1 |
commit: 1ec392f3e79af1daa039ffd7fd5245ec48584a3b |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Oct 27 15:03:11 2013 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Oct 27 15:03:11 2013 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=1ec392f3 |
7 |
|
8 |
Grsec/PaX: 2.9.1-{3.2.51,3.11.6}-201310260850 |
9 |
|
10 |
--- |
11 |
3.11.6/0000_README | 6 +- |
12 |
3.11.6/1005_linux-3.11.6.patch | 2260 -------------------- |
13 |
...420_grsecurity-2.9.1-3.11.6-201310260850.patch} | 23 +- |
14 |
3.2.51/0000_README | 2 +- |
15 |
...420_grsecurity-2.9.1-3.2.51-201310260849.patch} | 17 +- |
16 |
5 files changed, 18 insertions(+), 2290 deletions(-) |
17 |
|
18 |
diff --git a/3.11.6/0000_README b/3.11.6/0000_README |
19 |
index db9995c..2d9249d 100644 |
20 |
--- a/3.11.6/0000_README |
21 |
+++ b/3.11.6/0000_README |
22 |
@@ -2,11 +2,7 @@ README |
23 |
----------------------------------------------------------------------------- |
24 |
Individual Patch Descriptions: |
25 |
----------------------------------------------------------------------------- |
26 |
-Patch: 1005_linux-3.11.6.patch |
27 |
-From: http://www.kernel.org |
28 |
-Desc: Linux 3.11.6 |
29 |
- |
30 |
-Patch: 4420_grsecurity-2.9.1-3.11.6-201310191259.patch |
31 |
+Patch: 4420_grsecurity-2.9.1-3.11.6-201310260850.patch |
32 |
From: http://www.grsecurity.net |
33 |
Desc: hardened-sources base patch from upstream grsecurity |
34 |
|
35 |
|
36 |
diff --git a/3.11.6/1005_linux-3.11.6.patch b/3.11.6/1005_linux-3.11.6.patch |
37 |
deleted file mode 100644 |
38 |
index ad3cb53..0000000 |
39 |
--- a/3.11.6/1005_linux-3.11.6.patch |
40 |
+++ /dev/null |
41 |
@@ -1,2260 +0,0 @@ |
42 |
-diff --git a/Makefile b/Makefile |
43 |
-index 83121b7..e87ba83 100644 |
44 |
---- a/Makefile |
45 |
-+++ b/Makefile |
46 |
-@@ -1,6 +1,6 @@ |
47 |
- VERSION = 3 |
48 |
- PATCHLEVEL = 11 |
49 |
--SUBLEVEL = 5 |
50 |
-+SUBLEVEL = 6 |
51 |
- EXTRAVERSION = |
52 |
- NAME = Linux for Workgroups |
53 |
- |
54 |
-diff --git a/arch/arc/include/asm/delay.h b/arch/arc/include/asm/delay.h |
55 |
-index 442ce5d..43de302 100644 |
56 |
---- a/arch/arc/include/asm/delay.h |
57 |
-+++ b/arch/arc/include/asm/delay.h |
58 |
-@@ -53,11 +53,10 @@ static inline void __udelay(unsigned long usecs) |
59 |
- { |
60 |
- unsigned long loops; |
61 |
- |
62 |
-- /* (long long) cast ensures 64 bit MPY - real or emulated |
63 |
-+ /* (u64) cast ensures 64 bit MPY - real or emulated |
64 |
- * HZ * 4295 is pre-evaluated by gcc - hence only 2 mpy ops |
65 |
- */ |
66 |
-- loops = ((long long)(usecs * 4295 * HZ) * |
67 |
-- (long long)(loops_per_jiffy)) >> 32; |
68 |
-+ loops = ((u64) usecs * 4295 * HZ * loops_per_jiffy) >> 32; |
69 |
- |
70 |
- __delay(loops); |
71 |
- } |
72 |
-diff --git a/arch/arc/include/asm/spinlock.h b/arch/arc/include/asm/spinlock.h |
73 |
-index f158197..b6a8c2d 100644 |
74 |
---- a/arch/arc/include/asm/spinlock.h |
75 |
-+++ b/arch/arc/include/asm/spinlock.h |
76 |
-@@ -45,7 +45,14 @@ static inline int arch_spin_trylock(arch_spinlock_t *lock) |
77 |
- |
78 |
- static inline void arch_spin_unlock(arch_spinlock_t *lock) |
79 |
- { |
80 |
-- lock->slock = __ARCH_SPIN_LOCK_UNLOCKED__; |
81 |
-+ unsigned int tmp = __ARCH_SPIN_LOCK_UNLOCKED__; |
82 |
-+ |
83 |
-+ __asm__ __volatile__( |
84 |
-+ " ex %0, [%1] \n" |
85 |
-+ : "+r" (tmp) |
86 |
-+ : "r"(&(lock->slock)) |
87 |
-+ : "memory"); |
88 |
-+ |
89 |
- smp_mb(); |
90 |
- } |
91 |
- |
92 |
-diff --git a/arch/arc/include/asm/uaccess.h b/arch/arc/include/asm/uaccess.h |
93 |
-index 3242082..30c9baf 100644 |
94 |
---- a/arch/arc/include/asm/uaccess.h |
95 |
-+++ b/arch/arc/include/asm/uaccess.h |
96 |
-@@ -43,7 +43,7 @@ |
97 |
- * Because it essentially checks if buffer end is within limit and @len is |
98 |
- * non-ngeative, which implies that buffer start will be within limit too. |
99 |
- * |
100 |
-- * The reason for rewriting being, for majorit yof cases, @len is generally |
101 |
-+ * The reason for rewriting being, for majority of cases, @len is generally |
102 |
- * compile time constant, causing first sub-expression to be compile time |
103 |
- * subsumed. |
104 |
- * |
105 |
-@@ -53,7 +53,7 @@ |
106 |
- * |
107 |
- */ |
108 |
- #define __user_ok(addr, sz) (((sz) <= TASK_SIZE) && \ |
109 |
-- (((addr)+(sz)) <= get_fs())) |
110 |
-+ ((addr) <= (get_fs() - (sz)))) |
111 |
- #define __access_ok(addr, sz) (unlikely(__kernel_ok) || \ |
112 |
- likely(__user_ok((addr), (sz)))) |
113 |
- |
114 |
-diff --git a/arch/arc/kernel/ptrace.c b/arch/arc/kernel/ptrace.c |
115 |
-index 3332385..5d76706 100644 |
116 |
---- a/arch/arc/kernel/ptrace.c |
117 |
-+++ b/arch/arc/kernel/ptrace.c |
118 |
-@@ -102,7 +102,7 @@ static int genregs_set(struct task_struct *target, |
119 |
- REG_IGNORE_ONE(pad2); |
120 |
- REG_IN_CHUNK(callee, efa, cregs); /* callee_regs[r25..r13] */ |
121 |
- REG_IGNORE_ONE(efa); /* efa update invalid */ |
122 |
-- REG_IN_ONE(stop_pc, &ptregs->ret); /* stop_pc: PC update */ |
123 |
-+ REG_IGNORE_ONE(stop_pc); /* PC updated via @ret */ |
124 |
- |
125 |
- return ret; |
126 |
- } |
127 |
-diff --git a/arch/arc/kernel/signal.c b/arch/arc/kernel/signal.c |
128 |
-index ee6ef2f..7e95e1a 100644 |
129 |
---- a/arch/arc/kernel/signal.c |
130 |
-+++ b/arch/arc/kernel/signal.c |
131 |
-@@ -101,7 +101,6 @@ SYSCALL_DEFINE0(rt_sigreturn) |
132 |
- { |
133 |
- struct rt_sigframe __user *sf; |
134 |
- unsigned int magic; |
135 |
-- int err; |
136 |
- struct pt_regs *regs = current_pt_regs(); |
137 |
- |
138 |
- /* Always make any pending restarted system calls return -EINTR */ |
139 |
-@@ -119,15 +118,16 @@ SYSCALL_DEFINE0(rt_sigreturn) |
140 |
- if (!access_ok(VERIFY_READ, sf, sizeof(*sf))) |
141 |
- goto badframe; |
142 |
- |
143 |
-- err = restore_usr_regs(regs, sf); |
144 |
-- err |= __get_user(magic, &sf->sigret_magic); |
145 |
-- if (err) |
146 |
-+ if (__get_user(magic, &sf->sigret_magic)) |
147 |
- goto badframe; |
148 |
- |
149 |
- if (unlikely(is_do_ss_needed(magic))) |
150 |
- if (restore_altstack(&sf->uc.uc_stack)) |
151 |
- goto badframe; |
152 |
- |
153 |
-+ if (restore_usr_regs(regs, sf)) |
154 |
-+ goto badframe; |
155 |
-+ |
156 |
- /* Don't restart from sigreturn */ |
157 |
- syscall_wont_restart(regs); |
158 |
- |
159 |
-@@ -191,6 +191,15 @@ setup_rt_frame(int signo, struct k_sigaction *ka, siginfo_t *info, |
160 |
- return 1; |
161 |
- |
162 |
- /* |
163 |
-+ * w/o SA_SIGINFO, struct ucontext is partially populated (only |
164 |
-+ * uc_mcontext/uc_sigmask) for kernel's normal user state preservation |
165 |
-+ * during signal handler execution. This works for SA_SIGINFO as well |
166 |
-+ * although the semantics are now overloaded (the same reg state can be |
167 |
-+ * inspected by userland: but are they allowed to fiddle with it ? |
168 |
-+ */ |
169 |
-+ err |= stash_usr_regs(sf, regs, set); |
170 |
-+ |
171 |
-+ /* |
172 |
- * SA_SIGINFO requires 3 args to signal handler: |
173 |
- * #1: sig-no (common to any handler) |
174 |
- * #2: struct siginfo |
175 |
-@@ -213,14 +222,6 @@ setup_rt_frame(int signo, struct k_sigaction *ka, siginfo_t *info, |
176 |
- magic = MAGIC_SIGALTSTK; |
177 |
- } |
178 |
- |
179 |
-- /* |
180 |
-- * w/o SA_SIGINFO, struct ucontext is partially populated (only |
181 |
-- * uc_mcontext/uc_sigmask) for kernel's normal user state preservation |
182 |
-- * during signal handler execution. This works for SA_SIGINFO as well |
183 |
-- * although the semantics are now overloaded (the same reg state can be |
184 |
-- * inspected by userland: but are they allowed to fiddle with it ? |
185 |
-- */ |
186 |
-- err |= stash_usr_regs(sf, regs, set); |
187 |
- err |= __put_user(magic, &sf->sigret_magic); |
188 |
- if (err) |
189 |
- return err; |
190 |
-diff --git a/arch/arc/kernel/unaligned.c b/arch/arc/kernel/unaligned.c |
191 |
-index c0f832f..00ad070 100644 |
192 |
---- a/arch/arc/kernel/unaligned.c |
193 |
-+++ b/arch/arc/kernel/unaligned.c |
194 |
-@@ -233,6 +233,12 @@ int misaligned_fixup(unsigned long address, struct pt_regs *regs, |
195 |
- regs->status32 &= ~STATUS_DE_MASK; |
196 |
- } else { |
197 |
- regs->ret += state.instr_len; |
198 |
-+ |
199 |
-+ /* handle zero-overhead-loop */ |
200 |
-+ if ((regs->ret == regs->lp_end) && (regs->lp_count)) { |
201 |
-+ regs->ret = regs->lp_start; |
202 |
-+ regs->lp_count--; |
203 |
-+ } |
204 |
- } |
205 |
- |
206 |
- return 0; |
207 |
-diff --git a/arch/arm/include/asm/jump_label.h b/arch/arm/include/asm/jump_label.h |
208 |
-index bfc198c..863c892 100644 |
209 |
---- a/arch/arm/include/asm/jump_label.h |
210 |
-+++ b/arch/arm/include/asm/jump_label.h |
211 |
-@@ -16,7 +16,7 @@ |
212 |
- |
213 |
- static __always_inline bool arch_static_branch(struct static_key *key) |
214 |
- { |
215 |
-- asm goto("1:\n\t" |
216 |
-+ asm_volatile_goto("1:\n\t" |
217 |
- JUMP_LABEL_NOP "\n\t" |
218 |
- ".pushsection __jump_table, \"aw\"\n\t" |
219 |
- ".word 1b, %l[l_yes], %c0\n\t" |
220 |
-diff --git a/arch/mips/include/asm/jump_label.h b/arch/mips/include/asm/jump_label.h |
221 |
-index 4d6d77e..e194f95 100644 |
222 |
---- a/arch/mips/include/asm/jump_label.h |
223 |
-+++ b/arch/mips/include/asm/jump_label.h |
224 |
-@@ -22,7 +22,7 @@ |
225 |
- |
226 |
- static __always_inline bool arch_static_branch(struct static_key *key) |
227 |
- { |
228 |
-- asm goto("1:\tnop\n\t" |
229 |
-+ asm_volatile_goto("1:\tnop\n\t" |
230 |
- "nop\n\t" |
231 |
- ".pushsection __jump_table, \"aw\"\n\t" |
232 |
- WORD_INSN " 1b, %l[l_yes], %0\n\t" |
233 |
-diff --git a/arch/mips/kernel/octeon_switch.S b/arch/mips/kernel/octeon_switch.S |
234 |
-index 4204d76..029e002 100644 |
235 |
---- a/arch/mips/kernel/octeon_switch.S |
236 |
-+++ b/arch/mips/kernel/octeon_switch.S |
237 |
-@@ -73,7 +73,7 @@ |
238 |
- 3: |
239 |
- |
240 |
- #if defined(CONFIG_CC_STACKPROTECTOR) && !defined(CONFIG_SMP) |
241 |
-- PTR_L t8, __stack_chk_guard |
242 |
-+ PTR_LA t8, __stack_chk_guard |
243 |
- LONG_L t9, TASK_STACK_CANARY(a1) |
244 |
- LONG_S t9, 0(t8) |
245 |
- #endif |
246 |
-diff --git a/arch/mips/kernel/r2300_switch.S b/arch/mips/kernel/r2300_switch.S |
247 |
-index 38af83f..20b7b04 100644 |
248 |
---- a/arch/mips/kernel/r2300_switch.S |
249 |
-+++ b/arch/mips/kernel/r2300_switch.S |
250 |
-@@ -67,7 +67,7 @@ LEAF(resume) |
251 |
- 1: |
252 |
- |
253 |
- #if defined(CONFIG_CC_STACKPROTECTOR) && !defined(CONFIG_SMP) |
254 |
-- PTR_L t8, __stack_chk_guard |
255 |
-+ PTR_LA t8, __stack_chk_guard |
256 |
- LONG_L t9, TASK_STACK_CANARY(a1) |
257 |
- LONG_S t9, 0(t8) |
258 |
- #endif |
259 |
-diff --git a/arch/mips/kernel/r4k_switch.S b/arch/mips/kernel/r4k_switch.S |
260 |
-index 921238a..078de5e 100644 |
261 |
---- a/arch/mips/kernel/r4k_switch.S |
262 |
-+++ b/arch/mips/kernel/r4k_switch.S |
263 |
-@@ -69,7 +69,7 @@ |
264 |
- 1: |
265 |
- |
266 |
- #if defined(CONFIG_CC_STACKPROTECTOR) && !defined(CONFIG_SMP) |
267 |
-- PTR_L t8, __stack_chk_guard |
268 |
-+ PTR_LA t8, __stack_chk_guard |
269 |
- LONG_L t9, TASK_STACK_CANARY(a1) |
270 |
- LONG_S t9, 0(t8) |
271 |
- #endif |
272 |
-diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c |
273 |
-index 04e47c6..b3f87a3 100644 |
274 |
---- a/arch/parisc/kernel/traps.c |
275 |
-+++ b/arch/parisc/kernel/traps.c |
276 |
-@@ -805,14 +805,14 @@ void notrace handle_interruption(int code, struct pt_regs *regs) |
277 |
- else { |
278 |
- |
279 |
- /* |
280 |
-- * The kernel should never fault on its own address space. |
281 |
-+ * The kernel should never fault on its own address space, |
282 |
-+ * unless pagefault_disable() was called before. |
283 |
- */ |
284 |
- |
285 |
-- if (fault_space == 0) |
286 |
-+ if (fault_space == 0 && !in_atomic()) |
287 |
- { |
288 |
- pdc_chassis_send_status(PDC_CHASSIS_DIRECT_PANIC); |
289 |
- parisc_terminate("Kernel Fault", regs, code, fault_address); |
290 |
-- |
291 |
- } |
292 |
- } |
293 |
- |
294 |
-diff --git a/arch/powerpc/include/asm/jump_label.h b/arch/powerpc/include/asm/jump_label.h |
295 |
-index ae098c4..f016bb6 100644 |
296 |
---- a/arch/powerpc/include/asm/jump_label.h |
297 |
-+++ b/arch/powerpc/include/asm/jump_label.h |
298 |
-@@ -19,7 +19,7 @@ |
299 |
- |
300 |
- static __always_inline bool arch_static_branch(struct static_key *key) |
301 |
- { |
302 |
-- asm goto("1:\n\t" |
303 |
-+ asm_volatile_goto("1:\n\t" |
304 |
- "nop\n\t" |
305 |
- ".pushsection __jump_table, \"aw\"\n\t" |
306 |
- JUMP_ENTRY_TYPE "1b, %l[l_yes], %c0\n\t" |
307 |
-diff --git a/arch/powerpc/kvm/book3s_hv_rmhandlers.S b/arch/powerpc/kvm/book3s_hv_rmhandlers.S |
308 |
-index b02f91e..7bcd4d6 100644 |
309 |
---- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S |
