Contents of /trunk/kernel-alx/patches-5.4/0187-5.4.88-all-fixes.patch
Parent Directory | Revision Log
Revision 3637 -
(show annotations)
(download)
Mon Oct 24 12:40:44 2022 UTC (23 months ago) by niro
File size: 30223 byte(s)
Mon Oct 24 12:40:44 2022 UTC (23 months ago) by niro
File size: 30223 byte(s)
-add missing
1 | diff --git a/Makefile b/Makefile |
2 | index 71968b4bb313d..450ebe1528062 100644 |
3 | --- a/Makefile |
4 | +++ b/Makefile |
5 | @@ -1,7 +1,7 @@ |
6 | # SPDX-License-Identifier: GPL-2.0 |
7 | VERSION = 5 |
8 | PATCHLEVEL = 4 |
9 | -SUBLEVEL = 87 |
10 | +SUBLEVEL = 88 |
11 | EXTRAVERSION = |
12 | NAME = Kleptomaniac Octopus |
13 | |
14 | diff --git a/drivers/dma/at_hdmac.c b/drivers/dma/at_hdmac.c |
15 | index ff366c2f58c18..303bc3e601a1c 100644 |
16 | --- a/drivers/dma/at_hdmac.c |
17 | +++ b/drivers/dma/at_hdmac.c |
18 | @@ -1673,9 +1673,11 @@ static struct dma_chan *at_dma_xlate(struct of_phandle_args *dma_spec, |
19 | dma_cap_zero(mask); |
20 | dma_cap_set(DMA_SLAVE, mask); |
21 | |
22 | - atslave = kzalloc(sizeof(*atslave), GFP_KERNEL); |
23 | - if (!atslave) |
24 | + atslave = kmalloc(sizeof(*atslave), GFP_KERNEL); |
25 | + if (!atslave) { |
26 | + put_device(&dmac_pdev->dev); |
27 | return NULL; |
28 | + } |
29 | |
30 | atslave->cfg = ATC_DST_H2SEL_HW | ATC_SRC_H2SEL_HW; |
31 | /* |
32 | @@ -1704,8 +1706,11 @@ static struct dma_chan *at_dma_xlate(struct of_phandle_args *dma_spec, |
33 | atslave->dma_dev = &dmac_pdev->dev; |
34 | |
35 | chan = dma_request_channel(mask, at_dma_filter, atslave); |
36 | - if (!chan) |
37 | + if (!chan) { |
38 | + put_device(&dmac_pdev->dev); |
39 | + kfree(atslave); |
40 | return NULL; |
41 | + } |
42 | |
43 | atchan = to_at_dma_chan(chan); |
44 | atchan->per_if = dma_spec->args[0] & 0xff; |
45 | diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c |
46 | index 09410971615c4..d2dd387c95d86 100644 |
47 | --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c |
48 | +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c |
49 | @@ -1434,8 +1434,7 @@ amdgpu_dm_update_connector_after_detect(struct amdgpu_dm_connector *aconnector) |
50 | |
51 | drm_connector_update_edid_property(connector, |
52 | aconnector->edid); |
53 | - aconnector->num_modes = drm_add_edid_modes(connector, aconnector->edid); |
54 | - drm_connector_list_update(connector); |
55 | + drm_add_edid_modes(connector, aconnector->edid); |
56 | |
57 | if (aconnector->dc_link->aux_mode) |
58 | drm_dp_cec_set_edid(&aconnector->dm_dp_aux.aux, |
59 | diff --git a/drivers/iio/imu/bmi160/bmi160.h b/drivers/iio/imu/bmi160/bmi160.h |
60 | index 621f5309d735a..431f10c2b951d 100644 |
61 | --- a/drivers/iio/imu/bmi160/bmi160.h |
62 | +++ b/drivers/iio/imu/bmi160/bmi160.h |
63 | @@ -7,6 +7,13 @@ |
64 | struct bmi160_data { |
65 | struct regmap *regmap; |
66 | struct iio_trigger *trig; |
67 | + /* |
68 | + * Ensure natural alignment for timestamp if present. |
69 | + * Max length needed: 2 * 3 channels + 4 bytes padding + 8 byte ts. |
70 | + * If fewer channels are enabled, less space may be needed, as |
71 | + * long as the timestamp is still aligned to 8 bytes. |
72 | + */ |
73 | + __le16 buf[12] __aligned(8); |
74 | }; |
75 | |
76 | extern const struct regmap_config bmi160_regmap_config; |
77 | diff --git a/drivers/iio/imu/bmi160/bmi160_core.c b/drivers/iio/imu/bmi160/bmi160_core.c |
78 | index a5994899e3965..088694c82327a 100644 |
79 | --- a/drivers/iio/imu/bmi160/bmi160_core.c |
80 | +++ b/drivers/iio/imu/bmi160/bmi160_core.c |
81 | @@ -411,8 +411,6 @@ static irqreturn_t bmi160_trigger_handler(int irq, void *p) |
82 | struct iio_poll_func *pf = p; |
83 | struct iio_dev *indio_dev = pf->indio_dev; |
84 | struct bmi160_data *data = iio_priv(indio_dev); |
85 | - __le16 buf[12]; |
86 | - /* 2 sens x 3 axis x __le16 + 2 x __le16 pad + 4 x __le16 tstamp */ |
87 | int i, ret, j = 0, base = BMI160_REG_DATA_MAGN_XOUT_L; |
88 | __le16 sample; |
89 | |
90 | @@ -422,10 +420,10 @@ static irqreturn_t bmi160_trigger_handler(int irq, void *p) |
91 | &sample, sizeof(sample)); |
92 | if (ret) |
93 | goto done; |
94 | - buf[j++] = sample; |
95 | + data->buf[j++] = sample; |
96 | } |
97 | |
98 | - iio_push_to_buffers_with_timestamp(indio_dev, buf, pf->timestamp); |
99 | + iio_push_to_buffers_with_timestamp(indio_dev, data->buf, pf->timestamp); |
100 | done: |
101 | iio_trigger_notify_done(indio_dev->trig); |
102 | return IRQ_HANDLED; |
103 | diff --git a/drivers/mtd/nand/spi/core.c b/drivers/mtd/nand/spi/core.c |
104 | index 671700af91804..0d21c68bfe245 100644 |
105 | --- a/drivers/mtd/nand/spi/core.c |
106 | +++ b/drivers/mtd/nand/spi/core.c |
