Contents of /trunk/kernel-magellan/patches-3.17/0107-3.17.8-all-fixes.patch
Parent Directory | Revision Log
Revision 2538 -
(show annotations)
(download)
Fri Jan 30 10:05:47 2015 UTC (9 years, 7 months ago) by niro
File size: 91733 byte(s)
Fri Jan 30 10:05:47 2015 UTC (9 years, 7 months ago) by niro
File size: 91733 byte(s)
-linux-3.17.8
1 | diff --git a/Makefile b/Makefile |
2 | index 267f8936ff69..656f0b0cff53 100644 |
3 | --- a/Makefile |
4 | +++ b/Makefile |
5 | @@ -1,6 +1,6 @@ |
6 | VERSION = 3 |
7 | PATCHLEVEL = 17 |
8 | -SUBLEVEL = 7 |
9 | +SUBLEVEL = 8 |
10 | EXTRAVERSION = |
11 | NAME = Shuffling Zombie Juror |
12 | |
13 | diff --git a/arch/arm/boot/dts/armada-370.dtsi b/arch/arm/boot/dts/armada-370.dtsi |
14 | index 21b588b6f6bd..77d22d82faf5 100644 |
15 | --- a/arch/arm/boot/dts/armada-370.dtsi |
16 | +++ b/arch/arm/boot/dts/armada-370.dtsi |
17 | @@ -106,11 +106,6 @@ |
18 | reg = <0x11100 0x20>; |
19 | }; |
20 | |
21 | - system-controller@18200 { |
22 | - compatible = "marvell,armada-370-xp-system-controller"; |
23 | - reg = <0x18200 0x100>; |
24 | - }; |
25 | - |
26 | pinctrl { |
27 | compatible = "marvell,mv88f6710-pinctrl"; |
28 | reg = <0x18000 0x38>; |
29 | @@ -186,6 +181,11 @@ |
30 | interrupts = <91>; |
31 | }; |
32 | |
33 | + system-controller@18200 { |
34 | + compatible = "marvell,armada-370-xp-system-controller"; |
35 | + reg = <0x18200 0x100>; |
36 | + }; |
37 | + |
38 | gateclk: clock-gating-control@18220 { |
39 | compatible = "marvell,armada-370-gating-clock"; |
40 | reg = <0x18220 0x4>; |
41 | diff --git a/arch/arm/mach-mvebu/coherency.c b/arch/arm/mach-mvebu/coherency.c |
42 | index 044b51185fcc..c31f4c00b1fc 100644 |
43 | --- a/arch/arm/mach-mvebu/coherency.c |
44 | +++ b/arch/arm/mach-mvebu/coherency.c |
45 | @@ -361,25 +361,41 @@ static int coherency_type(void) |
46 | { |
47 | struct device_node *np; |
48 | const struct of_device_id *match; |
49 | + int type; |
50 | |
51 | - np = of_find_matching_node_and_match(NULL, of_coherency_table, &match); |
52 | - if (np) { |
53 | - int type = (int) match->data; |
54 | + /* |
55 | + * The coherency fabric is needed: |
56 | + * - For coherency between processors on Armada XP, so only |
57 | + * when SMP is enabled. |
58 | + * - For coherency between the processor and I/O devices, but |
59 | + * this coherency requires many pre-requisites (write |
60 | + * allocate cache policy, shareable pages, SMP bit set) that |
61 | + * are only meant in SMP situations. |
62 | + * |
63 | + * Note that this means that on Armada 370, there is currently |
64 | + * no way to use hardware I/O coherency, because even when |
65 | + * CONFIG_SMP is enabled, is_smp() returns false due to the |
66 | + * Armada 370 being a single-core processor. To lift this |
67 | + * limitation, we would have to find a way to make the cache |
68 | + * policy set to write-allocate (on all Armada SoCs), and to |
69 | + * set the shareable attribute in page tables (on all Armada |
