set[ug]id data from a previous binary */
++	bprm->cred->euid = current_euid();
++	bprm->cred->egid = current_egid();
++
++	if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
++		return;
++
++	if (current->no_new_privs)
++		return;
++
++	inode = file_inode(bprm->file);
++	mode = READ_ONCE(inode->i_mode);
++	if (!(mode & (S_ISUID|S_ISGID)))
++		return;
++
++	/* Be careful if suid/sgid is set */
++	mutex_lock(&inode->i_mutex);
++
++	/* reload atomically mode/uid/gid now that lock held */
++	mode = inode->i_mode;
++	uid = inode->i_uid;
++	gid = inode->i_gid;
++	mutex_unlock(&inode->i_mutex);
++
++	/* We ignore suid/sgid if there are no mappings for them in the ns */
++	if (!kuid_has_mapping(bprm->cred->user_ns, uid) ||
++		 !kgid_has_mapping(bprm->cred->user_ns, gid))
++		return;
++
++	if (mode & S_ISUID) {
++		bprm->per_clear |= PER_CLEAR_ON_SETID;
++		bprm->cred->euid = uid;
++	}
++
++	if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
++		bprm->per_clear |= PER_CLEAR_ON_SETID;
++		bprm->cred->egid = gid;
++	}
++}
++
+ /*
+  * Fill the binprm structure from the inode.
+  * Check permissions, then read the first 128 (BINPRM_BUF_SIZE) bytes
+@@ -1262,36 +1309,9 @@ static void check_unsafe_exec(struct lin
+  */
+ int prepare_binprm(struct linux_binprm *bprm)
+ {
+-	struct inode *inode = file_inode(bprm->file);
+-	umode_t mode = inode->i_mode;
+ 	int retval;
+ 
+-
+-	/* clear any previous set[ug]id data from a previous binary */
+-	bprm->cred->euid = current_euid();
+-	bprm->cred->egid = current_egid();
+-
+-	if (!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) &&
+-	    !current->no_new_privs &&
+-	    kuid_has_mapping(bprm->cred->user_ns, inode->i_uid) &&
+-	    kgid_has_mapping(bprm->cred->user_ns, inode->i_gid)) {
+-		/* Set-uid? */
+-		if (mode & S_ISUID) {
+-			bprm->per_clear |= PER_CLEAR_ON_SETID;
+-			bprm->cred->euid = inode->i_uid;
+-		}
+-
+-		/* Set-gid? */
+-		/*
+-		 * If setgid is set but no group execute bit then this
+-		 * is a candidate for mandatory locking, not a setgid
+-		 * executable.
+-		 */
+-		if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
+-			bprm->per_clear |= PER_CLEAR_ON_SETID;
+-			bprm->cred->egid = inode->i_gid;
+-		}
+-	}
++	bprm_fill_uid(bprm);
+ 
+ 	/* fill in binprm security blob */
+ 	retval = security_bprm_set_creds(bprm);

Copied: dists/wheezy-backports/linux/debian/patches/bugfix/all/tcp-fix-crash-in-tcp-fast-open.patch (from r22527, dists/jessie-security/linux/debian/patches/bugfix/all/tcp-fix-crash-in-tcp-fast-open.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/wheezy-backports/linux/debian/patches/bugfix/all/tcp-fix-crash-in-tcp-fast-open.patch	Mon Apr 27 19:47:14 2015	(r22540, copy of r22527, dists/jessie-security/linux/debian/patches/bugfix/all/tcp-fix-crash-in-tcp-fast-open.patch)
@@ -0,0 +1,39 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Wed, 15 Apr 2015 17:26:54 +0100
+Subject: tcp: Fix crash in TCP Fast Open
+Bug-Debian: https://bugs.debian.org/782515
+Forwarded: http://mid.gmane.org/1429120832.3211.91.camel@decadent.org.uk
+
+Commit 355a901e6cf1 ("tcp: make connect() mem charging friendly")
+changed tcp_send_syn_data() to perform an open-coded copy of the 'syn'
+skb rather than using skb_copy_expand().