107 | @@ -317,10 +317,6 @@ static int spinand_write_to_cache_op(struct spinand_device *spinand, |
108 | buf += ret; |
109 | } |
110 | |
111 | - if (req->ooblen) |
112 | - memcpy(req->oobbuf.in, spinand->oobbuf + req->ooboffs, |
113 | - req->ooblen); |
114 | - |
115 | return 0; |
116 | } |
117 | |
118 | diff --git a/drivers/net/wireless/marvell/mwifiex/join.c b/drivers/net/wireless/marvell/mwifiex/join.c |
119 | index d87aeff70cefb..c2cb1e711c06e 100644 |
120 | --- a/drivers/net/wireless/marvell/mwifiex/join.c |
121 | +++ b/drivers/net/wireless/marvell/mwifiex/join.c |
122 | @@ -877,6 +877,8 @@ mwifiex_cmd_802_11_ad_hoc_start(struct mwifiex_private *priv, |
123 | |
124 | memset(adhoc_start->ssid, 0, IEEE80211_MAX_SSID_LEN); |
125 | |
126 | + if (req_ssid->ssid_len > IEEE80211_MAX_SSID_LEN) |
127 | + req_ssid->ssid_len = IEEE80211_MAX_SSID_LEN; |
128 | memcpy(adhoc_start->ssid, req_ssid->ssid, req_ssid->ssid_len); |
129 | |
130 | mwifiex_dbg(adapter, INFO, "info: ADHOC_S_CMD: SSID = %s\n", |
131 | diff --git a/fs/exec.c b/fs/exec.c |
132 | index 2441eb1a1e2d0..1b4d2206d53a1 100644 |
133 | --- a/fs/exec.c |
134 | +++ b/fs/exec.c |
135 | @@ -1009,8 +1009,8 @@ EXPORT_SYMBOL(read_code); |
136 | |
137 | /* |
138 | * Maps the mm_struct mm into the current task struct. |
139 | - * On success, this function returns with the mutex |
140 | - * exec_update_mutex locked. |
141 | + * On success, this function returns with exec_update_lock |
142 | + * held for writing. |
143 | */ |
144 | static int exec_mmap(struct mm_struct *mm) |
145 | { |
146 | @@ -1023,7 +1023,7 @@ static int exec_mmap(struct mm_struct *mm) |
147 | old_mm = current->mm; |
148 | exec_mm_release(tsk, old_mm); |
149 | |
150 | - ret = mutex_lock_killable(&tsk->signal->exec_update_mutex); |
151 | + ret = down_write_killable(&tsk->signal->exec_update_lock); |
152 | if (ret) |
153 | return ret; |
154 | |
155 | @@ -1038,7 +1038,7 @@ static int exec_mmap(struct mm_struct *mm) |
156 | down_read(&old_mm->mmap_sem); |
157 | if (unlikely(old_mm->core_state)) { |
158 | up_read(&old_mm->mmap_sem); |
159 | - mutex_unlock(&tsk->signal->exec_update_mutex); |
160 | + up_write(&tsk->signal->exec_update_lock); |
161 | return -EINTR; |
162 | } |
163 | } |
164 | @@ -1450,7 +1450,7 @@ static void free_bprm(struct linux_binprm *bprm) |
165 | free_arg_pages(bprm); |
166 | if (bprm->cred) { |
167 | if (bprm->called_exec_mmap) |
168 | - mutex_unlock(¤t->signal->exec_update_mutex); |
169 | + up_write(¤t->signal->exec_update_lock); |
170 | mutex_unlock(¤t->signal->cred_guard_mutex); |
171 | abort_creds(bprm->cred); |
172 | } |
173 | @@ -1500,7 +1500,7 @@ void install_exec_creds(struct linux_binprm *bprm) |
174 | * credentials; any time after this it may be unlocked. |
175 | */ |
176 | security_bprm_committed_creds(bprm); |
177 | - mutex_unlock(¤t->signal->exec_update_mutex); |
178 | + up_write(¤t->signal->exec_update_lock); |
179 | mutex_unlock(¤t->signal->cred_guard_mutex); |
180 | } |
181 | EXPORT_SYMBOL(install_exec_creds); |
182 | diff --git a/fs/fuse/acl.c b/fs/fuse/acl.c |
183 | index 5a48cee6d7d33..f529075a2ce87 100644 |
184 | --- a/fs/fuse/acl.c |
185 | +++ b/fs/fuse/acl.c |
186 | @@ -19,6 +19,9 @@ struct posix_acl *fuse_get_acl(struct inode *inode, int type) |
187 | void *value = NULL; |
188 | struct posix_acl *acl; |
189 | |
190 | + if (fuse_is_bad(inode)) |
191 | + return ERR_PTR(-EIO); |
192 | + |
193 | if (!fc->posix_acl || fc->no_getxattr) |
194 | return NULL; |
195 | |
196 | @@ -53,6 +56,9 @@ int fuse_set_acl(struct inode *inode, struct posix_acl *acl, int type) |
197 | const char *name; |
198 | int ret; |
199 | |
200 | + if (fuse_is_bad(inode)) |
201 | + return -EIO; |
202 | + |
203 | if (!fc->posix_acl || fc->no_setxattr) |
204 | return -EOPNOTSUPP; |
205 | |
206 | diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c |
207 | index ee190119f45cc..60378f3baaae1 100644 |
208 | --- a/fs/fuse/dir.c |
209 | +++ b/fs/fuse/dir.c |
210 | @@ -201,7 +201,7 @@ static int fuse_dentry_revalidate(struct dentry *entry, unsigned int flags) |
211 | int ret; |
212 | |
213 | inode = d_inode_rcu(entry); |
214 | - if (inode && is_bad_inode(inode)) |
215 | + if (inode && fuse_is_bad(inode)) |
216 | goto invalid; |
217 | else if (time_before64(fuse_dentry_time(entry), get_jiffies_64()) || |
218 | (flags & LOOKUP_REVAL)) { |
219 | @@ -386,6 +386,9 @@ static struct dentry *fuse_lookup(struct inode *dir, struct dentry *entry, |
220 | bool outarg_valid = true; |
221 | bool locked; |
222 | |
223 | + if (fuse_is_bad(dir)) |
224 | + return ERR_PTR(-EIO); |
225 | + |
226 | locked = fuse_lock_inode(dir); |
