Annotation of /trunk/kernel-alx/patches-3.14/0107-3.14.8-all-fixes.patch
Parent Directory | Revision Log
Revision 2506 -
(hide annotations)
(download)
Fri Oct 17 07:55:45 2014 UTC (9 years, 11 months ago) by niro
File size: 19842 byte(s)
Fri Oct 17 07:55:45 2014 UTC (9 years, 11 months ago) by niro
File size: 19842 byte(s)
-patches for 3.14
1 | niro | 2506 | diff --git a/Makefile b/Makefile |
2 | index f2d1225828c2..ef1d59b750ea 100644 | ||
3 | --- a/Makefile | ||
4 | +++ b/Makefile | ||
5 | @@ -1,6 +1,6 @@ | ||
6 | VERSION = 3 | ||
7 | PATCHLEVEL = 14 | ||
8 | -SUBLEVEL = 7 | ||
9 | +SUBLEVEL = 8 | ||
10 | EXTRAVERSION = | ||
11 | NAME = Remembering Coco | ||
12 | |||
13 | diff --git a/arch/mips/include/asm/thread_info.h b/arch/mips/include/asm/thread_info.h | ||
14 | index 24846f9053fe..e80ae50cae80 100644 | ||
15 | --- a/arch/mips/include/asm/thread_info.h | ||
16 | +++ b/arch/mips/include/asm/thread_info.h | ||
17 | @@ -136,7 +136,8 @@ static inline struct thread_info *current_thread_info(void) | ||
18 | #define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT) | ||
19 | |||
20 | #define _TIF_WORK_SYSCALL_ENTRY (_TIF_NOHZ | _TIF_SYSCALL_TRACE | \ | ||
21 | - _TIF_SYSCALL_AUDIT | _TIF_SYSCALL_TRACEPOINT) | ||
22 | + _TIF_SYSCALL_AUDIT | \ | ||
23 | + _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP) | ||
24 | |||
25 | /* work to do in syscall_trace_leave() */ | ||
26 | #define _TIF_WORK_SYSCALL_EXIT (_TIF_NOHZ | _TIF_SYSCALL_TRACE | \ | ||
27 | diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c | ||
28 | index 8f18342540d8..9aa42998d757 100644 | ||
29 | --- a/drivers/ata/ahci.c | ||
30 | +++ b/drivers/ata/ahci.c | ||
31 | @@ -446,10 +446,14 @@ static const struct pci_device_id ahci_pci_tbl[] = { | ||
32 | .driver_data = board_ahci_yes_fbs }, /* 88se9172 */ | ||
33 | { PCI_DEVICE(PCI_VENDOR_ID_MARVELL_EXT, 0x9192), | ||
34 | .driver_data = board_ahci_yes_fbs }, /* 88se9172 on some Gigabyte */ | ||
35 | + { PCI_DEVICE(PCI_VENDOR_ID_MARVELL_EXT, 0x91a0), | ||
36 | + .driver_data = board_ahci_yes_fbs }, | ||
37 | { PCI_DEVICE(PCI_VENDOR_ID_MARVELL_EXT, 0x91a3), | ||
38 | .driver_data = board_ahci_yes_fbs }, | ||
39 | { PCI_DEVICE(PCI_VENDOR_ID_MARVELL_EXT, 0x9230), | ||
40 | .driver_data = board_ahci_yes_fbs }, | ||
41 | + { PCI_DEVICE(PCI_VENDOR_ID_TTI, 0x0642), | ||
42 | + .driver_data = board_ahci_yes_fbs }, | ||
43 | |||
44 | /* Promise */ | ||
45 | { PCI_VDEVICE(PROMISE, 0x3f20), board_ahci }, /* PDC42819 */ | ||
46 | diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c | ||
47 | index b7794792760d..091169152f77 100644 | ||
48 | --- a/drivers/infiniband/ulp/isert/ib_isert.c | ||
49 | +++ b/drivers/infiniband/ulp/isert/ib_isert.c | ||
50 | @@ -489,6 +489,14 @@ isert_connect_request(struct rdma_cm_id *cma_id, struct rdma_cm_event *event) | ||
51 | struct ib_device *ib_dev = cma_id->device; | ||
52 | int ret = 0; | ||
53 | |||
54 | + spin_lock_bh(&np->np_thread_lock); | ||
55 | + if (!np->enabled) { | ||
56 | + spin_unlock_bh(&np->np_thread_lock); | ||
57 | + pr_debug("iscsi_np is not enabled, reject connect request\n"); | ||
58 | + return rdma_reject(cma_id, NULL, 0); | ||
