1 |
commit: 40b9f3d9591cf0d15f06b79fd94b43f062293a0d |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Mar 6 12:29:10 2013 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Mar 6 12:29:10 2013 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=40b9f3d9 |
7 |
|
8 |
Correct 3.8.2, add bump from 3.8.1 |
9 |
|
10 |
--- |
11 |
3.8.2/0000_README | 6 +- |
12 |
3.8.2/1001_linux-3.8.2.patch | 3093 ++++++++++++++++++++ |
13 |
...4420_grsecurity-2.9.1-3.8.2-201303041742.patch} | 704 ++--- |
14 |
3 files changed, 3412 insertions(+), 391 deletions(-) |
15 |
|
16 |
diff --git a/3.8.2/0000_README b/3.8.2/0000_README |
17 |
index 517c0e6..4525042 100644 |
18 |
--- a/3.8.2/0000_README |
19 |
+++ b/3.8.2/0000_README |
20 |
@@ -2,7 +2,11 @@ README |
21 |
----------------------------------------------------------------------------- |
22 |
Individual Patch Descriptions: |
23 |
----------------------------------------------------------------------------- |
24 |
-Patch: 4420_grsecurity-2.9.1-3.8.1-201303012255.patch |
25 |
+Patch: 1001_linux-3.8.1.patch |
26 |
+From: http://www.kernel.org |
27 |
+Desc: Linux 3.8.1 |
28 |
+ |
29 |
+Patch: 4420_grsecurity-2.9.1-3.8.2-201303041742.patch |
30 |
From: http://www.grsecurity.net |
31 |
Desc: hardened-sources base patch from upstream grsecurity |
32 |
|
33 |
|
34 |
diff --git a/3.8.2/1001_linux-3.8.2.patch b/3.8.2/1001_linux-3.8.2.patch |
35 |
new file mode 100644 |
36 |
index 0000000..0952288 |
37 |
--- /dev/null |
38 |
+++ b/3.8.2/1001_linux-3.8.2.patch |
39 |
@@ -0,0 +1,3093 @@ |
40 |
+diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt |
41 |
+index 6c72381..986614d 100644 |
42 |
+--- a/Documentation/kernel-parameters.txt |
43 |
++++ b/Documentation/kernel-parameters.txt |
44 |
+@@ -564,6 +564,8 @@ bytes respectively. Such letter suffixes can also be entirely omitted. |
45 |
+ UART at the specified I/O port or MMIO address, |
46 |
+ switching to the matching ttyS device later. The |
47 |
+ options are the same as for ttyS, above. |
48 |
++ hvc<n> Use the hypervisor console device <n>. This is for |
49 |
++ both Xen and PowerPC hypervisors. |
50 |
+ |
51 |
+ If the device connected to the port is not a TTY but a braille |
52 |
+ device, prepend "brl," before the device type, for instance |
53 |
+@@ -754,6 +756,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted. |
54 |
+ |
55 |
+ earlyprintk= [X86,SH,BLACKFIN] |
56 |
+ earlyprintk=vga |
57 |
++ earlyprintk=xen |
58 |
+ earlyprintk=serial[,ttySn[,baudrate]] |
59 |
+ earlyprintk=ttySn[,baudrate] |
60 |
+ earlyprintk=dbgp[debugController#] |
61 |
+@@ -771,6 +774,8 @@ bytes respectively. Such letter suffixes can also be entirely omitted. |
62 |
+ The VGA output is eventually overwritten by the real |
63 |
+ console. |
64 |
+ |
65 |
++ The xen output can only be used by Xen PV guests. |
66 |
++ |
67 |
+ ekgdboc= [X86,KGDB] Allow early kernel console debugging |
68 |
+ ekgdboc=kbd |
69 |
+ |
70 |
+diff --git a/Makefile b/Makefile |
71 |
+index 746c856..20d5318 100644 |
72 |
+--- a/Makefile |
73 |
++++ b/Makefile |
74 |
+@@ -1,6 +1,6 @@ |
75 |
+ VERSION = 3 |
76 |
+ PATCHLEVEL = 8 |
77 |
+-SUBLEVEL = 1 |
78 |
++SUBLEVEL = 2 |
79 |
+ EXTRAVERSION = |
80 |
+ NAME = Unicycling Gorilla |
81 |
+ |
82 |
+diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c |
83 |
+index f8fa411..c205035 100644 |
84 |
+--- a/arch/x86/boot/compressed/eboot.c |
85 |
++++ b/arch/x86/boot/compressed/eboot.c |
86 |
+@@ -19,23 +19,28 @@ |
87 |
+ |
88 |
+ static efi_system_table_t *sys_table; |
89 |
+ |
90 |
++static void efi_char16_printk(efi_char16_t *str) |
91 |
++{ |
92 |
++ struct efi_simple_text_output_protocol *out; |
93 |
++ |
94 |
++ out = (struct efi_simple_text_output_protocol *)sys_table->con_out; |
95 |
++ efi_call_phys2(out->output_string, out, str); |
96 |
++} |
97 |
++ |
98 |
+ static void efi_printk(char *str) |
99 |
+ { |
100 |
+ char *s8; |
101 |
+ |
102 |
+ for (s8 = str; *s8; s8++) { |
103 |
+- struct efi_simple_text_output_protocol *out; |
104 |
+ efi_char16_t ch[2] = { 0 }; |
105 |
+ |
106 |
+ ch[0] = *s8; |
107 |
+- out = (struct efi_simple_text_output_protocol *)sys_table->con_out; |
108 |
+- |
109 |
+ if (*s8 == '\n') { |
110 |
+ efi_char16_t nl[2] = { '\r', 0 }; |
111 |
+- efi_call_phys2(out->output_string, out, nl); |
112 |
++ efi_char16_printk(nl); |
113 |
+ } |
114 |
+ |
115 |
+- efi_call_phys2(out->output_string, out, ch); |
116 |
++ efi_char16_printk(ch); |
117 |
+ } |
118 |
+ } |
119 |
+ |
120 |
+@@ -709,7 +714,12 @@ static efi_status_t handle_ramdisks(efi_loaded_image_t *image, |
121 |
+ if ((u8 *)p >= (u8 *)filename_16 + sizeof(filename_16)) |
122 |
+ break; |
123 |
+ |
124 |
+- *p++ = *str++; |
125 |
++ if (*str == '/') { |
126 |
++ *p++ = '\\'; |
127 |
++ *str++; |
128 |
++ } else { |
129 |
++ *p++ = *str++; |
130 |
++ } |
131 |
+ } |
132 |
+ |
133 |
+ *p = '\0'; |
134 |
+@@ -737,7 +747,9 @@ static efi_status_t handle_ramdisks(efi_loaded_image_t *image, |
135 |
+ status = efi_call_phys5(fh->open, fh, &h, filename_16, |
136 |
+ EFI_FILE_MODE_READ, (u64)0); |
137 |
+ if (status != EFI_SUCCESS) { |
138 |
+- efi_printk("Failed to open initrd file\n"); |
139 |
++ efi_printk("Failed to open initrd file: "); |
140 |
++ efi_char16_printk(filename_16); |
141 |
++ efi_printk("\n"); |
142 |
+ goto close_handles; |
143 |
+ } |
144 |
+ |
145 |
+diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c |
146 |
+index b994cc8..cbf5121 100644 |
147 |
+--- a/arch/x86/kernel/apic/apic.c |
148 |
++++ b/arch/x86/kernel/apic/apic.c |
149 |
+@@ -131,7 +131,7 @@ static int __init parse_lapic(char *arg) |
150 |
+ { |
151 |
+ if (config_enabled(CONFIG_X86_32) && !arg) |
152 |
+ force_enable_local_apic = 1; |
153 |
+- else if (!strncmp(arg, "notscdeadline", 13)) |
154 |
++ else if (arg && !strncmp(arg, "notscdeadline", 13)) |
155 |
+ setup_clear_cpu_cap(X86_FEATURE_TSC_DEADLINE_TIMER); |
156 |
+ return 0; |
157 |
+ } |
158 |
+diff --git a/arch/x86/kernel/head.c b/arch/x86/kernel/head.c |
159 |
+index 48d9d4e..992f442 100644 |
160 |
+--- a/arch/x86/kernel/head.c |
161 |
++++ b/arch/x86/kernel/head.c |
162 |
+@@ -5,8 +5,6 @@ |
163 |
+ #include <asm/setup.h> |
164 |
+ #include <asm/bios_ebda.h> |
165 |
+ |
166 |
+-#define BIOS_LOWMEM_KILOBYTES 0x413 |
167 |
+- |
168 |
+ /* |
169 |
+ * The BIOS places the EBDA/XBDA at the top of conventional |
170 |
+ * memory, and usually decreases the reported amount of |
171 |
+@@ -16,17 +14,30 @@ |
172 |
+ * chipset: reserve a page before VGA to prevent PCI prefetch |
173 |
+ * into it (errata #56). Usually the page is reserved anyways, |
174 |
+ * unless you have no PS/2 mouse plugged in. |
175 |
++ * |
176 |
++ * This functions is deliberately very conservative. Losing |
177 |
++ * memory in the bottom megabyte is rarely a problem, as long |
178 |
++ * as we have enough memory to install the trampoline. Using |
179 |
++ * memory that is in use by the BIOS or by some DMA device |
180 |
++ * the BIOS didn't shut down *is* a big problem. |
181 |
+ */ |
182 |
++ |
183 |
++#define BIOS_LOWMEM_KILOBYTES 0x413 |
184 |
++#define LOWMEM_CAP 0x9f000U /* Absolute maximum */ |
185 |
++#define INSANE_CUTOFF 0x20000U /* Less than this = insane */ |
186 |
++ |
187 |
+ void __init reserve_ebda_region(void) |
188 |
+ { |
189 |
+ unsigned int lowmem, ebda_addr; |
190 |
+ |
191 |
+- /* To determine the position of the EBDA and the */ |
192 |
+- /* end of conventional memory, we need to look at */ |
193 |
+- /* the BIOS data area. In a paravirtual environment */ |
194 |
+- /* that area is absent. We'll just have to assume */ |
195 |
+- /* that the paravirt case can handle memory setup */ |
196 |
+- /* correctly, without our help. */ |
197 |
++ /* |
198 |
++ * To determine the position of the EBDA and the |
199 |
++ * end of conventional memory, we need to look at |
200 |
++ * the BIOS data area. In a paravirtual environment |
201 |
++ * that area is absent. We'll just have to assume |
202 |
++ * that the paravirt case can handle memory setup |
203 |
++ * correctly, without our help. |
204 |
++ */ |
205 |
+ if (paravirt_enabled()) |
206 |
+ return; |
207 |
+ |
208 |
+@@ -37,19 +48,23 @@ void __init reserve_ebda_region(void) |
209 |
+ /* start of EBDA area */ |
210 |
+ ebda_addr = get_bios_ebda(); |
211 |
+ |
212 |
+- /* Fixup: bios puts an EBDA in the top 64K segment */ |
213 |
+- /* of conventional memory, but does not adjust lowmem. */ |
214 |
+- if ((lowmem - ebda_addr) <= 0x10000) |
215 |
+- lowmem = ebda_addr; |
216 |
++ /* |
217 |
++ * Note: some old Dells seem to need 4k EBDA without |
218 |
++ * reporting so, so just consider the memory above 0x9f000 |
219 |
++ * to be off limits (bugzilla 2990). |
220 |
++ */ |
221 |
++ |
222 |
++ /* If the EBDA address is below 128K, assume it is bogus */ |
223 |
++ if (ebda_addr < INSANE_CUTOFF) |
224 |
++ ebda_addr = LOWMEM_CAP; |
225 |
+ |
226 |
+- /* Fixup: bios does not report an EBDA at all. */ |
227 |
+- /* Some old Dells seem to need 4k anyhow (bugzilla 2990) */ |
228 |
+- if ((ebda_addr == 0) && (lowmem >= 0x9f000)) |
229 |
+- lowmem = 0x9f000; |
230 |
++ /* If lowmem is less than 128K, assume it is bogus */ |
231 |
++ if (lowmem < INSANE_CUTOFF) |
232 |
++ lowmem = LOWMEM_CAP; |
233 |
+ |
234 |
+- /* Paranoia: should never happen, but... */ |
235 |
+- if ((lowmem == 0) || (lowmem >= 0x100000)) |
236 |
+- lowmem = 0x9f000; |
237 |
++ /* Use the lower of the lowmem and EBDA markers as the cutoff */ |
238 |
++ lowmem = min(lowmem, ebda_addr); |
239 |
++ lowmem = min(lowmem, LOWMEM_CAP); /* Absolute cap */ |
240 |
+ |
241 |
+ /* reserve all memory between lowmem and the 1MB mark */ |
242 |
+ memblock_reserve(lowmem, 0x100000 - lowmem); |
243 |
+diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c |
244 |
+index 928bf83..e2cd38f 100644 |
245 |
+--- a/arch/x86/platform/efi/efi.c |
246 |
++++ b/arch/x86/platform/efi/efi.c |
247 |
+@@ -85,9 +85,10 @@ int efi_enabled(int facility) |
248 |
+ } |
249 |
+ EXPORT_SYMBOL(efi_enabled); |
250 |
+ |
251 |
++static bool disable_runtime = false; |
252 |
+ static int __init setup_noefi(char *arg) |
253 |
+ { |
254 |
+- clear_bit(EFI_RUNTIME_SERVICES, &x86_efi_facility); |
255 |
++ disable_runtime = true; |
256 |
+ return 0; |
257 |
+ } |
258 |
+ early_param("noefi", setup_noefi); |
259 |
+@@ -734,7 +735,7 @@ void __init efi_init(void) |
260 |
+ if (!efi_is_native()) |
261 |
+ pr_info("No EFI runtime due to 32/64-bit mismatch with kernel\n"); |
262 |
+ else { |
263 |
+- if (efi_runtime_init()) |
264 |
++ if (disable_runtime || efi_runtime_init()) |
265 |
+ return; |
266 |
+ set_bit(EFI_RUNTIME_SERVICES, &x86_efi_facility); |
267 |
+ } |
268 |
+diff --git a/block/genhd.c b/block/genhd.c |
269 |
+index 3993ebf..7dcfdd8 100644 |
270 |
+--- a/block/genhd.c |
271 |
++++ b/block/genhd.c |
272 |
+@@ -25,7 +25,7 @@ static DEFINE_MUTEX(block_class_lock); |
273 |
+ struct kobject *block_depr; |
274 |
+ |
275 |
+ /* for extended dynamic devt allocation, currently only one major is used */ |
276 |
+-#define MAX_EXT_DEVT (1 << MINORBITS) |
277 |
++#define NR_EXT_DEVT (1 << MINORBITS) |
278 |
+ |
279 |
+ /* For extended devt allocation. ext_devt_mutex prevents look up |
280 |
+ * results from going away underneath its user. |
281 |
+@@ -422,17 +422,18 @@ int blk_alloc_devt(struct hd_struct *part, dev_t *devt) |
282 |
+ do { |
283 |
+ if (!idr_pre_get(&ext_devt_idr, GFP_KERNEL)) |
284 |
+ return -ENOMEM; |
285 |
++ mutex_lock(&ext_devt_mutex); |
286 |
+ rc = idr_get_new(&ext_devt_idr, part, &idx); |
287 |
++ if (!rc && idx >= NR_EXT_DEVT) { |
288 |
++ idr_remove(&ext_devt_idr, idx); |
289 |
++ rc = -EBUSY; |
290 |
++ } |
291 |
++ mutex_unlock(&ext_devt_mutex); |
292 |
+ } while (rc == -EAGAIN); |
293 |
+ |
294 |
+ if (rc) |
295 |
+ return rc; |
296 |
+ |
297 |
+- if (idx > MAX_EXT_DEVT) { |
298 |
+- idr_remove(&ext_devt_idr, idx); |
299 |
+- return -EBUSY; |
300 |
+- } |
301 |
+- |
302 |
+ *devt = MKDEV(BLOCK_EXT_MAJOR, blk_mangle_minor(idx)); |
303 |
+ return 0; |
304 |
+ } |
305 |
+@@ -646,7 +647,6 @@ void del_gendisk(struct gendisk *disk) |
306 |
+ disk_part_iter_exit(&piter); |
307 |
+ |
308 |
+ invalidate_partition(disk, 0); |
309 |
+- blk_free_devt(disk_to_dev(disk)->devt); |
310 |
+ set_capacity(disk, 0); |
311 |
+ disk->flags &= ~GENHD_FL_UP; |
312 |
+ |
313 |
+@@ -664,6 +664,7 @@ void del_gendisk(struct gendisk *disk) |
314 |
+ if (!sysfs_deprecated) |
315 |
+ sysfs_remove_link(block_depr, dev_name(disk_to_dev(disk))); |
316 |
+ device_del(disk_to_dev(disk)); |
317 |
++ blk_free_devt(disk_to_dev(disk)->devt); |
318 |
+ } |
319 |
+ EXPORT_SYMBOL(del_gendisk); |
320 |
+ |
321 |
+diff --git a/block/partition-generic.c b/block/partition-generic.c |
322 |
+index f1d1451..1cb4dec 100644 |
323 |
+--- a/block/partition-generic.c |
324 |
++++ b/block/partition-generic.c |
325 |
+@@ -249,11 +249,11 @@ void delete_partition(struct gendisk *disk, int partno) |
326 |
+ if (!part) |
327 |
+ return; |
328 |
+ |
329 |
+- blk_free_devt(part_devt(part)); |
330 |
+ rcu_assign_pointer(ptbl->part[partno], NULL); |
331 |
+ rcu_assign_pointer(ptbl->last_lookup, NULL); |
332 |
+ kobject_put(part->holder_dir); |
333 |
+ device_del(part_to_dev(part)); |
334 |
++ blk_free_devt(part_devt(part)); |
335 |
+ |
336 |
+ hd_struct_put(part); |
337 |
+ } |
338 |
+diff --git a/drivers/acpi/Kconfig b/drivers/acpi/Kconfig |
339 |
+index 38c5078..f5ae996 100644 |
340 |
+--- a/drivers/acpi/Kconfig |
341 |
++++ b/drivers/acpi/Kconfig |
342 |
+@@ -268,7 +268,8 @@ config ACPI_CUSTOM_DSDT |
343 |
+ default ACPI_CUSTOM_DSDT_FILE != "" |
344 |
+ |
345 |
+ config ACPI_INITRD_TABLE_OVERRIDE |
346 |
+- bool "ACPI tables can be passed via uncompressed cpio in initrd" |
347 |
++ bool "ACPI tables override via initrd" |
348 |
++ depends on BLK_DEV_INITRD && X86 |
349 |
+ default n |
350 |
+ help |
351 |
+ This option provides functionality to override arbitrary ACPI tables |
352 |
+diff --git a/drivers/acpi/sleep.c b/drivers/acpi/sleep.c |
353 |
+index 2fcc67d..df85051 100644 |
354 |
+--- a/drivers/acpi/sleep.c |
355 |
++++ b/drivers/acpi/sleep.c |
356 |
+@@ -177,6 +177,14 @@ static struct dmi_system_id __initdata acpisleep_dmi_table[] = { |
357 |
+ }, |
358 |
+ { |
359 |
+ .callback = init_nvs_nosave, |
360 |
++ .ident = "Sony Vaio VGN-FW41E_H", |
361 |
++ .matches = { |
362 |
++ DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), |
363 |
++ DMI_MATCH(DMI_PRODUCT_NAME, "VGN-FW41E_H"), |
364 |
++ }, |
365 |
++ }, |
366 |
++ { |
367 |
++ .callback = init_nvs_nosave, |
368 |
+ .ident = "Sony Vaio VGN-FW21E", |
369 |
+ .matches = { |
370 |
+ DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), |
371 |
+diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c |
372 |
+index 4979127..72e3e12 100644 |
373 |
+--- a/drivers/ata/ahci.c |
374 |
++++ b/drivers/ata/ahci.c |
375 |
+@@ -265,6 +265,30 @@ static const struct pci_device_id ahci_pci_tbl[] = { |
376 |
+ { PCI_VDEVICE(INTEL, 0x9c07), board_ahci }, /* Lynx Point-LP RAID */ |
377 |
+ { PCI_VDEVICE(INTEL, 0x9c0e), board_ahci }, /* Lynx Point-LP RAID */ |
378 |
+ { PCI_VDEVICE(INTEL, 0x9c0f), board_ahci }, /* Lynx Point-LP RAID */ |
379 |
++ { PCI_VDEVICE(INTEL, 0x1f22), board_ahci }, /* Avoton AHCI */ |
380 |
++ { PCI_VDEVICE(INTEL, 0x1f23), board_ahci }, /* Avoton AHCI */ |
381 |
++ { PCI_VDEVICE(INTEL, 0x1f24), board_ahci }, /* Avoton RAID */ |
382 |
++ { PCI_VDEVICE(INTEL, 0x1f25), board_ahci }, /* Avoton RAID */ |
383 |
++ { PCI_VDEVICE(INTEL, 0x1f26), board_ahci }, /* Avoton RAID */ |
384 |
++ { PCI_VDEVICE(INTEL, 0x1f27), board_ahci }, /* Avoton RAID */ |
385 |
++ { PCI_VDEVICE(INTEL, 0x1f2e), board_ahci }, /* Avoton RAID */ |
386 |
++ { PCI_VDEVICE(INTEL, 0x1f2f), board_ahci }, /* Avoton RAID */ |
387 |
++ { PCI_VDEVICE(INTEL, 0x1f32), board_ahci }, /* Avoton AHCI */ |
388 |
++ { PCI_VDEVICE(INTEL, 0x1f33), board_ahci }, /* Avoton AHCI */ |
389 |
++ { PCI_VDEVICE(INTEL, 0x1f34), board_ahci }, /* Avoton RAID */ |
390 |
++ { PCI_VDEVICE(INTEL, 0x1f35), board_ahci }, /* Avoton RAID */ |
391 |
++ { PCI_VDEVICE(INTEL, 0x1f36), board_ahci }, /* Avoton RAID */ |
392 |
++ { PCI_VDEVICE(INTEL, 0x1f37), board_ahci }, /* Avoton RAID */ |
393 |
++ { PCI_VDEVICE(INTEL, 0x1f3e), board_ahci }, /* Avoton RAID */ |
394 |
++ { PCI_VDEVICE(INTEL, 0x1f3f), board_ahci }, /* Avoton RAID */ |
395 |
++ { PCI_VDEVICE(INTEL, 0x8d02), board_ahci }, /* Wellsburg AHCI */ |
396 |
++ { PCI_VDEVICE(INTEL, 0x8d04), board_ahci }, /* Wellsburg RAID */ |
397 |
++ { PCI_VDEVICE(INTEL, 0x8d06), board_ahci }, /* Wellsburg RAID */ |
398 |
++ { PCI_VDEVICE(INTEL, 0x8d0e), board_ahci }, /* Wellsburg RAID */ |
399 |
++ { PCI_VDEVICE(INTEL, 0x8d62), board_ahci }, /* Wellsburg AHCI */ |
400 |
++ { PCI_VDEVICE(INTEL, 0x8d64), board_ahci }, /* Wellsburg RAID */ |
401 |
++ { PCI_VDEVICE(INTEL, 0x8d66), board_ahci }, /* Wellsburg RAID */ |
402 |
++ { PCI_VDEVICE(INTEL, 0x8d6e), board_ahci }, /* Wellsburg RAID */ |
403 |
+ |
404 |
+ /* JMicron 360/1/3/5/6, match class to avoid IDE function */ |
405 |
+ { PCI_VENDOR_ID_JMICRON, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, |
406 |
+diff --git a/drivers/ata/ata_piix.c b/drivers/ata/ata_piix.c |
407 |
+index 174eca6..d2ba439 100644 |
408 |
+--- a/drivers/ata/ata_piix.c |
409 |
++++ b/drivers/ata/ata_piix.c |
410 |
+@@ -317,6 +317,23 @@ static const struct pci_device_id piix_pci_tbl[] = { |
411 |
+ { 0x8086, 0x9c09, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata }, |
412 |
+ /* SATA Controller IDE (DH89xxCC) */ |
413 |
+ { 0x8086, 0x2326, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata }, |
414 |
++ /* SATA Controller IDE (Avoton) */ |
415 |
++ { 0x8086, 0x1f20, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_sata_snb }, |
416 |
++ /* SATA Controller IDE (Avoton) */ |
417 |
++ { 0x8086, 0x1f21, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_sata_snb }, |
418 |
++ /* SATA Controller IDE (Avoton) */ |
419 |
++ { 0x8086, 0x1f30, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata }, |
420 |
++ /* SATA Controller IDE (Avoton) */ |
421 |
++ { 0x8086, 0x1f31, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata }, |
422 |
++ /* SATA Controller IDE (Wellsburg) */ |
423 |
++ { 0x8086, 0x8d00, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_sata_snb }, |
424 |
++ /* SATA Controller IDE (Wellsburg) */ |
425 |
++ { 0x8086, 0x8d08, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata }, |
426 |
++ /* SATA Controller IDE (Wellsburg) */ |
427 |
++ { 0x8086, 0x8d60, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_sata_snb }, |
428 |
++ /* SATA Controller IDE (Wellsburg) */ |
429 |
++ { 0x8086, 0x8d68, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata }, |
430 |
++ |
431 |
+ { } /* terminate list */ |
432 |
+ }; |
433 |
+ |
434 |
+diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c |
435 |
+index 043ddcc..eb591fb 100644 |
436 |
+--- a/drivers/block/nbd.c |
437 |
++++ b/drivers/block/nbd.c |
438 |
+@@ -595,12 +595,20 @@ static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *nbd, |
439 |
+ struct request sreq; |
440 |
+ |
441 |
+ dev_info(disk_to_dev(nbd->disk), "NBD_DISCONNECT\n"); |
442 |
++ if (!nbd->sock) |
443 |
++ return -EINVAL; |
444 |
+ |
445 |
++ mutex_unlock(&nbd->tx_lock); |
446 |
++ fsync_bdev(bdev); |
447 |
++ mutex_lock(&nbd->tx_lock); |
448 |
+ blk_rq_init(NULL, &sreq); |
449 |
+ sreq.cmd_type = REQ_TYPE_SPECIAL; |
450 |
+ nbd_cmd(&sreq) = NBD_CMD_DISC; |
451 |
++ |
452 |
++ /* Check again after getting mutex back. */ |
453 |
+ if (!nbd->sock) |
454 |
+ return -EINVAL; |
455 |
++ |
456 |
+ nbd_send_req(nbd, &sreq); |
457 |
+ return 0; |
458 |
+ } |
459 |
+@@ -614,6 +622,7 @@ static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *nbd, |
460 |
+ nbd_clear_que(nbd); |
461 |
+ BUG_ON(!list_empty(&nbd->queue_head)); |
462 |
+ BUG_ON(!list_empty(&nbd->waiting_queue)); |
463 |
++ kill_bdev(bdev); |
464 |
+ if (file) |
465 |
+ fput(file); |
466 |
+ return 0; |
467 |
+@@ -702,6 +711,7 @@ static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *nbd, |
468 |
+ nbd->file = NULL; |
469 |
+ nbd_clear_que(nbd); |
470 |
+ dev_warn(disk_to_dev(nbd->disk), "queue cleared\n"); |
471 |
++ kill_bdev(bdev); |
472 |
+ queue_flag_clear_unlocked(QUEUE_FLAG_DISCARD, nbd->disk->queue); |
473 |
+ if (file) |
474 |
+ fput(file); |
475 |
+diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c |
476 |
+index 5ac841f..de1f319 100644 |
477 |
+--- a/drivers/block/xen-blkback/blkback.c |
478 |
++++ b/drivers/block/xen-blkback/blkback.c |
479 |
+@@ -46,6 +46,7 @@ |
480 |
+ #include <xen/xen.h> |
481 |
+ #include <asm/xen/hypervisor.h> |
482 |
+ #include <asm/xen/hypercall.h> |
483 |
++#include <xen/balloon.h> |
484 |
+ #include "common.h" |
485 |
+ |
486 |
+ /* |
487 |
+@@ -239,6 +240,7 @@ static void free_persistent_gnts(struct rb_root *root, unsigned int num) |
488 |
+ ret = gnttab_unmap_refs(unmap, NULL, pages, |
489 |
+ segs_to_unmap); |
490 |
+ BUG_ON(ret); |
491 |
++ free_xenballooned_pages(segs_to_unmap, pages); |
492 |
+ segs_to_unmap = 0; |
493 |
+ } |
494 |
+ |
495 |
+@@ -527,8 +529,8 @@ static int xen_blkbk_map(struct blkif_request *req, |
496 |
+ GFP_KERNEL); |
497 |
+ if (!persistent_gnt) |
498 |
+ return -ENOMEM; |
499 |
+- persistent_gnt->page = alloc_page(GFP_KERNEL); |
500 |
+- if (!persistent_gnt->page) { |
501 |
++ if (alloc_xenballooned_pages(1, &persistent_gnt->page, |
502 |
++ false)) { |
503 |
+ kfree(persistent_gnt); |
504 |
+ return -ENOMEM; |
505 |
+ } |
506 |
+@@ -879,7 +881,6 @@ static int dispatch_rw_block_io(struct xen_blkif *blkif, |
507 |
+ goto fail_response; |
508 |
+ } |
509 |
+ |
510 |
+- preq.dev = req->u.rw.handle; |
511 |
+ preq.sector_number = req->u.rw.sector_number; |
512 |
+ preq.nr_sects = 0; |
513 |
+ |
514 |
+diff --git a/drivers/block/xen-blkback/xenbus.c b/drivers/block/xen-blkback/xenbus.c |
515 |
+index 6398072..5e237f6 100644 |
516 |
+--- a/drivers/block/xen-blkback/xenbus.c |
517 |
++++ b/drivers/block/xen-blkback/xenbus.c |
518 |
+@@ -367,6 +367,7 @@ static int xen_blkbk_remove(struct xenbus_device *dev) |
519 |
+ be->blkif = NULL; |
520 |
+ } |
521 |
+ |
522 |
++ kfree(be->mode); |
523 |
+ kfree(be); |
524 |
+ dev_set_drvdata(&dev->dev, NULL); |
525 |
+ return 0; |
526 |
+@@ -502,6 +503,7 @@ static void backend_changed(struct xenbus_watch *watch, |
527 |
+ = container_of(watch, struct backend_info, backend_watch); |
528 |
+ struct xenbus_device *dev = be->dev; |
529 |
+ int cdrom = 0; |
530 |
++ unsigned long handle; |
531 |
+ char *device_type; |
532 |
+ |
533 |
+ DPRINTK(""); |
534 |
+@@ -521,10 +523,10 @@ static void backend_changed(struct xenbus_watch *watch, |
535 |
+ return; |
536 |
+ } |
537 |
+ |
538 |
+- if ((be->major || be->minor) && |
539 |
+- ((be->major != major) || (be->minor != minor))) { |
540 |
+- pr_warn(DRV_PFX "changing physical device (from %x:%x to %x:%x) not supported.\n", |
541 |
+- be->major, be->minor, major, minor); |
542 |
++ if (be->major | be->minor) { |
543 |
++ if (be->major != major || be->minor != minor) |
544 |
++ pr_warn(DRV_PFX "changing physical device (from %x:%x to %x:%x) not supported.\n", |
545 |
++ be->major, be->minor, major, minor); |
546 |
+ return; |
547 |
+ } |
548 |
+ |
549 |
+@@ -542,36 +544,33 @@ static void backend_changed(struct xenbus_watch *watch, |
550 |
+ kfree(device_type); |
551 |
+ } |
552 |
+ |
553 |
+- if (be->major == 0 && be->minor == 0) { |
554 |
+- /* Front end dir is a number, which is used as the handle. */ |
555 |
+- |
556 |
+- char *p = strrchr(dev->otherend, '/') + 1; |
557 |
+- long handle; |
558 |
+- err = strict_strtoul(p, 0, &handle); |
559 |
+- if (err) |
560 |
+- return; |
561 |
++ /* Front end dir is a number, which is used as the handle. */ |
562 |
++ err = strict_strtoul(strrchr(dev->otherend, '/') + 1, 0, &handle); |
563 |
++ if (err) |
564 |
++ return; |
565 |
+ |
566 |
+- be->major = major; |
567 |
+- be->minor = minor; |
568 |
++ be->major = major; |
569 |
++ be->minor = minor; |
570 |
+ |
571 |
+- err = xen_vbd_create(be->blkif, handle, major, minor, |
572 |
+- (NULL == strchr(be->mode, 'w')), cdrom); |
573 |
+- if (err) { |
574 |
+- be->major = 0; |
575 |
+- be->minor = 0; |
576 |
+- xenbus_dev_fatal(dev, err, "creating vbd structure"); |
577 |
+- return; |
578 |
+- } |
579 |
++ err = xen_vbd_create(be->blkif, handle, major, minor, |
580 |
++ !strchr(be->mode, 'w'), cdrom); |
581 |
+ |
582 |
++ if (err) |
583 |
++ xenbus_dev_fatal(dev, err, "creating vbd structure"); |
584 |
++ else { |
585 |
+ err = xenvbd_sysfs_addif(dev); |
586 |
+ if (err) { |
587 |
+ xen_vbd_free(&be->blkif->vbd); |
588 |
+- be->major = 0; |
589 |
+- be->minor = 0; |
590 |
+ xenbus_dev_fatal(dev, err, "creating sysfs entries"); |
591 |
+- return; |
592 |
+ } |
593 |
++ } |
594 |
+ |
595 |
++ if (err) { |
596 |
++ kfree(be->mode); |
597 |
++ be->mode = NULL; |
598 |
++ be->major = 0; |
599 |
++ be->minor = 0; |
600 |
++ } else { |
601 |
+ /* We're potentially connected now */ |
602 |
+ xen_update_blkif_status(be->blkif); |
603 |
+ } |
604 |
+diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c |
605 |
+index 11043c1..c3dae2e 100644 |
606 |
+--- a/drivers/block/xen-blkfront.c |
607 |
++++ b/drivers/block/xen-blkfront.c |
608 |
+@@ -791,7 +791,7 @@ static void blkif_restart_queue(struct work_struct *work) |
609 |
+ static void blkif_free(struct blkfront_info *info, int suspend) |
610 |
+ { |
611 |
+ struct llist_node *all_gnts; |
612 |
+- struct grant *persistent_gnt; |
613 |
++ struct grant *persistent_gnt, *tmp; |
614 |
+ struct llist_node *n; |
615 |
+ |
616 |
+ /* Prevent new requests being issued until we fix things up. */ |
617 |
+@@ -805,10 +805,17 @@ static void blkif_free(struct blkfront_info *info, int suspend) |
618 |
+ /* Remove all persistent grants */ |
619 |
+ if (info->persistent_gnts_c) { |
620 |
+ all_gnts = llist_del_all(&info->persistent_gnts); |
621 |
+- llist_for_each_entry_safe(persistent_gnt, n, all_gnts, node) { |
622 |
++ persistent_gnt = llist_entry(all_gnts, typeof(*(persistent_gnt)), node); |
623 |
++ while (persistent_gnt) { |
624 |
+ gnttab_end_foreign_access(persistent_gnt->gref, 0, 0UL); |
625 |
+ __free_page(pfn_to_page(persistent_gnt->pfn)); |
626 |
+- kfree(persistent_gnt); |
627 |
++ tmp = persistent_gnt; |
