Annotation of /trunk/kernel-magellan/patches-3.17/0107-3.17.8-all-fixes.patch
Parent Directory | Revision Log
Revision 2538 -
(hide annotations)
(download)
Fri Jan 30 10:05:47 2015 UTC (9 years, 7 months ago) by niro
File size: 91733 byte(s)
Fri Jan 30 10:05:47 2015 UTC (9 years, 7 months ago) by niro
File size: 91733 byte(s)
-linux-3.17.8
1 | niro | 2538 | diff --git a/Makefile b/Makefile |
2 | index 267f8936ff69..656f0b0cff53 100644 | ||
3 | --- a/Makefile | ||
4 | +++ b/Makefile | ||
5 | @@ -1,6 +1,6 @@ | ||
6 | VERSION = 3 | ||
7 | PATCHLEVEL = 17 | ||
8 | -SUBLEVEL = 7 | ||
9 | +SUBLEVEL = 8 | ||
10 | EXTRAVERSION = | ||
11 | NAME = Shuffling Zombie Juror | ||
12 | |||
13 | diff --git a/arch/arm/boot/dts/armada-370.dtsi b/arch/arm/boot/dts/armada-370.dtsi | ||
14 | index 21b588b6f6bd..77d22d82faf5 100644 | ||
15 | --- a/arch/arm/boot/dts/armada-370.dtsi | ||
16 | +++ b/arch/arm/boot/dts/armada-370.dtsi | ||
17 | @@ -106,11 +106,6 @@ | ||
18 | reg = <0x11100 0x20>; | ||
19 | }; | ||
20 | |||
21 | - system-controller@18200 { | ||
22 | - compatible = "marvell,armada-370-xp-system-controller"; | ||
23 | - reg = <0x18200 0x100>; | ||
24 | - }; | ||
25 | - | ||
26 | pinctrl { | ||
27 | compatible = "marvell,mv88f6710-pinctrl"; | ||
28 | reg = <0x18000 0x38>; | ||
29 | @@ -186,6 +181,11 @@ | ||
30 | interrupts = <91>; | ||
31 | }; | ||
32 | |||
33 | + system-controller@18200 { | ||
34 | + compatible = "marvell,armada-370-xp-system-controller"; | ||
35 | + reg = <0x18200 0x100>; | ||
36 | + }; | ||
37 | + | ||
38 | gateclk: clock-gating-control@18220 { | ||
39 | compatible = "marvell,armada-370-gating-clock"; | ||
40 | reg = <0x18220 0x4>; | ||
41 | diff --git a/arch/arm/mach-mvebu/coherency.c b/arch/arm/mach-mvebu/coherency.c | ||
42 | index 044b51185fcc..c31f4c00b1fc 100644 | ||
43 | --- a/arch/arm/mach-mvebu/coherency.c | ||
44 | +++ b/arch/arm/mach-mvebu/coherency.c | ||
45 | @@ -361,25 +361,41 @@ static int coherency_type(void) | ||
46 | { | ||
47 | struct device_node *np; | ||
48 | const struct of_device_id *match; | ||
49 | + int type; | ||
50 | |||
51 | - np = of_find_matching_node_and_match(NULL, of_coherency_table, &match); | ||
52 | - if (np) { | ||
53 | - int type = (int) match->data; | ||
54 | + /* | ||
55 | + * The coherency fabric is needed: | ||
56 | + * - For coherency between processors on Armada XP, so only | ||
57 | + * when SMP is enabled. | ||
58 | + * - For coherency between the processor and I/O devices, but | ||
59 | + * this coherency requires many pre-requisites (write | ||
60 | + * allocate cache policy, shareable pages, SMP bit set) that | ||
61 | + * are only meant in SMP situations. | ||
62 | + * | ||
63 | + * Note that this means that on Armada 370, there is currently | ||
64 | + * no way to use hardware I/O coherency, because even when | ||
65 | + * CONFIG_SMP is enabled, is_smp() returns false due to the | ||
66 | + * Armada 370 being a single-core processor. To lift this | ||
67 | + * limitation, we would have to find a way to make the cache | ||
68 | + * policy set to write-allocate (on all Armada SoCs), and to | ||
69 | + * set the shareable attribute in page tables (on all Armada | ||
70 | + * SoCs except the Armada 370). Unfortunately, such decisions | ||
71 | + * are taken very early in the kernel boot process, at a point | ||
72 | + * where we don't know yet on which SoC we are running. | ||
73 | |||
74 | - /* Armada 370/XP coherency works in both UP and SMP */ | ||
75 | - if (type == COHERENCY_FABRIC_TYPE_ARMADA_370_XP) | ||
76 | - return type; | ||
77 | + */ | ||
78 | + if (!is_smp()) | ||
79 | + return COHERENCY_FABRIC_TYPE_NONE; | ||
80 | |||
81 | - /* Armada 375 coherency works only on SMP */ | ||
82 | - else if (type == COHERENCY_FABRIC_TYPE_ARMADA_375 && is_smp()) | ||
83 | - return type; | ||
84 | + np = of_find_matching_node_and_match(NULL, of_coherency_table, &match); | ||
85 | + if (!np) | ||
86 | + return COHERENCY_FABRIC_TYPE_NONE; | ||
87 | |||
88 | - /* Armada 380 coherency works only on SMP */ | ||
89 | - else if (type == COHERENCY_FABRIC_TYPE_ARMADA_380 && is_smp()) | ||
90 | - return type; | ||
91 | - } | ||
92 | + type = (int) match->data; | ||
93 | + | ||
94 | + of_node_put(np); | ||
95 | |||
96 | - return COHERENCY_FABRIC_TYPE_NONE; | ||
97 | + return type; | ||
98 | } | ||
99 | |||
100 | int coherency_available(void) | ||
101 | diff --git a/arch/arm/mach-mvebu/coherency_ll.S b/arch/arm/mach-mvebu/coherency_ll.S | ||
102 | index f5d881b5d0f7..8b2fbc8b6bc6 100644 | ||
103 | --- a/arch/arm/mach-mvebu/coherency_ll.S | ||
104 | +++ b/arch/arm/mach-mvebu/coherency_ll.S | ||
105 | @@ -24,7 +24,10 @@ | ||
106 | #include <asm/cp15.h> | ||
107 | |||
108 | .text | ||
109 | -/* Returns the coherency base address in r1 (r0 is untouched) */ | ||
110 | +/* | ||
111 | + * Returns the coherency base address in r1 (r0 is untouched), or 0 if | ||
112 | + * the coherency fabric is not enabled. | ||
113 | + */ | ||
114 | ENTRY(ll_get_coherency_base) | ||
115 | mrc p15, 0, r1, c1, c0, 0 | ||
116 | tst r1, #CR_M @ Check MMU bit enabled | ||
117 | @@ -32,8 +35,13 @@ ENTRY(ll_get_coherency_base) | ||
118 | |||
119 | /* | ||
120 | * MMU is disabled, use the physical address of the coherency | ||
121 | - * base address. | ||
122 | + * base address. However, if the coherency fabric isn't mapped | ||
123 | + * (i.e its virtual address is zero), it means coherency is | ||
124 | + * not enabled, so we return 0. | ||
125 | */ | ||
126 | + ldr r1, =coherency_base | ||
127 | + cmp r1, #0 | ||
128 | + beq 2f | ||
129 | adr r1, 3f | ||
130 | ldr r3, [r1] | ||
131 | ldr r1, [r1, r3] | ||
132 | @@ -85,6 +93,9 @@ ENTRY(ll_add_cpu_to_smp_group) | ||
133 | */ | ||
134 | mov r0, lr | ||
135 | bl ll_get_coherency_base | ||
136 | + /* Bail out if the coherency is not enabled */ | ||
137 | + cmp r1, #0 | ||
138 | + reteq r0 | ||
139 | bl ll_get_coherency_cpumask | ||
140 | mov lr, r0 | ||
141 | add r0, r1, #ARMADA_XP_CFB_CFG_REG_OFFSET | ||
142 | @@ -107,6 +118,9 @@ ENTRY(ll_enable_coherency) | ||
143 | */ | ||
144 | mov r0, lr | ||
145 | bl ll_get_coherency_base | ||
146 | + /* Bail out if the coherency is not enabled */ | ||
147 | + cmp r1, #0 | ||
148 | + reteq r0 | ||
149 | bl ll_get_coherency_cpumask | ||
150 | mov lr, r0 | ||
151 | add r0, r1, #ARMADA_XP_CFB_CTL_REG_OFFSET | ||
152 | @@ -131,6 +145,9 @@ ENTRY(ll_disable_coherency) | ||
153 | */ | ||
154 | mov r0, lr | ||
155 | bl ll_get_coherency_base | ||
156 | + /* Bail out if the coherency is not enabled */ | ||
157 | + cmp r1, #0 | ||
158 | + reteq r0 | ||
159 | bl ll_get_coherency_cpumask | ||
160 | mov lr, r0 | ||
161 | add r0, r1, #ARMADA_XP_CFB_CTL_REG_OFFSET | ||
162 | diff --git a/arch/arm/mach-tegra/reset-handler.S b/arch/arm/mach-tegra/reset-handler.S | ||
163 | index 7b2baab0f0bd..71be4af5e975 100644 | ||
164 | --- a/arch/arm/mach-tegra/reset-handler.S | ||
165 | +++ b/arch/arm/mach-tegra/reset-handler.S | ||
166 | @@ -51,6 +51,7 @@ ENTRY(tegra_resume) | ||
167 | THUMB( it ne ) | ||
168 | bne cpu_resume @ no | ||
169 | |||
170 | + tegra_get_soc_id TEGRA_APB_MISC_BASE, r6 | ||
171 | /* Are we on Tegra20? */ | ||
172 | cmp r6, #TEGRA20 | ||
173 | beq 1f @ Yes | ||
174 | diff --git a/arch/arm64/include/asm/hwcap.h b/arch/arm64/include/asm/hwcap.h | ||
175 | index 024c46183c3c..0ad735166d9f 100644 | ||
176 | --- a/arch/arm64/include/asm/hwcap.h | ||
177 | +++ b/arch/arm64/include/asm/hwcap.h | ||
178 | @@ -30,6 +30,7 @@ | ||
179 | #define COMPAT_HWCAP_IDIVA (1 << 17) | ||
180 | #define COMPAT_HWCAP_IDIVT (1 << 18) | ||
181 | #define COMPAT_HWCAP_IDIV (COMPAT_HWCAP_IDIVA|COMPAT_HWCAP_IDIVT) | ||
182 | +#define COMPAT_HWCAP_LPAE (1 << 20) | ||
183 | #define COMPAT_HWCAP_EVTSTRM (1 << 21) | ||
184 | |||
185 | #define COMPAT_HWCAP2_AES (1 << 0) | ||
186 | diff --git a/arch/arm64/kernel/setup.c b/arch/arm64/kernel/setup.c | ||
187 | index edb146d01857..8546a060f723 100644 | ||
188 | --- a/arch/arm64/kernel/setup.c | ||
189 | +++ b/arch/arm64/kernel/setup.c | ||
190 | @@ -72,7 +72,8 @@ EXPORT_SYMBOL_GPL(elf_hwcap); | ||
191 | COMPAT_HWCAP_FAST_MULT|COMPAT_HWCAP_EDSP|\ | ||
192 | COMPAT_HWCAP_TLS|COMPAT_HWCAP_VFP|\ | ||
193 | COMPAT_HWCAP_VFPv3|COMPAT_HWCAP_VFPv4|\ | ||
194 | - COMPAT_HWCAP_NEON|COMPAT_HWCAP_IDIV) | ||
195 | + COMPAT_HWCAP_NEON|COMPAT_HWCAP_IDIV|\ | ||
196 | + COMPAT_HWCAP_LPAE) | ||
197 | unsigned int compat_elf_hwcap __read_mostly = COMPAT_ELF_HWCAP_DEFAULT; | ||
198 | unsigned int compat_elf_hwcap2 __read_mostly; | ||
199 | #endif | ||
200 | diff --git a/arch/s390/kernel/compat_linux.c b/arch/s390/kernel/compat_linux.c | ||
201 | index ca38139423ae..437e61159279 100644 | ||
202 | --- a/arch/s390/kernel/compat_linux.c | ||
203 | +++ b/arch/s390/kernel/compat_linux.c | ||
204 | @@ -249,7 +249,7 @@ COMPAT_SYSCALL_DEFINE2(s390_setgroups16, int, gidsetsize, u16 __user *, grouplis | ||
205 | struct group_info *group_info; | ||
206 | int retval; | ||
207 | |||
208 | - if (!capable(CAP_SETGID)) | ||
209 | + if (!may_setgroups()) | ||
210 | return -EPERM; | ||
211 | if ((unsigned)gidsetsize > NGROUPS_MAX) | ||
212 | return -EINVAL; | ||
213 | diff --git a/arch/x86/include/uapi/asm/ldt.h b/arch/x86/include/uapi/asm/ldt.h | ||
214 | index 46727eb37bfe..6e1aaf73852a 100644 | ||
215 | --- a/arch/x86/include/uapi/asm/ldt.h | ||
216 | +++ b/arch/x86/include/uapi/asm/ldt.h | ||
217 | @@ -28,6 +28,13 @@ struct user_desc { | ||
218 | unsigned int seg_not_present:1; | ||
219 | unsigned int useable:1; | ||
220 | #ifdef __x86_64__ | ||
221 | + /* | ||
222 | + * Because this bit is not present in 32-bit user code, user | ||
223 | + * programs can pass uninitialized values here. Therefore, in | ||
224 | + * any context in which a user_desc comes from a 32-bit program, | ||
225 | + * the kernel must act as though lm == 0, regardless of the | ||
226 | + * actual value. | ||
227 | + */ | ||
228 | unsigned int lm:1; | ||
229 | #endif | ||
230 | }; | ||
231 | diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c | ||
232 | index 3dd8e2c4d74a..07de51f66deb 100644 | ||
233 | --- a/arch/x86/kernel/kvm.c | ||
234 | +++ b/arch/x86/kernel/kvm.c | ||
235 | @@ -282,7 +282,14 @@ NOKPROBE_SYMBOL(do_async_page_fault); | ||
236 | static void __init paravirt_ops_setup(void) | ||
237 | { | ||
238 | pv_info.name = "KVM"; | ||
239 | - pv_info.paravirt_enabled = 1; | ||
240 | + | ||
241 | + /* | ||
242 | + * KVM isn't paravirt in the sense of paravirt_enabled. A KVM | ||
243 | + * guest kernel works like a bare metal kernel with additional | ||
244 | + * features, and paravirt_enabled is about features that are | ||
245 | + * missing. | ||
246 | + */ | ||
247 | + pv_info.paravirt_enabled = 0; | ||
248 | |||
249 | if (kvm_para_has_feature(KVM_FEATURE_NOP_IO_DELAY)) | ||
250 | pv_cpu_ops.io_delay = kvm_io_delay; | ||
251 | diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c | ||
252 | index d9156ceecdff..a2de9bc7ac0b 100644 | ||
253 | --- a/arch/x86/kernel/kvmclock.c | ||
254 | +++ b/arch/x86/kernel/kvmclock.c | ||
255 | @@ -263,7 +263,6 @@ void __init kvmclock_init(void) | ||
256 | #endif | ||
257 | kvm_get_preset_lpj(); | ||
258 | clocksource_register_hz(&kvm_clock, NSEC_PER_SEC); | ||
259 | - pv_info.paravirt_enabled = 1; | ||
260 | pv_info.name = "KVM"; | ||
261 | |||
262 | if (kvm_para_has_feature(KVM_FEATURE_CLOCKSOURCE_STABLE_BIT)) | ||
263 | diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c | ||
264 | index ca5b02d405c3..166119618afb 100644 | ||
265 | --- a/arch/x86/kernel/process_64.c | ||
266 | +++ b/arch/x86/kernel/process_64.c | ||
267 | @@ -286,24 +286,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) | ||
268 | |||
269 | fpu = switch_fpu_prepare(prev_p, next_p, cpu); | ||
270 | |||
271 | - /* | ||
272 | - * Reload esp0, LDT and the page table pointer: | ||
273 | - */ | ||
274 | + /* Reload esp0 and ss1. */ | ||
275 | load_sp0(tss, next); | ||
276 | |||
277 | - /* | ||
278 | - * Switch DS and ES. | ||
279 | - * This won't pick up thread selector changes, but I guess that is ok. | ||
280 | - */ | ||
281 | - savesegment(es, prev->es); | ||
282 | - if (unlikely(next->es | prev->es)) | ||
283 | - loadsegment(es, next->es); | ||
284 | - | ||
285 | - savesegment(ds, prev->ds); | ||
286 | - if (unlikely(next->ds | prev->ds)) | ||
287 | - loadsegment(ds, next->ds); | ||
288 | - | ||
289 | - | ||
290 | /* We must save %fs and %gs before load_TLS() because | ||
291 | * %fs and %gs may be cleared by load_TLS(). | ||
292 | * | ||
293 | @@ -312,41 +297,101 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) | ||
294 | savesegment(fs, fsindex); | ||
295 | savesegment(gs, gsindex); | ||
296 | |||
297 | + /* | ||
298 | + * Load TLS before restoring any segments so that segment loads | ||
299 | + * reference the correct GDT entries. | ||
300 | + */ | ||
301 | load_TLS(next, cpu); | ||
302 | |||
303 | /* | ||
304 | - * Leave lazy mode, flushing any hypercalls made here. | ||
305 | - * This must be done before restoring TLS segments so | ||
306 | - * the GDT and LDT are properly updated, and must be | ||
307 | - * done before math_state_restore, so the TS bit is up | ||
308 | - * to date. | ||
309 | + * Leave lazy mode, flushing any hypercalls made here. This | ||
310 | + * must be done after loading TLS entries in the GDT but before | ||
311 | + * loading segments that might reference them, and and it must | ||
312 | + * be done before math_state_restore, so the TS bit is up to | ||
313 | + * date. | ||
314 | */ | ||
315 | arch_end_context_switch(next_p); | ||
316 | |||
317 | + /* Switch DS and ES. | ||
318 | + * | ||
319 | + * Reading them only returns the selectors, but writing them (if | ||
320 | + * nonzero) loads the full descriptor from the GDT or LDT. The | ||
321 | + * LDT for next is loaded in switch_mm, and the GDT is loaded | ||
322 | + * above. | ||
323 | + * | ||
324 | + * We therefore need to write new values to the segment | ||
325 | + * registers on every context switch unless both the new and old | ||
326 | + * values are zero. | ||
327 | + * | ||
328 | + * Note that we don't need to do anything for CS and SS, as | ||
329 | + * those are saved and restored as part of pt_regs. | ||
330 | + */ | ||
331 | + savesegment(es, prev->es); | ||
332 | + if (unlikely(next->es | prev->es)) | ||
333 | + loadsegment(es, next->es); | ||
334 | + | ||
335 | + savesegment(ds, prev->ds); | ||
336 | + if (unlikely(next->ds | prev->ds)) | ||
337 | + loadsegment(ds, next->ds); | ||
338 | + | ||
339 | /* | ||
340 | * Switch FS and GS. | ||
341 | * | ||
342 | - * Segment register != 0 always requires a reload. Also | ||
343 | - * reload when it has changed. When prev process used 64bit | ||
344 | - * base always reload to avoid an information leak. | ||
345 | + * These are even more complicated than FS and GS: they have | ||
346 | + * 64-bit bases are that controlled by arch_prctl. Those bases | ||
347 | + * only differ from the values in the GDT or LDT if the selector | ||
348 | + * is 0. | ||
349 | + * | ||
350 | + * Loading the segment register resets the hidden base part of | ||
351 | + * the register to 0 or the value from the GDT / LDT. If the | ||
