Contents of /trunk/kernel-alx/patches-4.9/0119-4.9.20-all-fixes.patch
Parent Directory | Revision Log
Revision 2956 -
(show annotations)
(download)
Mon Jul 24 12:03:46 2017 UTC (7 years, 2 months ago) by niro
File size: 17310 byte(s)
Mon Jul 24 12:03:46 2017 UTC (7 years, 2 months ago) by niro
File size: 17310 byte(s)
-added patches-4.9
1 | diff --git a/Makefile b/Makefile |
2 | index ba1c6a8e6a70..44960184701a 100644 |
3 | --- a/Makefile |
4 | +++ b/Makefile |
5 | @@ -1,6 +1,6 @@ |
6 | VERSION = 4 |
7 | PATCHLEVEL = 9 |
8 | -SUBLEVEL = 19 |
9 | +SUBLEVEL = 20 |
10 | EXTRAVERSION = |
11 | NAME = Roaring Lionus |
12 | |
13 | diff --git a/arch/c6x/kernel/ptrace.c b/arch/c6x/kernel/ptrace.c |
14 | index 3c494e84444d..a511ac16a8e3 100644 |
15 | --- a/arch/c6x/kernel/ptrace.c |
16 | +++ b/arch/c6x/kernel/ptrace.c |
17 | @@ -69,46 +69,6 @@ static int gpr_get(struct task_struct *target, |
18 | 0, sizeof(*regs)); |
19 | } |
20 | |
21 | -static int gpr_set(struct task_struct *target, |
22 | - const struct user_regset *regset, |
23 | - unsigned int pos, unsigned int count, |
24 | - const void *kbuf, const void __user *ubuf) |
25 | -{ |
26 | - int ret; |
27 | - struct pt_regs *regs = task_pt_regs(target); |
28 | - |
29 | - /* Don't copyin TSR or CSR */ |
30 | - ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, |
31 | - ®s, |
32 | - 0, PT_TSR * sizeof(long)); |
33 | - if (ret) |
34 | - return ret; |
35 | - |
36 | - ret = user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf, |
37 | - PT_TSR * sizeof(long), |
38 | - (PT_TSR + 1) * sizeof(long)); |
39 | - if (ret) |
40 | - return ret; |
41 | - |
42 | - ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, |
43 | - ®s, |
44 | - (PT_TSR + 1) * sizeof(long), |
45 | - PT_CSR * sizeof(long)); |
46 | - if (ret) |
47 | - return ret; |
48 | - |
49 | - ret = user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf, |
50 | - PT_CSR * sizeof(long), |
51 | - (PT_CSR + 1) * sizeof(long)); |
52 | - if (ret) |
53 | - return ret; |
54 | - |
55 | - ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, |
56 | - ®s, |
57 | - (PT_CSR + 1) * sizeof(long), -1); |
58 | - return ret; |
59 | -} |
60 | - |
61 | enum c6x_regset { |
62 | REGSET_GPR, |
63 | }; |
64 | @@ -120,7 +80,6 @@ static const struct user_regset c6x_regsets[] = { |
65 | .size = sizeof(u32), |
66 | .align = sizeof(u32), |
67 | .get = gpr_get, |
68 | - .set = gpr_set |
69 | }, |
70 | }; |
71 | |
72 | diff --git a/arch/h8300/kernel/ptrace.c b/arch/h8300/kernel/ptrace.c |
73 | index 92075544a19a..0dc1c8f622bc 100644 |
74 | --- a/arch/h8300/kernel/ptrace.c |
75 | +++ b/arch/h8300/kernel/ptrace.c |
76 | @@ -95,7 +95,8 @@ static int regs_get(struct task_struct *target, |
77 | long *reg = (long *)®s; |
78 | |
79 | /* build user regs in buffer */ |
80 | - for (r = 0; r < ARRAY_SIZE(register_offset); r++) |
81 | + BUILD_BUG_ON(sizeof(regs) % sizeof(long) != 0); |
82 | + for (r = 0; r < sizeof(regs) / sizeof(long); r++) |
83 | *reg++ = h8300_get_reg(target, r); |
84 | |