628 |
++ n = persistent_gnt->node.next; |
629 |
++ if (n) |
630 |
++ persistent_gnt = llist_entry(n, typeof(*(persistent_gnt)), node); |
631 |
++ else |
632 |
++ persistent_gnt = NULL; |
633 |
++ kfree(tmp); |
634 |
+ } |
635 |
+ info->persistent_gnts_c = 0; |
636 |
+ } |
637 |
+diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c |
638 |
+index 3873d53..af3e8aa 100644 |
639 |
+--- a/drivers/firewire/core-device.c |
640 |
++++ b/drivers/firewire/core-device.c |
641 |
+@@ -1020,6 +1020,10 @@ static void fw_device_init(struct work_struct *work) |
642 |
+ ret = idr_pre_get(&fw_device_idr, GFP_KERNEL) ? |
643 |
+ idr_get_new(&fw_device_idr, device, &minor) : |
644 |
+ -ENOMEM; |
645 |
++ if (minor >= 1 << MINORBITS) { |
646 |
++ idr_remove(&fw_device_idr, minor); |
647 |
++ minor = -ENOSPC; |
648 |
++ } |
649 |
+ up_write(&fw_device_rwsem); |
650 |
+ |
651 |
+ if (ret < 0) |
652 |
+diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c |
653 |
+index f5596db..bcb201c 100644 |
654 |
+--- a/drivers/firmware/efivars.c |
655 |
++++ b/drivers/firmware/efivars.c |
656 |
+@@ -79,6 +79,7 @@ |
657 |
+ #include <linux/device.h> |
658 |
+ #include <linux/slab.h> |
659 |
+ #include <linux/pstore.h> |
660 |
++#include <linux/ctype.h> |
661 |
+ |
662 |
+ #include <linux/fs.h> |
663 |
+ #include <linux/ramfs.h> |
664 |
+@@ -900,6 +901,48 @@ static struct inode *efivarfs_get_inode(struct super_block *sb, |
665 |
+ return inode; |
666 |
+ } |
667 |
+ |
668 |
++/* |
669 |
++ * Return true if 'str' is a valid efivarfs filename of the form, |
670 |
++ * |
671 |
++ * VariableName-12345678-1234-1234-1234-1234567891bc |
672 |
++ */ |
673 |
++static bool efivarfs_valid_name(const char *str, int len) |
674 |
++{ |
675 |
++ static const char dashes[GUID_LEN] = { |
676 |
++ [8] = 1, [13] = 1, [18] = 1, [23] = 1 |
677 |
++ }; |
678 |
++ const char *s = str + len - GUID_LEN; |
679 |
++ int i; |
680 |
++ |
681 |
++ /* |
682 |
++ * We need a GUID, plus at least one letter for the variable name, |
683 |
++ * plus the '-' separator |
684 |
++ */ |
685 |
++ if (len < GUID_LEN + 2) |
686 |
++ return false; |
687 |
++ |
688 |
++ /* GUID should be right after the first '-' */ |
689 |
++ if (s - 1 != strchr(str, '-')) |
690 |
++ return false; |
691 |
++ |
692 |
++ /* |
693 |
++ * Validate that 's' is of the correct format, e.g. |
694 |
++ * |
695 |
++ * 12345678-1234-1234-1234-123456789abc |
696 |
++ */ |
697 |
++ for (i = 0; i < GUID_LEN; i++) { |
698 |
++ if (dashes[i]) { |
699 |
++ if (*s++ != '-') |
700 |
++ return false; |
701 |
++ } else { |
702 |
++ if (!isxdigit(*s++)) |
703 |
++ return false; |
704 |
++ } |
705 |
++ } |
706 |
++ |
707 |
++ return true; |
708 |
++} |
709 |
++ |
710 |
+ static void efivarfs_hex_to_guid(const char *str, efi_guid_t *guid) |
711 |
+ { |
712 |
+ guid->b[0] = hex_to_bin(str[6]) << 4 | hex_to_bin(str[7]); |
713 |
+@@ -928,11 +971,7 @@ static int efivarfs_create(struct inode *dir, struct dentry *dentry, |
714 |
+ struct efivar_entry *var; |
715 |
+ int namelen, i = 0, err = 0; |
716 |
+ |
717 |
+- /* |
718 |
+- * We need a GUID, plus at least one letter for the variable name, |
719 |
+- * plus the '-' separator |
720 |
+- */ |
721 |
+- if (dentry->d_name.len < GUID_LEN + 2) |
722 |
++ if (!efivarfs_valid_name(dentry->d_name.name, dentry->d_name.len)) |
723 |
+ return -EINVAL; |
724 |
+ |
725 |
+ inode = efivarfs_get_inode(dir->i_sb, dir, mode, 0); |
726 |
+@@ -1004,6 +1043,84 @@ static int efivarfs_unlink(struct inode *dir, struct dentry *dentry) |
727 |
+ return -EINVAL; |
728 |
+ }; |
729 |
+ |
730 |
++/* |
731 |
++ * Compare two efivarfs file names. |
732 |
++ * |
733 |
++ * An efivarfs filename is composed of two parts, |
734 |
++ * |
735 |
++ * 1. A case-sensitive variable name |
736 |
++ * 2. A case-insensitive GUID |
737 |
++ * |
738 |
++ * So we need to perform a case-sensitive match on part 1 and a |
739 |
++ * case-insensitive match on part 2. |
740 |
++ */ |
741 |
++static int efivarfs_d_compare(const struct dentry *parent, const struct inode *pinode, |
742 |
++ const struct dentry *dentry, const struct inode *inode, |
743 |
++ unsigned int len, const char *str, |
744 |
++ const struct qstr *name) |
745 |
++{ |
746 |
++ int guid = len - GUID_LEN; |
747 |
++ |
748 |
++ if (name->len != len) |
749 |
++ return 1; |
750 |
++ |
751 |
++ /* Case-sensitive compare for the variable name */ |
752 |
++ if (memcmp(str, name->name, guid)) |
753 |
++ return 1; |
754 |
++ |
755 |
++ /* Case-insensitive compare for the GUID */ |
756 |
++ return strncasecmp(name->name + guid, str + guid, GUID_LEN); |
757 |
++} |
758 |
++ |
759 |
++static int efivarfs_d_hash(const struct dentry *dentry, |
760 |
++ const struct inode *inode, struct qstr *qstr) |
761 |
++{ |
762 |
++ unsigned long hash = init_name_hash(); |
763 |
++ const unsigned char *s = qstr->name; |
764 |
++ unsigned int len = qstr->len; |
765 |
++ |
766 |
++ if (!efivarfs_valid_name(s, len)) |
767 |
++ return -EINVAL; |
768 |
++ |
769 |
++ while (len-- > GUID_LEN) |
770 |
++ hash = partial_name_hash(*s++, hash); |
771 |
++ |
772 |
++ /* GUID is case-insensitive. */ |
773 |
++ while (len--) |
774 |
++ hash = partial_name_hash(tolower(*s++), hash); |
775 |
++ |
776 |
++ qstr->hash = end_name_hash(hash); |
777 |
++ return 0; |
778 |
++} |
779 |
++ |
780 |
++/* |
781 |
++ * Retaining negative dentries for an in-memory filesystem just wastes |
782 |
++ * memory and lookup time: arrange for them to be deleted immediately. |
783 |
++ */ |
784 |
++static int efivarfs_delete_dentry(const struct dentry *dentry) |
785 |
++{ |
786 |
++ return 1; |
787 |
++} |
788 |
++ |
789 |
++static struct dentry_operations efivarfs_d_ops = { |
790 |
++ .d_compare = efivarfs_d_compare, |
791 |
++ .d_hash = efivarfs_d_hash, |
792 |
++ .d_delete = efivarfs_delete_dentry, |
793 |
++}; |
794 |
++ |
795 |
++static struct dentry *efivarfs_alloc_dentry(struct dentry *parent, char *name) |
796 |
++{ |
797 |
++ struct qstr q; |
798 |
++ |
799 |
++ q.name = name; |
800 |
++ q.len = strlen(name); |
801 |
++ |
802 |
++ if (efivarfs_d_hash(NULL, NULL, &q)) |
803 |
++ return NULL; |
804 |
++ |
805 |
++ return d_alloc(parent, &q); |
806 |
++} |
807 |
++ |
808 |
+ static int efivarfs_fill_super(struct super_block *sb, void *data, int silent) |
809 |
+ { |
810 |
+ struct inode *inode = NULL; |
811 |
+@@ -1019,6 +1136,7 @@ static int efivarfs_fill_super(struct super_block *sb, void *data, int silent) |
812 |
+ sb->s_blocksize_bits = PAGE_CACHE_SHIFT; |
813 |
+ sb->s_magic = EFIVARFS_MAGIC; |
814 |
+ sb->s_op = &efivarfs_ops; |
815 |
++ sb->s_d_op = &efivarfs_d_ops; |
816 |
+ sb->s_time_gran = 1; |
817 |
+ |
818 |
+ inode = efivarfs_get_inode(sb, NULL, S_IFDIR | 0755, 0); |
819 |
+@@ -1059,7 +1177,7 @@ static int efivarfs_fill_super(struct super_block *sb, void *data, int silent) |
820 |
+ if (!inode) |
821 |
+ goto fail_name; |
822 |
+ |
823 |
+- dentry = d_alloc_name(root, name); |
824 |
++ dentry = efivarfs_alloc_dentry(root, name); |
825 |
+ if (!dentry) |
826 |
+ goto fail_inode; |
827 |
+ |
828 |
+@@ -1109,8 +1227,20 @@ static struct file_system_type efivarfs_type = { |
829 |
+ .kill_sb = efivarfs_kill_sb, |
830 |
+ }; |
831 |
+ |
832 |
++/* |
833 |
++ * Handle negative dentry. |
834 |
++ */ |
835 |
++static struct dentry *efivarfs_lookup(struct inode *dir, struct dentry *dentry, |
836 |
++ unsigned int flags) |
837 |
++{ |
838 |
++ if (dentry->d_name.len > NAME_MAX) |
839 |
++ return ERR_PTR(-ENAMETOOLONG); |
840 |
++ d_add(dentry, NULL); |
841 |
++ return NULL; |
842 |
++} |
843 |
++ |
844 |
+ static const struct inode_operations efivarfs_dir_inode_operations = { |
845 |
+- .lookup = simple_lookup, |
846 |
++ .lookup = efivarfs_lookup, |
847 |
+ .unlink = efivarfs_unlink, |
848 |
+ .create = efivarfs_create, |
849 |
+ }; |
850 |
+diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c |
851 |
+index eb2ee11..ceb3040 100644 |
852 |
+--- a/drivers/hid/hid-core.c |
853 |
++++ b/drivers/hid/hid-core.c |
854 |
+@@ -1697,6 +1697,7 @@ static const struct hid_device_id hid_have_special_driver[] = { |
855 |
+ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_NAVIGATION_CONTROLLER) }, |
856 |
+ { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS3_CONTROLLER) }, |
857 |
+ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_VAIO_VGX_MOUSE) }, |
858 |
++ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_VAIO_VGP_MOUSE) }, |
859 |
+ { HID_USB_DEVICE(USB_VENDOR_ID_SUNPLUS, USB_DEVICE_ID_SUNPLUS_WDESKTOP) }, |
860 |
+ { HID_USB_DEVICE(USB_VENDOR_ID_THRUSTMASTER, 0xb300) }, |
861 |
+ { HID_USB_DEVICE(USB_VENDOR_ID_THRUSTMASTER, 0xb304) }, |
862 |
+@@ -2070,6 +2071,7 @@ static const struct hid_device_id hid_ignore_list[] = { |
863 |
+ { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_HYBRID) }, |
864 |
+ { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_HEATCONTROL) }, |
865 |
+ { HID_USB_DEVICE(USB_VENDOR_ID_MADCATZ, USB_DEVICE_ID_MADCATZ_BEATPAD) }, |
866 |
++ { HID_USB_DEVICE(USB_VENDOR_ID_MASTERKIT, USB_DEVICE_ID_MASTERKIT_MA901RADIO) }, |
867 |
+ { HID_USB_DEVICE(USB_VENDOR_ID_MCC, USB_DEVICE_ID_MCC_PMD1024LS) }, |
868 |
+ { HID_USB_DEVICE(USB_VENDOR_ID_MCC, USB_DEVICE_ID_MCC_PMD1208LS) }, |
869 |
+ { HID_USB_DEVICE(USB_VENDOR_ID_MICROCHIP, USB_DEVICE_ID_PICKIT1) }, |
870 |
+diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h |
871 |
+index 34e2547..266e2ae 100644 |
872 |
+--- a/drivers/hid/hid-ids.h |
873 |
++++ b/drivers/hid/hid-ids.h |
874 |
+@@ -554,6 +554,9 @@ |
875 |
+ #define USB_VENDOR_ID_MADCATZ 0x0738 |
876 |
+ #define USB_DEVICE_ID_MADCATZ_BEATPAD 0x4540 |
877 |
+ |
878 |
++#define USB_VENDOR_ID_MASTERKIT 0x16c0 |
879 |
++#define USB_DEVICE_ID_MASTERKIT_MA901RADIO 0x05df |
880 |
++ |
881 |
+ #define USB_VENDOR_ID_MCC 0x09db |
882 |
+ #define USB_DEVICE_ID_MCC_PMD1024LS 0x0076 |
883 |
+ #define USB_DEVICE_ID_MCC_PMD1208LS 0x007a |
884 |
+@@ -709,6 +712,7 @@ |
885 |
+ |
886 |
+ #define USB_VENDOR_ID_SONY 0x054c |
887 |
+ #define USB_DEVICE_ID_SONY_VAIO_VGX_MOUSE 0x024b |
888 |
++#define USB_DEVICE_ID_SONY_VAIO_VGP_MOUSE 0x0374 |
889 |
+ #define USB_DEVICE_ID_SONY_PS3_BDREMOTE 0x0306 |
890 |
+ #define USB_DEVICE_ID_SONY_PS3_CONTROLLER 0x0268 |
891 |
+ #define USB_DEVICE_ID_SONY_NAVIGATION_CONTROLLER 0x042f |
892 |
+diff --git a/drivers/hid/hid-sony.c b/drivers/hid/hid-sony.c |
893 |
+index 7f33ebf..126d6ae 100644 |
894 |
+--- a/drivers/hid/hid-sony.c |
895 |
++++ b/drivers/hid/hid-sony.c |
896 |
+@@ -43,9 +43,19 @@ static __u8 *sony_report_fixup(struct hid_device *hdev, __u8 *rdesc, |
897 |
+ { |
898 |
+ struct sony_sc *sc = hid_get_drvdata(hdev); |
899 |
+ |
900 |
+- if ((sc->quirks & VAIO_RDESC_CONSTANT) && |
901 |
+- *rsize >= 56 && rdesc[54] == 0x81 && rdesc[55] == 0x07) { |
902 |
+- hid_info(hdev, "Fixing up Sony Vaio VGX report descriptor\n"); |
903 |
++ /* |
904 |
++ * Some Sony RF receivers wrongly declare the mouse pointer as a |
905 |
++ * a constant non-data variable. |
906 |
++ */ |
907 |
++ if ((sc->quirks & VAIO_RDESC_CONSTANT) && *rsize >= 56 && |
908 |
++ /* usage page: generic desktop controls */ |
909 |
++ /* rdesc[0] == 0x05 && rdesc[1] == 0x01 && */ |
910 |
++ /* usage: mouse */ |
911 |
++ rdesc[2] == 0x09 && rdesc[3] == 0x02 && |
912 |
++ /* input (usage page for x,y axes): constant, variable, relative */ |
913 |
++ rdesc[54] == 0x81 && rdesc[55] == 0x07) { |
914 |
++ hid_info(hdev, "Fixing up Sony RF Receiver report descriptor\n"); |
915 |
++ /* input: data, variable, relative */ |
916 |
+ rdesc[55] = 0x06; |
917 |
+ } |
918 |
+ |
919 |
+@@ -217,6 +227,8 @@ static const struct hid_device_id sony_devices[] = { |
920 |
+ .driver_data = SIXAXIS_CONTROLLER_BT }, |
921 |
+ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_VAIO_VGX_MOUSE), |
922 |
+ .driver_data = VAIO_RDESC_CONSTANT }, |
923 |
++ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_VAIO_VGP_MOUSE), |
924 |
++ .driver_data = VAIO_RDESC_CONSTANT }, |
925 |
+ { } |
926 |
+ }; |
927 |
+ MODULE_DEVICE_TABLE(hid, sony_devices); |
928 |
+diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c |
929 |
+index d5088ce..7ccf328 100644 |
930 |
+--- a/drivers/infiniband/ulp/srp/ib_srp.c |
931 |
++++ b/drivers/infiniband/ulp/srp/ib_srp.c |
932 |
+@@ -700,23 +700,24 @@ static int srp_reconnect_target(struct srp_target_port *target) |
933 |
+ struct Scsi_Host *shost = target->scsi_host; |
934 |
+ int i, ret; |
935 |
+ |
936 |
+- if (target->state != SRP_TARGET_LIVE) |
937 |
+- return -EAGAIN; |
938 |
+- |
939 |
+ scsi_target_block(&shost->shost_gendev); |
940 |
+ |
941 |
+ srp_disconnect_target(target); |
942 |
+ /* |
943 |
+- * Now get a new local CM ID so that we avoid confusing the |
944 |
+- * target in case things are really fouled up. |
945 |
++ * Now get a new local CM ID so that we avoid confusing the target in |
946 |
++ * case things are really fouled up. Doing so also ensures that all CM |
947 |
++ * callbacks will have finished before a new QP is allocated. |
948 |
+ */ |
949 |
+ ret = srp_new_cm_id(target); |
950 |
+- if (ret) |
951 |
+- goto unblock; |
952 |
+- |
953 |
+- ret = srp_create_target_ib(target); |
954 |
+- if (ret) |
955 |
+- goto unblock; |
956 |
++ /* |
957 |
++ * Whether or not creating a new CM ID succeeded, create a new |
958 |
++ * QP. This guarantees that all completion callback function |
959 |
++ * invocations have finished before request resetting starts. |
960 |
++ */ |
961 |
++ if (ret == 0) |
962 |
++ ret = srp_create_target_ib(target); |
963 |
++ else |
964 |
++ srp_create_target_ib(target); |
965 |
+ |
966 |
+ for (i = 0; i < SRP_CMD_SQ_SIZE; ++i) { |
967 |
+ struct srp_request *req = &target->req_ring[i]; |
968 |
+@@ -728,11 +729,12 @@ static int srp_reconnect_target(struct srp_target_port *target) |
969 |
+ for (i = 0; i < SRP_SQ_SIZE; ++i) |
970 |
+ list_add(&target->tx_ring[i]->list, &target->free_tx); |
971 |
+ |
972 |
+- ret = srp_connect_target(target); |
973 |
++ if (ret == 0) |
974 |
++ ret = srp_connect_target(target); |
975 |
+ |
976 |
+-unblock: |
977 |
+ scsi_target_unblock(&shost->shost_gendev, ret == 0 ? SDEV_RUNNING : |
978 |
+ SDEV_TRANSPORT_OFFLINE); |
979 |
++ target->transport_offline = !!ret; |
980 |
+ |
981 |
+ if (ret) |
982 |
+ goto err; |
983 |
+@@ -1352,6 +1354,12 @@ static int srp_queuecommand(struct Scsi_Host *shost, struct scsi_cmnd *scmnd) |
984 |
+ unsigned long flags; |
985 |
+ int len; |
986 |
+ |
987 |
++ if (unlikely(target->transport_offline)) { |
988 |
++ scmnd->result = DID_NO_CONNECT << 16; |
989 |
++ scmnd->scsi_done(scmnd); |
990 |
++ return 0; |
991 |
++ } |
992 |
++ |
993 |
+ spin_lock_irqsave(&target->lock, flags); |
994 |
+ iu = __srp_get_tx_iu(target, SRP_IU_CMD); |
995 |
+ if (!iu) |
996 |
+@@ -1695,6 +1703,9 @@ static int srp_send_tsk_mgmt(struct srp_target_port *target, |
997 |
+ struct srp_iu *iu; |
998 |
+ struct srp_tsk_mgmt *tsk_mgmt; |
999 |
+ |
1000 |
++ if (!target->connected || target->qp_in_error) |
1001 |
++ return -1; |
1002 |
++ |
1003 |
+ init_completion(&target->tsk_mgmt_done); |
1004 |
+ |
1005 |
+ spin_lock_irq(&target->lock); |
1006 |
+@@ -1736,7 +1747,7 @@ static int srp_abort(struct scsi_cmnd *scmnd) |
1007 |
+ |
1008 |
+ shost_printk(KERN_ERR, target->scsi_host, "SRP abort called\n"); |
1009 |
+ |
1010 |
+- if (!req || target->qp_in_error || !srp_claim_req(target, req, scmnd)) |
1011 |
++ if (!req || !srp_claim_req(target, req, scmnd)) |
1012 |
+ return FAILED; |
1013 |
+ srp_send_tsk_mgmt(target, req->index, scmnd->device->lun, |
1014 |
+ SRP_TSK_ABORT_TASK); |
1015 |
+@@ -1754,8 +1765,6 @@ static int srp_reset_device(struct scsi_cmnd *scmnd) |
1016 |
+ |
1017 |
+ shost_printk(KERN_ERR, target->scsi_host, "SRP reset_device called\n"); |
1018 |
+ |
1019 |
+- if (target->qp_in_error) |
1020 |
+- return FAILED; |
1021 |
+ if (srp_send_tsk_mgmt(target, SRP_TAG_NO_REQ, scmnd->device->lun, |
1022 |
+ SRP_TSK_LUN_RESET)) |
1023 |
+ return FAILED; |
1024 |
+@@ -1972,7 +1981,6 @@ static int srp_add_target(struct srp_host *host, struct srp_target_port *target) |
1025 |
+ spin_unlock(&host->target_lock); |
1026 |
+ |
1027 |
+ target->state = SRP_TARGET_LIVE; |
1028 |
+- target->connected = false; |
1029 |
+ |
1030 |
+ scsi_scan_target(&target->scsi_host->shost_gendev, |
1031 |
+ 0, target->scsi_id, SCAN_WILD_CARD, 0); |
1032 |
+diff --git a/drivers/infiniband/ulp/srp/ib_srp.h b/drivers/infiniband/ulp/srp/ib_srp.h |
1033 |
+index de2d0b3..66fbedd 100644 |
1034 |
+--- a/drivers/infiniband/ulp/srp/ib_srp.h |
1035 |
++++ b/drivers/infiniband/ulp/srp/ib_srp.h |
1036 |
+@@ -140,6 +140,7 @@ struct srp_target_port { |
1037 |
+ unsigned int cmd_sg_cnt; |
1038 |
+ unsigned int indirect_size; |
1039 |
+ bool allow_ext_sg; |
1040 |
++ bool transport_offline; |
1041 |
+ |
1042 |
+ /* Everything above this point is used in the hot path of |
1043 |
+ * command processing. Try to keep them packed into cachelines. |
1044 |
+diff --git a/drivers/iommu/amd_iommu_init.c b/drivers/iommu/amd_iommu_init.c |
1045 |
+index faf10ba..b6ecddb 100644 |
1046 |
+--- a/drivers/iommu/amd_iommu_init.c |
1047 |
++++ b/drivers/iommu/amd_iommu_init.c |
1048 |
+@@ -1876,11 +1876,6 @@ static int amd_iommu_init_dma(void) |
1049 |
+ struct amd_iommu *iommu; |
1050 |
+ int ret; |
1051 |
+ |
1052 |
+- init_device_table_dma(); |
1053 |
+- |
1054 |
+- for_each_iommu(iommu) |
1055 |
+- iommu_flush_all_caches(iommu); |
1056 |
+- |
1057 |
+ if (iommu_pass_through) |
1058 |
+ ret = amd_iommu_init_passthrough(); |
1059 |
+ else |
1060 |
+@@ -1889,6 +1884,11 @@ static int amd_iommu_init_dma(void) |
1061 |
+ if (ret) |
1062 |
+ return ret; |
1063 |
+ |
1064 |
++ init_device_table_dma(); |
1065 |
++ |
1066 |
++ for_each_iommu(iommu) |
1067 |
++ iommu_flush_all_caches(iommu); |
1068 |
++ |
1069 |
+ amd_iommu_init_api(); |
1070 |
+ |
1071 |
+ amd_iommu_init_notifier(); |
1072 |
+diff --git a/drivers/media/pci/cx18/cx18-alsa-main.c b/drivers/media/pci/cx18/cx18-alsa-main.c |
1073 |
+index 8e971ff..b2c8c34 100644 |
1074 |
+--- a/drivers/media/pci/cx18/cx18-alsa-main.c |
1075 |
++++ b/drivers/media/pci/cx18/cx18-alsa-main.c |
1076 |
+@@ -197,7 +197,7 @@ err_exit: |
1077 |
+ return ret; |
1078 |
+ } |
1079 |
+ |
1080 |
+-static int __init cx18_alsa_load(struct cx18 *cx) |
1081 |
++static int cx18_alsa_load(struct cx18 *cx) |
1082 |
+ { |
1083 |
+ struct v4l2_device *v4l2_dev = &cx->v4l2_dev; |
1084 |
+ struct cx18_stream *s; |
1085 |
+diff --git a/drivers/media/pci/cx18/cx18-alsa-pcm.h b/drivers/media/pci/cx18/cx18-alsa-pcm.h |
1086 |
+index d26e51f..e2b2c5b 100644 |
1087 |
+--- a/drivers/media/pci/cx18/cx18-alsa-pcm.h |
1088 |
++++ b/drivers/media/pci/cx18/cx18-alsa-pcm.h |
1089 |
+@@ -20,7 +20,7 @@ |
1090 |
+ * 02111-1307 USA |
1091 |
+ */ |
1092 |
+ |
1093 |
+-int __init snd_cx18_pcm_create(struct snd_cx18_card *cxsc); |
1094 |
++int snd_cx18_pcm_create(struct snd_cx18_card *cxsc); |
1095 |
+ |
1096 |
+ /* Used by cx18-mailbox to announce the PCM data to the module */ |
1097 |
+ void cx18_alsa_announce_pcm_data(struct snd_cx18_card *card, u8 *pcm_data, |
1098 |
+diff --git a/drivers/media/pci/ivtv/ivtv-alsa-main.c b/drivers/media/pci/ivtv/ivtv-alsa-main.c |
1099 |
+index 4a221c6..e970cfa 100644 |
1100 |
+--- a/drivers/media/pci/ivtv/ivtv-alsa-main.c |
1101 |
++++ b/drivers/media/pci/ivtv/ivtv-alsa-main.c |
1102 |
+@@ -205,7 +205,7 @@ err_exit: |
1103 |
+ return ret; |
1104 |
+ } |
1105 |
+ |
1106 |
+-static int __init ivtv_alsa_load(struct ivtv *itv) |
1107 |
++static int ivtv_alsa_load(struct ivtv *itv) |
1108 |
+ { |
1109 |
+ struct v4l2_device *v4l2_dev = &itv->v4l2_dev; |
1110 |
+ struct ivtv_stream *s; |
1111 |
+diff --git a/drivers/media/pci/ivtv/ivtv-alsa-pcm.h b/drivers/media/pci/ivtv/ivtv-alsa-pcm.h |
1112 |
+index 23dfe0d..186814e 100644 |
1113 |
+--- a/drivers/media/pci/ivtv/ivtv-alsa-pcm.h |
1114 |
++++ b/drivers/media/pci/ivtv/ivtv-alsa-pcm.h |
1115 |
+@@ -20,4 +20,4 @@ |
1116 |
+ * 02111-1307 USA |
1117 |
+ */ |
1118 |
+ |
1119 |
+-int __init snd_ivtv_pcm_create(struct snd_ivtv_card *itvsc); |
1120 |
++int snd_ivtv_pcm_create(struct snd_ivtv_card *itvsc); |
1121 |
+diff --git a/drivers/media/platform/omap/omap_vout.c b/drivers/media/platform/omap/omap_vout.c |
1122 |
+index 35cc526..8e9a668 100644 |
1123 |
+--- a/drivers/media/platform/omap/omap_vout.c |
1124 |
++++ b/drivers/media/platform/omap/omap_vout.c |
1125 |
+@@ -205,19 +205,21 @@ static u32 omap_vout_uservirt_to_phys(u32 virtp) |
1126 |
+ struct vm_area_struct *vma; |
1127 |
+ struct mm_struct *mm = current->mm; |
1128 |
+ |
1129 |
+- vma = find_vma(mm, virtp); |
1130 |
+ /* For kernel direct-mapped memory, take the easy way */ |
1131 |
+- if (virtp >= PAGE_OFFSET) { |
1132 |
+- physp = virt_to_phys((void *) virtp); |
1133 |
+- } else if (vma && (vma->vm_flags & VM_IO) && vma->vm_pgoff) { |
1134 |
++ if (virtp >= PAGE_OFFSET) |
1135 |
++ return virt_to_phys((void *) virtp); |
1136 |
++ |
1137 |
++ down_read(¤t->mm->mmap_sem); |
1138 |
++ vma = find_vma(mm, virtp); |
1139 |
++ if (vma && (vma->vm_flags & VM_IO) && vma->vm_pgoff) { |
1140 |
+ /* this will catch, kernel-allocated, mmaped-to-usermode |
1141 |
+ addresses */ |
1142 |
+ physp = (vma->vm_pgoff << PAGE_SHIFT) + (virtp - vma->vm_start); |
1143 |
++ up_read(¤t->mm->mmap_sem); |
1144 |
+ } else { |
1145 |
+ /* otherwise, use get_user_pages() for general userland pages */ |
1146 |
+ int res, nr_pages = 1; |
1147 |
+ struct page *pages; |
1148 |
+- down_read(¤t->mm->mmap_sem); |
1149 |
+ |
1150 |
+ res = get_user_pages(current, current->mm, virtp, nr_pages, 1, |
1151 |
+ 0, &pages, NULL); |
1152 |
+diff --git a/drivers/media/rc/rc-main.c b/drivers/media/rc/rc-main.c |
1153 |
+index 601d1ac1..d593bc6 100644 |
1154 |
+--- a/drivers/media/rc/rc-main.c |
1155 |
++++ b/drivers/media/rc/rc-main.c |
1156 |
+@@ -789,8 +789,10 @@ static ssize_t show_protocols(struct device *device, |
1157 |
+ } else if (dev->raw) { |
1158 |
+ enabled = dev->raw->enabled_protocols; |
1159 |
+ allowed = ir_raw_get_allowed_protocols(); |
1160 |
+- } else |
1161 |
++ } else { |
1162 |
++ mutex_unlock(&dev->lock); |
1163 |
+ return -ENODEV; |
1164 |
++ } |
1165 |
+ |
1166 |
+ IR_dprintk(1, "allowed - 0x%llx, enabled - 0x%llx\n", |
1167 |
+ (long long)allowed, |
1168 |
+diff --git a/drivers/media/v4l2-core/v4l2-device.c b/drivers/media/v4l2-core/v4l2-device.c |
1169 |
+index 513969f..98a7f5e 100644 |
1170 |
+--- a/drivers/media/v4l2-core/v4l2-device.c |
1171 |
++++ b/drivers/media/v4l2-core/v4l2-device.c |
1172 |
+@@ -159,31 +159,21 @@ int v4l2_device_register_subdev(struct v4l2_device *v4l2_dev, |
1173 |
+ sd->v4l2_dev = v4l2_dev; |
1174 |
+ if (sd->internal_ops && sd->internal_ops->registered) { |
1175 |
+ err = sd->internal_ops->registered(sd); |
1176 |
+- if (err) { |
1177 |
+- module_put(sd->owner); |
1178 |
+- return err; |
1179 |
+- } |
1180 |
++ if (err) |
1181 |
++ goto error_module; |
1182 |
+ } |
1183 |
+ |
1184 |
+ /* This just returns 0 if either of the two args is NULL */ |
1185 |
+ err = v4l2_ctrl_add_handler(v4l2_dev->ctrl_handler, sd->ctrl_handler, NULL); |
1186 |
+- if (err) { |
1187 |
+- if (sd->internal_ops && sd->internal_ops->unregistered) |
1188 |
+- sd->internal_ops->unregistered(sd); |
1189 |
+- module_put(sd->owner); |
1190 |
+- return err; |
1191 |
+- } |
1192 |
++ if (err) |
1193 |
++ goto error_unregister; |
1194 |
+ |
1195 |
+ #if defined(CONFIG_MEDIA_CONTROLLER) |
1196 |
+ /* Register the entity. */ |
1197 |
+ if (v4l2_dev->mdev) { |
1198 |
+ err = media_device_register_entity(v4l2_dev->mdev, entity); |
1199 |
+- if (err < 0) { |
1200 |
+- if (sd->internal_ops && sd->internal_ops->unregistered) |
1201 |
+- sd->internal_ops->unregistered(sd); |
1202 |
+- module_put(sd->owner); |
1203 |
+- return err; |
1204 |
+- } |
1205 |
++ if (err < 0) |
1206 |
++ goto error_unregister; |
1207 |
+ } |
1208 |
+ #endif |
1209 |
+ |
1210 |
+@@ -192,6 +182,14 @@ int v4l2_device_register_subdev(struct v4l2_device *v4l2_dev, |
1211 |
+ spin_unlock(&v4l2_dev->lock); |
1212 |
+ |
1213 |
+ return 0; |
1214 |
++ |
1215 |
++error_unregister: |
1216 |
++ if (sd->internal_ops && sd->internal_ops->unregistered) |
1217 |
++ sd->internal_ops->unregistered(sd); |
1218 |
++error_module: |
1219 |
++ module_put(sd->owner); |
1220 |
++ sd->v4l2_dev = NULL; |
1221 |
++ return err; |
1222 |
+ } |
1223 |
+ EXPORT_SYMBOL_GPL(v4l2_device_register_subdev); |
1224 |
+ |
1225 |
+diff --git a/drivers/net/wireless/b43/main.c b/drivers/net/wireless/b43/main.c |
1226 |
+index 806e34c..0568273 100644 |
1227 |
+--- a/drivers/net/wireless/b43/main.c |
1228 |
++++ b/drivers/net/wireless/b43/main.c |
1229 |
+@@ -4214,7 +4214,6 @@ redo: |
1230 |
+ mutex_unlock(&wl->mutex); |
1231 |
+ cancel_delayed_work_sync(&dev->periodic_work); |
1232 |
+ cancel_work_sync(&wl->tx_work); |
1233 |
+- cancel_work_sync(&wl->firmware_load); |
1234 |
+ mutex_lock(&wl->mutex); |
1235 |
+ dev = wl->current_dev; |
1236 |
+ if (!dev || b43_status(dev) < B43_STAT_STARTED) { |
1237 |
+@@ -5434,6 +5433,7 @@ static void b43_bcma_remove(struct bcma_device *core) |
1238 |
+ /* We must cancel any work here before unregistering from ieee80211, |
1239 |
+ * as the ieee80211 unreg will destroy the workqueue. */ |
1240 |
+ cancel_work_sync(&wldev->restart_work); |
1241 |
++ cancel_work_sync(&wl->firmware_load); |
1242 |
+ |
1243 |
+ B43_WARN_ON(!wl); |
1244 |
+ if (!wldev->fw.ucode.data) |
1245 |
+@@ -5510,6 +5510,7 @@ static void b43_ssb_remove(struct ssb_device *sdev) |
1246 |
+ /* We must cancel any work here before unregistering from ieee80211, |
1247 |
+ * as the ieee80211 unreg will destroy the workqueue. */ |
1248 |
+ cancel_work_sync(&wldev->restart_work); |
1249 |
++ cancel_work_sync(&wl->firmware_load); |
1250 |
+ |
1251 |
+ B43_WARN_ON(!wl); |
1252 |
+ if (!wldev->fw.ucode.data) |
1253 |
+diff --git a/drivers/power/ab8500_btemp.c b/drivers/power/ab8500_btemp.c |
1254 |
+index 20e2a7d..056222e 100644 |
1255 |
+--- a/drivers/power/ab8500_btemp.c |
1256 |
++++ b/drivers/power/ab8500_btemp.c |
1257 |
+@@ -1123,7 +1123,7 @@ static void __exit ab8500_btemp_exit(void) |
1258 |
+ platform_driver_unregister(&ab8500_btemp_driver); |
1259 |
+ } |
1260 |
+ |
1261 |
+-subsys_initcall_sync(ab8500_btemp_init); |
1262 |
++device_initcall(ab8500_btemp_init); |
1263 |