352 | + * next base address zero, writing 0 to the segment register is | ||
353 | + * much faster than using wrmsr to explicitly zero the base. | ||
354 | + * | ||
355 | + * The thread_struct.fs and thread_struct.gs values are 0 | ||
356 | + * if the fs and gs bases respectively are not overridden | ||
357 | + * from the values implied by fsindex and gsindex. They | ||
358 | + * are nonzero, and store the nonzero base addresses, if | ||
359 | + * the bases are overridden. | ||
360 | + * | ||
361 | + * (fs != 0 && fsindex != 0) || (gs != 0 && gsindex != 0) should | ||
362 | + * be impossible. | ||
363 | + * | ||
364 | + * Therefore we need to reload the segment registers if either | ||
365 | + * the old or new selector is nonzero, and we need to override | ||
366 | + * the base address if next thread expects it to be overridden. | ||
367 | + * | ||
368 | + * This code is unnecessarily slow in the case where the old and | ||
369 | + * new indexes are zero and the new base is nonzero -- it will | ||
370 | + * unnecessarily write 0 to the selector before writing the new | ||
371 | + * base address. | ||
372 | + * | ||
373 | + * Note: This all depends on arch_prctl being the only way that | ||
374 | + * user code can override the segment base. Once wrfsbase and | ||
375 | + * wrgsbase are enabled, most of this code will need to change. | ||
376 | */ | ||
377 | if (unlikely(fsindex | next->fsindex | prev->fs)) { | ||
378 | loadsegment(fs, next->fsindex); | ||
379 | + | ||
380 | /* | ||
381 | - * Check if the user used a selector != 0; if yes | ||
382 | - * clear 64bit base, since overloaded base is always | ||
383 | - * mapped to the Null selector | ||
384 | + * If user code wrote a nonzero value to FS, then it also | ||
385 | + * cleared the overridden base address. | ||
386 | + * | ||
387 | + * XXX: if user code wrote 0 to FS and cleared the base | ||
388 | + * address itself, we won't notice and we'll incorrectly | ||
389 | + * restore the prior base address next time we reschdule | ||
390 | + * the process. | ||
391 | */ | ||
392 | if (fsindex) | ||
393 | prev->fs = 0; | ||
394 | } | ||
395 | - /* when next process has a 64bit base use it */ | ||
396 | if (next->fs) | ||
397 | wrmsrl(MSR_FS_BASE, next->fs); | ||
398 | prev->fsindex = fsindex; | ||
399 | |||
400 | if (unlikely(gsindex | next->gsindex | prev->gs)) { | ||
401 | load_gs_index(next->gsindex); | ||
402 | + | ||
403 | + /* This works (and fails) the same way as fsindex above. */ | ||
404 | if (gsindex) | ||
405 | prev->gs = 0; | ||
406 | } | ||
407 | diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c | ||
408 | index f7fec09e3e3a..4e942f31b1a7 100644 | ||
409 | --- a/arch/x86/kernel/tls.c | ||
410 | +++ b/arch/x86/kernel/tls.c | ||
411 | @@ -27,6 +27,37 @@ static int get_free_idx(void) | ||
412 | return -ESRCH; | ||
413 | } | ||
414 | |||
415 | +static bool tls_desc_okay(const struct user_desc *info) | ||
416 | +{ | ||
417 | + if (LDT_empty(info)) | ||
418 | + return true; | ||
419 | + | ||
420 | + /* | ||
421 | + * espfix is required for 16-bit data segments, but espfix | ||
422 | + * only works for LDT segments. | ||
423 | + */ | ||
424 | + if (!info->seg_32bit) | ||
425 | + return false; | ||
426 | + | ||
427 | + /* Only allow data segments in the TLS array. */ | ||
428 | + if (info->contents > 1) | ||
429 | + return false; | ||
430 | + | ||
431 | + /* | ||
432 | + * Non-present segments with DPL 3 present an interesting attack | ||
433 | + * surface. The kernel should handle such segments correctly, | ||
434 | + * but TLS is very difficult to protect in a sandbox, so prevent | ||
435 | + * such segments from being created. | ||
436 | + * | ||
437 | + * If userspace needs to remove a TLS entry, it can still delete | ||
438 | + * it outright. | ||
439 | + */ | ||
440 | + if (info->seg_not_present) | ||
441 | + return false; | ||
442 | + | ||
443 | + return true; | ||
444 | +} | ||
445 | + | ||
446 | static void set_tls_desc(struct task_struct *p, int idx, | ||
447 | const struct user_desc *info, int n) | ||
448 | { | ||
449 | @@ -66,6 +97,9 @@ int do_set_thread_area(struct task_struct *p, int idx, | ||
450 | if (copy_from_user(&info, u_info, sizeof(info))) | ||
451 | return -EFAULT; | ||
452 | |||
453 | + if (!tls_desc_okay(&info)) | ||
454 | + return -EINVAL; | ||
455 | + | ||
456 | if (idx == -1) | ||
457 | idx = info.entry_number; | ||
458 | |||
459 | @@ -192,6 +226,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset, | ||
460 | { | ||
461 | struct user_desc infobuf[GDT_ENTRY_TLS_ENTRIES]; | ||
462 | const struct user_desc *info; | ||
463 | + int i; | ||
464 | |||
465 | if (pos >= GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) || | ||
466 | (pos % sizeof(struct user_desc)) != 0 || | ||
467 | @@ -205,6 +240,10 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset, | ||
468 | else | ||
469 | info = infobuf; | ||
470 | |||
471 | + for (i = 0; i < count / sizeof(struct user_desc); i++) | ||
472 | + if (!tls_desc_okay(info + i)) | ||
473 | + return -EINVAL; | ||
474 | + | ||
475 | set_tls_desc(target, | ||
476 | GDT_ENTRY_TLS_MIN + (pos / sizeof(struct user_desc)), | ||
477 | info, count / sizeof(struct user_desc)); | ||
478 | diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c | ||
479 | index de801f22128a..07ab8e9733c5 100644 | ||
480 | --- a/arch/x86/kernel/traps.c | ||
481 | +++ b/arch/x86/kernel/traps.c | ||
482 | @@ -387,7 +387,7 @@ NOKPROBE_SYMBOL(do_int3); | ||
483 | * for scheduling or signal handling. The actual stack switch is done in | ||
484 | * entry.S | ||
485 | */ | ||
486 | -asmlinkage __visible struct pt_regs *sync_regs(struct pt_regs *eregs) | ||
487 | +asmlinkage __visible notrace struct pt_regs *sync_regs(struct pt_regs *eregs) | ||
488 | { | ||
489 | struct pt_regs *regs = eregs; | ||
490 | /* Did already sync */ | ||
491 | @@ -413,7 +413,7 @@ struct bad_iret_stack { | ||
492 | struct pt_regs regs; | ||
493 | }; | ||
494 | |||
495 | -asmlinkage __visible | ||
496 | +asmlinkage __visible notrace | ||
497 | struct bad_iret_stack *fixup_bad_iret(struct bad_iret_stack *s) | ||
498 | { | ||
499 | /* | ||
500 | @@ -436,6 +436,7 @@ struct bad_iret_stack *fixup_bad_iret(struct bad_iret_stack *s) | ||
501 | BUG_ON(!user_mode_vm(&new_stack->regs)); | ||
502 | return new_stack; | ||
503 | } | ||
504 | +NOKPROBE_SYMBOL(fixup_bad_iret); | ||
505 | #endif | ||
506 | |||
507 | /* | ||
508 | diff --git a/crypto/af_alg.c b/crypto/af_alg.c | ||
509 | index 6a3ad8011585..1de4beeb25f8 100644 | ||
510 | --- a/crypto/af_alg.c | ||
511 | +++ b/crypto/af_alg.c | ||
512 | @@ -449,6 +449,9 @@ void af_alg_complete(struct crypto_async_request *req, int err) | ||
513 | { | ||
514 | struct af_alg_completion *completion = req->data; | ||
515 | |||
516 | + if (err == -EINPROGRESS) | ||
517 | + return; | ||
518 | + | ||
519 | completion->err = err; | ||
520 | complete(&completion->completion); | ||
521 | } | ||
522 | diff --git a/drivers/gpu/drm/tegra/gem.c b/drivers/gpu/drm/tegra/gem.c | ||
523 | index ce023fa3e8ae..ab9a4539a446 100644 | ||
524 | --- a/drivers/gpu/drm/tegra/gem.c | ||
525 | +++ b/drivers/gpu/drm/tegra/gem.c | ||
526 | @@ -259,16 +259,12 @@ void tegra_bo_free_object(struct drm_gem_object *gem) | ||
527 | int tegra_bo_dumb_create(struct drm_file *file, struct drm_device *drm, | ||
528 | struct drm_mode_create_dumb *args) | ||
529 | { | ||
530 | - int min_pitch = DIV_ROUND_UP(args->width * args->bpp, 8); | ||
531 | + unsigned int min_pitch = DIV_ROUND_UP(args->width * args->bpp, 8); | ||
532 | struct tegra_drm *tegra = drm->dev_private; | ||
533 | struct tegra_bo *bo; | ||
534 | |||
535 | - min_pitch = round_up(min_pitch, tegra->pitch_align); | ||
536 | - if (args->pitch < min_pitch) | ||
537 | - args->pitch = min_pitch; | ||
538 | - | ||
539 | - if (args->size < args->pitch * args->height) | ||
540 | - args->size = args->pitch * args->height; | ||
541 | + args->pitch = round_up(min_pitch, tegra->pitch_align); | ||
542 | + args->size = args->pitch * args->height; | ||
543 | |||
544 | bo = tegra_bo_create_with_handle(file, drm, args->size, 0, | ||
545 | &args->handle); | ||
546 | diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c | ||
547 | index 67f8b31e2054..da3604e73e8a 100644 | ||
548 | --- a/drivers/md/bitmap.c | ||
549 | +++ b/drivers/md/bitmap.c | ||
550 | @@ -879,7 +879,6 @@ void bitmap_unplug(struct bitmap *bitmap) | ||
551 | { | ||
552 | unsigned long i; | ||
553 | int dirty, need_write; | ||
554 | - int wait = 0; | ||
555 | |||
556 | if (!bitmap || !bitmap->storage.filemap || | ||
557 | test_bit(BITMAP_STALE, &bitmap->flags)) | ||
558 | @@ -897,16 +896,13 @@ void bitmap_unplug(struct bitmap *bitmap) | ||
559 | clear_page_attr(bitmap, i, BITMAP_PAGE_PENDING); | ||
560 | write_page(bitmap, bitmap->storage.filemap[i], 0); | ||
561 | } | ||
562 | - if (dirty) | ||
563 | - wait = 1; | ||
564 | - } | ||
565 | - if (wait) { /* if any writes were performed, we need to wait on them */ | ||
566 | - if (bitmap->storage.file) | ||
567 | - wait_event(bitmap->write_wait, | ||
568 | - atomic_read(&bitmap->pending_writes)==0); | ||
569 | - else | ||
570 | - md_super_wait(bitmap->mddev); | ||
571 | } | ||
572 | + if (bitmap->storage.file) | ||
573 | + wait_event(bitmap->write_wait, | ||
574 | + atomic_read(&bitmap->pending_writes)==0); | ||
575 | + else | ||
576 | + md_super_wait(bitmap->mddev); | ||
577 | + | ||
578 | if (test_bit(BITMAP_WRITE_ERROR, &bitmap->flags)) | ||
579 | bitmap_file_kick(bitmap); | ||
580 | } | ||
581 | diff --git a/drivers/md/dm-bufio.c b/drivers/md/dm-bufio.c | ||
582 | index 0be200b6dbf2..b1dc0717a19c 100644 | ||
583 | --- a/drivers/md/dm-bufio.c | ||
584 | +++ b/drivers/md/dm-bufio.c | ||
585 | @@ -532,6 +532,19 @@ static void use_dmio(struct dm_buffer *b, int rw, sector_t block, | ||
586 | end_io(&b->bio, r); | ||
587 | } | ||
588 | |||
589 | +static void inline_endio(struct bio *bio, int error) | ||
590 | +{ | ||
591 | + bio_end_io_t *end_fn = bio->bi_private; | ||
592 | + | ||
593 | + /* | ||
594 | + * Reset the bio to free any attached resources | ||
595 | + * (e.g. bio integrity profiles). | ||
596 | + */ | ||
597 | + bio_reset(bio); | ||
598 | + | ||
599 | + end_fn(bio, error); | ||
600 | +} | ||
601 | + | ||
602 | static void use_inline_bio(struct dm_buffer *b, int rw, sector_t block, | ||
603 | bio_end_io_t *end_io) | ||
604 | { | ||
605 | @@ -543,7 +556,12 @@ static void use_inline_bio(struct dm_buffer *b, int rw, sector_t block, | ||
606 | b->bio.bi_max_vecs = DM_BUFIO_INLINE_VECS; | ||
607 | b->bio.bi_iter.bi_sector = block << b->c->sectors_per_block_bits; | ||
608 | b->bio.bi_bdev = b->c->bdev; | ||
609 | - b->bio.bi_end_io = end_io; | ||
610 | + b->bio.bi_end_io = inline_endio; | ||
611 | + /* | ||
612 | + * Use of .bi_private isn't a problem here because | ||
613 | + * the dm_buffer's inline bio is local to bufio. | ||
614 | + */ | ||
615 | + b->bio.bi_private = end_io; | ||
616 | |||
617 | /* | ||
618 | * We assume that if len >= PAGE_SIZE ptr is page-aligned. | ||
619 | diff --git a/drivers/md/dm-cache-target.c b/drivers/md/dm-cache-target.c | ||
620 | index 7130505c2425..da496cfb458d 100644 | ||
621 | --- a/drivers/md/dm-cache-target.c | ||
622 | +++ b/drivers/md/dm-cache-target.c | ||
623 | @@ -951,10 +951,14 @@ static void migration_success_post_commit(struct dm_cache_migration *mg) | ||
624 | } | ||
625 | |||
626 | } else { | ||
627 | - clear_dirty(cache, mg->new_oblock, mg->cblock); | ||
628 | - if (mg->requeue_holder) | ||
629 | + if (mg->requeue_holder) { | ||
630 | + clear_dirty(cache, mg->new_oblock, mg->cblock); | ||
631 | cell_defer(cache, mg->new_ocell, true); | ||
632 | - else { | ||
633 | + } else { | ||
634 | + /* | ||
635 | + * The block was promoted via an overwrite, so it's dirty. | ||
636 | + */ | ||
637 | + set_dirty(cache, mg->new_oblock, mg->cblock); | ||
638 | bio_endio(mg->new_ocell->holder, 0); | ||
639 | cell_defer(cache, mg->new_ocell, false); | ||
640 | } | ||
641 | @@ -1070,7 +1074,8 @@ static void issue_copy(struct dm_cache_migration *mg) | ||
642 | |||
643 | avoid = is_discarded_oblock(cache, mg->new_oblock); | ||
644 | |||
645 | - if (!avoid && bio_writes_complete_block(cache, bio)) { | ||
646 | + if (writeback_mode(&cache->features) && | ||
647 | + !avoid && bio_writes_complete_block(cache, bio)) { | ||
648 | issue_overwrite(mg, bio); | ||
649 | return; | ||
650 | } | ||
651 | @@ -2549,11 +2554,11 @@ static int __cache_map(struct cache *cache, struct bio *bio, struct dm_bio_priso | ||
652 | static int cache_map(struct dm_target *ti, struct bio *bio) | ||
653 | { | ||
654 | int r; | ||
655 | - struct dm_bio_prison_cell *cell; | ||
656 | + struct dm_bio_prison_cell *cell = NULL; | ||
657 | struct cache *cache = ti->private; | ||
658 | |||
659 | r = __cache_map(cache, bio, &cell); | ||
660 | - if (r == DM_MAPIO_REMAPPED) { | ||
661 | + if (r == DM_MAPIO_REMAPPED && cell) { | ||
662 | inc_ds(cache, bio, cell); | ||
663 | cell_defer(cache, cell, false); | ||
664 | } | ||
665 | diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c | ||
666 | index cd15e0801228..ce11a90a33c3 100644 | ||
667 | --- a/drivers/md/dm-crypt.c | ||
668 | +++ b/drivers/md/dm-crypt.c | ||
669 | @@ -711,7 +711,7 @@ static int crypt_iv_tcw_whitening(struct crypt_config *cc, | ||
670 | for (i = 0; i < ((1 << SECTOR_SHIFT) / 8); i++) | ||
671 | crypto_xor(data + i * 8, buf, 8); | ||
672 | out: | ||
673 | - memset(buf, 0, sizeof(buf)); | ||
674 | + memzero_explicit(buf, sizeof(buf)); | ||
675 | return r; | ||
676 | } | ||
677 | |||
678 | diff --git a/drivers/md/dm-thin.c b/drivers/md/dm-thin.c | ||
679 | index 0f86d802b533..aae19133cfac 100644 | ||
680 | --- a/drivers/md/dm-thin.c | ||
681 | +++ b/drivers/md/dm-thin.c | ||
682 | @@ -990,6 +990,24 @@ static void schedule_external_copy(struct thin_c *tc, dm_block_t virt_block, | ||
683 | schedule_zero(tc, virt_block, data_dest, cell, bio); | ||
684 | } | ||
685 | |||
686 | +static void set_pool_mode(struct pool *pool, enum pool_mode new_mode); | ||
687 | + | ||
688 | +static void check_for_space(struct pool *pool) | ||
689 | +{ | ||
690 | + int r; | ||
691 | + dm_block_t nr_free; | ||
692 | + | ||
693 | + if (get_pool_mode(pool) != PM_OUT_OF_DATA_SPACE) | ||
694 | + return; | ||
695 | + | ||
696 | + r = dm_pool_get_free_block_count(pool->pmd, &nr_free); | ||
697 | + if (r) | ||
698 | + return; | ||
699 | + | ||
700 | + if (nr_free) | ||
701 | + set_pool_mode(pool, PM_WRITE); | ||
702 | +} | ||
703 | + | ||
704 | /* | ||
705 | * A non-zero return indicates read_only or fail_io mode. | ||
706 | * Many callers don't care about the return value. | ||
707 | @@ -1004,6 +1022,8 @@ static int commit(struct pool *pool) | ||
708 | r = dm_pool_commit_metadata(pool->pmd); | ||
709 | if (r) | ||
710 | metadata_operation_failed(pool, "dm_pool_commit_metadata", r); | ||
711 | + else | ||
712 | + check_for_space(pool); | ||
713 | |||
714 | return r; | ||
715 | } | ||
716 | @@ -1022,8 +1042,6 @@ static void check_low_water_mark(struct pool *pool, dm_block_t free_blocks) | ||
717 | } | ||
718 | } | ||
719 | |||
