)]}'
{
  "log": [
    {
      "commit": "c18a0097da6a205a69624297c45e632b252bc3b0",
      "tree": "a8622b43b61ddab60536740af915b77b3ac7e4d6",
      "parents": [
        "e4f8aea9525a44dd4929846a3ce62f4f881c5f6b"
      ],
      "author": {
        "name": "Nick Reuter",
        "email": "nreuter85@gmail.com",
        "time": "Fri Dec 16 14:05:28 2016 -0600"
      },
      "committer": {
        "name": "Nick Reuter",
        "email": "nreuter85@gmail.com",
        "time": "Fri Dec 16 14:05:28 2016 -0600"
      },
      "message": "kernel: fix mismerges\n\nChange-Id: I7b3cb41f9b3158e6d96818b4ad40108eccf69336\n"
    },
    {
      "commit": "5d9e7568b0d5b11ad168fbeb0ea08e68da7433ef",
      "tree": "d065013343a55b538ae5cd3611f00a5b02bc2aaf",
      "parents": [
        "4e50a957d5365d4145187626073f6febf022534c"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Tue Sep 06 14:03:45 2016 +0100"
      },
      "committer": {
        "name": "Nick Reuter",
        "email": "nreuter85@gmail.com",
        "time": "Thu Dec 08 21:14:42 2016 -0600"
      },
      "message": "KEYS: Fix short sprintf buffer in /proc/keys show function\n\nFix a short sprintf buffer in proc_keys_show().  If the gcc stack protector\nis turned on, this can cause a panic due to stack corruption.\n\nThe problem is that xbuf[] is not big enough to hold a 64-bit timeout\nrendered as weeks:\n\n\t(gdb) p 0xffffffffffffffffULL/(60*60*24*7)\n\t$2 \u003d 30500568904943\n\nThat\u0027s 14 chars plus NUL, not 11 chars plus NUL.\n\nExpand the buffer to 16 chars.\n\nI think the unpatched code apparently works if the stack-protector is not\nenabled because on a 32-bit machine the buffer won\u0027t be overflowed and on a\n64-bit machine there\u0027s a 64-bit aligned pointer at one side and an int that\nisn\u0027t checked again on the other side.\n\nThe panic incurred looks something like:\n\nKernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff81352ebe\nCPU: 0 PID: 1692 Comm: reproducer Not tainted 4.7.2-201.fc24.x86_64 #1\nHardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\n 0000000000000086 00000000fbbd2679 ffff8800a044bc00 ffffffff813d941f\n ffffffff81a28d58 ffff8800a044bc98 ffff8800a044bc88 ffffffff811b2cb6\n ffff880000000010 ffff8800a044bc98 ffff8800a044bc30 00000000fbbd2679\nCall Trace:\n [\u003cffffffff813d941f\u003e] dump_stack+0x63/0x84\n [\u003cffffffff811b2cb6\u003e] panic+0xde/0x22a\n [\u003cffffffff81352ebe\u003e] ? proc_keys_show+0x3ce/0x3d0\n [\u003cffffffff8109f7f9\u003e] __stack_chk_fail+0x19/0x30\n [\u003cffffffff81352ebe\u003e] proc_keys_show+0x3ce/0x3d0\n [\u003cffffffff81350410\u003e] ? key_validate+0x50/0x50\n [\u003cffffffff8134db30\u003e] ? key_default_cmp+0x20/0x20\n [\u003cffffffff8126b31c\u003e] seq_read+0x2cc/0x390\n [\u003cffffffff812b6b12\u003e] proc_reg_read+0x42/0x70\n [\u003cffffffff81244fc7\u003e] __vfs_read+0x37/0x150\n [\u003cffffffff81357020\u003e] ? security_file_permission+0xa0/0xc0\n [\u003cffffffff81246156\u003e] vfs_read+0x96/0x130\n [\u003cffffffff81247635\u003e] SyS_read+0x55/0xc0\n [\u003cffffffff817eb872\u003e] entry_SYSCALL_64_fastpath+0x1a/0xa4\n\nChange-Id: I0787d5a38c730ecb75d3c08f28f0ab36295d59e7\nReported-by: Ondrej Kozina \u003cokozina@redhat.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nTested-by: Ondrej Kozina \u003cokozina@redhat.com\u003e\n"
    },
    {
      "commit": "a2333f57bd0d268a81a51a28eca3e535070f8cdb",
      "tree": "94ef3208322f5694ed86f583c08e91e6d28c4658",
      "parents": [
        "184d099950767dd590799e77aca19eff5fa54bf9"
      ],
      "author": {
        "name": "Jeff Vander Stoep",
        "email": "jeffv@google.com",
        "time": "Sun May 29 14:22:32 2016 -0700"
      },
      "committer": {
        "name": "Nick Reuter",
        "email": "nreuter85@gmail.com",
        "time": "Thu Dec 08 21:05:22 2016 -0600"
      },
      "message": "FROMLIST: security,perf: Allow further restriction of perf_event_open\n\nWhen kernel.perf_event_open is set to 3 (or greater), disallow all\naccess to performance events by users without CAP_SYS_ADMIN.\nAdd a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that\nmakes this value the default.\n\nThis is based on a similar feature in grsecurity\n(CONFIG_GRKERNSEC_PERF_HARDEN).  This version doesn\u0027t include making\nthe variable read-only.  It also allows enabling further restriction\nat run-time regardless of whether the default is changed.\n\nhttps://lkml.org/lkml/2016/1/11/587\n\nSigned-off-by: Ben Hutchings \u003cben@decadent.org.uk\u003e\n\nBug: 29054680\nChange-Id: Iff5bff4fc1042e85866df9faa01bce8d04335ab8\n"
    },
    {
      "commit": "7ede6f69f76506772ad5547bb149120962323312",
      "tree": "86b537db95c8ffe5eedd2e3963d836076157dbdb",
      "parents": [
        "c0db3f0d61a77f6e4155d137ab9a1536d8947b87",
        "8d1988f838a95e836342b505398d38b223181f17"
      ],
      "author": {
        "name": "William Bellavance",
        "email": "flintman@flintmancomputers.com",
        "time": "Sat Dec 03 17:58:38 2016 -0500"
      },
      "committer": {
        "name": "William Bellavance",
        "email": "flintman@flintmancomputers.com",
        "time": "Sat Dec 03 17:58:38 2016 -0500"
      },
      "message": "Merge remote-tracking branch \u0027linux/linux-3.4.y\u0027 into ng-7.1-113\n"
    },
    {
      "commit": "87f4dcb8c9aeffa0b2ef13bc68401d50a3ffcec5",
      "tree": "4207e1f5018fad2446faf2fa1ebafc157dede59f",
      "parents": [
        "7a42c72c2d222f7887074396d83a806d8c50176d"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Fri Dec 18 01:34:26 2015 +0000"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Wed Oct 26 23:15:41 2016 +0800"
      },
      "message": "KEYS: Fix race between read and revoke\n\ncommit b4a1b4f5047e4f54e194681125c74c0aa64d637d upstream.\n\nThis fixes CVE-2015-7550.\n\nThere\u0027s a race between keyctl_read() and keyctl_revoke().  If the revoke\nhappens between keyctl_read() checking the validity of a key and the key\u0027s\nsemaphore being taken, then the key type read method will see a revoked key.\n\nThis causes a problem for the user-defined key type because it assumes in\nits read method that there will always be a payload in a non-revoked key\nand doesn\u0027t check for a NULL pointer.\n\nFix this by making keyctl_read() check the validity of a key after taking\nsemaphore instead of before.\n\nI think the bug was introduced with the original keyrings code.\n\nThis was discovered by a multithreaded test program generated by syzkaller\n(http://github.com/google/syzkaller).  Here\u0027s a cleaned up version:\n\n\t#include \u003csys/types.h\u003e\n\t#include \u003ckeyutils.h\u003e\n\t#include \u003cpthread.h\u003e\n\tvoid *thr0(void *arg)\n\t{\n\t\tkey_serial_t key \u003d (unsigned long)arg;\n\t\tkeyctl_revoke(key);\n\t\treturn 0;\n\t}\n\tvoid *thr1(void *arg)\n\t{\n\t\tkey_serial_t key \u003d (unsigned long)arg;\n\t\tchar buffer[16];\n\t\tkeyctl_read(key, buffer, 16);\n\t\treturn 0;\n\t}\n\tint main()\n\t{\n\t\tkey_serial_t key \u003d add_key(\"user\", \"%\", \"foo\", 3, KEY_SPEC_USER_KEYRING);\n\t\tpthread_t th[5];\n\t\tpthread_create(\u0026th[0], 0, thr0, (void *)(unsigned long)key);\n\t\tpthread_create(\u0026th[1], 0, thr1, (void *)(unsigned long)key);\n\t\tpthread_create(\u0026th[2], 0, thr0, (void *)(unsigned long)key);\n\t\tpthread_create(\u0026th[3], 0, thr1, (void *)(unsigned long)key);\n\t\tpthread_join(th[0], 0);\n\t\tpthread_join(th[1], 0);\n\t\tpthread_join(th[2], 0);\n\t\tpthread_join(th[3], 0);\n\t\treturn 0;\n\t}\n\nBuild as:\n\n\tcc -o keyctl-race keyctl-race.c -lkeyutils -lpthread\n\nRun as:\n\n\twhile keyctl-race; do :; done\n\nas it may need several iterations to crash the kernel.  The crash can be\nsummarised as:\n\n\tBUG: unable to handle kernel NULL pointer dereference at 0000000000000010\n\tIP: [\u003cffffffff81279b08\u003e] user_read+0x56/0xa3\n\t...\n\tCall Trace:\n\t [\u003cffffffff81276aa9\u003e] keyctl_read_key+0xb6/0xd7\n\t [\u003cffffffff81277815\u003e] SyS_keyctl+0x83/0xe0\n\t [\u003cffffffff815dbb97\u003e] entry_SYSCALL_64_fastpath+0x12/0x6f\n\nReported-by: Dmitry Vyukov \u003cdvyukov@google.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nTested-by: Dmitry Vyukov \u003cdvyukov@google.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "a7ca179d673b837593b696f0198271702edff776",
      "tree": "a2178cd25681d1c0048b1a16840a32d481d1b0cb",
      "parents": [
        "92661998000623fd1bb02897c2d3f6d67c6beb9c"
      ],
      "author": {
        "name": "Lorenzo Colitti",
        "email": "lorenzo@google.com",
        "time": "Thu Feb 04 00:52:15 2016 +0900"
      },
      "committer": {
        "name": "William Bellavance",
        "email": "flintman@flintmancomputers.com",
        "time": "Mon Aug 29 16:06:09 2016 -0400"
      },
      "message": "selinux: nlmsgtab: add SOCK_DESTROY to the netlink mapping tables\n\nWithout this, using SOCK_DESTROY in enforcing mode results in:\n\n  SELinux: unrecognized netlink message type\u003d21 for sclass\u003d32\n\nChange-Id: I7862bb0fc83573567243ffa9549a2c7405b5986c\n"
    },
    {
      "commit": "92661998000623fd1bb02897c2d3f6d67c6beb9c",
      "tree": "f740241cd3534b193740fd4a7a88b4a953336dd3",
      "parents": [
        "8b9fba378bcc514b2390afa023fad2128000293b"
      ],
      "author": {
        "name": "Paul Moore",
        "email": "pmoore@redhat.com",
        "time": "Tue Jan 28 14:45:41 2014 -0500"
      },
      "committer": {
        "name": "William Bellavance",
        "email": "flintman@flintmancomputers.com",
        "time": "Mon Aug 29 16:05:59 2016 -0400"
      },
      "message": "selinux: add SOCK_DIAG_BY_FAMILY to the list of netlink message types\n\ncommit 6a96e15096da6e7491107321cfa660c7c2aa119d upstream.\n\nThe SELinux AF_NETLINK/NETLINK_SOCK_DIAG socket class was missing the\nSOCK_DIAG_BY_FAMILY definition which caused SELINUX_ERR messages when\nthe ss tool was run.\n\n # ss\n Netid  State  Recv-Q Send-Q  Local Address:Port   Peer Address:Port\n u_str  ESTAB  0      0                  * 14189             * 14190\n u_str  ESTAB  0      0                  * 14145             * 14144\n u_str  ESTAB  0      0                  * 14151             * 14150\n {...}\n # ausearch -m SELINUX_ERR\n ----\n time-\u003eThu Jan 23 11:11:16 2014\n type\u003dSYSCALL msg\u003daudit(1390493476.445:374):\n  arch\u003dc000003e syscall\u003d44 success\u003dyes exit\u003d40\n  a0\u003d3 a1\u003d7fff03aa11f0 a2\u003d28 a3\u003d0 items\u003d0 ppid\u003d1852 pid\u003d1895\n  auid\u003d0 uid\u003d0 gid\u003d0 euid\u003d0 suid\u003d0 fsuid\u003d0 egid\u003d0 sgid\u003d0 fsgid\u003d0\n  tty\u003dpts0 ses\u003d1 comm\u003d\"ss\" exe\u003d\"/usr/sbin/ss\"\n  subj\u003dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key\u003d(null)\n type\u003dSELINUX_ERR msg\u003daudit(1390493476.445:374):\n  SELinux:  unrecognized netlink message type\u003d20 for sclass\u003d32\n\nChange-Id: I22218ec620bc3ee6396145f1c2ad8ed222648309\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\n"
    },
    {
      "commit": "d4117cd7bc8131671b26d343334e850f5b98ca78",
      "tree": "7d18b9dc28ee974403d5988b7301ab1ca91decfb",
      "parents": [
        "a9084a0d907255dd7300bb785403e6383d32ed81"
      ],
      "author": {
        "name": "Stephen Smalley",
        "email": "sds@tycho.nsa.gov",
        "time": "Mon Nov 23 16:07:41 2015 -0500"
      },
      "committer": {
        "name": "Nick Reuter",
        "email": "nreuter85@gmail.com",
        "time": "Wed Aug 10 16:27:58 2016 -0500"
      },
      "message": "UPSTREAM: selinux: fix bug in conditional rules handling\n\n(cherry picked from commit commit f3bef67992e8698897b584616535803887c4a73e)\n\ncommit fa1aa143ac4a (\"selinux: extended permissions for ioctls\")\nintroduced a bug into the handling of conditional rules, skipping the\nprocessing entirely when the caller does not provide an extended\npermissions (xperms) structure.  Access checks from userspace using\n/sys/fs/selinux/access do not include such a structure since that\ninterface does not presently expose extended permission information.\nAs a result, conditional rules were being ignored entirely on userspace\naccess requests, producing denials when access was allowed by\nconditional rules in the policy.  Fix the bug by only skipping\ncomputation of extended permissions in this situation, not the entire\nconditional rules processing.\n\nChange-Id: I6f81765f6cdb9ce72f93c290d7987d93688651a0\nReported-by: Laurent Bigonville \u003cbigon@debian.org\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n[PM: fixed long lines in patch description]\nCc: stable@vger.kernel.org # 4.3\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\n"
    },
    {
      "commit": "accef775d1bdf690ffff927016d26da9859d543c",
      "tree": "a2b09c7f8d8ea23243214fb3874cd04af23c5118",
      "parents": [
        "ecf1088a677b3526db4903a96b796939c9ca8d4f"
      ],
      "author": {
        "name": "Jeff Vander Stoep",
        "email": "jeffv@google.com",
        "time": "Thu Oct 22 09:30:40 2015 -0700"
      },
      "committer": {
        "name": "Nick Reuter",
        "email": "nreuter85@gmail.com",
        "time": "Wed Aug 10 16:27:35 2016 -0500"
      },
      "message": "selinux: Android kernel compatibility with M userspace\n\nNOT intended for new Android devices - this commit is unnecessary\nfor a target device that does not have a previous M variant.\n\nDO NOT upstream. Android only.\n\nMotivation:\n\nThis commit mitigates a mismatch between selinux kernel and\nselinux userspace. The selinux ioctl white-listing binary policy\nformat that was accepted into Android M differs slightly from what\nwas later accepted into the upstream kernel. This leaves Android\nmaster branch kernels incompatible with Android M releases. This\npatch restores backwards compatibility. This is important because:\n\n1. kernels may be updated on a different cycle than the rest of the\n   OS e.g. security patching.\n2. Android M bringup may still be ongoing for some devices. The\n   same kernel should work for both M and master.\n\nBackwards compatibility is achieved by checking for an Android M\npolicy characteristic during initial policy read and converting to\nupstream policy format. The inverse conversion is done for policy\nwrite as required for CTS testing.\n\nBug: 22846070\nChange-Id: I2f1ee2eee402f37cf3c9df9f9e03c1b9ddec1929\nSigned-off-by: Jeff Vander Stoep \u003cjeffv@google.com\u003e\n"
    },
    {
      "commit": "ecf1088a677b3526db4903a96b796939c9ca8d4f",
      "tree": "952282f6ad9e273075337638d19aaef02c0630d0",
      "parents": [
        "29ea3244f7ee375a4af4d776caf721663dd4293d"
      ],
      "author": {
        "name": "Jeff Vander Stoep",
        "email": "jeffv@google.com",
        "time": "Fri Jul 10 17:19:56 2015 -0400"
      },
      "committer": {
        "name": "Nick Reuter",
        "email": "nreuter85@gmail.com",
        "time": "Wed Aug 10 16:27:27 2016 -0500"
      },
      "message": "selinux: extended permissions for ioctls\n\n(cherry picked from commit fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a)\n\nAdd extended permissions logic to selinux. Extended permissions\nprovides additional permissions in 256 bit increments. Extend the\ngeneric ioctl permission check to use the extended permissions for\nper-command filtering. Source/target/class sets including the ioctl\npermission may additionally include a set of commands. Example:\n\nallowxperm \u003csource\u003e \u003ctarget\u003e:\u003cclass\u003e ioctl unpriv_app_socket_cmds\nauditallowxperm \u003csource\u003e \u003ctarget\u003e:\u003cclass\u003e ioctl priv_gpu_cmds\n\nWhere unpriv_app_socket_cmds and priv_gpu_cmds are macros\nrepresenting commonly granted sets of ioctl commands.\n\nWhen ioctl commands are omitted only the permissions are checked.\nThis feature is intended to provide finer granularity for the ioctl\npermission that may be too imprecise. For example, the same driver\nmay use ioctls to provide important and benign functionality such as\ndriver version or socket type as well as dangerous capabilities such\nas debugging features, read/write/execute to physical memory or\naccess to sensitive data. Per-command filtering provides a mechanism\nto reduce the attack surface of the kernel, and limit applications\nto the subset of commands required.\n\nThe format of the policy binary has been modified to include ioctl\ncommands, and the policy version number has been incremented to\nPOLICYDB_VERSION_XPERMS_IOCTL\u003d30 to account for the format\nchange.\n\nThe extended permissions logic is deliberately generic to allow\ncomponents to be reused e.g. netlink filters\n\nSigned-off-by: Jeff Vander Stoep \u003cjeffv@google.com\u003e\nAcked-by: Nick Kralevich \u003cnnk@google.com\u003e\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nBug: 22846070\nChange-Id: I299dc776d2f98d593ecc051707110c92a085350f\n"
    },
    {
      "commit": "29ea3244f7ee375a4af4d776caf721663dd4293d",
      "tree": "73bcd568996ad1950f1870c508ac35beef242f3f",
      "parents": [
        "b0cde1e4b20d5be5b79eba284358bdff1283612b"
      ],
      "author": {
        "name": "Jeff Vander Stoep",
        "email": "jeffv@google.com",
        "time": "Fri Jul 10 17:19:55 2015 -0400"
      },
      "committer": {
        "name": "Nick Reuter",
        "email": "nreuter85@gmail.com",
        "time": "Wed Aug 10 16:27:22 2016 -0500"
      },
      "message": "security: add ioctl specific auditing to lsm_audit\n\n(cherry pick from commit 671a2781ff01abf4fdc8904881fc3abd3a8279af)\n\nAdd information about ioctl calls to the LSM audit data. Log the\nfile path and command number.\n\nSigned-off-by: Jeff Vander Stoep \u003cjeffv@google.com\u003e\nAcked-by: Nick Kralevich \u003cnnk@google.com\u003e\n[PM: subject line tweak]\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nBug: 22846070\nChange-Id: I4a7678294e0a3075f57bd77c76fd17e6f0d33e75\n"
    },
    {
      "commit": "b0cde1e4b20d5be5b79eba284358bdff1283612b",
      "tree": "1f6126a84a86289bcc33905b9ea8574d9559fdbd",
      "parents": [
        "94bdaadcca0aa203549385016b26cb5c6c31fe56"
      ],
      "author": {
        "name": "Jeff Vander Stoep",
        "email": "jeffv@google.com",
        "time": "Thu Feb 26 13:54:17 2015 -0800"
      },
      "committer": {
        "name": "Nick Reuter",
        "email": "nreuter85@gmail.com",
        "time": "Wed Aug 10 16:27:16 2016 -0500"
      },
      "message": "selinux: remove unnecessary pointer reassignment\n\n(cherry pick from commit 83d4a806ae46397f606de7376b831524bd3a21e5)\n\nCommit f01e1af445fa (\"selinux: don\u0027t pass in NULL avd to avc_has_perm_noaudit\")\nmade this pointer reassignment unnecessary. Avd should continue to reference\nthe stack-based copy.\n\nSigned-off-by: Jeff Vander Stoep \u003cjeffv@google.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n[PM: tweaked subject line]\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nBug: 22846070\nChange-Id: Ie33688d163870705272607309a27fb7c8f870748\n"