+ module_exit(ab8500_btemp_exit); |
1264 |
+ |
1265 |
+ MODULE_LICENSE("GPL v2"); |
1266 |
+diff --git a/drivers/power/abx500_chargalg.c b/drivers/power/abx500_chargalg.c |
1267 |
+index 2970891..eb7b4a6 100644 |
1268 |
+--- a/drivers/power/abx500_chargalg.c |
1269 |
++++ b/drivers/power/abx500_chargalg.c |
1270 |
+@@ -1698,7 +1698,7 @@ static ssize_t abx500_chargalg_sysfs_charger(struct kobject *kobj, |
1271 |
+ static struct attribute abx500_chargalg_en_charger = \ |
1272 |
+ { |
1273 |
+ .name = "chargalg", |
1274 |
+- .mode = S_IWUGO, |
1275 |
++ .mode = S_IWUSR, |
1276 |
+ }; |
1277 |
+ |
1278 |
+ static struct attribute *abx500_chargalg_chg[] = { |
1279 |
+diff --git a/drivers/power/bq27x00_battery.c b/drivers/power/bq27x00_battery.c |
1280 |
+index 36b34ef..7087d0d 100644 |
1281 |
+--- a/drivers/power/bq27x00_battery.c |
1282 |
++++ b/drivers/power/bq27x00_battery.c |
1283 |
+@@ -448,7 +448,6 @@ static void bq27x00_update(struct bq27x00_device_info *di) |
1284 |
+ cache.temperature = bq27x00_battery_read_temperature(di); |
1285 |
+ if (!is_bq27425) |
1286 |
+ cache.cycle_count = bq27x00_battery_read_cyct(di); |
1287 |
+- cache.cycle_count = bq27x00_battery_read_cyct(di); |
1288 |
+ cache.power_avg = |
1289 |
+ bq27x00_battery_read_pwr_avg(di, BQ27x00_POWER_AVG); |
1290 |
+ |
1291 |
+@@ -696,7 +695,6 @@ static int bq27x00_powersupply_init(struct bq27x00_device_info *di) |
1292 |
+ int ret; |
1293 |
+ |
1294 |
+ di->bat.type = POWER_SUPPLY_TYPE_BATTERY; |
1295 |
+- di->chip = BQ27425; |
1296 |
+ if (di->chip == BQ27425) { |
1297 |
+ di->bat.properties = bq27425_battery_props; |
1298 |
+ di->bat.num_properties = ARRAY_SIZE(bq27425_battery_props); |
1299 |
+diff --git a/drivers/staging/comedi/comedi_fops.c b/drivers/staging/comedi/comedi_fops.c |
1300 |
+index 8f14c42..6894b3e 100644 |
1301 |
+--- a/drivers/staging/comedi/comedi_fops.c |
1302 |
++++ b/drivers/staging/comedi/comedi_fops.c |
1303 |
+@@ -1779,7 +1779,7 @@ static unsigned int comedi_poll(struct file *file, poll_table *wait) |
1304 |
+ |
1305 |
+ mask = 0; |
1306 |
+ read_subdev = comedi_get_read_subdevice(dev_file_info); |
1307 |
+- if (read_subdev) { |
1308 |
++ if (read_subdev && read_subdev->async) { |
1309 |
+ poll_wait(file, &read_subdev->async->wait_head, wait); |
1310 |
+ if (!read_subdev->busy |
1311 |
+ || comedi_buf_read_n_available(read_subdev->async) > 0 |
1312 |
+@@ -1789,7 +1789,7 @@ static unsigned int comedi_poll(struct file *file, poll_table *wait) |
1313 |
+ } |
1314 |
+ } |
1315 |
+ write_subdev = comedi_get_write_subdevice(dev_file_info); |
1316 |
+- if (write_subdev) { |
1317 |
++ if (write_subdev && write_subdev->async) { |
1318 |
+ poll_wait(file, &write_subdev->async->wait_head, wait); |
1319 |
+ comedi_buf_write_alloc(write_subdev->async, |
1320 |
+ write_subdev->async->prealloc_bufsz); |
1321 |
+@@ -1831,7 +1831,7 @@ static ssize_t comedi_write(struct file *file, const char __user *buf, |
1322 |
+ } |
1323 |
+ |
1324 |
+ s = comedi_get_write_subdevice(dev_file_info); |
1325 |
+- if (s == NULL) { |
1326 |
++ if (s == NULL || s->async == NULL) { |
1327 |
+ retval = -EIO; |
1328 |
+ goto done; |
1329 |
+ } |
1330 |
+@@ -1942,7 +1942,7 @@ static ssize_t comedi_read(struct file *file, char __user *buf, size_t nbytes, |
1331 |
+ } |
1332 |
+ |
1333 |
+ s = comedi_get_read_subdevice(dev_file_info); |
1334 |
+- if (s == NULL) { |
1335 |
++ if (s == NULL || s->async == NULL) { |
1336 |
+ retval = -EIO; |
1337 |
+ goto done; |
1338 |
+ } |
1339 |
+diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c |
1340 |
+index f2aa754..96f4981 100644 |
1341 |
+--- a/drivers/target/target_core_device.c |
1342 |
++++ b/drivers/target/target_core_device.c |
1343 |
+@@ -1182,24 +1182,18 @@ static struct se_lun *core_dev_get_lun(struct se_portal_group *tpg, u32 unpacked |
1344 |
+ |
1345 |
+ struct se_lun_acl *core_dev_init_initiator_node_lun_acl( |
1346 |
+ struct se_portal_group *tpg, |
1347 |
++ struct se_node_acl *nacl, |
1348 |
+ u32 mapped_lun, |
1349 |
+- char *initiatorname, |
1350 |
+ int *ret) |
1351 |
+ { |
1352 |
+ struct se_lun_acl *lacl; |
1353 |
+- struct se_node_acl *nacl; |
1354 |
+ |
1355 |
+- if (strlen(initiatorname) >= TRANSPORT_IQN_LEN) { |
1356 |
++ if (strlen(nacl->initiatorname) >= TRANSPORT_IQN_LEN) { |
1357 |
+ pr_err("%s InitiatorName exceeds maximum size.\n", |
1358 |
+ tpg->se_tpg_tfo->get_fabric_name()); |
1359 |
+ *ret = -EOVERFLOW; |
1360 |
+ return NULL; |
1361 |
+ } |
1362 |
+- nacl = core_tpg_get_initiator_node_acl(tpg, initiatorname); |
1363 |
+- if (!nacl) { |
1364 |
+- *ret = -EINVAL; |
1365 |
+- return NULL; |
1366 |
+- } |
1367 |
+ lacl = kzalloc(sizeof(struct se_lun_acl), GFP_KERNEL); |
1368 |
+ if (!lacl) { |
1369 |
+ pr_err("Unable to allocate memory for struct se_lun_acl.\n"); |
1370 |
+@@ -1210,7 +1204,8 @@ struct se_lun_acl *core_dev_init_initiator_node_lun_acl( |
1371 |
+ INIT_LIST_HEAD(&lacl->lacl_list); |
1372 |
+ lacl->mapped_lun = mapped_lun; |
1373 |
+ lacl->se_lun_nacl = nacl; |
1374 |
+- snprintf(lacl->initiatorname, TRANSPORT_IQN_LEN, "%s", initiatorname); |
1375 |
++ snprintf(lacl->initiatorname, TRANSPORT_IQN_LEN, "%s", |
1376 |
++ nacl->initiatorname); |
1377 |
+ |
1378 |
+ return lacl; |
1379 |
+ } |
1380 |
+diff --git a/drivers/target/target_core_fabric_configfs.c b/drivers/target/target_core_fabric_configfs.c |
1381 |
+index c57bbbc..04c775c 100644 |
1382 |
+--- a/drivers/target/target_core_fabric_configfs.c |
1383 |
++++ b/drivers/target/target_core_fabric_configfs.c |
1384 |
+@@ -354,9 +354,17 @@ static struct config_group *target_fabric_make_mappedlun( |
1385 |
+ ret = -EINVAL; |
1386 |
+ goto out; |
1387 |
+ } |
1388 |
++ if (mapped_lun > (TRANSPORT_MAX_LUNS_PER_TPG-1)) { |
1389 |
++ pr_err("Mapped LUN: %lu exceeds TRANSPORT_MAX_LUNS_PER_TPG" |
1390 |
++ "-1: %u for Target Portal Group: %u\n", mapped_lun, |
1391 |
++ TRANSPORT_MAX_LUNS_PER_TPG-1, |
1392 |
++ se_tpg->se_tpg_tfo->tpg_get_tag(se_tpg)); |
1393 |
++ ret = -EINVAL; |
1394 |
++ goto out; |
1395 |
++ } |
1396 |
+ |
1397 |
+- lacl = core_dev_init_initiator_node_lun_acl(se_tpg, mapped_lun, |
1398 |
+- config_item_name(acl_ci), &ret); |
1399 |
++ lacl = core_dev_init_initiator_node_lun_acl(se_tpg, se_nacl, |
1400 |
++ mapped_lun, &ret); |
1401 |
+ if (!lacl) { |
1402 |
+ ret = -EINVAL; |
1403 |
+ goto out; |
1404 |
+diff --git a/drivers/target/target_core_internal.h b/drivers/target/target_core_internal.h |
1405 |
+index 93e9c1f..396e1eb 100644 |
1406 |
+--- a/drivers/target/target_core_internal.h |
1407 |
++++ b/drivers/target/target_core_internal.h |
1408 |
+@@ -45,7 +45,7 @@ struct se_lun *core_dev_add_lun(struct se_portal_group *, struct se_device *, u3 |
1409 |
+ int core_dev_del_lun(struct se_portal_group *, u32); |
1410 |
+ struct se_lun *core_get_lun_from_tpg(struct se_portal_group *, u32); |
1411 |
+ struct se_lun_acl *core_dev_init_initiator_node_lun_acl(struct se_portal_group *, |
1412 |
+- u32, char *, int *); |
1413 |
++ struct se_node_acl *, u32, int *); |
1414 |
+ int core_dev_add_initiator_node_lun_acl(struct se_portal_group *, |
1415 |
+ struct se_lun_acl *, u32, u32); |
1416 |
+ int core_dev_del_initiator_node_lun_acl(struct se_portal_group *, |
1417 |
+diff --git a/drivers/target/target_core_tpg.c b/drivers/target/target_core_tpg.c |
1418 |
+index 5192ac0..9169d6a 100644 |
1419 |
+--- a/drivers/target/target_core_tpg.c |
1420 |
++++ b/drivers/target/target_core_tpg.c |
1421 |
+@@ -111,16 +111,10 @@ struct se_node_acl *core_tpg_get_initiator_node_acl( |
1422 |
+ struct se_node_acl *acl; |
1423 |
+ |
1424 |
+ spin_lock_irq(&tpg->acl_node_lock); |
1425 |
+- list_for_each_entry(acl, &tpg->acl_node_list, acl_list) { |
1426 |
+- if (!strcmp(acl->initiatorname, initiatorname) && |
1427 |
+- !acl->dynamic_node_acl) { |
1428 |
+- spin_unlock_irq(&tpg->acl_node_lock); |
1429 |
+- return acl; |
1430 |
+- } |
1431 |
+- } |
1432 |
++ acl = __core_tpg_get_initiator_node_acl(tpg, initiatorname); |
1433 |
+ spin_unlock_irq(&tpg->acl_node_lock); |
1434 |
+ |
1435 |
+- return NULL; |
1436 |
++ return acl; |
1437 |
+ } |
1438 |
+ |
1439 |
+ /* core_tpg_add_node_to_devs(): |
1440 |
+diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h |
1441 |
+index 4999563..1dae91d 100644 |
1442 |
+--- a/drivers/usb/dwc3/core.h |
1443 |
++++ b/drivers/usb/dwc3/core.h |
1444 |
+@@ -405,7 +405,6 @@ struct dwc3_event_buffer { |
1445 |
+ * @number: endpoint number (1 - 15) |
1446 |
+ * @type: set to bmAttributes & USB_ENDPOINT_XFERTYPE_MASK |
1447 |
+ * @resource_index: Resource transfer index |
1448 |
+- * @current_uf: Current uf received through last event parameter |
1449 |
+ * @interval: the intervall on which the ISOC transfer is started |
1450 |
+ * @name: a human readable name e.g. ep1out-bulk |
1451 |
+ * @direction: true for TX, false for RX |
1452 |
+@@ -439,7 +438,6 @@ struct dwc3_ep { |
1453 |
+ u8 number; |
1454 |
+ u8 type; |
1455 |
+ u8 resource_index; |
1456 |
+- u16 current_uf; |
1457 |
+ u32 interval; |
1458 |
+ |
1459 |
+ char name[20]; |
1460 |
+diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c |
1461 |
+index 2fdd767..09835b6 100644 |
1462 |
+--- a/drivers/usb/dwc3/gadget.c |
1463 |
++++ b/drivers/usb/dwc3/gadget.c |
1464 |
+@@ -754,21 +754,18 @@ static void dwc3_prepare_one_trb(struct dwc3_ep *dep, |
1465 |
+ struct dwc3 *dwc = dep->dwc; |
1466 |
+ struct dwc3_trb *trb; |
1467 |
+ |
1468 |
+- unsigned int cur_slot; |
1469 |
+- |
1470 |
+ dev_vdbg(dwc->dev, "%s: req %p dma %08llx length %d%s%s\n", |
1471 |
+ dep->name, req, (unsigned long long) dma, |
1472 |
+ length, last ? " last" : "", |
1473 |
+ chain ? " chain" : ""); |
1474 |
+ |
1475 |
+- trb = &dep->trb_pool[dep->free_slot & DWC3_TRB_MASK]; |
1476 |
+- cur_slot = dep->free_slot; |
1477 |
+- dep->free_slot++; |
1478 |
+- |
1479 |
+ /* Skip the LINK-TRB on ISOC */ |
1480 |
+- if (((cur_slot & DWC3_TRB_MASK) == DWC3_TRB_NUM - 1) && |
1481 |
++ if (((dep->free_slot & DWC3_TRB_MASK) == DWC3_TRB_NUM - 1) && |
1482 |
+ usb_endpoint_xfer_isoc(dep->endpoint.desc)) |
1483 |
+- return; |
1484 |
++ dep->free_slot++; |
1485 |
++ |
1486 |
++ trb = &dep->trb_pool[dep->free_slot & DWC3_TRB_MASK]; |
1487 |
++ dep->free_slot++; |
1488 |
+ |
1489 |
+ if (!req->trb) { |
1490 |
+ dwc3_gadget_move_request_queued(req); |
1491 |
+@@ -1091,7 +1088,10 @@ static int __dwc3_gadget_ep_queue(struct dwc3_ep *dep, struct dwc3_request *req) |
1492 |
+ * notion of current microframe. |
1493 |
+ */ |
1494 |
+ if (usb_endpoint_xfer_isoc(dep->endpoint.desc)) { |
1495 |
+- dwc3_stop_active_transfer(dwc, dep->number); |
1496 |
++ if (list_empty(&dep->req_queued)) { |
1497 |
++ dwc3_stop_active_transfer(dwc, dep->number); |
1498 |
++ dep->flags = DWC3_EP_ENABLED; |
1499 |
++ } |
1500 |
+ return 0; |
1501 |
+ } |
1502 |
+ |
1503 |
+@@ -1117,16 +1117,6 @@ static int __dwc3_gadget_ep_queue(struct dwc3_ep *dep, struct dwc3_request *req) |
1504 |
+ dep->name); |
1505 |
+ } |
1506 |
+ |
1507 |
+- /* |
1508 |
+- * 3. Missed ISOC Handling. We need to start isoc transfer on the saved |
1509 |
+- * uframe number. |
1510 |
+- */ |
1511 |
+- if (usb_endpoint_xfer_isoc(dep->endpoint.desc) && |
1512 |
+- (dep->flags & DWC3_EP_MISSED_ISOC)) { |
1513 |
+- __dwc3_gadget_start_isoc(dwc, dep, dep->current_uf); |
1514 |
+- dep->flags &= ~DWC3_EP_MISSED_ISOC; |
1515 |
+- } |
1516 |
+- |
1517 |
+ return 0; |
1518 |
+ } |
1519 |
+ |
1520 |
+@@ -1689,14 +1679,29 @@ static int dwc3_cleanup_done_reqs(struct dwc3 *dwc, struct dwc3_ep *dep, |
1521 |
+ if (trb_status == DWC3_TRBSTS_MISSED_ISOC) { |
1522 |
+ dev_dbg(dwc->dev, "incomplete IN transfer %s\n", |
1523 |
+ dep->name); |
1524 |
+- dep->current_uf = event->parameters & |
1525 |
+- ~(dep->interval - 1); |
1526 |
++ /* |
1527 |
++ * If missed isoc occurred and there is |
1528 |
++ * no request queued then issue END |
1529 |
++ * TRANSFER, so that core generates |
1530 |
++ * next xfernotready and we will issue |
1531 |
++ * a fresh START TRANSFER. |
1532 |
++ * If there are still queued request |
1533 |
++ * then wait, do not issue either END |
1534 |
++ * or UPDATE TRANSFER, just attach next |
1535 |
++ * request in request_list during |
1536 |
++ * giveback.If any future queued request |
1537 |
++ * is successfully transferred then we |
1538 |
++ * will issue UPDATE TRANSFER for all |
1539 |
++ * request in the request_list. |
1540 |
++ */ |
1541 |
+ dep->flags |= DWC3_EP_MISSED_ISOC; |
1542 |
+ } else { |
1543 |
+ dev_err(dwc->dev, "incomplete IN transfer %s\n", |
1544 |
+ dep->name); |
1545 |
+ status = -ECONNRESET; |
1546 |
+ } |
1547 |
++ } else { |
1548 |
++ dep->flags &= ~DWC3_EP_MISSED_ISOC; |
1549 |
+ } |
1550 |
+ } else { |
1551 |
+ if (count && (event->status & DEPEVT_STATUS_SHORT)) |
1552 |
+@@ -1723,6 +1728,23 @@ static int dwc3_cleanup_done_reqs(struct dwc3 *dwc, struct dwc3_ep *dep, |
1553 |
+ break; |
1554 |
+ } while (1); |
1555 |
+ |
1556 |
++ if (usb_endpoint_xfer_isoc(dep->endpoint.desc) && |
1557 |
++ list_empty(&dep->req_queued)) { |
1558 |
++ if (list_empty(&dep->request_list)) { |
1559 |
++ /* |
1560 |
++ * If there is no entry in request list then do |
1561 |
++ * not issue END TRANSFER now. Just set PENDING |
1562 |
++ * flag, so that END TRANSFER is issued when an |
1563 |
++ * entry is added into request list. |
1564 |
++ */ |
1565 |
++ dep->flags = DWC3_EP_PENDING_REQUEST; |
1566 |
++ } else { |
1567 |
++ dwc3_stop_active_transfer(dwc, dep->number); |
1568 |
++ dep->flags = DWC3_EP_ENABLED; |
1569 |
++ } |
1570 |
++ return 1; |
1571 |
++ } |
1572 |
++ |
1573 |
+ if ((event->status & DEPEVT_STATUS_IOC) && |
1574 |
+ (trb->ctrl & DWC3_TRB_CTRL_IOC)) |
1575 |
+ return 0; |
1576 |
+@@ -2157,6 +2179,26 @@ static void dwc3_gadget_conndone_interrupt(struct dwc3 *dwc) |
1577 |
+ break; |
1578 |
+ } |
1579 |
+ |
1580 |
++ /* Enable USB2 LPM Capability */ |
1581 |
++ |
1582 |
++ if ((dwc->revision > DWC3_REVISION_194A) |
1583 |
++ && (speed != DWC3_DCFG_SUPERSPEED)) { |
1584 |
++ reg = dwc3_readl(dwc->regs, DWC3_DCFG); |
1585 |
++ reg |= DWC3_DCFG_LPM_CAP; |
1586 |
++ dwc3_writel(dwc->regs, DWC3_DCFG, reg); |
1587 |
++ |
1588 |
++ reg = dwc3_readl(dwc->regs, DWC3_DCTL); |
1589 |
++ reg &= ~(DWC3_DCTL_HIRD_THRES_MASK | DWC3_DCTL_L1_HIBER_EN); |
1590 |
++ |
1591 |
++ /* |
1592 |
++ * TODO: This should be configurable. For now using |
1593 |
++ * maximum allowed HIRD threshold value of 0b1100 |
1594 |
++ */ |
1595 |
++ reg |= DWC3_DCTL_HIRD_THRES(12); |
1596 |
++ |
1597 |
++ dwc3_writel(dwc->regs, DWC3_DCTL, reg); |
1598 |
++ } |
1599 |
++ |
1600 |
+ /* Recent versions support automatic phy suspend and don't need this */ |
1601 |
+ if (dwc->revision < DWC3_REVISION_194A) { |
1602 |
+ /* Suspend unneeded PHY */ |
1603 |
+@@ -2463,20 +2505,8 @@ int dwc3_gadget_init(struct dwc3 *dwc) |
1604 |
+ DWC3_DEVTEN_DISCONNEVTEN); |
1605 |
+ dwc3_writel(dwc->regs, DWC3_DEVTEN, reg); |
1606 |
+ |
1607 |
+- /* Enable USB2 LPM and automatic phy suspend only on recent versions */ |
1608 |
++ /* automatic phy suspend only on recent versions */ |
1609 |
+ if (dwc->revision >= DWC3_REVISION_194A) { |
1610 |
+- reg = dwc3_readl(dwc->regs, DWC3_DCFG); |
1611 |
+- reg |= DWC3_DCFG_LPM_CAP; |
1612 |
+- dwc3_writel(dwc->regs, DWC3_DCFG, reg); |
1613 |
+- |
1614 |
+- reg = dwc3_readl(dwc->regs, DWC3_DCTL); |
1615 |
+- reg &= ~(DWC3_DCTL_HIRD_THRES_MASK | DWC3_DCTL_L1_HIBER_EN); |
1616 |
+- |
1617 |
+- /* TODO: This should be configurable */ |
1618 |
+- reg |= DWC3_DCTL_HIRD_THRES(28); |
1619 |
+- |
1620 |
+- dwc3_writel(dwc->regs, DWC3_DCTL, reg); |
1621 |
+- |
1622 |
+ dwc3_gadget_usb2_phy_suspend(dwc, false); |
1623 |
+ dwc3_gadget_usb3_phy_suspend(dwc, false); |
1624 |
+ } |
1625 |
+diff --git a/fs/direct-io.c b/fs/direct-io.c |
1626 |
+index cf5b44b..f853263 100644 |
1627 |
+--- a/fs/direct-io.c |
1628 |
++++ b/fs/direct-io.c |
1629 |
+@@ -261,9 +261,9 @@ static ssize_t dio_complete(struct dio *dio, loff_t offset, ssize_t ret, bool is |
1630 |
+ dio->end_io(dio->iocb, offset, transferred, |
1631 |
+ dio->private, ret, is_async); |
1632 |
+ } else { |
1633 |
++ inode_dio_done(dio->inode); |
1634 |
+ if (is_async) |
1635 |
+ aio_complete(dio->iocb, ret, 0); |
1636 |
+- inode_dio_done(dio->inode); |
1637 |
+ } |
1638 |
+ |
1639 |
+ return ret; |
1640 |
+diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c |
1641 |
+index cf18217..2f2e0da 100644 |
1642 |
+--- a/fs/ext4/balloc.c |
1643 |
++++ b/fs/ext4/balloc.c |
1644 |
+@@ -358,7 +358,7 @@ void ext4_validate_block_bitmap(struct super_block *sb, |
1645 |
+ } |
1646 |
+ |
1647 |
+ /** |
1648 |
+- * ext4_read_block_bitmap() |
1649 |
++ * ext4_read_block_bitmap_nowait() |
1650 |
+ * @sb: super block |
1651 |
+ * @block_group: given block group |
1652 |
+ * |
1653 |
+@@ -457,6 +457,8 @@ ext4_read_block_bitmap(struct super_block *sb, ext4_group_t block_group) |
1654 |
+ struct buffer_head *bh; |
1655 |
+ |
1656 |
+ bh = ext4_read_block_bitmap_nowait(sb, block_group); |
1657 |
++ if (!bh) |
1658 |
++ return NULL; |
1659 |
+ if (ext4_wait_block_bitmap(sb, block_group, bh)) { |
1660 |
+ put_bh(bh); |
1661 |
+ return NULL; |
1662 |
+@@ -482,11 +484,16 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi, |
1663 |
+ |
1664 |
+ free_clusters = percpu_counter_read_positive(fcc); |
1665 |
+ dirty_clusters = percpu_counter_read_positive(dcc); |
1666 |
+- root_clusters = EXT4_B2C(sbi, ext4_r_blocks_count(sbi->s_es)); |
1667 |
++ |
1668 |
++ /* |
1669 |
++ * r_blocks_count should always be multiple of the cluster ratio so |
1670 |
++ * we are safe to do a plane bit shift only. |
1671 |
++ */ |
1672 |
++ root_clusters = ext4_r_blocks_count(sbi->s_es) >> sbi->s_cluster_bits; |
1673 |
+ |
1674 |
+ if (free_clusters - (nclusters + root_clusters + dirty_clusters) < |
1675 |
+ EXT4_FREECLUSTERS_WATERMARK) { |
1676 |
+- free_clusters = EXT4_C2B(sbi, percpu_counter_sum_positive(fcc)); |
1677 |
++ free_clusters = percpu_counter_sum_positive(fcc); |
1678 |
+ dirty_clusters = percpu_counter_sum_positive(dcc); |
1679 |
+ } |
1680 |
+ /* Check whether we have space after accounting for current |
1681 |
+diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c |
1682 |
+index 5ae1674..d42a8c4 100644 |
1683 |
+--- a/fs/ext4/extents.c |
1684 |
++++ b/fs/ext4/extents.c |
1685 |
+@@ -725,6 +725,7 @@ ext4_ext_find_extent(struct inode *inode, ext4_lblk_t block, |
1686 |
+ struct ext4_extent_header *eh; |
1687 |
+ struct buffer_head *bh; |
1688 |
+ short int depth, i, ppos = 0, alloc = 0; |
1689 |
++ int ret; |
1690 |
+ |
1691 |
+ eh = ext_inode_hdr(inode); |
1692 |
+ depth = ext_depth(inode); |
1693 |
+@@ -752,12 +753,15 @@ ext4_ext_find_extent(struct inode *inode, ext4_lblk_t block, |
1694 |
+ path[ppos].p_ext = NULL; |
1695 |
+ |
1696 |
+ bh = sb_getblk(inode->i_sb, path[ppos].p_block); |
1697 |
+- if (unlikely(!bh)) |
1698 |
++ if (unlikely(!bh)) { |
1699 |
++ ret = -ENOMEM; |
1700 |
+ goto err; |
1701 |
++ } |
1702 |
+ if (!bh_uptodate_or_lock(bh)) { |
1703 |
+ trace_ext4_ext_load_extent(inode, block, |
1704 |
+ path[ppos].p_block); |
1705 |
+- if (bh_submit_read(bh) < 0) { |
1706 |
++ ret = bh_submit_read(bh); |
1707 |
++ if (ret < 0) { |
1708 |
+ put_bh(bh); |
1709 |
+ goto err; |
1710 |
+ } |
1711 |
+@@ -768,13 +772,15 @@ ext4_ext_find_extent(struct inode *inode, ext4_lblk_t block, |
1712 |
+ put_bh(bh); |
1713 |
+ EXT4_ERROR_INODE(inode, |
1714 |
+ "ppos %d > depth %d", ppos, depth); |
1715 |
++ ret = -EIO; |
1716 |
+ goto err; |
1717 |
+ } |
1718 |
+ path[ppos].p_bh = bh; |
1719 |
+ path[ppos].p_hdr = eh; |
1720 |
+ i--; |
1721 |
+ |
1722 |
+- if (ext4_ext_check_block(inode, eh, i, bh)) |
1723 |
++ ret = ext4_ext_check_block(inode, eh, i, bh); |
1724 |
++ if (ret < 0) |
1725 |
+ goto err; |
1726 |
+ } |
1727 |
+ |
1728 |
+@@ -796,7 +802,7 @@ err: |
1729 |
+ ext4_ext_drop_refs(path); |
1730 |
+ if (alloc) |
1731 |
+ kfree(path); |
1732 |
+- return ERR_PTR(-EIO); |
1733 |
++ return ERR_PTR(ret); |
1734 |
+ } |
1735 |
+ |
1736 |
+ /* |
1737 |
+@@ -951,7 +957,7 @@ static int ext4_ext_split(handle_t *handle, struct inode *inode, |
1738 |
+ } |
1739 |
+ bh = sb_getblk(inode->i_sb, newblock); |
1740 |
+ if (!bh) { |
1741 |
+- err = -EIO; |
1742 |
++ err = -ENOMEM; |
1743 |
+ goto cleanup; |
1744 |
+ } |
1745 |
+ lock_buffer(bh); |
1746 |
+@@ -1024,7 +1030,7 @@ static int ext4_ext_split(handle_t *handle, struct inode *inode, |
1747 |
+ newblock = ablocks[--a]; |
1748 |
+ bh = sb_getblk(inode->i_sb, newblock); |
1749 |
+ if (!bh) { |
1750 |
+- err = -EIO; |
1751 |
++ err = -ENOMEM; |
1752 |
+ goto cleanup; |
1753 |
+ } |
1754 |
+ lock_buffer(bh); |
1755 |
+@@ -1136,11 +1142,8 @@ static int ext4_ext_grow_indepth(handle_t *handle, struct inode *inode, |
1756 |
+ return err; |
1757 |
+ |
1758 |
+ bh = sb_getblk(inode->i_sb, newblock); |
1759 |
+- if (!bh) { |
1760 |
+- err = -EIO; |
1761 |
+- ext4_std_error(inode->i_sb, err); |
1762 |
+- return err; |
1763 |
+- } |
1764 |
++ if (!bh) |
1765 |
++ return -ENOMEM; |
1766 |
+ lock_buffer(bh); |
1767 |
+ |
1768 |
+ err = ext4_journal_get_create_access(handle, bh); |
1769 |
+diff --git a/fs/ext4/indirect.c b/fs/ext4/indirect.c |
1770 |
+index 20862f9..8d83d1e 100644 |
1771 |
+--- a/fs/ext4/indirect.c |
1772 |
++++ b/fs/ext4/indirect.c |
1773 |
+@@ -146,6 +146,7 @@ static Indirect *ext4_get_branch(struct inode *inode, int depth, |
1774 |
+ struct super_block *sb = inode->i_sb; |
1775 |
+ Indirect *p = chain; |
1776 |
+ struct buffer_head *bh; |
1777 |
++ int ret = -EIO; |
1778 |
+ |
1779 |
+ *err = 0; |
1780 |
+ /* i_data is not going away, no lock needed */ |
1781 |
+@@ -154,8 +155,10 @@ static Indirect *ext4_get_branch(struct inode *inode, int depth, |
1782 |
+ goto no_block; |
1783 |
+ while (--depth) { |
1784 |
+ bh = sb_getblk(sb, le32_to_cpu(p->key)); |
1785 |
+- if (unlikely(!bh)) |
1786 |
++ if (unlikely(!bh)) { |
1787 |
++ ret = -ENOMEM; |
1788 |
+ goto failure; |
1789 |
++ } |
1790 |
+ |
1791 |
+ if (!bh_uptodate_or_lock(bh)) { |
1792 |
+ if (bh_submit_read(bh) < 0) { |
1793 |
+@@ -177,7 +180,7 @@ static Indirect *ext4_get_branch(struct inode *inode, int depth, |
1794 |
+ return NULL; |
1795 |
+ |
1796 |
+ failure: |
1797 |
+- *err = -EIO; |
1798 |
++ *err = ret; |
1799 |
+ no_block: |
1800 |
+ return p; |
1801 |
+ } |
1802 |
+@@ -471,7 +474,7 @@ static int ext4_alloc_branch(handle_t *handle, struct inode *inode, |
1803 |
+ */ |
1804 |
+ bh = sb_getblk(inode->i_sb, new_blocks[n-1]); |
1805 |
+ if (unlikely(!bh)) { |
1806 |
+- err = -EIO; |
1807 |
++ err = -ENOMEM; |
1808 |
+ goto failed; |
1809 |
+ } |
1810 |
+ |
1811 |
+diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c |
1812 |
+index 387c47c..93a3408 100644 |
1813 |
+--- a/fs/ext4/inline.c |
1814 |
++++ b/fs/ext4/inline.c |
1815 |
+@@ -1188,7 +1188,7 @@ static int ext4_convert_inline_data_nolock(handle_t *handle, |
1816 |
+ |
1817 |
+ data_bh = sb_getblk(inode->i_sb, map.m_pblk); |
1818 |
+ if (!data_bh) { |
1819 |
+- error = -EIO; |
1820 |
++ error = -ENOMEM; |
1821 |
+ goto out_restore; |
1822 |
+ } |
1823 |
+ |
1824 |
+diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c |
1825 |
+index cbfe13b..39f1fa7 100644 |
1826 |
+--- a/fs/ext4/inode.c |
1827 |
++++ b/fs/ext4/inode.c |
1828 |
+@@ -714,7 +714,7 @@ struct buffer_head *ext4_getblk(handle_t *handle, struct inode *inode, |
1829 |
+ |
1830 |
+ bh = sb_getblk(inode->i_sb, map.m_pblk); |
1831 |
+ if (!bh) { |
1832 |
+- *errp = -EIO; |
1833 |
++ *errp = -ENOMEM; |
1834 |
+ return NULL; |
1835 |
+ } |
1836 |
+ if (map.m_flags & EXT4_MAP_NEW) { |
1837 |
+@@ -2977,9 +2977,9 @@ static void ext4_end_io_dio(struct kiocb *iocb, loff_t offset, |
1838 |
+ if (!(io_end->flag & EXT4_IO_END_UNWRITTEN)) { |
1839 |
+ ext4_free_io_end(io_end); |
1840 |
+ out: |
1841 |
++ inode_dio_done(inode); |
1842 |
+ if (is_async) |
1843 |
+ aio_complete(iocb, ret, 0); |
1844 |
+- inode_dio_done(inode); |
1845 |
+ return; |
1846 |
+ } |
1847 |
+ |
1848 |
+@@ -3660,11 +3660,8 @@ static int __ext4_get_inode_loc(struct inode *inode, |
1849 |
+ iloc->offset = (inode_offset % inodes_per_block) * EXT4_INODE_SIZE(sb); |
1850 |
+ |
1851 |
+ bh = sb_getblk(sb, block); |
1852 |
+- if (!bh) { |
1853 |
+- EXT4_ERROR_INODE_BLOCK(inode, block, |
1854 |
+- "unable to read itable block"); |
1855 |
+- return -EIO; |
1856 |
+- } |
1857 |
++ if (!bh) |
1858 |
++ return -ENOMEM; |
1859 |
+ if (!buffer_uptodate(bh)) { |
1860 |
+ lock_buffer(bh); |
1861 |
+ |
1862 |
+diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c |
1863 |
+index 1bf6fe7..061727a 100644 |
1864 |
+--- a/fs/ext4/mballoc.c |
1865 |
++++ b/fs/ext4/mballoc.c |
1866 |
+@@ -4136,7 +4136,7 @@ static void ext4_mb_add_n_trim(struct ext4_allocation_context *ac) |
1867 |
+ /* The max size of hash table is PREALLOC_TB_SIZE */ |
1868 |
+ order = PREALLOC_TB_SIZE - 1; |
1869 |
+ /* Add the prealloc space to lg */ |
1870 |
+- rcu_read_lock(); |
1871 |
++ spin_lock(&lg->lg_prealloc_lock); |
1872 |
+ list_for_each_entry_rcu(tmp_pa, &lg->lg_prealloc_list[order], |
1873 |
+ pa_inode_list) { |
1874 |
+ spin_lock(&tmp_pa->pa_lock); |
1875 |
+@@ -4160,12 +4160,12 @@ static void ext4_mb_add_n_trim(struct ext4_allocation_context *ac) |
1876 |
+ if (!added) |
1877 |
+ list_add_tail_rcu(&pa->pa_inode_list, |
1878 |
+ &lg->lg_prealloc_list[order]); |
1879 |
+- rcu_read_unlock(); |
1880 |
++ spin_unlock(&lg->lg_prealloc_lock); |
1881 |
+ |
1882 |
+ /* Now trim the list to be not more than 8 elements */ |
1883 |
+ if (lg_prealloc_count > 8) { |
1884 |
+ ext4_mb_discard_lg_preallocations(sb, lg, |
1885 |
+- order, lg_prealloc_count); |
1886 |
++ order, lg_prealloc_count); |
1887 |
+ return; |
1888 |
+ } |
1889 |
+ return ; |
1890 |
+diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c |
1891 |
+index fe7c63f..44734f1 100644 |
1892 |
+--- a/fs/ext4/mmp.c |
1893 |
++++ b/fs/ext4/mmp.c |
1894 |
+@@ -80,6 +80,8 @@ static int read_mmp_block(struct super_block *sb, struct buffer_head **bh, |
1895 |
+ * is not blocked in the elevator. */ |
1896 |
+ if (!*bh) |
1897 |
+ *bh = sb_getblk(sb, mmp_block); |
1898 |
++ if (!*bh) |
1899 |
++ return -ENOMEM; |
1900 |
+ if (*bh) { |
1901 |
+ get_bh(*bh); |
1902 |
+ lock_buffer(*bh); |
1903 |
+diff --git a/fs/ext4/page-io.c b/fs/ext4/page-io.c |
1904 |
+index 0016fbc..b42d04f 100644 |
1905 |