85 | return user_regset_copyout(&pos, &count, &kbuf, &ubuf, |
86 | @@ -113,7 +114,8 @@ static int regs_set(struct task_struct *target, |
87 | long *reg; |
88 | |
89 | /* build user regs in buffer */ |
90 | - for (reg = (long *)®s, r = 0; r < ARRAY_SIZE(register_offset); r++) |
91 | + BUILD_BUG_ON(sizeof(regs) % sizeof(long) != 0); |
92 | + for (reg = (long *)®s, r = 0; r < sizeof(regs) / sizeof(long); r++) |
93 | *reg++ = h8300_get_reg(target, r); |
94 | |
95 | ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, |
96 | @@ -122,7 +124,7 @@ static int regs_set(struct task_struct *target, |
97 | return ret; |
98 | |
99 | /* write back to pt_regs */ |
100 | - for (reg = (long *)®s, r = 0; r < ARRAY_SIZE(register_offset); r++) |
101 | + for (reg = (long *)®s, r = 0; r < sizeof(regs) / sizeof(long); r++) |
102 | h8300_put_reg(target, r, *reg++); |
103 | return 0; |
104 | } |
105 | diff --git a/arch/metag/kernel/ptrace.c b/arch/metag/kernel/ptrace.c |
106 | index 7563628822bd..5e2dc7defd2c 100644 |
107 | --- a/arch/metag/kernel/ptrace.c |
108 | +++ b/arch/metag/kernel/ptrace.c |
109 | @@ -24,6 +24,16 @@ |
110 | * user_regset definitions. |
111 | */ |
112 | |
113 | +static unsigned long user_txstatus(const struct pt_regs *regs) |
114 | +{ |
115 | + unsigned long data = (unsigned long)regs->ctx.Flags; |
116 | + |
117 | + if (regs->ctx.SaveMask & TBICTX_CBUF_BIT) |
118 | + data |= USER_GP_REGS_STATUS_CATCH_BIT; |
119 | + |
120 | + return data; |
121 | +} |
122 | + |
123 | int metag_gp_regs_copyout(const struct pt_regs *regs, |
124 | unsigned int pos, unsigned int count, |
125 | void *kbuf, void __user *ubuf) |
126 | @@ -62,9 +72,7 @@ int metag_gp_regs_copyout(const struct pt_regs *regs, |
127 | if (ret) |
128 | goto out; |
129 | /* TXSTATUS */ |
130 | - data = (unsigned long)regs->ctx.Flags; |
131 | - if (regs->ctx.SaveMask & TBICTX_CBUF_BIT) |
132 | - data |= USER_GP_REGS_STATUS_CATCH_BIT; |
133 | + data = user_txstatus(regs); |
134 | ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, |
135 | &data, 4*25, 4*26); |
136 | if (ret) |
137 | @@ -119,6 +127,7 @@ int metag_gp_regs_copyin(struct pt_regs *regs, |
138 | if (ret) |
139 | goto out; |
140 | /* TXSTATUS */ |
141 | + data = user_txstatus(regs); |
142 | ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, |
143 | &data, 4*25, 4*26); |
144 | if (ret) |
145 | @@ -244,6 +253,8 @@ int metag_rp_state_copyin(struct pt_regs *regs, |
146 | unsigned long long *ptr; |
147 | int ret, i; |
148 | |
149 | + if (count < 4*13) |
150 | + return -EINVAL; |
151 | /* Read the entire pipeline before making any changes */ |
152 | ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, |
153 | &rp, 0, 4*13); |
154 | @@ -303,7 +314,7 @@ static int metag_tls_set(struct task_struct *target, |
155 | const void *kbuf, const void __user *ubuf) |
156 | { |
157 | int ret; |
158 | - void __user *tls; |
159 | + void __user *tls = target->thread.tls_ptr; |
160 | |
161 | ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &tls, 0, -1); |
162 | if (ret) |