    },
    {
      "commit": "94bdaadcca0aa203549385016b26cb5c6c31fe56",
      "tree": "8f3ecd3bed66653cec28ea4070da85e46affbe54",
      "parents": [
        "8c4c81bd0040ba7054fc6c8b6ff17f4856a28db9"
      ],
      "author": {
        "name": "Jeff Vander Stoep",
        "email": "jeffv@google.com",
        "time": "Wed Jul 29 18:37:24 2015 -0700"
      },
      "committer": {
        "name": "Nick Reuter",
        "email": "nreuter85@gmail.com",
        "time": "Wed Aug 10 16:27:07 2016 -0500"
      },
      "message": "Revert \"security: lsm_audit: add ioctl specific auditing\"\n\nThis reverts commit 643ce43c226cdfa73bcac2fa91f1f8a3dfd171a2.\n\nBug: 22846070\nChange-Id: I5dde1878e5baac43b4968141c0dc60b70e042183\nSigned-off-by: Jeff Vander Stoep \u003cjeffv@google.com\u003e\n"
    },
    {
      "commit": "8c4c81bd0040ba7054fc6c8b6ff17f4856a28db9",
      "tree": "ee77a4514ab8b305c312f3fb70c910e0e6c41a6f",
      "parents": [
        "f636525feee1d47035b972ad87d397f727b2ed5b"
      ],
      "author": {
        "name": "Jeff Vander Stoep",
        "email": "jeffv@google.com",
        "time": "Wed Jul 29 18:36:41 2015 -0700"
      },
      "committer": {
        "name": "Nick Reuter",
        "email": "nreuter85@gmail.com",
        "time": "Wed Aug 10 16:27:02 2016 -0500"
      },
      "message": "Revert \"SELinux: per-command whitelisting of ioctls\"\n\nThis reverts commit bc84b4adb1469e3d05ad76c304a4c545feaf1f88.\n\nBug: 22846070\nChange-Id: Ib4cb130b2225ea2e22556ff852313e0de7dddcab\nSigned-off-by: Jeff Vander Stoep \u003cjeffv@google.com\u003e\n"
    },
    {
      "commit": "f636525feee1d47035b972ad87d397f727b2ed5b",
      "tree": "fab2f0eccd40abd34cfe7fadc7028dac6f399573",
      "parents": [
        "97df93a063d060bcf2c8fa4baaf0094cb8e256a0"
      ],
      "author": {
        "name": "Jeff Vander Stoep",
        "email": "jeffv@google.com",
        "time": "Wed Jul 29 18:35:33 2015 -0700"
      },
      "committer": {
        "name": "Nick Reuter",
        "email": "nreuter85@gmail.com",
        "time": "Wed Aug 10 16:26:56 2016 -0500"
      },
      "message": "Revert \"SELinux: use deletion-safe iterator to free list\"\n\nThis reverts commit c9a8571249fa3a55a0490bd571eaf0cea097fab0.\n\nBug: 22846070\nChange-Id: I85e2b6322f98bd584ed523b0bd0291375dbc35dc\nSigned-off-by: Jeff Vander Stoep \u003cjeffv@google.com\u003e\n"
    },
    {
      "commit": "97df93a063d060bcf2c8fa4baaf0094cb8e256a0",
      "tree": "0de22ddb1e60f17afd79ab2b47145fa7b8ff5417",
      "parents": [
        "3c22c9a2b6b280f82fe03aa15113982158238b0a"
      ],
      "author": {
        "name": "Jeff Vander Stoep",
        "email": "jeffv@google.com",
        "time": "Wed Jul 29 18:33:33 2015 -0700"
      },
      "committer": {
        "name": "Nick Reuter",
        "email": "nreuter85@gmail.com",
        "time": "Wed Aug 10 16:26:51 2016 -0500"
      },
      "message": "Revert \"SELinux: ss: Fix policy write for ioctl operations\"\n\nThis reverts commit c06168226f5eaaaad93af5b2811f213b01382363.\n\nBug: 22846070\nChange-Id: I665c1f2350e10ce890e7c4be1a06e666929d5d7a\nSigned-off-by: Jeff Vander Stoep \u003cjeffv@google.com\u003e\n"
    },
    {
      "commit": "cd51ac61016591337ceaad723db2b7053f2ae397",
      "tree": "917b39782ff3ac576657c26fb1de50ef7bf6c611",
      "parents": [
        "0895af992ba8c721461ea09d4f7b2694e2efe822"
      ],
      "author": {
        "name": "Dan Carpenter",
        "email": "dan.carpenter@oracle.com",
        "time": "Thu May 26 06:45:59 2016 -0500"
      },
      "committer": {
        "name": "Nick Reuter",
        "email": "nreuter85@gmail.com",
        "time": "Fri Aug 05 02:10:58 2016 -0500"
      },
      "message": "KEYS: potential uninitialized variable\n\nIf __key_link_begin() failed then \"edit\" would be uninitialized.  I\u0027ve\nadded a check to fix that.\n\nChange-Id: I0e28bdba07f645437db2b08daf67ca27f16c6f5c\nFixes: f70e2e06196a (\u0027KEYS: Do preallocation for __key_link()\u0027)\nSigned-off-by: Dan Carpenter \u003cdan.carpenter@oracle.com\u003e\n"
    },
    {
      "commit": "766ce4e5a952510f9f27511cbfecc884bf5147cd",
      "tree": "93ad1970e254fc3b1fb0650a4dc449d86ad5114e",
      "parents": [
        "3bc527393379fcd740cc66c700da808abdbf5a5d"
      ],
      "author": {
        "name": "Ivan Grinko",
        "email": "iivanich@gmail.com",
        "time": "Thu Apr 28 22:06:41 2016 +0300"
      },
      "committer": {
        "name": "William Bellavance",
        "email": "flintman@flintmancomputers.com",
        "time": "Tue May 17 08:03:16 2016 -0400"
      },
      "message": "Linux 3.4.112\n\nhttps://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.112\n\nChange-Id: Ic146bc84c10ebcfe256eb6bffa8ffef44c9a1d38\n"
    },
    {
      "commit": "58f794b5648f3bd9146bf060897abe9473189649",
      "tree": "4920af6c625f6794c42c0888a739ccf7cb6ab974",
      "parents": [
        "9c1dfc61f68c81c89856dde4c67f11db38067db3"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Fri Dec 18 01:34:26 2015 +0000"
      },
      "committer": {
        "name": "William Bellavance",
        "email": "flintman@flintmancomputers.com",
        "time": "Tue May 17 07:52:00 2016 -0400"
      },
      "message": "KEYS: Fix race between read and revoke\n\nThis fixes CVE-2015-7550.\n\nThere\u0027s a race between keyctl_read() and keyctl_revoke().  If the revoke\nhappens between keyctl_read() checking the validity of a key and the key\u0027s\nsemaphore being taken, then the key type read method will see a revoked key.\n\nThis causes a problem for the user-defined key type because it assumes in\nits read method that there will always be a payload in a non-revoked key\nand doesn\u0027t check for a NULL pointer.\n\nFix this by making keyctl_read() check the validity of a key after taking\nsemaphore instead of before.\n\nI think the bug was introduced with the original keyrings code.\n\nThis was discovered by a multithreaded test program generated by syzkaller\n(http://github.com/google/syzkaller).  Here\u0027s a cleaned up version:\n\n\t#include \u003csys/types.h\u003e\n\t#include \u003ckeyutils.h\u003e\n\t#include \u003cpthread.h\u003e\n\tvoid *thr0(void *arg)\n\t{\n\t\tkey_serial_t key \u003d (unsigned long)arg;\n\t\tkeyctl_revoke(key);\n\t\treturn 0;\n\t}\n\tvoid *thr1(void *arg)\n\t{\n\t\tkey_serial_t key \u003d (unsigned long)arg;\n\t\tchar buffer[16];\n\t\tkeyctl_read(key, buffer, 16);\n\t\treturn 0;\n\t}\n\tint main()\n\t{\n\t\tkey_serial_t key \u003d add_key(\"user\", \"%\", \"foo\", 3, KEY_SPEC_USER_KEYRING);\n\t\tpthread_t th[5];\n\t\tpthread_create(\u0026th[0], 0, thr0, (void *)(unsigned long)key);\n\t\tpthread_create(\u0026th[1], 0, thr1, (void *)(unsigned long)key);\n\t\tpthread_create(\u0026th[2], 0, thr0, (void *)(unsigned long)key);\n\t\tpthread_create(\u0026th[3], 0, thr1, (void *)(unsigned long)key);\n\t\tpthread_join(th[0], 0);\n\t\tpthread_join(th[1], 0);\n\t\tpthread_join(th[2], 0);\n\t\tpthread_join(th[3], 0);\n\t\treturn 0;\n\t}\n\nBuild as:\n\n\tcc -o keyctl-race keyctl-race.c -lkeyutils -lpthread\n\nRun as:\n\n\twhile keyctl-race; do :; done\n\nas it may need several iterations to crash the kernel.  The crash can be\nsummarised as:\n\n\tBUG: unable to handle kernel NULL pointer dereference at 0000000000000010\n\tIP: [\u003cffffffff81279b08\u003e] user_read+0x56/0xa3\n\t...\n\tCall Trace:\n\t [\u003cffffffff81276aa9\u003e] keyctl_read_key+0xb6/0xd7\n\t [\u003cffffffff81277815\u003e] SyS_keyctl+0x83/0xe0\n\t [\u003cffffffff815dbb97\u003e] entry_SYSCALL_64_fastpath+0x12/0x6f\n\nChange-Id: I4b4011c628b471701cdda77265d8f130b0ed8f22\nReported-by: Dmitry Vyukov \u003cdvyukov@google.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nTested-by: Dmitry Vyukov \u003cdvyukov@google.com\u003e\nCc: stable@vger.kernel.org\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n"
    },
    {
      "commit": "8094624a26bd87d40e019ebf16f2e57e22c79c74",
      "tree": "0dbb8f49485835ded234d4de87e52ea437d8a0b4",
      "parents": [
        "5ee52010ffedbeeb58d5314585e7e1d75345ba4f"
      ],
      "author": {
        "name": "Nicolas Dichtel",
        "email": "nicolas.dichtel@6wind.com",
        "time": "Wed Apr 08 18:36:40 2015 +0200"
      },
      "committer": {
        "name": "William Bellavance",
        "email": "flintman@flintmancomputers.com",
        "time": "Tue May 17 07:51:20 2016 -0400"
      },
      "message": "selinux/nlmsg: add XFRM_MSG_NEWSPDINFO\n\ncommit 2b7834d3e1b828429faa5dc41a480919e52d3f31 upstream (net-next).\n\nThis new command is missing.\n\nBug: 20350607\nChange-Id: If511000c19aa9af7220ff775d88ace9834b35dcb\nFixes: 880a6fab8f6b (\"xfrm: configure policy hash table thresholds by netlink\")\nReported-by: Christophe Gouault \u003cchristophe.gouault@6wind.com\u003e\nSigned-off-by: Nicolas Dichtel \u003cnicolas.dichtel@6wind.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "b0cce01be5f58ed399fdfc8e1b0fbcd827a35aef",
      "tree": "cf61f307b591ed355c8a8df39d43d9649fd0ee18",
      "parents": [
        "7646c507f1ad8bd14a3196f84b0eabb229dafb75"
      ],
      "author": {
        "name": "Kees Cook",
        "email": "keescook@chromium.org",
        "time": "Fri Sep 04 15:44:57 2015 -0700"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Wed Apr 27 18:55:18 2016 +0800"
      },
      "message": "fs: create and use seq_show_option for escaping\n\ncommit a068acf2ee77693e0bf39d6e07139ba704f461c3 upstream.\n\nMany file systems that implement the show_options hook fail to correctly\nescape their output which could lead to unescaped characters (e.g.  new\nlines) leaking into /proc/mounts and /proc/[pid]/mountinfo files.  This\ncould lead to confusion, spoofed entries (resulting in things like\nsystemd issuing false d-bus \"mount\" notifications), and who knows what\nelse.  This looks like it would only be the root user stepping on\nthemselves, but it\u0027s possible weird things could happen in containers or\nin other situations with delegated mount privileges.\n\nHere\u0027s an example using overlay with setuid fusermount trusting the\ncontents of /proc/mounts (via the /etc/mtab symlink).  Imagine the use\nof \"sudo\" is something more sneaky:\n\n  $ BASE\u003d\"ovl\"\n  $ MNT\u003d\"$BASE/mnt\"\n  $ LOW\u003d\"$BASE/lower\"\n  $ UP\u003d\"$BASE/upper\"\n  $ WORK\u003d\"$BASE/work/ 0 0\n  none /proc fuse.pwn user_id\u003d1000\"\n  $ mkdir -p \"$LOW\" \"$UP\" \"$WORK\"\n  $ sudo mount -t overlay -o \"lowerdir\u003d$LOW,upperdir\u003d$UP,workdir\u003d$WORK\" none /mnt\n  $ cat /proc/mounts\n  none /root/ovl/mnt overlay rw,relatime,lowerdir\u003dovl/lower,upperdir\u003dovl/upper,workdir\u003dovl/work/ 0 0\n  none /proc fuse.pwn user_id\u003d1000 0 0\n  $ fusermount -u /proc\n  $ cat /proc/mounts\n  cat: /proc/mounts: No such file or directory\n\nThis fixes the problem by adding new seq_show_option and\nseq_show_option_n helpers, and updating the vulnerable show_option\nhandlers to use them as needed.  Some, like SELinux, need to be open\ncoded due to unusual existing escape mechanisms.\n\n[akpm@linux-foundation.org: add lost chunk, per Kees]\n[keescook@chromium.org: seq_show_option should be using const parameters]\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nAcked-by: Jan Kara \u003cjack@suse.com\u003e\nAcked-by: Paul Moore \u003cpaul@paul-moore.com\u003e\nCc: J. R. Okajima \u003chooanon05g@gmail.com\u003e\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n[lizf: Backported to 3.4:\n - adjust context\n - one more place in ceph needs to be changed\n - drop changes to overlayfs\n - drop showing vers in cifs]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "9793b7bc42a334c7cc4af947e2ecdafb76b3a73d",
      "tree": "4a9971e2519dfec7576af32e7dc58813db22b11b",
      "parents": [
        "48ec02cc771de41cc8b063a2f60890242c09bfba"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Thu Oct 15 17:21:37 2015 +0100"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Mon Mar 21 09:17:55 2016 +0800"
      },
      "message": "KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring\n\ncommit f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61 upstream.\n\nThe following sequence of commands:\n\n    i\u003d`keyctl add user a a @s`\n    keyctl request2 keyring foo bar @t\n    keyctl unlink $i @s\n\ntries to invoke an upcall to instantiate a keyring if one doesn\u0027t already\nexist by that name within the user\u0027s keyring set.  However, if the upcall\nfails, the code sets keyring-\u003etype_data.reject_error to -ENOKEY or some\nother error code.  When the key is garbage collected, the key destroy\nfunction is called unconditionally and keyring_destroy() uses list_empty()\non keyring-\u003etype_data.link - which is in a union with reject_error.\nSubsequently, the kernel tries to unlink the keyring from the keyring names\nlist - which oopses like this:\n\n\tBUG: unable to handle kernel paging request at 00000000ffffff8a\n\tIP: [\u003cffffffff8126e051\u003e] keyring_destroy+0x3d/0x88\n\t...\n\tWorkqueue: events key_garbage_collector\n\t...\n\tRIP: 0010:[\u003cffffffff8126e051\u003e] keyring_destroy+0x3d/0x88\n\tRSP: 0018:ffff88003e2f3d30  EFLAGS: 00010203\n\tRAX: 00000000ffffff82 RBX: ffff88003bf1a900 RCX: 0000000000000000\n\tRDX: 0000000000000000 RSI: 000000003bfc6901 RDI: ffffffff81a73a40\n\tRBP: ffff88003e2f3d38 R08: 0000000000000152 R09: 0000000000000000\n\tR10: ffff88003e2f3c18 R11: 000000000000865b R12: ffff88003bf1a900\n\tR13: 0000000000000000 R14: ffff88003bf1a908 R15: ffff88003e2f4000\n\t...\n\tCR2: 00000000ffffff8a CR3: 000000003e3ec000 CR4: 00000000000006f0\n\t...\n\tCall Trace:\n\t [\u003cffffffff8126c756\u003e] key_gc_unused_keys.constprop.1+0x5d/0x10f\n\t [\u003cffffffff8126ca71\u003e] key_garbage_collector+0x1fa/0x351\n\t [\u003cffffffff8105ec9b\u003e] process_one_work+0x28e/0x547\n\t [\u003cffffffff8105fd17\u003e] worker_thread+0x26e/0x361\n\t [\u003cffffffff8105faa9\u003e] ? rescuer_thread+0x2a8/0x2a8\n\t [\u003cffffffff810648ad\u003e] kthread+0xf3/0xfb\n\t [\u003cffffffff810647ba\u003e] ? kthread_create_on_node+0x1c2/0x1c2\n\t [\u003cffffffff815f2ccf\u003e] ret_from_fork+0x3f/0x70\n\t [\u003cffffffff810647ba\u003e] ? kthread_create_on_node+0x1c2/0x1c2\n\nNote the value in RAX.  This is a 32-bit representation of -ENOKEY.\n\nThe solution is to only call -\u003edestroy() if the key was successfully\ninstantiated.\n\nReported-by: Dmitry Vyukov \u003cdvyukov@google.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nTested-by: Dmitry Vyukov \u003cdvyukov@google.com\u003e\n[lizf: Backported to 3.4: adjust indentation]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "48ec02cc771de41cc8b063a2f60890242c09bfba",
      "tree": "d90655f4944980f32082aa257baf78d46c64ca77",
      "parents": [
        "04d6387f6f3f1727abd3e8f77686efd125c5f691"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Fri Sep 25 16:30:08 2015 +0100"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Mon Mar 21 09:17:55 2016 +0800"
      },
      "message": "KEYS: Fix race between key destruction and finding a keyring by name\n\ncommit 94c4554ba07adbdde396748ee7ae01e86cf2d8d7 upstream.\n\nThere appears to be a race between:\n\n (1) key_gc_unused_keys() which frees key-\u003esecurity and then calls\n     keyring_destroy() to unlink the name from the name list\n\n (2) find_keyring_by_name() which calls key_permission(), thus accessing\n     key-\u003esecurity, on a key before checking to see whether the key usage is 0\n     (ie. the key is dead and might be cleaned up).\n\nFix this by calling -\u003edestroy() before cleaning up the core key data -\nincluding key-\u003esecurity.\n\nReported-by: Petr Matousek \u003cpmatouse@redhat.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n[lizf: Backported to 3.4: adjust indentation]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "64c363146fe8b4b26285d36fad0fc01b9c8c1285",
      "tree": "f4597aeccc6d37aadbf3a719dfefc62632e4ee10",
      "parents": [
        "900469d0b0c337db19908f77d172f4b17f4573ba"
      ],
      "author": {
        "name": "José Adolfo Galdámez",
        "email": "josegalre@pac-rom.com",
        "time": "Mon Sep 21 22:00:27 2015 -0600"
      },
      "committer": {
        "name": "William Bellavance",
        "email": "flintman@flintmancomputers.com",
        "time": "Wed Feb 10 20:03:50 2016 -0500"
      },
      "message": "Merge tag \u0027v3.4.109\u0027 into mm-6.0\n\nChange-Id: I93b29443377e338fc5d3b031b130da720f788879\nSigned-off-by: José Adolfo Galdámez \u003cjosegalre@pac-rom.com\u003e\n"
    },
    {
      "commit": "900469d0b0c337db19908f77d172f4b17f4573ba",
      "tree": "e7c8e6e70ad09ecc74c7385269f9a7a908489b88",
      "parents": [
        "3591a444f6b8cb82a9b88a49a4e67d8f4b61a6de"
      ],
      "author": {
        "name": "José Adolfo Galdámez",
        "email": "josegalre@pac-rom.com",
        "time": "Sat Jun 20 23:45:36 2015 -0600"
      },
      "committer": {
        "name": "William Bellavance",
        "email": "flintman@flintmancomputers.com",
        "time": "Wed Feb 10 20:02:51 2016 -0500"
      },
      "message": "Merge tag \u0027v3.4.108\u0027 into mm-6.0\n\nChange-Id: I5ee718e5c87c9647c6edf0926a887679e065a649\nSigned-off-by: José Adolfo Galdámez \u003cjosegalre@pac-rom.com\u003e\n"
    },
    {
      "commit": "a49e6ce46b2174e740908332b4ec1796af9e029a",
      "tree": "abef367c23b20577a299f363a7d76154fd1e7c21",
      "parents": [
        "5aaf989a3f7a116df4a0dd9a6c537f13cb0e32d2"
      ],
      "author": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Sun Oct 26 19:19:16 2014 -0400"
      },
      "committer": {
        "name": "William Bellavance",
        "email": "flintman@flintmancomputers.com",
        "time": "Wed Feb 10 20:01:44 2016 -0500"
      },
      "message": "move d_rcu from overlapping d_child to overlapping d_alias\n\ncommit 946e51f2bf37f1656916eb75bd0742ba33983c28 upstream.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n[bwh: Backported to 3.2:\n - Apply name changes in all the different places we use d_alias and d_child\n - Move the WARN_ON() in __d_free() to d_free() as we don\u0027t have dentry_free()]\nSigned-off-by: Ben Hutchings \u003cben@decadent.org.uk\u003e\n[lizf: Backported to 3.4:\n - adjust context\n - need one more name change in debugfs]\n"
    },
    {
      "commit": "e1404a083531a5811009997e73c0be4cf12e123c",
      "tree": "97b285269f0c2a0a3a7c156e707ee0db572b7920",
      "parents": [
        "8588a96db2df2bfe263b09508dd472302577815a"
      ],
      "author": {
        "name": "Takashi Iwai",
        "email": "tiwai@suse.de",
        "time": "Thu Dec 04 18:25:19 2014 +0100"
      },
      "committer": {
        "name": "William Bellavance",
        "email": "flintman@flintmancomputers.com",
        "time": "Wed Feb 10 20:00:07 2016 -0500"
      },