+--- a/fs/ext4/page-io.c |
1906 |
++++ b/fs/ext4/page-io.c |
1907 |
+@@ -103,14 +103,13 @@ static int ext4_end_io(ext4_io_end_t *io) |
1908 |
+ "(inode %lu, offset %llu, size %zd, error %d)", |
1909 |
+ inode->i_ino, offset, size, ret); |
1910 |
+ } |
1911 |
+- if (io->iocb) |
1912 |
+- aio_complete(io->iocb, io->result, 0); |
1913 |
+- |
1914 |
+- if (io->flag & EXT4_IO_END_DIRECT) |
1915 |
+- inode_dio_done(inode); |
1916 |
+ /* Wake up anyone waiting on unwritten extent conversion */ |
1917 |
+ if (atomic_dec_and_test(&EXT4_I(inode)->i_unwritten)) |
1918 |
+ wake_up_all(ext4_ioend_wq(inode)); |
1919 |
++ if (io->flag & EXT4_IO_END_DIRECT) |
1920 |
++ inode_dio_done(inode); |
1921 |
++ if (io->iocb) |
1922 |
++ aio_complete(io->iocb, io->result, 0); |
1923 |
+ return ret; |
1924 |
+ } |
1925 |
+ |
1926 |
+diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c |
1927 |
+index d99387b..02824dc 100644 |
1928 |
+--- a/fs/ext4/resize.c |
1929 |
++++ b/fs/ext4/resize.c |
1930 |
+@@ -334,7 +334,7 @@ static struct buffer_head *bclean(handle_t *handle, struct super_block *sb, |
1931 |
+ |
1932 |
+ bh = sb_getblk(sb, blk); |
1933 |
+ if (!bh) |
1934 |
+- return ERR_PTR(-EIO); |
1935 |
++ return ERR_PTR(-ENOMEM); |
1936 |
+ if ((err = ext4_journal_get_write_access(handle, bh))) { |
1937 |
+ brelse(bh); |
1938 |
+ bh = ERR_PTR(err); |
1939 |
+@@ -411,7 +411,7 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle, |
1940 |
+ |
1941 |
+ bh = sb_getblk(sb, flex_gd->groups[group].block_bitmap); |
1942 |
+ if (!bh) |
1943 |
+- return -EIO; |
1944 |
++ return -ENOMEM; |
1945 |
+ |
1946 |
+ err = ext4_journal_get_write_access(handle, bh); |
1947 |
+ if (err) |
1948 |
+@@ -501,7 +501,7 @@ static int setup_new_flex_group_blocks(struct super_block *sb, |
1949 |
+ |
1950 |
+ gdb = sb_getblk(sb, block); |
1951 |
+ if (!gdb) { |
1952 |
+- err = -EIO; |
1953 |
++ err = -ENOMEM; |
1954 |
+ goto out; |
1955 |
+ } |
1956 |
+ |
1957 |
+@@ -1065,7 +1065,7 @@ static void update_backups(struct super_block *sb, int blk_off, char *data, |
1958 |
+ |
1959 |
+ bh = sb_getblk(sb, backup_block); |
1960 |
+ if (!bh) { |
1961 |
+- err = -EIO; |
1962 |
++ err = -ENOMEM; |
1963 |
+ break; |
1964 |
+ } |
1965 |
+ ext4_debug("update metadata backup %llu(+%llu)\n", |
1966 |
+diff --git a/fs/ext4/super.c b/fs/ext4/super.c |
1967 |
+index 3d4fb81..0465f36 100644 |
1968 |
+--- a/fs/ext4/super.c |
1969 |
++++ b/fs/ext4/super.c |
1970 |
+@@ -4008,7 +4008,7 @@ no_journal: |
1971 |
+ !(sb->s_flags & MS_RDONLY)) { |
1972 |
+ err = ext4_enable_quotas(sb); |
1973 |
+ if (err) |
1974 |
+- goto failed_mount7; |
1975 |
++ goto failed_mount8; |
1976 |
+ } |
1977 |
+ #endif /* CONFIG_QUOTA */ |
1978 |
+ |
1979 |
+@@ -4035,6 +4035,10 @@ cantfind_ext4: |
1980 |
+ ext4_msg(sb, KERN_ERR, "VFS: Can't find ext4 filesystem"); |
1981 |
+ goto failed_mount; |
1982 |
+ |
1983 |
++#ifdef CONFIG_QUOTA |
1984 |
++failed_mount8: |
1985 |
++ kobject_del(&sbi->s_kobj); |
1986 |
++#endif |
1987 |
+ failed_mount7: |
1988 |
+ ext4_unregister_li_request(sb); |
1989 |
+ failed_mount6: |
1990 |
+@@ -5005,9 +5009,9 @@ static int ext4_enable_quotas(struct super_block *sb) |
1991 |
+ DQUOT_USAGE_ENABLED); |
1992 |
+ if (err) { |
1993 |
+ ext4_warning(sb, |
1994 |
+- "Failed to enable quota (type=%d) " |
1995 |
+- "tracking. Please run e2fsck to fix.", |
1996 |
+- type); |
1997 |
++ "Failed to enable quota tracking " |
1998 |
++ "(type=%d, err=%d). Please run " |
1999 |
++ "e2fsck to fix.", type, err); |
2000 |
+ return err; |
2001 |
+ } |
2002 |
+ } |
2003 |
+diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c |
2004 |
+index 3a91ebc..b93846b 100644 |
2005 |
+--- a/fs/ext4/xattr.c |
2006 |
++++ b/fs/ext4/xattr.c |
2007 |
+@@ -549,7 +549,7 @@ ext4_xattr_release_block(handle_t *handle, struct inode *inode, |
2008 |
+ error = ext4_handle_dirty_xattr_block(handle, inode, bh); |
2009 |
+ if (IS_SYNC(inode)) |
2010 |
+ ext4_handle_sync(handle); |
2011 |
+- dquot_free_block(inode, 1); |
2012 |
++ dquot_free_block(inode, EXT4_C2B(EXT4_SB(inode->i_sb), 1)); |
2013 |
+ ea_bdebug(bh, "refcount now=%d; releasing", |
2014 |
+ le32_to_cpu(BHDR(bh)->h_refcount)); |
2015 |
+ } |
2016 |
+@@ -832,7 +832,8 @@ inserted: |
2017 |
+ else { |
2018 |
+ /* The old block is released after updating |
2019 |
+ the inode. */ |
2020 |
+- error = dquot_alloc_block(inode, 1); |
2021 |
++ error = dquot_alloc_block(inode, |
2022 |
++ EXT4_C2B(EXT4_SB(sb), 1)); |
2023 |
+ if (error) |
2024 |
+ goto cleanup; |
2025 |
+ error = ext4_journal_get_write_access(handle, |
2026 |
+@@ -887,16 +888,17 @@ inserted: |
2027 |
+ |
2028 |
+ new_bh = sb_getblk(sb, block); |
2029 |
+ if (!new_bh) { |
2030 |
++ error = -ENOMEM; |
2031 |
+ getblk_failed: |
2032 |
+ ext4_free_blocks(handle, inode, NULL, block, 1, |
2033 |
+ EXT4_FREE_BLOCKS_METADATA); |
2034 |
+- error = -EIO; |
2035 |
+ goto cleanup; |
2036 |
+ } |
2037 |
+ lock_buffer(new_bh); |
2038 |
+ error = ext4_journal_get_create_access(handle, new_bh); |
2039 |
+ if (error) { |
2040 |
+ unlock_buffer(new_bh); |
2041 |
++ error = -EIO; |
2042 |
+ goto getblk_failed; |
2043 |
+ } |
2044 |
+ memcpy(new_bh->b_data, s->base, new_bh->b_size); |
2045 |
+@@ -928,7 +930,7 @@ cleanup: |
2046 |
+ return error; |
2047 |
+ |
2048 |
+ cleanup_dquot: |
2049 |
+- dquot_free_block(inode, 1); |
2050 |
++ dquot_free_block(inode, EXT4_C2B(EXT4_SB(sb), 1)); |
2051 |
+ goto cleanup; |
2052 |
+ |
2053 |
+ bad_block: |
2054 |
+diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c |
2055 |
+index b7c09f9..315e1f8 100644 |
2056 |
+--- a/fs/fuse/dir.c |
2057 |
++++ b/fs/fuse/dir.c |
2058 |
+@@ -682,7 +682,14 @@ static int fuse_unlink(struct inode *dir, struct dentry *entry) |
2059 |
+ |
2060 |
+ spin_lock(&fc->lock); |
2061 |
+ fi->attr_version = ++fc->attr_version; |
2062 |
+- drop_nlink(inode); |
2063 |
++ /* |
2064 |
++ * If i_nlink == 0 then unlink doesn't make sense, yet this can |
2065 |
++ * happen if userspace filesystem is careless. It would be |
2066 |
++ * difficult to enforce correct nlink usage so just ignore this |
2067 |
++ * condition here |
2068 |
++ */ |
2069 |
++ if (inode->i_nlink > 0) |
2070 |
++ drop_nlink(inode); |
2071 |
+ spin_unlock(&fc->lock); |
2072 |
+ fuse_invalidate_attr(inode); |
2073 |
+ fuse_invalidate_attr(dir); |
2074 |
+diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c |
2075 |
+index ac8ed96c..a8309c6 100644 |
2076 |
+--- a/fs/nfsd/nfs4state.c |
2077 |
++++ b/fs/nfsd/nfs4state.c |
2078 |
+@@ -1060,6 +1060,8 @@ free_client(struct nfs4_client *clp) |
2079 |
+ } |
2080 |
+ free_svc_cred(&clp->cl_cred); |
2081 |
+ kfree(clp->cl_name.data); |
2082 |
++ idr_remove_all(&clp->cl_stateids); |
2083 |
++ idr_destroy(&clp->cl_stateids); |
2084 |
+ kfree(clp); |
2085 |
+ } |
2086 |
+ |
2087 |
+diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c |
2088 |
+index 6577432..340bd02 100644 |
2089 |
+--- a/fs/ocfs2/aops.c |
2090 |
++++ b/fs/ocfs2/aops.c |
2091 |
+@@ -593,9 +593,9 @@ static void ocfs2_dio_end_io(struct kiocb *iocb, |
2092 |
+ level = ocfs2_iocb_rw_locked_level(iocb); |
2093 |
+ ocfs2_rw_unlock(inode, level); |
2094 |
+ |
2095 |
++ inode_dio_done(inode); |
2096 |
+ if (is_async) |
2097 |
+ aio_complete(iocb, ret, 0); |
2098 |
+- inode_dio_done(inode); |
2099 |
+ } |
2100 |
+ |
2101 |
+ /* |
2102 |
+diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c |
2103 |
+index f169da4..b7e74b5 100644 |
2104 |
+--- a/fs/ocfs2/suballoc.c |
2105 |
++++ b/fs/ocfs2/suballoc.c |
2106 |
+@@ -642,7 +642,7 @@ ocfs2_block_group_alloc_discontig(handle_t *handle, |
2107 |
+ * cluster groups will be staying in cache for the duration of |
2108 |
+ * this operation. |
2109 |
+ */ |
2110 |
+- ac->ac_allow_chain_relink = 0; |
2111 |
++ ac->ac_disable_chain_relink = 1; |
2112 |
+ |
2113 |
+ /* Claim the first region */ |
2114 |
+ status = ocfs2_block_group_claim_bits(osb, handle, ac, min_bits, |
2115 |
+@@ -1823,7 +1823,7 @@ static int ocfs2_search_chain(struct ocfs2_alloc_context *ac, |
2116 |
+ * Do this *after* figuring out how many bits we're taking out |
2117 |
+ * of our target group. |
2118 |
+ */ |
2119 |
+- if (ac->ac_allow_chain_relink && |
2120 |
++ if (!ac->ac_disable_chain_relink && |
2121 |
+ (prev_group_bh) && |
2122 |
+ (ocfs2_block_group_reasonably_empty(bg, res->sr_bits))) { |
2123 |
+ status = ocfs2_relink_block_group(handle, alloc_inode, |
2124 |
+@@ -1928,7 +1928,6 @@ static int ocfs2_claim_suballoc_bits(struct ocfs2_alloc_context *ac, |
2125 |
+ |
2126 |
+ victim = ocfs2_find_victim_chain(cl); |
2127 |
+ ac->ac_chain = victim; |
2128 |
+- ac->ac_allow_chain_relink = 1; |
2129 |
+ |
2130 |
+ status = ocfs2_search_chain(ac, handle, bits_wanted, min_bits, |
2131 |
+ res, &bits_left); |
2132 |
+@@ -1947,7 +1946,7 @@ static int ocfs2_claim_suballoc_bits(struct ocfs2_alloc_context *ac, |
2133 |
+ * searching each chain in order. Don't allow chain relinking |
2134 |
+ * because we only calculate enough journal credits for one |
2135 |
+ * relink per alloc. */ |
2136 |
+- ac->ac_allow_chain_relink = 0; |
2137 |
++ ac->ac_disable_chain_relink = 1; |
2138 |
+ for (i = 0; i < le16_to_cpu(cl->cl_next_free_rec); i ++) { |
2139 |
+ if (i == victim) |
2140 |
+ continue; |
2141 |
+diff --git a/fs/ocfs2/suballoc.h b/fs/ocfs2/suballoc.h |
2142 |
+index b8afabf..a36d0aa 100644 |
2143 |
+--- a/fs/ocfs2/suballoc.h |
2144 |
++++ b/fs/ocfs2/suballoc.h |
2145 |
+@@ -49,7 +49,7 @@ struct ocfs2_alloc_context { |
2146 |
+ |
2147 |
+ /* these are used by the chain search */ |
2148 |
+ u16 ac_chain; |
2149 |
+- int ac_allow_chain_relink; |
2150 |
++ int ac_disable_chain_relink; |
2151 |
+ group_search_t *ac_group_search; |
2152 |
+ |
2153 |
+ u64 ac_last_group; |
2154 |
+diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c |
2155 |
+index 0ba9ea1..2e3ea30 100644 |
2156 |
+--- a/fs/ocfs2/xattr.c |
2157 |
++++ b/fs/ocfs2/xattr.c |
2158 |
+@@ -7189,7 +7189,7 @@ int ocfs2_init_security_and_acl(struct inode *dir, |
2159 |
+ struct buffer_head *dir_bh = NULL; |
2160 |
+ |
2161 |
+ ret = ocfs2_init_security_get(inode, dir, qstr, NULL); |
2162 |
+- if (!ret) { |
2163 |
++ if (ret) { |
2164 |
+ mlog_errno(ret); |
2165 |
+ goto leave; |
2166 |
+ } |
2167 |
+diff --git a/fs/pstore/platform.c b/fs/pstore/platform.c |
2168 |
+index 5ea2e77..86d1038 100644 |
2169 |
+--- a/fs/pstore/platform.c |
2170 |
++++ b/fs/pstore/platform.c |
2171 |
+@@ -96,6 +96,27 @@ static const char *get_reason_str(enum kmsg_dump_reason reason) |
2172 |
+ } |
2173 |
+ } |
2174 |
+ |
2175 |
++bool pstore_cannot_block_path(enum kmsg_dump_reason reason) |
2176 |
++{ |
2177 |
++ /* |
2178 |
++ * In case of NMI path, pstore shouldn't be blocked |
2179 |
++ * regardless of reason. |
2180 |
++ */ |
2181 |
++ if (in_nmi()) |
2182 |
++ return true; |
2183 |
++ |
2184 |
++ switch (reason) { |
2185 |
++ /* In panic case, other cpus are stopped by smp_send_stop(). */ |
2186 |
++ case KMSG_DUMP_PANIC: |
2187 |
++ /* Emergency restart shouldn't be blocked by spin lock. */ |
2188 |
++ case KMSG_DUMP_EMERG: |
2189 |
++ return true; |
2190 |
++ default: |
2191 |
++ return false; |
2192 |
++ } |
2193 |
++} |
2194 |
++EXPORT_SYMBOL_GPL(pstore_cannot_block_path); |
2195 |
++ |
2196 |
+ /* |
2197 |
+ * callback from kmsg_dump. (s2,l2) has the most recently |
2198 |
+ * written bytes, older bytes are in (s1,l1). Save as much |
2199 |
+@@ -114,10 +135,12 @@ static void pstore_dump(struct kmsg_dumper *dumper, |
2200 |
+ |
2201 |
+ why = get_reason_str(reason); |
2202 |
+ |
2203 |
+- if (in_nmi()) { |
2204 |
+- is_locked = spin_trylock(&psinfo->buf_lock); |
2205 |
+- if (!is_locked) |
2206 |
+- pr_err("pstore dump routine blocked in NMI, may corrupt error record\n"); |
2207 |
++ if (pstore_cannot_block_path(reason)) { |
2208 |
++ is_locked = spin_trylock_irqsave(&psinfo->buf_lock, flags); |
2209 |
++ if (!is_locked) { |
2210 |
++ pr_err("pstore dump routine blocked in %s path, may corrupt error record\n" |
2211 |
++ , in_nmi() ? "NMI" : why); |
2212 |
++ } |
2213 |
+ } else |
2214 |
+ spin_lock_irqsave(&psinfo->buf_lock, flags); |
2215 |
+ oopscount++; |
2216 |
+@@ -143,9 +166,9 @@ static void pstore_dump(struct kmsg_dumper *dumper, |
2217 |
+ total += hsize + len; |
2218 |
+ part++; |
2219 |
+ } |
2220 |
+- if (in_nmi()) { |
2221 |
++ if (pstore_cannot_block_path(reason)) { |
2222 |
+ if (is_locked) |
2223 |
+- spin_unlock(&psinfo->buf_lock); |
2224 |
++ spin_unlock_irqrestore(&psinfo->buf_lock, flags); |
2225 |
+ } else |
2226 |
+ spin_unlock_irqrestore(&psinfo->buf_lock, flags); |
2227 |
+ } |
2228 |
+diff --git a/fs/ubifs/orphan.c b/fs/ubifs/orphan.c |
2229 |
+index 769701c..ba32da3 100644 |
2230 |
+--- a/fs/ubifs/orphan.c |
2231 |
++++ b/fs/ubifs/orphan.c |
2232 |
+@@ -126,13 +126,14 @@ void ubifs_delete_orphan(struct ubifs_info *c, ino_t inum) |
2233 |
+ else if (inum > o->inum) |
2234 |
+ p = p->rb_right; |
2235 |
+ else { |
2236 |
+- if (o->dnext) { |
2237 |
++ if (o->del) { |
2238 |
+ spin_unlock(&c->orphan_lock); |
2239 |
+ dbg_gen("deleted twice ino %lu", |
2240 |
+ (unsigned long)inum); |
2241 |
+ return; |
2242 |
+ } |
2243 |
+- if (o->cnext) { |
2244 |
++ if (o->cmt) { |
2245 |
++ o->del = 1; |
2246 |
+ o->dnext = c->orph_dnext; |
2247 |
+ c->orph_dnext = o; |
2248 |
+ spin_unlock(&c->orphan_lock); |
2249 |
+@@ -172,7 +173,9 @@ int ubifs_orphan_start_commit(struct ubifs_info *c) |
2250 |
+ last = &c->orph_cnext; |
2251 |
+ list_for_each_entry(orphan, &c->orph_new, new_list) { |
2252 |
+ ubifs_assert(orphan->new); |
2253 |
++ ubifs_assert(!orphan->cmt); |
2254 |
+ orphan->new = 0; |
2255 |
++ orphan->cmt = 1; |
2256 |
+ *last = orphan; |
2257 |
+ last = &orphan->cnext; |
2258 |
+ } |
2259 |
+@@ -299,7 +302,9 @@ static int write_orph_node(struct ubifs_info *c, int atomic) |
2260 |
+ cnext = c->orph_cnext; |
2261 |
+ for (i = 0; i < cnt; i++) { |
2262 |
+ orphan = cnext; |
2263 |
++ ubifs_assert(orphan->cmt); |
2264 |
+ orph->inos[i] = cpu_to_le64(orphan->inum); |
2265 |
++ orphan->cmt = 0; |
2266 |
+ cnext = orphan->cnext; |
2267 |
+ orphan->cnext = NULL; |
2268 |
+ } |
2269 |
+@@ -378,6 +383,7 @@ static int consolidate(struct ubifs_info *c) |
2270 |
+ list_for_each_entry(orphan, &c->orph_list, list) { |
2271 |
+ if (orphan->new) |
2272 |
+ continue; |
2273 |
++ orphan->cmt = 1; |
2274 |
+ *last = orphan; |
2275 |
+ last = &orphan->cnext; |
2276 |
+ cnt += 1; |
2277 |
+@@ -442,6 +448,7 @@ static void erase_deleted(struct ubifs_info *c) |
2278 |
+ orphan = dnext; |
2279 |
+ dnext = orphan->dnext; |
2280 |
+ ubifs_assert(!orphan->new); |
2281 |
++ ubifs_assert(orphan->del); |
2282 |
+ rb_erase(&orphan->rb, &c->orph_tree); |
2283 |
+ list_del(&orphan->list); |
2284 |
+ c->tot_orphans -= 1; |
2285 |
+@@ -531,6 +538,7 @@ static int insert_dead_orphan(struct ubifs_info *c, ino_t inum) |
2286 |
+ rb_link_node(&orphan->rb, parent, p); |
2287 |
+ rb_insert_color(&orphan->rb, &c->orph_tree); |
2288 |
+ list_add_tail(&orphan->list, &c->orph_list); |
2289 |
++ orphan->del = 1; |
2290 |
+ orphan->dnext = c->orph_dnext; |
2291 |
+ c->orph_dnext = orphan; |
2292 |
+ dbg_mnt("ino %lu, new %d, tot %d", (unsigned long)inum, |
2293 |
+diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h |
2294 |
+index d133c27..b2babce 100644 |
2295 |
+--- a/fs/ubifs/ubifs.h |
2296 |
++++ b/fs/ubifs/ubifs.h |
2297 |
+@@ -904,6 +904,8 @@ struct ubifs_budget_req { |
2298 |
+ * @dnext: next orphan to delete |
2299 |
+ * @inum: inode number |
2300 |
+ * @new: %1 => added since the last commit, otherwise %0 |
2301 |
++ * @cmt: %1 => commit pending, otherwise %0 |
2302 |
++ * @del: %1 => delete pending, otherwise %0 |
2303 |
+ */ |
2304 |
+ struct ubifs_orphan { |
2305 |
+ struct rb_node rb; |
2306 |
+@@ -912,7 +914,9 @@ struct ubifs_orphan { |
2307 |
+ struct ubifs_orphan *cnext; |
2308 |
+ struct ubifs_orphan *dnext; |
2309 |
+ ino_t inum; |
2310 |
+- int new; |
2311 |
++ unsigned new:1; |
2312 |
++ unsigned cmt:1; |
2313 |
++ unsigned del:1; |
2314 |
+ }; |
2315 |
+ |
2316 |
+ /** |
2317 |
+diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c |
2318 |
+index cdb2d33..572a858 100644 |
2319 |
+--- a/fs/xfs/xfs_bmap.c |
2320 |
++++ b/fs/xfs/xfs_bmap.c |
2321 |
+@@ -147,7 +147,10 @@ xfs_bmap_local_to_extents( |
2322 |
+ xfs_fsblock_t *firstblock, /* first block allocated in xaction */ |
2323 |
+ xfs_extlen_t total, /* total blocks needed by transaction */ |
2324 |
+ int *logflagsp, /* inode logging flags */ |
2325 |
+- int whichfork); /* data or attr fork */ |
2326 |
++ int whichfork, /* data or attr fork */ |
2327 |
++ void (*init_fn)(struct xfs_buf *bp, |
2328 |
++ struct xfs_inode *ip, |
2329 |
++ struct xfs_ifork *ifp)); |
2330 |
+ |
2331 |
+ /* |
2332 |
+ * Search the extents list for the inode, for the extent containing bno. |
2333 |
+@@ -357,7 +360,42 @@ xfs_bmap_add_attrfork_extents( |
2334 |
+ } |
2335 |
+ |
2336 |
+ /* |
2337 |
+- * Called from xfs_bmap_add_attrfork to handle local format files. |
2338 |
++ * Block initialisation functions for local to extent format conversion. |
2339 |
++ * As these get more complex, they will be moved to the relevant files, |
2340 |
++ * but for now they are too simple to worry about. |
2341 |
++ */ |
2342 |
++STATIC void |
2343 |
++xfs_bmap_local_to_extents_init_fn( |
2344 |
++ struct xfs_buf *bp, |
2345 |
++ struct xfs_inode *ip, |
2346 |
++ struct xfs_ifork *ifp) |
2347 |
++{ |
2348 |
++ bp->b_ops = &xfs_bmbt_buf_ops; |
2349 |
++ memcpy(bp->b_addr, ifp->if_u1.if_data, ifp->if_bytes); |
2350 |
++} |
2351 |
++ |
2352 |
++STATIC void |
2353 |
++xfs_symlink_local_to_remote( |
2354 |
++ struct xfs_buf *bp, |
2355 |
++ struct xfs_inode *ip, |
2356 |
++ struct xfs_ifork *ifp) |
2357 |
++{ |
2358 |
++ /* remote symlink blocks are not verifiable until CRCs come along */ |
2359 |
++ bp->b_ops = NULL; |
2360 |
++ memcpy(bp->b_addr, ifp->if_u1.if_data, ifp->if_bytes); |
2361 |
++} |
2362 |
++ |
2363 |
++/* |
2364 |
++ * Called from xfs_bmap_add_attrfork to handle local format files. Each |
2365 |
++ * different data fork content type needs a different callout to do the |
2366 |
++ * conversion. Some are basic and only require special block initialisation |
2367 |
++ * callouts for the data formating, others (directories) are so specialised they |
2368 |
++ * handle everything themselves. |
2369 |
++ * |
2370 |
++ * XXX (dgc): investigate whether directory conversion can use the generic |
2371 |
++ * formatting callout. It should be possible - it's just a very complex |
2372 |
++ * formatter. it would also require passing the transaction through to the init |
2373 |
++ * function. |
2374 |
+ */ |
2375 |
+ STATIC int /* error */ |
2376 |
+ xfs_bmap_add_attrfork_local( |
2377 |
+@@ -368,25 +406,29 @@ xfs_bmap_add_attrfork_local( |
2378 |
+ int *flags) /* inode logging flags */ |
2379 |
+ { |
2380 |
+ xfs_da_args_t dargs; /* args for dir/attr code */ |
2381 |
+- int error; /* error return value */ |
2382 |
+- xfs_mount_t *mp; /* mount structure pointer */ |
2383 |
+ |
2384 |
+ if (ip->i_df.if_bytes <= XFS_IFORK_DSIZE(ip)) |
2385 |
+ return 0; |
2386 |
++ |
2387 |
+ if (S_ISDIR(ip->i_d.di_mode)) { |
2388 |
+- mp = ip->i_mount; |
2389 |
+ memset(&dargs, 0, sizeof(dargs)); |
2390 |
+ dargs.dp = ip; |
2391 |
+ dargs.firstblock = firstblock; |
2392 |
+ dargs.flist = flist; |
2393 |
+- dargs.total = mp->m_dirblkfsbs; |
2394 |
++ dargs.total = ip->i_mount->m_dirblkfsbs; |
2395 |
+ dargs.whichfork = XFS_DATA_FORK; |
2396 |
+ dargs.trans = tp; |
2397 |
+- error = xfs_dir2_sf_to_block(&dargs); |
2398 |
+- } else |
2399 |
+- error = xfs_bmap_local_to_extents(tp, ip, firstblock, 1, flags, |
2400 |
+- XFS_DATA_FORK); |
2401 |
+- return error; |
2402 |
++ return xfs_dir2_sf_to_block(&dargs); |
2403 |
++ } |
2404 |
++ |
2405 |
++ if (S_ISLNK(ip->i_d.di_mode)) |
2406 |
++ return xfs_bmap_local_to_extents(tp, ip, firstblock, 1, |
2407 |
++ flags, XFS_DATA_FORK, |
2408 |
++ xfs_symlink_local_to_remote); |
2409 |
++ |
2410 |
++ return xfs_bmap_local_to_extents(tp, ip, firstblock, 1, flags, |
2411 |
++ XFS_DATA_FORK, |
2412 |
++ xfs_bmap_local_to_extents_init_fn); |
2413 |
+ } |
2414 |
+ |
2415 |
+ /* |
2416 |
+@@ -3221,7 +3263,10 @@ xfs_bmap_local_to_extents( |
2417 |
+ xfs_fsblock_t *firstblock, /* first block allocated in xaction */ |
2418 |
+ xfs_extlen_t total, /* total blocks needed by transaction */ |
2419 |
+ int *logflagsp, /* inode logging flags */ |
2420 |
+- int whichfork) /* data or attr fork */ |
2421 |
++ int whichfork, |
2422 |
++ void (*init_fn)(struct xfs_buf *bp, |
2423 |
++ struct xfs_inode *ip, |
2424 |
++ struct xfs_ifork *ifp)) |
2425 |
+ { |
2426 |
+ int error; /* error return value */ |
2427 |
+ int flags; /* logging flags returned */ |
2428 |
+@@ -3241,12 +3286,12 @@ xfs_bmap_local_to_extents( |
2429 |
+ xfs_buf_t *bp; /* buffer for extent block */ |
2430 |
+ xfs_bmbt_rec_host_t *ep;/* extent record pointer */ |
2431 |
+ |
2432 |
++ ASSERT((ifp->if_flags & |
2433 |
++ (XFS_IFINLINE|XFS_IFEXTENTS|XFS_IFEXTIREC)) == XFS_IFINLINE); |
2434 |
+ memset(&args, 0, sizeof(args)); |
2435 |
+ args.tp = tp; |
2436 |
+ args.mp = ip->i_mount; |
2437 |
+ args.firstblock = *firstblock; |
2438 |
+- ASSERT((ifp->if_flags & |
2439 |
+- (XFS_IFINLINE|XFS_IFEXTENTS|XFS_IFEXTIREC)) == XFS_IFINLINE); |
2440 |
+ /* |
2441 |
+ * Allocate a block. We know we need only one, since the |
2442 |
+ * file currently fits in an inode. |
2443 |
+@@ -3262,17 +3307,20 @@ xfs_bmap_local_to_extents( |
2444 |
+ args.mod = args.minleft = args.alignment = args.wasdel = |
2445 |
+ args.isfl = args.minalignslop = 0; |
2446 |
+ args.minlen = args.maxlen = args.prod = 1; |
2447 |
+- if ((error = xfs_alloc_vextent(&args))) |
2448 |
++ error = xfs_alloc_vextent(&args); |
2449 |
++ if (error) |
2450 |
+ goto done; |
2451 |
+- /* |
2452 |
+- * Can't fail, the space was reserved. |
2453 |
+- */ |
2454 |
++ |
2455 |
++ /* Can't fail, the space was reserved. */ |
2456 |
+ ASSERT(args.fsbno != NULLFSBLOCK); |
2457 |
+ ASSERT(args.len == 1); |
2458 |
+ *firstblock = args.fsbno; |
2459 |
+ bp = xfs_btree_get_bufl(args.mp, tp, args.fsbno, 0); |
2460 |
+- bp->b_ops = &xfs_bmbt_buf_ops; |
2461 |
+- memcpy(bp->b_addr, ifp->if_u1.if_data, ifp->if_bytes); |
2462 |
++ |
2463 |
++ /* initialise the block and copy the data */ |
2464 |
++ init_fn(bp, ip, ifp); |
2465 |
++ |
2466 |
++ /* account for the change in fork size and log everything */ |
2467 |
+ xfs_trans_log_buf(tp, bp, 0, ifp->if_bytes - 1); |
2468 |
+ xfs_bmap_forkoff_reset(args.mp, ip, whichfork); |
2469 |
+ xfs_idata_realloc(ip, -ifp->if_bytes, whichfork); |
2470 |
+@@ -4919,8 +4967,32 @@ xfs_bmapi_write( |
2471 |
+ XFS_STATS_INC(xs_blk_mapw); |
2472 |
+ |
2473 |
+ if (XFS_IFORK_FORMAT(ip, whichfork) == XFS_DINODE_FMT_LOCAL) { |
2474 |
++ /* |
2475 |
++ * XXX (dgc): This assumes we are only called for inodes that |
2476 |
++ * contain content neutral data in local format. Anything that |
2477 |
++ * contains caller-specific data in local format that needs |
2478 |
++ * transformation to move to a block format needs to do the |
2479 |
++ * conversion to extent format itself. |
2480 |
++ * |
2481 |
++ * Directory data forks and attribute forks handle this |
2482 |
++ * themselves, but with the addition of metadata verifiers every |
2483 |
++ * data fork in local format now contains caller specific data |
2484 |
++ * and as such conversion through this function is likely to be |
2485 |
++ * broken. |
2486 |
++ * |
2487 |
++ * The only likely user of this branch is for remote symlinks, |
2488 |
++ * but we cannot overwrite the data fork contents of the symlink |
2489 |
++ * (EEXIST occurs higher up the stack) and so it will never go |
2490 |
++ * from local format to extent format here. Hence I don't think |
2491 |
++ * this branch is ever executed intentionally and we should |
2492 |
++ * consider removing it and asserting that xfs_bmapi_write() |
2493 |
++ * cannot be called directly on local format forks. i.e. callers |
2494 |
++ * are completely responsible for local to extent format |
2495 |
++ * conversion, not xfs_bmapi_write(). |
2496 |
++ */ |
2497 |
+ error = xfs_bmap_local_to_extents(tp, ip, firstblock, total, |
2498 |
+- &bma.logflags, whichfork); |
2499 |
++ &bma.logflags, whichfork, |
2500 |
++ xfs_bmap_local_to_extents_init_fn); |
2501 |
+ if (error) |
2502 |
+ goto error0; |
2503 |
+ } |
2504 |
+diff --git a/include/linux/llist.h b/include/linux/llist.h |
2505 |
+index d0ab98f..a5199f6 100644 |
2506 |
+--- a/include/linux/llist.h |
2507 |
++++ b/include/linux/llist.h |
2508 |
+@@ -125,31 +125,6 @@ static inline void init_llist_head(struct llist_head *list) |
2509 |
+ (pos) = llist_entry((pos)->member.next, typeof(*(pos)), member)) |
2510 |
+ |
2511 |
+ /** |
2512 |
+- * llist_for_each_entry_safe - iterate safely against remove over some entries |
2513 |
+- * of lock-less list of given type. |
2514 |
+- * @pos: the type * to use as a loop cursor. |
2515 |
+- * @n: another type * to use as a temporary storage. |
2516 |
+- * @node: the fist entry of deleted list entries. |
2517 |
+- * @member: the name of the llist_node with the struct. |
2518 |
+- * |
2519 |
+- * In general, some entries of the lock-less list can be traversed |
2520 |
+- * safely only after being removed from list, so start with an entry |
2521 |
+- * instead of list head. This variant allows removal of entries |
2522 |
+- * as we iterate. |
2523 |
+- * |
2524 |
+- * If being used on entries deleted from lock-less list directly, the |
2525 |
+- * traverse order is from the newest to the oldest added entry. If |
2526 |
+- * you want to traverse from the oldest to the newest, you must |
2527 |
+- * reverse the order by yourself before traversing. |
2528 |
+- */ |
2529 |
+-#define llist_for_each_entry_safe(pos, n, node, member) \ |
2530 |
+- for ((pos) = llist_entry((node), typeof(*(pos)), member), \ |
2531 |
+- (n) = (pos)->member.next; \ |
2532 |
+- &(pos)->member != NULL; \ |
2533 |
+- (pos) = llist_entry(n, typeof(*(pos)), member), \ |
2534 |
+- (n) = (&(pos)->member != NULL) ? (pos)->member.next : NULL) |
2535 |
+- |
2536 |
+-/** |
2537 |
+ * llist_empty - tests whether a lock-less list is empty |
2538 |
+ * @head: the list to test |
2539 |
+ * |
2540 |
+diff --git a/include/linux/pstore.h b/include/linux/pstore.h |