163 | diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c |
164 | index a92994d60e91..bf83dc1eecfb 100644 |
165 | --- a/arch/mips/kernel/ptrace.c |
166 | +++ b/arch/mips/kernel/ptrace.c |
167 | @@ -485,7 +485,8 @@ static int fpr_set(struct task_struct *target, |
168 | &target->thread.fpu, |
169 | 0, sizeof(elf_fpregset_t)); |
170 | |
171 | - for (i = 0; i < NUM_FPU_REGS; i++) { |
172 | + BUILD_BUG_ON(sizeof(fpr_val) != sizeof(elf_fpreg_t)); |
173 | + for (i = 0; i < NUM_FPU_REGS && count >= sizeof(elf_fpreg_t); i++) { |
174 | err = user_regset_copyin(&pos, &count, &kbuf, &ubuf, |
175 | &fpr_val, i * sizeof(elf_fpreg_t), |
176 | (i + 1) * sizeof(elf_fpreg_t)); |
177 | diff --git a/arch/sparc/kernel/ptrace_64.c b/arch/sparc/kernel/ptrace_64.c |
178 | index ac082dd8c67d..7037ca3b4328 100644 |
179 | --- a/arch/sparc/kernel/ptrace_64.c |
180 | +++ b/arch/sparc/kernel/ptrace_64.c |
181 | @@ -313,7 +313,7 @@ static int genregs64_set(struct task_struct *target, |
182 | } |
183 | |
184 | if (!ret) { |
185 | - unsigned long y; |
186 | + unsigned long y = regs->y; |
187 | |
188 | ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, |
189 | &y, |
190 | diff --git a/arch/x86/include/asm/kvm_page_track.h b/arch/x86/include/asm/kvm_page_track.h |
191 | index c2b8d24a235c..6226cb0eca23 100644 |
192 | --- a/arch/x86/include/asm/kvm_page_track.h |
193 | +++ b/arch/x86/include/asm/kvm_page_track.h |
194 | @@ -35,6 +35,7 @@ struct kvm_page_track_notifier_node { |
195 | }; |
196 | |
197 | void kvm_page_track_init(struct kvm *kvm); |
198 | +void kvm_page_track_cleanup(struct kvm *kvm); |
199 | |
200 | void kvm_page_track_free_memslot(struct kvm_memory_slot *free, |
201 | struct kvm_memory_slot *dont); |
202 | diff --git a/arch/x86/kvm/page_track.c b/arch/x86/kvm/page_track.c |
203 | index b431539c3714..85024e0cfaa5 100644 |
204 | --- a/arch/x86/kvm/page_track.c |
205 | +++ b/arch/x86/kvm/page_track.c |
206 | @@ -156,6 +156,14 @@ bool kvm_page_track_is_active(struct kvm_vcpu *vcpu, gfn_t gfn, |
207 | return !!ACCESS_ONCE(slot->arch.gfn_track[mode][index]); |
208 | } |
209 | |
210 | +void kvm_page_track_cleanup(struct kvm *kvm) |
211 | +{ |
212 | + struct kvm_page_track_notifier_head *head; |
213 | + |
214 | + head = &kvm->arch.track_notifier_head; |
215 | + cleanup_srcu_struct(&head->track_srcu); |
216 | +} |
217 | + |
218 | void kvm_page_track_init(struct kvm *kvm) |
219 | { |
220 | struct kvm_page_track_notifier_head *head; |
221 | diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
222 | index 731044efb195..e5bc139d1ba7 100644 |
223 | --- a/arch/x86/kvm/x86.c |
224 | +++ b/arch/x86/kvm/x86.c |
225 | @@ -7976,6 +7976,7 @@ void kvm_arch_destroy_vm(struct kvm *kvm) |
226 | kvm_free_vcpus(kvm); |
227 | kvfree(rcu_dereference_check(kvm->arch.apic_map, 1)); |
228 | kvm_mmu_uninit_vm(kvm); |
229 | + kvm_page_track_cleanup(kvm); |
230 | } |
231 | |
232 | void kvm_arch_free_memslot(struct kvm *kvm, struct kvm_memory_slot *free, |
233 | diff --git a/drivers/pinctrl/qcom/pinctrl-msm.c b/drivers/pinctrl/qcom/pinctrl-msm.c |