227 | err = fuse_lookup_name(dir->i_sb, get_node_id(dir), &entry->d_name, |
228 | &outarg, &inode); |
229 | @@ -529,6 +532,9 @@ static int fuse_atomic_open(struct inode *dir, struct dentry *entry, |
230 | struct fuse_conn *fc = get_fuse_conn(dir); |
231 | struct dentry *res = NULL; |
232 | |
233 | + if (fuse_is_bad(dir)) |
234 | + return -EIO; |
235 | + |
236 | if (d_in_lookup(entry)) { |
237 | res = fuse_lookup(dir, entry, 0); |
238 | if (IS_ERR(res)) |
239 | @@ -577,6 +583,9 @@ static int create_new_entry(struct fuse_conn *fc, struct fuse_args *args, |
240 | int err; |
241 | struct fuse_forget_link *forget; |
242 | |
243 | + if (fuse_is_bad(dir)) |
244 | + return -EIO; |
245 | + |
246 | forget = fuse_alloc_forget(); |
247 | if (!forget) |
248 | return -ENOMEM; |
249 | @@ -704,6 +713,9 @@ static int fuse_unlink(struct inode *dir, struct dentry *entry) |
250 | struct fuse_conn *fc = get_fuse_conn(dir); |
251 | FUSE_ARGS(args); |
252 | |
253 | + if (fuse_is_bad(dir)) |
254 | + return -EIO; |
255 | + |
256 | args.opcode = FUSE_UNLINK; |
257 | args.nodeid = get_node_id(dir); |
258 | args.in_numargs = 1; |
259 | @@ -740,6 +752,9 @@ static int fuse_rmdir(struct inode *dir, struct dentry *entry) |
260 | struct fuse_conn *fc = get_fuse_conn(dir); |
261 | FUSE_ARGS(args); |
262 | |
263 | + if (fuse_is_bad(dir)) |
264 | + return -EIO; |
265 | + |
266 | args.opcode = FUSE_RMDIR; |
267 | args.nodeid = get_node_id(dir); |
268 | args.in_numargs = 1; |
269 | @@ -818,6 +833,9 @@ static int fuse_rename2(struct inode *olddir, struct dentry *oldent, |
270 | struct fuse_conn *fc = get_fuse_conn(olddir); |
271 | int err; |
272 | |
273 | + if (fuse_is_bad(olddir)) |
274 | + return -EIO; |
275 | + |
276 | if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE)) |
277 | return -EINVAL; |
278 | |
279 | @@ -953,7 +971,7 @@ static int fuse_do_getattr(struct inode *inode, struct kstat *stat, |
280 | if (!err) { |
281 | if (fuse_invalid_attr(&outarg.attr) || |
282 | (inode->i_mode ^ outarg.attr.mode) & S_IFMT) { |
283 | - make_bad_inode(inode); |
284 | + fuse_make_bad(inode); |
285 | err = -EIO; |
286 | } else { |
287 | fuse_change_attributes(inode, &outarg.attr, |
288 | @@ -1155,6 +1173,9 @@ static int fuse_permission(struct inode *inode, int mask) |
289 | bool refreshed = false; |
290 | int err = 0; |
291 | |
292 | + if (fuse_is_bad(inode)) |
293 | + return -EIO; |
294 | + |
295 | if (!fuse_allow_current_process(fc)) |
296 | return -EACCES; |
297 | |
298 | @@ -1250,7 +1271,7 @@ static const char *fuse_get_link(struct dentry *dentry, struct inode *inode, |
299 | int err; |
300 | |
301 | err = -EIO; |
302 | - if (is_bad_inode(inode)) |
303 | + if (fuse_is_bad(inode)) |
304 | goto out_err; |
305 | |
306 | if (fc->cache_symlinks) |
307 | @@ -1298,7 +1319,7 @@ static int fuse_dir_fsync(struct file *file, loff_t start, loff_t end, |
308 | struct fuse_conn *fc = get_fuse_conn(inode); |
309 | int err; |
310 | |
311 | - if (is_bad_inode(inode)) |
312 | + if (fuse_is_bad(inode)) |
313 | return -EIO; |
314 | |
315 | if (fc->no_fsyncdir) |
316 | @@ -1575,7 +1596,7 @@ int fuse_do_setattr(struct dentry *dentry, struct iattr *attr, |
317 | |
318 | if (fuse_invalid_attr(&outarg.attr) || |
319 | (inode->i_mode ^ outarg.attr.mode) & S_IFMT) { |
320 | - make_bad_inode(inode); |
321 | + fuse_make_bad(inode); |
322 | err = -EIO; |
323 | goto error; |
324 | } |
325 | @@ -1631,6 +1652,9 @@ static int fuse_setattr(struct dentry *entry, struct iattr *attr) |
326 | struct file *file = (attr->ia_valid & ATTR_FILE) ? attr->ia_file : NULL; |
327 | int ret; |
328 | |
329 | + if (fuse_is_bad(inode)) |
330 | + return -EIO; |
331 | + |
332 | if (!fuse_allow_current_process(get_fuse_conn(inode))) |
333 | return -EACCES; |
334 | |
335 | @@ -1689,6 +1713,9 @@ static int fuse_getattr(const struct path *path, struct kstat *stat, |
336 | struct inode *inode = d_inode(path->dentry); |
337 | struct fuse_conn *fc = get_fuse_conn(inode); |
338 | |
339 | + if (fuse_is_bad(inode)) |
340 | + return -EIO; |
341 | + |
342 | if (!fuse_allow_current_process(fc)) |
343 | return -EACCES; |
344 | |
345 | diff --git a/fs/fuse/file.c b/fs/fuse/file.c |
346 | index ab4fc1255aca8..1e1aef1bc20b3 100644 |
347 | --- a/fs/fuse/file.c |
348 | +++ b/fs/fuse/file.c |
349 | @@ -222,6 +222,9 @@ int fuse_open_common(struct inode *inode, struct file *file, bool isdir) |
350 | fc->atomic_o_trunc && |
351 | fc->writeback_cache; |
352 | |
353 | + if (fuse_is_bad(inode)) |
354 | + return -EIO; |
355 | + |
356 | err = generic_file_open(inode, file); |
357 | if (err) |
358 | return err; |
359 | @@ -443,7 +446,7 @@ static int fuse_flush(struct file *file, fl_owner_t id) |