70 | + * SoCs except the Armada 370). Unfortunately, such decisions |
71 | + * are taken very early in the kernel boot process, at a point |
72 | + * where we don't know yet on which SoC we are running. |
73 | |
74 | - /* Armada 370/XP coherency works in both UP and SMP */ |
75 | - if (type == COHERENCY_FABRIC_TYPE_ARMADA_370_XP) |
76 | - return type; |
77 | + */ |
78 | + if (!is_smp()) |
79 | + return COHERENCY_FABRIC_TYPE_NONE; |
80 | |
81 | - /* Armada 375 coherency works only on SMP */ |
82 | - else if (type == COHERENCY_FABRIC_TYPE_ARMADA_375 && is_smp()) |
83 | - return type; |
84 | + np = of_find_matching_node_and_match(NULL, of_coherency_table, &match); |
85 | + if (!np) |
86 | + return COHERENCY_FABRIC_TYPE_NONE; |
87 | |
88 | - /* Armada 380 coherency works only on SMP */ |
89 | - else if (type == COHERENCY_FABRIC_TYPE_ARMADA_380 && is_smp()) |
90 | - return type; |
91 | - } |
92 | + type = (int) match->data; |
93 | + |
94 | + of_node_put(np); |
95 | |
96 | - return COHERENCY_FABRIC_TYPE_NONE; |
97 | + return type; |
98 | } |
99 | |
100 | int coherency_available(void) |
101 | diff --git a/arch/arm/mach-mvebu/coherency_ll.S b/arch/arm/mach-mvebu/coherency_ll.S |
102 | index f5d881b5d0f7..8b2fbc8b6bc6 100644 |
103 | --- a/arch/arm/mach-mvebu/coherency_ll.S |
104 | +++ b/arch/arm/mach-mvebu/coherency_ll.S |
105 | @@ -24,7 +24,10 @@ |
106 | #include <asm/cp15.h> |
107 | |
108 | .text |
109 | -/* Returns the coherency base address in r1 (r0 is untouched) */ |
110 | +/* |
111 | + * Returns the coherency base address in r1 (r0 is untouched), or 0 if |
112 | + * the coherency fabric is not enabled. |
113 | + */ |
114 | ENTRY(ll_get_coherency_base) |
115 | mrc p15, 0, r1, c1, c0, 0 |
116 | tst r1, #CR_M @ Check MMU bit enabled |
117 | @@ -32,8 +35,13 @@ ENTRY(ll_get_coherency_base) |
118 | |
119 | /* |
120 | * MMU is disabled, use the physical address of the coherency |
121 | - * base address. |
122 | + * base address. However, if the coherency fabric isn't mapped |
123 | + * (i.e its virtual address is zero), it means coherency is |
124 | + * not enabled, so we return 0. |
125 | */ |
126 | + ldr r1, =coherency_base |
127 | + cmp r1, #0 |
128 | + beq 2f |
129 | adr r1, 3f |
130 | ldr r3, [r1] |
131 | ldr r1, [r1, r3] |
132 | @@ -85,6 +93,9 @@ ENTRY(ll_add_cpu_to_smp_group) |
133 | */ |
134 | mov r0, lr |
135 | bl ll_get_coherency_base |
136 | + /* Bail out if the coherency is not enabled */ |
137 | + cmp r1, #0 |
138 | + reteq r0 |
139 | bl ll_get_coherency_cpumask |
140 | mov lr, r0 |
141 | add r0, r1, #ARMADA_XP_CFB_CFG_REG_OFFSET |
142 | @@ -107,6 +118,9 @@ ENTRY(ll_enable_coherency) |
143 | */ |
144 | mov r0, lr |
145 | bl ll_get_coherency_base |
146 | + /* Bail out if the coherency is not enabled */ |
147 | + cmp r1, #0 |
148 | + reteq r0 |
149 | bl ll_get_coherency_cpumask |
150 | mov lr, r0 |
151 | add r0, r1, #ARMADA_XP_CFB_CTL_REG_OFFSET |
152 | @@ -131,6 +145,9 @@ ENTRY(ll_disable_coherency) |
153 | */ |
154 | mov r0, lr |