59 | + } | ||
60 | + spin_unlock_bh(&np->np_thread_lock); | ||
61 | + | ||
62 | pr_debug("Entering isert_connect_request cma_id: %p, context: %p\n", | ||
63 | cma_id, cma_id->context); | ||
64 | |||
65 | diff --git a/drivers/media/dvb-core/dvb-usb-ids.h b/drivers/media/dvb-core/dvb-usb-ids.h | ||
66 | index f19a2ccd1e4b..80643ef9183f 100644 | ||
67 | --- a/drivers/media/dvb-core/dvb-usb-ids.h | ||
68 | +++ b/drivers/media/dvb-core/dvb-usb-ids.h | ||
69 | @@ -257,6 +257,7 @@ | ||
70 | #define USB_PID_TERRATEC_T5 0x10a1 | ||
71 | #define USB_PID_NOXON_DAB_STICK 0x00b3 | ||
72 | #define USB_PID_NOXON_DAB_STICK_REV2 0x00e0 | ||
73 | +#define USB_PID_NOXON_DAB_STICK_REV3 0x00b4 | ||
74 | #define USB_PID_PINNACLE_EXPRESSCARD_320CX 0x022e | ||
75 | #define USB_PID_PINNACLE_PCTV2000E 0x022c | ||
76 | #define USB_PID_PINNACLE_PCTV_DVB_T_FLASH 0x0228 | ||
77 | @@ -360,6 +361,7 @@ | ||
78 | #define USB_PID_FRIIO_WHITE 0x0001 | ||
79 | #define USB_PID_TVWAY_PLUS 0x0002 | ||
80 | #define USB_PID_SVEON_STV20 0xe39d | ||
81 | +#define USB_PID_SVEON_STV20_RTL2832U 0xd39d | ||
82 | #define USB_PID_SVEON_STV22 0xe401 | ||
83 | #define USB_PID_SVEON_STV22_IT9137 0xe411 | ||
84 | #define USB_PID_AZUREWAVE_AZ6027 0x3275 | ||
85 | @@ -374,4 +376,5 @@ | ||
86 | #define USB_PID_CTVDIGDUAL_V2 0xe410 | ||
87 | #define USB_PID_PCTV_2002E 0x025c | ||
88 | #define USB_PID_PCTV_2002E_SE 0x025d | ||
89 | +#define USB_PID_SVEON_STV27 0xd3af | ||
90 | #endif | ||
91 | diff --git a/drivers/media/usb/dvb-usb-v2/rtl28xxu.c b/drivers/media/usb/dvb-usb-v2/rtl28xxu.c | ||
92 | index fda5c64ba0e8..fd1312d0b078 100644 | ||
93 | --- a/drivers/media/usb/dvb-usb-v2/rtl28xxu.c | ||
94 | +++ b/drivers/media/usb/dvb-usb-v2/rtl28xxu.c | ||
95 | @@ -1382,6 +1382,7 @@ static const struct dvb_usb_device_properties rtl2832u_props = { | ||
96 | }; | ||
97 | |||
98 | static const struct usb_device_id rtl28xxu_id_table[] = { | ||
99 | + /* RTL2831U devices: */ | ||
100 | { DVB_USB_DEVICE(USB_VID_REALTEK, USB_PID_REALTEK_RTL2831U, | ||
101 | &rtl2831u_props, "Realtek RTL2831U reference design", NULL) }, | ||
102 | { DVB_USB_DEVICE(USB_VID_WIDEVIEW, USB_PID_FREECOM_DVBT, | ||
103 | @@ -1389,6 +1390,7 @@ static const struct usb_device_id rtl28xxu_id_table[] = { | ||
104 | { DVB_USB_DEVICE(USB_VID_WIDEVIEW, USB_PID_FREECOM_DVBT_2, | ||
105 | &rtl2831u_props, "Freecom USB2.0 DVB-T", NULL) }, | ||
106 | |||
107 | + /* RTL2832U devices: */ | ||
108 | { DVB_USB_DEVICE(USB_VID_REALTEK, 0x2832, | ||
109 | &rtl2832u_props, "Realtek RTL2832U reference design", NULL) }, | ||
110 | { DVB_USB_DEVICE(USB_VID_REALTEK, 0x2838, | ||
111 | @@ -1401,6 +1403,8 @@ static const struct usb_device_id rtl28xxu_id_table[] = { | ||
112 | &rtl2832u_props, "TerraTec NOXON DAB Stick", NULL) }, | ||
113 | { DVB_USB_DEVICE(USB_VID_TERRATEC, USB_PID_NOXON_DAB_STICK_REV2, | ||
114 | &rtl2832u_props, "TerraTec NOXON DAB Stick (rev 2)", NULL) }, | ||
115 | + { DVB_USB_DEVICE(USB_VID_TERRATEC, USB_PID_NOXON_DAB_STICK_REV3, | ||
116 | + &rtl2832u_props, "TerraTec NOXON DAB Stick (rev 3)", NULL) }, | ||
117 | { DVB_USB_DEVICE(USB_VID_GTEK, USB_PID_TREKSTOR_TERRES_2_0, | ||