310 |
-+++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S |
311 |
-@@ -1054,7 +1054,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_206) |
312 |
- BEGIN_FTR_SECTION |
313 |
- mfspr r8, SPRN_DSCR |
314 |
- ld r7, HSTATE_DSCR(r13) |
315 |
-- std r8, VCPU_DSCR(r7) |
316 |
-+ std r8, VCPU_DSCR(r9) |
317 |
- mtspr SPRN_DSCR, r7 |
318 |
- END_FTR_SECTION_IFSET(CPU_FTR_ARCH_206) |
319 |
- |
320 |
-diff --git a/arch/s390/include/asm/jump_label.h b/arch/s390/include/asm/jump_label.h |
321 |
-index 6c32190..346b1c8 100644 |
322 |
---- a/arch/s390/include/asm/jump_label.h |
323 |
-+++ b/arch/s390/include/asm/jump_label.h |
324 |
-@@ -15,7 +15,7 @@ |
325 |
- |
326 |
- static __always_inline bool arch_static_branch(struct static_key *key) |
327 |
- { |
328 |
-- asm goto("0: brcl 0,0\n" |
329 |
-+ asm_volatile_goto("0: brcl 0,0\n" |
330 |
- ".pushsection __jump_table, \"aw\"\n" |
331 |
- ASM_ALIGN "\n" |
332 |
- ASM_PTR " 0b, %l[label], %0\n" |
333 |
-diff --git a/arch/sparc/include/asm/jump_label.h b/arch/sparc/include/asm/jump_label.h |
334 |
-index 5080d16..ec2e2e2 100644 |
335 |
---- a/arch/sparc/include/asm/jump_label.h |
336 |
-+++ b/arch/sparc/include/asm/jump_label.h |
337 |
-@@ -9,7 +9,7 @@ |
338 |
- |
339 |
- static __always_inline bool arch_static_branch(struct static_key *key) |
340 |
- { |
341 |
-- asm goto("1:\n\t" |
342 |
-+ asm_volatile_goto("1:\n\t" |
343 |
- "nop\n\t" |
344 |
- "nop\n\t" |
345 |
- ".pushsection __jump_table, \"aw\"\n\t" |
346 |
-diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h |
347 |
-index 47538a6..7290585 100644 |
348 |
---- a/arch/x86/include/asm/cpufeature.h |
349 |
-+++ b/arch/x86/include/asm/cpufeature.h |
350 |
-@@ -373,7 +373,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) |
351 |
- * Catch too early usage of this before alternatives |
352 |
- * have run. |
353 |
- */ |
354 |
-- asm goto("1: jmp %l[t_warn]\n" |
355 |
-+ asm_volatile_goto("1: jmp %l[t_warn]\n" |
356 |
- "2:\n" |
357 |
- ".section .altinstructions,\"a\"\n" |
358 |
- " .long 1b - .\n" |
359 |
-@@ -386,7 +386,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) |
360 |
- : : "i" (X86_FEATURE_ALWAYS) : : t_warn); |
361 |
- #endif |
362 |
- |
363 |
-- asm goto("1: jmp %l[t_no]\n" |
364 |
-+ asm_volatile_goto("1: jmp %l[t_no]\n" |
365 |
- "2:\n" |
366 |
- ".section .altinstructions,\"a\"\n" |
367 |
- " .long 1b - .\n" |
368 |
-@@ -448,7 +448,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit) |
369 |
- * have. Thus, we force the jump to the widest, 4-byte, signed relative |
370 |
- * offset even though the last would often fit in less bytes. |
371 |
- */ |
372 |
-- asm goto("1: .byte 0xe9\n .long %l[t_dynamic] - 2f\n" |
373 |
-+ asm_volatile_goto("1: .byte 0xe9\n .long %l[t_dynamic] - 2f\n" |
374 |
- "2:\n" |
375 |
- ".section .altinstructions,\"a\"\n" |
376 |
- " .long 1b - .\n" /* src offset */ |
377 |
-diff --git a/arch/x86/include/asm/e820.h b/arch/x86/include/asm/e820.h |
378 |
-index cccd07f..779c2ef 100644 |
379 |
---- a/arch/x86/include/asm/e820.h |
380 |
-+++ b/arch/x86/include/asm/e820.h |
381 |
-@@ -29,7 +29,7 @@ extern void e820_setup_gap(void); |
382 |
- extern int e820_search_gap(unsigned long *gapstart, unsigned long *gapsize, |
383 |
- unsigned long start_addr, unsigned long long end_addr); |
384 |
- struct setup_data; |
385 |
--extern void parse_e820_ext(struct setup_data *data); |
386 |
-+extern void parse_e820_ext(u64 phys_addr, u32 data_len); |
387 |
- |
388 |
- #if defined(CONFIG_X86_64) || \ |
389 |
- (defined(CONFIG_X86_32) && defined(CONFIG_HIBERNATION)) |
390 |
-diff --git a/arch/x86/include/asm/jump_label.h b/arch/x86/include/asm/jump_label.h |
391 |
-index 3a16c14..0297669 100644 |
392 |
---- a/arch/x86/include/asm/jump_label.h |
393 |
-+++ b/arch/x86/include/asm/jump_label.h |
394 |
-@@ -13,7 +13,7 @@ |
395 |
- |
396 |
- static __always_inline bool arch_static_branch(struct static_key *key) |
397 |
- { |
398 |
-- asm goto("1:" |
399 |
-+ asm_volatile_goto("1:" |
400 |
- STATIC_KEY_INITIAL_NOP |
401 |
- ".pushsection __jump_table, \"aw\" \n\t" |
402 |
- _ASM_ALIGN "\n\t" |
403 |
-diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c |
404 |
-index d32abea..174da5f 100644 |
405 |
---- a/arch/x86/kernel/e820.c |
406 |
-+++ b/arch/x86/kernel/e820.c |
407 |
-@@ -658,15 +658,18 @@ __init void e820_setup_gap(void) |
408 |
- * boot_params.e820_map, others are passed via SETUP_E820_EXT node of |
409 |
- * linked list of struct setup_data, which is parsed here. |
410 |
- */ |
411 |
--void __init parse_e820_ext(struct setup_data *sdata) |
412 |
-+void __init parse_e820_ext(u64 phys_addr, u32 data_len) |
413 |
- { |
414 |
- int entries; |
415 |
- struct e820entry *extmap; |
416 |
-+ struct setup_data *sdata; |
417 |
- |
418 |
-+ sdata = early_memremap(phys_addr, data_len); |
419 |
- entries = sdata->len / sizeof(struct e820entry); |
420 |
- extmap = (struct e820entry *)(sdata->data); |
421 |
- __append_e820_map(extmap, entries); |
422 |
- sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map); |
423 |
-+ early_iounmap(sdata, data_len); |
424 |
- printk(KERN_INFO "e820: extended physical RAM map:\n"); |
425 |
- e820_print_map("extended"); |
426 |
- } |
427 |
-diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c |
428 |
-index f8ec578..234e1e3 100644 |
429 |
---- a/arch/x86/kernel/setup.c |
430 |
-+++ b/arch/x86/kernel/setup.c |
431 |
-@@ -426,25 +426,23 @@ static void __init reserve_initrd(void) |
432 |
- static void __init parse_setup_data(void) |
433 |
- { |
434 |
- struct setup_data *data; |
435 |
-- u64 pa_data; |
436 |
-+ u64 pa_data, pa_next; |
437 |
- |
438 |
- pa_data = boot_params.hdr.setup_data; |
439 |
- while (pa_data) { |
440 |
-- u32 data_len, map_len; |
441 |
-+ u32 data_len, map_len, data_type; |
442 |
- |
443 |
- map_len = max(PAGE_SIZE - (pa_data & ~PAGE_MASK), |
444 |
- (u64)sizeof(struct setup_data)); |
445 |
- data = early_memremap(pa_data, map_len); |
446 |
- data_len = data->len + sizeof(struct setup_data); |
447 |
-- if (data_len > map_len) { |
448 |
-- early_iounmap(data, map_len); |
449 |
-- data = early_memremap(pa_data, data_len); |
450 |
-- map_len = data_len; |
451 |
-- } |
452 |
-+ data_type = data->type; |
453 |
-+ pa_next = data->next; |
454 |
-+ early_iounmap(data, map_len); |
455 |
- |
456 |
-- switch (data->type) { |
457 |
-+ switch (data_type) { |
458 |
- case SETUP_E820_EXT: |
459 |
-- parse_e820_ext(data); |
460 |
-+ parse_e820_ext(pa_data, data_len); |
461 |
- break; |
462 |
- case SETUP_DTB: |
463 |
- add_dtb(pa_data); |
464 |
-@@ -452,8 +450,7 @@ static void __init parse_setup_data(void) |
465 |
- default: |
466 |
- break; |
467 |
- } |
468 |
-- pa_data = data->next; |
469 |
-- early_iounmap(data, map_len); |
470 |
-+ pa_data = pa_next; |
471 |
- } |
472 |
- } |
473 |
- |
474 |
-diff --git a/drivers/char/random.c b/drivers/char/random.c |
475 |
-index 0d91fe5..92e6c67 100644 |
476 |
---- a/drivers/char/random.c |
477 |
-+++ b/drivers/char/random.c |
478 |
-@@ -1462,12 +1462,11 @@ struct ctl_table random_table[] = { |
479 |
- |
480 |
- static u32 random_int_secret[MD5_MESSAGE_BYTES / 4] ____cacheline_aligned; |
481 |
- |
482 |
--static int __init random_int_secret_init(void) |
483 |
-+int random_int_secret_init(void) |
484 |
- { |
485 |
- get_random_bytes(random_int_secret, sizeof(random_int_secret)); |
486 |
- return 0; |
487 |
- } |
488 |
--late_initcall(random_int_secret_init); |
489 |
- |
490 |
- /* |
491 |
- * Get a random word for internal kernel use only. Similar to urandom but |
492 |
-diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h |
493 |
-index 342f1f3..c42d31c 100644 |
494 |
---- a/drivers/gpu/drm/i915/i915_reg.h |
495 |
-+++ b/drivers/gpu/drm/i915/i915_reg.h |
496 |
-@@ -3791,6 +3791,9 @@ |
497 |
- #define GEN7_SQ_CHICKEN_MBCUNIT_CONFIG 0x9030 |
498 |
- #define GEN7_SQ_CHICKEN_MBCUNIT_SQINTMOB (1<<11) |
499 |
- |
500 |
-+#define HSW_SCRATCH1 0xb038 |
501 |
-+#define HSW_SCRATCH1_L3_DATA_ATOMICS_DISABLE (1<<27) |
502 |
-+ |
503 |
- #define HSW_FUSE_STRAP 0x42014 |
504 |
- #define HSW_CDCLK_LIMIT (1 << 24) |
505 |
- |
506 |
-@@ -4624,6 +4627,9 @@ |
507 |
- #define GEN7_ROW_CHICKEN2_GT2 0xf4f4 |
508 |
- #define DOP_CLOCK_GATING_DISABLE (1<<0) |
509 |
- |
510 |
-+#define HSW_ROW_CHICKEN3 0xe49c |
511 |
-+#define HSW_ROW_CHICKEN3_L3_GLOBAL_ATOMICS_DISABLE (1 << 6) |
512 |
-+ |
513 |
- #define G4X_AUD_VID_DID (dev_priv->info->display_mmio_offset + 0x62020) |
514 |
- #define INTEL_AUDIO_DEVCL 0x808629FB |
515 |
- #define INTEL_AUDIO_DEVBLC 0x80862801 |
516 |
-diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c |
517 |
-index 7fc8a76..90a7c17 100644 |
518 |
---- a/drivers/gpu/drm/i915/intel_display.c |
519 |
-+++ b/drivers/gpu/drm/i915/intel_display.c |
520 |
-@@ -3890,8 +3890,6 @@ static void intel_connector_check_state(struct intel_connector *connector) |
521 |
- * consider. */ |
522 |
- void intel_connector_dpms(struct drm_connector *connector, int mode) |
523 |
- { |
524 |
-- struct intel_encoder *encoder = intel_attached_encoder(connector); |
525 |
-- |
526 |
- /* All the simple cases only support two dpms states. */ |
527 |
- if (mode != DRM_MODE_DPMS_ON) |
528 |
- mode = DRM_MODE_DPMS_OFF; |
529 |
-@@ -3902,10 +3900,8 @@ void intel_connector_dpms(struct drm_connector *connector, int mode) |
530 |
- connector->dpms = mode; |
531 |
- |
532 |
- /* Only need to change hw state when actually enabled */ |
533 |
-- if (encoder->base.crtc) |
534 |
-- intel_encoder_dpms(encoder, mode); |
535 |
-- else |
536 |
-- WARN_ON(encoder->connectors_active != false); |
537 |
-+ if (connector->encoder) |
538 |
-+ intel_encoder_dpms(to_intel_encoder(connector->encoder), mode); |
539 |
- |
540 |
- intel_modeset_check_state(connector->dev); |
541 |
- } |
542 |
-diff --git a/drivers/gpu/drm/i915/intel_pm.c b/drivers/gpu/drm/i915/intel_pm.c |
543 |
-index b0e4a0b..cad0482 100644 |
544 |
---- a/drivers/gpu/drm/i915/intel_pm.c |
545 |
-+++ b/drivers/gpu/drm/i915/intel_pm.c |
546 |
-@@ -3603,8 +3603,6 @@ static void valleyview_enable_rps(struct drm_device *dev) |
547 |
- dev_priv->rps.rpe_delay), |
548 |
- dev_priv->rps.rpe_delay); |
549 |
- |
550 |
-- INIT_DELAYED_WORK(&dev_priv->rps.vlv_work, vlv_rps_timer_work); |
551 |
-- |
552 |
- valleyview_set_rps(dev_priv->dev, dev_priv->rps.rpe_delay); |
553 |
- |
554 |
- /* requires MSI enabled */ |
555 |
-@@ -4699,6 +4697,11 @@ static void haswell_init_clock_gating(struct drm_device *dev) |
556 |
- I915_WRITE(GEN7_L3_CHICKEN_MODE_REGISTER, |
557 |
- GEN7_WA_L3_CHICKEN_MODE); |
558 |
- |
559 |
-+ /* L3 caching of data atomics doesn't work -- disable it. */ |
560 |
-+ I915_WRITE(HSW_SCRATCH1, HSW_SCRATCH1_L3_DATA_ATOMICS_DISABLE); |
561 |
-+ I915_WRITE(HSW_ROW_CHICKEN3, |
562 |
-+ _MASKED_BIT_ENABLE(HSW_ROW_CHICKEN3_L3_GLOBAL_ATOMICS_DISABLE)); |
563 |
-+ |
564 |
- /* This is required by WaCatErrorRejectionIssue:hsw */ |
565 |
- I915_WRITE(GEN7_SQ_CHICKEN_MBCUNIT_CONFIG, |
566 |
- I915_READ(GEN7_SQ_CHICKEN_MBCUNIT_CONFIG) | |
567 |
-@@ -5562,6 +5565,8 @@ void intel_pm_init(struct drm_device *dev) |
568 |
- |
569 |
- INIT_DELAYED_WORK(&dev_priv->rps.delayed_resume_work, |
570 |
- intel_gen6_powersave_work); |
571 |
-+ |
572 |
-+ INIT_DELAYED_WORK(&dev_priv->rps.vlv_work, vlv_rps_timer_work); |
573 |
- } |
574 |
- |
575 |
- int sandybridge_pcode_read(struct drm_i915_private *dev_priv, u8 mbox, u32 *val) |
576 |
-diff --git a/drivers/gpu/drm/radeon/btc_dpm.c b/drivers/gpu/drm/radeon/btc_dpm.c |
577 |
-index 084e694..639b9aa 100644 |
578 |
---- a/drivers/gpu/drm/radeon/btc_dpm.c |
579 |
-+++ b/drivers/gpu/drm/radeon/btc_dpm.c |
580 |
-@@ -1913,7 +1913,7 @@ static int btc_set_mc_special_registers(struct radeon_device *rdev, |
581 |
- } |
582 |
- j++; |
583 |
- |
584 |
-- if (j > SMC_EVERGREEN_MC_REGISTER_ARRAY_SIZE) |
585 |
-+ if (j >= SMC_EVERGREEN_MC_REGISTER_ARRAY_SIZE) |
586 |
- return -EINVAL; |
587 |
- |
588 |
- tmp = RREG32(MC_PMG_CMD_MRS); |
589 |
-@@ -1928,7 +1928,7 @@ static int btc_set_mc_special_registers(struct radeon_device *rdev, |
590 |
- } |
591 |
- j++; |
592 |
- |
593 |
-- if (j > SMC_EVERGREEN_MC_REGISTER_ARRAY_SIZE) |
594 |
-+ if (j >= SMC_EVERGREEN_MC_REGISTER_ARRAY_SIZE) |
595 |
- return -EINVAL; |
596 |
- break; |
597 |
- case MC_SEQ_RESERVE_M >> 2: |
598 |
-@@ -1942,7 +1942,7 @@ static int btc_set_mc_special_registers(struct radeon_device *rdev, |
599 |
- } |
600 |
- j++; |
601 |
- |
602 |
-- if (j > SMC_EVERGREEN_MC_REGISTER_ARRAY_SIZE) |
603 |
-+ if (j >= SMC_EVERGREEN_MC_REGISTER_ARRAY_SIZE) |
604 |
- return -EINVAL; |
605 |
- break; |
606 |
- default: |
607 |
-diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c |
608 |
-index 94dab1e..8307883 100644 |
609 |
---- a/drivers/gpu/drm/radeon/evergreen.c |
610 |
-+++ b/drivers/gpu/drm/radeon/evergreen.c |
611 |
-@@ -3126,7 +3126,7 @@ static void evergreen_gpu_init(struct radeon_device *rdev) |
612 |
- rdev->config.evergreen.sx_max_export_size = 256; |
613 |
- rdev->config.evergreen.sx_max_export_pos_size = 64; |
614 |
- rdev->config.evergreen.sx_max_export_smx_size = 192; |
615 |
-- rdev->config.evergreen.max_hw_contexts = 8; |
616 |
-+ rdev->config.evergreen.max_hw_contexts = 4; |
617 |
- rdev->config.evergreen.sq_num_cf_insts = 2; |
618 |
- |
619 |
- rdev->config.evergreen.sc_prim_fifo_size = 0x40; |
620 |
-diff --git a/drivers/gpu/drm/radeon/evergreend.h b/drivers/gpu/drm/radeon/evergreend.h |
621 |
-index 20fd17c..6be00c9 100644 |
622 |
---- a/drivers/gpu/drm/radeon/evergreend.h |
623 |
-+++ b/drivers/gpu/drm/radeon/evergreend.h |
624 |
-@@ -1494,7 +1494,7 @@ |
625 |
- * 6. COMMAND [29:22] | BYTE_COUNT [20:0] |
626 |
- */ |
627 |
- # define PACKET3_CP_DMA_DST_SEL(x) ((x) << 20) |
628 |
-- /* 0 - SRC_ADDR |
629 |
-+ /* 0 - DST_ADDR |
630 |
- * 1 - GDS |
631 |
- */ |
632 |
- # define PACKET3_CP_DMA_ENGINE(x) ((x) << 27) |
633 |
-@@ -1509,7 +1509,7 @@ |
634 |
- # define PACKET3_CP_DMA_CP_SYNC (1 << 31) |
635 |
- /* COMMAND */ |
636 |
- # define PACKET3_CP_DMA_DIS_WC (1 << 21) |
637 |
--# define PACKET3_CP_DMA_CMD_SRC_SWAP(x) ((x) << 23) |
638 |
-+# define PACKET3_CP_DMA_CMD_SRC_SWAP(x) ((x) << 22) |
639 |
- /* 0 - none |
640 |
- * 1 - 8 in 16 |
641 |
- * 2 - 8 in 32 |
642 |
-diff --git a/drivers/gpu/drm/radeon/r600d.h b/drivers/gpu/drm/radeon/r600d.h |
643 |
-index 7c78083..d079cb1 100644 |
644 |
---- a/drivers/gpu/drm/radeon/r600d.h |
645 |
-+++ b/drivers/gpu/drm/radeon/r600d.h |
646 |
-@@ -1487,7 +1487,7 @@ |
647 |
- */ |
648 |
- # define PACKET3_CP_DMA_CP_SYNC (1 << 31) |
649 |
- /* COMMAND */ |
650 |
--# define PACKET3_CP_DMA_CMD_SRC_SWAP(x) ((x) << 23) |
651 |
-+# define PACKET3_CP_DMA_CMD_SRC_SWAP(x) ((x) << 22) |
652 |
- /* 0 - none |
653 |
- * 1 - 8 in 16 |
654 |
- * 2 - 8 in 32 |
655 |
-diff --git a/drivers/gpu/drm/radeon/radeon_test.c b/drivers/gpu/drm/radeon/radeon_test.c |
656 |
-index f4d6bce..12e8099 100644 |
657 |
---- a/drivers/gpu/drm/radeon/radeon_test.c |
658 |
-+++ b/drivers/gpu/drm/radeon/radeon_test.c |
659 |
-@@ -36,8 +36,8 @@ static void radeon_do_test_moves(struct radeon_device *rdev, int flag) |
660 |
- struct radeon_bo *vram_obj = NULL; |
661 |
- struct radeon_bo **gtt_obj = NULL; |
662 |
- uint64_t gtt_addr, vram_addr; |
663 |
-- unsigned i, n, size; |
664 |
-- int r, ring; |
665 |
-+ unsigned n, size; |
666 |
-+ int i, r, ring; |
667 |
- |
668 |
- switch (flag) { |
669 |
- case RADEON_TEST_COPY_DMA: |
670 |
-diff --git a/drivers/gpu/drm/radeon/si_dpm.c b/drivers/gpu/drm/radeon/si_dpm.c |
671 |
-index 1cfba39..1c23b61 100644 |
672 |
---- a/drivers/gpu/drm/radeon/si_dpm.c |
673 |
-+++ b/drivers/gpu/drm/radeon/si_dpm.c |
674 |
-@@ -5174,7 +5174,7 @@ static int si_set_mc_special_registers(struct radeon_device *rdev, |
675 |
- table->mc_reg_table_entry[k].mc_data[j] |= 0x100; |
676 |
- } |
677 |
- j++; |
678 |
-- if (j > SMC_SISLANDS_MC_REGISTER_ARRAY_SIZE) |
679 |
-+ if (j >= SMC_SISLANDS_MC_REGISTER_ARRAY_SIZE) |
680 |
- return -EINVAL; |
681 |
- |
682 |
- if (!pi->mem_gddr5) { |
683 |
-@@ -5184,7 +5184,7 @@ static int si_set_mc_special_registers(struct radeon_device *rdev, |
684 |
- table->mc_reg_table_entry[k].mc_data[j] = |
685 |
- (table->mc_reg_table_entry[k].mc_data[i] & 0xffff0000) >> 16; |
686 |
- j++; |
687 |
-- if (j > SMC_SISLANDS_MC_REGISTER_ARRAY_SIZE) |
688 |
-+ if (j >= SMC_SISLANDS_MC_REGISTER_ARRAY_SIZE) |
689 |
- return -EINVAL; |
690 |
- } |
691 |
- break; |
692 |
-@@ -5197,7 +5197,7 @@ static int si_set_mc_special_registers(struct radeon_device *rdev, |
693 |
- (temp_reg & 0xffff0000) | |
694 |
- (table->mc_reg_table_entry[k].mc_data[i] & 0x0000ffff); |
695 |
- j++; |
696 |
-- if (j > SMC_SISLANDS_MC_REGISTER_ARRAY_SIZE) |
697 |
-+ if (j >= SMC_SISLANDS_MC_REGISTER_ARRAY_SIZE) |
698 |
- return -EINVAL; |
699 |
- break; |
700 |
- default: |
701 |
-diff --git a/drivers/gpu/drm/radeon/sid.h b/drivers/gpu/drm/radeon/sid.h |
702 |
-index 2010d6b..a75d25a 100644 |
703 |
---- a/drivers/gpu/drm/radeon/sid.h |
704 |
-+++ b/drivers/gpu/drm/radeon/sid.h |
705 |
-@@ -1490,7 +1490,7 @@ |
706 |
- * 6. COMMAND [30:21] | BYTE_COUNT [20:0] |
707 |
- */ |
708 |
- # define PACKET3_CP_DMA_DST_SEL(x) ((x) << 20) |
709 |
-- /* 0 - SRC_ADDR |
710 |
-+ /* 0 - DST_ADDR |
711 |
- * 1 - GDS |
712 |
- */ |
713 |
- # define PACKET3_CP_DMA_ENGINE(x) ((x) << 27) |
714 |
-@@ -1505,7 +1505,7 @@ |
715 |
- # define PACKET3_CP_DMA_CP_SYNC (1 << 31) |
716 |
- /* COMMAND */ |
717 |
- # define PACKET3_CP_DMA_DIS_WC (1 << 21) |
718 |
--# define PACKET3_CP_DMA_CMD_SRC_SWAP(x) ((x) << 23) |
719 |
-+# define PACKET3_CP_DMA_CMD_SRC_SWAP(x) ((x) << 22) |
720 |
- /* 0 - none |
721 |
- * 1 - 8 in 16 |
722 |
- * 2 - 8 in 32 |
723 |
-diff --git a/drivers/hwmon/applesmc.c b/drivers/hwmon/applesmc.c |
724 |
-index 98814d1..3288f13 100644 |
725 |
---- a/drivers/hwmon/applesmc.c |
726 |
-+++ b/drivers/hwmon/applesmc.c |
727 |
-@@ -230,6 +230,7 @@ static int send_argument(const char *key) |
728 |
- |
729 |
- static int read_smc(u8 cmd, const char *key, u8 *buffer, u8 len) |
730 |
- { |
731 |
-+ u8 status, data = 0; |
732 |
- int i; |
733 |
- |
734 |
- if (send_command(cmd) || send_argument(key)) { |
735 |
-@@ -237,6 +238,7 @@ static int read_smc(u8 cmd, const char *key, u8 *buffer, u8 len) |
736 |
- return -EIO; |
737 |
- } |
738 |
- |
739 |
-+ /* This has no effect on newer (2012) SMCs */ |
740 |
- if (send_byte(len, APPLESMC_DATA_PORT)) { |
741 |
- pr_warn("%.4s: read len fail\n", key); |
742 |
- return -EIO; |
743 |
-@@ -250,6 +252,17 @@ static int read_smc(u8 cmd, const char *key, u8 *buffer, u8 len) |
744 |
- buffer[i] = inb(APPLESMC_DATA_PORT); |
745 |
- } |
746 |
- |
747 |
-+ /* Read the data port until bit0 is cleared */ |
748 |
-+ for (i = 0; i < 16; i++) { |
749 |
-+ udelay(APPLESMC_MIN_WAIT); |
750 |
-+ status = inb(APPLESMC_CMD_PORT); |
751 |
-+ if (!(status & 0x01)) |
752 |
-+ break; |
753 |
-+ data = inb(APPLESMC_DATA_PORT); |
754 |
-+ } |
755 |
-+ if (i) |
756 |
-+ pr_warn("flushed %d bytes, last value is: %d\n", i, data); |
757 |
-+ |
758 |
- return 0; |
759 |
- } |
760 |
- |
761 |
-diff --git a/drivers/i2c/busses/i2c-omap.c b/drivers/i2c/busses/i2c-omap.c |
762 |
-index 142b694d..e6b8dcd 100644 |
763 |
---- a/drivers/i2c/busses/i2c-omap.c |
764 |
-+++ b/drivers/i2c/busses/i2c-omap.c |
765 |
-@@ -944,6 +944,9 @@ omap_i2c_isr_thread(int this_irq, void *dev_id) |
766 |
- /* |
767 |
- * ProDB0017052: Clear ARDY bit twice |
768 |
- */ |
769 |
-+ if (stat & OMAP_I2C_STAT_ARDY) |
770 |
-+ omap_i2c_ack_stat(dev, OMAP_I2C_STAT_ARDY); |
771 |
-+ |
772 |
- if (stat & (OMAP_I2C_STAT_ARDY | OMAP_I2C_STAT_NACK | |
773 |
- OMAP_I2C_STAT_AL)) { |
774 |
- omap_i2c_ack_stat(dev, (OMAP_I2C_STAT_RRDY | |
775 |
-diff --git a/drivers/watchdog/kempld_wdt.c b/drivers/watchdog/kempld_wdt.c |
776 |
-index 491419e..5c3d4df 100644 |
777 |
---- a/drivers/watchdog/kempld_wdt.c |
778 |
-+++ b/drivers/watchdog/kempld_wdt.c |
779 |
-@@ -35,7 +35,7 @@ |
780 |
- #define KEMPLD_WDT_STAGE_TIMEOUT(x) (0x1b + (x) * 4) |
781 |
- #define KEMPLD_WDT_STAGE_CFG(x) (0x18 + (x)) |
782 |
- #define STAGE_CFG_GET_PRESCALER(x) (((x) & 0x30) >> 4) |
783 |
--#define STAGE_CFG_SET_PRESCALER(x) (((x) & 0x30) << 4) |
784 |
-+#define STAGE_CFG_SET_PRESCALER(x) (((x) & 0x3) << 4) |
785 |
- #define STAGE_CFG_PRESCALER_MASK 0x30 |
786 |
- #define STAGE_CFG_ACTION_MASK 0x7 |
787 |
- #define STAGE_CFG_ASSERT (1 << 3) |
788 |
-diff --git a/drivers/watchdog/ts72xx_wdt.c b/drivers/watchdog/ts72xx_wdt.c |
789 |
-index 4da59b4..381999c 100644 |
790 |
---- a/drivers/watchdog/ts72xx_wdt.c |
791 |
-+++ b/drivers/watchdog/ts72xx_wdt.c |
792 |
-@@ -310,7 +310,8 @@ static long ts72xx_wdt_ioctl(struct file *file, unsigned int cmd, |
793 |
- |
794 |
- case WDIOC_GETSTATUS: |
795 |
- case WDIOC_GETBOOTSTATUS: |
796 |
-- return put_user(0, p); |
797 |
-+ error = put_user(0, p); |
798 |
-+ break; |
799 |
- |
800 |
- case WDIOC_KEEPALIVE: |
801 |
- ts72xx_wdt_kick(wdt); |
802 |
-diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c |
803 |
-index d3280b2..8220491 100644 |
804 |
---- a/fs/btrfs/inode.c |
805 |
-+++ b/fs/btrfs/inode.c |
806 |
-@@ -8036,7 +8036,7 @@ static int btrfs_rename(struct inode *old_dir, struct dentry *old_dentry, |
807 |
- |
808 |
- |
809 |
- /* check for collisions, even if the name isn't there */ |
810 |
-- ret = btrfs_check_dir_item_collision(root, new_dir->i_ino, |
811 |
-+ ret = btrfs_check_dir_item_collision(dest, new_dir->i_ino, |
812 |
- new_dentry->d_name.name, |
813 |
- new_dentry->d_name.len); |
814 |
- |
815 |
-diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c |
816 |
-index c081e34..03e9beb 100644 |
817 |
---- a/fs/ext4/xattr.c |
818 |
-+++ b/fs/ext4/xattr.c |
819 |
-@@ -1350,6 +1350,8 @@ retry: |
820 |
- s_min_extra_isize) { |
821 |
- tried_min_extra_isize++; |
822 |
- new_extra_isize = s_min_extra_isize; |
823 |
-+ kfree(is); is = NULL; |
824 |
-+ kfree(bs); bs = NULL; |
825 |
- goto retry; |
826 |
- } |
827 |
- error = -1; |
828 |
-diff --git a/fs/statfs.c b/fs/statfs.c |
829 |
-index c219e733..083dc0a 100644 |
830 |
---- a/fs/statfs.c |
831 |
-+++ b/fs/statfs.c |
832 |
-@@ -94,7 +94,7 @@ retry: |
833 |
- |
834 |
- int fd_statfs(int fd, struct kstatfs *st) |
835 |
- { |
836 |
-- struct fd f = fdget(fd); |
837 |
-+ struct fd f = fdget_raw(fd); |
838 |
- int error = -EBADF; |
839 |
- if (f.file) { |
840 |
- error = vfs_statfs(&f.file->f_path, st); |
841 |
-diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h |
842 |
-index 842de22..ded4299 100644 |
843 |
---- a/include/linux/compiler-gcc4.h |
844 |
-+++ b/include/linux/compiler-gcc4.h |
845 |
-@@ -65,6 +65,21 @@ |
846 |
- #define __visible __attribute__((externally_visible)) |
847 |
- #endif |
848 |
- |
849 |
-+/* |
850 |
-+ * GCC 'asm goto' miscompiles certain code sequences: |
851 |
-+ * |
852 |
-+ * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670 |
853 |
-+ * |
854 |
-+ * Work it around via a compiler barrier quirk suggested by Jakub Jelinek. |
855 |
-+ * Fixed in GCC 4.8.2 and later versions. |
856 |
-+ * |
857 |
-+ * (asm goto is automatically volatile - the naming reflects this.) |
858 |
-+ */ |
859 |
-+#if GCC_VERSION <= 40801 |
860 |
-+# define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0) |
861 |
-+#else |
862 |
-+# define asm_volatile_goto(x...) do { asm goto(x); } while (0) |
863 |
-+#endif |
864 |
- |
865 |
- #ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP |
866 |
- #if GCC_VERSION >= 40400 |
867 |
-diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h |
868 |
-index c4d870b..19c19a5 100644 |
869 |
---- a/include/linux/ipc_namespace.h |
870 |
-+++ b/include/linux/ipc_namespace.h |
871 |
-@@ -22,7 +22,7 @@ struct ipc_ids { |
872 |
- int in_use; |
873 |
- unsigned short seq; |
874 |
- unsigned short seq_max; |
875 |
-- struct rw_semaphore rw_mutex; |
876 |
-+ struct rw_semaphore rwsem; |
877 |
- struct idr ipcs_idr; |
878 |
- int next_id; |
879 |
- }; |
880 |
-diff --git a/include/linux/random.h b/include/linux/random.h |
881 |
-index 3b9377d..6312dd9 100644 |
882 |
---- a/include/linux/random.h |
883 |
-+++ b/include/linux/random.h |
884 |
-@@ -17,6 +17,7 @@ extern void add_interrupt_randomness(int irq, int irq_flags); |
885 |
- extern void get_random_bytes(void *buf, int nbytes); |
886 |
- extern void get_random_bytes_arch(void *buf, int nbytes); |
887 |
- void generate_random_uuid(unsigned char uuid_out[16]); |
888 |
-+extern int random_int_secret_init(void); |
889 |
- |
890 |
- #ifndef MODULE |
891 |
- extern const struct file_operations random_fops, urandom_fops; |
892 |
-diff --git a/init/main.c b/init/main.c |
893 |
-index d03d2ec..586cd33 100644 |
894 |
---- a/init/main.c |
895 |
-+++ b/init/main.c |
896 |
-@@ -75,6 +75,7 @@ |
897 |
- #include <linux/blkdev.h> |
898 |
- #include <linux/elevator.h> |
899 |
- #include <linux/sched_clock.h> |
900 |
-+#include <linux/random.h> |
901 |
- |
902 |
- #include <asm/io.h> |
903 |
- #include <asm/bugs.h> |
904 |
-@@ -778,6 +779,7 @@ static void __init do_basic_setup(void) |
905 |
- do_ctors(); |
906 |
- usermodehelper_enable(); |
907 |
- do_initcalls(); |
908 |
-+ random_int_secret_init(); |
909 |
- } |
910 |
- |
911 |
- static void __init do_pre_smp_initcalls(void) |
912 |
-diff --git a/ipc/msg.c b/ipc/msg.c |
913 |
-index a877c16..558aa91 100644 |