720 | -static void set_pool_mode(struct pool *pool, enum pool_mode new_mode); | ||
721 | - | ||
722 | static int alloc_data_block(struct thin_c *tc, dm_block_t *result) | ||
723 | { | ||
724 | int r; | ||
725 | @@ -1824,7 +1842,7 @@ static void set_pool_mode(struct pool *pool, enum pool_mode new_mode) | ||
726 | pool->process_bio = process_bio_read_only; | ||
727 | pool->process_discard = process_discard; | ||
728 | pool->process_prepared_mapping = process_prepared_mapping; | ||
729 | - pool->process_prepared_discard = process_prepared_discard_passdown; | ||
730 | + pool->process_prepared_discard = process_prepared_discard; | ||
731 | |||
732 | if (!pool->pf.error_if_no_space && no_space_timeout) | ||
733 | queue_delayed_work(pool->wq, &pool->no_space_timeout, no_space_timeout); | ||
734 | @@ -3248,14 +3266,14 @@ static void thin_dtr(struct dm_target *ti) | ||
735 | struct thin_c *tc = ti->private; | ||
736 | unsigned long flags; | ||
737 | |||
738 | - thin_put(tc); | ||
739 | - wait_for_completion(&tc->can_destroy); | ||
740 | - | ||
741 | spin_lock_irqsave(&tc->pool->lock, flags); | ||
742 | list_del_rcu(&tc->list); | ||
743 | spin_unlock_irqrestore(&tc->pool->lock, flags); | ||
744 | synchronize_rcu(); | ||
745 | |||
746 | + thin_put(tc); | ||
747 | + wait_for_completion(&tc->can_destroy); | ||
748 | + | ||
749 | mutex_lock(&dm_thin_pool_table.mutex); | ||
750 | |||
751 | __pool_dec(tc->pool); | ||
752 | diff --git a/drivers/md/persistent-data/dm-space-map-metadata.c b/drivers/md/persistent-data/dm-space-map-metadata.c | ||
753 | index 786b689bdfc7..f4e22bcc7fb8 100644 | ||
754 | --- a/drivers/md/persistent-data/dm-space-map-metadata.c | ||
755 | +++ b/drivers/md/persistent-data/dm-space-map-metadata.c | ||
756 | @@ -564,7 +564,9 @@ static int sm_bootstrap_get_nr_blocks(struct dm_space_map *sm, dm_block_t *count | ||
757 | { | ||
758 | struct sm_metadata *smm = container_of(sm, struct sm_metadata, sm); | ||
759 | |||
760 | - return smm->ll.nr_blocks; | ||
761 | + *count = smm->ll.nr_blocks; | ||
762 | + | ||
763 | + return 0; | ||
764 | } | ||
765 | |||
766 | static int sm_bootstrap_get_nr_free(struct dm_space_map *sm, dm_block_t *count) | ||
767 | diff --git a/drivers/mfd/tc6393xb.c b/drivers/mfd/tc6393xb.c | ||
768 | index 11c19e538551..48579e5ef02c 100644 | ||
769 | --- a/drivers/mfd/tc6393xb.c | ||
770 | +++ b/drivers/mfd/tc6393xb.c | ||
771 | @@ -263,6 +263,17 @@ static int tc6393xb_ohci_disable(struct platform_device *dev) | ||
772 | return 0; | ||
773 | } | ||
774 | |||
775 | +static int tc6393xb_ohci_suspend(struct platform_device *dev) | ||
776 | +{ | ||
777 | + struct tc6393xb_platform_data *tcpd = dev_get_platdata(dev->dev.parent); | ||
778 | + | ||
779 | + /* We can't properly store/restore OHCI state, so fail here */ | ||
780 | + if (tcpd->resume_restore) | ||
781 | + return -EBUSY; | ||
782 | + | ||
783 | + return tc6393xb_ohci_disable(dev); | ||
784 | +} | ||
785 | + | ||
786 | static int tc6393xb_fb_enable(struct platform_device *dev) | ||
787 | { | ||
788 | struct tc6393xb *tc6393xb = dev_get_drvdata(dev->dev.parent); | ||
789 | @@ -403,7 +414,7 @@ static struct mfd_cell tc6393xb_cells[] = { | ||
790 | .num_resources = ARRAY_SIZE(tc6393xb_ohci_resources), | ||
791 | .resources = tc6393xb_ohci_resources, | ||
792 | .enable = tc6393xb_ohci_enable, | ||
793 | - .suspend = tc6393xb_ohci_disable, | ||
794 | + .suspend = tc6393xb_ohci_suspend, | ||
795 | .resume = tc6393xb_ohci_enable, | ||
796 | .disable = tc6393xb_ohci_disable, | ||
797 | }, | ||
798 | diff --git a/drivers/mfd/twl4030-power.c b/drivers/mfd/twl4030-power.c | ||
799 | index 542f1a8247f5..33a35fbd48c9 100644 | ||
800 | --- a/drivers/mfd/twl4030-power.c | ||
801 | +++ b/drivers/mfd/twl4030-power.c | ||
802 | @@ -828,6 +828,9 @@ static struct twl4030_power_data osc_off_idle = { | ||
803 | |||
804 | static struct of_device_id twl4030_power_of_match[] = { | ||
805 | { | ||
806 | + .compatible = "ti,twl4030-power", | ||
807 | + }, | ||
808 | + { | ||
809 | .compatible = "ti,twl4030-power-reset", | ||
810 | .data = &omap3_reset, | ||
811 | }, | ||
812 | diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c | ||
813 | index ede41f05c392..dad364b09952 100644 | ||
814 | --- a/drivers/mmc/card/block.c | ||
815 | +++ b/drivers/mmc/card/block.c | ||
816 | @@ -260,7 +260,7 @@ static ssize_t force_ro_show(struct device *dev, struct device_attribute *attr, | ||
817 | int ret; | ||
818 | struct mmc_blk_data *md = mmc_blk_get(dev_to_disk(dev)); | ||
819 | |||
820 | - ret = snprintf(buf, PAGE_SIZE, "%d", | ||
821 | + ret = snprintf(buf, PAGE_SIZE, "%d\n", | ||
822 | get_disk_ro(dev_to_disk(dev)) ^ | ||
823 | md->read_only); | ||
824 | mmc_blk_put(md); | ||
825 | diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c | ||
826 | index 8f216edbdf08..fd0b3fc56244 100644 | ||
827 | --- a/drivers/mmc/host/dw_mmc.c | ||
828 | +++ b/drivers/mmc/host/dw_mmc.c | ||
829 | @@ -624,6 +624,13 @@ static void dw_mci_ctrl_rd_thld(struct dw_mci *host, struct mmc_data *data) | ||
830 | |||
831 | WARN_ON(!(data->flags & MMC_DATA_READ)); | ||
832 | |||
833 | + /* | ||
834 | + * CDTHRCTL doesn't exist prior to 240A (in fact that register offset is | ||
835 | + * in the FIFO region, so we really shouldn't access it). | ||
836 | + */ | ||
837 | + if (host->verid < DW_MMC_240A) | ||
838 | + return; | ||
839 | + | ||
840 | if (host->timing != MMC_TIMING_MMC_HS200 && | ||
841 | host->timing != MMC_TIMING_UHS_SDR104) | ||
842 | goto disable; | ||
843 | diff --git a/drivers/mmc/host/omap_hsmmc.c b/drivers/mmc/host/omap_hsmmc.c | ||
844 | index 965672663ef0..c20ad02f8729 100644 | ||
845 | --- a/drivers/mmc/host/omap_hsmmc.c | ||
846 | +++ b/drivers/mmc/host/omap_hsmmc.c | ||
847 | @@ -609,6 +609,7 @@ static void omap_hsmmc_set_clock(struct omap_hsmmc_host *host) | ||
848 | */ | ||
849 | if ((mmc_slot(host).features & HSMMC_HAS_HSPE_SUPPORT) && | ||
850 | (ios->timing != MMC_TIMING_MMC_DDR52) && | ||
851 | + (ios->timing != MMC_TIMING_UHS_DDR50) && | ||
852 | ((OMAP_HSMMC_READ(host->base, CAPA) & HSS) == HSS)) { | ||
853 | regval = OMAP_HSMMC_READ(host->base, HCTL); | ||
854 | if (clkdiv && (clk_get_rate(host->fclk)/clkdiv) > 25000000) | ||
855 | @@ -628,7 +629,8 @@ static void omap_hsmmc_set_bus_width(struct omap_hsmmc_host *host) | ||
856 | u32 con; | ||
857 | |||
858 | con = OMAP_HSMMC_READ(host->base, CON); | ||
859 | - if (ios->timing == MMC_TIMING_MMC_DDR52) | ||
860 | + if (ios->timing == MMC_TIMING_MMC_DDR52 || | ||
861 | + ios->timing == MMC_TIMING_UHS_DDR50) | ||
862 | con |= DDR; /* configure in DDR mode */ | ||
863 | else | ||
864 | con &= ~DDR; | ||
865 | diff --git a/drivers/mmc/host/sdhci-pci-o2micro.c b/drivers/mmc/host/sdhci-pci-o2micro.c | ||
866 | index 5670e381b0cf..e2ec108dba0e 100644 | ||
867 | --- a/drivers/mmc/host/sdhci-pci-o2micro.c | ||
868 | +++ b/drivers/mmc/host/sdhci-pci-o2micro.c | ||
869 | @@ -127,8 +127,6 @@ void sdhci_pci_o2_fujin2_pci_init(struct sdhci_pci_chip *chip) | ||
870 | return; | ||
871 | scratch_32 &= ~((1 << 21) | (1 << 30)); | ||
872 | |||
873 | - /* Set RTD3 function disabled */ | ||
874 | - scratch_32 |= ((1 << 29) | (1 << 28)); | ||
875 | pci_write_config_dword(chip->pdev, O2_SD_FUNC_REG3, scratch_32); | ||
876 | |||
877 | /* Set L1 Entrance Timer */ | ||
878 | diff --git a/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c b/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c | ||
879 | index 8f8b9373de95..9d61ee914c48 100644 | ||
880 | --- a/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c | ||
881 | +++ b/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c | ||
882 | @@ -1282,6 +1282,7 @@ int brcmf_proto_msgbuf_attach(struct brcmf_pub *drvr) | ||
883 | } | ||
884 | INIT_WORK(&msgbuf->txflow_work, brcmf_msgbuf_txflow_worker); | ||
885 | count = BITS_TO_LONGS(if_msgbuf->nrof_flowrings); | ||
886 | + count = count * sizeof(unsigned long); | ||
887 | msgbuf->flow_map = kzalloc(count, GFP_ATOMIC); | ||
888 | if (!msgbuf->flow_map) | ||
889 | goto fail; | ||
890 | diff --git a/drivers/regulator/anatop-regulator.c b/drivers/regulator/anatop-regulator.c | ||
891 | index 4f730af70e7c..30e8d7ad5813 100644 | ||
892 | --- a/drivers/regulator/anatop-regulator.c | ||
893 | +++ b/drivers/regulator/anatop-regulator.c | ||
894 | @@ -283,6 +283,14 @@ static int anatop_regulator_probe(struct platform_device *pdev) | ||
895 | sreg->sel = 0; | ||
896 | sreg->bypass = true; | ||
897 | } | ||
898 | + | ||
899 | + /* | ||
900 | + * In case vddpu was disabled by the bootloader, we need to set | ||
901 | + * a sane default until imx6-cpufreq was probed and changes the | ||
902 | + * voltage to the correct value. In this case we set 1.25V. | ||
903 | + */ | ||
904 | + if (!sreg->sel && !strcmp(sreg->name, "vddpu")) | ||
905 | + sreg->sel = 22; | ||
906 | } else { | ||
907 | rdesc->ops = &anatop_rops; | ||
908 | } | ||
909 | diff --git a/drivers/scsi/NCR5380.c b/drivers/scsi/NCR5380.c | ||
910 | index 45da3c823322..ab1c09eaa5b8 100644 | ||
911 | --- a/drivers/scsi/NCR5380.c | ||
912 | +++ b/drivers/scsi/NCR5380.c | ||
913 | @@ -2647,14 +2647,14 @@ static void NCR5380_dma_complete(NCR5380_instance * instance) { | ||
914 | * | ||
915 | * Purpose : abort a command | ||
916 | * | ||
917 | - * Inputs : cmd - the Scsi_Cmnd to abort, code - code to set the | ||
918 | - * host byte of the result field to, if zero DID_ABORTED is | ||
919 | + * Inputs : cmd - the Scsi_Cmnd to abort, code - code to set the | ||
920 | + * host byte of the result field to, if zero DID_ABORTED is | ||
921 | * used. | ||
922 | * | ||
923 | - * Returns : 0 - success, -1 on failure. | ||
924 | + * Returns : SUCCESS - success, FAILED on failure. | ||
925 | * | ||
926 | - * XXX - there is no way to abort the command that is currently | ||
927 | - * connected, you have to wait for it to complete. If this is | ||
928 | + * XXX - there is no way to abort the command that is currently | ||
929 | + * connected, you have to wait for it to complete. If this is | ||
930 | * a problem, we could implement longjmp() / setjmp(), setjmp() | ||
931 | * called where the loop started in NCR5380_main(). | ||
932 | * | ||
933 | @@ -2704,7 +2704,7 @@ static int NCR5380_abort(Scsi_Cmnd * cmd) { | ||
934 | * aborted flag and get back into our main loop. | ||
935 | */ | ||
936 | |||
937 | - return 0; | ||
938 | + return SUCCESS; | ||
939 | } | ||
940 | #endif | ||
941 | |||
942 | diff --git a/drivers/scsi/aha1740.c b/drivers/scsi/aha1740.c | ||
943 | index 5f3101797c93..31ace4bef8fe 100644 | ||
944 | --- a/drivers/scsi/aha1740.c | ||
945 | +++ b/drivers/scsi/aha1740.c | ||
946 | @@ -531,7 +531,7 @@ static int aha1740_eh_abort_handler (Scsi_Cmnd *dummy) | ||
947 | * quiet as possible... | ||
948 | */ | ||
949 | |||
950 | - return 0; | ||
951 | + return SUCCESS; | ||
952 | } | ||
953 | |||
954 | static struct scsi_host_template aha1740_template = { | ||
955 | diff --git a/drivers/scsi/atari_NCR5380.c b/drivers/scsi/atari_NCR5380.c | ||
956 | index 79e6f045c2a9..e3bbc0a0f9f1 100644 | ||
957 | --- a/drivers/scsi/atari_NCR5380.c | ||
958 | +++ b/drivers/scsi/atari_NCR5380.c | ||
959 | @@ -2607,7 +2607,7 @@ static void NCR5380_reselect(struct Scsi_Host *instance) | ||
960 | * host byte of the result field to, if zero DID_ABORTED is | ||
961 | * used. | ||
962 | * | ||
963 | - * Returns : 0 - success, -1 on failure. | ||
964 | + * Returns : SUCCESS - success, FAILED on failure. | ||
965 | * | ||
966 | * XXX - there is no way to abort the command that is currently | ||
967 | * connected, you have to wait for it to complete. If this is | ||
968 | diff --git a/drivers/scsi/esas2r/esas2r_main.c b/drivers/scsi/esas2r/esas2r_main.c | ||
969 | index 6504a195c874..45aa684f8b74 100644 | ||
970 | --- a/drivers/scsi/esas2r/esas2r_main.c | ||
971 | +++ b/drivers/scsi/esas2r/esas2r_main.c | ||
972 | @@ -1057,7 +1057,7 @@ int esas2r_eh_abort(struct scsi_cmnd *cmd) | ||
973 | |||
974 | cmd->scsi_done(cmd); | ||
975 | |||
976 | - return 0; | ||
977 | + return SUCCESS; | ||
978 | } | ||
979 | |||
980 | spin_lock_irqsave(&a->queue_lock, flags); | ||
981 | diff --git a/drivers/scsi/megaraid.c b/drivers/scsi/megaraid.c | ||
982 | index ac5d94cfd52f..2485255f3414 100644 | ||
983 | --- a/drivers/scsi/megaraid.c | ||
984 | +++ b/drivers/scsi/megaraid.c | ||
985 | @@ -1945,7 +1945,7 @@ megaraid_abort_and_reset(adapter_t *adapter, Scsi_Cmnd *cmd, int aor) | ||
986 | cmd->device->id, (u32)cmd->device->lun); | ||
987 | |||
988 | if(list_empty(&adapter->pending_list)) | ||
989 | - return FALSE; | ||
990 | + return FAILED; | ||
991 | |||
992 | list_for_each_safe(pos, next, &adapter->pending_list) { | ||
993 | |||
994 | @@ -1968,7 +1968,7 @@ megaraid_abort_and_reset(adapter_t *adapter, Scsi_Cmnd *cmd, int aor) | ||
995 | (aor==SCB_ABORT) ? "ABORTING":"RESET", | ||
996 | scb->idx); | ||
997 | |||
998 | - return FALSE; | ||
999 | + return FAILED; | ||
1000 | } | ||
1001 | else { | ||
1002 | |||
1003 | @@ -1993,12 +1993,12 @@ megaraid_abort_and_reset(adapter_t *adapter, Scsi_Cmnd *cmd, int aor) | ||
1004 | list_add_tail(SCSI_LIST(cmd), | ||
1005 | &adapter->completed_list); | ||
1006 | |||
1007 | - return TRUE; | ||
1008 | + return SUCCESS; | ||
1009 | } | ||
1010 | } | ||
1011 | } | ||
1012 | |||
1013 | - return FALSE; | ||
1014 | + return FAILED; | ||
1015 | } | ||
1016 | |||
1017 | static inline int | ||
1018 | diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c | ||
1019 | index 22a04e37b70a..373ebd3f1e3c 100644 | ||
1020 | --- a/drivers/scsi/megaraid/megaraid_sas_base.c | ||
1021 | +++ b/drivers/scsi/megaraid/megaraid_sas_base.c | ||
1022 | @@ -980,7 +980,7 @@ megasas_issue_blocked_abort_cmd(struct megasas_instance *instance, | ||
1023 | cpu_to_le32(upper_32_bits(cmd_to_abort->frame_phys_addr)); | ||
1024 | |||
1025 | cmd->sync_cmd = 1; | ||
1026 | - cmd->cmd_status = 0xFF; | ||
1027 | + cmd->cmd_status = ENODATA; | ||
1028 | |||
1029 | instance->instancet->issue_dcmd(instance, cmd); | ||
1030 | |||
1031 | diff --git a/drivers/scsi/sun3_NCR5380.c b/drivers/scsi/sun3_NCR5380.c | ||
1032 | index 1a2367a1b1f2..6d248a299bc4 100644 | ||
1033 | --- a/drivers/scsi/sun3_NCR5380.c | ||
1034 | +++ b/drivers/scsi/sun3_NCR5380.c | ||
1035 | @@ -2590,15 +2590,15 @@ static void NCR5380_reselect (struct Scsi_Host *instance) | ||
1036 | * Purpose : abort a command | ||
1037 | * | ||
1038 | * Inputs : cmd - the struct scsi_cmnd to abort, code - code to set the | ||
1039 | - * host byte of the result field to, if zero DID_ABORTED is | ||
1040 | + * host byte of the result field to, if zero DID_ABORTED is | ||
1041 | * used. | ||
1042 | * | ||
1043 | - * Returns : 0 - success, -1 on failure. | ||
1044 | + * Returns : SUCCESS - success, FAILED on failure. | ||
1045 | * | ||
1046 | - * XXX - there is no way to abort the command that is currently | ||
1047 | - * connected, you have to wait for it to complete. If this is | ||
1048 | + * XXX - there is no way to abort the command that is currently | ||
1049 | + * connected, you have to wait for it to complete. If this is | ||
1050 | * a problem, we could implement longjmp() / setjmp(), setjmp() | ||