118 | &rtl2832u_props, "Trekstor DVB-T Stick Terres 2.0", NULL) }, | ||
119 | { DVB_USB_DEVICE(USB_VID_DEXATEK, 0x1101, | ||
120 | @@ -1429,7 +1433,16 @@ static const struct usb_device_id rtl28xxu_id_table[] = { | ||
121 | &rtl2832u_props, "Leadtek WinFast DTV Dongle mini", NULL) }, | ||
122 | { DVB_USB_DEVICE(USB_VID_GTEK, USB_PID_CPYTO_REDI_PC50A, | ||
123 | &rtl2832u_props, "Crypto ReDi PC 50 A", NULL) }, | ||
124 | - | ||
125 | + { DVB_USB_DEVICE(USB_VID_KYE, 0x707f, | ||
126 | + &rtl2832u_props, "Genius TVGo DVB-T03", NULL) }, | ||
127 | + { DVB_USB_DEVICE(USB_VID_KWORLD_2, 0xd395, | ||
128 | + &rtl2832u_props, "Peak DVB-T USB", NULL) }, | ||
129 | + { DVB_USB_DEVICE(USB_VID_KWORLD_2, USB_PID_SVEON_STV20_RTL2832U, | ||
130 | + &rtl2832u_props, "Sveon STV20", NULL) }, | ||
131 | + { DVB_USB_DEVICE(USB_VID_KWORLD_2, USB_PID_SVEON_STV27, | ||
132 | + &rtl2832u_props, "Sveon STV27", NULL) }, | ||
133 | + | ||
134 | + /* RTL2832P devices: */ | ||
135 | { DVB_USB_DEVICE(USB_VID_HANFTEK, 0x0131, | ||
136 | &rtl2832u_props, "Astrometa DVB-T2", NULL) }, | ||
137 | { } | ||
138 | diff --git a/drivers/misc/mei/hw-me.c b/drivers/misc/mei/hw-me.c | ||
139 | index 6f656c053b14..fbc4a7bbdfa9 100644 | ||
140 | --- a/drivers/misc/mei/hw-me.c | ||
141 | +++ b/drivers/misc/mei/hw-me.c | ||
142 | @@ -164,6 +164,9 @@ static void mei_me_hw_reset_release(struct mei_device *dev) | ||
143 | hcsr |= H_IG; | ||
144 | hcsr &= ~H_RST; | ||
145 | mei_hcsr_set(hw, hcsr); | ||
146 | + | ||
147 | + /* complete this write before we set host ready on another CPU */ | ||
148 | + mmiowb(); | ||
149 | } | ||
150 | /** | ||
151 | * mei_me_hw_reset - resets fw via mei csr register. | ||
152 | @@ -183,8 +186,21 @@ static int mei_me_hw_reset(struct mei_device *dev, bool intr_enable) | ||
153 | else | ||
154 | hcsr &= ~H_IE; | ||
155 | |||
156 | + dev->recvd_hw_ready = false; | ||
157 | mei_me_reg_write(hw, H_CSR, hcsr); | ||
158 | |||
159 | + /* | ||
160 | + * Host reads the H_CSR once to ensure that the | ||
161 | + * posted write to H_CSR completes. | ||
162 | + */ | ||
163 | + hcsr = mei_hcsr_read(hw); | ||
164 | + | ||
165 | + if ((hcsr & H_RST) == 0) | ||
166 | + dev_warn(&dev->pdev->dev, "H_RST is not set = 0x%08X", hcsr); | ||
167 | + | ||
168 | + if ((hcsr & H_RDY) == H_RDY) | ||
169 | + dev_warn(&dev->pdev->dev, "H_RDY is not cleared 0x%08X", hcsr); | ||
170 | + | ||
171 | if (intr_enable == false) | ||
172 | mei_me_hw_reset_release(dev); | ||
173 | |||
174 | @@ -201,6 +217,7 @@ static int mei_me_hw_reset(struct mei_device *dev, bool intr_enable) | ||
175 | static void mei_me_host_set_ready(struct mei_device *dev) | ||
176 | { | ||
177 | struct mei_me_hw *hw = to_me_hw(dev); | ||
178 | + hw->host_hw_state = mei_hcsr_read(hw); | ||
179 | hw->host_hw_state |= H_IE | H_IG | H_RDY; | ||
180 | mei_hcsr_set(hw, hw->host_hw_state); | ||
181 | } | ||
182 | @@ -233,10 +250,7 @@ static bool mei_me_hw_is_ready(struct mei_device *dev) | ||
183 | static int mei_me_hw_ready_wait(struct mei_device *dev) | ||
184 | { | ||
185 | int err; | ||
186 | - if (mei_me_hw_is_ready(dev)) | ||
187 | - return 0; | ||