234 | index 775c88303017..bedce3453dd3 100644 |
235 | --- a/drivers/pinctrl/qcom/pinctrl-msm.c |
236 | +++ b/drivers/pinctrl/qcom/pinctrl-msm.c |
237 | @@ -594,10 +594,6 @@ static void msm_gpio_irq_unmask(struct irq_data *d) |
238 | |
239 | spin_lock_irqsave(&pctrl->lock, flags); |
240 | |
241 | - val = readl(pctrl->regs + g->intr_status_reg); |
242 | - val &= ~BIT(g->intr_status_bit); |
243 | - writel(val, pctrl->regs + g->intr_status_reg); |
244 | - |
245 | val = readl(pctrl->regs + g->intr_cfg_reg); |
246 | val |= BIT(g->intr_enable_bit); |
247 | writel(val, pctrl->regs + g->intr_cfg_reg); |
248 | diff --git a/drivers/usb/musb/musb_core.c b/drivers/usb/musb/musb_core.c |
249 | index 338575fb2d27..358feca54945 100644 |
250 | --- a/drivers/usb/musb/musb_core.c |
251 | +++ b/drivers/usb/musb/musb_core.c |
252 | @@ -2467,8 +2467,8 @@ static int musb_remove(struct platform_device *pdev) |
253 | pm_runtime_get_sync(musb->controller); |
254 | musb_host_cleanup(musb); |
255 | musb_gadget_cleanup(musb); |
256 | - spin_lock_irqsave(&musb->lock, flags); |
257 | musb_platform_disable(musb); |
258 | + spin_lock_irqsave(&musb->lock, flags); |
259 | musb_generic_disable(musb); |
260 | spin_unlock_irqrestore(&musb->lock, flags); |
261 | musb_writeb(musb->mregs, MUSB_DEVCTL, 0); |
262 | diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c |
263 | index 9d2738e9217f..2c2e6792f7e0 100644 |
264 | --- a/drivers/virtio/virtio_balloon.c |
265 | +++ b/drivers/virtio/virtio_balloon.c |
266 | @@ -427,6 +427,8 @@ static int init_vqs(struct virtio_balloon *vb) |
267 | * Prime this virtqueue with one buffer so the hypervisor can |
268 | * use it to signal us later (it can't be broken yet!). |
269 | */ |
270 | + update_balloon_stats(vb); |
271 | + |
272 | sg_init_one(&sg, vb->stats, sizeof vb->stats); |
273 | if (virtqueue_add_outbuf(vb->stats_vq, &sg, 1, vb, GFP_KERNEL) |
274 | < 0) |
275 | diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c |
276 | index 98f87fe8f186..61cfccea77bc 100644 |
277 | --- a/fs/crypto/crypto.c |
278 | +++ b/fs/crypto/crypto.c |
279 | @@ -352,7 +352,6 @@ EXPORT_SYMBOL(fscrypt_zeroout_range); |
280 | static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags) |
281 | { |
282 | struct dentry *dir; |
283 | - struct fscrypt_info *ci; |
284 | int dir_has_key, cached_with_key; |
285 | |
286 | if (flags & LOOKUP_RCU) |
287 | @@ -364,18 +363,11 @@ static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags) |
288 | return 0; |
289 | } |
290 | |
291 | - ci = d_inode(dir)->i_crypt_info; |
292 | - if (ci && ci->ci_keyring_key && |
293 | - (ci->ci_keyring_key->flags & ((1 << KEY_FLAG_INVALIDATED) | |
294 | - (1 << KEY_FLAG_REVOKED) | |
295 | - (1 << KEY_FLAG_DEAD)))) |
296 | - ci = NULL; |
297 | - |
298 | /* this should eventually be an flag in d_flags */ |
299 | spin_lock(&dentry->d_lock); |
300 | cached_with_key = dentry->d_flags & DCACHE_ENCRYPTED_WITH_KEY; |
301 | spin_unlock(&dentry->d_lock); |
302 | - dir_has_key = (ci != NULL); |