1051 | - * called where the loop started in NCR5380_main(). | ||
1052 | + * called where the loop started in NCR5380_main(). | ||
1053 | */ | ||
1054 | |||
1055 | static int NCR5380_abort(struct scsi_cmnd *cmd) | ||
1056 | diff --git a/drivers/thermal/thermal_core.c b/drivers/thermal/thermal_core.c | ||
1057 | index 71b0ec0c370d..284733e1fb6f 100644 | ||
1058 | --- a/drivers/thermal/thermal_core.c | ||
1059 | +++ b/drivers/thermal/thermal_core.c | ||
1060 | @@ -1824,10 +1824,10 @@ static int __init thermal_init(void) | ||
1061 | |||
1062 | exit_netlink: | ||
1063 | genetlink_exit(); | ||
1064 | -unregister_governors: | ||
1065 | - thermal_unregister_governors(); | ||
1066 | unregister_class: | ||
1067 | class_unregister(&thermal_class); | ||
1068 | +unregister_governors: | ||
1069 | + thermal_unregister_governors(); | ||
1070 | error: | ||
1071 | idr_destroy(&thermal_tz_idr); | ||
1072 | idr_destroy(&thermal_cdev_idr); | ||
1073 | diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c | ||
1074 | index a1d36e62179c..040dab90a1fe 100644 | ||
1075 | --- a/fs/btrfs/disk-io.c | ||
1076 | +++ b/fs/btrfs/disk-io.c | ||
1077 | @@ -4043,12 +4043,6 @@ again: | ||
1078 | if (ret) | ||
1079 | break; | ||
1080 | |||
1081 | - /* opt_discard */ | ||
1082 | - if (btrfs_test_opt(root, DISCARD)) | ||
1083 | - ret = btrfs_error_discard_extent(root, start, | ||
1084 | - end + 1 - start, | ||
1085 | - NULL); | ||
1086 | - | ||
1087 | clear_extent_dirty(unpin, start, end, GFP_NOFS); | ||
1088 | btrfs_error_unpin_extent_range(root, start, end); | ||
1089 | cond_resched(); | ||
1090 | @@ -4066,6 +4060,25 @@ again: | ||
1091 | return 0; | ||
1092 | } | ||
1093 | |||
1094 | +static void btrfs_free_pending_ordered(struct btrfs_transaction *cur_trans, | ||
1095 | + struct btrfs_fs_info *fs_info) | ||
1096 | +{ | ||
1097 | + struct btrfs_ordered_extent *ordered; | ||
1098 | + | ||
1099 | + spin_lock(&fs_info->trans_lock); | ||
1100 | + while (!list_empty(&cur_trans->pending_ordered)) { | ||
1101 | + ordered = list_first_entry(&cur_trans->pending_ordered, | ||
1102 | + struct btrfs_ordered_extent, | ||
1103 | + trans_list); | ||
1104 | + list_del_init(&ordered->trans_list); | ||
1105 | + spin_unlock(&fs_info->trans_lock); | ||
1106 | + | ||
1107 | + btrfs_put_ordered_extent(ordered); | ||
1108 | + spin_lock(&fs_info->trans_lock); | ||
1109 | + } | ||
1110 | + spin_unlock(&fs_info->trans_lock); | ||
1111 | +} | ||
1112 | + | ||
1113 | void btrfs_cleanup_one_transaction(struct btrfs_transaction *cur_trans, | ||
1114 | struct btrfs_root *root) | ||
1115 | { | ||
1116 | @@ -4077,6 +4090,7 @@ void btrfs_cleanup_one_transaction(struct btrfs_transaction *cur_trans, | ||
1117 | cur_trans->state = TRANS_STATE_UNBLOCKED; | ||
1118 | wake_up(&root->fs_info->transaction_wait); | ||
1119 | |||
1120 | + btrfs_free_pending_ordered(cur_trans, root->fs_info); | ||
1121 | btrfs_destroy_delayed_inodes(root); | ||
1122 | btrfs_assert_delayed_root_empty(root); | ||
1123 | |||
1124 | diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c | ||
1125 | index 98042c1a48b4..96c3bffa30fc 100644 | ||
1126 | --- a/fs/btrfs/extent-tree.c | ||
1127 | +++ b/fs/btrfs/extent-tree.c | ||
1128 | @@ -4343,11 +4343,21 @@ static inline int need_do_async_reclaim(struct btrfs_space_info *space_info, | ||
1129 | } | ||
1130 | |||
1131 | static int btrfs_need_do_async_reclaim(struct btrfs_space_info *space_info, | ||
1132 | - struct btrfs_fs_info *fs_info) | ||
1133 | + struct btrfs_fs_info *fs_info, | ||
1134 | + int flush_state) | ||
1135 | { | ||
1136 | u64 used; | ||
1137 | |||
1138 | spin_lock(&space_info->lock); | ||
1139 | + /* | ||
1140 | + * We run out of space and have not got any free space via flush_space, | ||
1141 | + * so don't bother doing async reclaim. | ||
1142 | + */ | ||
1143 | + if (flush_state > COMMIT_TRANS && space_info->full) { | ||
1144 | + spin_unlock(&space_info->lock); | ||
1145 | + return 0; | ||
1146 | + } | ||
1147 | + | ||
1148 | used = space_info->bytes_used + space_info->bytes_reserved + | ||
1149 | space_info->bytes_pinned + space_info->bytes_readonly + | ||
1150 | space_info->bytes_may_use; | ||
1151 | @@ -4380,11 +4390,12 @@ static void btrfs_async_reclaim_metadata_space(struct work_struct *work) | ||
1152 | flush_space(fs_info->fs_root, space_info, to_reclaim, | ||
1153 | to_reclaim, flush_state); | ||
1154 | flush_state++; | ||
1155 | - if (!btrfs_need_do_async_reclaim(space_info, fs_info)) | ||
1156 | + if (!btrfs_need_do_async_reclaim(space_info, fs_info, | ||
1157 | + flush_state)) | ||
1158 | return; | ||
1159 | } while (flush_state <= COMMIT_TRANS); | ||
1160 | |||
1161 | - if (btrfs_need_do_async_reclaim(space_info, fs_info)) | ||
1162 | + if (btrfs_need_do_async_reclaim(space_info, fs_info, flush_state)) | ||
1163 | queue_work(system_unbound_wq, work); | ||
1164 | } | ||
1165 | |||
1166 | @@ -5704,7 +5715,8 @@ void btrfs_prepare_extent_commit(struct btrfs_trans_handle *trans, | ||
1167 | update_global_block_rsv(fs_info); | ||
1168 | } | ||
1169 | |||
1170 | -static int unpin_extent_range(struct btrfs_root *root, u64 start, u64 end) | ||
1171 | +static int unpin_extent_range(struct btrfs_root *root, u64 start, u64 end, | ||
1172 | + const bool return_free_space) | ||
1173 | { | ||
1174 | struct btrfs_fs_info *fs_info = root->fs_info; | ||
1175 | struct btrfs_block_group_cache *cache = NULL; | ||
1176 | @@ -5728,7 +5740,8 @@ static int unpin_extent_range(struct btrfs_root *root, u64 start, u64 end) | ||
1177 | |||
1178 | if (start < cache->last_byte_to_unpin) { | ||
1179 | len = min(len, cache->last_byte_to_unpin - start); | ||
1180 | - btrfs_add_free_space(cache, start, len); | ||
1181 | + if (return_free_space) | ||
1182 | + btrfs_add_free_space(cache, start, len); | ||
1183 | } | ||
1184 | |||
1185 | start += len; | ||
1186 | @@ -5792,7 +5805,7 @@ int btrfs_finish_extent_commit(struct btrfs_trans_handle *trans, | ||
1187 | end + 1 - start, NULL); | ||
1188 | |||
1189 | clear_extent_dirty(unpin, start, end, GFP_NOFS); | ||
1190 | - unpin_extent_range(root, start, end); | ||
1191 | + unpin_extent_range(root, start, end, true); | ||
1192 | cond_resched(); | ||
1193 | } | ||
1194 | |||
1195 | @@ -9476,7 +9489,7 @@ out: | ||
1196 | |||
1197 | int btrfs_error_unpin_extent_range(struct btrfs_root *root, u64 start, u64 end) | ||
1198 | { | ||
1199 | - return unpin_extent_range(root, start, end); | ||
1200 | + return unpin_extent_range(root, start, end, false); | ||
1201 | } | ||
1202 | |||
1203 | int btrfs_error_discard_extent(struct btrfs_root *root, u64 bytenr, | ||
1204 | diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c | ||
1205 | index 225302b39afb..6a98bddd8f33 100644 | ||
1206 | --- a/fs/btrfs/extent_map.c | ||
1207 | +++ b/fs/btrfs/extent_map.c | ||
1208 | @@ -287,8 +287,6 @@ int unpin_extent_cache(struct extent_map_tree *tree, u64 start, u64 len, | ||
1209 | if (!em) | ||
1210 | goto out; | ||
1211 | |||
1212 | - if (!test_bit(EXTENT_FLAG_LOGGING, &em->flags)) | ||
1213 | - list_move(&em->list, &tree->modified_extents); | ||
1214 | em->generation = gen; | ||
1215 | clear_bit(EXTENT_FLAG_PINNED, &em->flags); | ||
1216 | em->mod_start = em->start; | ||
1217 | diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c | ||
1218 | index ac734ec4cc20..269e21dd1506 100644 | ||
1219 | --- a/fs/btrfs/ordered-data.c | ||
1220 | +++ b/fs/btrfs/ordered-data.c | ||
1221 | @@ -220,6 +220,7 @@ static int __btrfs_add_ordered_extent(struct inode *inode, u64 file_offset, | ||
1222 | INIT_LIST_HEAD(&entry->work_list); | ||
1223 | init_completion(&entry->completion); | ||
1224 | INIT_LIST_HEAD(&entry->log_list); | ||
1225 | + INIT_LIST_HEAD(&entry->trans_list); | ||
1226 | |||
1227 | trace_btrfs_ordered_extent_add(inode, entry); | ||
1228 | |||
1229 | @@ -443,6 +444,8 @@ void btrfs_get_logged_extents(struct inode *inode, | ||
1230 | ordered = rb_entry(n, struct btrfs_ordered_extent, rb_node); | ||
1231 | if (!list_empty(&ordered->log_list)) | ||
1232 | continue; | ||
1233 | + if (test_bit(BTRFS_ORDERED_LOGGED, &ordered->flags)) | ||
1234 | + continue; | ||
1235 | list_add_tail(&ordered->log_list, logged_list); | ||
1236 | atomic_inc(&ordered->refs); | ||
1237 | } | ||
1238 | @@ -472,7 +475,8 @@ void btrfs_submit_logged_extents(struct list_head *logged_list, | ||
1239 | spin_unlock_irq(&log->log_extents_lock[index]); | ||
1240 | } | ||
1241 | |||
1242 | -void btrfs_wait_logged_extents(struct btrfs_root *log, u64 transid) | ||
1243 | +void btrfs_wait_logged_extents(struct btrfs_trans_handle *trans, | ||
1244 | + struct btrfs_root *log, u64 transid) | ||
1245 | { | ||
1246 | struct btrfs_ordered_extent *ordered; | ||
1247 | int index = transid % 2; | ||
1248 | @@ -497,7 +501,8 @@ void btrfs_wait_logged_extents(struct btrfs_root *log, u64 transid) | ||
1249 | wait_event(ordered->wait, test_bit(BTRFS_ORDERED_IO_DONE, | ||
1250 | &ordered->flags)); | ||
1251 | |||
1252 | - btrfs_put_ordered_extent(ordered); | ||
1253 | + if (!test_and_set_bit(BTRFS_ORDERED_LOGGED, &ordered->flags)) | ||
1254 | + list_add_tail(&ordered->trans_list, &trans->ordered); | ||
1255 | spin_lock_irq(&log->log_extents_lock[index]); | ||
1256 | } | ||
1257 | spin_unlock_irq(&log->log_extents_lock[index]); | ||
1258 | diff --git a/fs/btrfs/ordered-data.h b/fs/btrfs/ordered-data.h | ||
1259 | index d81a274d621e..0124bffc775f 100644 | ||
1260 | --- a/fs/btrfs/ordered-data.h | ||
1261 | +++ b/fs/btrfs/ordered-data.h | ||
1262 | @@ -71,6 +71,8 @@ struct btrfs_ordered_sum { | ||
1263 | ordered extent */ | ||
1264 | #define BTRFS_ORDERED_TRUNCATED 9 /* Set when we have to truncate an extent */ | ||
1265 | |||
1266 | +#define BTRFS_ORDERED_LOGGED 10 /* Set when we've waited on this ordered extent | ||
1267 | + * in the logging code. */ | ||
1268 | struct btrfs_ordered_extent { | ||
1269 | /* logical offset in the file */ | ||
1270 | u64 file_offset; | ||
1271 | @@ -121,6 +123,9 @@ struct btrfs_ordered_extent { | ||
1272 | /* If we need to wait on this to be done */ | ||
1273 | struct list_head log_list; | ||
1274 | |||
1275 | + /* If the transaction needs to wait on this ordered extent */ | ||
1276 | + struct list_head trans_list; | ||
1277 | + | ||
1278 | /* used to wait for the BTRFS_ORDERED_COMPLETE bit */ | ||
1279 | wait_queue_head_t wait; | ||
1280 | |||
1281 | @@ -197,7 +202,8 @@ void btrfs_get_logged_extents(struct inode *inode, | ||
1282 | void btrfs_put_logged_extents(struct list_head *logged_list); | ||
1283 | void btrfs_submit_logged_extents(struct list_head *logged_list, | ||
1284 | struct btrfs_root *log); | ||
1285 | -void btrfs_wait_logged_extents(struct btrfs_root *log, u64 transid); | ||
1286 | +void btrfs_wait_logged_extents(struct btrfs_trans_handle *trans, | ||
1287 | + struct btrfs_root *log, u64 transid); | ||
1288 | void btrfs_free_logged_extents(struct btrfs_root *log, u64 transid); | ||
1289 | int __init ordered_data_init(void); | ||
1290 | void ordered_data_exit(void); | ||
1291 | diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c | ||
1292 | index c4124de4435b..6daa28c6a1dc 100644 | ||
1293 | --- a/fs/btrfs/super.c | ||
1294 | +++ b/fs/btrfs/super.c | ||
1295 | @@ -1731,7 +1731,7 @@ static int btrfs_statfs(struct dentry *dentry, struct kstatfs *buf) | ||
1296 | buf->f_bfree -= block_rsv->size >> bits; | ||
1297 | spin_unlock(&block_rsv->lock); | ||
1298 | |||
1299 | - buf->f_bavail = total_free_data; | ||
1300 | + buf->f_bavail = div_u64(total_free_data, factor); | ||
1301 | ret = btrfs_calc_avail_data_space(fs_info->tree_root, &total_free_data); | ||
1302 | if (ret) { | ||
1303 | mutex_unlock(&fs_info->chunk_mutex); | ||
1304 | diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c | ||
1305 | index 98a25df1c430..6c4a9cdef79b 100644 | ||
1306 | --- a/fs/btrfs/transaction.c | ||
1307 | +++ b/fs/btrfs/transaction.c | ||
1308 | @@ -220,6 +220,7 @@ loop: | ||
1309 | INIT_LIST_HEAD(&cur_trans->pending_snapshots); | ||
1310 | INIT_LIST_HEAD(&cur_trans->pending_chunks); | ||
1311 | INIT_LIST_HEAD(&cur_trans->switch_commits); | ||
1312 | + INIT_LIST_HEAD(&cur_trans->pending_ordered); | ||
1313 | list_add_tail(&cur_trans->list, &fs_info->trans_list); | ||
1314 | extent_io_tree_init(&cur_trans->dirty_pages, | ||
1315 | fs_info->btree_inode->i_mapping); | ||
1316 | @@ -488,6 +489,7 @@ again: | ||
1317 | h->sync = false; | ||
1318 | INIT_LIST_HEAD(&h->qgroup_ref_list); | ||
1319 | INIT_LIST_HEAD(&h->new_bgs); | ||
1320 | + INIT_LIST_HEAD(&h->ordered); | ||
1321 | |||
1322 | smp_mb(); | ||
1323 | if (cur_trans->state >= TRANS_STATE_BLOCKED && | ||
1324 | @@ -719,6 +721,12 @@ static int __btrfs_end_transaction(struct btrfs_trans_handle *trans, | ||
1325 | if (!list_empty(&trans->new_bgs)) | ||
1326 | btrfs_create_pending_block_groups(trans, root); | ||
1327 | |||
1328 | + if (!list_empty(&trans->ordered)) { | ||
1329 | + spin_lock(&info->trans_lock); | ||
1330 | + list_splice(&trans->ordered, &cur_trans->pending_ordered); | ||
1331 | + spin_unlock(&info->trans_lock); | ||
1332 | + } | ||
1333 | + | ||
1334 | trans->delayed_ref_updates = 0; | ||
1335 | if (!trans->sync) { | ||
1336 | must_run_delayed_refs = | ||
1337 | @@ -1630,6 +1638,28 @@ static inline void btrfs_wait_delalloc_flush(struct btrfs_fs_info *fs_info) | ||
1338 | btrfs_wait_ordered_roots(fs_info, -1); | ||
1339 | } | ||
1340 | |||
1341 | +static inline void | ||
1342 | +btrfs_wait_pending_ordered(struct btrfs_transaction *cur_trans, | ||
1343 | + struct btrfs_fs_info *fs_info) | ||
1344 | +{ | ||
1345 | + struct btrfs_ordered_extent *ordered; | ||
1346 | + | ||
1347 | + spin_lock(&fs_info->trans_lock); | ||
1348 | + while (!list_empty(&cur_trans->pending_ordered)) { | ||
1349 | + ordered = list_first_entry(&cur_trans->pending_ordered, | ||
1350 | + struct btrfs_ordered_extent, | ||
1351 | + trans_list); | ||
1352 | + list_del_init(&ordered->trans_list); | ||
1353 | + spin_unlock(&fs_info->trans_lock); | ||
1354 | + | ||
1355 | + wait_event(ordered->wait, test_bit(BTRFS_ORDERED_COMPLETE, | ||
1356 | + &ordered->flags)); | ||
1357 | + btrfs_put_ordered_extent(ordered); | ||
1358 | + spin_lock(&fs_info->trans_lock); | ||
1359 | + } | ||
1360 | + spin_unlock(&fs_info->trans_lock); | ||
1361 | +} | ||
1362 | + | ||
1363 | int btrfs_commit_transaction(struct btrfs_trans_handle *trans, | ||
1364 | struct btrfs_root *root) | ||
1365 | { | ||
1366 | @@ -1679,6 +1709,7 @@ int btrfs_commit_transaction(struct btrfs_trans_handle *trans, | ||
1367 | } | ||
1368 | |||
1369 | spin_lock(&root->fs_info->trans_lock); | ||
1370 | + list_splice(&trans->ordered, &cur_trans->pending_ordered); | ||
1371 | if (cur_trans->state >= TRANS_STATE_COMMIT_START) { | ||
1372 | spin_unlock(&root->fs_info->trans_lock); | ||
1373 | atomic_inc(&cur_trans->use_count); | ||
1374 | @@ -1731,6 +1762,8 @@ int btrfs_commit_transaction(struct btrfs_trans_handle *trans, | ||
1375 | |||
1376 | btrfs_wait_delalloc_flush(root->fs_info); | ||
1377 | |||
1378 | + btrfs_wait_pending_ordered(cur_trans, root->fs_info); | ||
1379 | + | ||
1380 | btrfs_scrub_pause(root); | ||
1381 | /* | ||
1382 | * Ok now we need to make sure to block out any other joins while we | ||