      "message": "KEYS: Fix stale key registration at error path\n\ncommit b26bdde5bb27f3f900e25a95e33a0c476c8c2c48 upstream.\n\nWhen loading encrypted-keys module, if the last check of\naes_get_sizes() in init_encrypted() fails, the driver just returns an\nerror without unregistering its key type.  This results in the stale\nentry in the list.  In addition to memory leaks, this leads to a kernel\ncrash when registering a new key type later.\n\nThis patch fixes the problem by swapping the calls of aes_get_sizes()\nand register_key_type(), and releasing resources properly at the error\npaths.\n\nBugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id\u003d908163\nSigned-off-by: Takashi Iwai \u003ctiwai@suse.de\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "0fbb248bd3e76a39fdc944b9a2bd2b108b95352b",
      "tree": "c69c5a70235fb8150d577089e2630141b53c1033",
      "parents": [
        "8048eac1e925f6c2d9ad4ae4324d98c95414aa6d"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Thu Oct 15 17:21:37 2015 +0100"
      },
      "committer": {
        "name": "William Bellavance",
        "email": "flintman@flintmancomputers.com",
        "time": "Sat Dec 19 08:41:00 2015 -0500"
      },
      "message": "KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring\n\nThe following sequence of commands:\n\n    i\u003d`keyctl add user a a @s`\n    keyctl request2 keyring foo bar @t\n    keyctl unlink $i @s\n\ntries to invoke an upcall to instantiate a keyring if one doesn\u0027t already\nexist by that name within the user\u0027s keyring set.  However, if the upcall\nfails, the code sets keyring-\u003etype_data.reject_error to -ENOKEY or some\nother error code.  When the key is garbage collected, the key destroy\nfunction is called unconditionally and keyring_destroy() uses list_empty()\non keyring-\u003etype_data.link - which is in a union with reject_error.\nSubsequently, the kernel tries to unlink the keyring from the keyring names\nlist - which oopses like this:\n\n\tBUG: unable to handle kernel paging request at 00000000ffffff8a\n\tIP: [\u003cffffffff8126e051\u003e] keyring_destroy+0x3d/0x88\n\t...\n\tWorkqueue: events key_garbage_collector\n\t...\n\tRIP: 0010:[\u003cffffffff8126e051\u003e] keyring_destroy+0x3d/0x88\n\tRSP: 0018:ffff88003e2f3d30  EFLAGS: 00010203\n\tRAX: 00000000ffffff82 RBX: ffff88003bf1a900 RCX: 0000000000000000\n\tRDX: 0000000000000000 RSI: 000000003bfc6901 RDI: ffffffff81a73a40\n\tRBP: ffff88003e2f3d38 R08: 0000000000000152 R09: 0000000000000000\n\tR10: ffff88003e2f3c18 R11: 000000000000865b R12: ffff88003bf1a900\n\tR13: 0000000000000000 R14: ffff88003bf1a908 R15: ffff88003e2f4000\n\t...\n\tCR2: 00000000ffffff8a CR3: 000000003e3ec000 CR4: 00000000000006f0\n\t...\n\tCall Trace:\n\t [\u003cffffffff8126c756\u003e] key_gc_unused_keys.constprop.1+0x5d/0x10f\n\t [\u003cffffffff8126ca71\u003e] key_garbage_collector+0x1fa/0x351\n\t [\u003cffffffff8105ec9b\u003e] process_one_work+0x28e/0x547\n\t [\u003cffffffff8105fd17\u003e] worker_thread+0x26e/0x361\n\t [\u003cffffffff8105faa9\u003e] ? rescuer_thread+0x2a8/0x2a8\n\t [\u003cffffffff810648ad\u003e] kthread+0xf3/0xfb\n\t [\u003cffffffff810647ba\u003e] ? kthread_create_on_node+0x1c2/0x1c2\n\t [\u003cffffffff815f2ccf\u003e] ret_from_fork+0x3f/0x70\n\t [\u003cffffffff810647ba\u003e] ? kthread_create_on_node+0x1c2/0x1c2\n\nNote the value in RAX.  This is a 32-bit representation of -ENOKEY.\n\nThe solution is to only call -\u003edestroy() if the key was successfully\ninstantiated.\n\nChange-Id: Ia52370813b7e8231fdd99d2a208340af1c7b4007\nReported-by: Dmitry Vyukov \u003cdvyukov@google.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nTested-by: Dmitry Vyukov \u003cdvyukov@google.com\u003e\n"
    },
    {
      "commit": "8048eac1e925f6c2d9ad4ae4324d98c95414aa6d",
      "tree": "b078f391f0728d6a761fd4eb3041b48b8a7563cf",
      "parents": [
        "b5401aa15d058b45abd5ade0f96484af4afb4ae7"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Fri Sep 25 16:30:08 2015 +0100"
      },
      "committer": {
        "name": "William Bellavance",
        "email": "flintman@flintmancomputers.com",
        "time": "Sat Dec 19 08:40:58 2015 -0500"
      },
      "message": "KEYS: Fix race between key destruction and finding a keyring by name\n\nThere appears to be a race between:\n\n (1) key_gc_unused_keys() which frees key-\u003esecurity and then calls\n     keyring_destroy() to unlink the name from the name list\n\n (2) find_keyring_by_name() which calls key_permission(), thus accessing\n     key-\u003esecurity, on a key before checking to see whether the key usage is 0\n     (ie. the key is dead and might be cleaned up).\n\nFix this by calling -\u003edestroy() before cleaning up the core key data -\nincluding key-\u003esecurity.\n\nChange-Id: I4b9b89af020e6348af095e9014bf23b5eb1a9ef9\nReported-by: Petr Matousek \u003cpmatouse@redhat.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n"
    },
    {
      "commit": "b5401aa15d058b45abd5ade0f96484af4afb4ae7",
      "tree": "84ab3c877c6ca08d12d046617f4b3fdef91ac4fa",
      "parents": [
        "6b1fa60f0b88faec25f6bb3bcc494ccb09498294"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Fri May 11 10:56:56 2012 +0100"
      },
      "committer": {
        "name": "William Bellavance",
        "email": "flintman@flintmancomputers.com",
        "time": "Sat Dec 19 08:40:56 2015 -0500"
      },
      "message": "KEYS: Add invalidation support\n\nAdd support for invalidating a key - which renders it immediately invisible to\nfurther searches and causes the garbage collector to immediately wake up,\nremove it from keyrings and then destroy it when it\u0027s no longer referenced.\n\nIt\u0027s better not to do this with keyctl_revoke() as that marks the key to start\nreturning -EKEYREVOKED to searches when what is actually desired is to have the\nkey refetched.\n\nTo invalidate a key the caller must be granted SEARCH permission by the key.\nThis may be too strict.  It may be better to also permit invalidation if the\ncaller has any of READ, WRITE or SETATTR permission.\n\nThe primary use for this is to evict keys that are cached in special keyrings,\nsuch as the DNS resolver or an ID mapper.\n\nChange-Id: I923ea0f0b8f9d6b3ff8ec8beca77b1774984f1c3\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n"
    },
    {
      "commit": "6b1fa60f0b88faec25f6bb3bcc494ccb09498294",
      "tree": "78ca2a99f83a48f5bf44a9143eaa0ff1d4a67a38",
      "parents": [
        "c2035a53e48959fc1ce6ed862a156f4c76b3ca85"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Fri May 11 10:56:56 2012 +0100"
      },
      "committer": {
        "name": "William Bellavance",
        "email": "flintman@flintmancomputers.com",
        "time": "Sat Dec 19 08:40:55 2015 -0500"
      },
      "message": "KEYS: Permit in-place link replacement in keyring list\n\nMake use of the previous patch that makes the garbage collector perform RCU\nsynchronisation before destroying defunct keys.  Key pointers can now be\nreplaced in-place without creating a new keyring payload and replacing the\nwhole thing as the discarded keys will not be destroyed until all currently\nheld RCU read locks are released.\n\nIf the keyring payload space needs to be expanded or contracted, then a\nreplacement will still need allocating, and the original will still have to be\nfreed by RCU.\n\nChange-Id: I6c4f784f120951fb51ac9c23856ea37f51770bb9\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n"
    },
    {
      "commit": "c2035a53e48959fc1ce6ed862a156f4c76b3ca85",
      "tree": "0d2e070337254c64e8be0fa3c3590da25c1e4537",
      "parents": [
        "c7cbbb1cbddfff2bf8e0983249d4635e2770b133"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Fri May 11 10:56:56 2012 +0100"
      },
      "committer": {
        "name": "William Bellavance",
        "email": "flintman@flintmancomputers.com",
        "time": "Sat Dec 19 08:40:43 2015 -0500"
      },
      "message": "KEYS: Perform RCU synchronisation on keys prior to key destruction\n\nMake the keys garbage collector invoke synchronize_rcu() prior to destroying\nkeys with a zero usage count.  This means that a key can be examined under the\nRCU read lock in the safe knowledge that it won\u0027t get deallocated until after\nthe lock is released - even if its usage count becomes zero whilst we\u0027re\nlooking at it.\n\nThis is useful in keyring search vs key link.  Consider a keyring containing a\nlink to a key.  That link can be replaced in-place in the keyring without\nrequiring an RCU copy-and-replace on the keyring contents without breaking a\nsearch underway on that keyring when the displaced key is released, provided\nthe key is actually destroyed only after the RCU read lock held by the search\nalgorithm is released.\n\nThis permits __key_link() to replace a key without having to reallocate the key\npayload.  A key gets replaced if a new key being linked into a keyring has the\nsame type and description.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Jeff Layton \u003cjlayton@redhat.com\u003e\n\nConflicts:\n\tsecurity/keys/gc.c\n\nChange-Id: Ifd8549b5b906c638d63c358ce1f34acd81139207\n"
    },
    {
      "commit": "c9ec5028049b974988c98f11f953c9fb5ef540ac",
      "tree": "cbcebc3ffbc436aff40a48a77d5c8b9112ce3a75",
      "parents": [
        "d92ec408ad768845400cbed6a18cc2a6ffe2def1"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Tue Nov 24 21:36:31 2015 +0000"
      },
      "committer": {
        "name": "flintman",
        "email": "flintman@flintmancomputers.com",
        "time": "Thu Dec 10 05:21:38 2015 -0500"
      },
      "message": "KEYS: Fix handling of stored error in a negatively instantiated user key\n\nIf a user key gets negatively instantiated, an error code is cached in the\npayload area.  A negatively instantiated key may be then be positively\ninstantiated by updating it with valid data.  However, the -\u003eupdate key\ntype method must be aware that the error code may be there.\n\nThe following may be used to trigger the bug in the user key type:\n\n    keyctl request2 user user \"\" @u\n    keyctl add user user \"a\" @u\n\nwhich manifests itself as:\n\n\tBUG: unable to handle kernel paging request at 00000000ffffff8a\n\tIP: [\u003cffffffff810a376f\u003e] __call_rcu.constprop.76+0x1f/0x280 kernel/rcu/tree.c:3046\n\tPGD 7cc30067 PUD 0\n\tOops: 0002 [#1] SMP\n\tModules linked in:\n\tCPU: 3 PID: 2644 Comm: a.out Not tainted 4.3.0+ #49\n\tHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011\n\ttask: ffff88003ddea700 ti: ffff88003dd88000 task.ti: ffff88003dd88000\n\tRIP: 0010:[\u003cffffffff810a376f\u003e]  [\u003cffffffff810a376f\u003e] __call_rcu.constprop.76+0x1f/0x280\n\t [\u003cffffffff810a376f\u003e] __call_rcu.constprop.76+0x1f/0x280 kernel/rcu/tree.c:3046\n\tRSP: 0018:ffff88003dd8bdb0  EFLAGS: 00010246\n\tRAX: 00000000ffffff82 RBX: 0000000000000000 RCX: 0000000000000001\n\tRDX: ffffffff81e3fe40 RSI: 0000000000000000 RDI: 00000000ffffff82\n\tRBP: ffff88003dd8bde0 R08: ffff88007d2d2da0 R09: 0000000000000000\n\tR10: 0000000000000000 R11: ffff88003e8073c0 R12: 00000000ffffff82\n\tR13: ffff88003dd8be68 R14: ffff88007d027600 R15: ffff88003ddea700\n\tFS:  0000000000b92880(0063) GS:ffff88007fd00000(0000) knlGS:0000000000000000\n\tCS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b\n\tCR2: 00000000ffffff8a CR3: 000000007cc5f000 CR4: 00000000000006e0\n\tStack:\n\t ffff88003dd8bdf0 ffffffff81160a8a 0000000000000000 00000000ffffff82\n\t ffff88003dd8be68 ffff88007d027600 ffff88003dd8bdf0 ffffffff810a39e5\n\t ffff88003dd8be20 ffffffff812a31ab ffff88007d027600 ffff88007d027620\n\tCall Trace:\n\t [\u003cffffffff810a39e5\u003e] kfree_call_rcu+0x15/0x20 kernel/rcu/tree.c:3136\n\t [\u003cffffffff812a31ab\u003e] user_update+0x8b/0xb0 security/keys/user_defined.c:129\n\t [\u003c     inline     \u003e] __key_update security/keys/key.c:730\n\t [\u003cffffffff8129e5c1\u003e] key_create_or_update+0x291/0x440 security/keys/key.c:908\n\t [\u003c     inline     \u003e] SYSC_add_key security/keys/keyctl.c:125\n\t [\u003cffffffff8129fc21\u003e] SyS_add_key+0x101/0x1e0 security/keys/keyctl.c:60\n\t [\u003cffffffff8185f617\u003e] entry_SYSCALL_64_fastpath+0x12/0x6a arch/x86/entry/entry_64.S:185\n\nNote the error code (-ENOKEY) in EDX.\n\nA similar bug can be tripped by:\n\n    keyctl request2 trusted user \"\" @u\n    keyctl add trusted user \"a\" @u\n\nThis should also affect encrypted keys - but that has to be correctly\nparameterised or it will fail with EINVAL before getting to the bit that\nwill crashes.\n\nChange-Id: I171d566f431c56208e1fe279f466d2d399a9ac7c\nReported-by: Dmitry Vyukov \u003cdvyukov@google.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n"
    },
    {
      "commit": "f29c68f94f0cc6b4467386d8a70b5c9e0dba0796",
      "tree": "9c5c73640c5535b9bb59d8418354ea95179140cc",
      "parents": [
        "56f9e25ee138692ab12f60154ad3a96f48848d20"
      ],
      "author": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Thu Oct 11 11:42:01 2012 -0400"
      },
      "committer": {
        "name": "flintman",
        "email": "flintman@flintmancomputers.com",
        "time": "Wed Oct 14 06:38:19 2015 -0400"
      },
      "message": "consitify do_mount() arguments\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n(cherry picked from commit 808d4e3cfdcc52b19276175464f6dbca4df13b09)\n"
    },
    {
      "commit": "b0fd0221d200dddfdb10befd4881a516f0721ff4",
      "tree": "d6ef261001b6d2500272560431061279999e30f9",
      "parents": [
        "472d3c6c6b4d529792e965015d077cbed5faff7b"
      ],
      "author": {
        "name": "Jeff Vander Stoep",
        "email": "jeffv@google.com",
        "time": "Sat Apr 04 16:15:54 2015 -0700"
      },
      "committer": {
        "name": "flintman",
        "email": "flintman@flintmancomputers.com",
        "time": "Mon Oct 12 21:03:31 2015 -0400"
      },
      "message": "security: lsm_audit: add ioctl specific auditing\n\nAdd information about ioctl calls to the LSM audit data. Log the\nfile path and command number.\n\nBug: 20350607\nBug: 18087110\nChange-Id: Idbbd106db6226683cb30022d9e8f6f3b8fab7f84\nSigned-off-by: Jeff Vander Stoep \u003cjeffv@google.com\u003e\n"
    },
    {
      "commit": "472d3c6c6b4d529792e965015d077cbed5faff7b",
      "tree": "f47f84165ea173f7a81b1fcbd304525701d29422",
      "parents": [
        "6ab0e3760c374ef9da22f5acef499ef3cc06d439"
      ],
      "author": {
        "name": "Mark Salyzyn",
        "email": "salyzyn@google.com",
        "time": "Wed Jan 07 09:27:15 2015 -0800"
      },
      "committer": {
        "name": "flintman",
        "email": "flintman@flintmancomputers.com",
        "time": "Mon Oct 12 21:03:30 2015 -0400"
      },
      "message": "pstore: selinux: add security in-core xattr support for pstore and debugfs\n\n- add \"pstore\" and \"debugfs\" to list of in-core exceptions\n- change fstype checks to boolean equation\n- change from strncmp to strcmp for checking\n\n(Cherry Pick from commit 2294d499b7969df3838becf5e58bf16b0e3c86c8)\n\nSigned-off-by: Mark Salyzyn \u003csalyzyn@google.com\u003e\nBug: 18917345\nBug: 18935184\nChange-Id: Ib648f30ce4b5d6c96f11465836d6fee89bec1c72\n"
    },
    {
      "commit": "6ab0e3760c374ef9da22f5acef499ef3cc06d439",
      "tree": "850d0c8e73ddd16a350d782c4322f5adbdce6979",
      "parents": [
        "bb8c8befdd984468a43670f4ba2c9aac7d3fe31f"
      ],
      "author": {
        "name": "Jeff Vander Stoep",
        "email": "jeffv@google.com",
        "time": "Wed Apr 29 11:14:23 2015 -0700"
      },
      "committer": {
        "name": "flintman",
        "email": "flintman@flintmancomputers.com",
        "time": "Mon Oct 12 21:03:13 2015 -0400"
      },
      "message": "SELinux: ss: Fix policy write for ioctl operations\n\nSecurity server omits the type field when writing out the contents of the\navtab from /sys/fs/selinux/policy. This leads to a corrupt output. No impact\non the running kernel or its loaded policy. Impacts CTS neverallow tests.\n\nBug: 20665861\nChange-Id: I657e18013dd5a1f40052bc2b02dd8e0afee9bcfb\nSigned-off-by: Jeff Vander Stoep \u003cjeffv@google.com\u003e\n(cherry picked from commit 8cdfb356b51e29494ca0b9e4e86727d6f841a52d)\n"
    },
    {
      "commit": "bb8c8befdd984468a43670f4ba2c9aac7d3fe31f",
      "tree": "efbb52938f1f07c9ad9693303aa50b5a1717022e",
      "parents": [
        "f3e85345addf732f1f930e91dc974ccda5f75084"
      ],
      "author": {
        "name": "Jeff Vander Stoep",
        "email": "jeffv@google.com",
        "time": "Mon Apr 20 17:45:42 2015 -0700"
      },
      "committer": {
        "name": "flintman",
        "email": "flintman@flintmancomputers.com",
        "time": "Mon Oct 12 21:03:11 2015 -0400"
      },
      "message": "SELinux: use deletion-safe iterator to free list\n\nThis code is not exercised by policy version 26, but will be upon\nupgrade to policy version 30.\n\nBug: 18087110\nChange-Id: I07c6f34607713294a6a12c43a64d9936f0602200\nSigned-off-by: Jeff Vander Stoep \u003cjeffv@google.com\u003e\n"
    },
    {
      "commit": "f3e85345addf732f1f930e91dc974ccda5f75084",
      "tree": "81f36a2bb0308eb07f67de57f6b3a38f6da57c15",
      "parents": [
        "f0449ea947097bfaefca995ceeb03ed9117fac38"
      ],
      "author": {
        "name": "Jeff Vander Stoep",
        "email": "jeffv@google.com",
        "time": "Wed Apr 08 11:27:46 2015 -0700"
      },
      "committer": {
        "name": "flintman",
        "email": "flintman@flintmancomputers.com",
        "time": "Mon Oct 12 21:03:10 2015 -0400"
      },
      "message": "SELinux: per-command whitelisting of ioctls\n\n note that this patch depends on a prior patch that is already in\n android-3.4 but has not apparently found its way into the msm 3.4\n branches (but is included in exynos and tegra),\n https://android-review.googlesource.com/#/c/92962/\n\nExtend the generic ioctl permission check with support for per-command\nfiltering. Source/target/class sets including the ioctl permission may\nadditionally include a set of commands. Example:\n\nallow \u003csource\u003e \u003ctarget\u003e:\u003cclass\u003e { 0x8910-0x8926 0x892A-0x8935 }\nauditallow \u003csource\u003e \u003ctarget\u003e:\u003cclass\u003e 0x892A\n\nWhen ioctl commands are omitted only the permissions are checked. This\nfeature is intended to provide finer granularity for the ioctl\npermission which may be too imprecise in some circumstances. For\nexample, the same driver may use ioctls to provide important and\nbenign functionality such as driver version or socket type as well as\ndangerous capabilities such as debugging features, read/write/execute\nto physical memory or access to sensitive data. Per-command filtering\nprovides a mechanism to reduce the attack surface of the kernel, and\nlimit applications to the subset of commands required.\n\nThe format of the policy binary has been modified to include ioctl\ncommands, and the policy version number has been incremented to\nPOLICYDB_VERSION_IOCTL_OPERATIONS\u003d30 to account for the format change.\n\nBug: 20350607\nBug: 18087110\nChange-Id: Ibf0e36728f6f3f0d5af56ccdeddee40800af689d\nSigned-off-by: Jeff Vander Stoep \u003cjeffv@google.com\u003e\n"