303 | + dir_has_key = (d_inode(dir)->i_crypt_info != NULL); |
304 | dput(dir); |
305 | |
306 | /* |
307 | diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c |
308 | index 9b774f4b50c8..80bb956e14e5 100644 |
309 | --- a/fs/crypto/fname.c |
310 | +++ b/fs/crypto/fname.c |
311 | @@ -350,7 +350,7 @@ int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, |
312 | fname->disk_name.len = iname->len; |
313 | return 0; |
314 | } |
315 | - ret = get_crypt_info(dir); |
316 | + ret = fscrypt_get_encryption_info(dir); |
317 | if (ret && ret != -EOPNOTSUPP) |
318 | return ret; |
319 | |
320 | diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c |
321 | index 67fb6d8876d0..bb4606368eb1 100644 |
322 | --- a/fs/crypto/keyinfo.c |
323 | +++ b/fs/crypto/keyinfo.c |
324 | @@ -99,6 +99,7 @@ static int validate_user_key(struct fscrypt_info *crypt_info, |
325 | kfree(full_key_descriptor); |
326 | if (IS_ERR(keyring_key)) |
327 | return PTR_ERR(keyring_key); |
328 | + down_read(&keyring_key->sem); |
329 | |
330 | if (keyring_key->type != &key_type_logon) { |
331 | printk_once(KERN_WARNING |
332 | @@ -106,11 +107,9 @@ static int validate_user_key(struct fscrypt_info *crypt_info, |
333 | res = -ENOKEY; |
334 | goto out; |
335 | } |
336 | - down_read(&keyring_key->sem); |
337 | ukp = user_key_payload(keyring_key); |
338 | if (ukp->datalen != sizeof(struct fscrypt_key)) { |
339 | res = -EINVAL; |
340 | - up_read(&keyring_key->sem); |
341 | goto out; |
342 | } |
343 | master_key = (struct fscrypt_key *)ukp->data; |
344 | @@ -121,17 +120,11 @@ static int validate_user_key(struct fscrypt_info *crypt_info, |
345 | "%s: key size incorrect: %d\n", |
346 | __func__, master_key->size); |
347 | res = -ENOKEY; |
348 | - up_read(&keyring_key->sem); |
349 | goto out; |
350 | } |
351 | res = derive_key_aes(ctx->nonce, master_key->raw, raw_key); |
352 | - up_read(&keyring_key->sem); |
353 | - if (res) |
354 | - goto out; |
355 | - |
356 | - crypt_info->ci_keyring_key = keyring_key; |
357 | - return 0; |
358 | out: |
359 | + up_read(&keyring_key->sem); |
360 | key_put(keyring_key); |
361 | return res; |
362 | } |
363 | @@ -173,12 +166,11 @@ static void put_crypt_info(struct fscrypt_info *ci) |
364 | if (!ci) |
365 | return; |
366 | |
367 | - key_put(ci->ci_keyring_key); |
368 | crypto_free_skcipher(ci->ci_ctfm); |
369 | kmem_cache_free(fscrypt_info_cachep, ci); |
370 | } |
371 | |
372 | -int get_crypt_info(struct inode *inode) |
373 | +int fscrypt_get_encryption_info(struct inode *inode) |
374 | { |
375 | struct fscrypt_info *crypt_info; |
376 | struct fscrypt_context ctx; |
377 | @@ -188,21 +180,15 @@ int get_crypt_info(struct inode *inode) |
378 | u8 *raw_key = NULL; |
379 | int res; |
380 | |
381 | + if (inode->i_crypt_info) |
382 | + return 0; |
383 | + |
384 | res = fscrypt_initialize(); |
385 | if (res) |
386 | return res; |
387 | |
388 | if (!inode->i_sb->s_cop->get_context) |
389 | return -EOPNOTSUPP; |
390 | -retry: |
391 | - crypt_info = ACCESS_ONCE(inode->i_crypt_info); |
392 | - if (crypt_info) { |