2541 |
+index 1788909..75d0176 100644 |
2542 |
+--- a/include/linux/pstore.h |
2543 |
++++ b/include/linux/pstore.h |
2544 |
+@@ -68,12 +68,18 @@ struct pstore_info { |
2545 |
+ |
2546 |
+ #ifdef CONFIG_PSTORE |
2547 |
+ extern int pstore_register(struct pstore_info *); |
2548 |
++extern bool pstore_cannot_block_path(enum kmsg_dump_reason reason); |
2549 |
+ #else |
2550 |
+ static inline int |
2551 |
+ pstore_register(struct pstore_info *psi) |
2552 |
+ { |
2553 |
+ return -ENODEV; |
2554 |
+ } |
2555 |
++static inline bool |
2556 |
++pstore_cannot_block_path(enum kmsg_dump_reason reason) |
2557 |
++{ |
2558 |
++ return false; |
2559 |
++} |
2560 |
+ #endif |
2561 |
+ |
2562 |
+ #endif /*_LINUX_PSTORE_H*/ |
2563 |
+diff --git a/include/linux/quota.h b/include/linux/quota.h |
2564 |
+index 58fdef12..d133711 100644 |
2565 |
+--- a/include/linux/quota.h |
2566 |
++++ b/include/linux/quota.h |
2567 |
+@@ -405,6 +405,7 @@ struct quota_module_name { |
2568 |
+ #define INIT_QUOTA_MODULE_NAMES {\ |
2569 |
+ {QFMT_VFS_OLD, "quota_v1"},\ |
2570 |
+ {QFMT_VFS_V0, "quota_v2"},\ |
2571 |
++ {QFMT_VFS_V1, "quota_v2"},\ |
2572 |
+ {0, NULL}} |
2573 |
+ |
2574 |
+ #endif /* _QUOTA_ */ |
2575 |
+diff --git a/kernel/cgroup.c b/kernel/cgroup.c |
2576 |
+index 4855892..1e23664 100644 |
2577 |
+--- a/kernel/cgroup.c |
2578 |
++++ b/kernel/cgroup.c |
2579 |
+@@ -426,12 +426,20 @@ static void __put_css_set(struct css_set *cg, int taskexit) |
2580 |
+ struct cgroup *cgrp = link->cgrp; |
2581 |
+ list_del(&link->cg_link_list); |
2582 |
+ list_del(&link->cgrp_link_list); |
2583 |
++ |
2584 |
++ /* |
2585 |
++ * We may not be holding cgroup_mutex, and if cgrp->count is |
2586 |
++ * dropped to 0 the cgroup can be destroyed at any time, hence |
2587 |
++ * rcu_read_lock is used to keep it alive. |
2588 |
++ */ |
2589 |
++ rcu_read_lock(); |
2590 |
+ if (atomic_dec_and_test(&cgrp->count) && |
2591 |
+ notify_on_release(cgrp)) { |
2592 |
+ if (taskexit) |
2593 |
+ set_bit(CGRP_RELEASABLE, &cgrp->flags); |
2594 |
+ check_for_release(cgrp); |
2595 |
+ } |
2596 |
++ rcu_read_unlock(); |
2597 |
+ |
2598 |
+ kfree(link); |
2599 |
+ } |
2600 |
+diff --git a/kernel/cpuset.c b/kernel/cpuset.c |
2601 |
+index 7bb63ee..5bb9bf1 100644 |
2602 |
+--- a/kernel/cpuset.c |
2603 |
++++ b/kernel/cpuset.c |
2604 |
+@@ -2511,8 +2511,16 @@ void cpuset_print_task_mems_allowed(struct task_struct *tsk) |
2605 |
+ |
2606 |
+ dentry = task_cs(tsk)->css.cgroup->dentry; |
2607 |
+ spin_lock(&cpuset_buffer_lock); |
2608 |
+- snprintf(cpuset_name, CPUSET_NAME_LEN, |
2609 |
+- dentry ? (const char *)dentry->d_name.name : "/"); |
2610 |
++ |
2611 |
++ if (!dentry) { |
2612 |
++ strcpy(cpuset_name, "/"); |
2613 |
++ } else { |
2614 |
++ spin_lock(&dentry->d_lock); |
2615 |
++ strlcpy(cpuset_name, (const char *)dentry->d_name.name, |
2616 |
++ CPUSET_NAME_LEN); |
2617 |
++ spin_unlock(&dentry->d_lock); |
2618 |
++ } |
2619 |
++ |
2620 |
+ nodelist_scnprintf(cpuset_nodelist, CPUSET_NODELIST_LEN, |
2621 |
+ tsk->mems_allowed); |
2622 |
+ printk(KERN_INFO "%s cpuset=%s mems_allowed=%s\n", |
2623 |
+diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c |
2624 |
+index 69185ae..e885be1 100644 |
2625 |
+--- a/kernel/posix-timers.c |
2626 |
++++ b/kernel/posix-timers.c |
2627 |
+@@ -639,6 +639,13 @@ static struct k_itimer *__lock_timer(timer_t timer_id, unsigned long *flags) |
2628 |
+ { |
2629 |
+ struct k_itimer *timr; |
2630 |
+ |
2631 |
++ /* |
2632 |
++ * timer_t could be any type >= int and we want to make sure any |
2633 |
++ * @timer_id outside positive int range fails lookup. |
2634 |
++ */ |
2635 |
++ if ((unsigned long long)timer_id > INT_MAX) |
2636 |
++ return NULL; |
2637 |
++ |
2638 |
+ rcu_read_lock(); |
2639 |
+ timr = idr_find(&posix_timers_id, (int)timer_id); |
2640 |
+ if (timr) { |
2641 |
+diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c |
2642 |
+index 5a63844..0ddf3a0 100644 |
2643 |
+--- a/kernel/sysctl_binary.c |
2644 |
++++ b/kernel/sysctl_binary.c |
2645 |
+@@ -1194,9 +1194,10 @@ static ssize_t bin_dn_node_address(struct file *file, |
2646 |
+ |
2647 |
+ /* Convert the decnet address to binary */ |
2648 |
+ result = -EIO; |
2649 |
+- nodep = strchr(buf, '.') + 1; |
2650 |
++ nodep = strchr(buf, '.'); |
2651 |
+ if (!nodep) |
2652 |
+ goto out; |
2653 |
++ ++nodep; |
2654 |
+ |
2655 |
+ area = simple_strtoul(buf, NULL, 10); |
2656 |
+ node = simple_strtoul(nodep, NULL, 10); |
2657 |
+diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c |
2658 |
+index 41473b4..43defd1 100644 |
2659 |
+--- a/kernel/trace/ftrace.c |
2660 |
++++ b/kernel/trace/ftrace.c |
2661 |
+@@ -3970,37 +3970,51 @@ static void ftrace_init_module(struct module *mod, |
2662 |
+ ftrace_process_locs(mod, start, end); |
2663 |
+ } |
2664 |
+ |
2665 |
+-static int ftrace_module_notify(struct notifier_block *self, |
2666 |
+- unsigned long val, void *data) |
2667 |
++static int ftrace_module_notify_enter(struct notifier_block *self, |
2668 |
++ unsigned long val, void *data) |
2669 |
+ { |
2670 |
+ struct module *mod = data; |
2671 |
+ |
2672 |
+- switch (val) { |
2673 |
+- case MODULE_STATE_COMING: |
2674 |
++ if (val == MODULE_STATE_COMING) |
2675 |
+ ftrace_init_module(mod, mod->ftrace_callsites, |
2676 |
+ mod->ftrace_callsites + |
2677 |
+ mod->num_ftrace_callsites); |
2678 |
+- break; |
2679 |
+- case MODULE_STATE_GOING: |
2680 |
++ return 0; |
2681 |
++} |
2682 |
++ |
2683 |
++static int ftrace_module_notify_exit(struct notifier_block *self, |
2684 |
++ unsigned long val, void *data) |
2685 |
++{ |
2686 |
++ struct module *mod = data; |
2687 |
++ |
2688 |
++ if (val == MODULE_STATE_GOING) |
2689 |
+ ftrace_release_mod(mod); |
2690 |
+- break; |
2691 |
+- } |
2692 |
+ |
2693 |
+ return 0; |
2694 |
+ } |
2695 |
+ #else |
2696 |
+-static int ftrace_module_notify(struct notifier_block *self, |
2697 |
+- unsigned long val, void *data) |
2698 |
++static int ftrace_module_notify_enter(struct notifier_block *self, |
2699 |
++ unsigned long val, void *data) |
2700 |
++{ |
2701 |
++ return 0; |
2702 |
++} |
2703 |
++static int ftrace_module_notify_exit(struct notifier_block *self, |
2704 |
++ unsigned long val, void *data) |
2705 |
+ { |
2706 |
+ return 0; |
2707 |
+ } |
2708 |
+ #endif /* CONFIG_MODULES */ |
2709 |
+ |
2710 |
+-struct notifier_block ftrace_module_nb = { |
2711 |
+- .notifier_call = ftrace_module_notify, |
2712 |
++struct notifier_block ftrace_module_enter_nb = { |
2713 |
++ .notifier_call = ftrace_module_notify_enter, |
2714 |
+ .priority = INT_MAX, /* Run before anything that can use kprobes */ |
2715 |
+ }; |
2716 |
+ |
2717 |
++struct notifier_block ftrace_module_exit_nb = { |
2718 |
++ .notifier_call = ftrace_module_notify_exit, |
2719 |
++ .priority = INT_MIN, /* Run after anything that can remove kprobes */ |
2720 |
++}; |
2721 |
++ |
2722 |
+ extern unsigned long __start_mcount_loc[]; |
2723 |
+ extern unsigned long __stop_mcount_loc[]; |
2724 |
+ |
2725 |
+@@ -4032,9 +4046,13 @@ void __init ftrace_init(void) |
2726 |
+ __start_mcount_loc, |
2727 |
+ __stop_mcount_loc); |
2728 |
+ |
2729 |
+- ret = register_module_notifier(&ftrace_module_nb); |
2730 |
++ ret = register_module_notifier(&ftrace_module_enter_nb); |
2731 |
++ if (ret) |
2732 |
++ pr_warning("Failed to register trace ftrace module enter notifier\n"); |
2733 |
++ |
2734 |
++ ret = register_module_notifier(&ftrace_module_exit_nb); |
2735 |
+ if (ret) |
2736 |
+- pr_warning("Failed to register trace ftrace module notifier\n"); |
2737 |
++ pr_warning("Failed to register trace ftrace module exit notifier\n"); |
2738 |
+ |
2739 |
+ set_ftrace_early_filters(); |
2740 |
+ |
2741 |
+diff --git a/kernel/workqueue.c b/kernel/workqueue.c |
2742 |
+index 033ad5b..3a3a98f 100644 |
2743 |
+--- a/kernel/workqueue.c |
2744 |
++++ b/kernel/workqueue.c |
2745 |
+@@ -138,6 +138,7 @@ struct worker { |
2746 |
+ }; |
2747 |
+ |
2748 |
+ struct work_struct *current_work; /* L: work being processed */ |
2749 |
++ work_func_t current_func; /* L: current_work's fn */ |
2750 |
+ struct cpu_workqueue_struct *current_cwq; /* L: current_work's cwq */ |
2751 |
+ struct list_head scheduled; /* L: scheduled works */ |
2752 |
+ struct task_struct *task; /* I: worker task */ |
2753 |
+@@ -910,7 +911,8 @@ static struct worker *__find_worker_executing_work(struct global_cwq *gcwq, |
2754 |
+ struct hlist_node *tmp; |
2755 |
+ |
2756 |
+ hlist_for_each_entry(worker, tmp, bwh, hentry) |
2757 |
+- if (worker->current_work == work) |
2758 |
++ if (worker->current_work == work && |
2759 |
++ worker->current_func == work->func) |
2760 |
+ return worker; |
2761 |
+ return NULL; |
2762 |
+ } |
2763 |
+@@ -920,9 +922,27 @@ static struct worker *__find_worker_executing_work(struct global_cwq *gcwq, |
2764 |
+ * @gcwq: gcwq of interest |
2765 |
+ * @work: work to find worker for |
2766 |
+ * |
2767 |
+- * Find a worker which is executing @work on @gcwq. This function is |
2768 |
+- * identical to __find_worker_executing_work() except that this |
2769 |
+- * function calculates @bwh itself. |
2770 |
++ * Find a worker which is executing @work on @gcwq by searching |
2771 |
++ * @gcwq->busy_hash which is keyed by the address of @work. For a worker |
2772 |
++ * to match, its current execution should match the address of @work and |
2773 |
++ * its work function. This is to avoid unwanted dependency between |
2774 |
++ * unrelated work executions through a work item being recycled while still |
2775 |
++ * being executed. |
2776 |
++ * |
2777 |
++ * This is a bit tricky. A work item may be freed once its execution |
2778 |
++ * starts and nothing prevents the freed area from being recycled for |
2779 |
++ * another work item. If the same work item address ends up being reused |
2780 |
++ * before the original execution finishes, workqueue will identify the |
2781 |
++ * recycled work item as currently executing and make it wait until the |
2782 |
++ * current execution finishes, introducing an unwanted dependency. |
2783 |
++ * |
2784 |
++ * This function checks the work item address, work function and workqueue |
2785 |
++ * to avoid false positives. Note that this isn't complete as one may |
2786 |
++ * construct a work function which can introduce dependency onto itself |
2787 |
++ * through a recycled work item. Well, if somebody wants to shoot oneself |
2788 |
++ * in the foot that badly, there's only so much we can do, and if such |
2789 |
++ * deadlock actually occurs, it should be easy to locate the culprit work |
2790 |
++ * function. |
2791 |
+ * |
2792 |
+ * CONTEXT: |
2793 |
+ * spin_lock_irq(gcwq->lock). |
2794 |
+@@ -2168,7 +2188,6 @@ __acquires(&gcwq->lock) |
2795 |
+ struct global_cwq *gcwq = pool->gcwq; |
2796 |
+ struct hlist_head *bwh = busy_worker_head(gcwq, work); |
2797 |
+ bool cpu_intensive = cwq->wq->flags & WQ_CPU_INTENSIVE; |
2798 |
+- work_func_t f = work->func; |
2799 |
+ int work_color; |
2800 |
+ struct worker *collision; |
2801 |
+ #ifdef CONFIG_LOCKDEP |
2802 |
+@@ -2208,6 +2227,7 @@ __acquires(&gcwq->lock) |
2803 |
+ debug_work_deactivate(work); |
2804 |
+ hlist_add_head(&worker->hentry, bwh); |
2805 |
+ worker->current_work = work; |
2806 |
++ worker->current_func = work->func; |
2807 |
+ worker->current_cwq = cwq; |
2808 |
+ work_color = get_work_color(work); |
2809 |
+ |
2810 |
+@@ -2240,7 +2260,7 @@ __acquires(&gcwq->lock) |
2811 |
+ lock_map_acquire_read(&cwq->wq->lockdep_map); |
2812 |
+ lock_map_acquire(&lockdep_map); |
2813 |
+ trace_workqueue_execute_start(work); |
2814 |
+- f(work); |
2815 |
++ worker->current_func(work); |
2816 |
+ /* |
2817 |
+ * While we must be careful to not use "work" after this, the trace |
2818 |
+ * point will only record its address. |
2819 |
+@@ -2252,7 +2272,8 @@ __acquires(&gcwq->lock) |
2820 |
+ if (unlikely(in_atomic() || lockdep_depth(current) > 0)) { |
2821 |
+ pr_err("BUG: workqueue leaked lock or atomic: %s/0x%08x/%d\n" |
2822 |
+ " last function: %pf\n", |
2823 |
+- current->comm, preempt_count(), task_pid_nr(current), f); |
2824 |
++ current->comm, preempt_count(), task_pid_nr(current), |
2825 |
++ worker->current_func); |
2826 |
+ debug_show_held_locks(current); |
2827 |
+ dump_stack(); |
2828 |
+ } |
2829 |
+@@ -2266,6 +2287,7 @@ __acquires(&gcwq->lock) |
2830 |
+ /* we're done with it, release */ |
2831 |
+ hlist_del_init(&worker->hentry); |
2832 |
+ worker->current_work = NULL; |
2833 |
++ worker->current_func = NULL; |
2834 |
+ worker->current_cwq = NULL; |
2835 |
+ cwq_dec_nr_in_flight(cwq, work_color); |
2836 |
+ } |
2837 |
+diff --git a/lib/idr.c b/lib/idr.c |
2838 |
+index 6482390..ca5aa00 100644 |
2839 |
+--- a/lib/idr.c |
2840 |
++++ b/lib/idr.c |
2841 |
+@@ -625,7 +625,14 @@ void *idr_get_next(struct idr *idp, int *nextidp) |
2842 |
+ return p; |
2843 |
+ } |
2844 |
+ |
2845 |
+- id += 1 << n; |
2846 |
++ /* |
2847 |
++ * Proceed to the next layer at the current level. Unlike |
2848 |
++ * idr_for_each(), @id isn't guaranteed to be aligned to |
2849 |
++ * layer boundary at this point and adding 1 << n may |
2850 |
++ * incorrectly skip IDs. Make sure we jump to the |
2851 |
++ * beginning of the next layer using round_up(). |
2852 |
++ */ |
2853 |
++ id = round_up(id + 1, 1 << n); |
2854 |
+ while (n < fls(id)) { |
2855 |
+ n += IDR_BITS; |
2856 |
+ p = *--paa; |
2857 |
+diff --git a/mm/mmap.c b/mm/mmap.c |
2858 |
+index d1e4124..8832b87 100644 |
2859 |
+--- a/mm/mmap.c |
2860 |
++++ b/mm/mmap.c |
2861 |
+@@ -2169,9 +2169,28 @@ int expand_downwards(struct vm_area_struct *vma, |
2862 |
+ return error; |
2863 |
+ } |
2864 |
+ |
2865 |
++/* |
2866 |
++ * Note how expand_stack() refuses to expand the stack all the way to |
2867 |
++ * abut the next virtual mapping, *unless* that mapping itself is also |
2868 |
++ * a stack mapping. We want to leave room for a guard page, after all |
2869 |
++ * (the guard page itself is not added here, that is done by the |
2870 |
++ * actual page faulting logic) |
2871 |
++ * |
2872 |
++ * This matches the behavior of the guard page logic (see mm/memory.c: |
2873 |
++ * check_stack_guard_page()), which only allows the guard page to be |
2874 |
++ * removed under these circumstances. |
2875 |
++ */ |
2876 |
+ #ifdef CONFIG_STACK_GROWSUP |
2877 |
+ int expand_stack(struct vm_area_struct *vma, unsigned long address) |
2878 |
+ { |
2879 |
++ struct vm_area_struct *next; |
2880 |
++ |
2881 |
++ address &= PAGE_MASK; |
2882 |
++ next = vma->vm_next; |
2883 |
++ if (next && next->vm_start == address + PAGE_SIZE) { |
2884 |
++ if (!(next->vm_flags & VM_GROWSUP)) |
2885 |
++ return -ENOMEM; |
2886 |
++ } |
2887 |
+ return expand_upwards(vma, address); |
2888 |
+ } |
2889 |
+ |
2890 |
+@@ -2194,6 +2213,14 @@ find_extend_vma(struct mm_struct *mm, unsigned long addr) |
2891 |
+ #else |
2892 |
+ int expand_stack(struct vm_area_struct *vma, unsigned long address) |
2893 |
+ { |
2894 |
++ struct vm_area_struct *prev; |
2895 |
++ |
2896 |
++ address &= PAGE_MASK; |
2897 |
++ prev = vma->vm_prev; |
2898 |
++ if (prev && prev->vm_end == address) { |
2899 |
++ if (!(prev->vm_flags & VM_GROWSDOWN)) |
2900 |
++ return -ENOMEM; |
2901 |
++ } |
2902 |
+ return expand_downwards(vma, address); |
2903 |
+ } |
2904 |
+ |
2905 |
+diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c |
2906 |
+index dbf12ac..2d34b6b 100644 |
2907 |
+--- a/net/sunrpc/svc.c |
2908 |
++++ b/net/sunrpc/svc.c |
2909 |
+@@ -515,15 +515,6 @@ EXPORT_SYMBOL_GPL(svc_create_pooled); |
2910 |
+ |
2911 |
+ void svc_shutdown_net(struct svc_serv *serv, struct net *net) |
2912 |
+ { |
2913 |
+- /* |
2914 |
+- * The set of xprts (contained in the sv_tempsocks and |
2915 |
+- * sv_permsocks lists) is now constant, since it is modified |
2916 |
+- * only by accepting new sockets (done by service threads in |
2917 |
+- * svc_recv) or aging old ones (done by sv_temptimer), or |
2918 |
+- * configuration changes (excluded by whatever locking the |
2919 |
+- * caller is using--nfsd_mutex in the case of nfsd). So it's |
2920 |
+- * safe to traverse those lists and shut everything down: |
2921 |
+- */ |
2922 |
+ svc_close_net(serv, net); |
2923 |
+ |
2924 |
+ if (serv->sv_shutdown) |
2925 |
+diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c |
2926 |
+index b8e47fa..ca71056 100644 |
2927 |
+--- a/net/sunrpc/svc_xprt.c |
2928 |
++++ b/net/sunrpc/svc_xprt.c |
2929 |
+@@ -856,7 +856,6 @@ static void svc_age_temp_xprts(unsigned long closure) |
2930 |
+ struct svc_serv *serv = (struct svc_serv *)closure; |
2931 |
+ struct svc_xprt *xprt; |
2932 |
+ struct list_head *le, *next; |
2933 |
+- LIST_HEAD(to_be_aged); |
2934 |
+ |
2935 |
+ dprintk("svc_age_temp_xprts\n"); |
2936 |
+ |
2937 |
+@@ -877,25 +876,15 @@ static void svc_age_temp_xprts(unsigned long closure) |
2938 |
+ if (atomic_read(&xprt->xpt_ref.refcount) > 1 || |
2939 |
+ test_bit(XPT_BUSY, &xprt->xpt_flags)) |
2940 |
+ continue; |
2941 |
+- svc_xprt_get(xprt); |
2942 |
+- list_move(le, &to_be_aged); |
2943 |
++ list_del_init(le); |
2944 |
+ set_bit(XPT_CLOSE, &xprt->xpt_flags); |
2945 |
+ set_bit(XPT_DETACHED, &xprt->xpt_flags); |
2946 |
+- } |
2947 |
+- spin_unlock_bh(&serv->sv_lock); |
2948 |
+- |
2949 |
+- while (!list_empty(&to_be_aged)) { |
2950 |
+- le = to_be_aged.next; |
2951 |
+- /* fiddling the xpt_list node is safe 'cos we're XPT_DETACHED */ |
2952 |
+- list_del_init(le); |
2953 |
+- xprt = list_entry(le, struct svc_xprt, xpt_list); |
2954 |
+- |
2955 |
+ dprintk("queuing xprt %p for closing\n", xprt); |
2956 |
+ |
2957 |
+ /* a thread will dequeue and close it soon */ |
2958 |
+ svc_xprt_enqueue(xprt); |
2959 |
+- svc_xprt_put(xprt); |
2960 |
+ } |
2961 |
++ spin_unlock_bh(&serv->sv_lock); |
2962 |
+ |
2963 |
+ mod_timer(&serv->sv_temptimer, jiffies + svc_conn_age_period * HZ); |
2964 |
+ } |
2965 |
+@@ -959,21 +948,24 @@ void svc_close_xprt(struct svc_xprt *xprt) |
2966 |
+ } |
2967 |
+ EXPORT_SYMBOL_GPL(svc_close_xprt); |
2968 |
+ |
2969 |
+-static void svc_close_list(struct svc_serv *serv, struct list_head *xprt_list, struct net *net) |
2970 |
++static int svc_close_list(struct svc_serv *serv, struct list_head *xprt_list, struct net *net) |
2971 |
+ { |
2972 |
+ struct svc_xprt *xprt; |
2973 |
++ int ret = 0; |
2974 |
+ |
2975 |
+ spin_lock(&serv->sv_lock); |
2976 |
+ list_for_each_entry(xprt, xprt_list, xpt_list) { |
2977 |
+ if (xprt->xpt_net != net) |
2978 |
+ continue; |
2979 |
++ ret++; |
2980 |
+ set_bit(XPT_CLOSE, &xprt->xpt_flags); |
2981 |
+- set_bit(XPT_BUSY, &xprt->xpt_flags); |
2982 |
++ svc_xprt_enqueue(xprt); |
2983 |
+ } |
2984 |
+ spin_unlock(&serv->sv_lock); |
2985 |
++ return ret; |
2986 |
+ } |
2987 |
+ |
2988 |
+-static void svc_clear_pools(struct svc_serv *serv, struct net *net) |
2989 |
++static struct svc_xprt *svc_dequeue_net(struct svc_serv *serv, struct net *net) |
2990 |
+ { |
2991 |
+ struct svc_pool *pool; |
2992 |
+ struct svc_xprt *xprt; |
2993 |
+@@ -988,42 +980,46 @@ static void svc_clear_pools(struct svc_serv *serv, struct net *net) |
2994 |
+ if (xprt->xpt_net != net) |
2995 |
+ continue; |
2996 |
+ list_del_init(&xprt->xpt_ready); |
2997 |
++ spin_unlock_bh(&pool->sp_lock); |
2998 |
++ return xprt; |
2999 |
+ } |
3000 |
+ spin_unlock_bh(&pool->sp_lock); |
3001 |
+ } |
3002 |
++ return NULL; |
3003 |
+ } |
3004 |
+ |
3005 |
+-static void svc_clear_list(struct svc_serv *serv, struct list_head *xprt_list, struct net *net) |
3006 |
++static void svc_clean_up_xprts(struct svc_serv *serv, struct net *net) |
3007 |
+ { |
3008 |
+ struct svc_xprt *xprt; |
3009 |
+- struct svc_xprt *tmp; |
3010 |
+- LIST_HEAD(victims); |
3011 |
+- |
3012 |
+- spin_lock(&serv->sv_lock); |
3013 |
+- list_for_each_entry_safe(xprt, tmp, xprt_list, xpt_list) { |
3014 |
+- if (xprt->xpt_net != net) |
3015 |
+- continue; |
3016 |
+- list_move(&xprt->xpt_list, &victims); |
3017 |
+- } |
3018 |
+- spin_unlock(&serv->sv_lock); |
3019 |
+ |
3020 |
+- list_for_each_entry_safe(xprt, tmp, &victims, xpt_list) |
3021 |
++ while ((xprt = svc_dequeue_net(serv, net))) { |
3022 |
++ set_bit(XPT_CLOSE, &xprt->xpt_flags); |
3023 |
+ svc_delete_xprt(xprt); |
3024 |
++ } |
3025 |
+ } |
3026 |
+ |
3027 |
++/* |
3028 |
++ * Server threads may still be running (especially in the case where the |
3029 |
++ * service is still running in other network namespaces). |
3030 |
++ * |
3031 |
++ * So we shut down sockets the same way we would on a running server, by |
3032 |
++ * setting XPT_CLOSE, enqueuing, and letting a thread pick it up to do |
3033 |
++ * the close. In the case there are no such other threads, |
3034 |
++ * threads running, svc_clean_up_xprts() does a simple version of a |
3035 |
++ * server's main event loop, and in the case where there are other |
3036 |
++ * threads, we may need to wait a little while and then check again to |
3037 |
++ * see if they're done. |
3038 |
++ */ |
3039 |
+ void svc_close_net(struct svc_serv *serv, struct net *net) |
3040 |
+ { |
3041 |
+- svc_close_list(serv, &serv->sv_tempsocks, net); |
3042 |
+- svc_close_list(serv, &serv->sv_permsocks, net); |
3043 |
++ int delay = 0; |
3044 |
+ |
3045 |
+- svc_clear_pools(serv, net); |
3046 |
+- /* |
3047 |
+- * At this point the sp_sockets lists will stay empty, since |
3048 |
+- * svc_xprt_enqueue will not add new entries without taking the |
3049 |
+- * sp_lock and checking XPT_BUSY. |
3050 |
+- */ |
3051 |
+- svc_clear_list(serv, &serv->sv_tempsocks, net); |
3052 |
+- svc_clear_list(serv, &serv->sv_permsocks, net); |
3053 |
++ while (svc_close_list(serv, &serv->sv_permsocks, net) + |
3054 |
++ svc_close_list(serv, &serv->sv_tempsocks, net)) { |
3055 |
++ |
3056 |
++ svc_clean_up_xprts(serv, net); |
3057 |
++ msleep(delay++); |
3058 |
++ } |
3059 |
+ } |
3060 |
+ |
3061 |
+ /* |
3062 |
+diff --git a/sound/pci/bt87x.c b/sound/pci/bt87x.c |
3063 |
+index cdd100d..9febe55 100644 |
3064 |
+--- a/sound/pci/bt87x.c |
3065 |
++++ b/sound/pci/bt87x.c |
3066 |
+@@ -836,6 +836,8 @@ static struct { |
3067 |
+ {0x7063, 0x2000}, /* pcHDTV HD-2000 TV */ |
3068 |
+ }; |
3069 |
+ |
3070 |
++static struct pci_driver driver; |
3071 |
++ |
3072 |
+ /* return the id of the card, or a negative value if it's blacklisted */ |
3073 |
+ static int snd_bt87x_detect_card(struct pci_dev *pci) |
3074 |
+ { |
3075 |
+@@ -962,11 +964,24 @@ static DEFINE_PCI_DEVICE_TABLE(snd_bt87x_default_ids) = { |
3076 |
+ { } |
3077 |
+ }; |
3078 |
+ |
3079 |
+-static struct pci_driver bt87x_driver = { |
3080 |
++static struct pci_driver driver = { |
3081 |
+ .name = KBUILD_MODNAME, |
3082 |
+ .id_table = snd_bt87x_ids, |
3083 |
+ .probe = snd_bt87x_probe, |
3084 |
+ .remove = snd_bt87x_remove, |
3085 |
+ }; |
3086 |
+ |
3087 |
+-module_pci_driver(bt87x_driver); |
3088 |
++static int __init alsa_card_bt87x_init(void) |
3089 |
++{ |
3090 |
++ if (load_all) |
3091 |
++ driver.id_table = snd_bt87x_default_ids; |
3092 |
++ return pci_register_driver(&driver); |
3093 |
++} |
3094 |
++ |
3095 |
++static void __exit alsa_card_bt87x_exit(void) |
3096 |
++{ |
3097 |
++ pci_unregister_driver(&driver); |
3098 |
++} |
3099 |
++ |
3100 |
++module_init(alsa_card_bt87x_init) |
3101 |
++module_exit(alsa_card_bt87x_exit) |
3102 |
+diff --git a/sound/pci/emu10k1/emu10k1_main.c b/sound/pci/emu10k1/emu10k1_main.c |
3103 |
+index a7c296a..e6b0166 100644 |
3104 |
+--- a/sound/pci/emu10k1/emu10k1_main.c |
3105 |
++++ b/sound/pci/emu10k1/emu10k1_main.c |
3106 |
+@@ -862,6 +862,12 @@ static int snd_emu10k1_emu1010_init(struct snd_emu10k1 *emu) |
3107 |
+ filename, emu->firmware->size); |
3108 |
+ } |
3109 |
+ |
3110 |
++ err = snd_emu1010_load_firmware(emu); |
3111 |
++ if (err != 0) { |
3112 |
++ snd_printk(KERN_INFO "emu1010: Loading Firmware failed\n"); |
3113 |
++ return err; |
3114 |
++ } |
3115 |
++ |
3116 |
+ /* ID, should read & 0x7f = 0x55 when FPGA programmed. */ |
3117 |
+ snd_emu1010_fpga_read(emu, EMU_HANA_ID, ®); |
3118 |
+ if ((reg & 0x3f) != 0x15) { |
3119 |
+diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c |
3120 |
+index b14813d..c690b2a 100644 |
3121 |
+--- a/sound/pci/hda/patch_hdmi.c |
3122 |
++++ b/sound/pci/hda/patch_hdmi.c |
3123 |
+@@ -1573,6 +1573,9 @@ static int generic_hdmi_build_jack(struct hda_codec *codec, int pin_idx) |
3124 |
+ |
3125 |
+ if (pcmdev > 0) |
3126 |
+ sprintf(hdmi_str + strlen(hdmi_str), ",pcm=%d", pcmdev); |
3127 |
++ if (!is_jack_detectable(codec, per_pin->pin_nid)) |
3128 |
++ strncat(hdmi_str, " Phantom", |
3129 |
++ sizeof(hdmi_str) - strlen(hdmi_str) - 1); |
3130 |
+ |
3131 |
+ return snd_hda_jack_add_kctl(codec, per_pin->pin_nid, hdmi_str, 0); |
3132 |
+ } |
3133 |
|
3134 |
diff --git a/3.8.2/4420_grsecurity-2.9.1-3.8.1-201303012255.patch b/3.8.2/4420_grsecurity-2.9.1-3.8.2-201303041742.patch |
3135 |
similarity index 99% |
3136 |
rename from 3.8.2/4420_grsecurity-2.9.1-3.8.1-201303012255.patch |
3137 |
rename to 3.8.2/4420_grsecurity-2.9.1-3.8.2-201303041742.patch |
3138 |
index b69296b..c57c85d 100644 |
3139 |
--- a/3.8.2/4420_grsecurity-2.9.1-3.8.1-201303012255.patch |
3140 |
+++ b/3.8.2/4420_grsecurity-2.9.1-3.8.2-201303041742.patch |
3141 |
@@ -223,10 +223,10 @@ index b89a739..dba90c5 100644 |
3142 |
+zconf.lex.c |
3143 |
zoffset.h |
3144 |
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt |
3145 |
-index 6c72381..2fe9ae4 100644 |
3146 |
+index 986614d..0afd461 100644 |
3147 |
--- a/Documentation/kernel-parameters.txt |
3148 |
+++ b/Documentation/kernel-parameters.txt |
3149 |
-@@ -917,6 +917,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. |
3150 |
+@@ -922,6 +922,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. |
3151 |
Format: <unsigned int> such that (rxsize & ~0x1fffc0) == 0. |
3152 |
Default: 1024 |
3153 |
|
3154 |
@@ -237,7 +237,7 @@ index 6c72381..2fe9ae4 100644 |
3155 |
hashdist= [KNL,NUMA] Large hashes allocated during boot |
3156 |
are distributed across NUMA nodes. Defaults on |
3157 |
for 64-bit NUMA, off otherwise. |
3158 |
-@@ -2116,6 +2120,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. |
3159 |
+@@ -2121,6 +2125,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. |
3160 |
the specified number of seconds. This is to be used if |
3161 |
your oopses keep scrolling off the screen. |
3162 |
|
3163 |
@@ -252,7 +252,7 @@ index 6c72381..2fe9ae4 100644 |