914 |
---- a/ipc/msg.c |
915 |
-+++ b/ipc/msg.c |
916 |
-@@ -70,8 +70,6 @@ struct msg_sender { |
917 |
- |
918 |
- #define msg_ids(ns) ((ns)->ids[IPC_MSG_IDS]) |
919 |
- |
920 |
--#define msg_unlock(msq) ipc_unlock(&(msq)->q_perm) |
921 |
-- |
922 |
- static void freeque(struct ipc_namespace *, struct kern_ipc_perm *); |
923 |
- static int newque(struct ipc_namespace *, struct ipc_params *); |
924 |
- #ifdef CONFIG_PROC_FS |
925 |
-@@ -181,7 +179,7 @@ static void msg_rcu_free(struct rcu_head *head) |
926 |
- * @ns: namespace |
927 |
- * @params: ptr to the structure that contains the key and msgflg |
928 |
- * |
929 |
-- * Called with msg_ids.rw_mutex held (writer) |
930 |
-+ * Called with msg_ids.rwsem held (writer) |
931 |
- */ |
932 |
- static int newque(struct ipc_namespace *ns, struct ipc_params *params) |
933 |
- { |
934 |
-@@ -267,8 +265,8 @@ static void expunge_all(struct msg_queue *msq, int res) |
935 |
- * removes the message queue from message queue ID IDR, and cleans up all the |
936 |
- * messages associated with this queue. |
937 |
- * |
938 |
-- * msg_ids.rw_mutex (writer) and the spinlock for this message queue are held |
939 |
-- * before freeque() is called. msg_ids.rw_mutex remains locked on exit. |
940 |
-+ * msg_ids.rwsem (writer) and the spinlock for this message queue are held |
941 |
-+ * before freeque() is called. msg_ids.rwsem remains locked on exit. |
942 |
- */ |
943 |
- static void freeque(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp) |
944 |
- { |
945 |
-@@ -278,7 +276,8 @@ static void freeque(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp) |
946 |
- expunge_all(msq, -EIDRM); |
947 |
- ss_wakeup(&msq->q_senders, 1); |
948 |
- msg_rmid(ns, msq); |
949 |
-- msg_unlock(msq); |
950 |
-+ ipc_unlock_object(&msq->q_perm); |
951 |
-+ rcu_read_unlock(); |
952 |
- |
953 |
- list_for_each_entry_safe(msg, t, &msq->q_messages, m_list) { |
954 |
- atomic_dec(&ns->msg_hdrs); |
955 |
-@@ -289,7 +288,7 @@ static void freeque(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp) |
956 |
- } |
957 |
- |
958 |
- /* |
959 |
-- * Called with msg_ids.rw_mutex and ipcp locked. |
960 |
-+ * Called with msg_ids.rwsem and ipcp locked. |
961 |
- */ |
962 |
- static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg) |
963 |
- { |
964 |
-@@ -393,9 +392,9 @@ copy_msqid_from_user(struct msqid64_ds *out, void __user *buf, int version) |
965 |
- } |
966 |
- |
967 |
- /* |
968 |
-- * This function handles some msgctl commands which require the rw_mutex |
969 |
-+ * This function handles some msgctl commands which require the rwsem |
970 |
- * to be held in write mode. |
971 |
-- * NOTE: no locks must be held, the rw_mutex is taken inside this function. |
972 |
-+ * NOTE: no locks must be held, the rwsem is taken inside this function. |
973 |
- */ |
974 |
- static int msgctl_down(struct ipc_namespace *ns, int msqid, int cmd, |
975 |
- struct msqid_ds __user *buf, int version) |
976 |
-@@ -410,7 +409,7 @@ static int msgctl_down(struct ipc_namespace *ns, int msqid, int cmd, |
977 |
- return -EFAULT; |
978 |
- } |
979 |
- |
980 |
-- down_write(&msg_ids(ns).rw_mutex); |
981 |
-+ down_write(&msg_ids(ns).rwsem); |
982 |
- rcu_read_lock(); |
983 |
- |
984 |
- ipcp = ipcctl_pre_down_nolock(ns, &msg_ids(ns), msqid, cmd, |
985 |
-@@ -466,7 +465,7 @@ out_unlock0: |
986 |
- out_unlock1: |
987 |
- rcu_read_unlock(); |
988 |
- out_up: |
989 |
-- up_write(&msg_ids(ns).rw_mutex); |
990 |
-+ up_write(&msg_ids(ns).rwsem); |
991 |
- return err; |
992 |
- } |
993 |
- |
994 |
-@@ -501,7 +500,7 @@ static int msgctl_nolock(struct ipc_namespace *ns, int msqid, |
995 |
- msginfo.msgmnb = ns->msg_ctlmnb; |
996 |
- msginfo.msgssz = MSGSSZ; |
997 |
- msginfo.msgseg = MSGSEG; |
998 |
-- down_read(&msg_ids(ns).rw_mutex); |
999 |
-+ down_read(&msg_ids(ns).rwsem); |
1000 |
- if (cmd == MSG_INFO) { |
1001 |
- msginfo.msgpool = msg_ids(ns).in_use; |
1002 |
- msginfo.msgmap = atomic_read(&ns->msg_hdrs); |
1003 |
-@@ -512,7 +511,7 @@ static int msgctl_nolock(struct ipc_namespace *ns, int msqid, |
1004 |
- msginfo.msgtql = MSGTQL; |
1005 |
- } |
1006 |
- max_id = ipc_get_maxid(&msg_ids(ns)); |
1007 |
-- up_read(&msg_ids(ns).rw_mutex); |
1008 |
-+ up_read(&msg_ids(ns).rwsem); |
1009 |
- if (copy_to_user(buf, &msginfo, sizeof(struct msginfo))) |
1010 |
- return -EFAULT; |
1011 |
- return (max_id < 0) ? 0 : max_id; |
1012 |
-diff --git a/ipc/namespace.c b/ipc/namespace.c |
1013 |
-index 7ee61bf..aba9a58 100644 |
1014 |
---- a/ipc/namespace.c |
1015 |
-+++ b/ipc/namespace.c |
1016 |
-@@ -81,7 +81,7 @@ void free_ipcs(struct ipc_namespace *ns, struct ipc_ids *ids, |
1017 |
- int next_id; |
1018 |
- int total, in_use; |
1019 |
- |
1020 |
-- down_write(&ids->rw_mutex); |
1021 |
-+ down_write(&ids->rwsem); |
1022 |
- |
1023 |
- in_use = ids->in_use; |
1024 |
- |
1025 |
-@@ -89,11 +89,12 @@ void free_ipcs(struct ipc_namespace *ns, struct ipc_ids *ids, |
1026 |
- perm = idr_find(&ids->ipcs_idr, next_id); |
1027 |
- if (perm == NULL) |
1028 |
- continue; |
1029 |
-- ipc_lock_by_ptr(perm); |
1030 |
-+ rcu_read_lock(); |
1031 |
-+ ipc_lock_object(perm); |
1032 |
- free(ns, perm); |
1033 |
- total++; |
1034 |
- } |
1035 |
-- up_write(&ids->rw_mutex); |
1036 |
-+ up_write(&ids->rwsem); |
1037 |
- } |
1038 |
- |
1039 |
- static void free_ipc_ns(struct ipc_namespace *ns) |
1040 |
-diff --git a/ipc/sem.c b/ipc/sem.c |
1041 |
-index 87614511..8e2bf30 100644 |
1042 |
---- a/ipc/sem.c |
1043 |
-+++ b/ipc/sem.c |
1044 |
-@@ -248,12 +248,20 @@ static void merge_queues(struct sem_array *sma) |
1045 |
- * Caller must own sem_perm.lock. |
1046 |
- * New simple ops cannot start, because simple ops first check |
1047 |
- * that sem_perm.lock is free. |
1048 |
-+ * that a) sem_perm.lock is free and b) complex_count is 0. |
1049 |
- */ |
1050 |
- static void sem_wait_array(struct sem_array *sma) |
1051 |
- { |
1052 |
- int i; |
1053 |
- struct sem *sem; |
1054 |
- |
1055 |
-+ if (sma->complex_count) { |
1056 |
-+ /* The thread that increased sma->complex_count waited on |
1057 |
-+ * all sem->lock locks. Thus we don't need to wait again. |
1058 |
-+ */ |
1059 |
-+ return; |
1060 |
-+ } |
1061 |
-+ |
1062 |
- for (i = 0; i < sma->sem_nsems; i++) { |
1063 |
- sem = sma->sem_base + i; |
1064 |
- spin_unlock_wait(&sem->lock); |
1065 |
-@@ -365,7 +373,7 @@ static inline void sem_unlock(struct sem_array *sma, int locknum) |
1066 |
- } |
1067 |
- |
1068 |
- /* |
1069 |
-- * sem_lock_(check_) routines are called in the paths where the rw_mutex |
1070 |
-+ * sem_lock_(check_) routines are called in the paths where the rwsem |
1071 |
- * is not held. |
1072 |
- * |
1073 |
- * The caller holds the RCU read lock. |
1074 |
-@@ -464,7 +472,7 @@ static inline void sem_rmid(struct ipc_namespace *ns, struct sem_array *s) |
1075 |
- * @ns: namespace |
1076 |
- * @params: ptr to the structure that contains key, semflg and nsems |
1077 |
- * |
1078 |
-- * Called with sem_ids.rw_mutex held (as a writer) |
1079 |
-+ * Called with sem_ids.rwsem held (as a writer) |
1080 |
- */ |
1081 |
- |
1082 |
- static int newary(struct ipc_namespace *ns, struct ipc_params *params) |
1083 |
-@@ -529,7 +537,7 @@ static int newary(struct ipc_namespace *ns, struct ipc_params *params) |
1084 |
- |
1085 |
- |
1086 |
- /* |
1087 |
-- * Called with sem_ids.rw_mutex and ipcp locked. |
1088 |
-+ * Called with sem_ids.rwsem and ipcp locked. |
1089 |
- */ |
1090 |
- static inline int sem_security(struct kern_ipc_perm *ipcp, int semflg) |
1091 |
- { |
1092 |
-@@ -540,7 +548,7 @@ static inline int sem_security(struct kern_ipc_perm *ipcp, int semflg) |
1093 |
- } |
1094 |
- |
1095 |
- /* |
1096 |
-- * Called with sem_ids.rw_mutex and ipcp locked. |
1097 |
-+ * Called with sem_ids.rwsem and ipcp locked. |
1098 |
- */ |
1099 |
- static inline int sem_more_checks(struct kern_ipc_perm *ipcp, |
1100 |
- struct ipc_params *params) |
1101 |
-@@ -910,6 +918,24 @@ again: |
1102 |
- } |
1103 |
- |
1104 |
- /** |
1105 |
-+ * set_semotime(sma, sops) - set sem_otime |
1106 |
-+ * @sma: semaphore array |
1107 |
-+ * @sops: operations that modified the array, may be NULL |
1108 |
-+ * |
1109 |
-+ * sem_otime is replicated to avoid cache line trashing. |
1110 |
-+ * This function sets one instance to the current time. |
1111 |
-+ */ |
1112 |
-+static void set_semotime(struct sem_array *sma, struct sembuf *sops) |
1113 |
-+{ |
1114 |
-+ if (sops == NULL) { |
1115 |
-+ sma->sem_base[0].sem_otime = get_seconds(); |
1116 |
-+ } else { |
1117 |
-+ sma->sem_base[sops[0].sem_num].sem_otime = |
1118 |
-+ get_seconds(); |
1119 |
-+ } |
1120 |
-+} |
1121 |
-+ |
1122 |
-+/** |
1123 |
- * do_smart_update(sma, sops, nsops, otime, pt) - optimized update_queue |
1124 |
- * @sma: semaphore array |
1125 |
- * @sops: operations that were performed |
1126 |
-@@ -959,17 +985,10 @@ static void do_smart_update(struct sem_array *sma, struct sembuf *sops, int nsop |
1127 |
- } |
1128 |
- } |
1129 |
- } |
1130 |
-- if (otime) { |
1131 |
-- if (sops == NULL) { |
1132 |
-- sma->sem_base[0].sem_otime = get_seconds(); |
1133 |
-- } else { |
1134 |
-- sma->sem_base[sops[0].sem_num].sem_otime = |
1135 |
-- get_seconds(); |
1136 |
-- } |
1137 |
-- } |
1138 |
-+ if (otime) |
1139 |
-+ set_semotime(sma, sops); |
1140 |
- } |
1141 |
- |
1142 |
-- |
1143 |
- /* The following counts are associated to each semaphore: |
1144 |
- * semncnt number of tasks waiting on semval being nonzero |
1145 |
- * semzcnt number of tasks waiting on semval being zero |
1146 |
-@@ -1031,8 +1050,8 @@ static int count_semzcnt (struct sem_array * sma, ushort semnum) |
1147 |
- return semzcnt; |
1148 |
- } |
1149 |
- |
1150 |
--/* Free a semaphore set. freeary() is called with sem_ids.rw_mutex locked |
1151 |
-- * as a writer and the spinlock for this semaphore set hold. sem_ids.rw_mutex |
1152 |
-+/* Free a semaphore set. freeary() is called with sem_ids.rwsem locked |
1153 |
-+ * as a writer and the spinlock for this semaphore set hold. sem_ids.rwsem |
1154 |
- * remains locked on exit. |
1155 |
- */ |
1156 |
- static void freeary(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp) |
1157 |
-@@ -1152,7 +1171,7 @@ static int semctl_nolock(struct ipc_namespace *ns, int semid, |
1158 |
- seminfo.semmnu = SEMMNU; |
1159 |
- seminfo.semmap = SEMMAP; |
1160 |
- seminfo.semume = SEMUME; |
1161 |
-- down_read(&sem_ids(ns).rw_mutex); |
1162 |
-+ down_read(&sem_ids(ns).rwsem); |
1163 |
- if (cmd == SEM_INFO) { |
1164 |
- seminfo.semusz = sem_ids(ns).in_use; |
1165 |
- seminfo.semaem = ns->used_sems; |
1166 |
-@@ -1161,7 +1180,7 @@ static int semctl_nolock(struct ipc_namespace *ns, int semid, |
1167 |
- seminfo.semaem = SEMAEM; |
1168 |
- } |
1169 |
- max_id = ipc_get_maxid(&sem_ids(ns)); |
1170 |
-- up_read(&sem_ids(ns).rw_mutex); |
1171 |
-+ up_read(&sem_ids(ns).rwsem); |
1172 |
- if (copy_to_user(p, &seminfo, sizeof(struct seminfo))) |
1173 |
- return -EFAULT; |
1174 |
- return (max_id < 0) ? 0: max_id; |
1175 |
-@@ -1467,9 +1486,9 @@ copy_semid_from_user(struct semid64_ds *out, void __user *buf, int version) |
1176 |
- } |
1177 |
- |
1178 |
- /* |
1179 |
-- * This function handles some semctl commands which require the rw_mutex |
1180 |
-+ * This function handles some semctl commands which require the rwsem |
1181 |
- * to be held in write mode. |
1182 |
-- * NOTE: no locks must be held, the rw_mutex is taken inside this function. |
1183 |
-+ * NOTE: no locks must be held, the rwsem is taken inside this function. |
1184 |
- */ |
1185 |
- static int semctl_down(struct ipc_namespace *ns, int semid, |
1186 |
- int cmd, int version, void __user *p) |
1187 |
-@@ -1484,7 +1503,7 @@ static int semctl_down(struct ipc_namespace *ns, int semid, |
1188 |
- return -EFAULT; |
1189 |
- } |
1190 |
- |
1191 |
-- down_write(&sem_ids(ns).rw_mutex); |
1192 |
-+ down_write(&sem_ids(ns).rwsem); |
1193 |
- rcu_read_lock(); |
1194 |
- |
1195 |
- ipcp = ipcctl_pre_down_nolock(ns, &sem_ids(ns), semid, cmd, |
1196 |
-@@ -1523,7 +1542,7 @@ out_unlock0: |
1197 |
- out_unlock1: |
1198 |
- rcu_read_unlock(); |
1199 |
- out_up: |
1200 |
-- up_write(&sem_ids(ns).rw_mutex); |
1201 |
-+ up_write(&sem_ids(ns).rwsem); |
1202 |
- return err; |
1203 |
- } |
1204 |
- |
1205 |
-@@ -1831,12 +1850,17 @@ SYSCALL_DEFINE4(semtimedop, int, semid, struct sembuf __user *, tsops, |
1206 |
- |
1207 |
- error = perform_atomic_semop(sma, sops, nsops, un, |
1208 |
- task_tgid_vnr(current)); |
1209 |
-- if (error <= 0) { |
1210 |
-- if (alter && error == 0) |
1211 |
-+ if (error == 0) { |
1212 |
-+ /* If the operation was successful, then do |
1213 |
-+ * the required updates. |