1383 | diff --git a/fs/btrfs/transaction.h b/fs/btrfs/transaction.h | ||
1384 | index 579be51b27e5..25bd9abc60e6 100644 | ||
1385 | --- a/fs/btrfs/transaction.h | ||
1386 | +++ b/fs/btrfs/transaction.h | ||
1387 | @@ -56,6 +56,7 @@ struct btrfs_transaction { | ||
1388 | wait_queue_head_t commit_wait; | ||
1389 | struct list_head pending_snapshots; | ||
1390 | struct list_head pending_chunks; | ||
1391 | + struct list_head pending_ordered; | ||
1392 | struct list_head switch_commits; | ||
1393 | struct btrfs_delayed_ref_root delayed_refs; | ||
1394 | int aborted; | ||
1395 | @@ -105,6 +106,7 @@ struct btrfs_trans_handle { | ||
1396 | */ | ||
1397 | struct btrfs_root *root; | ||
1398 | struct seq_list delayed_ref_elem; | ||
1399 | + struct list_head ordered; | ||
1400 | struct list_head qgroup_ref_list; | ||
1401 | struct list_head new_bgs; | ||
1402 | }; | ||
1403 | diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c | ||
1404 | index 1d1ba083ca6e..86c39671d6ff 100644 | ||
1405 | --- a/fs/btrfs/tree-log.c | ||
1406 | +++ b/fs/btrfs/tree-log.c | ||
1407 | @@ -2598,9 +2598,9 @@ int btrfs_sync_log(struct btrfs_trans_handle *trans, | ||
1408 | if (atomic_read(&log_root_tree->log_commit[index2])) { | ||
1409 | blk_finish_plug(&plug); | ||
1410 | btrfs_wait_marked_extents(log, &log->dirty_log_pages, mark); | ||
1411 | + btrfs_wait_logged_extents(trans, log, log_transid); | ||
1412 | wait_log_commit(trans, log_root_tree, | ||
1413 | root_log_ctx.log_transid); | ||
1414 | - btrfs_free_logged_extents(log, log_transid); | ||
1415 | mutex_unlock(&log_root_tree->log_mutex); | ||
1416 | ret = root_log_ctx.log_ret; | ||
1417 | goto out; | ||
1418 | @@ -2643,7 +2643,7 @@ int btrfs_sync_log(struct btrfs_trans_handle *trans, | ||
1419 | btrfs_wait_marked_extents(log_root_tree, | ||
1420 | &log_root_tree->dirty_log_pages, | ||
1421 | EXTENT_NEW | EXTENT_DIRTY); | ||
1422 | - btrfs_wait_logged_extents(log, log_transid); | ||
1423 | + btrfs_wait_logged_extents(trans, log, log_transid); | ||
1424 | |||
1425 | btrfs_set_super_log_root(root->fs_info->super_for_commit, | ||
1426 | log_root_tree->node->start); | ||
1427 | @@ -3618,7 +3618,7 @@ static int log_one_extent(struct btrfs_trans_handle *trans, | ||
1428 | fi = btrfs_item_ptr(leaf, path->slots[0], | ||
1429 | struct btrfs_file_extent_item); | ||
1430 | |||
1431 | - btrfs_set_token_file_extent_generation(leaf, fi, em->generation, | ||
1432 | + btrfs_set_token_file_extent_generation(leaf, fi, trans->transid, | ||
1433 | &token); | ||
1434 | if (test_bit(EXTENT_FLAG_PREALLOC, &em->flags)) { | ||
1435 | skip_csum = true; | ||
1436 | diff --git a/fs/dcache.c b/fs/dcache.c | ||
1437 | index 34b40be8af11..47caaec45df2 100644 | ||
1438 | --- a/fs/dcache.c | ||
1439 | +++ b/fs/dcache.c | ||
1440 | @@ -2407,6 +2407,8 @@ static void switch_names(struct dentry *dentry, struct dentry *target, | ||
1441 | */ | ||
1442 | unsigned int i; | ||
1443 | BUILD_BUG_ON(!IS_ALIGNED(DNAME_INLINE_LEN, sizeof(long))); | ||
1444 | + kmemcheck_mark_initialized(dentry->d_iname, DNAME_INLINE_LEN); | ||
1445 | + kmemcheck_mark_initialized(target->d_iname, DNAME_INLINE_LEN); | ||
1446 | if (!exchange) { | ||
1447 | memcpy(dentry->d_iname, target->d_name.name, | ||
1448 | target->d_name.len + 1); | ||
1449 | diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c | ||
1450 | index 2f6735dbf1a9..31b148f3e772 100644 | ||
1451 | --- a/fs/ecryptfs/crypto.c | ||
1452 | +++ b/fs/ecryptfs/crypto.c | ||
1453 | @@ -1917,7 +1917,6 @@ ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size, | ||
1454 | break; | ||
1455 | case 2: | ||
1456 | dst[dst_byte_offset++] |= (src_byte); | ||
1457 | - dst[dst_byte_offset] = 0; | ||
1458 | current_bit_offset = 0; | ||
1459 | break; | ||
1460 | } | ||
1461 | diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c | ||
1462 | index db0fad3269c0..a06ad2f7ed80 100644 | ||
1463 | --- a/fs/ecryptfs/file.c | ||
1464 | +++ b/fs/ecryptfs/file.c | ||
1465 | @@ -190,23 +190,11 @@ static int ecryptfs_open(struct inode *inode, struct file *file) | ||
1466 | { | ||
1467 | int rc = 0; | ||
1468 | struct ecryptfs_crypt_stat *crypt_stat = NULL; | ||
1469 | - struct ecryptfs_mount_crypt_stat *mount_crypt_stat; | ||
1470 | struct dentry *ecryptfs_dentry = file->f_path.dentry; | ||
1471 | /* Private value of ecryptfs_dentry allocated in | ||
1472 | * ecryptfs_lookup() */ | ||
1473 | struct ecryptfs_file_info *file_info; | ||
1474 | |||
1475 | - mount_crypt_stat = &ecryptfs_superblock_to_private( | ||
1476 | - ecryptfs_dentry->d_sb)->mount_crypt_stat; | ||
1477 | - if ((mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) | ||
1478 | - && ((file->f_flags & O_WRONLY) || (file->f_flags & O_RDWR) | ||
1479 | - || (file->f_flags & O_CREAT) || (file->f_flags & O_TRUNC) | ||
1480 | - || (file->f_flags & O_APPEND))) { | ||
1481 | - printk(KERN_WARNING "Mount has encrypted view enabled; " | ||
1482 | - "files may only be read\n"); | ||
1483 | - rc = -EPERM; | ||
1484 | - goto out; | ||
1485 | - } | ||
1486 | /* Released in ecryptfs_release or end of function if failure */ | ||
1487 | file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL); | ||
1488 | ecryptfs_set_file_private(file, file_info); | ||
1489 | diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c | ||
1490 | index 1b119d3bf924..34eb8433d93f 100644 | ||
1491 | --- a/fs/ecryptfs/main.c | ||
1492 | +++ b/fs/ecryptfs/main.c | ||
1493 | @@ -493,6 +493,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags | ||
1494 | { | ||
1495 | struct super_block *s; | ||
1496 | struct ecryptfs_sb_info *sbi; | ||
1497 | + struct ecryptfs_mount_crypt_stat *mount_crypt_stat; | ||
1498 | struct ecryptfs_dentry_info *root_info; | ||
1499 | const char *err = "Getting sb failed"; | ||
1500 | struct inode *inode; | ||
1501 | @@ -511,6 +512,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags | ||
1502 | err = "Error parsing options"; | ||
1503 | goto out; | ||
1504 | } | ||
1505 | + mount_crypt_stat = &sbi->mount_crypt_stat; | ||
1506 | |||
1507 | s = sget(fs_type, NULL, set_anon_super, flags, NULL); | ||
1508 | if (IS_ERR(s)) { | ||
1509 | @@ -557,11 +559,19 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags | ||
1510 | |||
1511 | /** | ||
1512 | * Set the POSIX ACL flag based on whether they're enabled in the lower | ||
1513 | - * mount. Force a read-only eCryptfs mount if the lower mount is ro. | ||
1514 | - * Allow a ro eCryptfs mount even when the lower mount is rw. | ||
1515 | + * mount. | ||
1516 | */ | ||
1517 | s->s_flags = flags & ~MS_POSIXACL; | ||
1518 | - s->s_flags |= path.dentry->d_sb->s_flags & (MS_RDONLY | MS_POSIXACL); | ||
1519 | + s->s_flags |= path.dentry->d_sb->s_flags & MS_POSIXACL; | ||
1520 | + | ||
1521 | + /** | ||
1522 | + * Force a read-only eCryptfs mount when: | ||
1523 | + * 1) The lower mount is ro | ||
1524 | + * 2) The ecryptfs_encrypted_view mount option is specified | ||
1525 | + */ | ||
1526 | + if (path.dentry->d_sb->s_flags & MS_RDONLY || | ||
1527 | + mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) | ||
1528 | + s->s_flags |= MS_RDONLY; | ||
1529 | |||
1530 | s->s_maxbytes = path.dentry->d_sb->s_maxbytes; | ||
1531 | s->s_blocksize = path.dentry->d_sb->s_blocksize; | ||
1532 | diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c | ||
1533 | index 76de83e25a89..0da8365fa74e 100644 | ||
1534 | --- a/fs/f2fs/data.c | ||
1535 | +++ b/fs/f2fs/data.c | ||
1536 | @@ -1002,21 +1002,19 @@ inline_data: | ||
1537 | goto out; | ||
1538 | } | ||
1539 | |||
1540 | - if (dn.data_blkaddr == NEW_ADDR) { | ||
1541 | + if (f2fs_has_inline_data(inode)) { | ||
1542 | + err = f2fs_read_inline_data(inode, page); | ||
1543 | + if (err) { | ||
1544 | + page_cache_release(page); | ||
1545 | + goto fail; | ||
1546 | + } | ||
1547 | + } else if (dn.data_blkaddr == NEW_ADDR) { | ||
1548 | zero_user_segment(page, 0, PAGE_CACHE_SIZE); | ||
1549 | } else { | ||
1550 | - if (f2fs_has_inline_data(inode)) { | ||
1551 | - err = f2fs_read_inline_data(inode, page); | ||
1552 | - if (err) { | ||
1553 | - page_cache_release(page); | ||
1554 | - goto fail; | ||
1555 | - } | ||
1556 | - } else { | ||
1557 | - err = f2fs_submit_page_bio(sbi, page, dn.data_blkaddr, | ||
1558 | - READ_SYNC); | ||
1559 | - if (err) | ||
1560 | - goto fail; | ||
1561 | - } | ||
1562 | + err = f2fs_submit_page_bio(sbi, page, dn.data_blkaddr, | ||
1563 | + READ_SYNC); | ||
1564 | + if (err) | ||
1565 | + goto fail; | ||
1566 | |||
1567 | lock_page(page); | ||
1568 | if (unlikely(!PageUptodate(page))) { | ||
1569 | diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c | ||
1570 | index f488bbae541a..735d7522a3a9 100644 | ||
1571 | --- a/fs/isofs/rock.c | ||
1572 | +++ b/fs/isofs/rock.c | ||
1573 | @@ -30,6 +30,7 @@ struct rock_state { | ||
1574 | int cont_size; | ||
1575 | int cont_extent; | ||
1576 | int cont_offset; | ||
1577 | + int cont_loops; | ||
1578 | struct inode *inode; | ||
1579 | }; | ||
1580 | |||
1581 | @@ -73,6 +74,9 @@ static void init_rock_state(struct rock_state *rs, struct inode *inode) | ||
1582 | rs->inode = inode; | ||
1583 | } | ||
1584 | |||
1585 | +/* Maximum number of Rock Ridge continuation entries */ | ||
1586 | +#define RR_MAX_CE_ENTRIES 32 | ||
1587 | + | ||
1588 | /* | ||
1589 | * Returns 0 if the caller should continue scanning, 1 if the scan must end | ||
1590 | * and -ve on error. | ||
1591 | @@ -105,6 +109,8 @@ static int rock_continue(struct rock_state *rs) | ||
1592 | goto out; | ||
1593 | } | ||
1594 | ret = -EIO; | ||
1595 | + if (++rs->cont_loops >= RR_MAX_CE_ENTRIES) | ||
1596 | + goto out; | ||
1597 | bh = sb_bread(rs->inode->i_sb, rs->cont_extent); | ||
1598 | if (bh) { | ||
1599 | memcpy(rs->buffer, bh->b_data + rs->cont_offset, | ||
1600 | @@ -356,6 +362,9 @@ repeat: | ||
1601 | rs.cont_size = isonum_733(rr->u.CE.size); | ||
1602 | break; | ||
1603 | case SIG('E', 'R'): | ||
1604 | + /* Invalid length of ER tag id? */ | ||
1605 | + if (rr->u.ER.len_id + offsetof(struct rock_ridge, u.ER.data) > rr->len) | ||
1606 | + goto out; | ||
1607 | ISOFS_SB(inode->i_sb)->s_rock = 1; | ||
1608 | printk(KERN_DEBUG "ISO 9660 Extensions: "); | ||
1609 | { | ||
1610 | diff --git a/fs/namespace.c b/fs/namespace.c | ||
1611 | index 550dbff08677..37f4c501fbea 100644 | ||
1612 | --- a/fs/namespace.c | ||
1613 | +++ b/fs/namespace.c | ||
1614 | @@ -1286,6 +1286,8 @@ void umount_tree(struct mount *mnt, int how) | ||
1615 | } | ||
1616 | if (last) { | ||
1617 | last->mnt_hash.next = unmounted.first; | ||
1618 | + if (unmounted.first) | ||
1619 | + unmounted.first->pprev = &last->mnt_hash.next; | ||
1620 | unmounted.first = tmp_list.first; | ||
1621 | unmounted.first->pprev = &unmounted.first; | ||
1622 | } | ||
1623 | @@ -1430,6 +1432,9 @@ SYSCALL_DEFINE2(umount, char __user *, name, int, flags) | ||
1624 | goto dput_and_out; | ||
1625 | if (mnt->mnt.mnt_flags & MNT_LOCKED) | ||
1626 | goto dput_and_out; | ||
1627 | + retval = -EPERM; | ||
1628 | + if (flags & MNT_FORCE && !capable(CAP_SYS_ADMIN)) | ||
1629 | + goto dput_and_out; | ||
1630 | |||
1631 | retval = do_umount(mnt, flags); | ||
1632 | dput_and_out: | ||
1633 | @@ -1955,7 +1960,13 @@ static int do_remount(struct path *path, int flags, int mnt_flags, | ||
1634 | } | ||
1635 | if ((mnt->mnt.mnt_flags & MNT_LOCK_NODEV) && | ||
1636 | !(mnt_flags & MNT_NODEV)) { | ||
1637 | - return -EPERM; | ||
1638 | + /* Was the nodev implicitly added in mount? */ | ||
1639 | + if ((mnt->mnt_ns->user_ns != &init_user_ns) && | ||
1640 | + !(sb->s_type->fs_flags & FS_USERNS_DEV_MOUNT)) { | ||
1641 | + mnt_flags |= MNT_NODEV; | ||
1642 | + } else { | ||
1643 | + return -EPERM; | ||
1644 | + } | ||
1645 | } | ||
1646 | if ((mnt->mnt.mnt_flags & MNT_LOCK_NOSUID) && | ||
1647 | !(mnt_flags & MNT_NOSUID)) { | ||
1648 | diff --git a/fs/ncpfs/ioctl.c b/fs/ncpfs/ioctl.c | ||
1649 | index d5659d96ee7f..cf7e043a9447 100644 | ||
1650 | --- a/fs/ncpfs/ioctl.c | ||
1651 | +++ b/fs/ncpfs/ioctl.c | ||
1652 | @@ -447,7 +447,6 @@ static long __ncp_ioctl(struct inode *inode, unsigned int cmd, unsigned long arg | ||
1653 | result = -EIO; | ||
1654 | } | ||
1655 | } | ||
1656 | - result = 0; | ||
1657 | } | ||
1658 | mutex_unlock(&server->root_setup_lock); | ||
1659 | |||
1660 | diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c | ||
1661 | index d3ebdae1d9b8..338e5140c628 100644 | ||
1662 | --- a/fs/nfs/nfs4proc.c | ||
1663 | +++ b/fs/nfs/nfs4proc.c | ||
1664 | @@ -7692,6 +7692,9 @@ nfs4_proc_layoutget(struct nfs4_layoutget *lgp, gfp_t gfp_flags) | ||
1665 | |||
1666 | dprintk("--> %s\n", __func__); | ||
1667 | |||
1668 | + /* nfs4_layoutget_release calls pnfs_put_layout_hdr */ | ||
1669 | + pnfs_get_layout_hdr(NFS_I(inode)->layout); | ||
1670 | + | ||
1671 | lgp->args.layout.pages = nfs4_alloc_pages(max_pages, gfp_flags); | ||
1672 | if (!lgp->args.layout.pages) { | ||
1673 | nfs4_layoutget_release(lgp); | ||
1674 | @@ -7704,9 +7707,6 @@ nfs4_proc_layoutget(struct nfs4_layoutget *lgp, gfp_t gfp_flags) | ||
1675 | lgp->res.seq_res.sr_slot = NULL; | ||
1676 | nfs4_init_sequence(&lgp->args.seq_args, &lgp->res.seq_res, 0); | ||
1677 | |||
1678 | - /* nfs4_layoutget_release calls pnfs_put_layout_hdr */ | ||
1679 | - pnfs_get_layout_hdr(NFS_I(inode)->layout); | ||
1680 | - | ||
1681 | task = rpc_run_task(&task_setup_data); | ||
1682 | if (IS_ERR(task)) | ||
1683 | return ERR_CAST(task); | ||
1684 | diff --git a/fs/proc/base.c b/fs/proc/base.c | ||
1685 | index baf852b648ad..3ec60dee75da 100644 | ||
1686 | --- a/fs/proc/base.c | ||
1687 | +++ b/fs/proc/base.c | ||
1688 | @@ -2493,6 +2493,57 @@ static const struct file_operations proc_projid_map_operations = { | ||
1689 | .llseek = seq_lseek, | ||
1690 | .release = proc_id_map_release, | ||
1691 | }; | ||
1692 | + | ||
1693 | +static int proc_setgroups_open(struct inode *inode, struct file *file) | ||
1694 | +{ | ||
1695 | + struct user_namespace *ns = NULL; | ||
1696 | + struct task_struct *task; | ||
1697 | + int ret; | ||
1698 | + | ||
1699 | + ret = -ESRCH; | ||
1700 | + task = get_proc_task(inode); | ||
1701 | + if (task) { | ||
1702 | + rcu_read_lock(); | ||
1703 | + ns = get_user_ns(task_cred_xxx(task, user_ns)); | ||
1704 | + rcu_read_unlock(); | ||
1705 | + put_task_struct(task); | ||
1706 | + } | ||
1707 | + if (!ns) | ||
1708 | + goto err; | ||
1709 | + | ||
1710 | + if (file->f_mode & FMODE_WRITE) { | ||
1711 | + ret = -EACCES; | ||
1712 | + if (!ns_capable(ns, CAP_SYS_ADMIN)) | ||
1713 | + goto err_put_ns; | ||
1714 | + } | ||
1715 | + | ||
1716 | + ret = single_open(file, &proc_setgroups_show, ns); | ||
1717 | + if (ret) | ||
1718 | + goto err_put_ns; | ||
1719 | + | ||
1720 | + return 0; | ||
1721 | +err_put_ns: | ||
1722 | + put_user_ns(ns); | ||
1723 | +err: | ||
1724 | + return ret; | ||
1725 | +} | ||
1726 | + | ||
1727 | +static int proc_setgroups_release(struct inode *inode, struct file *file) | ||
1728 | +{ | ||
1729 | + struct seq_file *seq = file->private_data; | ||
1730 | + struct user_namespace *ns = seq->private; | ||
1731 | + int ret = single_release(inode, file); | ||
1732 | + put_user_ns(ns); | ||