    },
    {
      "commit": "f0449ea947097bfaefca995ceeb03ed9117fac38",
      "tree": "247e2e0288dec8f7342e687391452643816fc4ff",
      "parents": [
        "19766a54e07e30168368322037e0dda3be4c6cfb"
      ],
      "author": {
        "name": "Richard Haines",
        "email": "richard_c_haines@btinternet.com",
        "time": "Tue Nov 19 17:34:23 2013 -0500"
      },
      "committer": {
        "name": "flintman",
        "email": "flintman@flintmancomputers.com",
        "time": "Mon Oct 12 21:03:08 2015 -0400"
      },
      "message": "SELinux: Update policy version to support constraints info\n\nUpdate the policy version (POLICYDB_VERSION_CONSTRAINT_NAMES) to allow\nholding of policy source info for constraints.\n\nChange-Id: Id2971142ad2e2dd47c12796480705128b230349f\nSigned-off-by: Richard Haines \u003crichard_c_haines@btinternet.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\n"
    },
    {
      "commit": "19766a54e07e30168368322037e0dda3be4c6cfb",
      "tree": "6af8a5983cf787299a59e60e47005b67bd5cee29",
      "parents": [
        "d076bc7ce1dd23fcc2084db69e9c03bfb12e624c"
      ],
      "author": {
        "name": "Eric Paris",
        "email": "eparis@redhat.com",
        "time": "Tue Mar 20 14:35:12 2012 -0400"
      },
      "committer": {
        "name": "flintman",
        "email": "flintman@flintmancomputers.com",
        "time": "Mon Oct 12 21:03:06 2015 -0400"
      },
      "message": "SELinux: add default_type statements\n\nBecause Fedora shipped userspace based on my development tree we now\nhave policy version 27 in the wild defining only default user, role, and\nrange.  Thus to add default_type we need a policy.28.\n\nChange-Id: Ic3e0cd121ef02b951674fafe13138a33e3e95c04\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n"
    },
    {
      "commit": "d076bc7ce1dd23fcc2084db69e9c03bfb12e624c",
      "tree": "76378d2b78acb149e57d3610776c3d61a001d497",
      "parents": [
        "d23d9267bc0393c8522aa6c3654e844f20c903eb"
      ],
      "author": {
        "name": "Eric Paris",
        "email": "eparis@redhat.com",
        "time": "Tue Mar 20 14:35:12 2012 -0400"
      },
      "committer": {
        "name": "flintman",
        "email": "flintman@flintmancomputers.com",
        "time": "Mon Oct 12 21:03:04 2015 -0400"
      },
      "message": "SELinux: allow default source/target selectors for user/role/range\n\nWhen new objects are created we have great and flexible rules to\ndetermine the type of the new object.  We aren\u0027t quite as flexible or\nmature when it comes to determining the user, role, and range.  This\npatch adds a new ability to specify the place a new objects user, role,\nand range should come from.  For users and roles it can come from either\nthe source or the target of the operation.  aka for files the user can\neither come from the source (the running process and todays default) or\nit can come from the target (aka the parent directory of the new file)\n\nexamples always are done with\ndirectory context: system_u:object_r:mnt_t:s0-s0:c0.c512\nprocess context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023\n\n[no rule]\n\tunconfined_u:object_r:mnt_t:s0   test_none\n[default user source]\n\tunconfined_u:object_r:mnt_t:s0   test_user_source\n[default user target]\n\tsystem_u:object_r:mnt_t:s0       test_user_target\n[default role source]\n\tunconfined_u:unconfined_r:mnt_t:s0 test_role_source\n[default role target]\n\tunconfined_u:object_r:mnt_t:s0   test_role_target\n[default range source low]\n\tunconfined_u:object_r:mnt_t:s0 test_range_source_low\n[default range source high]\n\tunconfined_u:object_r:mnt_t:s0:c0.c1023 test_range_source_high\n[default range source low-high]\n\tunconfined_u:object_r:mnt_t:s0-s0:c0.c1023 test_range_source_low-high\n[default range target low]\n\tunconfined_u:object_r:mnt_t:s0 test_range_target_low\n[default range target high]\n\tunconfined_u:object_r:mnt_t:s0:c0.c512 test_range_target_high\n[default range target low-high]\n\tunconfined_u:object_r:mnt_t:s0-s0:c0.c512 test_range_target_low-high\n\nChange-Id: I7b259aee39241825aa69882701099f1089108f4e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n"
    },
    {
      "commit": "6ebf0333cccc1d41983a8d54a1a8da229d5c5a7d",
      "tree": "9529f96cc061b766a4263740f4db7dcfb54a50bd",
      "parents": [
        "fa0ed22636c93a4b5b2fb670e014e6dbc1b97c2e"
      ],
      "author": {
        "name": "Nicolas Dichtel",
        "email": "nicolas.dichtel@6wind.com",
        "time": "Fri Apr 10 16:24:28 2015 +0200"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Fri Sep 18 09:20:29 2015 +0800"
      },
      "message": "selinux/nlmsg: add XFRM_MSG_MAPPING\n\ncommit bd2cba07381a6dba60bc1c87ed8b37931d244da1 upstream.\n\nThis command is missing.\n\nFixes: 3a2dfbe8acb1 (\"xfrm: Notify changes in UDP encapsulation via netlink\")\nCC: Martin Willi \u003cmartin@strongswan.org\u003e\nReported-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Nicolas Dichtel \u003cnicolas.dichtel@6wind.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "fa0ed22636c93a4b5b2fb670e014e6dbc1b97c2e",
      "tree": "5cee35d2fc5b958ad4546860cbcec43af0b1514a",
      "parents": [
        "0fcabf0bbb38ad0fd1951c43d80a6bf7c4720a7f"
      ],
      "author": {
        "name": "Nicolas Dichtel",
        "email": "nicolas.dichtel@6wind.com",
        "time": "Fri Apr 10 16:24:27 2015 +0200"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Fri Sep 18 09:20:29 2015 +0800"
      },
      "message": "selinux/nlmsg: add XFRM_MSG_MIGRATE\n\ncommit 8d465bb777179c4bea731b828ec484088cc9fbc1 upstream.\n\nThis command is missing.\n\nFixes: 5c79de6e79cd (\"[XFRM]: User interface for handling XFRM_MSG_MIGRATE\")\nReported-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Nicolas Dichtel \u003cnicolas.dichtel@6wind.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "0fcabf0bbb38ad0fd1951c43d80a6bf7c4720a7f",
      "tree": "825e6771ba25ab6eb9c89ef8ab0c420252d43d6e",
      "parents": [
        "5099fabbd6c12da280f7d479e7669d8316b01788"
      ],
      "author": {
        "name": "Nicolas Dichtel",
        "email": "nicolas.dichtel@6wind.com",
        "time": "Fri Apr 10 16:24:26 2015 +0200"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Fri Sep 18 09:20:29 2015 +0800"
      },
      "message": "selinux/nlmsg: add XFRM_MSG_REPORT\n\ncommit b0b59b0056acd6f157a04cc895f7e24692fb08aa upstream.\n\nThis command is missing.\n\nFixes: 97a64b4577ae (\"[XFRM]: Introduce XFRM_MSG_REPORT.\")\nReported-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Nicolas Dichtel \u003cnicolas.dichtel@6wind.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "ac18a5350cf80c0db90d71fbed78b8c5d4a367c5",
      "tree": "ecfea47787d34c8c48c9963b22c1af7fb7e0c62d",
      "parents": [
        "7cddc7d7e8a685682778763e35a0487a25153ca6"
      ],
      "author": {
        "name": "Nicolas Dichtel",
        "email": "nicolas.dichtel@6wind.com",
        "time": "Wed Apr 08 18:36:42 2015 +0200"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Fri Sep 18 09:20:28 2015 +0800"
      },
      "message": "selinux/nlmsg: add XFRM_MSG_[NEW|GET]SADINFO\n\ncommit 5b5800fad072133e4a9c2efbf735baaac83dec86 upstream.\n\nThese commands are missing.\n\nFixes: 28d8909bc790 (\"[XFRM]: Export SAD info.\")\nSigned-off-by: Nicolas Dichtel \u003cnicolas.dichtel@6wind.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n[lizf: Backported to 3.4: adjust context]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "7cddc7d7e8a685682778763e35a0487a25153ca6",
      "tree": "80bab5e9714cf3e16043e3f22bdfbba50c357b4a",
      "parents": [
        "fdea68e1782a1405e7b8cc1b9621d61fcf97400a"
      ],
      "author": {
        "name": "Nicolas Dichtel",
        "email": "nicolas.dichtel@6wind.com",
        "time": "Wed Apr 08 18:36:41 2015 +0200"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Fri Sep 18 09:20:28 2015 +0800"
      },
      "message": "selinux/nlmsg: add XFRM_MSG_GETSPDINFO\n\ncommit 5e6deebafb45fb271ae6939d48832e920b8fb74e upstream.\n\nThis command is missing.\n\nFixes: ecfd6b183780 (\"[XFRM]: Export SPD info\")\nSigned-off-by: Nicolas Dichtel \u003cnicolas.dichtel@6wind.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n[lizf: Backported to 3.4: adjust context]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "d4cd899d8665c75ebf36d4b101da5d990662281f",
      "tree": "66dec35ba65e2811c03397008766050f09a37724",
      "parents": [
        "e65b00aeda29774e3dbf18b47a0adec64469b2ff"
      ],
      "author": {
        "name": "Joe Perches",
        "email": "joe@perches.com",
        "time": "Mon Mar 23 18:01:35 2015 -0700"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Fri Jun 19 11:40:29 2015 +0800"
      },
      "message": "selinux: fix sel_write_enforce broken return value\n\ncommit 6436a123a147db51a0b06024a8350f4c230e73ff upstream.\n\nReturn a negative error value like the rest of the entries in this function.\n\nSigned-off-by: Joe Perches \u003cjoe@perches.com\u003e\nAcked-by:  Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n[PM: tweaked subject line]\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "6b962632ba4bdae071db35520e3dbb5e2d50e780",
      "tree": "803bb2bf9116b199e9c789fdae38bbae3b4ffbc8",
      "parents": [
        "de2a293c9b4cfda94aeb5572383beaa6493dd96d"
      ],
      "author": {
        "name": "Andrey Ryabinin",
        "email": "a.ryabinin@samsung.com",
        "time": "Tue Jan 13 18:52:40 2015 +0300"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Fri Jun 19 11:40:11 2015 +0800"
      },
      "message": "smack: fix possible use after frees in task_security() callers\n\ncommit 6d1cff2a885850b78b40c34777b46cf5da5d1050 upstream.\n\nWe hit use after free on dereferncing pointer to task_smack struct in\nsmk_of_task() called from smack_task_to_inode().\n\ntask_security() macro uses task_cred_xxx() to get pointer to the task_smack.\ntask_cred_xxx() could be used only for non-pointer members of task\u0027s\ncredentials. It cannot be used for pointer members since what they point\nto may disapper after dropping RCU read lock.\n\nMainly task_security() used this way:\n\tsmk_of_task(task_security(p))\n\nIntead of this introduce function smk_of_task_struct() which\ntakes task_struct as argument and returns pointer to smk_known struct\nand do this under RCU read lock.\nBogus task_security() macro is not used anymore, so remove it.\n\nKASan\u0027s report for this:\n\n\tAddressSanitizer: use after free in smack_task_to_inode+0x50/0x70 at addr c4635600\n\t\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\tBUG kmalloc-64 (Tainted: PO): kasan error\n\t-----------------------------------------------------------------------------\n\n\tDisabling lock debugging due to kernel taint\n\tINFO: Allocated in new_task_smack+0x44/0xd8 age\u003d39 cpu\u003d0 pid\u003d1866\n\t\tkmem_cache_alloc_trace+0x88/0x1bc\n\t\tnew_task_smack+0x44/0xd8\n\t\tsmack_cred_prepare+0x48/0x21c\n\t\tsecurity_prepare_creds+0x44/0x4c\n\t\tprepare_creds+0xdc/0x110\n\t\tsmack_setprocattr+0x104/0x150\n\t\tsecurity_setprocattr+0x4c/0x54\n\t\tproc_pid_attr_write+0x12c/0x194\n\t\tvfs_write+0x1b0/0x370\n\t\tSyS_write+0x5c/0x94\n\t\tret_fast_syscall+0x0/0x48\n\tINFO: Freed in smack_cred_free+0xc4/0xd0 age\u003d27 cpu\u003d0 pid\u003d1564\n\t\tkfree+0x270/0x290\n\t\tsmack_cred_free+0xc4/0xd0\n\t\tsecurity_cred_free+0x34/0x3c\n\t\tput_cred_rcu+0x58/0xcc\n\t\trcu_process_callbacks+0x738/0x998\n\t\t__do_softirq+0x264/0x4cc\n\t\tdo_softirq+0x94/0xf4\n\t\tirq_exit+0xbc/0x120\n\t\thandle_IRQ+0x104/0x134\n\t\tgic_handle_irq+0x70/0xac\n\t\t__irq_svc+0x44/0x78\n\t\t_raw_spin_unlock+0x18/0x48\n\t\tsync_inodes_sb+0x17c/0x1d8\n\t\tsync_filesystem+0xac/0xfc\n\t\tvdfs_file_fsync+0x90/0xc0\n\t\tvfs_fsync_range+0x74/0x7c\n\tINFO: Slab 0xd3b23f50 objects\u003d32 used\u003d31 fp\u003d0xc4635600 flags\u003d0x4080\n\tINFO: Object 0xc4635600 @offset\u003d5632 fp\u003d0x  (null)\n\n\tBytes b4 c46355f0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ\n\tObject c4635600: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk\n\tObject c4635610: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk\n\tObject c4635620: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk\n\tObject c4635630: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5  kkkkkkkkkkkkkkk.\n\tRedzone c4635640: bb bb bb bb                                      ....\n\tPadding c46356e8: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ\n\tPadding c46356f8: 5a 5a 5a 5a 5a 5a 5a 5a                          ZZZZZZZZ\n\tCPU: 5 PID: 834 Comm: launchpad_prelo Tainted: PBO 3.10.30 #1\n\tBacktrace:\n\t[\u003cc00233a4\u003e] (dump_backtrace+0x0/0x158) from [\u003cc0023dec\u003e] (show_stack+0x20/0x24)\n\t r7:c4634010 r6:d3b23f50 r5:c4635600 r4:d1002140\n\t[\u003cc0023dcc\u003e] (show_stack+0x0/0x24) from [\u003cc06d6d7c\u003e] (dump_stack+0x20/0x28)\n\t[\u003cc06d6d5c\u003e] (dump_stack+0x0/0x28) from [\u003cc01c1d50\u003e] (print_trailer+0x124/0x144)\n\t[\u003cc01c1c2c\u003e] (print_trailer+0x0/0x144) from [\u003cc01c1e88\u003e] (object_err+0x3c/0x44)\n\t r7:c4635600 r6:d1002140 r5:d3b23f50 r4:c4635600\n\t[\u003cc01c1e4c\u003e] (object_err+0x0/0x44) from [\u003cc01cac18\u003e] (kasan_report_error+0x2b8/0x538)\n\t r6:d1002140 r5:d3b23f50 r4:c6429cf8 r3:c09e1aa7\n\t[\u003cc01ca960\u003e] (kasan_report_error+0x0/0x538) from [\u003cc01c9430\u003e] (__asan_load4+0xd4/0xf8)\n\t[\u003cc01c935c\u003e] (__asan_load4+0x0/0xf8) from [\u003cc031e168\u003e] (smack_task_to_inode+0x50/0x70)\n\t r5:c4635600 r4:ca9da000\n\t[\u003cc031e118\u003e] (smack_task_to_inode+0x0/0x70) from [\u003cc031af64\u003e] (security_task_to_inode+0x3c/0x44)\n\t r5:cca25e80 r4:c0ba9780\n\t[\u003cc031af28\u003e] (security_task_to_inode+0x0/0x44) from [\u003cc023d614\u003e] (pid_revalidate+0x124/0x178)\n\t r6:00000000 r5:cca25e80 r4:cbabe3c0 r3:00008124\n\t[\u003cc023d4f0\u003e] (pid_revalidate+0x0/0x178) from [\u003cc01db98c\u003e] (lookup_fast+0x35c/0x43y4)\n\t r9:c6429efc r8:00000101 r7:c079d940 r6:c6429e90 r5:c6429ed8 r4:c83c4148\n\t[\u003cc01db630\u003e] (lookup_fast+0x0/0x434) from [\u003cc01deec8\u003e] (do_last.isra.24+0x1c0/0x1108)\n\t[\u003cc01ded08\u003e] (do_last.isra.24+0x0/0x1108) from [\u003cc01dff04\u003e] (path_openat.isra.25+0xf4/0x648)\n\t[\u003cc01dfe10\u003e] (path_openat.isra.25+0x0/0x648) from [\u003cc01e1458\u003e] (do_filp_open+0x3c/0x88)\n\t[\u003cc01e141c\u003e] (do_filp_open+0x0/0x88) from [\u003cc01ccb28\u003e] (do_sys_open+0xf0/0x198)\n\t r7:00000001 r6:c0ea2180 r5:0000000b r4:00000000\n\t[\u003cc01cca38\u003e] (do_sys_open+0x0/0x198) from [\u003cc01ccc00\u003e] (SyS_open+0x30/0x34)\n\t[\u003cc01ccbd0\u003e] (SyS_open+0x0/0x34) from [\u003cc001db80\u003e] (ret_fast_syscall+0x0/0x48)\n\tRead of size 4 by thread T834:\n\tMemory state around the buggy address:\n\t c4635380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n\t c4635400: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc\n\t c4635480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n\t c4635500: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc\n\t c4635580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n\t\u003ec4635600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n\t           ^\n\t c4635680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n\t c4635700: 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc\n\t c4635780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n\t c4635800: 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc\n\t c4635880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n\t\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\nSigned-off-by: Andrey Ryabinin \u003ca.ryabinin@samsung.com\u003e\n[lizf: Backported to 3.4:\n - smk_of_task() returns char* instead of smack_known *\n - replace task_security() with smk_of_task() with smk_of_task_struct()\n   manually]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "a71feb202f897c7978d60bfce80b58437f754209",
      "tree": "0475e3989443c2a1e0e8e89ef5e7c40338f7a346",
      "parents": [
        "a6af8f91623152e98fcc0cf13ed6143d77ac3a2f"
      ],
      "author": {
        "name": "James Sullins",
        "email": "jcsullins@gmail.com",
        "time": "Thu Nov 21 10:01:19 2013 -0600"
      },
      "committer": {
        "name": "flintman",
        "email": "flintman@flintmancomputers.com",
        "time": "Mon Apr 27 08:05:04 2015 -0400"
      },
      "message": "security/commoncap: fix perms for bluetooth/rfkill\n\nChange-Id: I9a8de2cf70855d6ca68195eba894c2af8eaa3e04\n"
    },
    {
      "commit": "5eab130238adb0adc6100dbba713082c19794dbf",
      "tree": "e4c0af7539ca574904595f40c2344602116b2160",
      "parents": [
        "d7a4f76933fc2be05f2837f46045039c9d187d45"
      ],
      "author": {
        "name": "Kees Cook",
        "email": "keescook@chromium.org",
        "time": "Wed May 21 15:23:46 2014 -0700"
      },
      "committer": {
        "name": "flintman",
        "email": "flintman@flintmancomputers.com",
        "time": "Mon Apr 27 08:04:54 2015 -0400"
      },
      "message": "sched: move no_new_privs into new atomic flags\n\nSince seccomp transitions between threads requires updates to the\nno_new_privs flag to be atomic, the flag must be part of an atomic flag\nset. This moves the nnp flag into a separate task field, and introduces\naccessors.\n\nChange-Id: I4e764b1b1eb5296a3f7e498a89cfdd6624796c87\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nReviewed-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nReviewed-by: Andy Lutomirski \u003cluto@amacapital.net\u003e\n"
    },
    {
      "commit": "d7a4f76933fc2be05f2837f46045039c9d187d45",
      "tree": "7f3f9af8d4888e568f6c22975f9f3b48b1479160",
      "parents": [
        "95de3e500c6502922b9e66385f9f0aad23f21128"
      ],
      "author": {
        "name": "John Johansen",
        "email": "john.johansen@canonical.com",
        "time": "Mon Jan 30 08:17:27 2012 -0800"
      },
      "committer": {
        "name": "flintman",
        "email": "flintman@flintmancomputers.com",
        "time": "Mon Apr 27 08:04:53 2015 -0400"
      },
      "message": "Fix execve behavior apparmor for PR_{GET,SET}_NO_NEW_PRIVS\n\nAdd support for AppArmor to explicitly fail requested domain transitions\nif NO_NEW_PRIVS is set and the task is not unconfined.\n\nTransitions from unconfined are still allowed because this always results\nin a reduction of privileges.\n\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Will Drewry \u003cwad@chromium.org\u003e\nSigned-off-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: Andy Lutomirski \u003cluto@amacapital.net\u003e\n\nv18: new acked-by, new description\n"
    },
    {
      "commit": "6295f3f6b2491291726ef485b62d1b651e69ea3b",
      "tree": "8136b7d5d84a34dc887d3c07af0b9a9e335be3c9",
      "parents": [
        "c389a745d038d17cf34312ee495aa51e60965385"
      ],
      "author": {
        "name": "Dmitry Kasatkin",