+
+The open-coded copy does not cover the skb_shared_info::gso_segs
+field, so in the new skb it is left set to 0.  When this commit was
+backported into stable branches between 3.10.y and 3.16.7-ckty
+inclusive, it triggered the BUG() in tcp_transmit_skb().
+
+Since Linux 3.18 the GSO segment count is kept in the
+tcp_skb_cb::tcp_gso_segs field and tcp_send_syn_data() does copy the
+tcp_skb_cb structure to the new skb, so mainline and newer stable
+branches are not affected.
+
+Set skb_shared_info::gso_segs to the correct value of 1.
+
+Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+---
+ net/ipv4/tcp_output.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
+index d5457e4..1ea0a07 100644
+--- a/net/ipv4/tcp_output.c
++++ b/net/ipv4/tcp_output.c
+@@ -2992,6 +2992,7 @@ static int tcp_send_syn_data(struct sock *sk, struct sk_buff *syn)
+ 		goto fallback;
+ 	syn_data->ip_summed = CHECKSUM_PARTIAL;
+ 	memcpy(syn_data->cb, syn->cb, sizeof(syn->cb));
++	skb_shinfo(syn_data)->gso_segs = 1;
+ 	if (unlikely(memcpy_fromiovecend(skb_put(syn_data, space),
+ 					 fo->data->msg_iov, 0, space))) {
+ 		kfree_skb(syn_data);

Copied: dists/wheezy-backports/linux/debian/patches/bugfix/all/xen-netfront-release-per-queue-Tx-and-Rx-resource-wh.patch (from r22527, dists/jessie-security/linux/debian/patches/bugfix/all/xen-netfront-release-per-queue-Tx-and-Rx-resource-wh.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/wheezy-backports/linux/debian/patches/bugfix/all/xen-netfront-release-per-queue-Tx-and-Rx-resource-wh.patch	Mon Apr 27 19:47:14 2015	(r22540, copy of r22527, dists/jessie-security/linux/debian/patches/bugfix/all/xen-netfront-release-per-queue-Tx-and-Rx-resource-wh.patch)
@@ -0,0 +1,137 @@
+From a5b5dc3ce4df4f05f4d81c7d3c56a7604b242093 Mon Sep 17 00:00:00 2001
+From: David Vrabel <david.vrabel at citrix.com>
+Date: Thu, 31 Jul 2014 17:38:23 +0100
+Subject: [PATCH] xen-netfront: release per-queue Tx and Rx resource when
+ disconnecting
+Origin: https://git.kernel.org/linus/a5b5dc3ce4df4f05f4d81c7d3c56a7604b242093
+
+Since netfront may reconnect to a backend with a different number of
+queues, all per-queue Rx and Tx resources (skbs and grant references)
+should be freed when disconnecting.
+
+Without this fix, the Tx and Rx grant refs are not released and
+netfront will exhaust them after only a few reconnections.  netfront
+will fail to connect when no free grant references are available.
+
+Since all Rx bufs are freed and reallocated instead of reused this
+will add some additional delay to the reconnection but this is
+expected to be small compared to the time taken by any backend hotplug
+scripts etc.