188 | |||
189 | - dev->recvd_hw_ready = false; | ||
190 | mutex_unlock(&dev->device_lock); | ||
191 | err = wait_event_interruptible_timeout(dev->wait_hw_ready, | ||
192 | dev->recvd_hw_ready, | ||
193 | @@ -491,14 +505,13 @@ irqreturn_t mei_me_irq_thread_handler(int irq, void *dev_id) | ||
194 | /* check if we need to start the dev */ | ||
195 | if (!mei_host_is_ready(dev)) { | ||
196 | if (mei_hw_is_ready(dev)) { | ||
197 | + mei_me_hw_reset_release(dev); | ||
198 | dev_dbg(&dev->pdev->dev, "we need to start the dev.\n"); | ||
199 | |||
200 | dev->recvd_hw_ready = true; | ||
201 | wake_up_interruptible(&dev->wait_hw_ready); | ||
202 | } else { | ||
203 | - | ||
204 | - dev_dbg(&dev->pdev->dev, "Reset Completed.\n"); | ||
205 | - mei_me_hw_reset_release(dev); | ||
206 | + dev_dbg(&dev->pdev->dev, "Spurious Interrupt\n"); | ||
207 | } | ||
208 | goto end; | ||
209 | } | ||
210 | diff --git a/drivers/pci/msi.c b/drivers/pci/msi.c | ||
211 | index 955ab7990c5b..fb02fc2fb034 100644 | ||
212 | --- a/drivers/pci/msi.c | ||
213 | +++ b/drivers/pci/msi.c | ||
214 | @@ -414,7 +414,7 @@ static void free_msi_irqs(struct pci_dev *dev) | ||
215 | if (dev->msi_irq_groups) { | ||
216 | sysfs_remove_groups(&dev->dev.kobj, dev->msi_irq_groups); | ||
217 | msi_attrs = dev->msi_irq_groups[0]->attrs; | ||
218 | - list_for_each_entry(entry, &dev->msi_list, list) { | ||
219 | + while (msi_attrs[count]) { | ||
220 | dev_attr = container_of(msi_attrs[count], | ||
221 | struct device_attribute, attr); | ||
222 | kfree(dev_attr->attr.name); | ||
223 | diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c | ||
224 | index 86b92d95ac10..39a34da5260f 100644 | ||
225 | --- a/drivers/target/iscsi/iscsi_target.c | ||
226 | +++ b/drivers/target/iscsi/iscsi_target.c | ||
227 | @@ -460,6 +460,7 @@ int iscsit_del_np(struct iscsi_np *np) | ||
228 | spin_lock_bh(&np->np_thread_lock); | ||
229 | np->np_exports--; | ||
230 | if (np->np_exports) { | ||
231 | + np->enabled = true; | ||
232 | spin_unlock_bh(&np->np_thread_lock); | ||
233 | return 0; | ||
234 | } | ||
235 | diff --git a/drivers/target/iscsi/iscsi_target_core.h b/drivers/target/iscsi/iscsi_target_core.h | ||
236 | index 48f7b3bf4e8c..1d4a8c86551f 100644 | ||
237 | --- a/drivers/target/iscsi/iscsi_target_core.h | ||
238 | +++ b/drivers/target/iscsi/iscsi_target_core.h | ||
239 | @@ -773,6 +773,7 @@ struct iscsi_np { | ||
240 | int np_ip_proto; | ||
241 | int np_sock_type; | ||
242 | enum np_thread_state_table np_thread_state; | ||
243 | + bool enabled; | ||
244 | enum iscsi_timer_flags_table np_login_timer_flags; | ||
245 | u32 np_exports; | ||
246 | enum np_flags_table np_flags; | ||
247 | diff --git a/drivers/target/iscsi/iscsi_target_login.c b/drivers/target/iscsi/iscsi_target_login.c | ||
248 | index 369ef10e8077..cad6fdcc64da 100644 | ||
249 | --- a/drivers/target/iscsi/iscsi_target_login.c | ||
250 | +++ b/drivers/target/iscsi/iscsi_target_login.c | ||
251 | @@ -981,6 +981,7 @@ int iscsi_target_setup_login_socket( | ||
252 | } | ||
253 | |||
254 | np->np_transport = t; | ||
255 | + np->enabled = true; | ||
256 | return 0; | ||
257 | } | ||
258 | |||