        "email": "d.kasatkin@samsung.com",
        "time": "Tue Oct 28 14:28:49 2014 +0200"
      },
      "committer": {
        "name": "flintman",
        "email": "flintman@flintmancomputers.com",
        "time": "Mon Apr 27 08:02:11 2015 -0400"
      },
      "message": "evm: check xattr value length and type in evm_inode_setxattr()\n\ncommit 3b1deef6b1289a99505858a3b212c5b50adf0c2f upstream.\n\nevm_inode_setxattr() can be called with no value. The function does not\ncheck the length so that following command can be used to produce the\nkernel oops: setfattr -n security.evm FOO. This patch fixes it.\n\nChanges in v3:\n* there is no reason to return different error codes for EVM_XATTR_HMAC\n  and non EVM_XATTR_HMAC. Remove unnecessary test then.\n\nChanges in v2:\n* testing for validity of xattr type\n\n[ 1106.396921] BUG: unable to handle kernel NULL pointer dereference at           (null)\n[ 1106.398192] IP: [\u003cffffffff812af7b8\u003e] evm_inode_setxattr+0x2a/0x48\n[ 1106.399244] PGD 29048067 PUD 290d7067 PMD 0\n[ 1106.399953] Oops: 0000 [#1] SMP\n[ 1106.400020] Modules linked in: bridge stp llc evdev serio_raw i2c_piix4 button fuse\n[ 1106.400020] CPU: 0 PID: 3635 Comm: setxattr Not tainted 3.16.0-kds+ #2936\n[ 1106.400020] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n[ 1106.400020] task: ffff8800291a0000 ti: ffff88002917c000 task.ti: ffff88002917c000\n[ 1106.400020] RIP: 0010:[\u003cffffffff812af7b8\u003e]  [\u003cffffffff812af7b8\u003e] evm_inode_setxattr+0x2a/0x48\n[ 1106.400020] RSP: 0018:ffff88002917fd50  EFLAGS: 00010246\n[ 1106.400020] RAX: 0000000000000000 RBX: ffff88002917fdf8 RCX: 0000000000000000\n[ 1106.400020] RDX: 0000000000000000 RSI: ffffffff818136d3 RDI: ffff88002917fdf8\n[ 1106.400020] RBP: ffff88002917fd68 R08: 0000000000000000 R09: 00000000003ec1df\n[ 1106.400020] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800438a0a00\n[ 1106.400020] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[ 1106.400020] FS:  00007f7dfa7d7740(0000) GS:ffff88005da00000(0000) knlGS:0000000000000000\n[ 1106.400020] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1106.400020] CR2: 0000000000000000 CR3: 000000003763e000 CR4: 00000000000006f0\n[ 1106.400020] Stack:\n[ 1106.400020]  ffff8800438a0a00 ffff88002917fdf8 0000000000000000 ffff88002917fd98\n[ 1106.400020]  ffffffff812a1030 ffff8800438a0a00 ffff88002917fdf8 0000000000000000\n[ 1106.400020]  0000000000000000 ffff88002917fde0 ffffffff8116d08a ffff88002917fdc8\n[ 1106.400020] Call Trace:\n[ 1106.400020]  [\u003cffffffff812a1030\u003e] security_inode_setxattr+0x5d/0x6a\n[ 1106.400020]  [\u003cffffffff8116d08a\u003e] vfs_setxattr+0x6b/0x9f\n[ 1106.400020]  [\u003cffffffff8116d1e0\u003e] setxattr+0x122/0x16c\n[ 1106.400020]  [\u003cffffffff811687e8\u003e] ? mnt_want_write+0x21/0x45\n[ 1106.400020]  [\u003cffffffff8114d011\u003e] ? __sb_start_write+0x10f/0x143\n[ 1106.400020]  [\u003cffffffff811687e8\u003e] ? mnt_want_write+0x21/0x45\n[ 1106.400020]  [\u003cffffffff811687c0\u003e] ? __mnt_want_write+0x48/0x4f\n[ 1106.400020]  [\u003cffffffff8116d3e6\u003e] SyS_setxattr+0x6e/0xb0\n[ 1106.400020]  [\u003cffffffff81529da9\u003e] system_call_fastpath+0x16/0x1b\n[ 1106.400020] Code: c3 0f 1f 44 00 00 55 48 89 e5 41 55 49 89 d5 41 54 49 89 fc 53 48 89 f3 48 c7 c6 d3 36 81 81 48 89 df e8 18 22 04 00 85 c0 75 07 \u003c41\u003e 80 7d 00 02 74 0d 48 89 de 4c 89 e7 e8 5a fe ff ff eb 03 83\n[ 1106.400020] RIP  [\u003cffffffff812af7b8\u003e] evm_inode_setxattr+0x2a/0x48\n[ 1106.400020]  RSP \u003cffff88002917fd50\u003e\n[ 1106.400020] CR2: 0000000000000000\n[ 1106.428061] ---[ end trace ae08331628ba3050 ]---\n\nReported-by: Jan Kara \u003cjack@suse.cz\u003e\nSigned-off-by: Dmitry Kasatkin \u003cd.kasatkin@samsung.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "61dedfa6a0d04c4efd7f67920bcfb48f2094a3fd",
      "tree": "238cabfe3daa6788e25f46eefd4c3e8306e4adef",
      "parents": [
        "1e604b5a88fe727b9687954f2f01fb3f532e5a47"
      ],
      "author": {
        "name": "Stephen Smalley",
        "email": "sds@tycho.nsa.gov",
        "time": "Mon Oct 06 16:32:52 2014 -0400"
      },
      "committer": {
        "name": "flintman",
        "email": "flintman@flintmancomputers.com",
        "time": "Mon Apr 27 08:01:21 2015 -0400"
      },
      "message": "selinux: fix inode security list corruption\n\ncommit 923190d32de4428afbea5e5773be86bea60a9925 upstream.\n\nsb_finish_set_opts() can race with inode_free_security()\nwhen initializing inode security structures for inodes\ncreated prior to initial policy load or by the filesystem\nduring -\u003emount().   This appears to have always been\na possible race, but commit 3dc91d4 (\"SELinux:  Fix possible\nNULL pointer dereference in selinux_inode_permission()\")\nmade it more evident by immediately reusing the unioned\nlist/rcu element  of the inode security structure for call_rcu()\nupon an inode_free_security().  But the underlying issue\nwas already present before that commit as a possible use-after-free\nof isec.\n\nShivnandan Kumar reported the list corruption and proposed\na patch to split the list and rcu elements out of the union\nas separate fields of the inode_security_struct so that setting\nthe rcu element would not affect the list element.  However,\nthis would merely hide the issue and not truly fix the code.\n\nThis patch instead moves up the deletion of the list entry\nprior to dropping the sbsec-\u003eisec_lock initially.  Then,\nif the inode is dropped subsequently, there will be no further\nreferences to the isec.\n\nReported-by: Shivnandan Kumar \u003cshivnandan.k@samsung.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "6fd17def6d964c81205230e02b4208c653106d51",
      "tree": "1253f07591fe80dc3442db927536c1b3f66b5cd7",
      "parents": [
        "a42e15a485c14f6d994192af4c16775fbd6c1126"
      ],
      "author": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Sun Oct 26 19:19:16 2014 -0400"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Tue Apr 14 17:33:58 2015 +0800"
      },
      "message": "move d_rcu from overlapping d_child to overlapping d_alias\n\ncommit 946e51f2bf37f1656916eb75bd0742ba33983c28 upstream.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n[bwh: Backported to 3.2:\n - Apply name changes in all the different places we use d_alias and d_child\n - Move the WARN_ON() in __d_free() to d_free() as we don\u0027t have dentry_free()]\nSigned-off-by: Ben Hutchings \u003cben@decadent.org.uk\u003e\n[lizf: Backported to 3.4:\n - adjust context\n - need one more name change in debugfs]\n"
    },
    {
      "commit": "a42e15a485c14f6d994192af4c16775fbd6c1126",
      "tree": "6c5eb91310f957427bb98997e55b1482b79ec0ca",
      "parents": [
        "565d34077a24bf7819e8fbbb6c93e4d6271c992f"
      ],
      "author": {
        "name": "Sasha Levin",
        "email": "sasha.levin@oracle.com",
        "time": "Mon Dec 29 09:39:01 2014 -0500"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Tue Apr 14 17:33:58 2015 +0800"
      },
      "message": "KEYS: close race between key lookup and freeing\n\ncommit a3a8784454692dd72e5d5d34dcdab17b4420e74c upstream.\n\nWhen a key is being garbage collected, it\u0027s key-\u003euser would get put before\nthe -\u003edestroy() callback is called, where the key is removed from it\u0027s\nrespective tracking structures.\n\nThis leaves a key hanging in a semi-invalid state which leaves a window open\nfor a different task to try an access key-\u003euser. An example is\nfind_keyring_by_name() which would dereference key-\u003euser for a key that is\nin the process of being garbage collected (where key-\u003euser was freed but\n-\u003edestroy() wasn\u0027t called yet - so it\u0027s still present in the linked list).\n\nThis would cause either a panic, or corrupt memory.\n\nFixes CVE-2014-9529.\n\nSigned-off-by: Sasha Levin \u003csasha.levin@oracle.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n[lizf: Backported to 3.4: adjust indentation]\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "187c38d0b6fbcc6a17cae6754148eb3f3f117458",
      "tree": "0a84d57a51ec19b23013a320612055d2dad6c97f",
      "parents": [
        "db84e0afa4ce394a30771ef2c02b36ee79f58e07"
      ],
      "author": {
        "name": "Takashi Iwai",
        "email": "tiwai@suse.de",
        "time": "Thu Dec 04 18:25:19 2014 +0100"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Tue Apr 14 17:33:45 2015 +0800"
      },
      "message": "KEYS: Fix stale key registration at error path\n\ncommit b26bdde5bb27f3f900e25a95e33a0c476c8c2c48 upstream.\n\nWhen loading encrypted-keys module, if the last check of\naes_get_sizes() in init_encrypted() fails, the driver just returns an\nerror without unregistering its key type.  This results in the stale\nentry in the list.  In addition to memory leaks, this leads to a kernel\ncrash when registering a new key type later.\n\nThis patch fixes the problem by swapping the calls of aes_get_sizes()\nand register_key_type(), and releasing resources properly at the error\npaths.\n\nBugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id\u003d908163\nSigned-off-by: Takashi Iwai \u003ctiwai@suse.de\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "63578cc53582e6fdf441cdaff1cc9d5a3ca3f6d2",
      "tree": "8a65eee2ea63ed783cd29d3c33b6035fc6087dd8",
      "parents": [
        "ad82ca3bfb2b43a17c9434ce03cfb5a91c9221e4"
      ],
      "author": {
        "name": "Dmitry Kasatkin",
        "email": "d.kasatkin@samsung.com",
        "time": "Tue Oct 28 14:28:49 2014 +0200"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Mon Feb 02 17:05:06 2015 +0800"
      },
      "message": "evm: check xattr value length and type in evm_inode_setxattr()\n\ncommit 3b1deef6b1289a99505858a3b212c5b50adf0c2f upstream.\n\nevm_inode_setxattr() can be called with no value. The function does not\ncheck the length so that following command can be used to produce the\nkernel oops: setfattr -n security.evm FOO. This patch fixes it.\n\nChanges in v3:\n* there is no reason to return different error codes for EVM_XATTR_HMAC\n  and non EVM_XATTR_HMAC. Remove unnecessary test then.\n\nChanges in v2:\n* testing for validity of xattr type\n\n[ 1106.396921] BUG: unable to handle kernel NULL pointer dereference at           (null)\n[ 1106.398192] IP: [\u003cffffffff812af7b8\u003e] evm_inode_setxattr+0x2a/0x48\n[ 1106.399244] PGD 29048067 PUD 290d7067 PMD 0\n[ 1106.399953] Oops: 0000 [#1] SMP\n[ 1106.400020] Modules linked in: bridge stp llc evdev serio_raw i2c_piix4 button fuse\n[ 1106.400020] CPU: 0 PID: 3635 Comm: setxattr Not tainted 3.16.0-kds+ #2936\n[ 1106.400020] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n[ 1106.400020] task: ffff8800291a0000 ti: ffff88002917c000 task.ti: ffff88002917c000\n[ 1106.400020] RIP: 0010:[\u003cffffffff812af7b8\u003e]  [\u003cffffffff812af7b8\u003e] evm_inode_setxattr+0x2a/0x48\n[ 1106.400020] RSP: 0018:ffff88002917fd50  EFLAGS: 00010246\n[ 1106.400020] RAX: 0000000000000000 RBX: ffff88002917fdf8 RCX: 0000000000000000\n[ 1106.400020] RDX: 0000000000000000 RSI: ffffffff818136d3 RDI: ffff88002917fdf8\n[ 1106.400020] RBP: ffff88002917fd68 R08: 0000000000000000 R09: 00000000003ec1df\n[ 1106.400020] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800438a0a00\n[ 1106.400020] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[ 1106.400020] FS:  00007f7dfa7d7740(0000) GS:ffff88005da00000(0000) knlGS:0000000000000000\n[ 1106.400020] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1106.400020] CR2: 0000000000000000 CR3: 000000003763e000 CR4: 00000000000006f0\n[ 1106.400020] Stack:\n[ 1106.400020]  ffff8800438a0a00 ffff88002917fdf8 0000000000000000 ffff88002917fd98\n[ 1106.400020]  ffffffff812a1030 ffff8800438a0a00 ffff88002917fdf8 0000000000000000\n[ 1106.400020]  0000000000000000 ffff88002917fde0 ffffffff8116d08a ffff88002917fdc8\n[ 1106.400020] Call Trace:\n[ 1106.400020]  [\u003cffffffff812a1030\u003e] security_inode_setxattr+0x5d/0x6a\n[ 1106.400020]  [\u003cffffffff8116d08a\u003e] vfs_setxattr+0x6b/0x9f\n[ 1106.400020]  [\u003cffffffff8116d1e0\u003e] setxattr+0x122/0x16c\n[ 1106.400020]  [\u003cffffffff811687e8\u003e] ? mnt_want_write+0x21/0x45\n[ 1106.400020]  [\u003cffffffff8114d011\u003e] ? __sb_start_write+0x10f/0x143\n[ 1106.400020]  [\u003cffffffff811687e8\u003e] ? mnt_want_write+0x21/0x45\n[ 1106.400020]  [\u003cffffffff811687c0\u003e] ? __mnt_want_write+0x48/0x4f\n[ 1106.400020]  [\u003cffffffff8116d3e6\u003e] SyS_setxattr+0x6e/0xb0\n[ 1106.400020]  [\u003cffffffff81529da9\u003e] system_call_fastpath+0x16/0x1b\n[ 1106.400020] Code: c3 0f 1f 44 00 00 55 48 89 e5 41 55 49 89 d5 41 54 49 89 fc 53 48 89 f3 48 c7 c6 d3 36 81 81 48 89 df e8 18 22 04 00 85 c0 75 07 \u003c41\u003e 80 7d 00 02 74 0d 48 89 de 4c 89 e7 e8 5a fe ff ff eb 03 83\n[ 1106.400020] RIP  [\u003cffffffff812af7b8\u003e] evm_inode_setxattr+0x2a/0x48\n[ 1106.400020]  RSP \u003cffff88002917fd50\u003e\n[ 1106.400020] CR2: 0000000000000000\n[ 1106.428061] ---[ end trace ae08331628ba3050 ]---\n\nReported-by: Jan Kara \u003cjack@suse.cz\u003e\nSigned-off-by: Dmitry Kasatkin \u003cd.kasatkin@samsung.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "e8ab53a5d68c75722c8a2ad3b08a6798ed47d4dc",
      "tree": "a9aedcea0154591a9dbc782bddb4a6ad592143f4",
      "parents": [
        "fb7eb2f7483ea1017d3fed87944a1153bc0879ec"
      ],
      "author": {
        "name": "Stephen Smalley",
        "email": "sds@tycho.nsa.gov",
        "time": "Mon Oct 06 16:32:52 2014 -0400"
      },
      "committer": {
        "name": "Zefan Li",
        "email": "lizefan@huawei.com",
        "time": "Mon Feb 02 17:04:50 2015 +0800"
      },
      "message": "selinux: fix inode security list corruption\n\ncommit 923190d32de4428afbea5e5773be86bea60a9925 upstream.\n\nsb_finish_set_opts() can race with inode_free_security()\nwhen initializing inode security structures for inodes\ncreated prior to initial policy load or by the filesystem\nduring -\u003emount().   This appears to have always been\na possible race, but commit 3dc91d4 (\"SELinux:  Fix possible\nNULL pointer dereference in selinux_inode_permission()\")\nmade it more evident by immediately reusing the unioned\nlist/rcu element  of the inode security structure for call_rcu()\nupon an inode_free_security().  But the underlying issue\nwas already present before that commit as a possible use-after-free\nof isec.\n\nShivnandan Kumar reported the list corruption and proposed\na patch to split the list and rcu elements out of the union\nas separate fields of the inode_security_struct so that setting\nthe rcu element would not affect the list element.  However,\nthis would merely hide the issue and not truly fix the code.\n\nThis patch instead moves up the deletion of the list entry\nprior to dropping the sbsec-\u003eisec_lock initially.  Then,\nif the inode is dropped subsequently, there will be no further\nreferences to the isec.\n\nReported-by: Shivnandan Kumar \u003cshivnandan.k@samsung.com\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nSigned-off-by: Zefan Li \u003clizefan@huawei.com\u003e\n"
    },
    {
      "commit": "1097d78180e1a2916c2bcdb15cb90ba131af9cd8",
      "tree": "5910f8fc0dcb85c71011ccccee18895769699390",
      "parents": [
        "3ded4adc97887ddde3c1855f29f062e015d19425",
        "7fd7a446b1c2b96252e4389746e5419eae04faef"
      ],
      "author": {
        "name": "Paul",
        "email": "javelinanddart@gmail.com",
        "time": "Sun Jan 11 17:15:40 2015 -0800"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Sun Jan 11 17:20:45 2015 -0800"
      },
      "message": "Merge tag \u0027v3.4.105\u0027 into cm-12.0\n\nThis is the 3.4.105 stable release\n\nConflicts:\n\tarch/arm/mm/proc-v7.S\n\tdrivers/bluetooth/hci_ldisc.c\n\tdrivers/media/dvb/dvb-core/dmxdev.c\n\tdrivers/usb/core/driver.c\n\tdrivers/usb/dwc3/core.c\n\tdrivers/usb/host/xhci-hub.c\n\tdrivers/usb/host/xhci.c\n\tdrivers/usb/serial/qcserial.c\n\tdrivers/usb/serial/usb_wwan.c\n\tkernel/events/core.c\n\tkernel/time/tick-sched.ck\n\tkernel/futex.c\n\tmm/memory_hotplug.c\n\tmm/vmscan.c\n\tnet/bluetooth/hci_conn.c\n\tnet/bluetooth/hci_event.c\n\tnet/bluetooth/l2cap_core.c\n\tnet/ipv4/ping.c\n\tnet/wireless/nl80211.c\n\tsound/soc/soc-core.c\n\nChange-Id: Id09da84afb427ba1a32ff26e74f2bb86458d4a2e\n"
    },
    {
      "commit": "77945c90c023415428f5bb0a682787401bc8bef3",
      "tree": "578d50f462f945ee3fe0e045798c06f3f43c676d",
      "parents": [
        "f16bf066acb08350287b5518875828e947e5c05a"
      ],
      "author": {
        "name": "Sasha Levin",
        "email": "sasha.levin@oracle.com",
        "time": "Mon Dec 29 14:39:01 2014 -0600"
      },
      "committer": {
        "name": "Matt Mower",
        "email": "mowerm@gmail.com",
        "time": "Tue Jan 06 12:42:32 2015 -0600"
      },
      "message": "KEYS: close race between key lookup and freeing\n\nWhen a key is being garbage collected, it\u0027s key-\u003euser would get put before\nthe -\u003edestroy() callback is called, where the key is removed from it\u0027s\nrespective tracking structures.\n\nThis leaves a key hanging in a semi-invalid state which leaves a window open\nfor a different task to try an access key-\u003euser. An example is\nfind_keyring_by_name() which would dereference key-\u003euser for a key that is\nin the process of being garbage collected (where key-\u003euser was freed but\n-\u003edestroy() wasn\u0027t called yet - so it\u0027s still present in the linked list).\n\nThis would cause either a panic, or corrupt memory.\n\nChange-Id: Ic74246dc2dcc593f04f71063e3301e7356d588b7\nSigned-off-by: Sasha Levin \u003csasha.levin@oracle.com\u003e\n"
    },
    {
      "commit": "62c2fe4dab1064dad772f2220486dd54e3deaeb6",
      "tree": "6a20ec807c371aa81f3c2c9f089df4be00aac2ed",
      "parents": [
        "9bf75dffc07ea6b5e19251880b8dcf0debdbbccc"
      ],
      "author": {
        "name": "Stephen Smalley",
        "email": "sds@tycho.nsa.gov",
        "time": "Sun Dec 14 12:37:06 2014 +0200"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Tue Dec 16 13:18:02 2014 -0800"
      },
      "message": "selinux: Report permissive mode in avc: denied messages.\n\nWe cannot presently tell from an avc: denied message whether access was in\nfact denied or was allowed due to global or per-domain permissive mode.\nAdd a permissive\u003d field to the avc message to reflect this information.\n\nChange-Id: I0281c366d0815addd5b22b26d266a18a743c53f5\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n"
    },
    {
      "commit": "9bf75dffc07ea6b5e19251880b8dcf0debdbbccc",
      "tree": "329bb5327b7e523ed2812dc6679b035f594f69f5",
      "parents": [
        "74cfe2dcc0f4b17f9abbabf349e33c39a260987e"
      ],
      "author": {
        "name": "Andy Lutomirski",
        "email": "luto@amacapital.net",
        "time": "Thu Apr 12 16:47:50 2012 -0500"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Tue Dec 16 13:18:02 2014 -0800"
      },