1214 |
-+ */ |
1215 |
-+ if (alter) |
1216 |
- do_smart_update(sma, sops, nsops, 1, &tasks); |
1217 |
-- |
1218 |
-- goto out_unlock_free; |
1219 |
-+ else |
1220 |
-+ set_semotime(sma, sops); |
1221 |
- } |
1222 |
-+ if (error <= 0) |
1223 |
-+ goto out_unlock_free; |
1224 |
- |
1225 |
- /* We need to sleep on this operation, so we put the current |
1226 |
- * task into the pending queue and go to sleep. |
1227 |
-@@ -2095,6 +2119,14 @@ static int sysvipc_sem_proc_show(struct seq_file *s, void *it) |
1228 |
- struct sem_array *sma = it; |
1229 |
- time_t sem_otime; |
1230 |
- |
1231 |
-+ /* |
1232 |
-+ * The proc interface isn't aware of sem_lock(), it calls |
1233 |
-+ * ipc_lock_object() directly (in sysvipc_find_ipc). |
1234 |
-+ * In order to stay compatible with sem_lock(), we must wait until |
1235 |
-+ * all simple semop() calls have left their critical regions. |
1236 |
-+ */ |
1237 |
-+ sem_wait_array(sma); |
1238 |
-+ |
1239 |
- sem_otime = get_semotime(sma); |
1240 |
- |
1241 |
- return seq_printf(s, |
1242 |
-diff --git a/ipc/shm.c b/ipc/shm.c |
1243 |
-index 2d6833d..d697396 100644 |
1244 |
---- a/ipc/shm.c |
1245 |
-+++ b/ipc/shm.c |
1246 |
-@@ -19,6 +19,9 @@ |
1247 |
- * namespaces support |
1248 |
- * OpenVZ, SWsoft Inc. |
1249 |
- * Pavel Emelianov <xemul@××××××.org> |
1250 |
-+ * |
1251 |
-+ * Better ipc lock (kern_ipc_perm.lock) handling |
1252 |
-+ * Davidlohr Bueso <davidlohr.bueso@××.com>, June 2013. |
1253 |
- */ |
1254 |
- |
1255 |
- #include <linux/slab.h> |
1256 |
-@@ -80,8 +83,8 @@ void shm_init_ns(struct ipc_namespace *ns) |
1257 |
- } |
1258 |
- |
1259 |
- /* |
1260 |
-- * Called with shm_ids.rw_mutex (writer) and the shp structure locked. |
1261 |
-- * Only shm_ids.rw_mutex remains locked on exit. |
1262 |
-+ * Called with shm_ids.rwsem (writer) and the shp structure locked. |
1263 |
-+ * Only shm_ids.rwsem remains locked on exit. |
1264 |
- */ |
1265 |
- static void do_shm_rmid(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp) |
1266 |
- { |
1267 |
-@@ -124,8 +127,28 @@ void __init shm_init (void) |
1268 |
- IPC_SHM_IDS, sysvipc_shm_proc_show); |
1269 |
- } |
1270 |
- |
1271 |
-+static inline struct shmid_kernel *shm_obtain_object(struct ipc_namespace *ns, int id) |
1272 |
-+{ |
1273 |
-+ struct kern_ipc_perm *ipcp = ipc_obtain_object(&shm_ids(ns), id); |
1274 |
-+ |
1275 |
-+ if (IS_ERR(ipcp)) |
1276 |
-+ return ERR_CAST(ipcp); |
1277 |
-+ |
1278 |
-+ return container_of(ipcp, struct shmid_kernel, shm_perm); |
1279 |
-+} |
1280 |
-+ |
1281 |
-+static inline struct shmid_kernel *shm_obtain_object_check(struct ipc_namespace *ns, int id) |
1282 |
-+{ |
1283 |
-+ struct kern_ipc_perm *ipcp = ipc_obtain_object_check(&shm_ids(ns), id); |
1284 |
-+ |
1285 |
-+ if (IS_ERR(ipcp)) |
1286 |
-+ return ERR_CAST(ipcp); |
1287 |
-+ |
1288 |
-+ return container_of(ipcp, struct shmid_kernel, shm_perm); |
1289 |
-+} |
1290 |
-+ |
1291 |
- /* |
1292 |
-- * shm_lock_(check_) routines are called in the paths where the rw_mutex |
1293 |
-+ * shm_lock_(check_) routines are called in the paths where the rwsem |
1294 |
- * is not necessarily held. |
1295 |
- */ |
1296 |
- static inline struct shmid_kernel *shm_lock(struct ipc_namespace *ns, int id) |
1297 |
-@@ -144,17 +167,6 @@ static inline void shm_lock_by_ptr(struct shmid_kernel *ipcp) |
1298 |
- ipc_lock_object(&ipcp->shm_perm); |
1299 |
- } |
1300 |
- |
1301 |
--static inline struct shmid_kernel *shm_lock_check(struct ipc_namespace *ns, |
1302 |
-- int id) |
1303 |
--{ |
1304 |
-- struct kern_ipc_perm *ipcp = ipc_lock_check(&shm_ids(ns), id); |
1305 |
-- |
1306 |
-- if (IS_ERR(ipcp)) |
1307 |
-- return (struct shmid_kernel *)ipcp; |
1308 |
-- |
1309 |
-- return container_of(ipcp, struct shmid_kernel, shm_perm); |
1310 |
--} |
1311 |
-- |
1312 |
- static void shm_rcu_free(struct rcu_head *head) |
1313 |
- { |
1314 |
- struct ipc_rcu *p = container_of(head, struct ipc_rcu, rcu); |
1315 |
-@@ -191,7 +203,7 @@ static void shm_open(struct vm_area_struct *vma) |
1316 |
- * @ns: namespace |
1317 |
- * @shp: struct to free |
1318 |
- * |
1319 |
-- * It has to be called with shp and shm_ids.rw_mutex (writer) locked, |
1320 |
-+ * It has to be called with shp and shm_ids.rwsem (writer) locked, |
1321 |
- * but returns with shp unlocked and freed. |
1322 |
- */ |
1323 |
- static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp) |
1324 |
-@@ -238,7 +250,7 @@ static void shm_close(struct vm_area_struct *vma) |
1325 |
- struct shmid_kernel *shp; |
1326 |
- struct ipc_namespace *ns = sfd->ns; |
1327 |
- |
1328 |
-- down_write(&shm_ids(ns).rw_mutex); |
1329 |
-+ down_write(&shm_ids(ns).rwsem); |
1330 |
- /* remove from the list of attaches of the shm segment */ |
1331 |
- shp = shm_lock(ns, sfd->id); |
1332 |
- BUG_ON(IS_ERR(shp)); |
1333 |
-@@ -249,10 +261,10 @@ static void shm_close(struct vm_area_struct *vma) |
1334 |
- shm_destroy(ns, shp); |
1335 |
- else |
1336 |
- shm_unlock(shp); |
1337 |
-- up_write(&shm_ids(ns).rw_mutex); |
1338 |
-+ up_write(&shm_ids(ns).rwsem); |
1339 |
- } |
1340 |
- |
1341 |
--/* Called with ns->shm_ids(ns).rw_mutex locked */ |
1342 |
-+/* Called with ns->shm_ids(ns).rwsem locked */ |
1343 |
- static int shm_try_destroy_current(int id, void *p, void *data) |
1344 |
- { |
1345 |
- struct ipc_namespace *ns = data; |
1346 |
-@@ -283,7 +295,7 @@ static int shm_try_destroy_current(int id, void *p, void *data) |
1347 |
- return 0; |
1348 |
- } |
1349 |
- |
1350 |
--/* Called with ns->shm_ids(ns).rw_mutex locked */ |
1351 |
-+/* Called with ns->shm_ids(ns).rwsem locked */ |
1352 |
- static int shm_try_destroy_orphaned(int id, void *p, void *data) |
1353 |
- { |
1354 |
- struct ipc_namespace *ns = data; |
1355 |
-@@ -294,7 +306,7 @@ static int shm_try_destroy_orphaned(int id, void *p, void *data) |
1356 |
- * We want to destroy segments without users and with already |
1357 |
- * exit'ed originating process. |
1358 |
- * |
1359 |
-- * As shp->* are changed under rw_mutex, it's safe to skip shp locking. |
1360 |
-+ * As shp->* are changed under rwsem, it's safe to skip shp locking. |
1361 |
- */ |
1362 |
- if (shp->shm_creator != NULL) |
1363 |
- return 0; |
1364 |
-@@ -308,10 +320,10 @@ static int shm_try_destroy_orphaned(int id, void *p, void *data) |
1365 |
- |
1366 |
- void shm_destroy_orphaned(struct ipc_namespace *ns) |
1367 |
- { |
1368 |
-- down_write(&shm_ids(ns).rw_mutex); |
1369 |
-+ down_write(&shm_ids(ns).rwsem); |
1370 |
- if (shm_ids(ns).in_use) |
1371 |
- idr_for_each(&shm_ids(ns).ipcs_idr, &shm_try_destroy_orphaned, ns); |
1372 |
-- up_write(&shm_ids(ns).rw_mutex); |
1373 |
-+ up_write(&shm_ids(ns).rwsem); |
1374 |
- } |
1375 |
- |
1376 |
- |
1377 |
-@@ -323,10 +335,10 @@ void exit_shm(struct task_struct *task) |
1378 |
- return; |
1379 |
- |
1380 |
- /* Destroy all already created segments, but not mapped yet */ |
1381 |
-- down_write(&shm_ids(ns).rw_mutex); |
1382 |
-+ down_write(&shm_ids(ns).rwsem); |
1383 |
- if (shm_ids(ns).in_use) |
1384 |
- idr_for_each(&shm_ids(ns).ipcs_idr, &shm_try_destroy_current, ns); |
1385 |
-- up_write(&shm_ids(ns).rw_mutex); |
1386 |
-+ up_write(&shm_ids(ns).rwsem); |
1387 |
- } |
1388 |
- |
1389 |
- static int shm_fault(struct vm_area_struct *vma, struct vm_fault *vmf) |
1390 |
-@@ -460,7 +472,7 @@ static const struct vm_operations_struct shm_vm_ops = { |
1391 |
- * @ns: namespace |
1392 |
- * @params: ptr to the structure that contains key, size and shmflg |
1393 |
- * |
1394 |
-- * Called with shm_ids.rw_mutex held as a writer. |
1395 |
-+ * Called with shm_ids.rwsem held as a writer. |
1396 |
- */ |
1397 |
- |
1398 |
- static int newseg(struct ipc_namespace *ns, struct ipc_params *params) |
1399 |
-@@ -567,7 +579,7 @@ no_file: |
1400 |
- } |
1401 |
- |
1402 |
- /* |
1403 |
-- * Called with shm_ids.rw_mutex and ipcp locked. |
1404 |
-+ * Called with shm_ids.rwsem and ipcp locked. |
1405 |
- */ |
1406 |
- static inline int shm_security(struct kern_ipc_perm *ipcp, int shmflg) |
1407 |
- { |
1408 |
-@@ -578,7 +590,7 @@ static inline int shm_security(struct kern_ipc_perm *ipcp, int shmflg) |
1409 |
- } |
1410 |
- |
1411 |
- /* |
1412 |
-- * Called with shm_ids.rw_mutex and ipcp locked. |
1413 |
-+ * Called with shm_ids.rwsem and ipcp locked. |
1414 |
- */ |
1415 |
- static inline int shm_more_checks(struct kern_ipc_perm *ipcp, |
1416 |
- struct ipc_params *params) |
1417 |
-@@ -691,7 +703,7 @@ static inline unsigned long copy_shminfo_to_user(void __user *buf, struct shminf |
1418 |
- |
1419 |
- /* |
1420 |
- * Calculate and add used RSS and swap pages of a shm. |
1421 |
-- * Called with shm_ids.rw_mutex held as a reader |
1422 |
-+ * Called with shm_ids.rwsem held as a reader |
1423 |
- */ |
1424 |
- static void shm_add_rss_swap(struct shmid_kernel *shp, |
1425 |
- unsigned long *rss_add, unsigned long *swp_add) |
1426 |
-@@ -718,7 +730,7 @@ static void shm_add_rss_swap(struct shmid_kernel *shp, |
1427 |
- } |
1428 |
- |
1429 |
- /* |
1430 |
-- * Called with shm_ids.rw_mutex held as a reader |
1431 |
-+ * Called with shm_ids.rwsem held as a reader |
1432 |
- */ |
1433 |
- static void shm_get_stat(struct ipc_namespace *ns, unsigned long *rss, |
1434 |
- unsigned long *swp) |
1435 |
-@@ -747,9 +759,9 @@ static void shm_get_stat(struct ipc_namespace *ns, unsigned long *rss, |
1436 |
- } |
1437 |
- |
1438 |
- /* |
1439 |
-- * This function handles some shmctl commands which require the rw_mutex |
1440 |
-+ * This function handles some shmctl commands which require the rwsem |
1441 |
- * to be held in write mode. |
1442 |
-- * NOTE: no locks must be held, the rw_mutex is taken inside this function. |
1443 |
-+ * NOTE: no locks must be held, the rwsem is taken inside this function. |
1444 |
- */ |
1445 |
- static int shmctl_down(struct ipc_namespace *ns, int shmid, int cmd, |
1446 |
- struct shmid_ds __user *buf, int version) |
1447 |
-@@ -764,14 +776,13 @@ static int shmctl_down(struct ipc_namespace *ns, int shmid, int cmd, |
1448 |
- return -EFAULT; |
1449 |
- } |
1450 |
- |
1451 |
-- down_write(&shm_ids(ns).rw_mutex); |
1452 |
-+ down_write(&shm_ids(ns).rwsem); |
1453 |
- rcu_read_lock(); |
1454 |
- |
1455 |
-- ipcp = ipcctl_pre_down(ns, &shm_ids(ns), shmid, cmd, |
1456 |
-- &shmid64.shm_perm, 0); |
1457 |
-+ ipcp = ipcctl_pre_down_nolock(ns, &shm_ids(ns), shmid, cmd, |
1458 |
-+ &shmid64.shm_perm, 0); |
1459 |
- if (IS_ERR(ipcp)) { |
1460 |
- err = PTR_ERR(ipcp); |
1461 |
-- /* the ipc lock is not held upon failure */ |
1462 |
- goto out_unlock1; |
1463 |
- } |
1464 |
- |
1465 |
-@@ -779,14 +790,16 @@ static int shmctl_down(struct ipc_namespace *ns, int shmid, int cmd, |
1466 |
- |
1467 |
- err = security_shm_shmctl(shp, cmd); |
1468 |
- if (err) |
1469 |
-- goto out_unlock0; |
1470 |
-+ goto out_unlock1; |
1471 |
- |
1472 |
- switch (cmd) { |
1473 |
- case IPC_RMID: |
1474 |
-+ ipc_lock_object(&shp->shm_perm); |
1475 |
- /* do_shm_rmid unlocks the ipc object and rcu */ |
1476 |
- do_shm_rmid(ns, ipcp); |
1477 |
- goto out_up; |
1478 |
- case IPC_SET: |
1479 |
-+ ipc_lock_object(&shp->shm_perm); |
1480 |
- err = ipc_update_perm(&shmid64.shm_perm, ipcp); |
1481 |
- if (err) |
1482 |
- goto out_unlock0; |
1483 |
-@@ -794,6 +807,7 @@ static int shmctl_down(struct ipc_namespace *ns, int shmid, int cmd, |
1484 |
- break; |
1485 |
- default: |
1486 |
- err = -EINVAL; |
1487 |
-+ goto out_unlock1; |
1488 |
- } |
1489 |
- |
1490 |
- out_unlock0: |
1491 |
-@@ -801,33 +815,28 @@ out_unlock0: |
1492 |
- out_unlock1: |
1493 |
- rcu_read_unlock(); |
1494 |
- out_up: |
1495 |
-- up_write(&shm_ids(ns).rw_mutex); |
1496 |
-+ up_write(&shm_ids(ns).rwsem); |
1497 |
- return err; |
1498 |
- } |
1499 |
- |
1500 |
--SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf) |
1501 |
-+static int shmctl_nolock(struct ipc_namespace *ns, int shmid, |
1502 |
-+ int cmd, int version, void __user *buf) |
1503 |
- { |
1504 |
-+ int err; |
1505 |
- struct shmid_kernel *shp; |
1506 |
-- int err, version; |
1507 |
-- struct ipc_namespace *ns; |
1508 |
- |
1509 |
-- if (cmd < 0 || shmid < 0) { |
1510 |
-- err = -EINVAL; |
1511 |
-- goto out; |
1512 |
-+ /* preliminary security checks for *_INFO */ |
1513 |
-+ if (cmd == IPC_INFO || cmd == SHM_INFO) { |
1514 |
-+ err = security_shm_shmctl(NULL, cmd); |
1515 |
-+ if (err) |
1516 |
-+ return err; |
1517 |
- } |
1518 |
- |
1519 |
-- version = ipc_parse_version(&cmd); |
1520 |
-- ns = current->nsproxy->ipc_ns; |
1521 |
-- |
1522 |
-- switch (cmd) { /* replace with proc interface ? */ |
1523 |
-+ switch (cmd) { |
1524 |
- case IPC_INFO: |
1525 |
- { |
1526 |
- struct shminfo64 shminfo; |