393 | - if (!crypt_info->ci_keyring_key || |
394 | - key_validate(crypt_info->ci_keyring_key) == 0) |
395 | - return 0; |
396 | - fscrypt_put_encryption_info(inode, crypt_info); |
397 | - goto retry; |
398 | - } |
399 | |
400 | res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); |
401 | if (res < 0) { |
402 | @@ -230,7 +216,6 @@ int get_crypt_info(struct inode *inode) |
403 | crypt_info->ci_data_mode = ctx.contents_encryption_mode; |
404 | crypt_info->ci_filename_mode = ctx.filenames_encryption_mode; |
405 | crypt_info->ci_ctfm = NULL; |
406 | - crypt_info->ci_keyring_key = NULL; |
407 | memcpy(crypt_info->ci_master_key, ctx.master_key_descriptor, |
408 | sizeof(crypt_info->ci_master_key)); |
409 | |
410 | @@ -285,14 +270,8 @@ int get_crypt_info(struct inode *inode) |
411 | if (res) |
412 | goto out; |
413 | |
414 | - kzfree(raw_key); |
415 | - raw_key = NULL; |
416 | - if (cmpxchg(&inode->i_crypt_info, NULL, crypt_info) != NULL) { |
417 | - put_crypt_info(crypt_info); |
418 | - goto retry; |
419 | - } |
420 | - return 0; |
421 | - |
422 | + if (cmpxchg(&inode->i_crypt_info, NULL, crypt_info) == NULL) |
423 | + crypt_info = NULL; |
424 | out: |
425 | if (res == -ENOKEY) |
426 | res = 0; |
427 | @@ -300,6 +279,7 @@ int get_crypt_info(struct inode *inode) |
428 | kzfree(raw_key); |
429 | return res; |
430 | } |
431 | +EXPORT_SYMBOL(fscrypt_get_encryption_info); |
432 | |
433 | void fscrypt_put_encryption_info(struct inode *inode, struct fscrypt_info *ci) |
434 | { |
435 | @@ -317,17 +297,3 @@ void fscrypt_put_encryption_info(struct inode *inode, struct fscrypt_info *ci) |
436 | put_crypt_info(ci); |
437 | } |
438 | EXPORT_SYMBOL(fscrypt_put_encryption_info); |
439 | - |
440 | -int fscrypt_get_encryption_info(struct inode *inode) |
441 | -{ |
442 | - struct fscrypt_info *ci = inode->i_crypt_info; |
443 | - |
444 | - if (!ci || |
445 | - (ci->ci_keyring_key && |
446 | - (ci->ci_keyring_key->flags & ((1 << KEY_FLAG_INVALIDATED) | |
447 | - (1 << KEY_FLAG_REVOKED) | |
448 | - (1 << KEY_FLAG_DEAD))))) |
449 | - return get_crypt_info(inode); |
450 | - return 0; |
451 | -} |
452 | -EXPORT_SYMBOL(fscrypt_get_encryption_info); |
453 | diff --git a/include/linux/fscrypto.h b/include/linux/fscrypto.h |
454 | index ff8b11b26f31..f6dfc2950f76 100644 |
455 | --- a/include/linux/fscrypto.h |
456 | +++ b/include/linux/fscrypto.h |
457 | @@ -79,7 +79,6 @@ struct fscrypt_info { |
458 | u8 ci_filename_mode; |
459 | u8 ci_flags; |
460 | struct crypto_skcipher *ci_ctfm; |
461 | - struct key *ci_keyring_key; |
462 | u8 ci_master_key[FS_KEY_DESCRIPTOR_SIZE]; |
463 | }; |
464 | |
465 | @@ -256,7 +255,6 @@ extern int fscrypt_has_permitted_context(struct inode *, struct inode *); |
466 | extern int fscrypt_inherit_context(struct inode *, struct inode *, |
467 | void *, bool); |
468 | /* keyinfo.c */ |
469 | -extern int get_crypt_info(struct inode *); |
470 | extern int fscrypt_get_encryption_info(struct inode *); |
471 | extern void fscrypt_put_encryption_info(struct inode *, struct fscrypt_info *); |