360 | FUSE_ARGS(args); |
361 | int err; |
362 | |
363 | - if (is_bad_inode(inode)) |
364 | + if (fuse_is_bad(inode)) |
365 | return -EIO; |
366 | |
367 | if (fc->no_flush) |
368 | @@ -506,7 +509,7 @@ static int fuse_fsync(struct file *file, loff_t start, loff_t end, |
369 | struct fuse_conn *fc = get_fuse_conn(inode); |
370 | int err; |
371 | |
372 | - if (is_bad_inode(inode)) |
373 | + if (fuse_is_bad(inode)) |
374 | return -EIO; |
375 | |
376 | inode_lock(inode); |
377 | @@ -830,7 +833,7 @@ static int fuse_readpage(struct file *file, struct page *page) |
378 | int err; |
379 | |
380 | err = -EIO; |
381 | - if (is_bad_inode(inode)) |
382 | + if (fuse_is_bad(inode)) |
383 | goto out; |
384 | |
385 | err = fuse_do_readpage(file, page); |
386 | @@ -973,7 +976,7 @@ static int fuse_readpages(struct file *file, struct address_space *mapping, |
387 | int err; |
388 | |
389 | err = -EIO; |
390 | - if (is_bad_inode(inode)) |
391 | + if (fuse_is_bad(inode)) |
392 | goto out; |
393 | |
394 | data.file = file; |
395 | @@ -1569,7 +1572,7 @@ static ssize_t fuse_file_read_iter(struct kiocb *iocb, struct iov_iter *to) |
396 | struct file *file = iocb->ki_filp; |
397 | struct fuse_file *ff = file->private_data; |
398 | |
399 | - if (is_bad_inode(file_inode(file))) |
400 | + if (fuse_is_bad(file_inode(file))) |
401 | return -EIO; |
402 | |
403 | if (!(ff->open_flags & FOPEN_DIRECT_IO)) |
404 | @@ -1583,7 +1586,7 @@ static ssize_t fuse_file_write_iter(struct kiocb *iocb, struct iov_iter *from) |
405 | struct file *file = iocb->ki_filp; |
406 | struct fuse_file *ff = file->private_data; |
407 | |
408 | - if (is_bad_inode(file_inode(file))) |
409 | + if (fuse_is_bad(file_inode(file))) |
410 | return -EIO; |
411 | |
412 | if (!(ff->open_flags & FOPEN_DIRECT_IO)) |
413 | @@ -2133,7 +2136,7 @@ static int fuse_writepages(struct address_space *mapping, |
414 | int err; |
415 | |
416 | err = -EIO; |
417 | - if (is_bad_inode(inode)) |
418 | + if (fuse_is_bad(inode)) |
419 | goto out; |
420 | |
421 | data.inode = inode; |
422 | @@ -2911,7 +2914,7 @@ long fuse_ioctl_common(struct file *file, unsigned int cmd, |
423 | if (!fuse_allow_current_process(fc)) |
424 | return -EACCES; |
425 | |
426 | - if (is_bad_inode(inode)) |
427 | + if (fuse_is_bad(inode)) |
428 | return -EIO; |
429 | |
430 | return fuse_do_ioctl(file, cmd, arg, flags); |
431 | diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h |
432 | index d7cde216fc871..e3688312e9f1b 100644 |
433 | --- a/fs/fuse/fuse_i.h |
434 | +++ b/fs/fuse/fuse_i.h |
435 | @@ -158,6 +158,8 @@ enum { |
436 | FUSE_I_INIT_RDPLUS, |
437 | /** An operation changing file size is in progress */ |
438 | FUSE_I_SIZE_UNSTABLE, |
439 | + /* Bad inode */ |
440 | + FUSE_I_BAD, |
441 | }; |
442 | |
443 | struct fuse_conn; |
444 | @@ -787,6 +789,16 @@ static inline u64 fuse_get_attr_version(struct fuse_conn *fc) |
445 | return atomic64_read(&fc->attr_version); |
446 | } |
447 | |
448 | +static inline void fuse_make_bad(struct inode *inode) |
449 | +{ |
450 | + set_bit(FUSE_I_BAD, &get_fuse_inode(inode)->state); |
451 | +} |
452 | + |
453 | +static inline bool fuse_is_bad(struct inode *inode) |
454 | +{ |
455 | + return unlikely(test_bit(FUSE_I_BAD, &get_fuse_inode(inode)->state)); |
456 | +} |
457 | + |
458 | /** Device operations */ |
459 | extern const struct file_operations fuse_dev_operations; |
460 | |
461 | diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c |
462 | index f58ab84b09fb3..aa1d5cf1bc3a4 100644 |
463 | --- a/fs/fuse/inode.c |
464 | +++ b/fs/fuse/inode.c |
465 | @@ -115,7 +115,7 @@ static void fuse_evict_inode(struct inode *inode) |
466 | fuse_queue_forget(fc, fi->forget, fi->nodeid, fi->nlookup); |
467 | fi->forget = NULL; |
468 | } |
469 | - if (S_ISREG(inode->i_mode) && !is_bad_inode(inode)) { |
470 | + if (S_ISREG(inode->i_mode) && !fuse_is_bad(inode)) { |
471 | WARN_ON(!list_empty(&fi->write_files)); |
472 | WARN_ON(!list_empty(&fi->queued_writes)); |
473 | } |
474 | @@ -306,7 +306,7 @@ struct inode *fuse_iget(struct super_block *sb, u64 nodeid, |
475 | unlock_new_inode(inode); |
476 | } else if ((inode->i_mode ^ attr->mode) & S_IFMT) { |
477 | /* Inode has changed type, any I/O on the old should fail */ |
478 | - make_bad_inode(inode); |
479 | + fuse_make_bad(inode); |
480 | iput(inode); |
481 | goto retry; |
482 | } |
483 | diff --git a/fs/fuse/readdir.c b/fs/fuse/readdir.c |
484 | index 6a40f75a0d25e..70f685b61e3a5 100644 |
485 | --- a/fs/fuse/readdir.c |
486 | +++ b/fs/fuse/readdir.c |
487 | @@ -207,7 +207,7 @@ retry: |
488 | dput(dentry); |
489 | goto retry; |
490 | } |