155 | bl ll_get_coherency_base |
156 | + /* Bail out if the coherency is not enabled */ |
157 | + cmp r1, #0 |
158 | + reteq r0 |
159 | bl ll_get_coherency_cpumask |
160 | mov lr, r0 |
161 | add r0, r1, #ARMADA_XP_CFB_CTL_REG_OFFSET |
162 | diff --git a/arch/arm/mach-tegra/reset-handler.S b/arch/arm/mach-tegra/reset-handler.S |
163 | index 7b2baab0f0bd..71be4af5e975 100644 |
164 | --- a/arch/arm/mach-tegra/reset-handler.S |
165 | +++ b/arch/arm/mach-tegra/reset-handler.S |
166 | @@ -51,6 +51,7 @@ ENTRY(tegra_resume) |
167 | THUMB( it ne ) |
168 | bne cpu_resume @ no |
169 | |
170 | + tegra_get_soc_id TEGRA_APB_MISC_BASE, r6 |
171 | /* Are we on Tegra20? */ |
172 | cmp r6, #TEGRA20 |
173 | beq 1f @ Yes |
174 | diff --git a/arch/arm64/include/asm/hwcap.h b/arch/arm64/include/asm/hwcap.h |
175 | index 024c46183c3c..0ad735166d9f 100644 |
176 | --- a/arch/arm64/include/asm/hwcap.h |
177 | +++ b/arch/arm64/include/asm/hwcap.h |
178 | @@ -30,6 +30,7 @@ |
179 | #define COMPAT_HWCAP_IDIVA (1 << 17) |
180 | #define COMPAT_HWCAP_IDIVT (1 << 18) |
181 | #define COMPAT_HWCAP_IDIV (COMPAT_HWCAP_IDIVA|COMPAT_HWCAP_IDIVT) |
182 | +#define COMPAT_HWCAP_LPAE (1 << 20) |
183 | #define COMPAT_HWCAP_EVTSTRM (1 << 21) |
184 | |
185 | #define COMPAT_HWCAP2_AES (1 << 0) |
186 | diff --git a/arch/arm64/kernel/setup.c b/arch/arm64/kernel/setup.c |
187 | index edb146d01857..8546a060f723 100644 |
188 | --- a/arch/arm64/kernel/setup.c |
189 | +++ b/arch/arm64/kernel/setup.c |
190 | @@ -72,7 +72,8 @@ EXPORT_SYMBOL_GPL(elf_hwcap); |
191 | COMPAT_HWCAP_FAST_MULT|COMPAT_HWCAP_EDSP|\ |
192 | COMPAT_HWCAP_TLS|COMPAT_HWCAP_VFP|\ |
193 | COMPAT_HWCAP_VFPv3|COMPAT_HWCAP_VFPv4|\ |
194 | - COMPAT_HWCAP_NEON|COMPAT_HWCAP_IDIV) |
195 | + COMPAT_HWCAP_NEON|COMPAT_HWCAP_IDIV|\ |
196 | + COMPAT_HWCAP_LPAE) |
197 | unsigned int compat_elf_hwcap __read_mostly = COMPAT_ELF_HWCAP_DEFAULT; |
198 | unsigned int compat_elf_hwcap2 __read_mostly; |
199 | #endif |
200 | diff --git a/arch/s390/kernel/compat_linux.c b/arch/s390/kernel/compat_linux.c |
201 | index ca38139423ae..437e61159279 100644 |
202 | --- a/arch/s390/kernel/compat_linux.c |
203 | +++ b/arch/s390/kernel/compat_linux.c |
204 | @@ -249,7 +249,7 @@ COMPAT_SYSCALL_DEFINE2(s390_setgroups16, int, gidsetsize, u16 __user *, grouplis |
205 | struct group_info *group_info; |
206 | int retval; |
207 | |
208 | - if (!capable(CAP_SETGID)) |
209 | + if (!may_setgroups()) |
210 | return -EPERM; |
211 | if ((unsigned)gidsetsize > NGROUPS_MAX) |
212 | return -EINVAL; |
213 | diff --git a/arch/x86/include/uapi/asm/ldt.h b/arch/x86/include/uapi/asm/ldt.h |
214 | index 46727eb37bfe..6e1aaf73852a 100644 |
215 | --- a/arch/x86/include/uapi/asm/ldt.h |
216 | +++ b/arch/x86/include/uapi/asm/ldt.h |
217 | @@ -28,6 +28,13 @@ struct user_desc { |
218 | unsigned int seg_not_present:1; |
219 | unsigned int useable:1; |
220 | #ifdef __x86_64__ |
221 | + /* |
222 | + * Because this bit is not present in 32-bit user code, user |