1733 | + return ret; | ||
1734 | +} | ||
1735 | + | ||
1736 | +static const struct file_operations proc_setgroups_operations = { | ||
1737 | + .open = proc_setgroups_open, | ||
1738 | + .write = proc_setgroups_write, | ||
1739 | + .read = seq_read, | ||
1740 | + .llseek = seq_lseek, | ||
1741 | + .release = proc_setgroups_release, | ||
1742 | +}; | ||
1743 | #endif /* CONFIG_USER_NS */ | ||
1744 | |||
1745 | static int proc_pid_personality(struct seq_file *m, struct pid_namespace *ns, | ||
1746 | @@ -2601,6 +2652,7 @@ static const struct pid_entry tgid_base_stuff[] = { | ||
1747 | REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), | ||
1748 | REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), | ||
1749 | REG("projid_map", S_IRUGO|S_IWUSR, proc_projid_map_operations), | ||
1750 | + REG("setgroups", S_IRUGO|S_IWUSR, proc_setgroups_operations), | ||
1751 | #endif | ||
1752 | #ifdef CONFIG_CHECKPOINT_RESTORE | ||
1753 | REG("timers", S_IRUGO, proc_timers_operations), | ||
1754 | @@ -2944,6 +2996,7 @@ static const struct pid_entry tid_base_stuff[] = { | ||
1755 | REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), | ||
1756 | REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), | ||
1757 | REG("projid_map", S_IRUGO|S_IWUSR, proc_projid_map_operations), | ||
1758 | + REG("setgroups", S_IRUGO|S_IWUSR, proc_setgroups_operations), | ||
1759 | #endif | ||
1760 | }; | ||
1761 | |||
1762 | diff --git a/fs/udf/dir.c b/fs/udf/dir.c | ||
1763 | index a012c51caffd..a7690b46ce0a 100644 | ||
1764 | --- a/fs/udf/dir.c | ||
1765 | +++ b/fs/udf/dir.c | ||
1766 | @@ -167,7 +167,8 @@ static int udf_readdir(struct file *file, struct dir_context *ctx) | ||
1767 | continue; | ||
1768 | } | ||
1769 | |||
1770 | - flen = udf_get_filename(dir->i_sb, nameptr, fname, lfi); | ||
1771 | + flen = udf_get_filename(dir->i_sb, nameptr, lfi, fname, | ||
1772 | + UDF_NAME_LEN); | ||
1773 | if (!flen) | ||
1774 | continue; | ||
1775 | |||
1776 | diff --git a/fs/udf/inode.c b/fs/udf/inode.c | ||
1777 | index c9b4df5810d5..5bc71d9a674a 100644 | ||
1778 | --- a/fs/udf/inode.c | ||
1779 | +++ b/fs/udf/inode.c | ||
1780 | @@ -1489,6 +1489,20 @@ reread: | ||
1781 | } | ||
1782 | inode->i_generation = iinfo->i_unique; | ||
1783 | |||
1784 | + /* Sanity checks for files in ICB so that we don't get confused later */ | ||
1785 | + if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB) { | ||
1786 | + /* | ||
1787 | + * For file in ICB data is stored in allocation descriptor | ||
1788 | + * so sizes should match | ||
1789 | + */ | ||
1790 | + if (iinfo->i_lenAlloc != inode->i_size) | ||
1791 | + goto out; | ||
1792 | + /* File in ICB has to fit in there... */ | ||
1793 | + if (inode->i_size > inode->i_sb->s_blocksize - | ||
1794 | + udf_file_entry_alloc_offset(inode)) | ||
1795 | + goto out; | ||
1796 | + } | ||
1797 | + | ||
1798 | switch (fe->icbTag.fileType) { | ||
1799 | case ICBTAG_FILE_TYPE_DIRECTORY: | ||
1800 | inode->i_op = &udf_dir_inode_operations; | ||
1801 | diff --git a/fs/udf/namei.c b/fs/udf/namei.c | ||
1802 | index c12e260fd6c4..6ff19b54b51f 100644 | ||
1803 | --- a/fs/udf/namei.c | ||
1804 | +++ b/fs/udf/namei.c | ||
1805 | @@ -233,7 +233,8 @@ static struct fileIdentDesc *udf_find_entry(struct inode *dir, | ||
1806 | if (!lfi) | ||
1807 | continue; | ||
1808 | |||
1809 | - flen = udf_get_filename(dir->i_sb, nameptr, fname, lfi); | ||
1810 | + flen = udf_get_filename(dir->i_sb, nameptr, lfi, fname, | ||
1811 | + UDF_NAME_LEN); | ||
1812 | if (flen && udf_match(flen, fname, child->len, child->name)) | ||
1813 | goto out_ok; | ||
1814 | } | ||
1815 | diff --git a/fs/udf/symlink.c b/fs/udf/symlink.c | ||
1816 | index 6fb7945c1e6e..ac10ca939f26 100644 | ||
1817 | --- a/fs/udf/symlink.c | ||
1818 | +++ b/fs/udf/symlink.c | ||
1819 | @@ -30,49 +30,73 @@ | ||
1820 | #include <linux/buffer_head.h> | ||
1821 | #include "udf_i.h" | ||
1822 | |||
1823 | -static void udf_pc_to_char(struct super_block *sb, unsigned char *from, | ||
1824 | - int fromlen, unsigned char *to) | ||
1825 | +static int udf_pc_to_char(struct super_block *sb, unsigned char *from, | ||
1826 | + int fromlen, unsigned char *to, int tolen) | ||
1827 | { | ||
1828 | struct pathComponent *pc; | ||
1829 | int elen = 0; | ||
1830 | + int comp_len; | ||
1831 | unsigned char *p = to; | ||
1832 | |||
1833 | + /* Reserve one byte for terminating \0 */ | ||
1834 | + tolen--; | ||
1835 | while (elen < fromlen) { | ||
1836 | pc = (struct pathComponent *)(from + elen); | ||
1837 | + elen += sizeof(struct pathComponent); | ||
1838 | switch (pc->componentType) { | ||
1839 | case 1: | ||
1840 | /* | ||
1841 | * Symlink points to some place which should be agreed | ||
1842 | * upon between originator and receiver of the media. Ignore. | ||
1843 | */ | ||
1844 | - if (pc->lengthComponentIdent > 0) | ||
1845 | + if (pc->lengthComponentIdent > 0) { | ||
1846 | + elen += pc->lengthComponentIdent; | ||
1847 | break; | ||
1848 | + } | ||
1849 | /* Fall through */ | ||
1850 | case 2: | ||
1851 | + if (tolen == 0) | ||
1852 | + return -ENAMETOOLONG; | ||
1853 | p = to; | ||
1854 | *p++ = '/'; | ||
1855 | + tolen--; | ||
1856 | break; | ||
1857 | case 3: | ||
1858 | + if (tolen < 3) | ||
1859 | + return -ENAMETOOLONG; | ||
1860 | memcpy(p, "../", 3); | ||
1861 | p += 3; | ||
1862 | + tolen -= 3; | ||
1863 | break; | ||
1864 | case 4: | ||
1865 | + if (tolen < 2) | ||
1866 | + return -ENAMETOOLONG; | ||
1867 | memcpy(p, "./", 2); | ||
1868 | p += 2; | ||
1869 | + tolen -= 2; | ||
1870 | /* that would be . - just ignore */ | ||
1871 | break; | ||
1872 | case 5: | ||
1873 | - p += udf_get_filename(sb, pc->componentIdent, p, | ||
1874 | - pc->lengthComponentIdent); | ||
1875 | + elen += pc->lengthComponentIdent; | ||
1876 | + if (elen > fromlen) | ||
1877 | + return -EIO; | ||
1878 | + comp_len = udf_get_filename(sb, pc->componentIdent, | ||
1879 | + pc->lengthComponentIdent, | ||
1880 | + p, tolen); | ||
1881 | + p += comp_len; | ||
1882 | + tolen -= comp_len; | ||
1883 | + if (tolen == 0) | ||
1884 | + return -ENAMETOOLONG; | ||
1885 | *p++ = '/'; | ||
1886 | + tolen--; | ||
1887 | break; | ||
1888 | } | ||
1889 | - elen += sizeof(struct pathComponent) + pc->lengthComponentIdent; | ||
1890 | } | ||
1891 | if (p > to + 1) | ||
1892 | p[-1] = '\0'; | ||
1893 | else | ||
1894 | p[0] = '\0'; | ||
1895 | + return 0; | ||
1896 | } | ||
1897 | |||
1898 | static int udf_symlink_filler(struct file *file, struct page *page) | ||
1899 | @@ -80,11 +104,17 @@ static int udf_symlink_filler(struct file *file, struct page *page) | ||
1900 | struct inode *inode = page->mapping->host; | ||
1901 | struct buffer_head *bh = NULL; | ||
1902 | unsigned char *symlink; | ||
1903 | - int err = -EIO; | ||
1904 | + int err; | ||
1905 | unsigned char *p = kmap(page); | ||
1906 | struct udf_inode_info *iinfo; | ||
1907 | uint32_t pos; | ||
1908 | |||
1909 | + /* We don't support symlinks longer than one block */ | ||
1910 | + if (inode->i_size > inode->i_sb->s_blocksize) { | ||
1911 | + err = -ENAMETOOLONG; | ||
1912 | + goto out_unmap; | ||
1913 | + } | ||
1914 | + | ||
1915 | iinfo = UDF_I(inode); | ||
1916 | pos = udf_block_map(inode, 0); | ||
1917 | |||
1918 | @@ -94,14 +124,18 @@ static int udf_symlink_filler(struct file *file, struct page *page) | ||
1919 | } else { | ||
1920 | bh = sb_bread(inode->i_sb, pos); | ||
1921 | |||
1922 | - if (!bh) | ||
1923 | - goto out; | ||
1924 | + if (!bh) { | ||
1925 | + err = -EIO; | ||
1926 | + goto out_unlock_inode; | ||
1927 | + } | ||
1928 | |||
1929 | symlink = bh->b_data; | ||
1930 | } | ||
1931 | |||
1932 | - udf_pc_to_char(inode->i_sb, symlink, inode->i_size, p); | ||
1933 | + err = udf_pc_to_char(inode->i_sb, symlink, inode->i_size, p, PAGE_SIZE); | ||
1934 | brelse(bh); | ||
1935 | + if (err) | ||
1936 | + goto out_unlock_inode; | ||
1937 | |||
1938 | up_read(&iinfo->i_data_sem); | ||
1939 | SetPageUptodate(page); | ||
1940 | @@ -109,9 +143,10 @@ static int udf_symlink_filler(struct file *file, struct page *page) | ||
1941 | unlock_page(page); | ||
1942 | return 0; | ||
1943 | |||
1944 | -out: | ||
1945 | +out_unlock_inode: | ||
1946 | up_read(&iinfo->i_data_sem); | ||
1947 | SetPageError(page); | ||
1948 | +out_unmap: | ||
1949 | kunmap(page); | ||
1950 | unlock_page(page); | ||
1951 | return err; | ||
1952 | diff --git a/fs/udf/udfdecl.h b/fs/udf/udfdecl.h | ||
1953 | index 1cc3c993ebd0..47bb3f5ca360 100644 | ||
1954 | --- a/fs/udf/udfdecl.h | ||
1955 | +++ b/fs/udf/udfdecl.h | ||
1956 | @@ -211,7 +211,8 @@ udf_get_lb_pblock(struct super_block *sb, struct kernel_lb_addr *loc, | ||
1957 | } | ||
1958 | |||
1959 | /* unicode.c */ | ||
1960 | -extern int udf_get_filename(struct super_block *, uint8_t *, uint8_t *, int); | ||
1961 | +extern int udf_get_filename(struct super_block *, uint8_t *, int, uint8_t *, | ||
1962 | + int); | ||
1963 | extern int udf_put_filename(struct super_block *, const uint8_t *, uint8_t *, | ||
1964 | int); | ||
1965 | extern int udf_build_ustr(struct ustr *, dstring *, int); | ||
1966 | diff --git a/fs/udf/unicode.c b/fs/udf/unicode.c | ||
1967 | index afd470e588ff..b84fee372734 100644 | ||
1968 | --- a/fs/udf/unicode.c | ||
1969 | +++ b/fs/udf/unicode.c | ||
1970 | @@ -28,7 +28,8 @@ | ||
1971 | |||
1972 | #include "udf_sb.h" | ||
1973 | |||
1974 | -static int udf_translate_to_linux(uint8_t *, uint8_t *, int, uint8_t *, int); | ||
1975 | +static int udf_translate_to_linux(uint8_t *, int, uint8_t *, int, uint8_t *, | ||
1976 | + int); | ||
1977 | |||
1978 | static int udf_char_to_ustr(struct ustr *dest, const uint8_t *src, int strlen) | ||
1979 | { | ||
1980 | @@ -333,8 +334,8 @@ try_again: | ||
1981 | return u_len + 1; | ||
1982 | } | ||
1983 | |||
1984 | -int udf_get_filename(struct super_block *sb, uint8_t *sname, uint8_t *dname, | ||
1985 | - int flen) | ||
1986 | +int udf_get_filename(struct super_block *sb, uint8_t *sname, int slen, | ||
1987 | + uint8_t *dname, int dlen) | ||
1988 | { | ||
1989 | struct ustr *filename, *unifilename; | ||
1990 | int len = 0; | ||
1991 | @@ -347,7 +348,7 @@ int udf_get_filename(struct super_block *sb, uint8_t *sname, uint8_t *dname, | ||
1992 | if (!unifilename) | ||
1993 | goto out1; | ||
1994 | |||
1995 | - if (udf_build_ustr_exact(unifilename, sname, flen)) | ||
1996 | + if (udf_build_ustr_exact(unifilename, sname, slen)) | ||
1997 | goto out2; | ||
1998 | |||
1999 | if (UDF_QUERY_FLAG(sb, UDF_FLAG_UTF8)) { | ||
2000 | @@ -366,7 +367,8 @@ int udf_get_filename(struct super_block *sb, uint8_t *sname, uint8_t *dname, | ||
2001 | } else | ||
2002 | goto out2; | ||
2003 | |||
2004 | - len = udf_translate_to_linux(dname, filename->u_name, filename->u_len, | ||
2005 | + len = udf_translate_to_linux(dname, dlen, | ||
2006 | + filename->u_name, filename->u_len, | ||
2007 | unifilename->u_name, unifilename->u_len); | ||
2008 | out2: | ||
2009 | kfree(unifilename); | ||
2010 | @@ -403,10 +405,12 @@ int udf_put_filename(struct super_block *sb, const uint8_t *sname, | ||
2011 | #define EXT_MARK '.' | ||
2012 | #define CRC_MARK '#' | ||
2013 | #define EXT_SIZE 5 | ||
2014 | +/* Number of chars we need to store generated CRC to make filename unique */ | ||
2015 | +#define CRC_LEN 5 | ||
2016 | |||
2017 | -static int udf_translate_to_linux(uint8_t *newName, uint8_t *udfName, | ||
2018 | - int udfLen, uint8_t *fidName, | ||
2019 | - int fidNameLen) | ||
2020 | +static int udf_translate_to_linux(uint8_t *newName, int newLen, | ||
2021 | + uint8_t *udfName, int udfLen, | ||
2022 | + uint8_t *fidName, int fidNameLen) | ||
2023 | { | ||
2024 | int index, newIndex = 0, needsCRC = 0; | ||
2025 | int extIndex = 0, newExtIndex = 0, hasExt = 0; | ||
2026 | @@ -439,7 +443,7 @@ static int udf_translate_to_linux(uint8_t *newName, uint8_t *udfName, | ||
2027 | newExtIndex = newIndex; | ||
2028 | } | ||
2029 | } | ||
2030 | - if (newIndex < 256) | ||
2031 | + if (newIndex < newLen) | ||
2032 | newName[newIndex++] = curr; | ||
2033 | else | ||
2034 | needsCRC = 1; | ||
2035 | @@ -467,13 +471,13 @@ static int udf_translate_to_linux(uint8_t *newName, uint8_t *udfName, | ||
2036 | } | ||
2037 | ext[localExtIndex++] = curr; | ||
2038 | } | ||
2039 | - maxFilenameLen = 250 - localExtIndex; | ||
2040 | + maxFilenameLen = newLen - CRC_LEN - localExtIndex; | ||
2041 | if (newIndex > maxFilenameLen) | ||
2042 | newIndex = maxFilenameLen; | ||
2043 | else | ||
2044 | newIndex = newExtIndex; | ||
2045 | - } else if (newIndex > 250) | ||
2046 | - newIndex = 250; | ||
2047 | + } else if (newIndex > newLen - CRC_LEN) | ||
2048 | + newIndex = newLen - CRC_LEN; | ||
2049 | newName[newIndex++] = CRC_MARK; | ||
2050 | valueCRC = crc_itu_t(0, fidName, fidNameLen); | ||
2051 | newName[newIndex++] = hex_asc_upper_hi(valueCRC >> 8); | ||
2052 | diff --git a/include/linux/audit.h b/include/linux/audit.h | ||
2053 | index 22cfddb75566..1e4676e7bf63 100644 | ||
2054 | --- a/include/linux/audit.h | ||
2055 | +++ b/include/linux/audit.h | ||
2056 | @@ -47,6 +47,7 @@ struct sk_buff; | ||
2057 | |||
2058 | struct audit_krule { | ||
2059 | int vers_ops; | ||
2060 | + u32 pflags; | ||
2061 | u32 flags; | ||
2062 | u32 listnr; | ||
2063 | u32 action; | ||
2064 | @@ -64,6 +65,9 @@ struct audit_krule { | ||
2065 | u64 prio; | ||
2066 | }; | ||
2067 | |||
2068 | +/* Flag to indicate legacy AUDIT_LOGINUID unset usage */ | ||
2069 | +#define AUDIT_LOGINUID_LEGACY 0x1 | ||
2070 | + | ||
2071 | struct audit_field { | ||
2072 | u32 type; | ||
2073 | u32 val; | ||
2074 | diff --git a/include/linux/cred.h b/include/linux/cred.h | ||
2075 | index b2d0820837c4..2fb2ca2127ed 100644 | ||
2076 | --- a/include/linux/cred.h | ||
2077 | +++ b/include/linux/cred.h | ||
2078 | @@ -68,6 +68,7 @@ extern void groups_free(struct group_info *); | ||
2079 | extern int set_current_groups(struct group_info *); | ||
2080 | extern void set_groups(struct cred *, struct group_info *); | ||
2081 | extern int groups_search(const struct group_info *, kgid_t); | ||
2082 | +extern bool may_setgroups(void); | ||
2083 | |||
2084 | /* access the groups "array" with this macro */ | ||
2085 | #define GROUP_AT(gi, i) \ | ||
2086 | diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h | ||
2087 | index e95372654f09..9f3579ff543d 100644 | ||
2088 | --- a/include/linux/user_namespace.h | ||
2089 | +++ b/include/linux/user_namespace.h | ||
2090 | @@ -17,6 +17,10 @@ struct uid_gid_map { /* 64 bytes -- 1 cache line */ | ||
2091 | } extent[UID_GID_MAP_MAX_EXTENTS]; | ||
2092 | }; | ||
2093 | |||
2094 | +#define USERNS_SETGROUPS_ALLOWED 1UL | ||
2095 | + | ||
2096 | +#define USERNS_INIT_FLAGS USERNS_SETGROUPS_ALLOWED | ||
2097 | + | ||
2098 | struct user_namespace { | ||
2099 | struct uid_gid_map uid_map; | ||
2100 | struct uid_gid_map gid_map; | ||
2101 | @@ -27,6 +31,7 @@ struct user_namespace { | ||
2102 | kuid_t owner; | ||
2103 | kgid_t group; | ||
2104 | unsigned int proc_inum; | ||
2105 | + unsigned long flags; | ||
2106 | |||
2107 | /* Register of per-UID persistent keyrings for this namespace */ | ||
2108 | #ifdef CONFIG_PERSISTENT_KEYRINGS | ||
2109 | @@ -63,6 +68,9 @@ extern const struct seq_operations proc_projid_seq_operations; | ||