3164 |
|
3165 |
pcd. [PARIDE] |
3166 |
diff --git a/Makefile b/Makefile |
3167 |
-index 746c856..c014cfa 100644 |
3168 |
+index 20d5318..19c7540 100644 |
3169 |
--- a/Makefile |
3170 |
+++ b/Makefile |
3171 |
@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ |
3172 |
@@ -2307,20 +2307,22 @@ index 96ee092..37f1844 100644 |
3173 |
#define PSR_ENDIAN_MASK 0x00000200 /* Endianness state mask */ |
3174 |
|
3175 |
diff --git a/arch/arm/kernel/armksyms.c b/arch/arm/kernel/armksyms.c |
3176 |
-index 60d3b73..9168db0 100644 |
3177 |
+index 60d3b73..d27ee09 100644 |
3178 |
--- a/arch/arm/kernel/armksyms.c |
3179 |
+++ b/arch/arm/kernel/armksyms.c |
3180 |
-@@ -89,8 +89,8 @@ EXPORT_SYMBOL(__memzero); |
3181 |
+@@ -89,9 +89,9 @@ EXPORT_SYMBOL(__memzero); |
3182 |
#ifdef CONFIG_MMU |
3183 |
EXPORT_SYMBOL(copy_page); |
3184 |
|
3185 |
-EXPORT_SYMBOL(__copy_from_user); |
3186 |
-EXPORT_SYMBOL(__copy_to_user); |
3187 |
+-EXPORT_SYMBOL(__clear_user); |
3188 |
+EXPORT_SYMBOL(___copy_from_user); |
3189 |
+EXPORT_SYMBOL(___copy_to_user); |
3190 |
- EXPORT_SYMBOL(__clear_user); |
3191 |
++EXPORT_SYMBOL(___clear_user); |
3192 |
|
3193 |
EXPORT_SYMBOL(__get_user_1); |
3194 |
+ EXPORT_SYMBOL(__get_user_2); |
3195 |
diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S |
3196 |
index 0f82098..3dbd3ee 100644 |
3197 |
--- a/arch/arm/kernel/entry-armv.S |
3198 |
@@ -3267,6 +3269,30 @@ index 4653efb..8c60bf7 100644 |
3199 |
|
3200 |
/* omap_hwmod_list contains all registered struct omap_hwmods */ |
3201 |
static LIST_HEAD(omap_hwmod_list); |
3202 |
+diff --git a/arch/arm/mach-omap2/wd_timer.c b/arch/arm/mach-omap2/wd_timer.c |
3203 |
+index 7c2b4ed..b2ea51f 100644 |
3204 |
+--- a/arch/arm/mach-omap2/wd_timer.c |
3205 |
++++ b/arch/arm/mach-omap2/wd_timer.c |
3206 |
+@@ -110,7 +110,9 @@ static int __init omap_init_wdt(void) |
3207 |
+ struct omap_hwmod *oh; |
3208 |
+ char *oh_name = "wd_timer2"; |
3209 |
+ char *dev_name = "omap_wdt"; |
3210 |
+- struct omap_wd_timer_platform_data pdata; |
3211 |
++ static struct omap_wd_timer_platform_data pdata = { |
3212 |
++ .read_reset_sources = prm_read_reset_sources |
3213 |
++ }; |
3214 |
+ |
3215 |
+ if (!cpu_class_is_omap2() || of_have_populated_dt()) |
3216 |
+ return 0; |
3217 |
+@@ -121,8 +123,6 @@ static int __init omap_init_wdt(void) |
3218 |
+ return -EINVAL; |
3219 |
+ } |
3220 |
+ |
3221 |
+- pdata.read_reset_sources = prm_read_reset_sources; |
3222 |
+- |
3223 |
+ pdev = omap_device_build(dev_name, id, oh, &pdata, |
3224 |
+ sizeof(struct omap_wd_timer_platform_data), |
3225 |
+ NULL, 0, 0); |
3226 |
diff --git a/arch/arm/mach-ux500/include/mach/setup.h b/arch/arm/mach-ux500/include/mach/setup.h |
3227 |
index 6be4c4d..32ac32a 100644 |
3228 |
--- a/arch/arm/mach-ux500/include/mach/setup.h |
3229 |
@@ -10070,10 +10096,10 @@ index 8a84501..b2d165f 100644 |
3230 |
KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ |
3231 |
GCOV_PROFILE := n |
3232 |
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c |
3233 |
-index f8fa411..c570c53 100644 |
3234 |
+index c205035..5853587 100644 |
3235 |
--- a/arch/x86/boot/compressed/eboot.c |
3236 |
+++ b/arch/x86/boot/compressed/eboot.c |
3237 |
-@@ -145,7 +145,6 @@ again: |
3238 |
+@@ -150,7 +150,6 @@ again: |
3239 |
*addr = max_addr; |
3240 |
} |
3241 |
|
3242 |
@@ -10081,7 +10107,7 @@ index f8fa411..c570c53 100644 |
3243 |
efi_call_phys1(sys_table->boottime->free_pool, map); |
3244 |
|
3245 |
fail: |
3246 |
-@@ -209,7 +208,6 @@ static efi_status_t low_alloc(unsigned long size, unsigned long align, |
3247 |
+@@ -214,7 +213,6 @@ static efi_status_t low_alloc(unsigned long size, unsigned long align, |
3248 |
if (i == map_size / desc_size) |
3249 |
status = EFI_NOT_FOUND; |
3250 |
|
3251 |
@@ -16204,18 +16230,9 @@ index ef5ccca..bd83949 100644 |
3252 |
} |
3253 |
|
3254 |
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c |
3255 |
-index b994cc8..812b537 100644 |
3256 |
+index cbf5121..812b537 100644 |
3257 |
--- a/arch/x86/kernel/apic/apic.c |
3258 |
+++ b/arch/x86/kernel/apic/apic.c |
3259 |
-@@ -131,7 +131,7 @@ static int __init parse_lapic(char *arg) |
3260 |
- { |
3261 |
- if (config_enabled(CONFIG_X86_32) && !arg) |
3262 |
- force_enable_local_apic = 1; |
3263 |
-- else if (!strncmp(arg, "notscdeadline", 13)) |
3264 |
-+ else if (arg && !strncmp(arg, "notscdeadline", 13)) |
3265 |
- setup_clear_cpu_cap(X86_FEATURE_TSC_DEADLINE_TIMER); |
3266 |
- return 0; |
3267 |
- } |
3268 |
@@ -189,7 +189,7 @@ int first_system_vector = 0xfe; |
3269 |
/* |
3270 |
* Debug level, exported for io_apic.c |
3271 |
@@ -19375,91 +19392,6 @@ index 1d41402..af9a46a 100644 |
3272 |
if (probe_kernel_read(code, (void *)ip, MCOUNT_INSN_SIZE)) |
3273 |
return -EFAULT; |
3274 |
|
3275 |
-diff --git a/arch/x86/kernel/head.c b/arch/x86/kernel/head.c |
3276 |
-index 48d9d4e..992f442 100644 |
3277 |
---- a/arch/x86/kernel/head.c |
3278 |
-+++ b/arch/x86/kernel/head.c |
3279 |
-@@ -5,8 +5,6 @@ |
3280 |
- #include <asm/setup.h> |
3281 |
- #include <asm/bios_ebda.h> |
3282 |
- |
3283 |
--#define BIOS_LOWMEM_KILOBYTES 0x413 |
3284 |
-- |
3285 |
- /* |
3286 |
- * The BIOS places the EBDA/XBDA at the top of conventional |
3287 |
- * memory, and usually decreases the reported amount of |
3288 |
-@@ -16,17 +14,30 @@ |
3289 |
- * chipset: reserve a page before VGA to prevent PCI prefetch |
3290 |
- * into it (errata #56). Usually the page is reserved anyways, |
3291 |
- * unless you have no PS/2 mouse plugged in. |
3292 |
-+ * |
3293 |
-+ * This functions is deliberately very conservative. Losing |
3294 |
-+ * memory in the bottom megabyte is rarely a problem, as long |
3295 |
-+ * as we have enough memory to install the trampoline. Using |
3296 |
-+ * memory that is in use by the BIOS or by some DMA device |
3297 |
-+ * the BIOS didn't shut down *is* a big problem. |
3298 |
- */ |
3299 |
-+ |
3300 |
-+#define BIOS_LOWMEM_KILOBYTES 0x413 |
3301 |
-+#define LOWMEM_CAP 0x9f000U /* Absolute maximum */ |
3302 |
-+#define INSANE_CUTOFF 0x20000U /* Less than this = insane */ |
3303 |
-+ |
3304 |
- void __init reserve_ebda_region(void) |
3305 |
- { |
3306 |
- unsigned int lowmem, ebda_addr; |
3307 |
- |
3308 |
-- /* To determine the position of the EBDA and the */ |
3309 |
-- /* end of conventional memory, we need to look at */ |
3310 |
-- /* the BIOS data area. In a paravirtual environment */ |
3311 |
-- /* that area is absent. We'll just have to assume */ |
3312 |
-- /* that the paravirt case can handle memory setup */ |
3313 |
-- /* correctly, without our help. */ |
3314 |
-+ /* |
3315 |
-+ * To determine the position of the EBDA and the |
3316 |
-+ * end of conventional memory, we need to look at |
3317 |
-+ * the BIOS data area. In a paravirtual environment |
3318 |
-+ * that area is absent. We'll just have to assume |
3319 |
-+ * that the paravirt case can handle memory setup |
3320 |
-+ * correctly, without our help. |
3321 |
-+ */ |
3322 |
- if (paravirt_enabled()) |
3323 |
- return; |
3324 |
- |
3325 |
-@@ -37,19 +48,23 @@ void __init reserve_ebda_region(void) |
3326 |
- /* start of EBDA area */ |
3327 |
- ebda_addr = get_bios_ebda(); |
3328 |
- |
3329 |
-- /* Fixup: bios puts an EBDA in the top 64K segment */ |
3330 |
-- /* of conventional memory, but does not adjust lowmem. */ |
3331 |
-- if ((lowmem - ebda_addr) <= 0x10000) |
3332 |
-- lowmem = ebda_addr; |
3333 |
-+ /* |
3334 |
-+ * Note: some old Dells seem to need 4k EBDA without |
3335 |
-+ * reporting so, so just consider the memory above 0x9f000 |
3336 |
-+ * to be off limits (bugzilla 2990). |
3337 |
-+ */ |
3338 |
- |
3339 |
-- /* Fixup: bios does not report an EBDA at all. */ |
3340 |
-- /* Some old Dells seem to need 4k anyhow (bugzilla 2990) */ |
3341 |
-- if ((ebda_addr == 0) && (lowmem >= 0x9f000)) |
3342 |
-- lowmem = 0x9f000; |
3343 |
-+ /* If the EBDA address is below 128K, assume it is bogus */ |
3344 |
-+ if (ebda_addr < INSANE_CUTOFF) |
3345 |
-+ ebda_addr = LOWMEM_CAP; |
3346 |
- |
3347 |
-- /* Paranoia: should never happen, but... */ |
3348 |
-- if ((lowmem == 0) || (lowmem >= 0x100000)) |
3349 |
-- lowmem = 0x9f000; |
3350 |
-+ /* If lowmem is less than 128K, assume it is bogus */ |
3351 |
-+ if (lowmem < INSANE_CUTOFF) |
3352 |
-+ lowmem = LOWMEM_CAP; |
3353 |
-+ |
3354 |
-+ /* Use the lower of the lowmem and EBDA markers as the cutoff */ |
3355 |
-+ lowmem = min(lowmem, ebda_addr); |
3356 |
-+ lowmem = min(lowmem, LOWMEM_CAP); /* Absolute cap */ |
3357 |
- |
3358 |
- /* reserve all memory between lowmem and the 1MB mark */ |
3359 |
- memblock_reserve(lowmem, 0x100000 - lowmem); |
3360 |
diff --git a/arch/x86/kernel/head32.c b/arch/x86/kernel/head32.c |
3361 |
index c18f59d..9c0c9f6 100644 |
3362 |
--- a/arch/x86/kernel/head32.c |
3363 |
@@ -33418,10 +33350,10 @@ index 982f1f5..d21e5da 100644 |
3364 |
iounmap(buf); |
3365 |
return 0; |
3366 |
diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c |
3367 |
-index f5596db..9355ce6 100644 |
3368 |
+index bcb201c..f9782e5 100644 |
3369 |
--- a/drivers/firmware/efivars.c |
3370 |
+++ b/drivers/firmware/efivars.c |
3371 |
-@@ -132,7 +132,7 @@ struct efivar_attribute { |
3372 |
+@@ -133,7 +133,7 @@ struct efivar_attribute { |
3373 |
}; |
3374 |
|
3375 |
static struct efivars __efivars; |
3376 |
@@ -34535,10 +34467,10 @@ index 8a8725c..afed796 100644 |
3377 |
marker = list_first_entry(&queue->head, |
3378 |
struct vmw_marker, head); |
3379 |
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c |
3380 |
-index eb2ee11..6cc50ab 100644 |
3381 |
+index ceb3040..6160c5c 100644 |
3382 |
--- a/drivers/hid/hid-core.c |
3383 |
+++ b/drivers/hid/hid-core.c |
3384 |
-@@ -2240,7 +2240,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); |
3385 |
+@@ -2242,7 +2242,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); |
3386 |
|
3387 |
int hid_add_device(struct hid_device *hdev) |
3388 |
{ |
3389 |
@@ -34547,7 +34479,7 @@ index eb2ee11..6cc50ab 100644 |
3390 |
int ret; |
3391 |
|
3392 |
if (WARN_ON(hdev->status & HID_STAT_ADDED)) |
3393 |
-@@ -2274,7 +2274,7 @@ int hid_add_device(struct hid_device *hdev) |
3394 |
+@@ -2276,7 +2276,7 @@ int hid_add_device(struct hid_device *hdev) |
3395 |
/* XXX hack, any other cleaner solution after the driver core |
3396 |
* is converted to allow more than 20 bytes as the device name? */ |
3397 |
dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, |
3398 |
@@ -36416,7 +36348,7 @@ index 404f63a..4796533 100644 |
3399 |
#if defined(CONFIG_DVB_DIB3000MB) || (defined(CONFIG_DVB_DIB3000MB_MODULE) && defined(MODULE)) |
3400 |
extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config, |
3401 |
diff --git a/drivers/media/platform/omap/omap_vout.c b/drivers/media/platform/omap/omap_vout.c |
3402 |
-index 35cc526..9d90d83 100644 |
3403 |
+index 8e9a668..78d6310 100644 |
3404 |
--- a/drivers/media/platform/omap/omap_vout.c |
3405 |
+++ b/drivers/media/platform/omap/omap_vout.c |
3406 |
@@ -63,7 +63,6 @@ enum omap_vout_channels { |
3407 |
@@ -36427,7 +36359,7 @@ index 35cc526..9d90d83 100644 |
3408 |
/* Variables configurable through module params*/ |
3409 |
static u32 video1_numbuffers = 3; |
3410 |
static u32 video2_numbuffers = 3; |
3411 |
-@@ -1010,6 +1009,12 @@ static int omap_vout_open(struct file *file) |
3412 |
+@@ -1012,6 +1011,12 @@ static int omap_vout_open(struct file *file) |
3413 |
{ |
3414 |
struct videobuf_queue *q; |
3415 |
struct omap_vout_device *vout = NULL; |
3416 |
@@ -36440,7 +36372,7 @@ index 35cc526..9d90d83 100644 |
3417 |
|
3418 |
vout = video_drvdata(file); |
3419 |
v4l2_dbg(1, debug, &vout->vid_dev->v4l2_dev, "Entering %s\n", __func__); |
3420 |
-@@ -1027,10 +1032,6 @@ static int omap_vout_open(struct file *file) |
3421 |
+@@ -1029,10 +1034,6 @@ static int omap_vout_open(struct file *file) |
3422 |
vout->type = V4L2_BUF_TYPE_VIDEO_OUTPUT; |
3423 |
|
3424 |
q = &vout->vbq; |
3425 |
@@ -40439,10 +40371,10 @@ index 0d4aa82..f7832d4 100644 |
3426 |
|
3427 |
/* core tmem accessor functions */ |
3428 |
diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c |
3429 |
-index f2aa754..11337b1 100644 |
3430 |
+index 96f4981..4daaa7e 100644 |
3431 |
--- a/drivers/target/target_core_device.c |
3432 |
+++ b/drivers/target/target_core_device.c |
3433 |
-@@ -1375,7 +1375,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name) |
3434 |
+@@ -1370,7 +1370,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name) |
3435 |
spin_lock_init(&dev->se_port_lock); |
3436 |
spin_lock_init(&dev->se_tmr_lock); |
3437 |
spin_lock_init(&dev->qf_cmd_lock); |
3438 |
@@ -47537,7 +47469,7 @@ index b2a34a1..162fa69 100644 |
3439 |
return rc; |
3440 |
} |
3441 |
diff --git a/fs/exec.c b/fs/exec.c |
3442 |
-index 20df02c..1dff97d 100644 |
3443 |
+index 20df02c..5af5d91 100644 |
3444 |
--- a/fs/exec.c |
3445 |
+++ b/fs/exec.c |
3446 |
@@ -55,6 +55,17 @@ |
3447 |
@@ -47606,8 +47538,8 @@ index 20df02c..1dff97d 100644 |
3448 |
+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP |
3449 |
+ // only allow 512KB for argv+env on suid/sgid binaries |
3450 |
+ // to prevent easy ASLR exhaustion |
3451 |
-+ if (((bprm->cred->euid != current_euid()) || |
3452 |
-+ (bprm->cred->egid != current_egid())) && |
3453 |
++ if (((!uid_eq(bprm->cred->euid, current_euid())) || |
3454 |
++ (!gid_eq(bprm->cred->egid, current_egid()))) && |
3455 |
+ (size > (512 * 1024))) { |
3456 |
+ put_page(page); |
3457 |
+ return NULL; |
3458 |
@@ -47930,7 +47862,7 @@ index 20df02c..1dff97d 100644 |
3459 |
+ /* limit suid stack to 8MB |
3460 |
+ * we saved the old limits above and will restore them if this exec fails |
3461 |
+ */ |
3462 |
-+ if (((bprm->cred->euid != current_euid()) || (bprm->cred->egid != current_egid())) && |
3463 |
++ if (((!uid_eq(bprm->cred->euid, current_euid())) || (!gid_eq(bprm->cred->egid, current_egid()))) && |
3464 |
+ (old_rlim[RLIMIT_STACK].rlim_cur > (8 * 1024 * 1024))) |
3465 |
+ current->signal->rlim[RLIMIT_STACK].rlim_cur = 8 * 1024 * 1024; |
3466 |
+#endif |
3467 |
@@ -48289,10 +48221,10 @@ index 22548f5..41521d8 100644 |
3468 |
} |
3469 |
return 1; |
3470 |
diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c |
3471 |
-index cf18217..8f6b9c3 100644 |
3472 |
+index 2f2e0da..89b113a 100644 |
3473 |
--- a/fs/ext4/balloc.c |
3474 |
+++ b/fs/ext4/balloc.c |
3475 |
-@@ -498,8 +498,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi, |
3476 |
+@@ -505,8 +505,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi, |
3477 |
/* Hm, nope. Are (enough) root reserved clusters available? */ |
3478 |
if (uid_eq(sbi->s_resuid, current_fsuid()) || |
3479 |
(!gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) && in_group_p(sbi->s_resgid)) || |
3480 |
@@ -48338,7 +48270,7 @@ index 8462eb3..4a71af6 100644 |
3481 |
|
3482 |
/* locality groups */ |
3483 |
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c |
3484 |
-index 1bf6fe7..1a5bdef 100644 |
3485 |
+index 061727a..7622abf 100644 |
3486 |
--- a/fs/ext4/mballoc.c |
3487 |
+++ b/fs/ext4/mballoc.c |
3488 |
@@ -1747,7 +1747,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, |
3489 |
@@ -50125,10 +50057,10 @@ index e83351a..41e3c9c 100644 |
3490 |
if (!ret) |
3491 |
ret = -EPIPE; |
3492 |
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c |
3493 |
-index b7c09f9..3eff736 100644 |
3494 |
+index 315e1f8..91f890c 100644 |
3495 |
--- a/fs/fuse/dir.c |
3496 |
+++ b/fs/fuse/dir.c |
3497 |
-@@ -1226,7 +1226,7 @@ static char *read_link(struct dentry *dentry) |
3498 |
+@@ -1233,7 +1233,7 @@ static char *read_link(struct dentry *dentry) |
3499 |
return link; |
3500 |
} |
3501 |
|
3502 |
@@ -51152,7 +51084,7 @@ index d355e6e..578d905 100644 |
3503 |
|
3504 |
enum ocfs2_local_alloc_state |
3505 |
diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c |
3506 |
-index f169da4..9112253 100644 |
3507 |
+index b7e74b5..19c6536 100644 |
3508 |
--- a/fs/ocfs2/suballoc.c |
3509 |
+++ b/fs/ocfs2/suballoc.c |
3510 |
@@ -872,7 +872,7 @@ static int ocfs2_reserve_suballoc_bits(struct ocfs2_super *osb, |
3511 |
@@ -51164,7 +51096,7 @@ index f169da4..9112253 100644 |
3512 |
|
3513 |
/* You should never ask for this much metadata */ |
3514 |
BUG_ON(bits_wanted > |
3515 |
-@@ -2008,7 +2008,7 @@ int ocfs2_claim_metadata(handle_t *handle, |
3516 |
+@@ -2007,7 +2007,7 @@ int ocfs2_claim_metadata(handle_t *handle, |
3517 |
mlog_errno(status); |
3518 |
goto bail; |
3519 |
} |
3520 |
@@ -51173,7 +51105,7 @@ index f169da4..9112253 100644 |
3521 |
|
3522 |
*suballoc_loc = res.sr_bg_blkno; |
3523 |
*suballoc_bit_start = res.sr_bit_offset; |
3524 |
-@@ -2172,7 +2172,7 @@ int ocfs2_claim_new_inode_at_loc(handle_t *handle, |
3525 |
+@@ -2171,7 +2171,7 @@ int ocfs2_claim_new_inode_at_loc(handle_t *handle, |
3526 |
trace_ocfs2_claim_new_inode_at_loc((unsigned long long)di_blkno, |
3527 |
res->sr_bits); |
3528 |
|
3529 |
@@ -51182,7 +51114,7 @@ index f169da4..9112253 100644 |
3530 |
|
3531 |
BUG_ON(res->sr_bits != 1); |
3532 |
|
3533 |
-@@ -2214,7 +2214,7 @@ int ocfs2_claim_new_inode(handle_t *handle, |
3534 |
+@@ -2213,7 +2213,7 @@ int ocfs2_claim_new_inode(handle_t *handle, |
3535 |
mlog_errno(status); |
3536 |
goto bail; |
3537 |
} |
3538 |
@@ -51191,7 +51123,7 @@ index f169da4..9112253 100644 |
3539 |
|
3540 |
BUG_ON(res.sr_bits != 1); |
3541 |
|
3542 |
-@@ -2318,7 +2318,7 @@ int __ocfs2_claim_clusters(handle_t *handle, |
3543 |
+@@ -2317,7 +2317,7 @@ int __ocfs2_claim_clusters(handle_t *handle, |
3544 |
cluster_start, |
3545 |
num_clusters); |
3546 |
if (!status) |
3547 |
@@ -51200,7 +51132,7 @@ index f169da4..9112253 100644 |
3548 |
} else { |
3549 |
if (min_clusters > (osb->bitmap_cpg - 1)) { |
3550 |
/* The only paths asking for contiguousness |
3551 |
-@@ -2344,7 +2344,7 @@ int __ocfs2_claim_clusters(handle_t *handle, |
3552 |
+@@ -2343,7 +2343,7 @@ int __ocfs2_claim_clusters(handle_t *handle, |
3553 |
ocfs2_desc_bitmap_to_cluster_off(ac->ac_inode, |
3554 |
res.sr_bg_blkno, |
3555 |
res.sr_bit_offset); |
3556 |
@@ -51672,7 +51604,7 @@ index 6a91e6f..e54dbc14 100644 |
3557 |
static struct pid * |
3558 |
get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos) |
3559 |
diff --git a/fs/proc/base.c b/fs/proc/base.c |
3560 |
-index 9b43ff77..3d6a99f 100644 |
3561 |
+index 9b43ff77..ba3e990 100644 |
3562 |
--- a/fs/proc/base.c |
3563 |
+++ b/fs/proc/base.c |
3564 |
@@ -111,6 +111,14 @@ struct pid_entry { |
3565 |
@@ -51790,7 +51722,7 @@ index 9b43ff77..3d6a99f 100644 |
3566 |
+ const struct cred *tmpcred = current_cred(); |
3567 |
+ const struct cred *cred = __task_cred(task); |
3568 |
+ |
3569 |
-+ if (!tmpcred->uid || (tmpcred->uid == cred->uid) |
3570 |
++ if (uid_eq(tmpcred->uid, GLOBAL_ROOT_UID) || uid_eq(tmpcred->uid, cred->uid) |
3571 |
+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP |
3572 |
+ || in_group_p(grsec_proc_gid) |
3573 |
+#endif |
3574 |
@@ -52294,7 +52226,7 @@ index b1822dd..df622cb 100644 |
3575 |
|
3576 |
seq_putc(m, '\n'); |
3577 |
diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c |
3578 |
-index fe72cd0..cb9b67d 100644 |
3579 |
+index fe72cd0..21b52ff 100644 |
3580 |
--- a/fs/proc/proc_net.c |
3581 |
+++ b/fs/proc/proc_net.c |
3582 |
@@ -23,6 +23,7 @@ |
3583 |
@@ -52314,10 +52246,10 @@ index fe72cd0..cb9b67d 100644 |
3584 |
+#endif |
3585 |
+ |
3586 |
+#ifdef CONFIG_GRKERNSEC_PROC_USER |
3587 |
-+ if (cred->fsuid) |
3588 |
++ if (!uid_eq(cred->fsuid, GLOBAL_ROOT_UID)) |
3589 |
+ return net; |
3590 |
+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP) |
3591 |
-+ if (cred->fsuid && !in_group_p(grsec_proc_gid)) |
3592 |
++ if (!uid_eq(cred->fsuid, GLOBAL_ROOT_UID) && !in_group_p(grsec_proc_gid)) |
3593 |
+ return net; |
3594 |
+#endif |
3595 |
|
3596 |
@@ -53336,10 +53268,10 @@ index 9fbea87..6b19972 100644 |
3597 |
struct posix_acl *acl; |
3598 |
struct posix_acl_entry *acl_e; |
3599 |
diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c |
3600 |
-index cdb2d33..704ce7f 100644 |
3601 |
+index 572a858..12a9b0d 100644 |
3602 |
--- a/fs/xfs/xfs_bmap.c |
3603 |
+++ b/fs/xfs/xfs_bmap.c |
3604 |
-@@ -189,7 +189,7 @@ xfs_bmap_validate_ret( |
3605 |
+@@ -192,7 +192,7 @@ xfs_bmap_validate_ret( |
3606 |
int nmap, |
3607 |
int ret_nmap); |
3608 |
#else |
3609 |
@@ -54468,10 +54400,10 @@ index 0000000..1b9afa9 |
3610 |
+endif |
3611 |
diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c |
3612 |
new file mode 100644 |
3613 |
-index 0000000..69e1320 |
3614 |
+index 0000000..6b7b8f7 |
3615 |
--- /dev/null |
3616 |
+++ b/grsecurity/gracl.c |
3617 |
-@@ -0,0 +1,4019 @@ |
3618 |
+@@ -0,0 +1,4067 @@ |
3619 |
+#include <linux/kernel.h> |
3620 |
+#include <linux/module.h> |
3621 |
+#include <linux/sched.h> |
3622 |
@@ -56513,7 +56445,7 @@ index 0000000..69e1320 |
3623 |
+ const struct cred *cred = current_cred(); |
3624 |
+ |
3625 |
+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype, |
3626 |
-+ cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry, |
3627 |
++ GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry, |
3628 |
+ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename, |
3629 |
+ 1UL, 1UL, gr_to_filename(dentry, mnt), (unsigned long) mode, &task->signal->saved_ip); |
3630 |
+ |
3631 |
@@ -56521,16 +56453,29 @@ index 0000000..69e1320 |
3632 |
+} |
3633 |
+ |
3634 |
+static void |
3635 |
-+gr_log_learn_id_change(const char type, const unsigned int real, |
3636 |
-+ const unsigned int effective, const unsigned int fs) |
3637 |
++gr_log_learn_uid_change(const kuid_t real, const kuid_t effective, const kuid_t fs) |
3638 |
+{ |
3639 |
+ struct task_struct *task = current; |
3640 |
+ const struct cred *cred = current_cred(); |
3641 |
+ |
3642 |
+ security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype, |
3643 |
-+ cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry, |
3644 |
++ GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry, |
3645 |
+ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename, |
3646 |
-+ type, real, effective, fs, &task->signal->saved_ip); |
3647 |
++ 'u', GR_GLOBAL_UID(real), GR_GLOBAL_UID(effective), GR_GLOBAL_UID(fs), &task->signal->saved_ip); |
3648 |
++ |
3649 |
++ return; |
3650 |
++} |
3651 |
++ |
3652 |
++static void |
3653 |
++gr_log_learn_gid_change(const kgid_t real, const kgid_t effective, const kgid_t fs) |
3654 |
++{ |
3655 |
++ struct task_struct *task = current; |
3656 |
++ const struct cred *cred = current_cred(); |
3657 |
++ |
3658 |
++ security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype, |
3659 |
++ GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry, |
3660 |
++ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename, |
3661 |
++ 'g', GR_GLOBAL_GID(real), GR_GLOBAL_GID(effective), GR_GLOBAL_GID(fs), &task->signal->saved_ip); |
3662 |
+ |
3663 |
+ return; |
3664 |
+} |
3665 |
@@ -56803,23 +56748,28 @@ index 0000000..69e1320 |
3666 |
+extern int __gr_process_user_ban(struct user_struct *user); |
3667 |
+ |
3668 |
+int |
3669 |
-+gr_check_user_change(int real, int effective, int fs) |
3670 |
++gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs) |
3671 |
+{ |
3672 |
+ unsigned int i; |
3673 |
+ __u16 num; |
3674 |
+ uid_t *uidlist; |
3675 |
-+ int curuid; |
3676 |
++ uid_t curuid; |
3677 |
+ int realok = 0; |
3678 |
+ int effectiveok = 0; |
3679 |
+ int fsok = 0; |
3680 |
++ uid_t globalreal, globaleffective, globalfs; |
3681 |
+ |
3682 |
+#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT) || defined(CONFIG_GRKERNSEC_BRUTE) |
3683 |
+ struct user_struct *user; |
3684 |
+ |
3685 |
-+ if (real == -1) |
3686 |
++ if (!uid_valid(real)) |
3687 |
+ goto skipit; |
3688 |
+ |
3689 |
-+ user = find_user(real); |
3690 |
++ /* find user based on global namespace */ |
3691 |
++ |
3692 |
++ globalreal = GR_GLOBAL_UID(real); |
3693 |
++ |
3694 |
++ user = find_user(make_kuid(&init_user_ns, globalreal)); |
3695 |
+ if (user == NULL) |
3696 |
+ goto skipit; |
3697 |
+ |
3698 |
@@ -56839,7 +56789,7 @@ index 0000000..69e1320 |
3699 |
+ return 0; |
3700 |
+ |
3701 |
+ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) |
3702 |
-+ gr_log_learn_id_change('u', real, effective, fs); |
3703 |
++ gr_log_learn_uid_change(real, effective, fs); |
3704 |
+ |
3705 |
+ num = current->acl->user_trans_num; |
3706 |
+ uidlist = current->acl->user_transitions; |
3707 |
@@ -56847,31 +56797,43 @@ index 0000000..69e1320 |
3708 |
+ if (uidlist == NULL) |
3709 |
+ return 0; |
3710 |
+ |
3711 |
-+ if (real == -1) |
3712 |
++ if (!uid_valid(real)) { |
3713 |
+ realok = 1; |
3714 |
-+ if (effective == -1) |
3715 |
++ globalreal = (uid_t)-1; |
3716 |
++ } else { |
3717 |
++ globalreal = GR_GLOBAL_UID(real); |
3718 |
++ } |
3719 |
++ if (!uid_valid(effective)) { |
3720 |
+ effectiveok = 1; |
3721 |
-+ if (fs == -1) |
3722 |
++ globaleffective = (uid_t)-1; |
3723 |
++ } else { |
3724 |
++ globaleffective = GR_GLOBAL_UID(effective); |
3725 |
++ } |
3726 |
++ if (!uid_valid(fs)) { |
3727 |
+ fsok = 1; |
3728 |
++ globalfs = (uid_t)-1; |
3729 |
++ } else { |
3730 |
++ globalfs = GR_GLOBAL_UID(fs); |
3731 |
++ } |
3732 |
+ |
3733 |
+ if (current->acl->user_trans_type & GR_ID_ALLOW) { |
3734 |
+ for (i = 0; i < num; i++) { |
3735 |
-+ curuid = (int)uidlist[i]; |
3736 |
-+ if (real == curuid) |
3737 |
++ curuid = uidlist[i]; |
3738 |
++ if (globalreal == curuid) |
3739 |
+ realok = 1; |
3740 |
-+ if (effective == curuid) |
3741 |
++ if (globaleffective == curuid) |
3742 |
+ effectiveok = 1; |
3743 |
-+ if (fs == curuid) |
3744 |
++ if (globalfs == curuid) |
3745 |
+ fsok = 1; |
3746 |
+ } |
3747 |
+ } else if (current->acl->user_trans_type & GR_ID_DENY) { |
3748 |
+ for (i = 0; i < num; i++) { |
3749 |
-+ curuid = (int)uidlist[i]; |
3750 |
-+ if (real == curuid) |
3751 |
++ curuid = uidlist[i]; |
3752 |
++ if (globalreal == curuid) |
3753 |
+ break; |
3754 |
-+ if (effective == curuid) |
3755 |
++ if (globaleffective == curuid) |
3756 |
+ break; |
3757 |
-+ if (fs == curuid) |
3758 |
++ if (globalfs == curuid) |
3759 |
+ break; |
3760 |
+ } |
3761 |
+ /* not in deny list */ |
3762 |
@@ -56885,27 +56847,28 @@ index 0000000..69e1320 |
3763 |
+ if (realok && effectiveok && fsok) |
3764 |
+ return 0; |
3765 |
+ else { |
3766 |
-+ gr_log_int(GR_DONT_AUDIT, GR_USRCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real); |
3767 |