1527 |
- |
1528 |
-- err = security_shm_shmctl(NULL, cmd); |
1529 |
-- if (err) |
1530 |
-- return err; |
1531 |
-- |
1532 |
- memset(&shminfo, 0, sizeof(shminfo)); |
1533 |
- shminfo.shmmni = shminfo.shmseg = ns->shm_ctlmni; |
1534 |
- shminfo.shmmax = ns->shm_ctlmax; |
1535 |
-@@ -837,9 +846,9 @@ SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf) |
1536 |
- if(copy_shminfo_to_user (buf, &shminfo, version)) |
1537 |
- return -EFAULT; |
1538 |
- |
1539 |
-- down_read(&shm_ids(ns).rw_mutex); |
1540 |
-+ down_read(&shm_ids(ns).rwsem); |
1541 |
- err = ipc_get_maxid(&shm_ids(ns)); |
1542 |
-- up_read(&shm_ids(ns).rw_mutex); |
1543 |
-+ up_read(&shm_ids(ns).rwsem); |
1544 |
- |
1545 |
- if(err<0) |
1546 |
- err = 0; |
1547 |
-@@ -849,19 +858,15 @@ SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf) |
1548 |
- { |
1549 |
- struct shm_info shm_info; |
1550 |
- |
1551 |
-- err = security_shm_shmctl(NULL, cmd); |
1552 |
-- if (err) |
1553 |
-- return err; |
1554 |
-- |
1555 |
- memset(&shm_info, 0, sizeof(shm_info)); |
1556 |
-- down_read(&shm_ids(ns).rw_mutex); |
1557 |
-+ down_read(&shm_ids(ns).rwsem); |
1558 |
- shm_info.used_ids = shm_ids(ns).in_use; |
1559 |
- shm_get_stat (ns, &shm_info.shm_rss, &shm_info.shm_swp); |
1560 |
- shm_info.shm_tot = ns->shm_tot; |
1561 |
- shm_info.swap_attempts = 0; |
1562 |
- shm_info.swap_successes = 0; |
1563 |
- err = ipc_get_maxid(&shm_ids(ns)); |
1564 |
-- up_read(&shm_ids(ns).rw_mutex); |
1565 |
-+ up_read(&shm_ids(ns).rwsem); |
1566 |
- if (copy_to_user(buf, &shm_info, sizeof(shm_info))) { |
1567 |
- err = -EFAULT; |
1568 |
- goto out; |
1569 |
-@@ -876,27 +881,31 @@ SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf) |
1570 |
- struct shmid64_ds tbuf; |
1571 |
- int result; |
1572 |
- |
1573 |
-+ rcu_read_lock(); |
1574 |
- if (cmd == SHM_STAT) { |
1575 |
-- shp = shm_lock(ns, shmid); |
1576 |
-+ shp = shm_obtain_object(ns, shmid); |
1577 |
- if (IS_ERR(shp)) { |
1578 |
- err = PTR_ERR(shp); |
1579 |
-- goto out; |
1580 |
-+ goto out_unlock; |
1581 |
- } |
1582 |
- result = shp->shm_perm.id; |
1583 |
- } else { |
1584 |
-- shp = shm_lock_check(ns, shmid); |
1585 |
-+ shp = shm_obtain_object_check(ns, shmid); |
1586 |
- if (IS_ERR(shp)) { |
1587 |
- err = PTR_ERR(shp); |
1588 |
-- goto out; |
1589 |
-+ goto out_unlock; |
1590 |
- } |
1591 |
- result = 0; |
1592 |
- } |
1593 |
-+ |
1594 |
- err = -EACCES; |
1595 |
- if (ipcperms(ns, &shp->shm_perm, S_IRUGO)) |
1596 |
- goto out_unlock; |
1597 |
-+ |
1598 |
- err = security_shm_shmctl(shp, cmd); |
1599 |
- if (err) |
1600 |
- goto out_unlock; |
1601 |
-+ |
1602 |
- memset(&tbuf, 0, sizeof(tbuf)); |
1603 |
- kernel_to_ipc64_perm(&shp->shm_perm, &tbuf.shm_perm); |
1604 |
- tbuf.shm_segsz = shp->shm_segsz; |
1605 |
-@@ -906,43 +915,76 @@ SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf) |
1606 |
- tbuf.shm_cpid = shp->shm_cprid; |
1607 |
- tbuf.shm_lpid = shp->shm_lprid; |
1608 |
- tbuf.shm_nattch = shp->shm_nattch; |
1609 |
-- shm_unlock(shp); |
1610 |
-- if(copy_shmid_to_user (buf, &tbuf, version)) |
1611 |
-+ rcu_read_unlock(); |
1612 |
-+ |
1613 |
-+ if (copy_shmid_to_user(buf, &tbuf, version)) |
1614 |
- err = -EFAULT; |
1615 |
- else |
1616 |
- err = result; |
1617 |
- goto out; |
1618 |
- } |
1619 |
-+ default: |
1620 |
-+ return -EINVAL; |
1621 |
-+ } |
1622 |
-+ |
1623 |
-+out_unlock: |
1624 |
-+ rcu_read_unlock(); |
1625 |
-+out: |
1626 |
-+ return err; |
1627 |
-+} |
1628 |
-+ |
1629 |
-+SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf) |
1630 |
-+{ |
1631 |
-+ struct shmid_kernel *shp; |
1632 |
-+ int err, version; |
1633 |
-+ struct ipc_namespace *ns; |
1634 |
-+ |
1635 |
-+ if (cmd < 0 || shmid < 0) |
1636 |
-+ return -EINVAL; |
1637 |
-+ |
1638 |
-+ version = ipc_parse_version(&cmd); |
1639 |
-+ ns = current->nsproxy->ipc_ns; |
1640 |
-+ |
1641 |
-+ switch (cmd) { |
1642 |
-+ case IPC_INFO: |
1643 |
-+ case SHM_INFO: |
1644 |
-+ case SHM_STAT: |
1645 |
-+ case IPC_STAT: |
1646 |
-+ return shmctl_nolock(ns, shmid, cmd, version, buf); |
1647 |
-+ case IPC_RMID: |
1648 |
-+ case IPC_SET: |
1649 |
-+ return shmctl_down(ns, shmid, cmd, buf, version); |
1650 |
- case SHM_LOCK: |
1651 |
- case SHM_UNLOCK: |
1652 |
- { |
1653 |
- struct file *shm_file; |
1654 |
- |
1655 |
-- shp = shm_lock_check(ns, shmid); |
1656 |
-+ rcu_read_lock(); |
1657 |
-+ shp = shm_obtain_object_check(ns, shmid); |
1658 |
- if (IS_ERR(shp)) { |
1659 |
- err = PTR_ERR(shp); |
1660 |
-- goto out; |
1661 |
-+ goto out_unlock1; |
1662 |
- } |
1663 |
- |
1664 |
- audit_ipc_obj(&(shp->shm_perm)); |
1665 |
-+ err = security_shm_shmctl(shp, cmd); |
1666 |
-+ if (err) |
1667 |
-+ goto out_unlock1; |
1668 |
- |
1669 |
-+ ipc_lock_object(&shp->shm_perm); |
1670 |
- if (!ns_capable(ns->user_ns, CAP_IPC_LOCK)) { |
1671 |
- kuid_t euid = current_euid(); |
1672 |
- err = -EPERM; |
1673 |
- if (!uid_eq(euid, shp->shm_perm.uid) && |
1674 |
- !uid_eq(euid, shp->shm_perm.cuid)) |
1675 |
-- goto out_unlock; |
1676 |
-+ goto out_unlock0; |
1677 |
- if (cmd == SHM_LOCK && !rlimit(RLIMIT_MEMLOCK)) |
1678 |
-- goto out_unlock; |
1679 |
-+ goto out_unlock0; |
1680 |
- } |
1681 |
- |
1682 |
-- err = security_shm_shmctl(shp, cmd); |
1683 |
-- if (err) |
1684 |
-- goto out_unlock; |
1685 |
-- |
1686 |
- shm_file = shp->shm_file; |
1687 |
- if (is_file_hugepages(shm_file)) |
1688 |
-- goto out_unlock; |
1689 |
-+ goto out_unlock0; |
1690 |
- |
1691 |
- if (cmd == SHM_LOCK) { |
1692 |
- struct user_struct *user = current_user(); |
1693 |
-@@ -951,32 +993,31 @@ SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf) |
1694 |
- shp->shm_perm.mode |= SHM_LOCKED; |
1695 |
- shp->mlock_user = user; |
1696 |
- } |
1697 |
-- goto out_unlock; |
1698 |
-+ goto out_unlock0; |
1699 |
- } |
1700 |
- |
1701 |
- /* SHM_UNLOCK */ |
1702 |
- if (!(shp->shm_perm.mode & SHM_LOCKED)) |
1703 |
-- goto out_unlock; |
1704 |
-+ goto out_unlock0; |
1705 |
- shmem_lock(shm_file, 0, shp->mlock_user); |
1706 |
- shp->shm_perm.mode &= ~SHM_LOCKED; |
1707 |
- shp->mlock_user = NULL; |
1708 |
- get_file(shm_file); |
1709 |
-- shm_unlock(shp); |
1710 |
-+ ipc_unlock_object(&shp->shm_perm); |
1711 |
-+ rcu_read_unlock(); |
1712 |
- shmem_unlock_mapping(shm_file->f_mapping); |
1713 |
-+ |
1714 |
- fput(shm_file); |
1715 |
-- goto out; |
1716 |
-- } |
1717 |
-- case IPC_RMID: |
1718 |
-- case IPC_SET: |
1719 |
-- err = shmctl_down(ns, shmid, cmd, buf, version); |
1720 |
- return err; |
1721 |
-+ } |
1722 |
- default: |
1723 |
- return -EINVAL; |
1724 |
- } |
1725 |
- |
1726 |
--out_unlock: |
1727 |
-- shm_unlock(shp); |
1728 |
--out: |
1729 |
-+out_unlock0: |
1730 |
-+ ipc_unlock_object(&shp->shm_perm); |
1731 |
-+out_unlock1: |
1732 |
-+ rcu_read_unlock(); |
1733 |
- return err; |
1734 |
- } |
1735 |
- |
1736 |
-@@ -1044,10 +1085,11 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, |
1737 |
- * additional creator id... |
1738 |
- */ |
1739 |
- ns = current->nsproxy->ipc_ns; |
1740 |
-- shp = shm_lock_check(ns, shmid); |
1741 |
-+ rcu_read_lock(); |
1742 |
-+ shp = shm_obtain_object_check(ns, shmid); |
1743 |
- if (IS_ERR(shp)) { |
1744 |
- err = PTR_ERR(shp); |
1745 |
-- goto out; |
1746 |
-+ goto out_unlock; |
1747 |
- } |
1748 |
- |
1749 |
- err = -EACCES; |
1750 |
-@@ -1058,24 +1100,31 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, |
1751 |
- if (err) |
1752 |
- goto out_unlock; |
1753 |
- |
1754 |
-+ ipc_lock_object(&shp->shm_perm); |
1755 |
- path = shp->shm_file->f_path; |
1756 |
- path_get(&path); |
1757 |
- shp->shm_nattch++; |
1758 |
- size = i_size_read(path.dentry->d_inode); |
1759 |
-- shm_unlock(shp); |
1760 |
-+ ipc_unlock_object(&shp->shm_perm); |
1761 |
-+ rcu_read_unlock(); |
1762 |
- |
1763 |
- err = -ENOMEM; |
1764 |
- sfd = kzalloc(sizeof(*sfd), GFP_KERNEL); |
1765 |
-- if (!sfd) |
1766 |
-- goto out_put_dentry; |
1767 |
-+ if (!sfd) { |
1768 |
-+ path_put(&path); |
1769 |
-+ goto out_nattch; |
1770 |
-+ } |
1771 |
- |
1772 |
- file = alloc_file(&path, f_mode, |
1773 |
- is_file_hugepages(shp->shm_file) ? |
1774 |
- &shm_file_operations_huge : |
1775 |
- &shm_file_operations); |
1776 |
- err = PTR_ERR(file); |
1777 |
-- if (IS_ERR(file)) |
1778 |
-- goto out_free; |
1779 |
-+ if (IS_ERR(file)) { |
1780 |
-+ kfree(sfd); |
1781 |
-+ path_put(&path); |
1782 |
-+ goto out_nattch; |
1783 |
-+ } |
1784 |
- |
1785 |
- file->private_data = sfd; |
1786 |
- file->f_mapping = shp->shm_file->f_mapping; |
1787 |
-@@ -1101,7 +1150,7 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, |
1788 |
- addr > current->mm->start_stack - size - PAGE_SIZE * 5) |
1789 |
- goto invalid; |
1790 |
- } |
1791 |
-- |
1792 |
-+ |
1793 |
- addr = do_mmap_pgoff(file, addr, size, prot, flags, 0, &populate); |
1794 |
- *raddr = addr; |
1795 |
- err = 0; |
1796 |
-@@ -1116,7 +1165,7 @@ out_fput: |
1797 |
- fput(file); |
1798 |
- |
1799 |
- out_nattch: |
1800 |
-- down_write(&shm_ids(ns).rw_mutex); |
1801 |
-+ down_write(&shm_ids(ns).rwsem); |
1802 |
- shp = shm_lock(ns, shmid); |
1803 |
- BUG_ON(IS_ERR(shp)); |
1804 |
- shp->shm_nattch--; |
1805 |
-@@ -1124,20 +1173,13 @@ out_nattch: |
1806 |
- shm_destroy(ns, shp); |
1807 |
- else |
1808 |
- shm_unlock(shp); |
1809 |
-- up_write(&shm_ids(ns).rw_mutex); |
1810 |
-- |
1811 |
--out: |
1812 |
-+ up_write(&shm_ids(ns).rwsem); |
1813 |
- return err; |
1814 |
- |
1815 |
- out_unlock: |
1816 |
-- shm_unlock(shp); |
1817 |
-- goto out; |
1818 |
-- |
1819 |
--out_free: |
1820 |
-- kfree(sfd); |
1821 |
--out_put_dentry: |
1822 |
-- path_put(&path); |
1823 |
-- goto out_nattch; |
1824 |
-+ rcu_read_unlock(); |
1825 |
-+out: |
1826 |
-+ return err; |
1827 |
- } |
1828 |
- |
1829 |
- SYSCALL_DEFINE3(shmat, int, shmid, char __user *, shmaddr, int, shmflg) |
1830 |
-@@ -1242,8 +1284,7 @@ SYSCALL_DEFINE1(shmdt, char __user *, shmaddr) |
1831 |
- #else /* CONFIG_MMU */ |
1832 |
- /* under NOMMU conditions, the exact address to be destroyed must be |
1833 |
- * given */ |
1834 |
-- retval = -EINVAL; |
1835 |
-- if (vma->vm_start == addr && vma->vm_ops == &shm_vm_ops) { |
1836 |
-+ if (vma && vma->vm_start == addr && vma->vm_ops == &shm_vm_ops) { |
1837 |
- do_munmap(mm, vma->vm_start, vma->vm_end - vma->vm_start); |
1838 |
- retval = 0; |
1839 |
- } |
1840 |
-diff --git a/ipc/util.c b/ipc/util.c |
1841 |
-index 0c6566b..fdb8ae7 100644 |
1842 |
---- a/ipc/util.c |
1843 |
-+++ b/ipc/util.c |
1844 |
-@@ -15,6 +15,14 @@ |
1845 |
- * Jun 2006 - namespaces ssupport |
1846 |
- * OpenVZ, SWsoft Inc. |
1847 |
- * Pavel Emelianov <xemul@××××××.org> |
1848 |
-+ * |
1849 |
-+ * General sysv ipc locking scheme: |
1850 |
-+ * when doing ipc id lookups, take the ids->rwsem |
1851 |
-+ * rcu_read_lock() |
1852 |
-+ * obtain the ipc object (kern_ipc_perm) |
1853 |
-+ * perform security, capabilities, auditing and permission checks, etc. |
1854 |
-+ * acquire the ipc lock (kern_ipc_perm.lock) throught ipc_lock_object() |
1855 |
-+ * perform data updates (ie: SET, RMID, LOCK/UNLOCK commands) |
1856 |
- */ |
1857 |
- |
1858 |
- #include <linux/mm.h> |
1859 |
-@@ -119,7 +127,7 @@ __initcall(ipc_init); |
1860 |
- |
1861 |
- void ipc_init_ids(struct ipc_ids *ids) |
1862 |
- { |
1863 |
-- init_rwsem(&ids->rw_mutex); |
1864 |
-+ init_rwsem(&ids->rwsem); |
1865 |
- |
1866 |
- ids->in_use = 0; |
1867 |
- ids->seq = 0; |
1868 |
-@@ -174,7 +182,7 @@ void __init ipc_init_proc_interface(const char *path, const char *header, |
1869 |
- * @ids: Identifier set |
1870 |
- * @key: The key to find |
1871 |
- * |
1872 |
-- * Requires ipc_ids.rw_mutex locked. |
1873 |
-+ * Requires ipc_ids.rwsem locked. |
1874 |
- * Returns the LOCKED pointer to the ipc structure if found or NULL |
1875 |
- * if not. |
1876 |
- * If key is found ipc points to the owning ipc structure |
1877 |
-@@ -197,7 +205,8 @@ static struct kern_ipc_perm *ipc_findkey(struct ipc_ids *ids, key_t key) |
1878 |
- continue; |
1879 |
- } |
1880 |
- |
1881 |
-- ipc_lock_by_ptr(ipc); |
1882 |
-+ rcu_read_lock(); |
1883 |
-+ ipc_lock_object(ipc); |
1884 |
- return ipc; |
1885 |
- } |
1886 |
- |
1887 |
-@@ -208,7 +217,7 @@ static struct kern_ipc_perm *ipc_findkey(struct ipc_ids *ids, key_t key) |
1888 |
- * ipc_get_maxid - get the last assigned id |
1889 |
- * @ids: IPC identifier set |
1890 |
- * |
1891 |
-- * Called with ipc_ids.rw_mutex held. |
1892 |
-+ * Called with ipc_ids.rwsem held. |
1893 |
- */ |
1894 |
- |
1895 |
- int ipc_get_maxid(struct ipc_ids *ids) |
1896 |
-@@ -246,7 +255,7 @@ int ipc_get_maxid(struct ipc_ids *ids) |
1897 |
- * is returned. The 'new' entry is returned in a locked state on success. |
1898 |