+
+Signed-off-by: David Vrabel <david.vrabel at citrix.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ drivers/net/xen-netfront.c | 68 +++++-----------------------------------------
+ 1 file changed, 7 insertions(+), 61 deletions(-)
+
+diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
+index 1cc46d0..0b133a3 100644
+--- a/drivers/net/xen-netfront.c
++++ b/drivers/net/xen-netfront.c
+@@ -1196,22 +1196,6 @@ static void xennet_release_rx_bufs(struct netfront_queue *queue)
+ 	spin_unlock_bh(&queue->rx_lock);
+ }
+ 
+-static void xennet_uninit(struct net_device *dev)
+-{
+-	struct netfront_info *np = netdev_priv(dev);
+-	unsigned int num_queues = dev->real_num_tx_queues;
+-	struct netfront_queue *queue;
+-	unsigned int i;
+-
+-	for (i = 0; i < num_queues; ++i) {
+-		queue = &np->queues[i];
+-		xennet_release_tx_bufs(queue);
+-		xennet_release_rx_bufs(queue);
+-		gnttab_free_grant_references(queue->gref_tx_head);
+-		gnttab_free_grant_references(queue->gref_rx_head);
+-	}
+-}
+-
+ static netdev_features_t xennet_fix_features(struct net_device *dev,
+ 	netdev_features_t features)
+ {
+@@ -1313,7 +1297,6 @@ static void xennet_poll_controller(struct net_device *dev)
+ 
+ static const struct net_device_ops xennet_netdev_ops = {
+ 	.ndo_open            = xennet_open,
+-	.ndo_uninit          = xennet_uninit,
+ 	.ndo_stop            = xennet_close,
+ 	.ndo_start_xmit      = xennet_start_xmit,
+ 	.ndo_change_mtu	     = xennet_change_mtu,
+@@ -1455,6 +1438,11 @@ static void xennet_disconnect_backend(struct netfront_info *info)
+ 
+ 		napi_synchronize(&queue->napi);
+ 
++		xennet_release_tx_bufs(queue);
++		xennet_release_rx_bufs(queue);
++		gnttab_free_grant_references(queue->gref_tx_head);
++		gnttab_free_grant_references(queue->gref_rx_head);
++
+ 		/* End access and free the pages */
+ 		xennet_end_access(queue->tx_ring_ref, queue->tx.sring);
+ 		xennet_end_access(queue->rx_ring_ref, queue->rx.sring);
+@@ -2010,10 +1998,7 @@ static int xennet_connect(struct net_device *dev)
+ {
+ 	struct netfront_info *np = netdev_priv(dev);
+ 	unsigned int num_queues = 0;
+-	int i, requeue_idx, err;
+-	struct sk_buff *skb;
+-	grant_ref_t ref;
+-	struct xen_netif_rx_request *req;
++	int err;
+ 	unsigned int feature_rx_copy;
+ 	unsigned int j = 0;
+ 	struct netfront_queue *queue = NULL;
+@@ -2040,47 +2025,8 @@ static int xennet_connect(struct net_device *dev)
+ 	netdev_update_features(dev);
+ 	rtnl_unlock();
+ 
+-	/* By now, the queue structures have been set up */
+-	for (j = 0; j < num_queues; ++j) {
+-		queue = &np->queues[j];
+-
+-		/* Step 1: Discard all pending TX packet fragments. */
+-		spin_lock_irq(&queue->tx_lock);
+-		xennet_release_tx_bufs(queue);
+-		spin_unlock_irq(&queue->tx_lock);
+-
+-		/* Step 2: Rebuild the RX buffer freelist and the RX ring itself. */
+-		spin_lock_bh(&queue->rx_lock);
+-
+-		for (requeue_idx = 0, i = 0; i < NET_RX_RING_SIZE; i++) {
+-			skb_frag_t *frag;
+-			const struct page *page;
+-			if (!queue->rx_skbs[i])
+-				continue;
+-
+-			skb = queue->rx_skbs[requeue_idx] = xennet_get_rx_skb(queue, i);
+-			ref = queue->grant_rx_ref[requeue_idx] = xennet_get_rx_ref(queue, i);
+-			req = RING_GET_REQUEST(&queue->rx, requeue_idx);
+-
+-			frag = &skb_shinfo(skb)->frags[0];
+-			page = skb_frag_page(frag);
+-			gnttab_grant_foreign_access_ref(
+-				ref, queue->info->xbdev->otherend_id,
+-				pfn_to_mfn(page_to_pfn(page)),
+-				0);
+-			req->gref = ref;
+-			req->id   = requeue_idx;
+-
+-			requeue_idx++;
+-		}
+-
+-		queue->rx.req_prod_pvt = requeue_idx;
+-
+-		spin_unlock_bh(&queue->rx_lock);
+-	}
+-
+ 	/*
+-	 * Step 3: All public and private state should now be sane.  Get
++	 * All public and private state should now be sane.  Get
+ 	 * ready to start sending and receiving packets and give the driver
+ 	 * domain a kick because we've probably just requeued some
+ 	 * packets.