472 | |
473 | diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c |
474 | index 37e2449186c4..c95c5122b105 100644 |
475 | --- a/kernel/sched/deadline.c |
476 | +++ b/kernel/sched/deadline.c |
477 | @@ -1729,12 +1729,11 @@ static void switched_to_dl(struct rq *rq, struct task_struct *p) |
478 | #ifdef CONFIG_SMP |
479 | if (tsk_nr_cpus_allowed(p) > 1 && rq->dl.overloaded) |
480 | queue_push_tasks(rq); |
481 | -#else |
482 | +#endif |
483 | if (dl_task(rq->curr)) |
484 | check_preempt_curr_dl(rq, p, 0); |
485 | else |
486 | resched_curr(rq); |
487 | -#endif |
488 | } |
489 | } |
490 | |
491 | diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c |
492 | index 2516b8df6dbb..f139f22ce30d 100644 |
493 | --- a/kernel/sched/rt.c |
494 | +++ b/kernel/sched/rt.c |
495 | @@ -2198,10 +2198,9 @@ static void switched_to_rt(struct rq *rq, struct task_struct *p) |
496 | #ifdef CONFIG_SMP |
497 | if (tsk_nr_cpus_allowed(p) > 1 && rq->rt.overloaded) |
498 | queue_push_tasks(rq); |
499 | -#else |
500 | +#endif /* CONFIG_SMP */ |
501 | if (p->prio < rq->curr->prio) |
502 | resched_curr(rq); |
503 | -#endif /* CONFIG_SMP */ |
504 | } |
505 | } |
506 | |
507 | diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c |
508 | index 5bf7e1bfeac7..e0437a7aa1a2 100644 |
509 | --- a/net/xfrm/xfrm_policy.c |
510 | +++ b/net/xfrm/xfrm_policy.c |
511 | @@ -3062,6 +3062,11 @@ static int __net_init xfrm_net_init(struct net *net) |
512 | { |
513 | int rv; |
514 | |
515 | + /* Initialize the per-net locks here */ |
516 | + spin_lock_init(&net->xfrm.xfrm_state_lock); |
517 | + spin_lock_init(&net->xfrm.xfrm_policy_lock); |
518 | + mutex_init(&net->xfrm.xfrm_cfg_mutex); |
519 | + |
520 | rv = xfrm_statistics_init(net); |
521 | if (rv < 0) |
522 | goto out_statistics; |
523 | @@ -3078,11 +3083,6 @@ static int __net_init xfrm_net_init(struct net *net) |
524 | if (rv < 0) |
525 | goto out; |
526 | |
527 | - /* Initialize the per-net locks here */ |
528 | - spin_lock_init(&net->xfrm.xfrm_state_lock); |
529 | - spin_lock_init(&net->xfrm.xfrm_policy_lock); |
530 | - mutex_init(&net->xfrm.xfrm_cfg_mutex); |
531 | - |
532 | return 0; |
533 | |
534 | out: |
535 | diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c |
536 | index 671a1d0333f0..a7e27e1140dd 100644 |
537 | --- a/net/xfrm/xfrm_user.c |
538 | +++ b/net/xfrm/xfrm_user.c |
539 | @@ -412,7 +412,14 @@ static inline int xfrm_replay_verify_len(struct xfrm_replay_state_esn *replay_es |
540 | up = nla_data(rp); |
541 | ulen = xfrm_replay_state_esn_len(up); |
542 | |
543 | - if (nla_len(rp) < ulen || xfrm_replay_state_esn_len(replay_esn) != ulen) |
544 | + /* Check the overall length and the internal bitmap length to avoid |
545 | + * potential overflow. */ |
546 | + if (nla_len(rp) < ulen || |
547 | + xfrm_replay_state_esn_len(replay_esn) != ulen || |
548 | + replay_esn->bmp_len != up->bmp_len) |
549 | + return -EINVAL; |
550 | + |
551 | + if (up->replay_window > up->bmp_len * sizeof(__u32) * 8) |
552 | return -EINVAL; |
553 | |
554 | return 0; |