491 | - if (is_bad_inode(inode)) { |
492 | + if (fuse_is_bad(inode)) { |
493 | dput(dentry); |
494 | return -EIO; |
495 | } |
496 | @@ -568,7 +568,7 @@ int fuse_readdir(struct file *file, struct dir_context *ctx) |
497 | struct inode *inode = file_inode(file); |
498 | int err; |
499 | |
500 | - if (is_bad_inode(inode)) |
501 | + if (fuse_is_bad(inode)) |
502 | return -EIO; |
503 | |
504 | mutex_lock(&ff->readdir.lock); |
505 | diff --git a/fs/fuse/xattr.c b/fs/fuse/xattr.c |
506 | index 20d052e08b3be..28fed52957707 100644 |
507 | --- a/fs/fuse/xattr.c |
508 | +++ b/fs/fuse/xattr.c |
509 | @@ -113,6 +113,9 @@ ssize_t fuse_listxattr(struct dentry *entry, char *list, size_t size) |
510 | struct fuse_getxattr_out outarg; |
511 | ssize_t ret; |
512 | |
513 | + if (fuse_is_bad(inode)) |
514 | + return -EIO; |
515 | + |
516 | if (!fuse_allow_current_process(fc)) |
517 | return -EACCES; |
518 | |
519 | @@ -178,6 +181,9 @@ static int fuse_xattr_get(const struct xattr_handler *handler, |
520 | struct dentry *dentry, struct inode *inode, |
521 | const char *name, void *value, size_t size) |
522 | { |
523 | + if (fuse_is_bad(inode)) |
524 | + return -EIO; |
525 | + |
526 | return fuse_getxattr(inode, name, value, size); |
527 | } |
528 | |
529 | @@ -186,6 +192,9 @@ static int fuse_xattr_set(const struct xattr_handler *handler, |
530 | const char *name, const void *value, size_t size, |
531 | int flags) |
532 | { |
533 | + if (fuse_is_bad(inode)) |
534 | + return -EIO; |
535 | + |
536 | if (!value) |
537 | return fuse_removexattr(inode, name); |
538 | |
539 | diff --git a/fs/proc/base.c b/fs/proc/base.c |
540 | index b690074e65ffa..653c2d8aa1cd7 100644 |
541 | --- a/fs/proc/base.c |
542 | +++ b/fs/proc/base.c |
543 | @@ -403,11 +403,11 @@ print0: |
544 | |
545 | static int lock_trace(struct task_struct *task) |
546 | { |
547 | - int err = mutex_lock_killable(&task->signal->exec_update_mutex); |
548 | + int err = down_read_killable(&task->signal->exec_update_lock); |
549 | if (err) |
550 | return err; |
551 | if (!ptrace_may_access(task, PTRACE_MODE_ATTACH_FSCREDS)) { |
552 | - mutex_unlock(&task->signal->exec_update_mutex); |
553 | + up_read(&task->signal->exec_update_lock); |
554 | return -EPERM; |
555 | } |
556 | return 0; |
557 | @@ -415,7 +415,7 @@ static int lock_trace(struct task_struct *task) |
558 | |
559 | static void unlock_trace(struct task_struct *task) |
560 | { |
561 | - mutex_unlock(&task->signal->exec_update_mutex); |
562 | + up_read(&task->signal->exec_update_lock); |
563 | } |
564 | |
565 | #ifdef CONFIG_STACKTRACE |
566 | @@ -2769,7 +2769,7 @@ static int do_io_accounting(struct task_struct *task, struct seq_file *m, int wh |
567 | unsigned long flags; |
568 | int result; |
569 | |
570 | - result = mutex_lock_killable(&task->signal->exec_update_mutex); |
571 | + result = down_read_killable(&task->signal->exec_update_lock); |
572 | if (result) |
573 | return result; |
574 | |
575 | @@ -2805,7 +2805,7 @@ static int do_io_accounting(struct task_struct *task, struct seq_file *m, int wh |
576 | result = 0; |
577 | |
578 | out_unlock: |
579 | - mutex_unlock(&task->signal->exec_update_mutex); |
580 | + up_read(&task->signal->exec_update_lock); |
581 | return result; |
582 | } |
583 | |
584 | diff --git a/include/linux/kdev_t.h b/include/linux/kdev_t.h |
585 | index 85b5151911cfd..4856706fbfeb4 100644 |
586 | --- a/include/linux/kdev_t.h |
587 | +++ b/include/linux/kdev_t.h |
588 | @@ -21,61 +21,61 @@ |
589 | }) |
590 | |
591 | /* acceptable for old filesystems */ |
592 | -static inline bool old_valid_dev(dev_t dev) |
593 | +static __always_inline bool old_valid_dev(dev_t dev) |
594 | { |
595 | return MAJOR(dev) < 256 && MINOR(dev) < 256; |
596 | } |
597 | |
598 | -static inline u16 old_encode_dev(dev_t dev) |
599 | +static __always_inline u16 old_encode_dev(dev_t dev) |
600 | { |
601 | return (MAJOR(dev) << 8) | MINOR(dev); |
602 | } |
603 | |
604 | -static inline dev_t old_decode_dev(u16 val) |
605 | +static __always_inline dev_t old_decode_dev(u16 val) |
606 | { |
607 | return MKDEV((val >> 8) & 255, val & 255); |
608 | } |
609 | |
610 | -static inline u32 new_encode_dev(dev_t dev) |
611 | +static __always_inline u32 new_encode_dev(dev_t dev) |
612 | { |
613 | unsigned major = MAJOR(dev); |
614 | unsigned minor = MINOR(dev); |
615 | return (minor & 0xff) | (major << 8) | ((minor & ~0xff) << 12); |
616 | } |
617 | |
618 | -static inline dev_t new_decode_dev(u32 dev) |
619 | +static __always_inline dev_t new_decode_dev(u32 dev) |
620 | { |
621 | unsigned major = (dev & 0xfff00) >> 8; |
622 | unsigned minor = (dev & 0xff) | ((dev >> 12) & 0xfff00); |