+-- 
+2.1.4
+

Copied: dists/wheezy-backports/linux/debian/patches/bugfix/x86/crypto-aesni-fix-memory-usage-in-GCM-decryption.patch (from r22527, dists/jessie-security/linux/debian/patches/bugfix/x86/crypto-aesni-fix-memory-usage-in-GCM-decryption.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/wheezy-backports/linux/debian/patches/bugfix/x86/crypto-aesni-fix-memory-usage-in-GCM-decryption.patch	Mon Apr 27 19:47:14 2015	(r22540, copy of r22527, dists/jessie-security/linux/debian/patches/bugfix/x86/crypto-aesni-fix-memory-usage-in-GCM-decryption.patch)
@@ -0,0 +1,63 @@
+From: Stephan Mueller <smueller at chronox.de>
+Date: Thu, 12 Mar 2015 09:17:51 +0100
+Subject: crypto: aesni - fix memory usage in GCM decryption
+Origin: https://git.kernel.org/linus/ccfe8c3f7e52ae83155cb038753f4c75b774ca8a
+Bug-Debian: https://bugs.debian.org/782561
+
+The kernel crypto API logic requires the caller to provide the
+length of (ciphertext || authentication tag) as cryptlen for the
+AEAD decryption operation. Thus, the cipher implementation must
+calculate the size of the plaintext output itself and cannot simply use
+cryptlen.
+
+The RFC4106 GCM decryption operation tries to overwrite cryptlen memory
+in req->dst. As the destination buffer for decryption only needs to hold
+the plaintext memory but cryptlen references the input buffer holding
+(ciphertext || authentication tag), the assumption of the destination
+buffer length in RFC4106 GCM operation leads to a too large size. This
+patch simply uses the already calculated plaintext size.
+
+In addition, this patch fixes the offset calculation of the AAD buffer
+pointer: as mentioned before, cryptlen already includes the size of the
+tag. Thus, the tag does not need to be added. With the addition, the AAD
+will be written beyond the already allocated buffer.
+
+Note, this fixes a kernel crash that can be triggered from user space
+via AF_ALG(aead) -- simply use the libkcapi test application
+from [1] and update it to use rfc4106-gcm-aes.
+
+Using [1], the changes were tested using CAVS vectors to demonstrate
+that the crypto operation still delivers the right results.