259 | diff --git a/drivers/target/iscsi/iscsi_target_tpg.c b/drivers/target/iscsi/iscsi_target_tpg.c | ||
260 | index 44a5471de00f..d875f7972325 100644 | ||
261 | --- a/drivers/target/iscsi/iscsi_target_tpg.c | ||
262 | +++ b/drivers/target/iscsi/iscsi_target_tpg.c | ||
263 | @@ -184,6 +184,8 @@ static void iscsit_clear_tpg_np_login_thread( | ||
264 | return; | ||
265 | } | ||
266 | |||
267 | + if (shutdown) | ||
268 | + tpg_np->tpg_np->enabled = false; | ||
269 | iscsit_reset_np_thread(tpg_np->tpg_np, tpg_np, tpg, shutdown); | ||
270 | } | ||
271 | |||
272 | diff --git a/drivers/target/target_core_alua.c b/drivers/target/target_core_alua.c | ||
273 | index c3d9df6aaf5f..f0f0cc0e5752 100644 | ||
274 | --- a/drivers/target/target_core_alua.c | ||
275 | +++ b/drivers/target/target_core_alua.c | ||
276 | @@ -564,7 +564,16 @@ static inline int core_alua_state_standby( | ||
277 | case REPORT_LUNS: | ||
278 | case RECEIVE_DIAGNOSTIC: | ||
279 | case SEND_DIAGNOSTIC: | ||
280 | + case READ_CAPACITY: | ||
281 | return 0; | ||
282 | + case SERVICE_ACTION_IN: | ||
283 | + switch (cdb[1] & 0x1f) { | ||
284 | + case SAI_READ_CAPACITY_16: | ||
285 | + return 0; | ||
286 | + default: | ||
287 | + *alua_ascq = ASCQ_04H_ALUA_TG_PT_STANDBY; | ||
288 | + return 1; | ||
289 | + } | ||
290 | case MAINTENANCE_IN: | ||
291 | switch (cdb[1] & 0x1f) { | ||
292 | case MI_REPORT_TARGET_PGS: | ||
293 | diff --git a/fs/attr.c b/fs/attr.c | ||
294 | index 5d4e59d56e85..6530ced19697 100644 | ||
295 | --- a/fs/attr.c | ||
296 | +++ b/fs/attr.c | ||
297 | @@ -50,14 +50,14 @@ int inode_change_ok(const struct inode *inode, struct iattr *attr) | ||
298 | if ((ia_valid & ATTR_UID) && | ||
299 | (!uid_eq(current_fsuid(), inode->i_uid) || | ||
300 | !uid_eq(attr->ia_uid, inode->i_uid)) && | ||
301 | - !inode_capable(inode, CAP_CHOWN)) | ||
302 | + !capable_wrt_inode_uidgid(inode, CAP_CHOWN)) | ||
303 | return -EPERM; | ||
304 | |||
305 | /* Make sure caller can chgrp. */ | ||
306 | if ((ia_valid & ATTR_GID) && | ||
307 | (!uid_eq(current_fsuid(), inode->i_uid) || | ||
308 | (!in_group_p(attr->ia_gid) && !gid_eq(attr->ia_gid, inode->i_gid))) && | ||
309 | - !inode_capable(inode, CAP_CHOWN)) | ||
310 | + !capable_wrt_inode_uidgid(inode, CAP_CHOWN)) | ||
311 | return -EPERM; | ||
312 | |||
313 | /* Make sure a caller can chmod. */ | ||
314 | @@ -67,7 +67,7 @@ int inode_change_ok(const struct inode *inode, struct iattr *attr) | ||
315 | /* Also check the setgid bit! */ | ||
316 | if (!in_group_p((ia_valid & ATTR_GID) ? attr->ia_gid : | ||
317 | inode->i_gid) && | ||
318 | - !inode_capable(inode, CAP_FSETID)) | ||
319 | + !capable_wrt_inode_uidgid(inode, CAP_FSETID)) | ||
320 | attr->ia_mode &= ~S_ISGID; | ||
321 | } | ||
322 | |||
323 | @@ -160,7 +160,7 @@ void setattr_copy(struct inode *inode, const struct iattr *attr) | ||
324 | umode_t mode = attr->ia_mode; | ||
325 | |||
326 | if (!in_group_p(inode->i_gid) && | ||
327 | - !inode_capable(inode, CAP_FSETID)) | ||
328 | + !capable_wrt_inode_uidgid(inode, CAP_FSETID)) | ||
329 | mode &= ~S_ISGID; | ||
330 | inode->i_mode = mode; | ||
331 | } | ||