- * On failure the entry is not locked and a negative err-code is returned. |
1899 |
- * |
1900 |
-- * Called with writer ipc_ids.rw_mutex held. |
1901 |
-+ * Called with writer ipc_ids.rwsem held. |
1902 |
- */ |
1903 |
- int ipc_addid(struct ipc_ids* ids, struct kern_ipc_perm* new, int size) |
1904 |
- { |
1905 |
-@@ -312,9 +321,9 @@ static int ipcget_new(struct ipc_namespace *ns, struct ipc_ids *ids, |
1906 |
- { |
1907 |
- int err; |
1908 |
- |
1909 |
-- down_write(&ids->rw_mutex); |
1910 |
-+ down_write(&ids->rwsem); |
1911 |
- err = ops->getnew(ns, params); |
1912 |
-- up_write(&ids->rw_mutex); |
1913 |
-+ up_write(&ids->rwsem); |
1914 |
- return err; |
1915 |
- } |
1916 |
- |
1917 |
-@@ -331,7 +340,7 @@ static int ipcget_new(struct ipc_namespace *ns, struct ipc_ids *ids, |
1918 |
- * |
1919 |
- * On success, the IPC id is returned. |
1920 |
- * |
1921 |
-- * It is called with ipc_ids.rw_mutex and ipcp->lock held. |
1922 |
-+ * It is called with ipc_ids.rwsem and ipcp->lock held. |
1923 |
- */ |
1924 |
- static int ipc_check_perms(struct ipc_namespace *ns, |
1925 |
- struct kern_ipc_perm *ipcp, |
1926 |
-@@ -376,7 +385,7 @@ static int ipcget_public(struct ipc_namespace *ns, struct ipc_ids *ids, |
1927 |
- * Take the lock as a writer since we are potentially going to add |
1928 |
- * a new entry + read locks are not "upgradable" |
1929 |
- */ |
1930 |
-- down_write(&ids->rw_mutex); |
1931 |
-+ down_write(&ids->rwsem); |
1932 |
- ipcp = ipc_findkey(ids, params->key); |
1933 |
- if (ipcp == NULL) { |
1934 |
- /* key not used */ |
1935 |
-@@ -402,7 +411,7 @@ static int ipcget_public(struct ipc_namespace *ns, struct ipc_ids *ids, |
1936 |
- } |
1937 |
- ipc_unlock(ipcp); |
1938 |
- } |
1939 |
-- up_write(&ids->rw_mutex); |
1940 |
-+ up_write(&ids->rwsem); |
1941 |
- |
1942 |
- return err; |
1943 |
- } |
1944 |
-@@ -413,7 +422,7 @@ static int ipcget_public(struct ipc_namespace *ns, struct ipc_ids *ids, |
1945 |
- * @ids: IPC identifier set |
1946 |
- * @ipcp: ipc perm structure containing the identifier to remove |
1947 |
- * |
1948 |
-- * ipc_ids.rw_mutex (as a writer) and the spinlock for this ID are held |
1949 |
-+ * ipc_ids.rwsem (as a writer) and the spinlock for this ID are held |
1950 |
- * before this function is called, and remain locked on the exit. |
1951 |
- */ |
1952 |
- |
1953 |
-@@ -613,7 +622,7 @@ struct kern_ipc_perm *ipc_obtain_object(struct ipc_ids *ids, int id) |
1954 |
- } |
1955 |
- |
1956 |
- /** |
1957 |
-- * ipc_lock - Lock an ipc structure without rw_mutex held |
1958 |
-+ * ipc_lock - Lock an ipc structure without rwsem held |
1959 |
- * @ids: IPC identifier set |
1960 |
- * @id: ipc id to look for |
1961 |
- * |
1962 |
-@@ -669,22 +678,6 @@ out: |
1963 |
- return out; |
1964 |
- } |
1965 |
- |
1966 |
--struct kern_ipc_perm *ipc_lock_check(struct ipc_ids *ids, int id) |
1967 |
--{ |
1968 |
-- struct kern_ipc_perm *out; |
1969 |
-- |
1970 |
-- out = ipc_lock(ids, id); |
1971 |
-- if (IS_ERR(out)) |
1972 |
-- return out; |
1973 |
-- |
1974 |
-- if (ipc_checkid(out, id)) { |
1975 |
-- ipc_unlock(out); |
1976 |
-- return ERR_PTR(-EIDRM); |
1977 |
-- } |
1978 |
-- |
1979 |
-- return out; |
1980 |
--} |
1981 |
-- |
1982 |
- /** |
1983 |
- * ipcget - Common sys_*get() code |
1984 |
- * @ns : namsepace |
1985 |
-@@ -725,7 +718,7 @@ int ipc_update_perm(struct ipc64_perm *in, struct kern_ipc_perm *out) |
1986 |
- } |
1987 |
- |
1988 |
- /** |
1989 |
-- * ipcctl_pre_down - retrieve an ipc and check permissions for some IPC_XXX cmd |
1990 |
-+ * ipcctl_pre_down_nolock - retrieve an ipc and check permissions for some IPC_XXX cmd |
1991 |
- * @ns: the ipc namespace |
1992 |
- * @ids: the table of ids where to look for the ipc |
1993 |
- * @id: the id of the ipc to retrieve |
1994 |
-@@ -738,29 +731,13 @@ int ipc_update_perm(struct ipc64_perm *in, struct kern_ipc_perm *out) |
1995 |
- * It must be called without any lock held and |
1996 |
- * - retrieves the ipc with the given id in the given table. |
1997 |
- * - performs some audit and permission check, depending on the given cmd |
1998 |
-- * - returns the ipc with the ipc lock held in case of success |
1999 |
-- * or an err-code without any lock held otherwise. |
2000 |
-+ * - returns a pointer to the ipc object or otherwise, the corresponding error. |
2001 |
- * |
2002 |
-- * Call holding the both the rw_mutex and the rcu read lock. |
2003 |
-+ * Call holding the both the rwsem and the rcu read lock. |
2004 |
- */ |
2005 |
--struct kern_ipc_perm *ipcctl_pre_down(struct ipc_namespace *ns, |
2006 |
-- struct ipc_ids *ids, int id, int cmd, |
2007 |
-- struct ipc64_perm *perm, int extra_perm) |
2008 |
--{ |
2009 |
-- struct kern_ipc_perm *ipcp; |
2010 |
-- |
2011 |
-- ipcp = ipcctl_pre_down_nolock(ns, ids, id, cmd, perm, extra_perm); |
2012 |
-- if (IS_ERR(ipcp)) |
2013 |
-- goto out; |
2014 |
-- |
2015 |
-- spin_lock(&ipcp->lock); |
2016 |
--out: |
2017 |
-- return ipcp; |
2018 |
--} |
2019 |
-- |
2020 |
- struct kern_ipc_perm *ipcctl_pre_down_nolock(struct ipc_namespace *ns, |
2021 |
-- struct ipc_ids *ids, int id, int cmd, |
2022 |
-- struct ipc64_perm *perm, int extra_perm) |
2023 |
-+ struct ipc_ids *ids, int id, int cmd, |
2024 |
-+ struct ipc64_perm *perm, int extra_perm) |
2025 |
- { |
2026 |
- kuid_t euid; |
2027 |
- int err = -EPERM; |
2028 |
-@@ -838,7 +815,8 @@ static struct kern_ipc_perm *sysvipc_find_ipc(struct ipc_ids *ids, loff_t pos, |
2029 |
- ipc = idr_find(&ids->ipcs_idr, pos); |
2030 |
- if (ipc != NULL) { |
2031 |
- *new_pos = pos + 1; |
2032 |
-- ipc_lock_by_ptr(ipc); |
2033 |
-+ rcu_read_lock(); |
2034 |
-+ ipc_lock_object(ipc); |
2035 |
- return ipc; |
2036 |
- } |
2037 |
- } |
2038 |
-@@ -876,7 +854,7 @@ static void *sysvipc_proc_start(struct seq_file *s, loff_t *pos) |
2039 |
- * Take the lock - this will be released by the corresponding |
2040 |
- * call to stop(). |
2041 |
- */ |
2042 |
-- down_read(&ids->rw_mutex); |
2043 |
-+ down_read(&ids->rwsem); |
2044 |
- |
2045 |
- /* pos < 0 is invalid */ |
2046 |
- if (*pos < 0) |
2047 |
-@@ -903,7 +881,7 @@ static void sysvipc_proc_stop(struct seq_file *s, void *it) |
2048 |
- |
2049 |
- ids = &iter->ns->ids[iface->ids]; |
2050 |
- /* Release the lock we took in start() */ |
2051 |
-- up_read(&ids->rw_mutex); |
2052 |
-+ up_read(&ids->rwsem); |
2053 |
- } |
2054 |
- |
2055 |
- static int sysvipc_proc_show(struct seq_file *s, void *it) |
2056 |
-diff --git a/ipc/util.h b/ipc/util.h |
2057 |
-index 25299e7..f2f5036 100644 |
2058 |
---- a/ipc/util.h |
2059 |
-+++ b/ipc/util.h |
2060 |
-@@ -101,10 +101,10 @@ void __init ipc_init_proc_interface(const char *path, const char *header, |
2061 |
- #define ipcid_to_idx(id) ((id) % SEQ_MULTIPLIER) |
2062 |
- #define ipcid_to_seqx(id) ((id) / SEQ_MULTIPLIER) |
2063 |
- |
2064 |
--/* must be called with ids->rw_mutex acquired for writing */ |
2065 |
-+/* must be called with ids->rwsem acquired for writing */ |
2066 |
- int ipc_addid(struct ipc_ids *, struct kern_ipc_perm *, int); |
2067 |
- |
2068 |
--/* must be called with ids->rw_mutex acquired for reading */ |
2069 |
-+/* must be called with ids->rwsem acquired for reading */ |
2070 |
- int ipc_get_maxid(struct ipc_ids *); |
2071 |
- |
2072 |
- /* must be called with both locks acquired. */ |
2073 |
-@@ -139,9 +139,6 @@ int ipc_update_perm(struct ipc64_perm *in, struct kern_ipc_perm *out); |
2074 |
- struct kern_ipc_perm *ipcctl_pre_down_nolock(struct ipc_namespace *ns, |
2075 |
- struct ipc_ids *ids, int id, int cmd, |
2076 |
- struct ipc64_perm *perm, int extra_perm); |
2077 |
--struct kern_ipc_perm *ipcctl_pre_down(struct ipc_namespace *ns, |
2078 |
-- struct ipc_ids *ids, int id, int cmd, |
2079 |
-- struct ipc64_perm *perm, int extra_perm); |
2080 |
- |
2081 |
- #ifndef CONFIG_ARCH_WANT_IPC_PARSE_VERSION |
2082 |
- /* On IA-64, we always use the "64-bit version" of the IPC structures. */ |
2083 |
-@@ -182,19 +179,12 @@ static inline void ipc_assert_locked_object(struct kern_ipc_perm *perm) |
2084 |
- assert_spin_locked(&perm->lock); |
2085 |
- } |
2086 |
- |
2087 |
--static inline void ipc_lock_by_ptr(struct kern_ipc_perm *perm) |
2088 |
--{ |
2089 |
-- rcu_read_lock(); |
2090 |
-- ipc_lock_object(perm); |
2091 |
--} |
2092 |
-- |
2093 |
- static inline void ipc_unlock(struct kern_ipc_perm *perm) |
2094 |
- { |
2095 |
- ipc_unlock_object(perm); |
2096 |
- rcu_read_unlock(); |
2097 |
- } |
2098 |
- |
2099 |
--struct kern_ipc_perm *ipc_lock_check(struct ipc_ids *ids, int id); |
2100 |
- struct kern_ipc_perm *ipc_obtain_object_check(struct ipc_ids *ids, int id); |
2101 |
- int ipcget(struct ipc_namespace *ns, struct ipc_ids *ids, |
2102 |
- struct ipc_ops *ops, struct ipc_params *params); |
2103 |
-diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c |
2104 |
-index 45850f6..4865756 100644 |
2105 |
---- a/sound/pci/hda/patch_hdmi.c |
2106 |
-+++ b/sound/pci/hda/patch_hdmi.c |
2107 |
-@@ -930,6 +930,14 @@ static void hdmi_setup_audio_infoframe(struct hda_codec *codec, |
2108 |
- } |
2109 |
- |
2110 |
- /* |
2111 |
-+ * always configure channel mapping, it may have been changed by the |
2112 |
-+ * user in the meantime |
2113 |
-+ */ |
2114 |
-+ hdmi_setup_channel_mapping(codec, pin_nid, non_pcm, ca, |
2115 |
-+ channels, per_pin->chmap, |
2116 |
-+ per_pin->chmap_set); |
2117 |
-+ |
2118 |
-+ /* |
2119 |
- * sizeof(ai) is used instead of sizeof(*hdmi_ai) or |
2120 |
- * sizeof(*dp_ai) to avoid partial match/update problems when |
2121 |
- * the user switches between HDMI/DP monitors. |
2122 |
-@@ -940,20 +948,10 @@ static void hdmi_setup_audio_infoframe(struct hda_codec *codec, |
2123 |
- "pin=%d channels=%d\n", |
2124 |
- pin_nid, |
2125 |
- channels); |
2126 |
-- hdmi_setup_channel_mapping(codec, pin_nid, non_pcm, ca, |
2127 |
-- channels, per_pin->chmap, |
2128 |
-- per_pin->chmap_set); |
2129 |
- hdmi_stop_infoframe_trans(codec, pin_nid); |
2130 |
- hdmi_fill_audio_infoframe(codec, pin_nid, |
2131 |
- ai.bytes, sizeof(ai)); |
2132 |
- hdmi_start_infoframe_trans(codec, pin_nid); |
2133 |
-- } else { |
2134 |
-- /* For non-pcm audio switch, setup new channel mapping |
2135 |
-- * accordingly */ |
2136 |
-- if (per_pin->non_pcm != non_pcm) |
2137 |
-- hdmi_setup_channel_mapping(codec, pin_nid, non_pcm, ca, |
2138 |
-- channels, per_pin->chmap, |
2139 |
-- per_pin->chmap_set); |
2140 |
- } |
2141 |
- |
2142 |
- per_pin->non_pcm = non_pcm; |
2143 |
-diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c |
2144 |
-index 389db4c..1383f38 100644 |
2145 |
---- a/sound/pci/hda/patch_realtek.c |
2146 |
-+++ b/sound/pci/hda/patch_realtek.c |
2147 |
-@@ -3308,6 +3308,15 @@ static void alc269_fixup_limit_int_mic_boost(struct hda_codec *codec, |
2148 |
- } |
2149 |
- } |
2150 |
- |
2151 |
-+static void alc290_fixup_mono_speakers(struct hda_codec *codec, |
2152 |
-+ const struct hda_fixup *fix, int action) |
2153 |
-+{ |
2154 |
-+ if (action == HDA_FIXUP_ACT_PRE_PROBE) |
2155 |
-+ /* Remove DAC node 0x03, as it seems to be |
2156 |
-+ giving mono output */ |
2157 |
-+ snd_hda_override_wcaps(codec, 0x03, 0); |
2158 |
-+} |
2159 |
-+ |
2160 |
- enum { |
2161 |
- ALC269_FIXUP_SONY_VAIO, |
2162 |
- ALC275_FIXUP_SONY_VAIO_GPIO2, |
2163 |
-@@ -3331,9 +3340,12 @@ enum { |
2164 |
- ALC269_FIXUP_HP_GPIO_LED, |
2165 |
- ALC269_FIXUP_INV_DMIC, |
2166 |
- ALC269_FIXUP_LENOVO_DOCK, |
2167 |
-+ ALC286_FIXUP_SONY_MIC_NO_PRESENCE, |
2168 |
- ALC269_FIXUP_PINCFG_NO_HP_TO_LINEOUT, |
2169 |
- ALC269_FIXUP_DELL1_MIC_NO_PRESENCE, |
2170 |
- ALC269_FIXUP_DELL2_MIC_NO_PRESENCE, |
2171 |
-+ ALC269_FIXUP_DELL3_MIC_NO_PRESENCE, |
2172 |
-+ ALC290_FIXUP_MONO_SPEAKERS, |
2173 |
- ALC269_FIXUP_HEADSET_MODE, |
2174 |
- ALC269_FIXUP_HEADSET_MODE_NO_HP_MIC, |
2175 |
- ALC269_FIXUP_ASUS_X101_FUNC, |
2176 |
-@@ -3521,6 +3533,15 @@ static const struct hda_fixup alc269_fixups[] = { |
2177 |
- .chained = true, |
2178 |
- .chain_id = ALC269_FIXUP_HEADSET_MODE_NO_HP_MIC |
2179 |
- }, |
2180 |
-+ [ALC269_FIXUP_DELL3_MIC_NO_PRESENCE] = { |
2181 |
-+ .type = HDA_FIXUP_PINS, |
2182 |
-+ .v.pins = (const struct hda_pintbl[]) { |
2183 |
-+ { 0x1a, 0x01a1913c }, /* use as headset mic, without its own jack detect */ |
2184 |
-+ { } |
2185 |
-+ }, |
2186 |
-+ .chained = true, |
2187 |
-+ .chain_id = ALC269_FIXUP_HEADSET_MODE_NO_HP_MIC |
2188 |
-+ }, |
2189 |
- [ALC269_FIXUP_HEADSET_MODE] = { |
2190 |
- .type = HDA_FIXUP_FUNC, |
2191 |
- .v.func = alc_fixup_headset_mode, |
2192 |
-@@ -3529,6 +3550,13 @@ static const struct hda_fixup alc269_fixups[] = { |
2193 |
- .type = HDA_FIXUP_FUNC, |
2194 |
- .v.func = alc_fixup_headset_mode_no_hp_mic, |
2195 |
- }, |
2196 |
-+ [ALC286_FIXUP_SONY_MIC_NO_PRESENCE] = { |