2110 | extern ssize_t proc_uid_map_write(struct file *, const char __user *, size_t, loff_t *); | ||
2111 | extern ssize_t proc_gid_map_write(struct file *, const char __user *, size_t, loff_t *); | ||
2112 | extern ssize_t proc_projid_map_write(struct file *, const char __user *, size_t, loff_t *); | ||
2113 | +extern ssize_t proc_setgroups_write(struct file *, const char __user *, size_t, loff_t *); | ||
2114 | +extern int proc_setgroups_show(struct seq_file *m, void *v); | ||
2115 | +extern bool userns_may_setgroups(const struct user_namespace *ns); | ||
2116 | #else | ||
2117 | |||
2118 | static inline struct user_namespace *get_user_ns(struct user_namespace *ns) | ||
2119 | @@ -87,6 +95,10 @@ static inline void put_user_ns(struct user_namespace *ns) | ||
2120 | { | ||
2121 | } | ||
2122 | |||
2123 | +static inline bool userns_may_setgroups(const struct user_namespace *ns) | ||
2124 | +{ | ||
2125 | + return true; | ||
2126 | +} | ||
2127 | #endif | ||
2128 | |||
2129 | #endif /* _LINUX_USER_H */ | ||
2130 | diff --git a/kernel/audit.c b/kernel/audit.c | ||
2131 | index 6726aa6f82be..a0918e23d647 100644 | ||
2132 | --- a/kernel/audit.c | ||
2133 | +++ b/kernel/audit.c | ||
2134 | @@ -429,7 +429,7 @@ static void kauditd_send_skb(struct sk_buff *skb) | ||
2135 | * This function doesn't consume an skb as might be expected since it has to | ||
2136 | * copy it anyways. | ||
2137 | */ | ||
2138 | -static void kauditd_send_multicast_skb(struct sk_buff *skb) | ||
2139 | +static void kauditd_send_multicast_skb(struct sk_buff *skb, gfp_t gfp_mask) | ||
2140 | { | ||
2141 | struct sk_buff *copy; | ||
2142 | struct audit_net *aunet = net_generic(&init_net, audit_net_id); | ||
2143 | @@ -448,11 +448,11 @@ static void kauditd_send_multicast_skb(struct sk_buff *skb) | ||
2144 | * no reason for new multicast clients to continue with this | ||
2145 | * non-compliance. | ||
2146 | */ | ||
2147 | - copy = skb_copy(skb, GFP_KERNEL); | ||
2148 | + copy = skb_copy(skb, gfp_mask); | ||
2149 | if (!copy) | ||
2150 | return; | ||
2151 | |||
2152 | - nlmsg_multicast(sock, copy, 0, AUDIT_NLGRP_READLOG, GFP_KERNEL); | ||
2153 | + nlmsg_multicast(sock, copy, 0, AUDIT_NLGRP_READLOG, gfp_mask); | ||
2154 | } | ||
2155 | |||
2156 | /* | ||
2157 | @@ -1959,7 +1959,7 @@ void audit_log_end(struct audit_buffer *ab) | ||
2158 | } else { | ||
2159 | struct nlmsghdr *nlh = nlmsg_hdr(ab->skb); | ||
2160 | |||
2161 | - kauditd_send_multicast_skb(ab->skb); | ||
2162 | + kauditd_send_multicast_skb(ab->skb, ab->gfp_mask); | ||
2163 | |||
2164 | /* | ||
2165 | * The original kaudit unicast socket sends up messages with | ||
2166 | diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c | ||
2167 | index c447cd9848d1..72ec3294d59f 100644 | ||
2168 | --- a/kernel/auditfilter.c | ||
2169 | +++ b/kernel/auditfilter.c | ||
2170 | @@ -431,19 +431,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, | ||
2171 | if ((f->type == AUDIT_LOGINUID) && (f->val == AUDIT_UID_UNSET)) { | ||
2172 | f->type = AUDIT_LOGINUID_SET; | ||
2173 | f->val = 0; | ||
2174 | - } | ||
2175 | - | ||
2176 | - if ((f->type == AUDIT_PID) || (f->type == AUDIT_PPID)) { | ||
2177 | - struct pid *pid; | ||
2178 | - rcu_read_lock(); | ||
2179 | - pid = find_vpid(f->val); | ||
2180 | - if (!pid) { | ||
2181 | - rcu_read_unlock(); | ||
2182 | - err = -ESRCH; | ||
2183 | - goto exit_free; | ||
2184 | - } | ||
2185 | - f->val = pid_nr(pid); | ||
2186 | - rcu_read_unlock(); | ||
2187 | + entry->rule.pflags |= AUDIT_LOGINUID_LEGACY; | ||
2188 | } | ||
2189 | |||
2190 | err = audit_field_valid(entry, f); | ||
2191 | @@ -619,6 +607,13 @@ static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule) | ||
2192 | data->buflen += data->values[i] = | ||
2193 | audit_pack_string(&bufp, krule->filterkey); | ||
2194 | break; | ||
2195 | + case AUDIT_LOGINUID_SET: | ||
2196 | + if (krule->pflags & AUDIT_LOGINUID_LEGACY && !f->val) { | ||
2197 | + data->fields[i] = AUDIT_LOGINUID; | ||
2198 | + data->values[i] = AUDIT_UID_UNSET; | ||
2199 | + break; | ||
2200 | + } | ||
2201 | + /* fallthrough if set */ | ||
2202 | default: | ||
2203 | data->values[i] = f->val; | ||
2204 | } | ||
2205 | @@ -635,6 +630,7 @@ static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b) | ||
2206 | int i; | ||
2207 | |||
2208 | if (a->flags != b->flags || | ||
2209 | + a->pflags != b->pflags || | ||
2210 | a->listnr != b->listnr || | ||
2211 | a->action != b->action || | ||
2212 | a->field_count != b->field_count) | ||
2213 | @@ -753,6 +749,7 @@ struct audit_entry *audit_dupe_rule(struct audit_krule *old) | ||
2214 | new = &entry->rule; | ||
2215 | new->vers_ops = old->vers_ops; | ||
2216 | new->flags = old->flags; | ||
2217 | + new->pflags = old->pflags; | ||
2218 | new->listnr = old->listnr; | ||
2219 | new->action = old->action; | ||
2220 | for (i = 0; i < AUDIT_BITMASK_SIZE; i++) | ||
2221 | diff --git a/kernel/groups.c b/kernel/groups.c | ||
2222 | index 451698f86cfa..664411f171b5 100644 | ||
2223 | --- a/kernel/groups.c | ||
2224 | +++ b/kernel/groups.c | ||
2225 | @@ -6,6 +6,7 @@ | ||
2226 | #include <linux/slab.h> | ||
2227 | #include <linux/security.h> | ||
2228 | #include <linux/syscalls.h> | ||
2229 | +#include <linux/user_namespace.h> | ||
2230 | #include <asm/uaccess.h> | ||
2231 | |||
2232 | /* init to 2 - one for init_task, one to ensure it is never freed */ | ||
2233 | @@ -213,6 +214,14 @@ out: | ||
2234 | return i; | ||
2235 | } | ||
2236 | |||
2237 | +bool may_setgroups(void) | ||
2238 | +{ | ||
2239 | + struct user_namespace *user_ns = current_user_ns(); | ||
2240 | + | ||
2241 | + return ns_capable(user_ns, CAP_SETGID) && | ||
2242 | + userns_may_setgroups(user_ns); | ||
2243 | +} | ||
2244 | + | ||
2245 | /* | ||
2246 | * SMP: Our groups are copy-on-write. We can set them safely | ||
2247 | * without another task interfering. | ||
2248 | @@ -223,7 +232,7 @@ SYSCALL_DEFINE2(setgroups, int, gidsetsize, gid_t __user *, grouplist) | ||
2249 | struct group_info *group_info; | ||
2250 | int retval; | ||
2251 | |||
2252 | - if (!ns_capable(current_user_ns(), CAP_SETGID)) | ||
2253 | + if (!may_setgroups()) | ||
2254 | return -EPERM; | ||
2255 | if ((unsigned)gidsetsize > NGROUPS_MAX) | ||
2256 | return -EINVAL; | ||
2257 | diff --git a/kernel/pid.c b/kernel/pid.c | ||
2258 | index 9b9a26698144..82430c858d69 100644 | ||
2259 | --- a/kernel/pid.c | ||
2260 | +++ b/kernel/pid.c | ||
2261 | @@ -341,6 +341,8 @@ out: | ||
2262 | |||
2263 | out_unlock: | ||
2264 | spin_unlock_irq(&pidmap_lock); | ||
2265 | + put_pid_ns(ns); | ||
2266 | + | ||
2267 | out_free: | ||
2268 | while (++i <= ns->level) | ||
2269 | free_pidmap(pid->numbers + i); | ||
2270 | diff --git a/kernel/uid16.c b/kernel/uid16.c | ||
2271 | index 602e5bbbceff..d58cc4d8f0d1 100644 | ||
2272 | --- a/kernel/uid16.c | ||
2273 | +++ b/kernel/uid16.c | ||
2274 | @@ -176,7 +176,7 @@ SYSCALL_DEFINE2(setgroups16, int, gidsetsize, old_gid_t __user *, grouplist) | ||
2275 | struct group_info *group_info; | ||
2276 | int retval; | ||
2277 | |||
2278 | - if (!ns_capable(current_user_ns(), CAP_SETGID)) | ||
2279 | + if (!may_setgroups()) | ||
2280 | return -EPERM; | ||
2281 | if ((unsigned)gidsetsize > NGROUPS_MAX) | ||
2282 | return -EINVAL; | ||
2283 | diff --git a/kernel/user.c b/kernel/user.c | ||
2284 | index 4efa39350e44..2d09940c9632 100644 | ||
2285 | --- a/kernel/user.c | ||
2286 | +++ b/kernel/user.c | ||
2287 | @@ -51,6 +51,7 @@ struct user_namespace init_user_ns = { | ||
2288 | .owner = GLOBAL_ROOT_UID, | ||
2289 | .group = GLOBAL_ROOT_GID, | ||
2290 | .proc_inum = PROC_USER_INIT_INO, | ||
2291 | + .flags = USERNS_INIT_FLAGS, | ||
2292 | #ifdef CONFIG_PERSISTENT_KEYRINGS | ||
2293 | .persistent_keyring_register_sem = | ||
2294 | __RWSEM_INITIALIZER(init_user_ns.persistent_keyring_register_sem), | ||
2295 | diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c | ||
2296 | index aa312b0dc3ec..a2e37c5d2f63 100644 | ||
2297 | --- a/kernel/user_namespace.c | ||
2298 | +++ b/kernel/user_namespace.c | ||
2299 | @@ -24,6 +24,7 @@ | ||
2300 | #include <linux/fs_struct.h> | ||
2301 | |||
2302 | static struct kmem_cache *user_ns_cachep __read_mostly; | ||
2303 | +static DEFINE_MUTEX(userns_state_mutex); | ||
2304 | |||
2305 | static bool new_idmap_permitted(const struct file *file, | ||
2306 | struct user_namespace *ns, int cap_setid, | ||
2307 | @@ -99,6 +100,11 @@ int create_user_ns(struct cred *new) | ||
2308 | ns->owner = owner; | ||
2309 | ns->group = group; | ||
2310 | |||
2311 | + /* Inherit USERNS_SETGROUPS_ALLOWED from our parent */ | ||
2312 | + mutex_lock(&userns_state_mutex); | ||
2313 | + ns->flags = parent_ns->flags; | ||
2314 | + mutex_unlock(&userns_state_mutex); | ||
2315 | + | ||
2316 | set_cred_user_ns(new, ns); | ||
2317 | |||
2318 | #ifdef CONFIG_PERSISTENT_KEYRINGS | ||
2319 | @@ -583,9 +589,6 @@ static bool mappings_overlap(struct uid_gid_map *new_map, | ||
2320 | return false; | ||
2321 | } | ||
2322 | |||
2323 | - | ||
2324 | -static DEFINE_MUTEX(id_map_mutex); | ||
2325 | - | ||
2326 | static ssize_t map_write(struct file *file, const char __user *buf, | ||
2327 | size_t count, loff_t *ppos, | ||
2328 | int cap_setid, | ||
2329 | @@ -602,7 +605,7 @@ static ssize_t map_write(struct file *file, const char __user *buf, | ||
2330 | ssize_t ret = -EINVAL; | ||
2331 | |||
2332 | /* | ||
2333 | - * The id_map_mutex serializes all writes to any given map. | ||
2334 | + * The userns_state_mutex serializes all writes to any given map. | ||
2335 | * | ||
2336 | * Any map is only ever written once. | ||
2337 | * | ||
2338 | @@ -620,7 +623,7 @@ static ssize_t map_write(struct file *file, const char __user *buf, | ||
2339 | * order and smp_rmb() is guaranteed that we don't have crazy | ||
2340 | * architectures returning stale data. | ||
2341 | */ | ||
2342 | - mutex_lock(&id_map_mutex); | ||
2343 | + mutex_lock(&userns_state_mutex); | ||
2344 | |||
2345 | ret = -EPERM; | ||
2346 | /* Only allow one successful write to the map */ | ||
2347 | @@ -750,7 +753,7 @@ static ssize_t map_write(struct file *file, const char __user *buf, | ||
2348 | *ppos = count; | ||
2349 | ret = count; | ||
2350 | out: | ||
2351 | - mutex_unlock(&id_map_mutex); | ||
2352 | + mutex_unlock(&userns_state_mutex); | ||
2353 | if (page) | ||
2354 | free_page(page); | ||
2355 | return ret; | ||
2356 | @@ -812,16 +815,21 @@ static bool new_idmap_permitted(const struct file *file, | ||
2357 | struct user_namespace *ns, int cap_setid, | ||
2358 | struct uid_gid_map *new_map) | ||
2359 | { | ||
2360 | - /* Allow mapping to your own filesystem ids */ | ||
2361 | - if ((new_map->nr_extents == 1) && (new_map->extent[0].count == 1)) { | ||
2362 | + const struct cred *cred = file->f_cred; | ||
2363 | + /* Don't allow mappings that would allow anything that wouldn't | ||
2364 | + * be allowed without the establishment of unprivileged mappings. | ||
2365 | + */ | ||
2366 | + if ((new_map->nr_extents == 1) && (new_map->extent[0].count == 1) && | ||
2367 | + uid_eq(ns->owner, cred->euid)) { | ||
2368 | u32 id = new_map->extent[0].lower_first; | ||
2369 | if (cap_setid == CAP_SETUID) { | ||
2370 | kuid_t uid = make_kuid(ns->parent, id); | ||
2371 | - if (uid_eq(uid, file->f_cred->fsuid)) | ||
2372 | + if (uid_eq(uid, cred->euid)) | ||
2373 | return true; | ||
2374 | } else if (cap_setid == CAP_SETGID) { | ||
2375 | kgid_t gid = make_kgid(ns->parent, id); | ||
2376 | - if (gid_eq(gid, file->f_cred->fsgid)) | ||
2377 | + if (!(ns->flags & USERNS_SETGROUPS_ALLOWED) && | ||
2378 | + gid_eq(gid, cred->egid)) | ||
2379 | return true; | ||
2380 | } | ||
2381 | } | ||
2382 | @@ -841,6 +849,100 @@ static bool new_idmap_permitted(const struct file *file, | ||
2383 | return false; | ||
2384 | } | ||
2385 | |||
2386 | +int proc_setgroups_show(struct seq_file *seq, void *v) | ||
2387 | +{ | ||
2388 | + struct user_namespace *ns = seq->private; | ||
2389 | + unsigned long userns_flags = ACCESS_ONCE(ns->flags); | ||
2390 | + | ||
2391 | + seq_printf(seq, "%s\n", | ||
2392 | + (userns_flags & USERNS_SETGROUPS_ALLOWED) ? | ||
2393 | + "allow" : "deny"); | ||
2394 | + return 0; | ||
2395 | +} | ||
2396 | + | ||
2397 | +ssize_t proc_setgroups_write(struct file *file, const char __user *buf, | ||
2398 | + size_t count, loff_t *ppos) | ||
2399 | +{ | ||
2400 | + struct seq_file *seq = file->private_data; | ||
2401 | + struct user_namespace *ns = seq->private; | ||
2402 | + char kbuf[8], *pos; | ||
2403 | + bool setgroups_allowed; | ||
2404 | + ssize_t ret; | ||
2405 | + | ||
2406 | + /* Only allow a very narrow range of strings to be written */ | ||
2407 | + ret = -EINVAL; | ||
2408 | + if ((*ppos != 0) || (count >= sizeof(kbuf))) | ||
2409 | + goto out; | ||
2410 | + | ||
2411 | + /* What was written? */ | ||
2412 | + ret = -EFAULT; | ||
2413 | + if (copy_from_user(kbuf, buf, count)) | ||
2414 | + goto out; | ||
2415 | + kbuf[count] = '\0'; | ||
2416 | + pos = kbuf; | ||
2417 | + | ||
2418 | + /* What is being requested? */ | ||
2419 | + ret = -EINVAL; | ||
2420 | + if (strncmp(pos, "allow", 5) == 0) { | ||
2421 | + pos += 5; | ||
2422 | + setgroups_allowed = true; | ||
2423 | + } | ||
2424 | + else if (strncmp(pos, "deny", 4) == 0) { | ||
2425 | + pos += 4; | ||
2426 | + setgroups_allowed = false; | ||
2427 | + } | ||
2428 | + else | ||
2429 | + goto out; | ||
2430 | + | ||
2431 | + /* Verify there is not trailing junk on the line */ | ||
2432 | + pos = skip_spaces(pos); | ||
2433 | + if (*pos != '\0') | ||
2434 | + goto out; | ||
2435 | + | ||
2436 | + ret = -EPERM; | ||
2437 | + mutex_lock(&userns_state_mutex); | ||
2438 | + if (setgroups_allowed) { | ||
2439 | + /* Enabling setgroups after setgroups has been disabled | ||
2440 | + * is not allowed. | ||
2441 | + */ | ||
2442 | + if (!(ns->flags & USERNS_SETGROUPS_ALLOWED)) | ||
2443 | + goto out_unlock; | ||
2444 | + } else { | ||
2445 | + /* Permanently disabling setgroups after setgroups has | ||
2446 | + * been enabled by writing the gid_map is not allowed. | ||
2447 | + */ | ||
2448 | + if (ns->gid_map.nr_extents != 0) | ||
2449 | + goto out_unlock; | ||
2450 | + ns->flags &= ~USERNS_SETGROUPS_ALLOWED; | ||
2451 | + } | ||
2452 | + mutex_unlock(&userns_state_mutex); | ||
2453 | + | ||
2454 | + /* Report a successful write */ | ||
2455 | + *ppos = count; | ||
2456 | + ret = count; | ||
2457 | +out: | ||
2458 | + return ret; | ||
2459 | +out_unlock: | ||
2460 | + mutex_unlock(&userns_state_mutex); | ||
2461 | + goto out; | ||
2462 | +} | ||
2463 | + | ||
2464 | +bool userns_may_setgroups(const struct user_namespace *ns) | ||
2465 | +{ | ||
2466 | + bool allowed; | ||
2467 | + | ||
2468 | + mutex_lock(&userns_state_mutex); | ||
2469 | + /* It is not safe to use setgroups until a gid mapping in | ||
2470 | + * the user namespace has been established. | ||
2471 | + */ | ||
2472 | + allowed = ns->gid_map.nr_extents != 0; | ||
2473 | + /* Is setgroups allowed? */ | ||
2474 | + allowed = allowed && (ns->flags & USERNS_SETGROUPS_ALLOWED); | ||
2475 | + mutex_unlock(&userns_state_mutex); | ||
2476 | + | ||