332 | diff --git a/fs/inode.c b/fs/inode.c | ||
333 | index 4bcdad3c9361..e846a32e8d6e 100644 | ||
334 | --- a/fs/inode.c | ||
335 | +++ b/fs/inode.c | ||
336 | @@ -1840,14 +1840,18 @@ EXPORT_SYMBOL(inode_init_owner); | ||
337 | * inode_owner_or_capable - check current task permissions to inode | ||
338 | * @inode: inode being checked | ||
339 | * | ||
340 | - * Return true if current either has CAP_FOWNER to the inode, or | ||
341 | - * owns the file. | ||
342 | + * Return true if current either has CAP_FOWNER in a namespace with the | ||
343 | + * inode owner uid mapped, or owns the file. | ||
344 | */ | ||
345 | bool inode_owner_or_capable(const struct inode *inode) | ||
346 | { | ||
347 | + struct user_namespace *ns; | ||
348 | + | ||
349 | if (uid_eq(current_fsuid(), inode->i_uid)) | ||
350 | return true; | ||
351 | - if (inode_capable(inode, CAP_FOWNER)) | ||
352 | + | ||
353 | + ns = current_user_ns(); | ||
354 | + if (ns_capable(ns, CAP_FOWNER) && kuid_has_mapping(ns, inode->i_uid)) | ||
355 | return true; | ||
356 | return false; | ||
357 | } | ||
358 | diff --git a/fs/namei.c b/fs/namei.c | ||
359 | index 4a3c105cf703..8274c8d39b03 100644 | ||
360 | --- a/fs/namei.c | ||
361 | +++ b/fs/namei.c | ||
362 | @@ -332,10 +332,11 @@ int generic_permission(struct inode *inode, int mask) | ||
363 | |||
364 | if (S_ISDIR(inode->i_mode)) { | ||
365 | /* DACs are overridable for directories */ | ||
366 | - if (inode_capable(inode, CAP_DAC_OVERRIDE)) | ||
367 | + if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE)) | ||
368 | return 0; | ||
369 | if (!(mask & MAY_WRITE)) | ||
370 | - if (inode_capable(inode, CAP_DAC_READ_SEARCH)) | ||
371 | + if (capable_wrt_inode_uidgid(inode, | ||
372 | + CAP_DAC_READ_SEARCH)) | ||
373 | return 0; | ||
374 | return -EACCES; | ||
375 | } | ||
376 | @@ -345,7 +346,7 @@ int generic_permission(struct inode *inode, int mask) | ||
377 | * at least one exec bit set. | ||
378 | */ | ||
379 | if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO)) | ||
380 | - if (inode_capable(inode, CAP_DAC_OVERRIDE)) | ||
381 | + if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE)) | ||
382 | return 0; | ||
383 | |||
384 | /* | ||
385 | @@ -353,7 +354,7 @@ int generic_permission(struct inode *inode, int mask) | ||
386 | */ | ||
387 | mask &= MAY_READ | MAY_WRITE | MAY_EXEC; | ||
388 | if (mask == MAY_READ) | ||
389 | - if (inode_capable(inode, CAP_DAC_READ_SEARCH)) | ||
390 | + if (capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH)) | ||
391 | return 0; | ||
392 | |||
393 | return -EACCES; | ||
394 | @@ -2370,7 +2371,7 @@ static inline int check_sticky(struct inode *dir, struct inode *inode) | ||
395 | return 0; | ||
396 | if (uid_eq(dir->i_uid, fsuid)) | ||
397 | return 0; | ||
398 | - return !inode_capable(inode, CAP_FOWNER); | ||
399 | + return !capable_wrt_inode_uidgid(inode, CAP_FOWNER); | ||
400 | } | ||
401 | |||
402 | /* | ||
403 | diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c | ||
404 | index bcfe61202115..78e62cc471c5 100644 | ||
405 | --- a/fs/xfs/xfs_ioctl.c | ||
406 | +++ b/fs/xfs/xfs_ioctl.c | ||
407 | @@ -1241,7 +1241,7 @@ xfs_ioctl_setattr( | ||