++ gr_log_int(GR_DONT_AUDIT, GR_USRCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : globalfs) : globaleffective) : globalreal); |
3768 |
+ return 1; |
3769 |
+ } |
3770 |
+} |
3771 |
+ |
3772 |
+int |
3773 |
-+gr_check_group_change(int real, int effective, int fs) |
3774 |
++gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs) |
3775 |
+{ |
3776 |
+ unsigned int i; |
3777 |
+ __u16 num; |
3778 |
+ gid_t *gidlist; |
3779 |
-+ int curgid; |
3780 |
++ gid_t curgid; |
3781 |
+ int realok = 0; |
3782 |
+ int effectiveok = 0; |
3783 |
+ int fsok = 0; |
3784 |
++ gid_t globalreal, globaleffective, globalfs; |
3785 |
+ |
3786 |
+ if (unlikely(!(gr_status & GR_READY))) |
3787 |
+ return 0; |
3788 |
+ |
3789 |
+ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) |
3790 |
-+ gr_log_learn_id_change('g', real, effective, fs); |
3791 |
++ gr_log_learn_gid_change(real, effective, fs); |
3792 |
+ |
3793 |
+ num = current->acl->group_trans_num; |
3794 |
+ gidlist = current->acl->group_transitions; |
3795 |
@@ -56913,31 +56876,43 @@ index 0000000..69e1320 |
3796 |
+ if (gidlist == NULL) |
3797 |
+ return 0; |
3798 |
+ |
3799 |
-+ if (real == -1) |
3800 |
++ if (!gid_valid(real)) { |
3801 |
+ realok = 1; |
3802 |
-+ if (effective == -1) |
3803 |
++ globalreal = (gid_t)-1; |
3804 |
++ } else { |
3805 |
++ globalreal = GR_GLOBAL_GID(real); |
3806 |
++ } |
3807 |
++ if (!gid_valid(effective)) { |
3808 |
+ effectiveok = 1; |
3809 |
-+ if (fs == -1) |
3810 |
++ globaleffective = (gid_t)-1; |
3811 |
++ } else { |
3812 |
++ globaleffective = GR_GLOBAL_GID(effective); |
3813 |
++ } |
3814 |
++ if (!gid_valid(fs)) { |
3815 |
+ fsok = 1; |
3816 |
++ globalfs = (gid_t)-1; |
3817 |
++ } else { |
3818 |
++ globalfs = GR_GLOBAL_GID(fs); |
3819 |
++ } |
3820 |
+ |
3821 |
+ if (current->acl->group_trans_type & GR_ID_ALLOW) { |
3822 |
+ for (i = 0; i < num; i++) { |
3823 |
-+ curgid = (int)gidlist[i]; |
3824 |
-+ if (real == curgid) |
3825 |
++ curgid = gidlist[i]; |
3826 |
++ if (globalreal == curgid) |
3827 |
+ realok = 1; |
3828 |
-+ if (effective == curgid) |
3829 |
++ if (globaleffective == curgid) |
3830 |
+ effectiveok = 1; |
3831 |
-+ if (fs == curgid) |
3832 |
++ if (globalfs == curgid) |
3833 |
+ fsok = 1; |
3834 |
+ } |
3835 |
+ } else if (current->acl->group_trans_type & GR_ID_DENY) { |
3836 |
+ for (i = 0; i < num; i++) { |
3837 |
-+ curgid = (int)gidlist[i]; |
3838 |
-+ if (real == curgid) |
3839 |
++ curgid = gidlist[i]; |
3840 |
++ if (globalreal == curgid) |
3841 |
+ break; |
3842 |
-+ if (effective == curgid) |
3843 |
++ if (globaleffective == curgid) |
3844 |
+ break; |
3845 |
-+ if (fs == curgid) |
3846 |
++ if (globalfs == curgid) |
3847 |
+ break; |
3848 |
+ } |
3849 |
+ /* not in deny list */ |
3850 |
@@ -56951,7 +56926,7 @@ index 0000000..69e1320 |
3851 |
+ if (realok && effectiveok && fsok) |
3852 |
+ return 0; |
3853 |
+ else { |
3854 |
-+ gr_log_int(GR_DONT_AUDIT, GR_GRPCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real); |
3855 |
++ gr_log_int(GR_DONT_AUDIT, GR_GRPCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : globalfs) : globaleffective) : globalreal); |
3856 |
+ return 1; |
3857 |
+ } |
3858 |
+} |
3859 |
@@ -56959,16 +56934,21 @@ index 0000000..69e1320 |
3860 |
+extern int gr_acl_is_capable(const int cap); |
3861 |
+ |
3862 |
+void |
3863 |
-+gr_set_role_label(struct task_struct *task, const uid_t uid, const uid_t gid) |
3864 |
++gr_set_role_label(struct task_struct *task, const kuid_t kuid, const kgid_t kgid) |
3865 |
+{ |
3866 |
+ struct acl_role_label *role = task->role; |
3867 |
+ struct acl_subject_label *subj = NULL; |
3868 |
+ struct acl_object_label *obj; |
3869 |
+ struct file *filp; |
3870 |
++ uid_t uid; |
3871 |
++ gid_t gid; |
3872 |
+ |
3873 |
+ if (unlikely(!(gr_status & GR_READY))) |
3874 |
+ return; |
3875 |
+ |
3876 |
++ uid = GR_GLOBAL_UID(kuid); |
3877 |
++ gid = GR_GLOBAL_GID(kgid); |
3878 |
++ |
3879 |
+ filp = task->exec_file; |
3880 |
+ |
3881 |
+ /* kernel process, we'll give them the kernel role */ |
3882 |
@@ -57922,7 +57902,7 @@ index 0000000..69e1320 |
3883 |
+ |
3884 |
+ if (task->exec_file) { |
3885 |
+ cred = __task_cred(task); |
3886 |
-+ task->role = lookup_acl_role_label(task, cred->uid, cred->gid); |
3887 |
++ task->role = lookup_acl_role_label(task, GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid)); |
3888 |
+ ret = gr_apply_subject_to_task(task); |
3889 |
+ if (ret) { |
3890 |
+ read_unlock(&grsec_exec_file_lock); |
3891 |
@@ -58005,7 +57985,7 @@ index 0000000..69e1320 |
3892 |
+ rcu_read_lock(); |
3893 |
+ cred = __task_cred(task); |
3894 |
+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, |
3895 |
-+ task->role->roletype, cred->uid, cred->gid, acl->filename, |
3896 |
++ task->role->roletype, GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), acl->filename, |
3897 |
+ acl->filename, acl->res[res].rlim_cur, acl->res[res].rlim_max, |
3898 |
+ "", (unsigned long) res, &task->signal->saved_ip); |
3899 |
+ rcu_read_unlock(); |
3900 |
@@ -58604,7 +58584,7 @@ index 0000000..34fefda |
3901 |
+} |
3902 |
diff --git a/grsecurity/gracl_cap.c b/grsecurity/gracl_cap.c |
3903 |
new file mode 100644 |
3904 |
-index 0000000..6d21049 |
3905 |
+index 0000000..bdd51ea |
3906 |
--- /dev/null |
3907 |
+++ b/grsecurity/gracl_cap.c |
3908 |
@@ -0,0 +1,110 @@ |
3909 |
@@ -58659,8 +58639,8 @@ index 0000000..6d21049 |
3910 |
+ if ((curracl->mode & (GR_LEARN | GR_INHERITLEARN)) |
3911 |
+ && cap_raised(cred->cap_effective, cap)) { |
3912 |
+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, |
3913 |
-+ task->role->roletype, cred->uid, |
3914 |
-+ cred->gid, task->exec_file ? |
3915 |
++ task->role->roletype, GR_GLOBAL_UID(cred->uid), |
3916 |
++ GR_GLOBAL_GID(cred->gid), task->exec_file ? |
3917 |
+ gr_to_filename(task->exec_file->f_path.dentry, |
3918 |
+ task->exec_file->f_path.mnt) : curracl->filename, |
3919 |
+ curracl->filename, 0UL, |
3920 |
@@ -59157,7 +59137,7 @@ index 0000000..a340c17 |
3921 |
+} |
3922 |
diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c |
3923 |
new file mode 100644 |
3924 |
-index 0000000..58800a7 |
3925 |
+index 0000000..4699807 |
3926 |
--- /dev/null |
3927 |
+++ b/grsecurity/gracl_ip.c |
3928 |
@@ -0,0 +1,384 @@ |
3929 |
@@ -59277,8 +59257,8 @@ index 0000000..58800a7 |
3930 |
+ if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) { |
3931 |
+ __u32 fakeip = 0; |
3932 |
+ security_learn(GR_IP_LEARN_MSG, current->role->rolename, |
3933 |
-+ current->role->roletype, cred->uid, |
3934 |
-+ cred->gid, current->exec_file ? |
3935 |
++ current->role->roletype, GR_GLOBAL_UID(cred->uid), |
3936 |
++ GR_GLOBAL_GID(cred->gid), current->exec_file ? |
3937 |
+ gr_to_filename(current->exec_file->f_path.dentry, |
3938 |
+ current->exec_file->f_path.mnt) : |
3939 |
+ curr->filename, curr->filename, |
3940 |
@@ -59305,8 +59285,8 @@ index 0000000..58800a7 |
3941 |
+ if (type == SOCK_RAW || type == SOCK_PACKET) { |
3942 |
+ __u32 fakeip = 0; |
3943 |
+ security_learn(GR_IP_LEARN_MSG, current->role->rolename, |
3944 |
-+ current->role->roletype, cred->uid, |
3945 |
-+ cred->gid, current->exec_file ? |
3946 |
++ current->role->roletype, GR_GLOBAL_UID(cred->uid), |
3947 |
++ GR_GLOBAL_GID(cred->gid), current->exec_file ? |
3948 |
+ gr_to_filename(current->exec_file->f_path.dentry, |
3949 |
+ current->exec_file->f_path.mnt) : |
3950 |
+ curr->filename, curr->filename, |
3951 |
@@ -59315,8 +59295,8 @@ index 0000000..58800a7 |
3952 |
+ } else if ((type == SOCK_DGRAM) && (protocol == IPPROTO_IP)) { |
3953 |
+ __u32 fakeip = 0; |
3954 |
+ security_learn(GR_IP_LEARN_MSG, current->role->rolename, |
3955 |
-+ current->role->roletype, cred->uid, |
3956 |
-+ cred->gid, current->exec_file ? |
3957 |
++ current->role->roletype, GR_GLOBAL_UID(cred->uid), |
3958 |
++ GR_GLOBAL_GID(cred->gid), current->exec_file ? |
3959 |
+ gr_to_filename(current->exec_file->f_path.dentry, |
3960 |
+ current->exec_file->f_path.mnt) : |
3961 |
+ curr->filename, curr->filename, |
3962 |
@@ -59412,8 +59392,8 @@ index 0000000..58800a7 |
3963 |
+ |
3964 |
+ if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) { |
3965 |
+ security_learn(GR_IP_LEARN_MSG, current->role->rolename, |
3966 |
-+ current->role->roletype, cred->uid, |
3967 |
-+ cred->gid, current->exec_file ? |
3968 |
++ current->role->roletype, GR_GLOBAL_UID(cred->uid), |
3969 |
++ GR_GLOBAL_GID(cred->gid), current->exec_file ? |
3970 |
+ gr_to_filename(current->exec_file->f_path.dentry, |
3971 |
+ current->exec_file->f_path.mnt) : |
3972 |
+ curr->filename, curr->filename, |
3973 |
@@ -59834,10 +59814,10 @@ index 0000000..39645c9 |
3974 |
+} |
3975 |
diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c |
3976 |
new file mode 100644 |
3977 |
-index 0000000..25197e9 |
3978 |
+index 0000000..10398db |
3979 |
--- /dev/null |
3980 |
+++ b/grsecurity/gracl_segv.c |
3981 |
-@@ -0,0 +1,299 @@ |
3982 |
+@@ -0,0 +1,303 @@ |
3983 |
+#include <linux/kernel.h> |
3984 |
+#include <linux/mm.h> |
3985 |
+#include <asm/uaccess.h> |
3986 |
@@ -59939,9 +59919,10 @@ index 0000000..25197e9 |
3987 |
+} |
3988 |
+ |
3989 |
+static __inline__ void |
3990 |
-+gr_insert_uid(const uid_t uid, const unsigned long expires) |
3991 |
++gr_insert_uid(const kuid_t kuid, const unsigned long expires) |
3992 |
+{ |
3993 |
+ int loc; |
3994 |
++ uid_t uid = GR_GLOBAL_UID(kuid); |
3995 |
+ |
3996 |
+ if (uid_used == GR_UIDTABLE_MAX) |
3997 |
+ return; |
3998 |
@@ -59976,14 +59957,17 @@ index 0000000..25197e9 |
3999 |
+} |
4000 |
+ |
4001 |
+int |
4002 |
-+gr_check_crash_uid(const uid_t uid) |
4003 |
++gr_check_crash_uid(const kuid_t kuid) |
4004 |
+{ |
4005 |
+ int loc; |
4006 |
+ int ret = 0; |
4007 |
++ uid_t uid; |
4008 |
+ |
4009 |
+ if (unlikely(!gr_acl_is_enabled())) |
4010 |
+ return 0; |
4011 |
+ |
4012 |
++ uid = GR_GLOBAL_UID(kuid); |
4013 |
++ |
4014 |
+ spin_lock(&gr_uid_lock); |
4015 |
+ loc = gr_find_uid(uid); |
4016 |
+ |
4017 |
@@ -60006,8 +59990,8 @@ index 0000000..25197e9 |
4018 |
+ if (!uid_eq(cred->uid, cred->euid) || !uid_eq(cred->uid, cred->suid) || |
4019 |
+ !uid_eq(cred->uid, cred->fsuid)) |
4020 |
+ return 1; |
4021 |
-+ if (!uid_eq(cred->gid, cred->egid) || !uid_eq(cred->gid, cred->sgid) || |
4022 |
-+ !uid_eq(cred->gid, cred->fsgid)) |
4023 |
++ if (!gid_eq(cred->gid, cred->egid) || !gid_eq(cred->gid, cred->sgid) || |
4024 |
++ !gid_eq(cred->gid, cred->fsgid)) |
4025 |
+ return 1; |
4026 |
+ |
4027 |
+ return 0; |
4028 |
@@ -60139,7 +60123,7 @@ index 0000000..25197e9 |
4029 |
+} |
4030 |
diff --git a/grsecurity/gracl_shm.c b/grsecurity/gracl_shm.c |
4031 |
new file mode 100644 |
4032 |
-index 0000000..9d83a69 |
4033 |
+index 0000000..120978a |
4034 |
--- /dev/null |
4035 |
+++ b/grsecurity/gracl_shm.c |
4036 |
@@ -0,0 +1,40 @@ |
4037 |
@@ -60154,7 +60138,7 @@ index 0000000..9d83a69 |
4038 |
+ |
4039 |
+int |
4040 |
+gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid, |
4041 |
-+ const time_t shm_createtime, const uid_t cuid, const int shmid) |
4042 |
++ const time_t shm_createtime, const kuid_t cuid, const int shmid) |
4043 |
+{ |
4044 |
+ struct task_struct *task; |
4045 |
+ |
4046 |
@@ -60175,7 +60159,7 @@ index 0000000..9d83a69 |
4047 |
+ (task->acl != current->acl))) { |
4048 |
+ read_unlock(&tasklist_lock); |
4049 |
+ rcu_read_unlock(); |
4050 |
-+ gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid); |
4051 |
++ gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, GR_GLOBAL_UID(cuid), shm_cprid, shmid); |
4052 |
+ return 0; |
4053 |
+ } |
4054 |
+ read_unlock(&tasklist_lock); |
4055 |
@@ -60573,7 +60557,7 @@ index 0000000..70fe0ae |
4056 |
+} |
4057 |
diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c |
4058 |
new file mode 100644 |
4059 |
-index 0000000..e6796b3 |
4060 |
+index 0000000..207d409 |
4061 |
--- /dev/null |
4062 |
+++ b/grsecurity/grsec_disabled.c |
4063 |
@@ -0,0 +1,434 @@ |
4064 |
@@ -60716,7 +60700,7 @@ index 0000000..e6796b3 |
4065 |
+} |
4066 |
+ |
4067 |
+int |
4068 |
-+gr_check_crash_uid(const uid_t uid) |
4069 |
++gr_check_crash_uid(const kuid_t uid) |
4070 |
+{ |
4071 |
+ return 0; |
4072 |
+} |
4073 |
@@ -60893,7 +60877,7 @@ index 0000000..e6796b3 |
4074 |
+ |
4075 |
+int |
4076 |
+gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid, |
4077 |
-+ const time_t shm_createtime, const uid_t cuid, const int shmid) |
4078 |
++ const time_t shm_createtime, const kuid_t cuid, const int shmid) |
4079 |
+{ |
4080 |
+ return 1; |
4081 |
+} |
4082 |
@@ -60950,7 +60934,7 @@ index 0000000..e6796b3 |
4083 |
+} |
4084 |
+ |
4085 |
+void |
4086 |
-+gr_set_role_label(const uid_t uid, const gid_t gid) |
4087 |
++gr_set_role_label(const kuid_t uid, const kgid_t gid) |
4088 |
+{ |
4089 |
+ return; |
4090 |
+} |
4091 |
@@ -60980,13 +60964,13 @@ index 0000000..e6796b3 |
4092 |
+} |
4093 |
+ |
4094 |
+int |
4095 |
-+gr_check_user_change(int real, int effective, int fs) |
4096 |
++gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs) |
4097 |
+{ |
4098 |
+ return 0; |
4099 |
+} |
4100 |
+ |
4101 |
+int |
4102 |
-+gr_check_group_change(int real, int effective, int fs) |
4103 |
++gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs) |
4104 |
+{ |
4105 |
+ return 0; |
4106 |
+} |
4107 |
@@ -61193,7 +61177,7 @@ index 0000000..abfa971 |
4108 |
+EXPORT_SYMBOL(gr_task_is_capable_nolog); |
4109 |
diff --git a/grsecurity/grsec_fifo.c b/grsecurity/grsec_fifo.c |
4110 |
new file mode 100644 |
4111 |
-index 0000000..d3ee748 |
4112 |
+index 0000000..06cc6ea |
4113 |
--- /dev/null |
4114 |
+++ b/grsecurity/grsec_fifo.c |
4115 |
@@ -0,0 +1,24 @@ |
4116 |
@@ -61212,10 +61196,10 @@ index 0000000..d3ee748 |
4117 |
+ |
4118 |
+ if (grsec_enable_fifo && S_ISFIFO(dentry->d_inode->i_mode) && |
4119 |
+ !(flag & O_EXCL) && (dir->d_inode->i_mode & S_ISVTX) && |
4120 |
-+ (dentry->d_inode->i_uid != dir->d_inode->i_uid) && |
4121 |
-+ (cred->fsuid != dentry->d_inode->i_uid)) { |
4122 |
++ !uid_eq(dentry->d_inode->i_uid, dir->d_inode->i_uid) && |
4123 |
++ !uid_eq(cred->fsuid, dentry->d_inode->i_uid)) { |
4124 |
+ if (!inode_permission(dentry->d_inode, acc_mode)) |
4125 |
-+ gr_log_fs_int2(GR_DONT_AUDIT, GR_FIFO_MSG, dentry, mnt, dentry->d_inode->i_uid, dentry->d_inode->i_gid); |
4126 |
++ gr_log_fs_int2(GR_DONT_AUDIT, GR_FIFO_MSG, dentry, mnt, GR_GLOBAL_UID(dentry->d_inode->i_uid), GR_GLOBAL_GID(dentry->d_inode->i_gid)); |
4127 |
+ return -EACCES; |
4128 |
+ } |
4129 |
+#endif |
4130 |
@@ -61252,7 +61236,7 @@ index 0000000..8ca18bf |
4131 |
+} |
4132 |
diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c |
4133 |
new file mode 100644 |
4134 |
-index 0000000..05a6015 |
4135 |
+index 0000000..a862e9f |
4136 |
--- /dev/null |
4137 |
+++ b/grsecurity/grsec_init.c |
4138 |
@@ -0,0 +1,283 @@ |
4139 |
@@ -61268,7 +61252,7 @@ index 0000000..05a6015 |
4140 |
+int grsec_enable_ptrace_readexec; |
4141 |
+int grsec_enable_setxid; |
4142 |
+int grsec_enable_symlinkown; |
4143 |
-+int grsec_symlinkown_gid; |
4144 |
++kgid_t grsec_symlinkown_gid; |
4145 |
+int grsec_enable_brute; |
4146 |
+int grsec_enable_link; |
4147 |
+int grsec_enable_dmesg; |
4148 |
@@ -61281,7 +61265,7 @@ index 0000000..05a6015 |
4149 |
+int grsec_enable_time; |
4150 |
+int grsec_enable_audit_textrel; |
4151 |
+int grsec_enable_group; |
4152 |
-+int grsec_audit_gid; |
4153 |
++kgid_t grsec_audit_gid; |
4154 |
+int grsec_enable_chdir; |
4155 |
+int grsec_enable_mount; |
4156 |
+int grsec_enable_rofs; |
4157 |
@@ -61300,7 +61284,7 @@ index 0000000..05a6015 |
4158 |
+int grsec_enable_chroot_sysctl; |
4159 |
+int grsec_enable_chroot_unix; |
4160 |
+int grsec_enable_tpe; |
4161 |
-+int grsec_tpe_gid; |
4162 |
++kgid_t grsec_tpe_gid; |
4163 |
+int grsec_enable_blackhole; |
4164 |
+#ifdef CONFIG_IPV6_MODULE |
4165 |
+EXPORT_SYMBOL(grsec_enable_blackhole); |
4166 |
@@ -61309,11 +61293,11 @@ index 0000000..05a6015 |
4167 |
+int grsec_enable_tpe_all; |
4168 |
+int grsec_enable_tpe_invert; |
4169 |
+int grsec_enable_socket_all; |
4170 |
-+int grsec_socket_all_gid; |
4171 |
++kgid_t grsec_socket_all_gid; |
4172 |
+int grsec_enable_socket_client; |
4173 |
-+int grsec_socket_client_gid; |
4174 |
++kgid_t grsec_socket_client_gid; |
4175 |
+int grsec_enable_socket_server; |
4176 |
-+int grsec_socket_server_gid; |
4177 |
++kgid_t grsec_socket_server_gid; |
4178 |
+int grsec_resource_logging; |
4179 |
+int grsec_disable_privio; |
4180 |
+int grsec_enable_log_rwxmaps; |
4181 |
@@ -61419,7 +61403,7 @@ index 0000000..05a6015 |
4182 |
+#endif |
4183 |
+#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP |
4184 |
+ grsec_enable_group = 1; |
4185 |
-+ grsec_audit_gid = CONFIG_GRKERNSEC_AUDIT_GID; |
4186 |
++ grsec_audit_gid = KGIDT_INIT(CONFIG_GRKERNSEC_AUDIT_GID); |
4187 |
+#endif |
4188 |
+#ifdef CONFIG_GRKERNSEC_PTRACE_READEXEC |
4189 |
+ grsec_enable_ptrace_readexec = 1; |
4190 |
@@ -61514,26 +61498,26 @@ index 0000000..05a6015 |
4191 |
+#endif |
4192 |
+#ifdef CONFIG_GRKERNSEC_SYMLINKOWN |
4193 |
+ grsec_enable_symlinkown = 1; |
4194 |
-+ grsec_symlinkown_gid = CONFIG_GRKERNSEC_SYMLINKOWN_GID; |
4195 |
++ grsec_symlinkown_gid = KGIDT_INIT(CONFIG_GRKERNSEC_SYMLINKOWN_GID); |
4196 |
+#endif |
4197 |
+#ifdef CONFIG_GRKERNSEC_TPE |
4198 |
+ grsec_enable_tpe = 1; |
4199 |
-+ grsec_tpe_gid = CONFIG_GRKERNSEC_TPE_GID; |
4200 |
++ grsec_tpe_gid = KGIDT_INIT(CONFIG_GRKERNSEC_TPE_GID); |
4201 |
+#ifdef CONFIG_GRKERNSEC_TPE_ALL |
4202 |
+ grsec_enable_tpe_all = 1; |
4203 |
+#endif |
4204 |
+#endif |
4205 |
+#ifdef CONFIG_GRKERNSEC_SOCKET_ALL |
4206 |
+ grsec_enable_socket_all = 1; |
4207 |
-+ grsec_socket_all_gid = CONFIG_GRKERNSEC_SOCKET_ALL_GID; |
4208 |
++ grsec_socket_all_gid = KGIDT_INIT(CONFIG_GRKERNSEC_SOCKET_ALL_GID); |
4209 |
+#endif |
4210 |
+#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT |
4211 |
+ grsec_enable_socket_client = 1; |
4212 |
-+ grsec_socket_client_gid = CONFIG_GRKERNSEC_SOCKET_CLIENT_GID; |
4213 |
++ grsec_socket_client_gid = KGIDT_INIT(CONFIG_GRKERNSEC_SOCKET_CLIENT_GID); |
4214 |
+#endif |
4215 |
+#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER |
4216 |
+ grsec_enable_socket_server = 1; |
4217 |
-+ grsec_socket_server_gid = CONFIG_GRKERNSEC_SOCKET_SERVER_GID; |
4218 |
++ grsec_socket_server_gid = KGIDT_INIT(CONFIG_GRKERNSEC_SOCKET_SERVER_GID); |
4219 |
+#endif |
4220 |
+#endif |
4221 |
+ |
4222 |
@@ -61605,10 +61589,10 @@ index 0000000..6095407 |
4223 |
+} |
4224 |
diff --git a/grsecurity/grsec_log.c b/grsecurity/grsec_log.c |
4225 |
new file mode 100644 |
4226 |
-index 0000000..7bd6c2b |
4227 |
+index 0000000..7c06085 |
4228 |
--- /dev/null |
4229 |
+++ b/grsecurity/grsec_log.c |
4230 |
-@@ -0,0 +1,329 @@ |
4231 |
+@@ -0,0 +1,326 @@ |
4232 |
+#include <linux/kernel.h> |
4233 |
+#include <linux/sched.h> |
4234 |
+#include <linux/file.h> |
4235 |
@@ -61624,9 +61608,6 @@ index 0000000..7bd6c2b |
4236 |
+#define ENABLE_PREEMPT() |
4237 |
+#endif |
4238 |
+ |
4239 |
-+#define GR_GLOBAL_UID(x) from_kuid_munged(&init_user_ns, (x)) |
4240 |
-+#define GR_GLOBAL_GID(x) from_kgid_munged(&init_user_ns, (x)) |
4241 |
-+ |
4242 |
+#define BEGIN_LOCKS(x) \ |
4243 |
+ DISABLE_PREEMPT(); \ |
4244 |
+ rcu_read_lock(); \ |
4245 |
@@ -63107,7 +63088,7 @@ index 0000000..0dc13c3 |
4246 |
+EXPORT_SYMBOL(gr_log_timechange); |
4247 |
diff --git a/grsecurity/grsec_tpe.c b/grsecurity/grsec_tpe.c |
4248 |
new file mode 100644 |
4249 |
-index 0000000..07e0dc0 |
4250 |
+index 0000000..ac20d7f |
4251 |
--- /dev/null |
4252 |
+++ b/grsecurity/grsec_tpe.c |
4253 |
@@ -0,0 +1,73 @@ |
4254 |
@@ -63129,7 +63110,7 @@ index 0000000..07e0dc0 |
4255 |
+ char *msg2 = NULL; |
4256 |
+ |
4257 |
+ // never restrict root |
4258 |
-+ if (!cred->uid) |
4259 |
++ if (uid_eq(cred->uid, GLOBAL_ROOT_UID)) |
4260 |
+ return 1; |
4261 |
+ |
4262 |
+ if (grsec_enable_tpe) { |
4263 |
@@ -63150,7 +63131,7 @@ index 0000000..07e0dc0 |
4264 |
+ if (!msg) |
4265 |
+ goto next_check; |
4266 |
+ |
4267 |
-+ if (inode->i_uid) |
4268 |
++ if (!uid_eq(inode->i_uid, GLOBAL_ROOT_UID)) |
4269 |
+ msg2 = "file in non-root-owned directory"; |
4270 |
+ else if (inode->i_mode & S_IWOTH) |
4271 |
+ msg2 = "file in world-writable directory"; |
4272 |
@@ -63169,7 +63150,7 @@ index 0000000..07e0dc0 |
4273 |
+ if (!grsec_enable_tpe || !grsec_enable_tpe_all) |
4274 |
+ return 1; |
4275 |
+ |
4276 |
-+ if (inode->i_uid && (inode->i_uid != cred->uid)) |
4277 |
++ if (!uid_eq(inode->i_uid, GLOBAL_ROOT_UID) && !uid_eq(inode->i_uid, cred->uid)) |
4278 |
+ msg = "directory not owned by user"; |
4279 |
+ else if (inode->i_mode & S_IWOTH) |
4280 |
+ msg = "file in world-writable directory"; |
4281 |
@@ -65046,7 +65027,7 @@ index 0000000..be66033 |
4282 |
+#endif |
4283 |
diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h |
4284 |
new file mode 100644 |
4285 |
-index 0000000..baa6e96 |
4286 |
+index 0000000..9bb6662 |
4287 |
--- /dev/null |
4288 |
+++ b/include/linux/grinternal.h |
4289 |
@@ -0,0 +1,215 @@ |
4290 |
@@ -65112,18 +65093,18 @@ index 0000000..baa6e96 |
4291 |
+extern int grsec_enable_chroot_sysctl; |
4292 |
+extern int grsec_enable_chroot_unix; |
4293 |
+extern int grsec_enable_symlinkown; |
4294 |
-+extern int grsec_symlinkown_gid; |
4295 |
++extern kgid_t grsec_symlinkown_gid; |
4296 |
+extern int grsec_enable_tpe; |
4297 |
-+extern int grsec_tpe_gid; |
4298 |
++extern kgid_t grsec_tpe_gid; |
4299 |
+extern int grsec_enable_tpe_all; |
4300 |
+extern int grsec_enable_tpe_invert; |
4301 |
+extern int grsec_enable_socket_all; |
4302 |
-+extern int grsec_socket_all_gid; |
4303 |
++extern kgid_t grsec_socket_all_gid; |
4304 |
+extern int grsec_enable_socket_client; |
4305 |
-+extern int grsec_socket_client_gid; |
4306 |
++extern kgid_t grsec_socket_client_gid; |
4307 |
+extern int grsec_enable_socket_server; |
4308 |
-+extern int grsec_socket_server_gid; |
4309 |
-+extern int grsec_audit_gid; |
4310 |
++extern kgid_t grsec_socket_server_gid; |
4311 |
++extern kgid_t grsec_audit_gid; |
4312 |
+extern int grsec_enable_group; |
4313 |
+extern int grsec_enable_audit_textrel; |
4314 |
+extern int grsec_enable_log_rwxmaps; |
4315 |
@@ -65384,7 +65365,7 @@ index 0000000..2bd4c8d |
4316 |
+#define GR_BRUTE_DAEMON_MSG "bruteforce prevention initiated for the next 30 minutes or until service restarted, stalling each fork 30 seconds. Please investigate the crash report for " |
4317 |
diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h |
4318 |
new file mode 100644 |
4319 |
-index 0000000..c5e5913 |
4320 |
+index 0000000..1ae241a |
4321 |
--- /dev/null |
4322 |
+++ b/include/linux/grsecurity.h |
4323 |
@@ -0,0 +1,257 @@ |
4324 |
@@ -65432,8 +65413,8 @@ index 0000000..c5e5913 |
4325 |
+ |
4326 |
+int gr_acl_enable_at_secure(void); |
4327 |
+ |
4328 |
-+int gr_check_user_change(int real, int effective, int fs); |
4329 |
-+int gr_check_group_change(int real, int effective, int fs); |
4330 |
++int gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs); |
4331 |
++int gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs); |
4332 |
+ |
4333 |
+void gr_del_task_from_ip_table(struct task_struct *p); |
4334 |
+ |
4335 |
@@ -65505,7 +65486,7 @@ index 0000000..c5e5913 |
4336 |
+void gr_copy_label(struct task_struct *tsk); |
4337 |
+void gr_handle_crash(struct task_struct *task, const int sig); |
4338 |
+int gr_handle_signal(const struct task_struct *p, const int sig); |
4339 |
-+int gr_check_crash_uid(const uid_t uid); |
4340 |
++int gr_check_crash_uid(const kuid_t uid); |
4341 |
+int gr_check_protected_task(const struct task_struct *task); |
4342 |
+int gr_check_protected_task_fowner(struct pid *pid, enum pid_type type); |
4343 |
+int gr_acl_handle_mmap(const struct file *file, |
4344 |
@@ -65532,8 +65513,8 @@ index 0000000..c5e5913 |
4345 |
+int gr_check_crash_exec(const struct file *filp); |
4346 |
+int gr_acl_is_enabled(void); |
4347 |
+void gr_set_kernel_label(struct task_struct *task); |
4348 |
-+void gr_set_role_label(struct task_struct *task, const uid_t uid, |
4349 |
-+ const gid_t gid); |
4350 |
++void gr_set_role_label(struct task_struct *task, const kuid_t uid, |
4351 |
++ const kgid_t gid); |
4352 |
+int gr_set_proc_label(const struct dentry *dentry, |
4353 |
+ const struct vfsmount *mnt, |
4354 |
+ const int unsafe_flags); |
4355 |
@@ -65633,7 +65614,7 @@ index 0000000..c5e5913 |
4356 |
+extern int grsec_disable_privio; |
4357 |
+ |
4358 |
+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP |
4359 |
-+extern int grsec_proc_gid; |
4360 |
++extern kgid_t grsec_proc_gid; |
4361 |
+#endif |
4362 |
+ |
4363 |
+#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK |
4364 |
@@ -67652,6 +67633,18 @@ index 5ca0951..ab496a5 100644 |
4365 |
ret; \ |
4366 |
}) |
4367 |
|
4368 |
+diff --git a/include/linux/uidgid.h b/include/linux/uidgid.h |
4369 |
+index 8e522cbc..1b67af5 100644 |
4370 |
+--- a/include/linux/uidgid.h |
4371 |
++++ b/include/linux/uidgid.h |
4372 |
+@@ -197,4 +197,7 @@ static inline bool kgid_has_mapping(struct user_namespace *ns, kgid_t gid) |
4373 |
+ |
4374 |
+ #endif /* CONFIG_USER_NS */ |
4375 |
+ |
4376 |
++#define GR_GLOBAL_UID(x) from_kuid_munged(&init_user_ns, (x)) |
4377 |
++#define GR_GLOBAL_GID(x) from_kgid_munged(&init_user_ns, (x)) |
4378 |
++ |
4379 |
+ #endif /* _LINUX_UIDGID_H */ |
4380 |
diff --git a/include/linux/unaligned/access_ok.h b/include/linux/unaligned/access_ok.h |
4381 |
index 99c1b4d..bb94261 100644 |
4382 |
--- a/include/linux/unaligned/access_ok.h |
4383 |
@@ -68732,7 +68725,7 @@ index 0993a22..32ba2fe 100644 |
4384 |
void *pmi_pal; |
4385 |
u8 *vbe_state_orig; /* |
4386 |
diff --git a/init/Kconfig b/init/Kconfig |
4387 |
-index be8b7f5..b13cb62 100644 |
4388 |
+index be8b7f5..1eeca9b 100644 |
4389 |
--- a/init/Kconfig |
4390 |
+++ b/init/Kconfig |
4391 |
@@ -990,6 +990,7 @@ endif # CGROUPS |
4392 |
@@ -68743,16 +68736,7 @@ index be8b7f5..b13cb62 100644 |
4393 |
default n |
4394 |
help |
4395 |
Enables additional kernel features in a sake of checkpoint/restore. |
4396 |
-@@ -1079,6 +1080,8 @@ config UIDGID_CONVERTED |
4397 |
- depends on OCFS2_FS = n |
4398 |
- depends on XFS_FS = n |
4399 |
- |
4400 |
-+ depends on GRKERNSEC = n |
4401 |
-+ |
4402 |
- config UIDGID_STRICT_TYPE_CHECKS |
4403 |
- bool "Require conversions between uid/gids and their internal representation" |
4404 |
- depends on UIDGID_CONVERTED |
4405 |