623 | return MKDEV(major, minor); |
624 | } |
625 | |
626 | -static inline u64 huge_encode_dev(dev_t dev) |
627 | +static __always_inline u64 huge_encode_dev(dev_t dev) |
628 | { |
629 | return new_encode_dev(dev); |
630 | } |
631 | |
632 | -static inline dev_t huge_decode_dev(u64 dev) |
633 | +static __always_inline dev_t huge_decode_dev(u64 dev) |
634 | { |
635 | return new_decode_dev(dev); |
636 | } |
637 | |
638 | -static inline int sysv_valid_dev(dev_t dev) |
639 | +static __always_inline int sysv_valid_dev(dev_t dev) |
640 | { |
641 | return MAJOR(dev) < (1<<14) && MINOR(dev) < (1<<18); |
642 | } |
643 | |
644 | -static inline u32 sysv_encode_dev(dev_t dev) |
645 | +static __always_inline u32 sysv_encode_dev(dev_t dev) |
646 | { |
647 | return MINOR(dev) | (MAJOR(dev) << 18); |
648 | } |
649 | |
650 | -static inline unsigned sysv_major(u32 dev) |
651 | +static __always_inline unsigned sysv_major(u32 dev) |
652 | { |
653 | return (dev >> 18) & 0x3fff; |
654 | } |
655 | |
656 | -static inline unsigned sysv_minor(u32 dev) |
657 | +static __always_inline unsigned sysv_minor(u32 dev) |
658 | { |
659 | return dev & 0x3ffff; |
660 | } |
661 | diff --git a/include/linux/rwsem.h b/include/linux/rwsem.h |
662 | index 00d6054687dd2..8a3606372abc8 100644 |
663 | --- a/include/linux/rwsem.h |
664 | +++ b/include/linux/rwsem.h |
665 | @@ -125,6 +125,7 @@ static inline int rwsem_is_contended(struct rw_semaphore *sem) |
666 | * lock for reading |
667 | */ |
668 | extern void down_read(struct rw_semaphore *sem); |
669 | +extern int __must_check down_read_interruptible(struct rw_semaphore *sem); |
670 | extern int __must_check down_read_killable(struct rw_semaphore *sem); |
671 | |
672 | /* |
673 | @@ -173,6 +174,7 @@ extern void downgrade_write(struct rw_semaphore *sem); |
674 | * See Documentation/locking/lockdep-design.rst for more details.) |
675 | */ |
676 | extern void down_read_nested(struct rw_semaphore *sem, int subclass); |
677 | +extern int __must_check down_read_killable_nested(struct rw_semaphore *sem, int subclass); |
678 | extern void down_write_nested(struct rw_semaphore *sem, int subclass); |
679 | extern int down_write_killable_nested(struct rw_semaphore *sem, int subclass); |
680 | extern void _down_write_nest_lock(struct rw_semaphore *sem, struct lockdep_map *nest_lock); |
681 | @@ -193,6 +195,7 @@ extern void down_read_non_owner(struct rw_semaphore *sem); |
682 | extern void up_read_non_owner(struct rw_semaphore *sem); |
683 | #else |
684 | # define down_read_nested(sem, subclass) down_read(sem) |
685 | +# define down_read_killable_nested(sem, subclass) down_read_killable(sem) |
686 | # define down_write_nest_lock(sem, nest_lock) down_write(sem) |
687 | # define down_write_nested(sem, subclass) down_write(sem) |
688 | # define down_write_killable_nested(sem, subclass) down_write_killable(sem) |
689 | diff --git a/include/linux/sched/signal.h b/include/linux/sched/signal.h |
690 | index a29df79540ce6..baf58f4cb0578 100644 |
691 | --- a/include/linux/sched/signal.h |
692 | +++ b/include/linux/sched/signal.h |
693 | @@ -226,12 +226,13 @@ struct signal_struct { |
694 | * credential calculations |
695 | * (notably. ptrace) |
696 | * Deprecated do not use in new code. |
697 | - * Use exec_update_mutex instead. |
698 | - */ |
699 | - struct mutex exec_update_mutex; /* Held while task_struct is being |
700 | - * updated during exec, and may have |
701 | - * inconsistent permissions. |
702 | + * Use exec_update_lock instead. |
703 | */ |
704 | + struct rw_semaphore exec_update_lock; /* Held while task_struct is |
705 | + * being updated during exec, |
706 | + * and may have inconsistent |
707 | + * permissions. |
708 | + */ |
709 | } __randomize_layout; |
710 | |
711 | /* |
712 | diff --git a/init/init_task.c b/init/init_task.c |
713 | index bd403ed3e4184..df7041be96fca 100644 |
714 | --- a/init/init_task.c |
715 | +++ b/init/init_task.c |
716 | @@ -26,7 +26,7 @@ static struct signal_struct init_signals = { |
717 | .multiprocess = HLIST_HEAD_INIT, |
718 | .rlim = INIT_RLIMITS, |
719 | .cred_guard_mutex = __MUTEX_INITIALIZER(init_signals.cred_guard_mutex), |
720 | - .exec_update_mutex = __MUTEX_INITIALIZER(init_signals.exec_update_mutex), |
721 | + .exec_update_lock = __RWSEM_INITIALIZER(init_signals.exec_update_lock), |
722 | #ifdef CONFIG_POSIX_TIMERS |
723 | .posix_timers = LIST_HEAD_INIT(init_signals.posix_timers), |
724 | .cputimer = { |
725 | diff --git a/kernel/events/core.c b/kernel/events/core.c |
726 | index 9f7c2da992991..2ef33e9a75910 100644 |
727 | --- a/kernel/events/core.c |
728 | +++ b/kernel/events/core.c |