408 | * cleared upon successful return from chown() | ||
409 | */ | ||
410 | if ((ip->i_d.di_mode & (S_ISUID|S_ISGID)) && | ||
411 | - !inode_capable(VFS_I(ip), CAP_FSETID)) | ||
412 | + !capable_wrt_inode_uidgid(VFS_I(ip), CAP_FSETID)) | ||
413 | ip->i_d.di_mode &= ~(S_ISUID|S_ISGID); | ||
414 | |||
415 | /* | ||
416 | diff --git a/include/linux/capability.h b/include/linux/capability.h | ||
417 | index a6ee1f9a5018..84b13ad67c1c 100644 | ||
418 | --- a/include/linux/capability.h | ||
419 | +++ b/include/linux/capability.h | ||
420 | @@ -210,7 +210,7 @@ extern bool has_ns_capability_noaudit(struct task_struct *t, | ||
421 | struct user_namespace *ns, int cap); | ||
422 | extern bool capable(int cap); | ||
423 | extern bool ns_capable(struct user_namespace *ns, int cap); | ||
424 | -extern bool inode_capable(const struct inode *inode, int cap); | ||
425 | +extern bool capable_wrt_inode_uidgid(const struct inode *inode, int cap); | ||
426 | extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap); | ||
427 | |||
428 | /* audit system wants to get cap info from files as well */ | ||
429 | diff --git a/kernel/auditsc.c b/kernel/auditsc.c | ||
430 | index 3b29605ea1b2..37e621606807 100644 | ||
431 | --- a/kernel/auditsc.c | ||
432 | +++ b/kernel/auditsc.c | ||
433 | @@ -720,6 +720,22 @@ static enum audit_state audit_filter_task(struct task_struct *tsk, char **key) | ||
434 | return AUDIT_BUILD_CONTEXT; | ||
435 | } | ||
436 | |||
437 | +static int audit_in_mask(const struct audit_krule *rule, unsigned long val) | ||
438 | +{ | ||
439 | + int word, bit; | ||
440 | + | ||
441 | + if (val > 0xffffffff) | ||
442 | + return false; | ||
443 | + | ||
444 | + word = AUDIT_WORD(val); | ||
445 | + if (word >= AUDIT_BITMASK_SIZE) | ||
446 | + return false; | ||
447 | + | ||
448 | + bit = AUDIT_BIT(val); | ||
449 | + | ||
450 | + return rule->mask[word] & bit; | ||
451 | +} | ||
452 | + | ||
453 | /* At syscall entry and exit time, this filter is called if the | ||
454 | * audit_state is not low enough that auditing cannot take place, but is | ||
455 | * also not high enough that we already know we have to write an audit | ||
456 | @@ -737,11 +753,8 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, | ||
457 | |||
458 | rcu_read_lock(); | ||
459 | if (!list_empty(list)) { | ||
460 | - int word = AUDIT_WORD(ctx->major); | ||
461 | - int bit = AUDIT_BIT(ctx->major); | ||
462 | - | ||
463 | list_for_each_entry_rcu(e, list, list) { | ||
464 | - if ((e->rule.mask[word] & bit) == bit && | ||
465 | + if (audit_in_mask(&e->rule, ctx->major) && | ||
466 | audit_filter_rules(tsk, &e->rule, ctx, NULL, | ||
467 | &state, false)) { | ||
468 | rcu_read_unlock(); | ||
469 | @@ -761,20 +774,16 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, | ||
470 | static int audit_filter_inode_name(struct task_struct *tsk, | ||
471 | struct audit_names *n, | ||
472 | struct audit_context *ctx) { | ||
473 | - int word, bit; | ||
474 | int h = audit_hash_ino((u32)n->ino); | ||
475 | struct list_head *list = &audit_inode_hash[h]; | ||
476 | struct audit_entry *e; | ||
477 | enum audit_state state; | ||