2197 |
-+ .type = HDA_FIXUP_PINS, |
2198 |
-+ .v.pins = (const struct hda_pintbl[]) { |
2199 |
-+ { 0x18, 0x01a1913c }, /* use as headset mic, without its own jack detect */ |
2200 |
-+ { } |
2201 |
-+ }, |
2202 |
-+ }, |
2203 |
- [ALC269_FIXUP_ASUS_X101_FUNC] = { |
2204 |
- .type = HDA_FIXUP_FUNC, |
2205 |
- .v.func = alc269_fixup_x101_headset_mic, |
2206 |
-@@ -3595,6 +3623,12 @@ static const struct hda_fixup alc269_fixups[] = { |
2207 |
- { } |
2208 |
- }, |
2209 |
- }, |
2210 |
-+ [ALC290_FIXUP_MONO_SPEAKERS] = { |
2211 |
-+ .type = HDA_FIXUP_FUNC, |
2212 |
-+ .v.func = alc290_fixup_mono_speakers, |
2213 |
-+ .chained = true, |
2214 |
-+ .chain_id = ALC269_FIXUP_DELL3_MIC_NO_PRESENCE, |
2215 |
-+ }, |
2216 |
- }; |
2217 |
- |
2218 |
- static const struct snd_pci_quirk alc269_fixup_tbl[] = { |
2219 |
-@@ -3631,6 +3665,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { |
2220 |
- SND_PCI_QUIRK(0x1028, 0x0608, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE), |
2221 |
- SND_PCI_QUIRK(0x1028, 0x0609, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE), |
2222 |
- SND_PCI_QUIRK(0x1028, 0x0613, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE), |
2223 |
-+ SND_PCI_QUIRK(0x1028, 0x0616, "Dell Vostro 5470", ALC290_FIXUP_MONO_SPEAKERS), |
2224 |
- SND_PCI_QUIRK(0x1028, 0x15cc, "Dell X5 Precision", ALC269_FIXUP_DELL2_MIC_NO_PRESENCE), |
2225 |
- SND_PCI_QUIRK(0x1028, 0x15cd, "Dell X5 Precision", ALC269_FIXUP_DELL2_MIC_NO_PRESENCE), |
2226 |
- SND_PCI_QUIRK(0x103c, 0x1586, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC2), |
2227 |
-@@ -3651,6 +3686,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { |
2228 |
- SND_PCI_QUIRK(0x1043, 0x8398, "ASUS P1005", ALC269_FIXUP_STEREO_DMIC), |
2229 |
- SND_PCI_QUIRK(0x1043, 0x83ce, "ASUS P1005", ALC269_FIXUP_STEREO_DMIC), |
2230 |
- SND_PCI_QUIRK(0x1043, 0x8516, "ASUS X101CH", ALC269_FIXUP_ASUS_X101), |
2231 |
-+ SND_PCI_QUIRK(0x104d, 0x90b6, "Sony VAIO Pro 13", ALC286_FIXUP_SONY_MIC_NO_PRESENCE), |
2232 |
- SND_PCI_QUIRK(0x104d, 0x9073, "Sony VAIO", ALC275_FIXUP_SONY_VAIO_GPIO2), |
2233 |
- SND_PCI_QUIRK(0x104d, 0x907b, "Sony VAIO", ALC275_FIXUP_SONY_HWEQ), |
2234 |
- SND_PCI_QUIRK(0x104d, 0x9084, "Sony VAIO", ALC275_FIXUP_SONY_HWEQ), |
2235 |
-@@ -4345,6 +4381,7 @@ static const struct snd_pci_quirk alc662_fixup_tbl[] = { |
2236 |
- SND_PCI_QUIRK(0x1028, 0x05d8, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE), |
2237 |
- SND_PCI_QUIRK(0x1028, 0x05db, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE), |
2238 |
- SND_PCI_QUIRK(0x103c, 0x1632, "HP RP5800", ALC662_FIXUP_HP_RP5800), |
2239 |
-+ SND_PCI_QUIRK(0x1043, 0x1477, "ASUS N56VZ", ALC662_FIXUP_ASUS_MODE4), |
2240 |
- SND_PCI_QUIRK(0x1043, 0x8469, "ASUS mobo", ALC662_FIXUP_NO_JACK_DETECT), |
2241 |
- SND_PCI_QUIRK(0x105b, 0x0cd6, "Foxconn", ALC662_FIXUP_ASUS_MODE2), |
2242 |
- SND_PCI_QUIRK(0x144d, 0xc051, "Samsung R720", ALC662_FIXUP_IDEAPAD), |
2243 |
-diff --git a/sound/usb/usx2y/usbusx2yaudio.c b/sound/usb/usx2y/usbusx2yaudio.c |
2244 |
-index 63fb521..6234a51 100644 |
2245 |
---- a/sound/usb/usx2y/usbusx2yaudio.c |
2246 |
-+++ b/sound/usb/usx2y/usbusx2yaudio.c |
2247 |
-@@ -299,19 +299,6 @@ static void usX2Y_error_urb_status(struct usX2Ydev *usX2Y, |
2248 |
- usX2Y_clients_stop(usX2Y); |
2249 |
- } |
2250 |
- |
2251 |
--static void usX2Y_error_sequence(struct usX2Ydev *usX2Y, |
2252 |
-- struct snd_usX2Y_substream *subs, struct urb *urb) |
2253 |
--{ |
2254 |
-- snd_printk(KERN_ERR |
2255 |
--"Sequence Error!(hcd_frame=%i ep=%i%s;wait=%i,frame=%i).\n" |
2256 |
--"Most probably some urb of usb-frame %i is still missing.\n" |
2257 |
--"Cause could be too long delays in usb-hcd interrupt handling.\n", |
2258 |
-- usb_get_current_frame_number(usX2Y->dev), |
2259 |
-- subs->endpoint, usb_pipein(urb->pipe) ? "in" : "out", |
2260 |
-- usX2Y->wait_iso_frame, urb->start_frame, usX2Y->wait_iso_frame); |
2261 |
-- usX2Y_clients_stop(usX2Y); |
2262 |
--} |
2263 |
-- |
2264 |
- static void i_usX2Y_urb_complete(struct urb *urb) |
2265 |
- { |
2266 |
- struct snd_usX2Y_substream *subs = urb->context; |
2267 |
-@@ -328,12 +315,9 @@ static void i_usX2Y_urb_complete(struct urb *urb) |
2268 |
- usX2Y_error_urb_status(usX2Y, subs, urb); |
2269 |
- return; |
2270 |
- } |
2271 |
-- if (likely((urb->start_frame & 0xFFFF) == (usX2Y->wait_iso_frame & 0xFFFF))) |
2272 |
-- subs->completed_urb = urb; |
2273 |
-- else { |
2274 |
-- usX2Y_error_sequence(usX2Y, subs, urb); |
2275 |
-- return; |
2276 |
-- } |
2277 |
-+ |
2278 |
-+ subs->completed_urb = urb; |
2279 |
-+ |
2280 |
- { |
2281 |
- struct snd_usX2Y_substream *capsubs = usX2Y->subs[SNDRV_PCM_STREAM_CAPTURE], |
2282 |
- *playbacksubs = usX2Y->subs[SNDRV_PCM_STREAM_PLAYBACK]; |
2283 |
-diff --git a/sound/usb/usx2y/usx2yhwdeppcm.c b/sound/usb/usx2y/usx2yhwdeppcm.c |
2284 |
-index f2a1acd..814d0e8 100644 |
2285 |
---- a/sound/usb/usx2y/usx2yhwdeppcm.c |
2286 |
-+++ b/sound/usb/usx2y/usx2yhwdeppcm.c |
2287 |
-@@ -244,13 +244,8 @@ static void i_usX2Y_usbpcm_urb_complete(struct urb *urb) |
2288 |
- usX2Y_error_urb_status(usX2Y, subs, urb); |
2289 |
- return; |
2290 |
- } |
2291 |
-- if (likely((urb->start_frame & 0xFFFF) == (usX2Y->wait_iso_frame & 0xFFFF))) |
2292 |
-- subs->completed_urb = urb; |
2293 |
-- else { |
2294 |
-- usX2Y_error_sequence(usX2Y, subs, urb); |
2295 |
-- return; |
2296 |
-- } |
2297 |
- |
2298 |
-+ subs->completed_urb = urb; |
2299 |
- capsubs = usX2Y->subs[SNDRV_PCM_STREAM_CAPTURE]; |
2300 |
- capsubs2 = usX2Y->subs[SNDRV_PCM_STREAM_CAPTURE + 2]; |
2301 |
- playbacksubs = usX2Y->subs[SNDRV_PCM_STREAM_PLAYBACK]; |
2302 |
|
2303 |
diff --git a/3.11.6/4420_grsecurity-2.9.1-3.11.6-201310191259.patch b/3.11.6/4420_grsecurity-2.9.1-3.11.6-201310260850.patch |
2304 |
similarity index 99% |
2305 |
rename from 3.11.6/4420_grsecurity-2.9.1-3.11.6-201310191259.patch |
2306 |
rename to 3.11.6/4420_grsecurity-2.9.1-3.11.6-201310260850.patch |
2307 |
index 46b1e15..584d2ee 100644 |
2308 |
--- a/3.11.6/4420_grsecurity-2.9.1-3.11.6-201310191259.patch |
2309 |
+++ b/3.11.6/4420_grsecurity-2.9.1-3.11.6-201310260850.patch |
2310 |
@@ -18357,7 +18357,7 @@ index 7f760a9..04b1c65 100644 |
2311 |
} |
2312 |
|
2313 |
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h |
2314 |
-index 4f7923d..20cb24e 100644 |
2315 |
+index 4f7923d..d3526c1 100644 |
2316 |
--- a/arch/x86/include/asm/uaccess_64.h |
2317 |
+++ b/arch/x86/include/asm/uaccess_64.h |
2318 |
@@ -10,6 +10,9 @@ |
2319 |
@@ -18370,7 +18370,7 @@ index 4f7923d..20cb24e 100644 |
2320 |
|
2321 |
/* |
2322 |
* Copy To/From Userspace |
2323 |
-@@ -17,13 +20,13 @@ |
2324 |
+@@ -17,14 +20,14 @@ |
2325 |
|
2326 |
/* Handles exceptions in both to and from, but doesn't do access_ok */ |
2327 |
__must_check unsigned long |
2328 |
@@ -18384,16 +18384,13 @@ index 4f7923d..20cb24e 100644 |
2329 |
+copy_user_generic_unrolled(void *to, const void *from, unsigned len) __size_overflow(3); |
2330 |
|
2331 |
-static __always_inline __must_check unsigned long |
2332 |
+-copy_user_generic(void *to, const void *from, unsigned len) |
2333 |
+static __always_inline __must_check __size_overflow(3) unsigned long |
2334 |
- copy_user_generic(void *to, const void *from, unsigned len) |
2335 |
++copy_user_generic(void *to, const void *from, unsigned long len) |
2336 |
{ |
2337 |
unsigned ret; |
2338 |
-@@ -41,142 +44,204 @@ copy_user_generic(void *to, const void *from, unsigned len) |
2339 |
- ASM_OUTPUT2("=a" (ret), "=D" (to), "=S" (from), |
2340 |
- "=d" (len)), |
2341 |
- "1" (to), "2" (from), "3" (len) |
2342 |
-- : "memory", "rcx", "r8", "r9", "r10", "r11"); |
2343 |
-+ : "memory", "rcx", "r8", "r9", "r11"); |
2344 |
+ |
2345 |
+@@ -45,138 +48,200 @@ copy_user_generic(void *to, const void *from, unsigned len) |
2346 |
return ret; |
2347 |
} |
2348 |
|
2349 |
@@ -97256,7 +97253,7 @@ index f5eb43d..1814de8 100644 |
2350 |
shdr = (Elf_Shdr *)((char *)ehdr + _r(&ehdr->e_shoff)); |
2351 |
shstrtab_sec = shdr + r2(&ehdr->e_shstrndx); |
2352 |
diff --git a/security/Kconfig b/security/Kconfig |
2353 |
-index e9c6ac7..c5d45c8 100644 |
2354 |
+index e9c6ac7..5b9d82e 100644 |
2355 |
--- a/security/Kconfig |
2356 |
+++ b/security/Kconfig |
2357 |
@@ -4,6 +4,959 @@ |
2358 |
@@ -98185,14 +98182,14 @@ index e9c6ac7..c5d45c8 100644 |
2359 |
+ headers explicitly in addition to the normal gcc package. |
2360 |
+ |
2361 |
+config PAX_LATENT_ENTROPY |
2362 |
-+ bool "Generate some entropy during boot" |
2363 |
++ bool "Generate some entropy during boot and runtime" |
2364 |
+ default y if GRKERNSEC_CONFIG_AUTO |
2365 |
+ help |
2366 |
-+ By saying Y here the kernel will instrument early boot code to |
2367 |
++ By saying Y here the kernel will instrument some kernel code to |
2368 |
+ extract some entropy from both original and artificially created |
2369 |
+ program state. This will help especially embedded systems where |
2370 |
+ there is little 'natural' source of entropy normally. The cost |
2371 |
-+ is some slowdown of the boot process. |
2372 |
++ is some slowdown of the boot process and fork and irq processing. |
2373 |
+ |
2374 |
+ When pax_extra_latent_entropy is passed on the kernel command line, |
2375 |
+ entropy will be extracted from up to the first 4GB of RAM while the |
2376 |
|
2377 |
diff --git a/3.2.51/0000_README b/3.2.51/0000_README |
2378 |
index 7299d26..8ba65d1 100644 |
2379 |
--- a/3.2.51/0000_README |
2380 |
+++ b/3.2.51/0000_README |
2381 |
@@ -122,7 +122,7 @@ Patch: 1050_linux-3.2.51.patch |
2382 |
From: http://www.kernel.org |
2383 |
Desc: Linux 3.2.51 |
2384 |
|
2385 |
-Patch: 4420_grsecurity-2.9.1-3.2.51-201310191257.patch |
2386 |
+Patch: 4420_grsecurity-2.9.1-3.2.51-201310260849.patch |
2387 |
From: http://www.grsecurity.net |
2388 |
Desc: hardened-sources base patch from upstream grsecurity |
2389 |
|
2390 |
|
2391 |
diff --git a/3.2.51/4420_grsecurity-2.9.1-3.2.51-201310191257.patch b/3.2.51/4420_grsecurity-2.9.1-3.2.51-201310260849.patch |
2392 |
similarity index 99% |
2393 |
rename from 3.2.51/4420_grsecurity-2.9.1-3.2.51-201310191257.patch |
2394 |
rename to 3.2.51/4420_grsecurity-2.9.1-3.2.51-201310260849.patch |
2395 |
index 4e9a590..0ea9ee0 100644 |
2396 |
--- a/3.2.51/4420_grsecurity-2.9.1-3.2.51-201310191257.patch |
2397 |
+++ b/3.2.51/4420_grsecurity-2.9.1-3.2.51-201310260849.patch |
2398 |
@@ -14469,7 +14469,7 @@ index 566e803..86f1302 100644 |
2399 |
} |
2400 |
|
2401 |
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h |
2402 |
-index 1c66d30..6c7b4d8 100644 |
2403 |
+index 1c66d30..c815e61 100644 |
2404 |
--- a/arch/x86/include/asm/uaccess_64.h |
2405 |
+++ b/arch/x86/include/asm/uaccess_64.h |
2406 |
@@ -10,6 +10,9 @@ |
2407 |
@@ -14499,12 +14499,7 @@ index 1c66d30..6c7b4d8 100644 |
2408 |
{ |
2409 |
unsigned ret; |
2410 |
|
2411 |
-@@ -32,142 +35,204 @@ copy_user_generic(void *to, const void *from, unsigned len) |
2412 |
- ASM_OUTPUT2("=a" (ret), "=D" (to), "=S" (from), |
2413 |
- "=d" (len)), |
2414 |
- "1" (to), "2" (from), "3" (len) |
2415 |
-- : "memory", "rcx", "r8", "r9", "r10", "r11"); |
2416 |
-+ : "memory", "rcx", "r8", "r9", "r11"); |
2417 |
+@@ -36,138 +39,200 @@ copy_user_generic(void *to, const void *from, unsigned len) |
2418 |
return ret; |
2419 |
} |
2420 |
|
2421 |
@@ -97045,7 +97040,7 @@ index 38f6617..e70b72b 100755 |
2422 |
|
2423 |
exuberant() |
2424 |
diff --git a/security/Kconfig b/security/Kconfig |
2425 |
-index 51bd5a0..433ef3c 100644 |
2426 |
+index 51bd5a0..e4faa00 100644 |
2427 |
--- a/security/Kconfig |
2428 |
+++ b/security/Kconfig |
2429 |
@@ -4,6 +4,954 @@ |
2430 |
@@ -97969,14 +97964,14 @@ index 51bd5a0..433ef3c 100644 |
2431 |
+ headers explicitly in addition to the normal gcc package. |
2432 |
+ |
2433 |
+config PAX_LATENT_ENTROPY |
2434 |
-+ bool "Generate some entropy during boot" |
2435 |
++ bool "Generate some entropy during boot and runtime" |
2436 |
+ default y if GRKERNSEC_CONFIG_AUTO |
2437 |
+ help |
2438 |
-+ By saying Y here the kernel will instrument early boot code to |
2439 |
++ By saying Y here the kernel will instrument some kernel code to |
2440 |
+ extract some entropy from both original and artificially created |
2441 |
+ program state. This will help especially embedded systems where |
2442 |
+ there is little 'natural' source of entropy normally. The cost |
2443 |
-+ is some slowdown of the boot process. |
2444 |
++ is some slowdown of the boot process and fork and irq processing. |
2445 |
+ |
2446 |
+ When pax_extra_latent_entropy is passed on the kernel command line, |
2447 |
+ entropy will be extracted from up to the first 4GB of RAM while the |