729 | @@ -1254,7 +1254,7 @@ static void put_ctx(struct perf_event_context *ctx) |
730 | * function. |
731 | * |
732 | * Lock order: |
733 | - * exec_update_mutex |
734 | + * exec_update_lock |
735 | * task_struct::perf_event_mutex |
736 | * perf_event_context::mutex |
737 | * perf_event::child_mutex; |
738 | @@ -11001,24 +11001,6 @@ SYSCALL_DEFINE5(perf_event_open, |
739 | goto err_task; |
740 | } |
741 | |
742 | - if (task) { |
743 | - err = mutex_lock_interruptible(&task->signal->exec_update_mutex); |
744 | - if (err) |
745 | - goto err_task; |
746 | - |
747 | - /* |
748 | - * Reuse ptrace permission checks for now. |
749 | - * |
750 | - * We must hold exec_update_mutex across this and any potential |
751 | - * perf_install_in_context() call for this new event to |
752 | - * serialize against exec() altering our credentials (and the |
753 | - * perf_event_exit_task() that could imply). |
754 | - */ |
755 | - err = -EACCES; |
756 | - if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS)) |
757 | - goto err_cred; |
758 | - } |
759 | - |
760 | if (flags & PERF_FLAG_PID_CGROUP) |
761 | cgroup_fd = pid; |
762 | |
763 | @@ -11026,7 +11008,7 @@ SYSCALL_DEFINE5(perf_event_open, |
764 | NULL, NULL, cgroup_fd); |
765 | if (IS_ERR(event)) { |
766 | err = PTR_ERR(event); |
767 | - goto err_cred; |
768 | + goto err_task; |
769 | } |
770 | |
771 | if (is_sampling_event(event)) { |
772 | @@ -11145,6 +11127,24 @@ SYSCALL_DEFINE5(perf_event_open, |
773 | goto err_context; |
774 | } |
775 | |
776 | + if (task) { |
777 | + err = down_read_interruptible(&task->signal->exec_update_lock); |
778 | + if (err) |
779 | + goto err_file; |
780 | + |
781 | + /* |
782 | + * Preserve ptrace permission check for backwards compatibility. |
783 | + * |
784 | + * We must hold exec_update_lock across this and any potential |
785 | + * perf_install_in_context() call for this new event to |
786 | + * serialize against exec() altering our credentials (and the |
787 | + * perf_event_exit_task() that could imply). |
788 | + */ |
789 | + err = -EACCES; |
790 | + if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS)) |
791 | + goto err_cred; |
792 | + } |
793 | + |
794 | if (move_group) { |
795 | gctx = __perf_event_ctx_lock_double(group_leader, ctx); |
796 | |
797 | @@ -11298,7 +11298,7 @@ SYSCALL_DEFINE5(perf_event_open, |
798 | mutex_unlock(&ctx->mutex); |
799 | |
800 | if (task) { |
801 | - mutex_unlock(&task->signal->exec_update_mutex); |
802 | + up_read(&task->signal->exec_update_lock); |
803 | put_task_struct(task); |
804 | } |
805 | |
806 | @@ -11320,7 +11320,10 @@ err_locked: |
807 | if (move_group) |
808 | perf_event_ctx_unlock(group_leader, gctx); |
809 | mutex_unlock(&ctx->mutex); |
810 | -/* err_file: */ |
811 | +err_cred: |
812 | + if (task) |
813 | + up_read(&task->signal->exec_update_lock); |
814 | +err_file: |
815 | fput(event_file); |
816 | err_context: |
817 | perf_unpin_context(ctx); |
818 | @@ -11332,9 +11335,6 @@ err_alloc: |
819 | */ |
820 | if (!event_file) |
821 | free_event(event); |
822 | -err_cred: |
823 | - if (task) |
824 | - mutex_unlock(&task->signal->exec_update_mutex); |
825 | err_task: |
826 | if (task) |
827 | put_task_struct(task); |
828 | @@ -11639,7 +11639,7 @@ static void perf_event_exit_task_context(struct task_struct *child, int ctxn) |
829 | /* |
830 | * When a child task exits, feed back event values to parent events. |
831 | * |
832 | - * Can be called with exec_update_mutex held when called from |
833 | + * Can be called with exec_update_lock held when called from |
834 | * install_exec_creds(). |
835 | */ |
836 | void perf_event_exit_task(struct task_struct *child) |
837 | diff --git a/kernel/fork.c b/kernel/fork.c |
838 | index 419fff8eb9e55..50f37d5afb32b 100644 |
839 | --- a/kernel/fork.c |
840 | +++ b/kernel/fork.c |
841 | @@ -1221,7 +1221,7 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) |
842 | struct mm_struct *mm; |
843 | int err; |
844 | |
845 | - err = mutex_lock_killable(&task->signal->exec_update_mutex); |
846 | + err = down_read_killable(&task->signal->exec_update_lock); |
847 | if (err) |
848 | return ERR_PTR(err); |
849 | |
850 | @@ -1231,7 +1231,7 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) |
851 | mmput(mm); |
852 | mm = ERR_PTR(-EACCES); |
853 | } |
854 | - mutex_unlock(&task->signal->exec_update_mutex); |
855 | + up_read(&task->signal->exec_update_lock); |
856 | |
857 | return mm; |
858 | } |
859 | @@ -1586,7 +1586,7 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk) |
860 | sig->oom_score_adj_min = current->signal->oom_score_adj_min; |
861 | |
862 | mutex_init(&sig->cred_guard_mutex); |