478 | |||
479 | - word = AUDIT_WORD(ctx->major); | ||
480 | - bit = AUDIT_BIT(ctx->major); | ||
481 | - | ||
482 | if (list_empty(list)) | ||
483 | return 0; | ||
484 | |||
485 | list_for_each_entry_rcu(e, list, list) { | ||
486 | - if ((e->rule.mask[word] & bit) == bit && | ||
487 | + if (audit_in_mask(&e->rule, ctx->major) && | ||
488 | audit_filter_rules(tsk, &e->rule, ctx, n, &state, false)) { | ||
489 | ctx->current_state = state; | ||
490 | return 1; | ||
491 | diff --git a/kernel/capability.c b/kernel/capability.c | ||
492 | index 34019c57888d..1191a44786df 100644 | ||
493 | --- a/kernel/capability.c | ||
494 | +++ b/kernel/capability.c | ||
495 | @@ -433,23 +433,19 @@ bool capable(int cap) | ||
496 | EXPORT_SYMBOL(capable); | ||
497 | |||
498 | /** | ||
499 | - * inode_capable - Check superior capability over inode | ||
500 | + * capable_wrt_inode_uidgid - Check nsown_capable and uid and gid mapped | ||
501 | * @inode: The inode in question | ||
502 | * @cap: The capability in question | ||
503 | * | ||
504 | - * Return true if the current task has the given superior capability | ||
505 | - * targeted at it's own user namespace and that the given inode is owned | ||
506 | - * by the current user namespace or a child namespace. | ||
507 | - * | ||
508 | - * Currently we check to see if an inode is owned by the current | ||
509 | - * user namespace by seeing if the inode's owner maps into the | ||
510 | - * current user namespace. | ||
511 | - * | ||
512 | + * Return true if the current task has the given capability targeted at | ||
513 | + * its own user namespace and that the given inode's uid and gid are | ||
514 | + * mapped into the current user namespace. | ||
515 | */ | ||
516 | -bool inode_capable(const struct inode *inode, int cap) | ||
517 | +bool capable_wrt_inode_uidgid(const struct inode *inode, int cap) | ||
518 | { | ||
519 | struct user_namespace *ns = current_user_ns(); | ||
520 | |||
521 | - return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid); | ||
522 | + return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid) && | ||
523 | + kgid_has_mapping(ns, inode->i_gid); | ||
524 | } | ||
525 | -EXPORT_SYMBOL(inode_capable); | ||
526 | +EXPORT_SYMBOL(capable_wrt_inode_uidgid); | ||
527 | diff --git a/net/ipv4/netfilter/nf_defrag_ipv4.c b/net/ipv4/netfilter/nf_defrag_ipv4.c | ||
528 | index 12e13bd82b5b..f40f321b41fc 100644 | ||
529 | --- a/net/ipv4/netfilter/nf_defrag_ipv4.c | ||
530 | +++ b/net/ipv4/netfilter/nf_defrag_ipv4.c | ||
531 | @@ -22,7 +22,6 @@ | ||
532 | #endif | ||
533 | #include <net/netfilter/nf_conntrack_zones.h> | ||
534 | |||
535 | -/* Returns new sk_buff, or NULL */ | ||
536 | static int nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user) | ||
537 | { | ||
538 | int err; | ||
539 | @@ -33,8 +32,10 @@ static int nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user) | ||
540 | err = ip_defrag(skb, user); | ||
541 | local_bh_enable(); | ||
542 | |||
543 | - if (!err) | ||
544 | + if (!err) { | ||
545 | ip_send_check(ip_hdr(skb)); | ||
546 | + skb->local_df = 1; | ||
547 | + } | ||
548 | |||
549 | return err; | ||
550 | } |