      "message": "Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs\n\nWith this change, calling\n  prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)\ndisables privilege granting operations at execve-time.  For example, a\nprocess will not be able to execute a setuid binary to change their uid\nor gid if this bit is set.  The same is true for file capabilities.\n\nAdditionally, LSM_UNSAFE_NO_NEW_PRIVS is defined to ensure that\nLSMs respect the requested behavior.\n\nTo determine if the NO_NEW_PRIVS bit is set, a task may call\n  prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0);\nIt returns 1 if set and 0 if it is not set. If any of the arguments are\nnon-zero, it will return -1 and set errno to -EINVAL.\n(PR_SET_NO_NEW_PRIVS behaves similarly.)\n\nThis functionality is desired for the proposed seccomp filter patch\nseries.  By using PR_SET_NO_NEW_PRIVS, it allows a task to modify the\nsystem call behavior for itself and its child tasks without being\nable to impact the behavior of a more privileged task.\n\nAnother potential use is making certain privileged operations\nunprivileged.  For example, chroot may be considered \"safe\" if it cannot\naffect privileged tasks.\n\nNote, this patch causes execve to fail when PR_SET_NO_NEW_PRIVS is\nset and AppArmor is in use.  It is fixed in a subsequent patch.\n\nSigned-off-by: Andy Lutomirski \u003cluto@amacapital.net\u003e\nSigned-off-by: Will Drewry \u003cwad@chromium.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Kees Cook \u003ckeescook@chromium.org\u003e\n\nChange-Id: I2159006d20daefe6add5adc47c22bdbcd7d79e3a\nv18: updated change desc\nv17: using new define values as per 3.4\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n"
    },
    {
      "commit": "12a38b8f1dd7c65d01aa4c759f29a700c194ecec",
      "tree": "60c9629330a2feb612a024f14847fa23243626d0",
      "parents": [
        "7f53daea4dd53f43dd10ac24f752f74063abe4fa"
      ],
      "author": {
        "name": "Mimi Zohar",
        "email": "zohar@linux.vnet.ibm.com",
        "time": "Sun May 11 00:05:23 2014 -0400"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Jun 26 15:10:28 2014 -0400"
      },
      "message": "evm: prohibit userspace writing \u0027security.evm\u0027 HMAC value\n\ncommit 2fb1c9a4f2dbc2f0bd2431c7fa64d0b5483864e4 upstream.\n\nCalculating the \u0027security.evm\u0027 HMAC value requires access to the\nEVM encrypted key.  Only the kernel should have access to it.  This\npatch prevents userspace tools(eg. setfattr, cp --preserve\u003dxattr)\nfrom setting/modifying the \u0027security.evm\u0027 HMAC value directly.\n\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "23a5a7a2dafd877ec853b4c7debf6d726d10f9b9",
      "tree": "609000441a317cb217a79c629b84dbb345a123b5",
      "parents": [
        "cd59fb14918a6b20c1ac8be121fa6397b97b00cb"
      ],
      "author": {
        "name": "Paul Moore",
        "email": "pmoore@redhat.com",
        "time": "Wed Mar 19 16:46:18 2014 -0400"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Mon Apr 14 06:44:17 2014 -0700"
      },
      "message": "selinux: correctly label /proc inodes in use before the policy is loaded\n\ncommit f64410ec665479d7b4b77b7519e814253ed0f686 upstream.\n\nThis patch is based on an earlier patch by Eric Paris, he describes\nthe problem below:\n\n  \"If an inode is accessed before policy load it will get placed on a\n   list of inodes to be initialized after policy load.  After policy\n   load we call inode_doinit() which calls inode_doinit_with_dentry()\n   on all inodes accessed before policy load.  In the case of inodes\n   in procfs that means we\u0027ll end up at the bottom where it does:\n\n     /* Default to the fs superblock SID. */\n     isec-\u003esid \u003d sbsec-\u003esid;\n\n     if ((sbsec-\u003eflags \u0026 SE_SBPROC) \u0026\u0026 !S_ISLNK(inode-\u003ei_mode)) {\n             if (opt_dentry) {\n                     isec-\u003esclass \u003d inode_mode_to_security_class(...)\n                     rc \u003d selinux_proc_get_sid(opt_dentry,\n                                               isec-\u003esclass,\n                                               \u0026sid);\n                     if (rc)\n                             goto out_unlock;\n                     isec-\u003esid \u003d sid;\n             }\n     }\n\n   Since opt_dentry is null, we\u0027ll never call selinux_proc_get_sid()\n   and will leave the inode labeled with the label on the superblock.\n   I believe a fix would be to mimic the behavior of xattrs.  Look\n   for an alias of the inode.  If it can\u0027t be found, just leave the\n   inode uninitialized (and pick it up later) if it can be found, we\n   should be able to call selinux_proc_get_sid() ...\"\n\nOn a system exhibiting this problem, you will notice a lot of files in\n/proc with the generic \"proc_t\" type (at least the ones that were\naccessed early in the boot), for example:\n\n   # ls -Z /proc/sys/kernel/shmmax | awk \u0027{ print $4 \" \" $5 }\u0027\n   system_u:object_r:proc_t:s0 /proc/sys/kernel/shmmax\n\nHowever, with this patch in place we see the expected result:\n\n   # ls -Z /proc/sys/kernel/shmmax | awk \u0027{ print $4 \" \" $5 }\u0027\n   system_u:object_r:sysctl_kernel_t:s0 /proc/sys/kernel/shmmax\n\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "186ef2385c50ee6b2232f2ab8edb354ca71332bf",
      "tree": "95356924d61dedc87dcc53d24b8896de9a7b8e27",
      "parents": [
        "f80747a43fc2613b9f5e1ded16f50ef28815652e"
      ],
      "author": {
        "name": "Eric Paris",
        "email": "eparis@redhat.com",
        "time": "Thu Feb 20 10:56:45 2014 -0500"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Tue Mar 11 16:10:02 2014 -0700"
      },
      "message": "SELinux: bigendian problems with filename trans rules\n\ncommit 9085a6422900092886da8c404e1c5340c4ff1cbf upstream.\n\nWhen writing policy via /sys/fs/selinux/policy I wrote the type and class\nof filename trans rules in CPU endian instead of little endian.  On\nx86_64 this works just fine, but it means that on big endian arch\u0027s like\nppc64 and s390 userspace reads the policy and converts it from\nle32_to_cpu.  So the values are all screwed up.  Write the values in le\nformat like it should have been to start.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by:  Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "66d383de0963dd351051304e36247e9a6fa66b77",
      "tree": "5cd17ffcb6edfa4385a2ceddb63ada9efdea2ee1",
      "parents": [
        "c523abc466c9b7c693e4a528ca2f54c6e931b6a6",
        "2606524141e4ff9b6a5d0bcbd9d601dfc5a8285c"
      ],
      "author": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Fri Mar 07 11:56:04 2014 -0800"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Fri Mar 07 11:56:04 2014 -0800"
      },
      "message": "Merge tag \u0027v3.4.82\u0027 into cm-11.0\n\nThis is the 3.4.82 stable release\n\nConflicts:\n\tarch/arm/kernel/traps.c\n\tmm/internal.h\n\nChange-Id: Ie3b1ffdfe133e76cfa3eaaa4305535af8490d7cc\n"
    },
    {
      "commit": "a0f916d429bcb240f8048c0d5f61d07c6d0c73ae",
      "tree": "76d140745d5050c649ad216bfc58691d7a7eeacd",
      "parents": [
        "a6d2ebcda7cb7467b3f5ca597710be25cc8ad76f"
      ],
      "author": {
        "name": "Stephen Smalley",
        "email": "sds@tycho.nsa.gov",
        "time": "Thu Jan 30 11:26:59 2014 -0500"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Feb 20 10:45:32 2014 -0800"
      },
      "message": "SELinux: Fix kernel BUG on empty security contexts.\n\ncommit 2172fa709ab32ca60e86179dc67d0857be8e2c98 upstream.\n\nSetting an empty security context (length\u003d0) on a file will\nlead to incorrectly dereferencing the type and other fields\nof the security context structure, yielding a kernel BUG.\nAs a zero-length security context is never valid, just reject\nall such security contexts whether coming from userspace\nvia setxattr or coming from the filesystem upon a getxattr\nrequest by SELinux.\n\nSetting a security context value (empty or otherwise) unknown to\nSELinux in the first place is only possible for a root process\n(CAP_MAC_ADMIN), and, if running SELinux in enforcing mode, only\nif the corresponding SELinux mac_admin permission is also granted\nto the domain by policy.  In Fedora policies, this is only allowed for\nspecific domains such as livecd for setting down security contexts\nthat are not defined in the build host policy.\n\nReproducer:\nsu\nsetenforce 0\ntouch foo\nsetfattr -n security.selinux foo\n\nCaveat:\nRelabeling or removing foo after doing the above may not be possible\nwithout booting with SELinux disabled.  Any subsequent access to foo\nafter doing the above will also trigger the BUG.\n\nBUG output from Matthew Thode:\n[  473.893141] ------------[ cut here ]------------\n[  473.962110] kernel BUG at security/selinux/ss/services.c:654!\n[  473.995314] invalid opcode: 0000 [#6] SMP\n[  474.027196] Modules linked in:\n[  474.058118] CPU: 0 PID: 8138 Comm: ls Tainted: G      D   I\n3.13.0-grsec #1\n[  474.116637] Hardware name: Supermicro X8ST3/X8ST3, BIOS 2.0\n07/29/10\n[  474.149768] task: ffff8805f50cd010 ti: ffff8805f50cd488 task.ti:\nffff8805f50cd488\n[  474.183707] RIP: 0010:[\u003cffffffff814681c7\u003e]  [\u003cffffffff814681c7\u003e]\ncontext_struct_compute_av+0xce/0x308\n[  474.219954] RSP: 0018:ffff8805c0ac3c38  EFLAGS: 00010246\n[  474.252253] RAX: 0000000000000000 RBX: ffff8805c0ac3d94 RCX:\n0000000000000100\n[  474.287018] RDX: ffff8805e8aac000 RSI: 00000000ffffffff RDI:\nffff8805e8aaa000\n[  474.321199] RBP: ffff8805c0ac3cb8 R08: 0000000000000010 R09:\n0000000000000006\n[  474.357446] R10: 0000000000000000 R11: ffff8805c567a000 R12:\n0000000000000006\n[  474.419191] R13: ffff8805c2b74e88 R14: 00000000000001da R15:\n0000000000000000\n[  474.453816] FS:  00007f2e75220800(0000) GS:ffff88061fc00000(0000)\nknlGS:0000000000000000\n[  474.489254] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  474.522215] CR2: 00007f2e74716090 CR3: 00000005c085e000 CR4:\n00000000000207f0\n[  474.556058] Stack:\n[  474.584325]  ffff8805c0ac3c98 ffffffff811b549b ffff8805c0ac3c98\nffff8805f1190a40\n[  474.618913]  ffff8805a6202f08 ffff8805c2b74e88 00068800d0464990\nffff8805e8aac860\n[  474.653955]  ffff8805c0ac3cb8 000700068113833a ffff880606c75060\nffff8805c0ac3d94\n[  474.690461] Call Trace:\n[  474.723779]  [\u003cffffffff811b549b\u003e] ? lookup_fast+0x1cd/0x22a\n[  474.778049]  [\u003cffffffff81468824\u003e] security_compute_av+0xf4/0x20b\n[  474.811398]  [\u003cffffffff8196f419\u003e] avc_compute_av+0x2a/0x179\n[  474.843813]  [\u003cffffffff8145727b\u003e] avc_has_perm+0x45/0xf4\n[  474.875694]  [\u003cffffffff81457d0e\u003e] inode_has_perm+0x2a/0x31\n[  474.907370]  [\u003cffffffff81457e76\u003e] selinux_inode_getattr+0x3c/0x3e\n[  474.938726]  [\u003cffffffff81455cf6\u003e] security_inode_getattr+0x1b/0x22\n[  474.970036]  [\u003cffffffff811b057d\u003e] vfs_getattr+0x19/0x2d\n[  475.000618]  [\u003cffffffff811b05e5\u003e] vfs_fstatat+0x54/0x91\n[  475.030402]  [\u003cffffffff811b063b\u003e] vfs_lstat+0x19/0x1b\n[  475.061097]  [\u003cffffffff811b077e\u003e] SyS_newlstat+0x15/0x30\n[  475.094595]  [\u003cffffffff8113c5c1\u003e] ? __audit_syscall_entry+0xa1/0xc3\n[  475.148405]  [\u003cffffffff8197791e\u003e] system_call_fastpath+0x16/0x1b\n[  475.179201] Code: 00 48 85 c0 48 89 45 b8 75 02 0f 0b 48 8b 45 a0 48\n8b 3d 45 d0 b6 00 8b 40 08 89 c6 ff ce e8 d1 b0 06 00 48 85 c0 49 89 c7\n75 02 \u003c0f\u003e 0b 48 8b 45 b8 4c 8b 28 eb 1e 49 8d 7d 08 be 80 01 00 00 e8\n[  475.255884] RIP  [\u003cffffffff814681c7\u003e]\ncontext_struct_compute_av+0xce/0x308\n[  475.296120]  RSP \u003cffff8805c0ac3c38\u003e\n[  475.328734] ---[ end trace f076482e9d754adc ]---\n\nReported-by:  Matthew Thode \u003cmthode@mthode.org\u003e\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "ef609edc523e00e7b8cf6be348f52f6d6577d63e",
      "tree": "730c6ffc56d7904a5473602a80897f6da5dd246b",
      "parents": [
        "e3b1f4138a12a66dcd2a48e5b4a7fa1bba9c2c5b"
      ],
      "author": {
        "name": "Tetsuo Handa",
        "email": "penguin-kernel@I-love.SAKURA.ne.jp",
        "time": "Mon Jan 06 21:28:15 2014 +0900"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Feb 13 11:51:07 2014 -0800"
      },
      "message": "SELinux: Fix memory leak upon loading policy\n\ncommit 8ed814602876bec9bad2649ca17f34b499357a1c upstream.\n\nHello.\n\nI got below leak with linux-3.10.0-54.0.1.el7.x86_64 .\n\n[  681.903890] kmemleak: 5538 new suspected memory leaks (see /sys/kernel/debug/kmemleak)\n\nBelow is a patch, but I don\u0027t know whether we need special handing for undoing\nebitmap_set_bit() call.\n----------\n\u003e\u003eFrom fe97527a90fe95e2239dfbaa7558f0ed559c0992 Mon Sep 17 00:00:00 2001\nFrom: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nDate: Mon, 6 Jan 2014 16:30:21 +0900\nSubject: SELinux: Fix memory leak upon loading policy\n\nCommit 2463c26d \"SELinux: put name based create rules in a hashtable\" did not\ncheck return value from hashtab_insert() in filename_trans_read(). It leaks\nmemory if hashtab_insert() returns error.\n\n  unreferenced object 0xffff88005c9160d0 (size 8):\n    comm \"systemd\", pid 1, jiffies 4294688674 (age 235.265s)\n    hex dump (first 8 bytes):\n      57 0b 00 00 6b 6b 6b a5                          W...kkk.\n    backtrace:\n      [\u003cffffffff816604ae\u003e] kmemleak_alloc+0x4e/0xb0\n      [\u003cffffffff811cba5e\u003e] kmem_cache_alloc_trace+0x12e/0x360\n      [\u003cffffffff812aec5d\u003e] policydb_read+0xd1d/0xf70\n      [\u003cffffffff812b345c\u003e] security_load_policy+0x6c/0x500\n      [\u003cffffffff812a623c\u003e] sel_write_load+0xac/0x750\n      [\u003cffffffff811eb680\u003e] vfs_write+0xc0/0x1f0\n      [\u003cffffffff811ec08c\u003e] SyS_write+0x4c/0xa0\n      [\u003cffffffff81690419\u003e] system_call_fastpath+0x16/0x1b\n      [\u003cffffffffffffffff\u003e] 0xffffffffffffffff\n\nHowever, we should not return EEXIST error to the caller, or the systemd will\nshow below message and the boot sequence freezes.\n\n  systemd[1]: Failed to load SELinux policy. Freezing.\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "9e74d93d657ae6662cfd5e3e9ca67d05cfffbd9a",
      "tree": "d5cf44c68adfbbbef3bd83cccf982298765f958b",
      "parents": [
        "e34cdde46b0c080f0654f5237c4af76b27019f60"
      ],
      "author": {
        "name": "Steven Rostedt",
        "email": "rostedt@goodmis.org",
        "time": "Thu Jan 09 21:46:34 2014 -0500"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Wed Jan 29 05:10:42 2014 -0800"
      },
      "message": "SELinux: Fix possible NULL pointer dereference in selinux_inode_permission()\n\ncommit 3dc91d4338d698ce77832985f9cb183d8eeaf6be upstream.\n\nWhile running stress tests on adding and deleting ftrace instances I hit\nthis bug:\n\n  BUG: unable to handle kernel NULL pointer dereference at 0000000000000020\n  IP: selinux_inode_permission+0x85/0x160\n  PGD 63681067 PUD 7ddbe067 PMD 0\n  Oops: 0000 [#1] PREEMPT\n  CPU: 0 PID: 5634 Comm: ftrace-test-mki Not tainted 3.13.0-rc4-test-00033-gd2a6dde-dirty #20\n  Hardware name:                  /DG965MQ, BIOS MQ96510J.86A.0372.2006.0605.1717 06/05/2006\n  task: ffff880078375800 ti: ffff88007ddb0000 task.ti: ffff88007ddb0000\n  RIP: 0010:[\u003cffffffff812d8bc5\u003e]  [\u003cffffffff812d8bc5\u003e] selinux_inode_permission+0x85/0x160\n  RSP: 0018:ffff88007ddb1c48  EFLAGS: 00010246\n  RAX: 0000000000000000 RBX: 0000000000800000 RCX: ffff88006dd43840\n  RDX: 0000000000000001 RSI: 0000000000000081 RDI: ffff88006ee46000\n  RBP: ffff88007ddb1c88 R08: 0000000000000000 R09: ffff88007ddb1c54\n  R10: 6e6576652f6f6f66 R11: 0000000000000003 R12: 0000000000000000\n  R13: 0000000000000081 R14: ffff88006ee46000 R15: 0000000000000000\n  FS:  00007f217b5b6700(0000) GS:ffffffff81e21000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033^M\n  CR2: 0000000000000020 CR3: 000000006a0fe000 CR4: 00000000000007f0\n  Call Trace:\n    security_inode_permission+0x1c/0x30\n    __inode_permission+0x41/0xa0\n    inode_permission+0x18/0x50\n    link_path_walk+0x66/0x920\n    path_openat+0xa6/0x6c0\n    do_filp_open+0x43/0xa0\n    do_sys_open+0x146/0x240\n    SyS_open+0x1e/0x20\n    system_call_fastpath+0x16/0x1b\n  Code: 84 a1 00 00 00 81 e3 00 20 00 00 89 d8 83 c8 02 40 f6 c6 04 0f 45 d8 40 f6 c6 08 74 71 80 cf 02 49 8b 46 38 4c 8d 4d cc 45 31 c0 \u003c0f\u003e b7 50 20 8b 70 1c 48 8b 41 70 89 d9 8b 78 04 e8 36 cf ff ff\n  RIP  selinux_inode_permission+0x85/0x160\n  CR2: 0000000000000020\n\nInvestigating, I found that the inode-\u003ei_security was NULL, and the\ndereference of it caused the oops.\n\nin selinux_inode_permission():\n\n\tisec \u003d inode-\u003ei_security;\n\n\trc \u003d avc_has_perm_noaudit(sid, isec-\u003esid, isec-\u003esclass, perms, 0, \u0026avd);\n\nNote, the crash came from stressing the deletion and reading of debugfs\nfiles.  I was not able to recreate this via normal files.  But I\u0027m not\nsure they are safe.  It may just be that the race window is much harder\nto hit.\n\nWhat seems to have happened (and what I have traced), is the file is\nbeing opened at the same time the file or directory is being deleted.\nAs the dentry and inode locks are not held during the path walk, nor is\nthe inodes ref counts being incremented, there is nothing saving these\nstructures from being discarded except for an rcu_read_lock().\n\nThe rcu_read_lock() protects against freeing of the inode, but it does\nnot protect freeing of the inode_security_struct.  Now if the freeing of\nthe i_security happens with a call_rcu(), and the i_security field of\nthe inode is not changed (it gets freed as the inode gets freed) then\nthere will be no issue here.  (Linus Torvalds suggested not setting the\nfield to NULL such that we do not need to check if it is NULL in the\npermission check).\n\nNote, this is a hack, but it fixes the problem at hand.  A real fix is\nto restructure the destroy_inode() to call all the destructor handlers\nfrom the RCU callback.  But that is a major job to do, and requires a\nlot of work.  For now, we just band-aid this bug with this fix (it\nworks), and work on a more maintainable solution in the future.\n\nLink: http://lkml.kernel.org/r/20140109101932.0508dec7@gandalf.local.home\nLink: http://lkml.kernel.org/r/20140109182756.17abaaa8@gandalf.local.home\n\nSigned-off-by: Steven Rostedt \u003crostedt@goodmis.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "9771ba99eb41a87d5add7799092288e702283dfc",
      "tree": "00bd25fc71a77ad9097cf08d1e69c79336329c44",
      "parents": [
        "8ad62c20c16409cf90fd7c6774f71ce81378d6a0"
      ],
      "author": {
        "name": "Eric Paris",
        "email": "eparis@redhat.com",
        "time": "Fri Jul 06 14:13:29 2012 -0400"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Fri Jan 17 22:12:26 2014 -0800"
      },