+
+[1] http://www.chronox.de/libkcapi.html
+
+CC: Tadeusz Struk <tadeusz.struk at intel.com>
+Cc: stable at vger.kernel.org
+Signed-off-by: Stephan Mueller <smueller at chronox.de>
+Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
+---
+ arch/x86/crypto/aesni-intel_glue.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
+index 6dfb7d0..6d4faba 100644
+--- a/arch/x86/crypto/aesni-intel_glue.c
++++ b/arch/x86/crypto/aesni-intel_glue.c
+@@ -1109,7 +1109,7 @@ static int __driver_rfc4106_decrypt(struct aead_request *req)
+ 		src = kmalloc(req->cryptlen + req->assoclen, GFP_ATOMIC);
+ 		if (!src)
+ 			return -ENOMEM;
+-		assoc = (src + req->cryptlen + auth_tag_len);
++		assoc = (src + req->cryptlen);
+ 		scatterwalk_map_and_copy(src, req->src, 0, req->cryptlen, 0);
+ 		scatterwalk_map_and_copy(assoc, req->assoc, 0,
+ 			req->assoclen, 0);
+@@ -1134,7 +1134,7 @@ static int __driver_rfc4106_decrypt(struct aead_request *req)
+ 		scatterwalk_done(&src_sg_walk, 0, 0);
+ 		scatterwalk_done(&assoc_sg_walk, 0, 0);
+ 	} else {
+-		scatterwalk_map_and_copy(dst, req->dst, 0, req->cryptlen, 1);
++		scatterwalk_map_and_copy(dst, req->dst, 0, tempCipherLen, 1);
+ 		kfree(src);
+ 	}
+ 	return retval;

Modified: dists/wheezy-backports/linux/debian/patches/series
==============================================================================
--- dists/wheezy-backports/linux/debian/patches/series	Mon Apr 27 19:44:59 2015	(r22539)
+++ dists/wheezy-backports/linux/debian/patches/series	Mon Apr 27 19:47:14 2015	(r22540)
@@ -194,6 +194,7 @@
 bugfix/all/ipv6-don-t-reduce-hop-limit-for-an-interface.patch
 bugfix/all/hid-thingm-fix-workqueue-race-on-remove.patch
 debian/emmc-don-t-initialize-partitions-on-rpmb-flagged-areas.patch
+bugfix/all/xen-netfront-release-per-queue-Tx-and-Rx-resource-wh.patch
 
 # memfd_create() & kdbus backport
 features/all/kdbus/mm-allow-drivers-to-prevent-new-writable-mappings.patch
@@ -579,3 +580,24 @@
 debian/procfs-avoid-abi-change-in-3.16.7-ckt8.patch
 
 bugfix/all/btrfs-simplify-insert_orphan_item.patch
+
+bugfix/x86/crypto-aesni-fix-memory-usage-in-GCM-decryption.patch
+bugfix/all/tcp-fix-crash-in-tcp-fast-open.patch
+
+# Introduce READ_ONCE and WRITE_ONCE; replace misuse of ACCESS_ONCE.
+# Needed for backports of other fixes.
+bugfix/all/access_once/0001-kernel-Provide-READ_ONCE-and-ASSIGN_ONCE.patch
+bugfix/all/access_once/0002-mm-replace-ACCESS_ONCE-with-READ_ONCE-or-barriers.patch
+bugfix/all/access_once/0003-x86-spinlock-Replace-ACCESS_ONCE-with-READ_ONCE.patch
+bugfix/all/access_once/0004-x86-gup-Replace-ACCESS_ONCE-with-READ_ONCE.patch
+bugfix/all/access_once/0005-mips-gup-Replace-ACCESS_ONCE-with-READ_ONCE.patch
+bugfix/all/access_once/0006-arm64-spinlock-Replace-ACCESS_ONCE-READ_ONCE.patch
+bugfix/all/access_once/0007-arm-spinlock-Replace-ACCESS_ONCE-with-READ_ONCE.patch
+bugfix/all/access_once/0008-powerpc-gup-Replace-ACCESS_ONCE-with-READ_ONCE.patch
+bugfix/all/access_once/0009-ppc-kvm-Replace-ACCESS_ONCE-with-READ_ONCE.patch
+bugfix/all/access_once/0010-ppc-hugetlbfs-Replace-ACCESS_ONCE-with-READ_ONCE.patch
+bugfix/all/access_once/0011-kernel-tighten-rules-for-ACCESS-ONCE.patch
+bugfix/all/access_once/0012-next-sh-Fix-compile-error.patch
+bugfix/all/access_once/0013-kernel-Change-ASSIGN_ONCE-val-x-to-WRITE_ONCE-x-val.patch
+
+bugfix/all/fs-take-i_mutex-during-prepare_binprm-for-set-ug-id-.patch



More information about the Kernel-svn-changes mailing list