-@@ -1468,7 +1471,7 @@ config SLUB_DEBUG |
4406 |
+@@ -1468,7 +1469,7 @@ config SLUB_DEBUG |
4407 |
|
4408 |
config COMPAT_BRK |
4409 |
bool "Disable heap randomization" |
4410 |
@@ -68761,7 +68745,7 @@ index be8b7f5..b13cb62 100644 |
4411 |
help |
4412 |
Randomizing heap placement makes heap exploits harder, but it |
4413 |
also breaks ancient binaries (including anything libc5 based). |
4414 |
-@@ -1711,7 +1714,7 @@ config INIT_ALL_POSSIBLE |
4415 |
+@@ -1711,7 +1712,7 @@ config INIT_ALL_POSSIBLE |
4416 |
config STOP_MACHINE |
4417 |
bool |
4418 |
default y |
4419 |
@@ -69091,7 +69075,7 @@ index 84c6bf1..8899338 100644 |
4420 |
next_state = Reset; |
4421 |
return 0; |
4422 |
diff --git a/init/main.c b/init/main.c |
4423 |
-index cee4b5c..47f445e 100644 |
4424 |
+index cee4b5c..9c267d9 100644 |
4425 |
--- a/init/main.c |
4426 |
+++ b/init/main.c |
4427 |
@@ -96,6 +96,8 @@ static inline void mark_rodata_ro(void) { } |
4428 |
@@ -69108,10 +69092,10 @@ index cee4b5c..47f445e 100644 |
4429 |
__setup("reset_devices", set_reset_devices); |
4430 |
|
4431 |
+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP |
4432 |
-+int grsec_proc_gid = CONFIG_GRKERNSEC_PROC_GID; |
4433 |
++kgid_t grsec_proc_gid = KGIDT_INIT(CONFIG_GRKERNSEC_PROC_GID); |
4434 |
+static int __init setup_grsec_proc_gid(char *str) |
4435 |
+{ |
4436 |
-+ grsec_proc_gid = (int)simple_strtol(str, NULL, 0); |
4437 |
++ grsec_proc_gid = KGIDT_INIT(simple_strtol(str, NULL, 0)); |
4438 |
+ return 1; |
4439 |
+} |
4440 |
+__setup("grsec_proc_gid=", setup_grsec_proc_gid); |
4441 |
@@ -69334,7 +69318,7 @@ index 58d31f1..cce7a55 100644 |
4442 |
sem_params.flg = semflg; |
4443 |
sem_params.u.nsems = nsems; |
4444 |
diff --git a/ipc/shm.c b/ipc/shm.c |
4445 |
-index 4fa6d8f..38dfd0c 100644 |
4446 |
+index 4fa6d8f..55cff14 100644 |
4447 |
--- a/ipc/shm.c |
4448 |
+++ b/ipc/shm.c |
4449 |
@@ -69,6 +69,14 @@ static void shm_destroy (struct ipc_namespace *ns, struct shmid_kernel *shp); |
4450 |
@@ -69343,7 +69327,7 @@ index 4fa6d8f..38dfd0c 100644 |
4451 |
|
4452 |
+#ifdef CONFIG_GRKERNSEC |
4453 |
+extern int gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid, |
4454 |
-+ const time_t shm_createtime, const uid_t cuid, |
4455 |
++ const time_t shm_createtime, const kuid_t cuid, |
4456 |
+ const int shmid); |
4457 |
+extern int gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid, |
4458 |
+ const time_t shm_createtime); |
4459 |
@@ -69599,10 +69583,10 @@ index 493d972..f87dfbd 100644 |
4460 |
+ return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid); |
4461 |
+} |
4462 |
diff --git a/kernel/cgroup.c b/kernel/cgroup.c |
4463 |
-index 4855892..30d23b4 100644 |
4464 |
+index 1e23664..570a83d 100644 |
4465 |
--- a/kernel/cgroup.c |
4466 |
+++ b/kernel/cgroup.c |
4467 |
-@@ -5535,7 +5535,7 @@ static int cgroup_css_links_read(struct cgroup *cont, |
4468 |
+@@ -5543,7 +5543,7 @@ static int cgroup_css_links_read(struct cgroup *cont, |
4469 |
struct css_set *cg = link->cg; |
4470 |
struct task_struct *task; |
4471 |
int count = 0; |
4472 |
@@ -69794,7 +69778,7 @@ index 42e8fa0..9e7406b 100644 |
4473 |
return -ENOMEM; |
4474 |
|
4475 |
diff --git a/kernel/cred.c b/kernel/cred.c |
4476 |
-index e0573a4..eefe488 100644 |
4477 |
+index e0573a4..3874e41 100644 |
4478 |
--- a/kernel/cred.c |
4479 |
+++ b/kernel/cred.c |
4480 |
@@ -164,6 +164,16 @@ void exit_creds(struct task_struct *tsk) |
4481 |
@@ -69832,7 +69816,7 @@ index e0573a4..eefe488 100644 |
4482 |
/* dumpability changes */ |
4483 |
if (!uid_eq(old->euid, new->euid) || |
4484 |
!gid_eq(old->egid, new->egid) || |
4485 |
-@@ -479,6 +491,101 @@ int commit_creds(struct cred *new) |
4486 |
+@@ -479,6 +491,102 @@ int commit_creds(struct cred *new) |
4487 |
put_cred(old); |
4488 |
return 0; |
4489 |
} |
4490 |
@@ -69846,7 +69830,7 @@ index e0573a4..eefe488 100644 |
4491 |
+ |
4492 |
+ current->delayed_cred = NULL; |
4493 |
+ |
4494 |
-+ if (current_uid() && new != NULL) { |
4495 |
++ if (!uid_eq(current_uid(), GLOBAL_ROOT_UID) && new != NULL) { |
4496 |
+ // from doing get_cred on it when queueing this |
4497 |
+ put_cred(new); |
4498 |
+ return; |
4499 |
@@ -69907,7 +69891,8 @@ index e0573a4..eefe488 100644 |
4500 |
+ init_cred |
4501 |
+ */ |
4502 |
+ if (grsec_enable_setxid && !current_is_single_threaded() && |
4503 |
-+ !current_uid() && new->uid) { |
4504 |
++ uid_eq(current_uid(), GLOBAL_ROOT_UID) && |
4505 |
++ !uid_eq(new->uid, GLOBAL_ROOT_UID)) { |
4506 |
+ schedule_it = 1; |
4507 |
+ } |
4508 |
+ ret = __commit_creds(new); |
4509 |
@@ -70639,7 +70624,7 @@ index 60f48fa..7f3a770 100644 |
4510 |
|
4511 |
static int |
4512 |
diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c |
4513 |
-index 2169fee..45c017a 100644 |
4514 |
+index 2169fee..706ccca 100644 |
4515 |
--- a/kernel/kallsyms.c |
4516 |
+++ b/kernel/kallsyms.c |
4517 |
@@ -11,6 +11,9 @@ |
4518 |
@@ -70728,7 +70713,7 @@ index 2169fee..45c017a 100644 |
4519 |
struct kallsym_iter *iter = m->private; |
4520 |
|
4521 |
+#ifdef CONFIG_GRKERNSEC_HIDESYM |
4522 |
-+ if (current_uid()) |
4523 |
++ if (!uid_eq(current_uid(), GLOBAL_ROOT_UID)) |
4524 |
+ return 0; |
4525 |
+#endif |
4526 |
+ |
4527 |
@@ -70782,7 +70767,7 @@ index 5e4bd78..00c5b91 100644 |
4528 |
|
4529 |
/* Don't allow clients that don't understand the native |
4530 |
diff --git a/kernel/kmod.c b/kernel/kmod.c |
4531 |
-index 0023a87..3fe3781 100644 |
4532 |
+index 0023a87..b893e79 100644 |
4533 |
--- a/kernel/kmod.c |
4534 |
+++ b/kernel/kmod.c |
4535 |
@@ -74,7 +74,7 @@ static void free_modprobe_argv(struct subprocess_info *info) |
4536 |
@@ -70840,7 +70825,7 @@ index 0023a87..3fe3781 100644 |
4537 |
return ret; |
4538 |
|
4539 |
+#ifdef CONFIG_GRKERNSEC_MODHARDEN |
4540 |
-+ if (!current_uid()) { |
4541 |
++ if (uid_eq(current_uid(), GLOBAL_ROOT_UID)) { |
4542 |
+ /* hack to workaround consolekit/udisks stupidity */ |
4543 |
+ read_lock(&tasklist_lock); |
4544 |
+ if (!strcmp(current->comm, "mount") && |
4545 |
@@ -70885,12 +70870,12 @@ index 0023a87..3fe3781 100644 |
4546 |
+ int ret; |
4547 |
+ |
4548 |
+#ifdef CONFIG_GRKERNSEC_MODHARDEN |
4549 |
-+ if (current_uid()) { |
4550 |
++ if (!uid_eq(current_uid(), GLOBAL_ROOT_UID)) { |
4551 |
+ char module_param[MODULE_NAME_LEN]; |
4552 |
+ |
4553 |
+ memset(module_param, 0, sizeof(module_param)); |
4554 |
+ |
4555 |
-+ snprintf(module_param, sizeof(module_param) - 1, "grsec_modharden_normal%u_", current_uid()); |
4556 |
++ snprintf(module_param, sizeof(module_param) - 1, "grsec_modharden_normal%u_", GR_GLOBAL_UID(current_uid())); |
4557 |
+ |
4558 |
+ va_start(args, fmt); |
4559 |
+ ret = ____request_module(wait, module_param, fmt, args); |
4560 |
@@ -72087,7 +72072,7 @@ index 942ca27..111e609 100644 |
4561 |
.clock_get = thread_cpu_clock_get, |
4562 |
.timer_create = thread_cpu_timer_create, |
4563 |
diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c |
4564 |
-index 69185ae..cc2847a 100644 |
4565 |
+index e885be1..380fe76 100644 |
4566 |
--- a/kernel/posix-timers.c |
4567 |
+++ b/kernel/posix-timers.c |
4568 |
@@ -43,6 +43,7 @@ |
4569 |
@@ -72170,7 +72155,7 @@ index 69185ae..cc2847a 100644 |
4570 |
} |
4571 |
|
4572 |
static int common_timer_create(struct k_itimer *new_timer) |
4573 |
-@@ -959,6 +960,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock, |
4574 |
+@@ -966,6 +967,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock, |
4575 |
if (copy_from_user(&new_tp, tp, sizeof (*tp))) |
4576 |
return -EFAULT; |
4577 |
|
4578 |
@@ -73541,7 +73526,7 @@ index 2f194e9..2c05ea9 100644 |
4579 |
.priority = 10, |
4580 |
}; |
4581 |
diff --git a/kernel/sys.c b/kernel/sys.c |
4582 |
-index 265b376..b0cd50d 100644 |
4583 |
+index 265b376..4e42ef5 100644 |
4584 |
--- a/kernel/sys.c |
4585 |
+++ b/kernel/sys.c |
4586 |
@@ -157,6 +157,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error) |
4587 |
@@ -73561,7 +73546,7 @@ index 265b376..b0cd50d 100644 |
4588 |
goto error; |
4589 |
} |
4590 |
|
4591 |
-+ if (gr_check_group_change(new->gid, new->egid, -1)) |
4592 |
++ if (gr_check_group_change(new->gid, new->egid, INVALID_GID)) |
4593 |
+ goto error; |
4594 |
+ |
4595 |
if (rgid != (gid_t) -1 || |
4596 |
@@ -73591,7 +73576,7 @@ index 265b376..b0cd50d 100644 |
4597 |
goto error; |
4598 |
} |
4599 |
|
4600 |
-+ if (gr_check_user_change(new->uid, new->euid, -1)) |
4601 |
++ if (gr_check_user_change(new->uid, new->euid, INVALID_UID)) |
4602 |
+ goto error; |
4603 |
+ |
4604 |
if (!uid_eq(new->uid, old->uid)) { |
4605 |
@@ -73614,7 +73599,7 @@ index 265b376..b0cd50d 100644 |
4606 |
goto error; |
4607 |
} |
4608 |
|
4609 |
-+ if (gr_check_user_change(kruid, keuid, -1)) |
4610 |
++ if (gr_check_user_change(kruid, keuid, INVALID_UID)) |
4611 |
+ goto error; |
4612 |
+ |
4613 |
if (ruid != (uid_t) -1) { |
4614 |
@@ -73624,7 +73609,7 @@ index 265b376..b0cd50d 100644 |
4615 |
goto error; |
4616 |
} |
4617 |
|
4618 |
-+ if (gr_check_group_change(krgid, kegid, -1)) |
4619 |
++ if (gr_check_group_change(krgid, kegid, INVALID_GID)) |
4620 |
+ goto error; |
4621 |
+ |
4622 |
if (rgid != (gid_t) -1) |
4623 |
@@ -73634,7 +73619,7 @@ index 265b376..b0cd50d 100644 |
4624 |
if (!uid_valid(kuid)) |
4625 |
return old_fsuid; |
4626 |
|
4627 |
-+ if (gr_check_user_change(-1, -1, kuid)) |
4628 |
++ if (gr_check_user_change(INVALID_UID, INVALID_UID, kuid)) |
4629 |
+ goto error; |
4630 |
+ |
4631 |
new = prepare_creds(); |
4632 |
@@ -73652,7 +73637,7 @@ index 265b376..b0cd50d 100644 |
4633 |
if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->egid) || |
4634 |
gid_eq(kgid, old->sgid) || gid_eq(kgid, old->fsgid) || |
4635 |
nsown_capable(CAP_SETGID)) { |
4636 |
-+ if (gr_check_group_change(-1, -1, kgid)) |
4637 |
++ if (gr_check_group_change(INVALID_GID, INVALID_GID, kgid)) |
4638 |
+ goto error; |
4639 |
+ |
4640 |
if (!gid_eq(kgid, old->fsgid)) { |
4641 |
@@ -73896,7 +73881,7 @@ index c88878d..99d321b 100644 |
4642 |
EXPORT_SYMBOL(proc_doulongvec_minmax); |
4643 |
EXPORT_SYMBOL(proc_doulongvec_ms_jiffies_minmax); |
4644 |
diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c |
4645 |
-index 5a63844..a199f50 100644 |
4646 |
+index 0ddf3a0..a199f50 100644 |
4647 |
--- a/kernel/sysctl_binary.c |
4648 |
+++ b/kernel/sysctl_binary.c |
4649 |
@@ -989,7 +989,7 @@ static ssize_t bin_intvec(struct file *file, |
4650 |
@@ -73953,19 +73938,7 @@ index 5a63844..a199f50 100644 |
4651 |
set_fs(old_fs); |
4652 |
if (result < 0) |
4653 |
goto out; |
4654 |
-@@ -1194,9 +1194,10 @@ static ssize_t bin_dn_node_address(struct file *file, |
4655 |
- |
4656 |
- /* Convert the decnet address to binary */ |
4657 |
- result = -EIO; |
4658 |
-- nodep = strchr(buf, '.') + 1; |
4659 |
-+ nodep = strchr(buf, '.'); |
4660 |
- if (!nodep) |
4661 |
- goto out; |
4662 |
-+ ++nodep; |
4663 |
- |
4664 |
- area = simple_strtoul(buf, NULL, 10); |
4665 |
- node = simple_strtoul(nodep, NULL, 10); |
4666 |
-@@ -1233,7 +1234,7 @@ static ssize_t bin_dn_node_address(struct file *file, |
4667 |
+@@ -1234,7 +1234,7 @@ static ssize_t bin_dn_node_address(struct file *file, |
4668 |
le16_to_cpu(dnaddr) & 0x3ff); |
4669 |
|
4670 |
set_fs(KERNEL_DS); |
4671 |
@@ -74236,7 +74209,7 @@ index c0bd030..62a1927 100644 |
4672 |
ret = -EIO; |
4673 |
bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt, |
4674 |
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c |
4675 |
-index 41473b4..325fcfc 100644 |
4676 |
+index 43defd1..76da436 100644 |
4677 |
--- a/kernel/trace/ftrace.c |
4678 |
+++ b/kernel/trace/ftrace.c |
4679 |
@@ -1874,12 +1874,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) |
4680 |
@@ -74279,7 +74252,7 @@ index 41473b4..325fcfc 100644 |
4681 |
|
4682 |
start_pg = ftrace_allocate_pages(count); |
4683 |
if (!start_pg) |
4684 |
-@@ -4541,8 +4548,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write, |
4685 |
+@@ -4559,8 +4566,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write, |
4686 |
#ifdef CONFIG_FUNCTION_GRAPH_TRACER |
4687 |
|
4688 |
static int ftrace_graph_active; |
4689 |
@@ -74288,7 +74261,7 @@ index 41473b4..325fcfc 100644 |
4690 |
int ftrace_graph_entry_stub(struct ftrace_graph_ent *trace) |
4691 |
{ |
4692 |
return 0; |
4693 |
-@@ -4686,6 +4691,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state, |
4694 |
+@@ -4704,6 +4709,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state, |
4695 |
return NOTIFY_DONE; |
4696 |
} |
4697 |
|
4698 |
@@ -74299,7 +74272,7 @@ index 41473b4..325fcfc 100644 |
4699 |
int register_ftrace_graph(trace_func_graph_ret_t retfunc, |
4700 |
trace_func_graph_ent_t entryfunc) |
4701 |
{ |
4702 |
-@@ -4699,7 +4708,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc, |
4703 |
+@@ -4717,7 +4726,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc, |
4704 |
goto out; |
4705 |
} |
4706 |
|
4707 |
@@ -74955,26 +74928,6 @@ index 5e396ac..58d5de1 100644 |
4708 |
err_printk(dev, NULL, "DMA-API: device driver maps memory from" |
4709 |
"stack [addr=%p]\n", addr); |
4710 |
} |
4711 |
-diff --git a/lib/idr.c b/lib/idr.c |
4712 |
-index 6482390..ca5aa00 100644 |
4713 |
---- a/lib/idr.c |
4714 |
-+++ b/lib/idr.c |
4715 |
-@@ -625,7 +625,14 @@ void *idr_get_next(struct idr *idp, int *nextidp) |
4716 |
- return p; |
4717 |
- } |
4718 |
- |
4719 |
-- id += 1 << n; |
4720 |
-+ /* |
4721 |
-+ * Proceed to the next layer at the current level. Unlike |
4722 |
-+ * idr_for_each(), @id isn't guaranteed to be aligned to |
4723 |
-+ * layer boundary at this point and adding 1 << n may |
4724 |
-+ * incorrectly skip IDs. Make sure we jump to the |
4725 |
-+ * beginning of the next layer using round_up(). |
4726 |
-+ */ |
4727 |
-+ id = round_up(id + 1, 1 << n); |
4728 |
- while (n < fls(id)) { |
4729 |
- n += IDR_BITS; |
4730 |
- p = *--paa; |
4731 |
diff --git a/lib/inflate.c b/lib/inflate.c |
4732 |
index 013a761..c28f3fc 100644 |
4733 |
--- a/lib/inflate.c |
4734 |
@@ -76555,7 +76508,7 @@ index c9bd528..da8d069 100644 |
4735 |
capable(CAP_IPC_LOCK)) |
4736 |
ret = do_mlockall(flags); |
4737 |
diff --git a/mm/mmap.c b/mm/mmap.c |
4738 |
-index d1e4124..7d36e4f 100644 |
4739 |
+index 8832b87..7d36e4f 100644 |
4740 |
--- a/mm/mmap.c |
4741 |
+++ b/mm/mmap.c |
4742 |
@@ -32,6 +32,7 @@ |
4743 |
@@ -77301,51 +77254,7 @@ index d1e4124..7d36e4f 100644 |
4744 |
spin_unlock(&vma->vm_mm->page_table_lock); |
4745 |
|
4746 |
perf_event_mmap(vma); |
4747 |
-@@ -2169,9 +2477,28 @@ int expand_downwards(struct vm_area_struct *vma, |
4748 |
- return error; |
4749 |
- } |
4750 |
- |
4751 |
-+/* |
4752 |
-+ * Note how expand_stack() refuses to expand the stack all the way to |
4753 |
-+ * abut the next virtual mapping, *unless* that mapping itself is also |
4754 |
-+ * a stack mapping. We want to leave room for a guard page, after all |
4755 |
-+ * (the guard page itself is not added here, that is done by the |
4756 |
-+ * actual page faulting logic) |
4757 |
-+ * |
4758 |
-+ * This matches the behavior of the guard page logic (see mm/memory.c: |
4759 |
-+ * check_stack_guard_page()), which only allows the guard page to be |
4760 |
-+ * removed under these circumstances. |
4761 |
-+ */ |
4762 |
- #ifdef CONFIG_STACK_GROWSUP |
4763 |
- int expand_stack(struct vm_area_struct *vma, unsigned long address) |
4764 |
- { |
4765 |
-+ struct vm_area_struct *next; |
4766 |
-+ |
4767 |
-+ address &= PAGE_MASK; |
4768 |
-+ next = vma->vm_next; |
4769 |
-+ if (next && next->vm_start == address + PAGE_SIZE) { |
4770 |
-+ if (!(next->vm_flags & VM_GROWSUP)) |
4771 |
-+ return -ENOMEM; |
4772 |
-+ } |
4773 |
- return expand_upwards(vma, address); |
4774 |
- } |
4775 |
- |
4776 |
-@@ -2194,6 +2521,14 @@ find_extend_vma(struct mm_struct *mm, unsigned long addr) |
4777 |
- #else |
4778 |
- int expand_stack(struct vm_area_struct *vma, unsigned long address) |
4779 |
- { |
4780 |
-+ struct vm_area_struct *prev; |
4781 |
-+ |
4782 |
-+ address &= PAGE_MASK; |
4783 |
-+ prev = vma->vm_prev; |
4784 |
-+ if (prev && prev->vm_end == address) { |
4785 |
-+ if (!(prev->vm_flags & VM_GROWSDOWN)) |
4786 |
-+ return -ENOMEM; |
4787 |
-+ } |
4788 |
- return expand_downwards(vma, address); |
4789 |
- } |
4790 |
- |
4791 |
-@@ -2236,6 +2571,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) |
4792 |
+@@ -2263,6 +2571,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) |
4793 |
do { |
4794 |
long nrpages = vma_pages(vma); |
4795 |
|
4796 |
@@ -77359,7 +77268,7 @@ index d1e4124..7d36e4f 100644 |
4797 |
if (vma->vm_flags & VM_ACCOUNT) |
4798 |
nr_accounted += nrpages; |
4799 |
vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); |
4800 |
-@@ -2281,6 +2623,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, |
4801 |
+@@ -2308,6 +2623,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, |
4802 |
insertion_point = (prev ? &prev->vm_next : &mm->mmap); |
4803 |
vma->vm_prev = NULL; |
4804 |
do { |
4805 |
@@ -77376,7 +77285,7 @@ index d1e4124..7d36e4f 100644 |
4806 |
vma_rb_erase(vma, &mm->mm_rb); |
4807 |
mm->map_count--; |
4808 |
tail_vma = vma; |
4809 |
-@@ -2312,14 +2664,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, |
4810 |
+@@ -2339,14 +2664,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, |
4811 |
struct vm_area_struct *new; |
4812 |
int err = -ENOMEM; |
4813 |
|
4814 |
@@ -77410,7 +77319,7 @@ index d1e4124..7d36e4f 100644 |
4815 |
/* most fields are the same, copy all, and then fixup */ |
4816 |
*new = *vma; |
4817 |
|
4818 |
-@@ -2332,6 +2703,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, |
4819 |
+@@ -2359,6 +2703,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, |
4820 |
new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); |
4821 |
} |
4822 |
|
4823 |
@@ -77433,7 +77342,7 @@ index d1e4124..7d36e4f 100644 |
4824 |
pol = mpol_dup(vma_policy(vma)); |
4825 |
if (IS_ERR(pol)) { |
4826 |
err = PTR_ERR(pol); |
4827 |
-@@ -2354,6 +2741,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, |
4828 |
+@@ -2381,6 +2741,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, |
4829 |
else |
4830 |
err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); |
4831 |
|
4832 |
@@ -77470,7 +77379,7 @@ index d1e4124..7d36e4f 100644 |
4833 |
/* Success. */ |
4834 |
if (!err) |
4835 |
return 0; |
4836 |
-@@ -2363,10 +2780,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, |
4837 |
+@@ -2390,10 +2780,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, |
4838 |
new->vm_ops->close(new); |
4839 |
if (new->vm_file) |
4840 |
fput(new->vm_file); |
4841 |
@@ -77490,7 +77399,7 @@ index d1e4124..7d36e4f 100644 |
4842 |
kmem_cache_free(vm_area_cachep, new); |
4843 |
out_err: |
4844 |
return err; |
4845 |
-@@ -2379,6 +2804,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, |
4846 |
+@@ -2406,6 +2804,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, |
4847 |
int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, |
4848 |
unsigned long addr, int new_below) |
4849 |
{ |
4850 |
@@ -77506,7 +77415,7 @@ index d1e4124..7d36e4f 100644 |
4851 |
if (mm->map_count >= sysctl_max_map_count) |
4852 |
return -ENOMEM; |
4853 |
|
4854 |
-@@ -2390,11 +2824,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, |
4855 |
+@@ -2417,11 +2824,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, |
4856 |
* work. This now handles partial unmappings. |
4857 |
* Jeremy Fitzhardinge <jeremy@××××.org> |
4858 |
*/ |
4859 |
@@ -77537,7 +77446,7 @@ index d1e4124..7d36e4f 100644 |
4860 |
if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) |
4861 |
return -EINVAL; |
4862 |
|
4863 |
-@@ -2469,6 +2922,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) |
4864 |
+@@ -2496,6 +2922,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) |
4865 |
/* Fix up all other VM information */ |
4866 |
remove_vma_list(mm, vma); |
4867 |
|
4868 |
@@ -77546,7 +77455,7 @@ index d1e4124..7d36e4f 100644 |
4869 |
return 0; |
4870 |
} |
4871 |
|
4872 |
-@@ -2477,6 +2932,13 @@ int vm_munmap(unsigned long start, size_t len) |
4873 |
+@@ -2504,6 +2932,13 @@ int vm_munmap(unsigned long start, size_t len) |
4874 |
int ret; |
4875 |
struct mm_struct *mm = current->mm; |
4876 |
|
4877 |
@@ -77560,7 +77469,7 @@ index d1e4124..7d36e4f 100644 |
4878 |
down_write(&mm->mmap_sem); |
4879 |
ret = do_munmap(mm, start, len); |
4880 |
up_write(&mm->mmap_sem); |
4881 |
-@@ -2490,16 +2952,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) |
4882 |
+@@ -2517,16 +2952,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) |
4883 |
return vm_munmap(addr, len); |
4884 |
} |
4885 |
|
4886 |
@@ -77577,7 +77486,7 @@ index d1e4124..7d36e4f 100644 |
4887 |
/* |
4888 |
* this is really a simplified "do_mmap". it only handles |
4889 |
* anonymous maps. eventually we may be able to do some |
4890 |
-@@ -2513,6 +2965,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) |
4891 |
+@@ -2540,6 +2965,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) |
4892 |
struct rb_node ** rb_link, * rb_parent; |
4893 |
pgoff_t pgoff = addr >> PAGE_SHIFT; |
4894 |
int error; |
4895 |
@@ -77585,7 +77494,7 @@ index d1e4124..7d36e4f 100644 |
4896 |
|
4897 |
len = PAGE_ALIGN(len); |
4898 |
if (!len) |
4899 |
-@@ -2520,16 +2973,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) |
4900 |
+@@ -2547,16 +2973,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) |
4901 |
|
4902 |
flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; |
4903 |
|
4904 |
@@ -77617,7 +77526,7 @@ index d1e4124..7d36e4f 100644 |
4905 |
locked += mm->locked_vm; |
4906 |
lock_limit = rlimit(RLIMIT_MEMLOCK); |
4907 |
lock_limit >>= PAGE_SHIFT; |
4908 |
-@@ -2546,21 +3013,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) |
4909 |
+@@ -2573,21 +3013,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) |
4910 |
/* |
4911 |
* Clear old maps. this also does some error checking for us |
4912 |
*/ |
4913 |
@@ -77642,7 +77551,7 @@ index d1e4124..7d36e4f 100644 |
4914 |
return -ENOMEM; |
4915 |
|
4916 |
/* Can we just expand an old private anonymous mapping? */ |
4917 |
-@@ -2574,7 +3040,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) |
4918 |
+@@ -2601,7 +3040,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) |
4919 |
*/ |
4920 |
vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); |
4921 |
if (!vma) { |
4922 |
@@ -77651,7 +77560,7 @@ index d1e4124..7d36e4f 100644 |
4923 |
return -ENOMEM; |
4924 |
} |
4925 |
|
4926 |
-@@ -2588,11 +3054,12 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) |
4927 |
+@@ -2615,11 +3054,12 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) |
4928 |
vma_link(mm, vma, prev, rb_link, rb_parent); |
4929 |
out: |
4930 |
perf_event_mmap(vma); |
4931 |
@@ -77666,7 +77575,7 @@ index d1e4124..7d36e4f 100644 |
4932 |
return addr; |
4933 |
} |
4934 |
|
4935 |
-@@ -2650,6 +3117,7 @@ void exit_mmap(struct mm_struct *mm) |
4936 |
+@@ -2677,6 +3117,7 @@ void exit_mmap(struct mm_struct *mm) |
4937 |
while (vma) { |
4938 |
if (vma->vm_flags & VM_ACCOUNT) |
4939 |
nr_accounted += vma_pages(vma); |
4940 |
@@ -77674,7 +77583,7 @@ index d1e4124..7d36e4f 100644 |
4941 |
vma = remove_vma(vma); |
4942 |
} |
4943 |
vm_unacct_memory(nr_accounted); |
4944 |
-@@ -2666,6 +3134,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) |
4945 |
+@@ -2693,6 +3134,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) |
4946 |
struct vm_area_struct *prev; |
4947 |
struct rb_node **rb_link, *rb_parent; |
4948 |
|
4949 |
@@ -77688,7 +77597,7 @@ index d1e4124..7d36e4f 100644 |
4950 |
/* |
4951 |
* The vm_pgoff of a purely anonymous vma should be irrelevant |
4952 |
* until its first write fault, when page's anon_vma and index |
4953 |
-@@ -2689,7 +3164,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) |
4954 |
+@@ -2716,7 +3164,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) |
4955 |
security_vm_enough_memory_mm(mm, vma_pages(vma))) |
4956 |
return -ENOMEM; |
4957 |
|
4958 |
@@ -77710,7 +77619,7 @@ index d1e4124..7d36e4f 100644 |
4959 |
return 0; |
4960 |
} |
4961 |
|
4962 |
-@@ -2709,6 +3198,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, |
4963 |
+@@ -2736,6 +3198,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, |
4964 |
struct mempolicy *pol; |
4965 |
bool faulted_in_anon_vma = true; |
4966 |
|
4967 |
@@ -77719,7 +77628,7 @@ index d1e4124..7d36e4f 100644 |
4968 |
/* |
4969 |
* If anonymous vma has not yet been faulted, update new pgoff |
4970 |
* to match new location, to increase its chance of merging. |
4971 |
-@@ -2775,6 +3266,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, |
4972 |
+@@ -2802,6 +3266,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, |
4973 |
return NULL; |
4974 |
} |
4975 |
|
4976 |
@@ -77759,7 +77668,7 @@ index d1e4124..7d36e4f 100644 |
4977 |
/* |
4978 |
* Return true if the calling process may expand its vm space by the passed |
4979 |
* number of pages |
4980 |
-@@ -2786,6 +3310,12 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) |
4981 |
+@@ -2813,6 +3310,12 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) |
4982 |
|
4983 |
lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; |
4984 |
|
4985 |
@@ -77772,7 +77681,7 @@ index d1e4124..7d36e4f 100644 |
4986 |
if (cur + npages > lim) |
4987 |
return 0; |
4988 |
return 1; |
4989 |
-@@ -2856,6 +3386,22 @@ int install_special_mapping(struct mm_struct *mm, |
4990 |
+@@ -2883,6 +3386,22 @@ int install_special_mapping(struct mm_struct *mm, |
4991 |
vma->vm_start = addr; |
4992 |
vma->vm_end = addr + len; |
4993 |
|
4994 |
@@ -85392,6 +85301,21 @@ index 38be92c..21f49ee 100644 |
4995 |
.name = "smack", |
4996 |
|
4997 |
.ptrace_access_check = smack_ptrace_access_check, |
4998 |
+diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c |
4999 |
+index 390c646..f2f8db3 100644 |
5000 |
+--- a/security/tomoyo/mount.c |
5001 |
++++ b/security/tomoyo/mount.c |
5002 |
+@@ -118,6 +118,10 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, |
5003 |
+ type == tomoyo_mounts[TOMOYO_MOUNT_MOVE]) { |
5004 |
+ need_dev = -1; /* dev_name is a directory */ |
5005 |
+ } else { |
5006 |
++ if (!capable(CAP_SYS_ADMIN)) { |
5007 |
++ error = -EPERM; |
5008 |
++ goto out; |
5009 |
++ } |
5010 |
+ fstype = get_fs_type(type); |
5011 |
+ if (!fstype) { |
5012 |
+ error = -ENODEV; |
5013 |
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c |
5014 |
index a2ee362..5754f34 100644 |
5015 |
--- a/security/tomoyo/tomoyo.c |