      "message": "SELinux: include definition of new capabilities\n\nThe kernel has added CAP_WAKE_ALARM and CAP_EPOLLWAKEUP.  We need to\ndefine these in SELinux so they can be mediated by policy.\n\nChange-Id: I8a3e0db15ec5f4eb05d455a57e8446a8c2b484c2\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n[sds: rename epollwakeup to block_suspend to match upstream merge]\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n"
    },
    {
      "commit": "fda73056f62d84376a3d29926708b4a08155da31",
      "tree": "0080c4eec02c23179f59a50d269f48f7662b61ce",
      "parents": [
        "cf8f2e58d0893f9785b8056b29d9bbcb4758765f",
        "94f578e6aba14bb2aeb00db2e7f6e5f704fee937"
      ],
      "author": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Tue Jan 14 21:50:44 2014 -0800"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Tue Jan 14 21:50:44 2014 -0800"
      },
      "message": "Merge tag \u0027v3.4.76\u0027 into cm-11.0\n\nThis is the 3.4.76 stable release\n\nConflicts:\n\tdrivers/gpio/gpio-msm-v2.c\n\nChange-Id: Ic80b29098bdf656b5e5c9b95d98d2ec64bba1f28\n"
    },
    {
      "commit": "420cc6d77fd83ab28ebed7ab1dc9018ab351ec12",
      "tree": "5b28c87f0e82876d6a895895a249b2824a5042af",
      "parents": [
        "73ec955cd6954d69540c7a761182ee84d2bad189"
      ],
      "author": {
        "name": "Paul Moore",
        "email": "pmoore@redhat.com",
        "time": "Tue Dec 10 14:58:01 2013 -0500"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Wed Jan 08 09:42:12 2014 -0800"
      },
      "message": "selinux: process labeled IPsec TCP SYN-ACK packets properly in selinux_ip_postroute()\n\ncommit c0828e50485932b7e019df377a6b0a8d1ebd3080 upstream.\n\nDue to difficulty in arriving at the proper security label for\nTCP SYN-ACK packets in selinux_ip_postroute(), we need to check packets\nwhile/before they are undergoing XFRM transforms instead of waiting\nuntil afterwards so that we can determine the correct security label.\n\nReported-by: Janak Desai \u003cJanak.Desai@gtri.gatech.edu\u003e\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "73ec955cd6954d69540c7a761182ee84d2bad189",
      "tree": "d2e9e8a5966067058d959d9bcae6ea77cf6aaf02",
      "parents": [
        "7a12bcd95b59dcf1a715827846baa7c81d1946f9"
      ],
      "author": {
        "name": "Paul Moore",
        "email": "pmoore@redhat.com",
        "time": "Tue Dec 10 14:57:54 2013 -0500"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Wed Jan 08 09:42:12 2014 -0800"
      },
      "message": "selinux: look for IPsec labels on both inbound and outbound packets\n\ncommit 817eff718dca4e54d5721211ddde0914428fbb7c upstream.\n\nPreviously selinux_skb_peerlbl_sid() would only check for labeled\nIPsec security labels on inbound packets, this patch enables it to\ncheck both inbound and outbound traffic for labeled IPsec security\nlabels.\n\nReported-by: Janak Desai \u003cJanak.Desai@gtri.gatech.edu\u003e\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "58c2314ac41e8f24a2a594bd866915e38de9648e",
      "tree": "25b4928360576d7d6501a1e0d01fcab7e6003226",
      "parents": [
        "351381d8cea3036cfe021eb29994584d0e5c0e73"
      ],
      "author": {
        "name": "Oleg Nesterov",
        "email": "oleg@redhat.com",
        "time": "Mon Dec 23 17:45:01 2013 -0500"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Wed Jan 08 09:42:10 2014 -0800"
      },
      "message": "selinux: selinux_setprocattr()-\u003eptrace_parent() needs rcu_read_lock()\n\ncommit c0c1439541f5305b57a83d599af32b74182933fe upstream.\n\nselinux_setprocattr() does ptrace_parent(p) under task_lock(p),\nbut task_struct-\u003ealloc_lock doesn\u0027t pin -\u003eparent or -\u003eptrace,\nthis looks confusing and triggers the \"suspicious RCU usage\"\nwarning because ptrace_parent() does rcu_dereference_check().\n\nAnd in theory this is wrong, spin_lock()-\u003epreempt_disable()\ndoesn\u0027t necessarily imply rcu_read_lock() we need to access\nthe -\u003eparent.\n\nReported-by: Evan McNabb \u003cemcnabb@redhat.com\u003e\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "351381d8cea3036cfe021eb29994584d0e5c0e73",
      "tree": "575afc68d8b8f5522817066d64aae1dc6843a69a",
      "parents": [
        "bc8a3912facbd66e2b88d10922aae74548b86606"
      ],
      "author": {
        "name": "Chad Hanson",
        "email": "chanson@trustedcs.com",
        "time": "Mon Dec 23 17:45:01 2013 -0500"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Wed Jan 08 09:42:10 2014 -0800"
      },
      "message": "selinux: fix broken peer recv check\n\ncommit 46d01d63221c3508421dd72ff9c879f61053cffc upstream.\n\nFix a broken networking check. Return an error if peer recv fails.  If\nsecmark is active and the packet recv succeeds the peer recv error is\nignored.\n\nSigned-off-by: Chad Hanson \u003cchanson@trustedcs.com\u003e\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "de0f9a5a9d7932086e623560d66655cc8507cfec",
      "tree": "d9e4678d68da38d7670b79c8b5e8782445c5ad7e",
      "parents": [
        "e1a3c5a3706d580390c02c69cb14dcd679d31d91",
        "84dfcb758ba7cce52ef475ac96861a558e1a20ca"
      ],
      "author": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Sat Dec 21 14:22:41 2013 -0800"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Sat Dec 21 14:22:41 2013 -0800"
      },
      "message": "Merge tag \u0027v3.4.75\u0027 into cm-11.0\n\nThis is the 3.4.75 stable release\n\nConflicts:\n\tdrivers/md/dm-crypt.c\n\tdrivers/mmc/card/block.c\n\tdrivers/net/ethernet/smsc/smc91x.h\n\nChange-Id: I39f38ef5530c5fef07583beb9d76b983e71b9ff3\n"
    },
    {
      "commit": "2ea04e5a3d579032632c72584ea67b623321064c",
      "tree": "ea2d1ac04a2559bc55aa2dde512e99d9e8f16862",
      "parents": [
        "1c5d9d1527ceb57e66001fba3d84c766d89baf2e"
      ],
      "author": {
        "name": "Paul Moore",
        "email": "pmoore@redhat.com",
        "time": "Wed Dec 04 16:10:51 2013 -0500"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Fri Dec 20 07:34:20 2013 -0800"
      },
      "message": "selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute()\n\ncommit 446b802437f285de68ffb8d6fac3c44c3cab5b04 upstream.\n\nIn selinux_ip_postroute() we perform access checks based on the\npacket\u0027s security label.  For locally generated traffic we get the\npacket\u0027s security label from the associated socket; this works in all\ncases except for TCP SYN-ACK packets.  In the case of SYN-ACK packet\u0027s\nthe correct security label is stored in the connection\u0027s request_sock,\nnot the server\u0027s socket.  Unfortunately, at the point in time when\nselinux_ip_postroute() is called we can\u0027t query the request_sock\ndirectly, we need to recreate the label using the same logic that\noriginally labeled the associated request_sock.\n\nSee the inline comments for more explanation.\n\nReported-by: Janak Desai \u003cJanak.Desai@gtri.gatech.edu\u003e\nTested-by: Janak Desai \u003cJanak.Desai@gtri.gatech.edu\u003e\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "1c5d9d1527ceb57e66001fba3d84c766d89baf2e",
      "tree": "2fd2bda381a616fca0a9ed6326bd0ba732621a7c",
      "parents": [
        "898341afe54f827138e9b3516ae5a456f2d5fa48"
      ],
      "author": {
        "name": "Paul Moore",
        "email": "pmoore@redhat.com",
        "time": "Wed Dec 04 16:10:45 2013 -0500"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Fri Dec 20 07:34:20 2013 -0800"
      },
      "message": "selinux: handle TCP SYN-ACK packets correctly in selinux_ip_output()\n\ncommit 47180068276a04ed31d24fe04c673138208b07a9 upstream.\n\nIn selinux_ip_output() we always label packets based on the parent\nsocket.  While this approach works in almost all cases, it doesn\u0027t\nwork in the case of TCP SYN-ACK packets when the correct label is not\nthe label of the parent socket, but rather the label of the larval\nsocket represented by the request_sock struct.\n\nUnfortunately, since the request_sock isn\u0027t queued on the parent\nsocket until *after* the SYN-ACK packet is sent, we can\u0027t lookup the\nrequest_sock to determine the correct label for the packet; at this\npoint in time the best we can do is simply pass/NF_ACCEPT the packet.\nIt must be said that simply passing the packet without any explicit\nlabeling action, while far from ideal, is not terrible as the SYN-ACK\npacket will inherit any IP option based labeling from the initial\nconnection request so the label *should* be correct and all our\naccess controls remain in place so we shouldn\u0027t have to worry about\ninformation leaks.\n\nReported-by: Janak Desai \u003cJanak.Desai@gtri.gatech.edu\u003e\nTested-by: Janak Desai \u003cJanak.Desai@gtri.gatech.edu\u003e\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "2a38ada0f1ab9f894eea4428731ebc811b51c3f3",
      "tree": "759c765808a23a3a35e4ba10d8306c847c0205b7",
      "parents": [
        "19218e895cefdd389c96af12c93c89e7276bbaad",
        "44d19f5a04ae4e433548ba2f25e4d2ccfcac765e"
      ],
      "author": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Sun Dec 08 12:50:38 2013 -0800"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Sun Dec 08 12:50:38 2013 -0800"
      },
      "message": "Merge tag \u0027v3.4.72\u0027 into tmp\n\nThis is the 3.4.72 stable release\n\nConflicts:\n\tarch/arm/Kconfig\n\tarch/arm/include/asm/mutex.h\n\tarch/arm/kernel/perf_event.c\n\tarch/arm/kernel/traps.c\n\tarch/arm/mm/dma-mapping.c\n\tdrivers/base/power/main.c\n\tdrivers/bluetooth/ath3k.c\n\tdrivers/bluetooth/btusb.c\n\tdrivers/gpu/drm/radeon/radeon_mode.h\n\tdrivers/mmc/card/block.c\n\tdrivers/mmc/host/sdhci.c\n\tdrivers/usb/core/message.c\n\tdrivers/usb/host/xhci-plat.c\n\tdrivers/usb/host/xhci.h\n\tdrivers/virtio/virtio_ring.c\n\tfs/ubifs/dir.c\n\tinclude/linux/freezer.h\n\tinclude/linux/virtio.h\n\tinclude/media/v4l2-ctrls.h\n\tinclude/net/bluetooth/hci_core.h\n\tinclude/net/bluetooth/mgmt.h\n\tkernel/cgroup.c\n\tkernel/futex.c\n\tkernel/signal.c\n\tnet/bluetooth/hci_conn.c\n\tnet/bluetooth/hci_core.c\n\tnet/bluetooth/hci_event.c\n\tnet/bluetooth/l2cap_core.c\n\tnet/bluetooth/mgmt.c\n\tnet/bluetooth/rfcomm/sock.c\n\tnet/bluetooth/smp.c\n\nChange-Id: I4fb0d5de74ca76f933d95d98e1a9c2c859402f34\n"
    },
    {
      "commit": "17af9d91523a6e44a3721cea48cd3ade66a8b416",
      "tree": "2baf8e6c824c313203cc7ec6000fa243257ee52c",
      "parents": [
        "5d6d6a7a101136aec882cc168c2d6bd4376b3760"
      ],
      "author": {
        "name": "Paul Moore",
        "email": "pmoore@redhat.com",
        "time": "Thu Sep 26 17:00:46 2013 -0400"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Wed Dec 04 10:50:32 2013 -0800"
      },
      "message": "selinux: correct locking in selinux_netlbl_socket_connect)\n\ncommit 42d64e1add3a1ce8a787116036163b8724362145 upstream.\n\nThe SELinux/NetLabel glue code has a locking bug that affects systems\nwith NetLabel enabled, see the kernel error message below.  This patch\ncorrects this problem by converting the bottom half socket lock to a\nmore conventional, and correct for this call-path, lock_sock() call.\n\n \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n [ INFO: suspicious RCU usage. ]\n 3.11.0-rc3+ #19 Not tainted\n -------------------------------\n net/ipv4/cipso_ipv4.c:1928 suspicious rcu_dereference_protected() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active \u003d 1, debug_locks \u003d 0\n 2 locks held by ping/731:\n  #0:  (slock-AF_INET/1){+.-...}, at: [...] selinux_netlbl_socket_connect\n  #1:  (rcu_read_lock){.+.+..}, at: [\u003c...\u003e] netlbl_conn_setattr\n\n stack backtrace:\n CPU: 1 PID: 731 Comm: ping Not tainted 3.11.0-rc3+ #19\n Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n  0000000000000001 ffff88006f659d28 ffffffff81726b6a ffff88003732c500\n  ffff88006f659d58 ffffffff810e4457 ffff88006b845a00 0000000000000000\n  000000000000000c ffff880075aa2f50 ffff88006f659d90 ffffffff8169bec7\n Call Trace:\n  [\u003cffffffff81726b6a\u003e] dump_stack+0x54/0x74\n  [\u003cffffffff810e4457\u003e] lockdep_rcu_suspicious+0xe7/0x120\n  [\u003cffffffff8169bec7\u003e] cipso_v4_sock_setattr+0x187/0x1a0\n  [\u003cffffffff8170f317\u003e] netlbl_conn_setattr+0x187/0x190\n  [\u003cffffffff8170f195\u003e] ? netlbl_conn_setattr+0x5/0x190\n  [\u003cffffffff8131ac9e\u003e] selinux_netlbl_socket_connect+0xae/0xc0\n  [\u003cffffffff81303025\u003e] selinux_socket_connect+0x135/0x170\n  [\u003cffffffff8119d127\u003e] ? might_fault+0x57/0xb0\n  [\u003cffffffff812fb146\u003e] security_socket_connect+0x16/0x20\n  [\u003cffffffff815d3ad3\u003e] SYSC_connect+0x73/0x130\n  [\u003cffffffff81739a85\u003e] ? sysret_check+0x22/0x5d\n  [\u003cffffffff810e5e2d\u003e] ? trace_hardirqs_on_caller+0xfd/0x1c0\n  [\u003cffffffff81373d4e\u003e] ? trace_hardirqs_on_thunk+0x3a/0x3f\n  [\u003cffffffff815d52be\u003e] SyS_connect+0xe/0x10\n  [\u003cffffffff81739a59\u003e] system_call_fastpath+0x16/0x1b\n\nSigned-off-by: Paul Moore \u003cpmoore@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "7288f91dd5b55d82e1dee9f0d24e9f4730d57392",
      "tree": "ddacb42865accbcdfa64f3562b68e4df3ff5f11a",
      "parents": [
        "7eebf56b11ac00f164583a217b65fa264f62cb07"
      ],
      "author": {
        "name": "Mimi Zohar",
        "email": "zohar@linux.vnet.ibm.com",
        "time": "Thu Oct 17 07:34:02 2013 -0400"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Fri Nov 29 10:50:34 2013 -0800"
      },
      "message": "Revert \"ima: policy for RAMFS\"\n\ncommit 08de59eb144d7c41351a467442f898d720f0f15f upstream.\n\nThis reverts commit 4c2c392763a682354fac65b6a569adec4e4b5387.\n\nEverything in the initramfs should be measured and appraised,\nbut until the initramfs has extended attribute support, at\nleast measured.\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "90078116a6286c5eb860c90eef2ef9d3291a2de1",
      "tree": "eaa8a0a93737947e96cd065c9f64e4093d59adf6",
      "parents": [
        "8bc0447c9b77d06ae5692eeaddfb90f5e177a4ec"
      ],
      "author": {
        "name": "Stephen Smalley",
        "email": "sds@tycho.nsa.gov",
        "time": "Fri May 10 10:16:19 2013 -0400"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Mon Jul 22 10:57:48 2013 -0700"
      },
      "message": "Enable setting security contexts on rootfs inodes.\n\nrootfs (ramfs) can support setting of security contexts\nby userspace due to the vfs fallback behavior of calling\nthe security module to set the in-core inode state\nfor security.* attributes when the filesystem does not\nprovide an xattr handler.  No xattr handler required\nas the inodes are pinned in memory and have no backing\nstore.\n\nThis is useful in allowing early userspace to label individual\nfiles within a rootfs while still providing a policy-defined\ndefault via genfs.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nChange-Id: I3436cf9ae27ade445e37376d7b9125746b1e506f\n"
    },
    {
      "commit": "84ab2cd3fe27042f449880cb114878b24e70a941",
      "tree": "da71a9d5cae272f79e7a40d3650b8fc103a69f4a",
      "parents": [
        "d9795bafda02819105f8e91a0fce6c657ae55779"
      ],
      "author": {
        "name": "Stephen Smalley",
        "email": "sds@tycho.nsa.gov",
        "time": "Mon Nov 05 08:15:34 2012 -0500"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Mon Jul 22 10:56:51 2013 -0700"
      },
      "message": "Add security hooks to binder and implement the hooks for SELinux.\n\nAdd security hooks to the binder and implement the hooks for SELinux.\nThe security hooks enable security modules such as SELinux to implement\ncontrols over binder IPC.  The security hooks include support for\ncontrolling what process can become the binder context manager\n(binder_set_context_mgr), controlling the ability of a process\nto invoke a binder transaction/IPC to another process (binder_transaction),\ncontrolling the ability a process to transfer a binder reference to\nanother process (binder_transfer_binder), and controlling the ability\nof a process to transfer an open file to another process (binder_transfer_file).\n\nThis support is used by SE Android, http://selinuxproject.org/page/SEAndroid.\n\nChange-Id: I9a64a87825df2e60b9c51400377af4a9cd1c4049\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n"
    },
    {
      "commit": "dde448d95d8698ee4c8373bb48fe08a22f41052f",
      "tree": "7fe87fa93bfa5b81e6f87b147e32512d2e8198e3",
      "parents": [
        "ac4f6190fae02a3dc30133f90488b996f726bf7a",
        "f95b978981a7d154ba40d14c18e8ed5c694e6124"
      ],
      "author": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Thu Jun 20 11:32:42 2013 -0700"
      },
      "committer": {
        "name": "Ethan Chen",
        "email": "intervigil@gmail.com",
        "time": "Thu Jun 20 11:32:42 2013 -0700"
      },
      "message": "Merge tag \u0027v3.4.10\u0027 into cm-10.1\n\nThis is the 3.4.10 stable release\n\nConflicts:\n\tarch/arm/mm/tlb-v7.S\n\tarch/arm/vfp/entry.S\n\tdrivers/base/power/main.c\n\tdrivers/mmc/host/sdhci.c\n\tdrivers/net/tun.c\n\tdrivers/usb/core/hub.c\n\tdrivers/usb/host/xhci.h\n\tinclude/linux/sched.h\n\tkernel/power/suspend.c\n\nChange-Id: Ia2477ec93ceb64b13dd1a2d8aa646cb233387d14\n"
    },
    {
      "commit": "b647ebe6e7c171efd2003b1a8d07dcc26e6fa748",
      "tree": "d4fd13848f1ae194d3e450a5d26fd7f3d2191e50",
      "parents": [
        "8b55bf58c5f89681d37b19789bdae389fa54b0cd"
      ],
      "author": {
        "name": "Alan Cox",
        "email": "alan@linux.intel.com",
        "time": "Fri Sep 28 12:20:02 2012 +0100"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Mar 28 12:12:27 2013 -0700"
      },
      "message": "key: Fix resource leak\n\ncommit a84a921978b7d56e0e4b87ffaca6367429b4d8ff upstream.\n\nOn an error iov may still have been reallocated and need freeing\n\nSigned-off-by: Alan Cox \u003calan@linux.intel.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "8c97feb5edd118fe633ed29773c599536d562d43",
      "tree": "95bae3db178398cd3d451efed85c9ee2b69dd1f0",
      "parents": [
        "e55005034b11c0dd52ac08b7f769ec410b6bfa1f"
      ],
      "author": {
        "name": "Dan Carpenter",
        "email": "dan.carpenter@oracle.com",
        "time": "Sat Mar 16 12:48:11 2013 +0300"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Wed Mar 20 13:05:00 2013 -0700"
      },
      "message": "selinux: use GFP_ATOMIC under spin_lock\n\ncommit 4502403dcf8f5c76abd4dbab8726c8e4ecb5cd34 upstream.\n\nThe call tree here is:\n\nsk_clone_lock()              \u003c- takes bh_lock_sock(newsk);\nxfrm_sk_clone_policy()\n__xfrm_sk_clone_policy()\nclone_policy()               \u003c- uses GFP_ATOMIC for allocations\nsecurity_xfrm_policy_clone()\nsecurity_ops-\u003exfrm_policy_clone_security()\nselinux_xfrm_policy_clone()\n\nSigned-off-by: Dan Carpenter \u003cdan.carpenter@oracle.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "3126603e01babcec7cfe2f284099e2adff095bff",
      "tree": "edd0b3fd6d738ef785f4338825b703f1e7fa7db7",
      "parents": [
        "96ace773358d2989ea522a1cdccf65d75c1335f3"
      ],
      "author": {
        "name": "Mathieu Desnoyers",