2477 | + return allowed; | ||
2478 | +} | ||
2479 | + | ||
2480 | static void *userns_get(struct task_struct *task) | ||
2481 | { | ||
2482 | struct user_namespace *user_ns; | ||
2483 | diff --git a/net/mac80211/key.c b/net/mac80211/key.c | ||
2484 | index d808cff80153..f7afc0ac3b78 100644 | ||
2485 | --- a/net/mac80211/key.c | ||
2486 | +++ b/net/mac80211/key.c | ||
2487 | @@ -650,7 +650,7 @@ void ieee80211_free_sta_keys(struct ieee80211_local *local, | ||
2488 | int i; | ||
2489 | |||
2490 | mutex_lock(&local->key_mtx); | ||
2491 | - for (i = 0; i < NUM_DEFAULT_KEYS; i++) { | ||
2492 | + for (i = 0; i < ARRAY_SIZE(sta->gtk); i++) { | ||
2493 | key = key_mtx_dereference(local, sta->gtk[i]); | ||
2494 | if (!key) | ||
2495 | continue; | ||
2496 | diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c | ||
2497 | index 7e77410ca799..fced06462b8c 100644 | ||
2498 | --- a/net/mac80211/rx.c | ||
2499 | +++ b/net/mac80211/rx.c | ||
2500 | @@ -1667,14 +1667,14 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) | ||
2501 | sc = le16_to_cpu(hdr->seq_ctrl); | ||
2502 | frag = sc & IEEE80211_SCTL_FRAG; | ||
2503 | |||
2504 | - if (likely(!ieee80211_has_morefrags(fc) && frag == 0)) | ||
2505 | - goto out; | ||
2506 | - | ||
2507 | if (is_multicast_ether_addr(hdr->addr1)) { | ||
2508 | rx->local->dot11MulticastReceivedFrameCount++; | ||
2509 | - goto out; | ||
2510 | + goto out_no_led; | ||
2511 | } | ||
2512 | |||
2513 | + if (likely(!ieee80211_has_morefrags(fc) && frag == 0)) | ||
2514 | + goto out; | ||
2515 | + | ||
2516 | I802_DEBUG_INC(rx->local->rx_handlers_fragments); | ||
2517 | |||
2518 | if (skb_linearize(rx->skb)) | ||
2519 | @@ -1765,9 +1765,10 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) | ||
2520 | status->rx_flags |= IEEE80211_RX_FRAGMENTED; | ||
2521 | |||
2522 | out: | ||
2523 | + ieee80211_led_rx(rx->local); | ||
2524 | + out_no_led: | ||
2525 | if (rx->sta) | ||
2526 | rx->sta->rx_packets++; | ||
2527 | - ieee80211_led_rx(rx->local); | ||
2528 | return RX_CONTINUE; | ||
2529 | } | ||
2530 | |||
2531 | diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c | ||
2532 | index 5fe443d120af..556c43df6636 100644 | ||
2533 | --- a/security/keys/encrypted-keys/encrypted.c | ||
2534 | +++ b/security/keys/encrypted-keys/encrypted.c | ||
2535 | @@ -1018,10 +1018,13 @@ static int __init init_encrypted(void) | ||
2536 | ret = encrypted_shash_alloc(); | ||
2537 | if (ret < 0) | ||
2538 | return ret; | ||
2539 | + ret = aes_get_sizes(); | ||
2540 | + if (ret < 0) | ||
2541 | + goto out; | ||
2542 | ret = register_key_type(&key_type_encrypted); | ||
2543 | if (ret < 0) | ||
2544 | goto out; | ||
2545 | - return aes_get_sizes(); | ||
2546 | + return 0; | ||
2547 | out: | ||
2548 | encrypted_shash_release(); | ||
2549 | return ret; | ||
2550 | diff --git a/tools/testing/selftests/mount/unprivileged-remount-test.c b/tools/testing/selftests/mount/unprivileged-remount-test.c | ||
2551 | index 1b3ff2fda4d0..517785052f1c 100644 | ||
2552 | --- a/tools/testing/selftests/mount/unprivileged-remount-test.c | ||
2553 | +++ b/tools/testing/selftests/mount/unprivileged-remount-test.c | ||
2554 | @@ -6,6 +6,8 @@ | ||
2555 | #include <sys/types.h> | ||
2556 | #include <sys/mount.h> | ||
2557 | #include <sys/wait.h> | ||
2558 | +#include <sys/vfs.h> | ||
2559 | +#include <sys/statvfs.h> | ||
2560 | #include <stdlib.h> | ||
2561 | #include <unistd.h> | ||
2562 | #include <fcntl.h> | ||
2563 | @@ -32,11 +34,14 @@ | ||
2564 | # define CLONE_NEWPID 0x20000000 | ||
2565 | #endif | ||
2566 | |||
2567 | +#ifndef MS_REC | ||
2568 | +# define MS_REC 16384 | ||
2569 | +#endif | ||
2570 | #ifndef MS_RELATIME | ||
2571 | -#define MS_RELATIME (1 << 21) | ||
2572 | +# define MS_RELATIME (1 << 21) | ||
2573 | #endif | ||
2574 | #ifndef MS_STRICTATIME | ||
2575 | -#define MS_STRICTATIME (1 << 24) | ||
2576 | +# define MS_STRICTATIME (1 << 24) | ||
2577 | #endif | ||
2578 | |||
2579 | static void die(char *fmt, ...) | ||
2580 | @@ -48,17 +53,14 @@ static void die(char *fmt, ...) | ||
2581 | exit(EXIT_FAILURE); | ||
2582 | } | ||
2583 | |||
2584 | -static void write_file(char *filename, char *fmt, ...) | ||
2585 | +static void vmaybe_write_file(bool enoent_ok, char *filename, char *fmt, va_list ap) | ||
2586 | { | ||
2587 | char buf[4096]; | ||
2588 | int fd; | ||
2589 | ssize_t written; | ||
2590 | int buf_len; | ||
2591 | - va_list ap; | ||
2592 | |||
2593 | - va_start(ap, fmt); | ||
2594 | buf_len = vsnprintf(buf, sizeof(buf), fmt, ap); | ||
2595 | - va_end(ap); | ||
2596 | if (buf_len < 0) { | ||
2597 | die("vsnprintf failed: %s\n", | ||
2598 | strerror(errno)); | ||
2599 | @@ -69,6 +71,8 @@ static void write_file(char *filename, char *fmt, ...) | ||
2600 | |||
2601 | fd = open(filename, O_WRONLY); | ||
2602 | if (fd < 0) { | ||
2603 | + if ((errno == ENOENT) && enoent_ok) | ||
2604 | + return; | ||
2605 | die("open of %s failed: %s\n", | ||
2606 | filename, strerror(errno)); | ||
2607 | } | ||
2608 | @@ -87,6 +91,65 @@ static void write_file(char *filename, char *fmt, ...) | ||
2609 | } | ||
2610 | } | ||
2611 | |||
2612 | +static void maybe_write_file(char *filename, char *fmt, ...) | ||
2613 | +{ | ||
2614 | + va_list ap; | ||
2615 | + | ||
2616 | + va_start(ap, fmt); | ||
2617 | + vmaybe_write_file(true, filename, fmt, ap); | ||
2618 | + va_end(ap); | ||
2619 | + | ||
2620 | +} | ||
2621 | + | ||
2622 | +static void write_file(char *filename, char *fmt, ...) | ||
2623 | +{ | ||
2624 | + va_list ap; | ||
2625 | + | ||
2626 | + va_start(ap, fmt); | ||
2627 | + vmaybe_write_file(false, filename, fmt, ap); | ||
2628 | + va_end(ap); | ||
2629 | + | ||
2630 | +} | ||
2631 | + | ||
2632 | +static int read_mnt_flags(const char *path) | ||
2633 | +{ | ||
2634 | + int ret; | ||
2635 | + struct statvfs stat; | ||
2636 | + int mnt_flags; | ||
2637 | + | ||
2638 | + ret = statvfs(path, &stat); | ||
2639 | + if (ret != 0) { | ||
2640 | + die("statvfs of %s failed: %s\n", | ||
2641 | + path, strerror(errno)); | ||
2642 | + } | ||
2643 | + if (stat.f_flag & ~(ST_RDONLY | ST_NOSUID | ST_NODEV | \ | ||
2644 | + ST_NOEXEC | ST_NOATIME | ST_NODIRATIME | ST_RELATIME | \ | ||
2645 | + ST_SYNCHRONOUS | ST_MANDLOCK)) { | ||
2646 | + die("Unrecognized mount flags\n"); | ||
2647 | + } | ||
2648 | + mnt_flags = 0; | ||
2649 | + if (stat.f_flag & ST_RDONLY) | ||
2650 | + mnt_flags |= MS_RDONLY; | ||
2651 | + if (stat.f_flag & ST_NOSUID) | ||
2652 | + mnt_flags |= MS_NOSUID; | ||
2653 | + if (stat.f_flag & ST_NODEV) | ||
2654 | + mnt_flags |= MS_NODEV; | ||
2655 | + if (stat.f_flag & ST_NOEXEC) | ||
2656 | + mnt_flags |= MS_NOEXEC; | ||
2657 | + if (stat.f_flag & ST_NOATIME) | ||
2658 | + mnt_flags |= MS_NOATIME; | ||
2659 | + if (stat.f_flag & ST_NODIRATIME) | ||
2660 | + mnt_flags |= MS_NODIRATIME; | ||
2661 | + if (stat.f_flag & ST_RELATIME) | ||
2662 | + mnt_flags |= MS_RELATIME; | ||
2663 | + if (stat.f_flag & ST_SYNCHRONOUS) | ||
2664 | + mnt_flags |= MS_SYNCHRONOUS; | ||
2665 | + if (stat.f_flag & ST_MANDLOCK) | ||
2666 | + mnt_flags |= ST_MANDLOCK; | ||
2667 | + | ||
2668 | + return mnt_flags; | ||
2669 | +} | ||
2670 | + | ||
2671 | static void create_and_enter_userns(void) | ||
2672 | { | ||
2673 | uid_t uid; | ||
2674 | @@ -100,13 +163,10 @@ static void create_and_enter_userns(void) | ||
2675 | strerror(errno)); | ||
2676 | } | ||
2677 | |||
2678 | + maybe_write_file("/proc/self/setgroups", "deny"); | ||
2679 | write_file("/proc/self/uid_map", "0 %d 1", uid); | ||
2680 | write_file("/proc/self/gid_map", "0 %d 1", gid); | ||
2681 | |||
2682 | - if (setgroups(0, NULL) != 0) { | ||
2683 | - die("setgroups failed: %s\n", | ||
2684 | - strerror(errno)); | ||
2685 | - } | ||
2686 | if (setgid(0) != 0) { | ||
2687 | die ("setgid(0) failed %s\n", | ||
2688 | strerror(errno)); | ||
2689 | @@ -118,7 +178,8 @@ static void create_and_enter_userns(void) | ||
2690 | } | ||
2691 | |||
2692 | static | ||
2693 | -bool test_unpriv_remount(int mount_flags, int remount_flags, int invalid_flags) | ||
2694 | +bool test_unpriv_remount(const char *fstype, const char *mount_options, | ||
2695 | + int mount_flags, int remount_flags, int invalid_flags) | ||
2696 | { | ||
2697 | pid_t child; | ||
2698 | |||
2699 | @@ -151,9 +212,11 @@ bool test_unpriv_remount(int mount_flags, int remount_flags, int invalid_flags) | ||
2700 | strerror(errno)); | ||
2701 | } | ||
2702 | |||
2703 | - if (mount("testing", "/tmp", "ramfs", mount_flags, NULL) != 0) { | ||
2704 | - die("mount of /tmp failed: %s\n", | ||
2705 | - strerror(errno)); | ||
2706 | + if (mount("testing", "/tmp", fstype, mount_flags, mount_options) != 0) { | ||
2707 | + die("mount of %s with options '%s' on /tmp failed: %s\n", | ||
2708 | + fstype, | ||
2709 | + mount_options? mount_options : "", | ||
2710 | + strerror(errno)); | ||
2711 | } | ||
2712 | |||
2713 | create_and_enter_userns(); | ||
2714 | @@ -181,62 +244,127 @@ bool test_unpriv_remount(int mount_flags, int remount_flags, int invalid_flags) | ||
2715 | |||
2716 | static bool test_unpriv_remount_simple(int mount_flags) | ||
2717 | { | ||
2718 | - return test_unpriv_remount(mount_flags, mount_flags, 0); | ||
2719 | + return test_unpriv_remount("ramfs", NULL, mount_flags, mount_flags, 0); | ||
2720 | } | ||
2721 | |||
2722 | static bool test_unpriv_remount_atime(int mount_flags, int invalid_flags) | ||
2723 | { | ||
2724 | - return test_unpriv_remount(mount_flags, mount_flags, invalid_flags); | ||
2725 | + return test_unpriv_remount("ramfs", NULL, mount_flags, mount_flags, | ||
2726 | + invalid_flags); | ||
2727 | +} | ||
2728 | + | ||
2729 | +static bool test_priv_mount_unpriv_remount(void) | ||
2730 | +{ | ||
2731 | + pid_t child; | ||
2732 | + int ret; | ||
2733 | + const char *orig_path = "/dev"; | ||
2734 | + const char *dest_path = "/tmp"; | ||
2735 | + int orig_mnt_flags, remount_mnt_flags; | ||
2736 | + | ||
2737 | + child = fork(); | ||
2738 | + if (child == -1) { | ||
2739 | + die("fork failed: %s\n", | ||
2740 | + strerror(errno)); | ||
2741 | + } | ||
2742 | + if (child != 0) { /* parent */ | ||
2743 | + pid_t pid; | ||
2744 | + int status; | ||
2745 | + pid = waitpid(child, &status, 0); | ||
2746 | + if (pid == -1) { | ||
2747 | + die("waitpid failed: %s\n", | ||
2748 | + strerror(errno)); | ||
2749 | + } | ||
2750 | + if (pid != child) { | ||
2751 | + die("waited for %d got %d\n", | ||
2752 | + child, pid); | ||
2753 | + } | ||
2754 | + if (!WIFEXITED(status)) { | ||
2755 | + die("child did not terminate cleanly\n"); | ||
2756 | + } | ||
2757 | + return WEXITSTATUS(status) == EXIT_SUCCESS ? true : false; | ||
2758 | + } | ||
2759 | + | ||
2760 | + orig_mnt_flags = read_mnt_flags(orig_path); | ||
2761 | + | ||
2762 | + create_and_enter_userns(); | ||
2763 | + ret = unshare(CLONE_NEWNS); | ||
2764 | + if (ret != 0) { | ||
2765 | + die("unshare(CLONE_NEWNS) failed: %s\n", | ||
2766 | + strerror(errno)); | ||
2767 | + } | ||
2768 | + | ||
2769 | + ret = mount(orig_path, dest_path, "bind", MS_BIND | MS_REC, NULL); | ||
2770 | + if (ret != 0) { | ||
2771 | + die("recursive bind mount of %s onto %s failed: %s\n", | ||
2772 | + orig_path, dest_path, strerror(errno)); | ||
2773 | + } | ||
2774 | + | ||
2775 | + ret = mount(dest_path, dest_path, "none", | ||
2776 | + MS_REMOUNT | MS_BIND | orig_mnt_flags , NULL); | ||
2777 | + if (ret != 0) { | ||
2778 | + /* system("cat /proc/self/mounts"); */ | ||
2779 | + die("remount of /tmp failed: %s\n", | ||
2780 | + strerror(errno)); | ||
2781 | + } | ||
2782 | + | ||
2783 | + remount_mnt_flags = read_mnt_flags(dest_path); | ||
2784 | + if (orig_mnt_flags != remount_mnt_flags) { | ||
2785 | + die("Mount flags unexpectedly changed during remount of %s originally mounted on %s\n", | ||
2786 | + dest_path, orig_path); | ||
2787 | + } | ||
2788 | + exit(EXIT_SUCCESS); | ||
2789 | } | ||
2790 | |||
2791 | int main(int argc, char **argv) | ||
2792 | { | ||
2793 | - if (!test_unpriv_remount_simple(MS_RDONLY|MS_NODEV)) { | ||
2794 | + if (!test_unpriv_remount_simple(MS_RDONLY)) { | ||
2795 | die("MS_RDONLY malfunctions\n"); | ||
2796 | } | ||
2797 | - if (!test_unpriv_remount_simple(MS_NODEV)) { | ||
2798 | + if (!test_unpriv_remount("devpts", "newinstance", MS_NODEV, MS_NODEV, 0)) { | ||
2799 | die("MS_NODEV malfunctions\n"); | ||
2800 | } | ||
2801 | - if (!test_unpriv_remount_simple(MS_NOSUID|MS_NODEV)) { | ||
2802 | + if (!test_unpriv_remount_simple(MS_NOSUID)) { | ||
2803 | die("MS_NOSUID malfunctions\n"); | ||
2804 | } | ||
2805 | - if (!test_unpriv_remount_simple(MS_NOEXEC|MS_NODEV)) { | ||
2806 | + if (!test_unpriv_remount_simple(MS_NOEXEC)) { | ||
2807 | die("MS_NOEXEC malfunctions\n"); | ||
2808 | } | ||
2809 | - if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODEV, | ||
2810 | - MS_NOATIME|MS_NODEV)) | ||
2811 | + if (!test_unpriv_remount_atime(MS_RELATIME, | ||
2812 | + MS_NOATIME)) | ||
2813 | { | ||
2814 | die("MS_RELATIME malfunctions\n"); | ||
2815 | } | ||
2816 | - if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODEV, | ||
2817 | - MS_NOATIME|MS_NODEV)) | ||
2818 | + if (!test_unpriv_remount_atime(MS_STRICTATIME, | ||
2819 | + MS_NOATIME)) | ||
2820 | { | ||
2821 | die("MS_STRICTATIME malfunctions\n"); | ||
2822 | } | ||
2823 | - if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODEV, | ||
2824 | - MS_STRICTATIME|MS_NODEV)) | ||
2825 | + if (!test_unpriv_remount_atime(MS_NOATIME, | ||
2826 | + MS_STRICTATIME)) | ||
2827 | { | ||
2828 | - die("MS_RELATIME malfunctions\n"); | ||
2829 | + die("MS_NOATIME malfunctions\n"); | ||
2830 | } | ||
2831 | - if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODIRATIME|MS_NODEV, | ||
2832 | - MS_NOATIME|MS_NODEV)) | ||
2833 | + if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODIRATIME, | ||
2834 | + MS_NOATIME)) | ||
2835 | { | ||
2836 | - die("MS_RELATIME malfunctions\n"); | ||
2837 | + die("MS_RELATIME|MS_NODIRATIME malfunctions\n"); | ||
2838 | } | ||
2839 | - if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODIRATIME|MS_NODEV, | ||
2840 | - MS_NOATIME|MS_NODEV)) | ||
2841 | + if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODIRATIME, | ||
2842 | + MS_NOATIME)) | ||
2843 | { | ||
2844 | - die("MS_RELATIME malfunctions\n"); | ||
2845 | + die("MS_STRICTATIME|MS_NODIRATIME malfunctions\n"); | ||
2846 | } | ||
2847 | - if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODIRATIME|MS_NODEV, | ||
2848 | - MS_STRICTATIME|MS_NODEV)) | ||
2849 | + if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODIRATIME, | ||
2850 | + MS_STRICTATIME)) | ||
2851 | { | ||
2852 | - die("MS_RELATIME malfunctions\n"); | ||
2853 | + die("MS_NOATIME|MS_DIRATIME malfunctions\n"); | ||
2854 | } | ||
2855 | - if (!test_unpriv_remount(MS_STRICTATIME|MS_NODEV, MS_NODEV, | ||
2856 | - MS_NOATIME|MS_NODEV)) | ||
2857 | + if (!test_unpriv_remount("ramfs", NULL, MS_STRICTATIME, 0, MS_NOATIME)) | ||
2858 | { | ||
2859 | die("Default atime malfunctions\n"); | ||
2860 | } | ||
2861 | + if (!test_priv_mount_unpriv_remount()) { | ||
2862 | + die("Mount flags unexpectedly changed after remount\n"); | ||
2863 | + } | ||
2864 | return EXIT_SUCCESS; | ||
2865 | } |