863 | - mutex_init(&sig->exec_update_mutex); |
864 | + init_rwsem(&sig->exec_update_lock); |
865 | |
866 | return 0; |
867 | } |
868 | diff --git a/kernel/kcmp.c b/kernel/kcmp.c |
869 | index b3ff9288c6cc9..c0d2ad9b4705d 100644 |
870 | --- a/kernel/kcmp.c |
871 | +++ b/kernel/kcmp.c |
872 | @@ -75,25 +75,25 @@ get_file_raw_ptr(struct task_struct *task, unsigned int idx) |
873 | return file; |
874 | } |
875 | |
876 | -static void kcmp_unlock(struct mutex *m1, struct mutex *m2) |
877 | +static void kcmp_unlock(struct rw_semaphore *l1, struct rw_semaphore *l2) |
878 | { |
879 | - if (likely(m2 != m1)) |
880 | - mutex_unlock(m2); |
881 | - mutex_unlock(m1); |
882 | + if (likely(l2 != l1)) |
883 | + up_read(l2); |
884 | + up_read(l1); |
885 | } |
886 | |
887 | -static int kcmp_lock(struct mutex *m1, struct mutex *m2) |
888 | +static int kcmp_lock(struct rw_semaphore *l1, struct rw_semaphore *l2) |
889 | { |
890 | int err; |
891 | |
892 | - if (m2 > m1) |
893 | - swap(m1, m2); |
894 | + if (l2 > l1) |
895 | + swap(l1, l2); |
896 | |
897 | - err = mutex_lock_killable(m1); |
898 | - if (!err && likely(m1 != m2)) { |
899 | - err = mutex_lock_killable_nested(m2, SINGLE_DEPTH_NESTING); |
900 | + err = down_read_killable(l1); |
901 | + if (!err && likely(l1 != l2)) { |
902 | + err = down_read_killable_nested(l2, SINGLE_DEPTH_NESTING); |
903 | if (err) |
904 | - mutex_unlock(m1); |
905 | + up_read(l1); |
906 | } |
907 | |
908 | return err; |
909 | @@ -173,8 +173,8 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type, |
910 | /* |
911 | * One should have enough rights to inspect task details. |
912 | */ |
913 | - ret = kcmp_lock(&task1->signal->exec_update_mutex, |
914 | - &task2->signal->exec_update_mutex); |
915 | + ret = kcmp_lock(&task1->signal->exec_update_lock, |
916 | + &task2->signal->exec_update_lock); |
917 | if (ret) |
918 | goto err; |
919 | if (!ptrace_may_access(task1, PTRACE_MODE_READ_REALCREDS) || |
920 | @@ -229,8 +229,8 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type, |
921 | } |
922 | |
923 | err_unlock: |
924 | - kcmp_unlock(&task1->signal->exec_update_mutex, |
925 | - &task2->signal->exec_update_mutex); |
926 | + kcmp_unlock(&task1->signal->exec_update_lock, |
927 | + &task2->signal->exec_update_lock); |
928 | err: |
929 | put_task_struct(task1); |
930 | put_task_struct(task2); |
931 | diff --git a/kernel/locking/rwsem.c b/kernel/locking/rwsem.c |
932 | index baafa1dd9fcc4..5d54ff3179b80 100644 |
933 | --- a/kernel/locking/rwsem.c |
934 | +++ b/kernel/locking/rwsem.c |
935 | @@ -1348,6 +1348,18 @@ inline void __down_read(struct rw_semaphore *sem) |
936 | } |
937 | } |
938 | |
939 | +static inline int __down_read_interruptible(struct rw_semaphore *sem) |
940 | +{ |
941 | + if (!rwsem_read_trylock(sem)) { |
942 | + if (IS_ERR(rwsem_down_read_slowpath(sem, TASK_INTERRUPTIBLE))) |
943 | + return -EINTR; |
944 | + DEBUG_RWSEMS_WARN_ON(!is_rwsem_reader_owned(sem), sem); |
945 | + } else { |
946 | + rwsem_set_reader_owned(sem); |
947 | + } |
948 | + return 0; |
949 | +} |
950 | + |
951 | static inline int __down_read_killable(struct rw_semaphore *sem) |
952 | { |
953 | if (!rwsem_read_trylock(sem)) { |
954 | @@ -1498,6 +1510,20 @@ void __sched down_read(struct rw_semaphore *sem) |
955 | } |
956 | EXPORT_SYMBOL(down_read); |
957 | |
958 | +int __sched down_read_interruptible(struct rw_semaphore *sem) |
959 | +{ |
960 | + might_sleep(); |
961 | + rwsem_acquire_read(&sem->dep_map, 0, 0, _RET_IP_); |
962 | + |
963 | + if (LOCK_CONTENDED_RETURN(sem, __down_read_trylock, __down_read_interruptible)) { |
964 | + rwsem_release(&sem->dep_map, 1, _RET_IP_); |
965 | + return -EINTR; |
966 | + } |
967 | + |
968 | + return 0; |
969 | +} |
970 | +EXPORT_SYMBOL(down_read_interruptible); |
971 | + |
972 | int __sched down_read_killable(struct rw_semaphore *sem) |
973 | { |
974 | might_sleep(); |
975 | @@ -1608,6 +1634,20 @@ void down_read_nested(struct rw_semaphore *sem, int subclass) |
976 | } |
977 | EXPORT_SYMBOL(down_read_nested); |
978 | |
979 | +int down_read_killable_nested(struct rw_semaphore *sem, int subclass) |
980 | +{ |
981 | + might_sleep(); |
982 | + rwsem_acquire_read(&sem->dep_map, subclass, 0, _RET_IP_); |
983 | + |
984 | + if (LOCK_CONTENDED_RETURN(sem, __down_read_trylock, __down_read_killable)) { |
985 | + rwsem_release(&sem->dep_map, 1, _RET_IP_); |
986 | + return -EINTR; |
987 | + } |
988 | + |
989 | + return 0; |
990 | +} |
991 | +EXPORT_SYMBOL(down_read_killable_nested); |
992 | + |
993 | void _down_write_nest_lock(struct rw_semaphore *sem, struct lockdep_map *nest) |
994 | { |
995 | might_sleep(); |