        "email": "mathieu.desnoyers@efficios.com",
        "time": "Mon Feb 25 10:20:36 2013 -0500"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Mar 14 11:29:51 2013 -0700"
      },
      "message": "Fix: compat_rw_copy_check_uvector() misuse in aio, readv, writev, and security keys\n\ncommit 8aec0f5d4137532de14e6554fd5dd201ff3a3c49 upstream.\n\nLooking at mm/process_vm_access.c:process_vm_rw() and comparing it to\ncompat_process_vm_rw() shows that the compatibility code requires an\nexplicit \"access_ok()\" check before calling\ncompat_rw_copy_check_uvector(). The same difference seems to appear when\nwe compare fs/read_write.c:do_readv_writev() to\nfs/compat.c:compat_do_readv_writev().\n\nThis subtle difference between the compat and non-compat requirements\nshould probably be debated, as it seems to be error-prone. In fact,\nthere are two others sites that use this function in the Linux kernel,\nand they both seem to get it wrong:\n\nNow shifting our attention to fs/aio.c, we see that aio_setup_iocb()\nalso ends up calling compat_rw_copy_check_uvector() through\naio_setup_vectored_rw(). Unfortunately, the access_ok() check appears to\nbe missing. Same situation for\nsecurity/keys/compat.c:compat_keyctl_instantiate_key_iov().\n\nI propose that we add the access_ok() check directly into\ncompat_rw_copy_check_uvector(), so callers don\u0027t have to worry about it,\nand it therefore makes the compat call code similar to its non-compat\ncounterpart. Place the access_ok() check in the same location where\ncopy_from_user() can trigger a -EFAULT error in the non-compat code, so\nthe ABI behaviors are alike on both compat and non-compat.\n\nWhile we are here, fix compat_do_readv_writev() so it checks for\ncompat_rw_copy_check_uvector() negative return values.\n\nAnd also, fix a memory leak in compat_keyctl_instantiate_key_iov() error\nhandling.\n\nAcked-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nAcked-by: Al Viro \u003cviro@ZenIV.linux.org.uk\u003e\nSigned-off-by: Mathieu Desnoyers \u003cmathieu.desnoyers@efficios.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "96ace773358d2989ea522a1cdccf65d75c1335f3",
      "tree": "c9b078ec66184fb1d8f59930b3cf48f7b0cdcbe3",
      "parents": [
        "30e39b7c57422b29533a1bf43f2fd921e088a71d"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Tue Mar 12 16:44:31 2013 +1100"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Mar 14 11:29:51 2013 -0700"
      },
      "message": "keys: fix race with concurrent install_user_keyrings()\n\ncommit 0da9dfdd2cd9889201bc6f6f43580c99165cd087 upstream.\n\nThis fixes CVE-2013-1792.\n\nThere is a race in install_user_keyrings() that can cause a NULL pointer\ndereference when called concurrently for the same user if the uid and\nuid-session keyrings are not yet created.  It might be possible for an\nunprivileged user to trigger this by calling keyctl() from userspace in\nparallel immediately after logging in.\n\nAssume that we have two threads both executing lookup_user_key(), both\nlooking for KEY_SPEC_USER_SESSION_KEYRING.\n\n\tTHREAD A\t\t\tTHREAD B\n\t\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\t\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\t\t\t\t\t\u003d\u003d\u003ecall install_user_keyrings();\n\tif (!cred-\u003euser-\u003esession_keyring)\n\t\u003d\u003d\u003ecall install_user_keyrings()\n\t\t\t\t\t...\n\t\t\t\t\tuser-\u003euid_keyring \u003d uid_keyring;\n\tif (user-\u003euid_keyring)\n\t\treturn 0;\n\t\u003c\u003d\u003d\n\tkey \u003d cred-\u003euser-\u003esession_keyring [\u003d\u003d NULL]\n\t\t\t\t\tuser-\u003esession_keyring \u003d session_keyring;\n\tatomic_inc(\u0026key-\u003eusage); [oops]\n\nAt the point thread A dereferences cred-\u003euser-\u003esession_keyring, thread B\nhasn\u0027t updated user-\u003esession_keyring yet, but thread A assumes it is\npopulated because install_user_keyrings() returned ok.\n\nThe race window is really small but can be exploited if, for example,\nthread B is interrupted or preempted after initializing uid_keyring, but\nbefore doing setting session_keyring.\n\nThis couldn\u0027t be reproduced on a stock kernel.  However, after placing\nsystemtap probe on \u0027user-\u003esession_keyring \u003d session_keyring;\u0027 that\nintroduced some delay, the kernel could be crashed reliably.\n\nFix this by checking both pointers before deciding whether to return.\nAlternatively, the test could be done away with entirely as it is checked\ninside the mutex - but since the mutex is global, that may not be the best\nway.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nReported-by: Mateusz Guzik \u003cmguzik@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "9c5f1b49341154b579851425dabb32cb3aa9b5db",
      "tree": "11801701b164fb0cf4d8d2782303eb254f150eb5",
      "parents": [
        "f2a010040e2c368a76f7ea0ed6533f5779cb6b4b"
      ],
      "author": {
        "name": "Dmitry Kasatkin",
        "email": "dmitry.kasatkin@intel.com",
        "time": "Fri Jan 18 23:56:39 2013 +0200"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Sun Jan 27 20:47:43 2013 -0800"
      },
      "message": "evm: checking if removexattr is not a NULL\n\ncommit a67adb997419fb53540d4a4f79c6471c60bc69b6 upstream.\n\nThe following lines of code produce a kernel oops.\n\nfd \u003d socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);\nfchmod(fd, 0666);\n\n[  139.922364] BUG: unable to handle kernel NULL pointer dereference at   (null)\n[  139.924982] IP: [\u003c  (null)\u003e]   (null)\n[  139.924982] *pde \u003d 00000000\n[  139.924982] Oops: 0000 [#5] SMP\n[  139.924982] Modules linked in: fuse dm_crypt dm_mod i2c_piix4 serio_raw evdev binfmt_misc button\n[  139.924982] Pid: 3070, comm: acpid Tainted: G      D      3.8.0-rc2-kds+ #465 Bochs Bochs\n[  139.924982] EIP: 0060:[\u003c00000000\u003e] EFLAGS: 00010246 CPU: 0\n[  139.924982] EIP is at 0x0\n[  139.924982] EAX: cf5ef000 EBX: cf5ef000 ECX: c143d600 EDX: c15225f2\n[  139.924982] ESI: cf4d2a1c EDI: cf4d2a1c EBP: cc02df10 ESP: cc02dee4\n[  139.924982]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068\n[  139.924982] CR0: 80050033 CR2: 00000000 CR3: 0c059000 CR4: 000006d0\n[  139.924982] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000\n[  139.924982] DR6: ffff0ff0 DR7: 00000400\n[  139.924982] Process acpid (pid: 3070, ti\u003dcc02c000 task\u003dd7705340 task.ti\u003dcc02c000)\n[  139.924982] Stack:\n[  139.924982]  c1203c88 00000000 cc02def4 cf4d2a1c ae21eefa 471b60d5 1083c1ba c26a5940\n[  139.924982]  e891fb5e 00000041 00000004 cc02df1c c1203964 00000000 cc02df4c c10e20c3\n[  139.924982]  00000002 00000000 00000000 22222222 c1ff2222 cf5ef000 00000000 d76efb08\n[  139.924982] Call Trace:\n[  139.924982]  [\u003cc1203c88\u003e] ? evm_update_evmxattr+0x5b/0x62\n[  139.924982]  [\u003cc1203964\u003e] evm_inode_post_setattr+0x22/0x26\n[  139.924982]  [\u003cc10e20c3\u003e] notify_change+0x25f/0x281\n[  139.924982]  [\u003cc10cbf56\u003e] chmod_common+0x59/0x76\n[  139.924982]  [\u003cc10e27a1\u003e] ? put_unused_fd+0x33/0x33\n[  139.924982]  [\u003cc10cca09\u003e] sys_fchmod+0x39/0x5c\n[  139.924982]  [\u003cc13f4f30\u003e] syscall_call+0x7/0xb\n[  139.924982] Code:  Bad EIP value.\n\nThis happens because sockets do not define the removexattr operation.\nBefore removing the xattr, verify the removexattr function pointer is\nnot NULL.\n\nSigned-off-by: Dmitry Kasatkin \u003cdmitry.kasatkin@intel.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "55649211861616c26aa25c9e710c5691837975e4",
      "tree": "b7923d6a18037d57130c54ade50b19c0ff36f3f8",
      "parents": [
        "a23d6310a6fbe4a2a1d3a40251a6d5b8ae39ec22"
      ],
      "author": {
        "name": "Dave Jones",
        "email": "davej@redhat.com",
        "time": "Thu Nov 08 16:09:27 2012 -0800"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Mon Nov 26 11:38:02 2012 -0800"
      },
      "message": "selinux: fix sel_netnode_insert() suspicious rcu dereference\n\ncommit 88a693b5c1287be4da937699cb82068ce9db0135 upstream.\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n[ INFO: suspicious RCU usage. ]\n3.5.0-rc1+ #63 Not tainted\n-------------------------------\nsecurity/selinux/netnode.c:178 suspicious rcu_dereference_check() usage!\n\nother info that might help us debug this:\n\nrcu_scheduler_active \u003d 1, debug_locks \u003d 0\n1 lock held by trinity-child1/8750:\n #0:  (sel_netnode_lock){+.....}, at: [\u003cffffffff812d8f8a\u003e] sel_netnode_sid+0x16a/0x3e0\n\nstack backtrace:\nPid: 8750, comm: trinity-child1 Not tainted 3.5.0-rc1+ #63\nCall Trace:\n [\u003cffffffff810cec2d\u003e] lockdep_rcu_suspicious+0xfd/0x130\n [\u003cffffffff812d91d1\u003e] sel_netnode_sid+0x3b1/0x3e0\n [\u003cffffffff812d8e20\u003e] ? sel_netnode_find+0x1a0/0x1a0\n [\u003cffffffff812d24a6\u003e] selinux_socket_bind+0xf6/0x2c0\n [\u003cffffffff810cd1dd\u003e] ? trace_hardirqs_off+0xd/0x10\n [\u003cffffffff810cdb55\u003e] ? lock_release_holdtime.part.9+0x15/0x1a0\n [\u003cffffffff81093841\u003e] ? lock_hrtimer_base+0x31/0x60\n [\u003cffffffff812c9536\u003e] security_socket_bind+0x16/0x20\n [\u003cffffffff815550ca\u003e] sys_bind+0x7a/0x100\n [\u003cffffffff816c03d5\u003e] ? sysret_check+0x22/0x5d\n [\u003cffffffff810d392d\u003e] ? trace_hardirqs_on_caller+0x10d/0x1a0\n [\u003cffffffff8133b09e\u003e] ? trace_hardirqs_on_thunk+0x3a/0x3f\n [\u003cffffffff816c03a9\u003e] system_call_fastpath+0x16/0x1b\n\nThis patch below does what Paul McKenney suggested in the previous thread.\n\nSigned-off-by: Dave Jones \u003cdavej@redhat.com\u003e\nReviewed-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nAcked-by: Paul Moore \u003cpaul@paul-moore.com\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "7d0fcfec4c491eb3c815929be5512ae8d1886553",
      "tree": "0312f1815213f82535b26c5141f5f7b00f87a8f5",
      "parents": [
        "56a631f3bf36641133afeb3db7c1ec5721c8dd04"
      ],
      "author": {
        "name": "Kees Cook",
        "email": "keescook@chromium.org",
        "time": "Mon Aug 27 11:38:13 2012 -0700"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Sun Oct 07 08:32:28 2012 -0700"
      },
      "message": "Yama: handle 32-bit userspace prctl\n\ncommit 2e4930eb7c8fb20a39dfb5f8a8f80402710dcea8 upstream.\n\nWhen running a 64-bit kernel and receiving prctls from a 32-bit\nuserspace, the \"-1\" used as an unsigned long will end up being\nmisdetected. The kernel is looking for 0xffffffffffffffff instead of\n0xffffffff. Since prctl lacks a distinct compat interface, Yama needs\nto handle this translation itself. As such, support either value as\nmeaning PR_SET_PTRACER_ANY, to avoid breaking the ABI for 64-bit.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: John Johansen \u003cjohn.johansen@canonical.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "27cd8f51344dcf4799c7a092c1797402b833126a",
      "tree": "4af5fa7d852c6f73795dd0ea9508b86283fb009e",
      "parents": [
        "b6e9ffcdb09fbf28665e025aa31fda702689786c"
      ],
      "author": {
        "name": "Josh Boyer",
        "email": "jwboyer@redhat.com",
        "time": "Wed Jul 25 10:40:34 2012 -0400"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Thu Aug 09 08:31:39 2012 -0700"
      },
      "message": "posix_types.h: Cleanup stale __NFDBITS and related definitions\n\ncommit 8ded2bbc1845e19c771eb55209aab166ef011243 upstream.\n\nRecently, glibc made a change to suppress sign-conversion warnings in\nFD_SET (glibc commit ceb9e56b3d1).  This uncovered an issue with the\nkernel\u0027s definition of __NFDBITS if applications #include\n\u003clinux/types.h\u003e after including \u003csys/select.h\u003e.  A build failure would\nbe seen when passing the -Werror\u003dsign-compare and -D_FORTIFY_SOURCE\u003d2\nflags to gcc.\n\nIt was suggested that the kernel should either match the glibc\ndefinition of __NFDBITS or remove that entirely.  The current in-kernel\nuses of __NFDBITS can be replaced with BITS_PER_LONG, and there are no\nuses of the related __FDELT and __FDMASK defines.  Given that, we\u0027ll\ncontinue the cleanup that was started with commit 8b3d1cda4f5f\n(\"posix_types: Remove fd_set macros\") and drop the remaining unused\nmacros.\n\nAdditionally, linux/time.h has similar macros defined that expand to\nnothing so we\u0027ll remove those at the same time.\n\nReported-by: Jeff Law \u003claw@redhat.com\u003e\nSuggested-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Josh Boyer \u003cjwboyer@redhat.com\u003e\n[ .. and fix up whitespace as per akpm ]\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "c3083d9d9e5860c365e93b1e96aa65613fa829fb",
      "tree": "00f75dd01c3f4ac248abec379ca246a38a3fb8a0",
      "parents": [
        "305d212b5e9d473230de491b2b722424af1dfc9b"
      ],
      "author": {
        "name": "Eric Paris",
        "email": "eparis@redhat.com",
        "time": "Wed Apr 04 13:47:11 2012 -0400"
      },
      "committer": {
        "name": "Greg Kroah-Hartman",
        "email": "gregkh@linuxfoundation.org",
        "time": "Fri Jun 01 15:18:16 2012 +0800"
      },
      "message": "SELinux: if sel_make_bools errors don\u0027t leave inconsistent state\n\ncommit 154c50ca4eb9ae472f50b6a481213e21ead4457d upstream.\n\nWe reset the bool names and values array to NULL, but do not reset the\nnumber of entries in these arrays to 0.  If we error out and then get back\ninto this function we will walk these NULL pointers based on the belief\nthat they are non-zero length.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n"
    },
    {
      "commit": "e9a85c71afa38ee304e71c86ca7d74ed4658318c",
      "tree": "7b02114f23f72fcab725a1e5d00993b732b065f9",
      "parents": [
        "92967117531f1ffe4516a32d9d6c97ec6f1814eb"
      ],
      "author": {
        "name": "Tushar Behera",
        "email": "tushar.behera@linaro.org",
        "time": "Mon Mar 26 16:54:15 2012 +0530"
      },
      "committer": {
        "name": "Colin Cross",
        "email": "ccross@android.com",
        "time": "Mon May 07 18:04:12 2012 -0700"
      },
      "message": "security: Add proper checks for Android specific capability checks\n\nCommit b641072 (\"security: Add AID_NET_RAW and AID_NET_ADMIN capability\ncheck in cap_capable().\") introduces additional checks for AID_NET_xxx\nmacros. Since the header file including those macros are conditionally\nincluded, the checks should also be conditionally executed.\n\nChange-Id: Iaec5208d5b95a46b1ac3f2db8449c661e803fa5b\nSigned-off-by: Tushar Behera \u003ctushar.behera@linaro.org\u003e\nSigned-off-by: Andrey Konovalov \u003candrey.konovalov@linaro.org\u003e\n"
    },
    {
      "commit": "957265bd4fe182af757886f117416d66f68854aa",
      "tree": "177cee182ea61611f0b80db704203bf72ee4f3cb",
      "parents": [
        "60c98d9abbd1ff3274b904027690f3c33d656250",
        "66f75a5d028beaf67c931435fdc3e7823125730c"
      ],
      "author": {
        "name": "Colin Cross",
        "email": "ccross@android.com",
        "time": "Fri Apr 27 14:03:45 2012 -0700"
      },
      "committer": {
        "name": "Colin Cross",
        "email": "ccross@android.com",
        "time": "Fri Apr 27 14:03:45 2012 -0700"
      },
      "message": "Merge commit \u0027v3.4-rc4\u0027 into android-3.4\n"
    },
    {
      "commit": "ab2965eefef95a2eecfd54c12b0eb243162862e9",
      "tree": "c947fdc158e144c2d060486b65d10ee67d254039",
      "parents": [
        "a0ec4361e4539e30cf1c5de7ddfd2dadcd8e1595",
        "e816b57a337ea3b755de72bec38c10c864f23015"
      ],
      "author": {
        "name": "Colin Cross",
        "email": "ccross@android.com",
        "time": "Thu Apr 19 14:42:22 2012 -0700"
      },
      "committer": {
        "name": "Colin Cross",
        "email": "ccross@android.com",
        "time": "Thu Apr 19 14:42:22 2012 -0700"
      },
      "message": "Merge commit \u0027v3.4-rc3\u0027 into android-3.4\n\nConflicts:\n\tdrivers/staging/android/lowmemorykiller.c\n\nChange-Id: Ia3ffcfc702e28c4fce0e91b363f4afd5f1c40306\n"
    },
    {
      "commit": "51b79bee627d526199b2f6a6bef8ee0c0739b6d1",
      "tree": "f75bc36f3915284e335f3f69eb039ae88e91f513",
      "parents": [
        "b6a89584c36f307f2c2bbb136ea50985ca4bc7b4"
      ],
      "author": {
        "name": "Jonghwan Choi",
        "email": "jhbird.choi@samsung.com",
        "time": "Wed Apr 18 17:23:04 2012 -0400"
      },
      "committer": {
        "name": "James Morris",
        "email": "james.l.morris@oracle.com",
        "time": "Thu Apr 19 12:56:39 2012 +1000"
      },
      "message": "security: fix compile error in commoncap.c\n\nAdd missing \"personality.h\"\nsecurity/commoncap.c: In function \u0027cap_bprm_set_creds\u0027:\nsecurity/commoncap.c:510: error: \u0027PER_CLEAR_ON_SETID\u0027 undeclared (first use in this function)\nsecurity/commoncap.c:510: error: (Each undeclared identifier is reported only once\nsecurity/commoncap.c:510: error: for each function it appears in.)\n\nSigned-off-by: Jonghwan Choi \u003cjhbird.choi@samsung.com\u003e\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n"
    },
    {
      "commit": "d52fc5dde171f030170a6cb78034d166b13c9445",
      "tree": "f982d0bdab54d5ab31cdd3e69cb88a1376797d1f",
      "parents": [
        "09c79b60960bdd4b00916219402eabfa5e479c5a"
      ],
      "author": {
        "name": "Eric Paris",
        "email": "eparis@redhat.com",
        "time": "Tue Apr 17 16:26:54 2012 -0400"
      },
      "committer": {
        "name": "James Morris",
        "email": "james.l.morris@oracle.com",
        "time": "Wed Apr 18 12:37:56 2012 +1000"
      },
      "message": "fcaps: clear the same personality flags as suid when fcaps are used\n\nIf a process increases permissions using fcaps all of the dangerous\npersonality flags which are cleared for suid apps should also be cleared.\nThus programs given priviledge with fcaps will continue to have address space\nrandomization enabled even if the parent tried to disable it to make it\neasier to attack.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n"
    },
    {
      "commit": "86812bb0de1a3758dc6c7aa01a763158a7c0638a",
      "tree": "41cb41cd7fe52730a3fe8c88ca298c2494f9040a",
      "parents": [
        "592fe8980688e7cba46897685d014c7fb3018a67"
      ],
      "author": {
        "name": "Casey Schaufler",
        "email": "casey@schaufler-ca.com",
        "time": "Tue Apr 17 18:55:46 2012 -0700"
      },
      "committer": {
        "name": "James Morris",
        "email": "james.l.morris@oracle.com",
        "time": "Wed Apr 18 12:02:28 2012 +1000"
      },
      "message": "Smack: move label list initialization\n\nA kernel with Smack enabled will fail if tmpfs has xattr support.\n\nMove the initialization of predefined Smack label\nlist entries to the LSM initialization from the\nsmackfs setup. This became an issue when tmpfs\nacquired xattr support, but was never correct.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n"
    }
  ],
  "next": "923e9a1399b620d063cd88537c64561bc3d5f905"
}