223 | + * programs can pass uninitialized values here. Therefore, in |
224 | + * any context in which a user_desc comes from a 32-bit program, |
225 | + * the kernel must act as though lm == 0, regardless of the |
226 | + * actual value. |
227 | + */ |
228 | unsigned int lm:1; |
229 | #endif |
230 | }; |
231 | diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c |
232 | index 3dd8e2c4d74a..07de51f66deb 100644 |
233 | --- a/arch/x86/kernel/kvm.c |
234 | +++ b/arch/x86/kernel/kvm.c |
235 | @@ -282,7 +282,14 @@ NOKPROBE_SYMBOL(do_async_page_fault); |
236 | static void __init paravirt_ops_setup(void) |
237 | { |
238 | pv_info.name = "KVM"; |
239 | - pv_info.paravirt_enabled = 1; |
240 | + |
241 | + /* |
242 | + * KVM isn't paravirt in the sense of paravirt_enabled. A KVM |
243 | + * guest kernel works like a bare metal kernel with additional |
244 | + * features, and paravirt_enabled is about features that are |
245 | + * missing. |
246 | + */ |
247 | + pv_info.paravirt_enabled = 0; |
248 | |
249 | if (kvm_para_has_feature(KVM_FEATURE_NOP_IO_DELAY)) |
250 | pv_cpu_ops.io_delay = kvm_io_delay; |
251 | diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c |
252 | index d9156ceecdff..a2de9bc7ac0b 100644 |
253 | --- a/arch/x86/kernel/kvmclock.c |
254 | +++ b/arch/x86/kernel/kvmclock.c |
255 | @@ -263,7 +263,6 @@ void __init kvmclock_init(void) |
256 | #endif |
257 | kvm_get_preset_lpj(); |
258 | clocksource_register_hz(&kvm_clock, NSEC_PER_SEC); |
259 | - pv_info.paravirt_enabled = 1; |
260 | pv_info.name = "KVM"; |
261 | |
262 | if (kvm_para_has_feature(KVM_FEATURE_CLOCKSOURCE_STABLE_BIT)) |
263 | diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c |
264 | index ca5b02d405c3..166119618afb 100644 |
265 | --- a/arch/x86/kernel/process_64.c |
266 | +++ b/arch/x86/kernel/process_64.c |
267 | @@ -286,24 +286,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) |
268 | |
269 | fpu = switch_fpu_prepare(prev_p, next_p, cpu); |
270 | |
271 | - /* |
272 | - * Reload esp0, LDT and the page table pointer: |
273 | - */ |
274 | + /* Reload esp0 and ss1. */ |
275 | load_sp0(tss, next); |
276 | |
277 | - /* |
278 | - * Switch DS and ES. |
279 | - * This won't pick up thread selector changes, but I guess that is ok. |
280 | - */ |
281 | - savesegment(es, prev->es); |
282 | - if (unlikely(next->es | prev->es)) |
283 | - loadsegment(es, next->es); |
284 | - |
285 | - savesegment(ds, prev->ds); |
286 | - if (unlikely(next->ds | prev->ds)) |
287 | - loadsegment(ds, next->ds); |
288 | - |
289 | - |
290 | /* We must save %fs and %gs before load_TLS() because |
291 | * %fs and %gs may be cleared by load_TLS(). |
292 | * |
293 | @@ -312,41 +297,101 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) |
294 | savesegment(fs, fsindex); |
295 | savesegment(gs, gsindex); |
296 | |
297 | + /* |
298 | + * Load TLS before restoring any segments so that segment loads |
299 | + * reference the correct GDT entries. |
300 | + */ |
301 | load_TLS(next, cpu); |
302 | |
303 | /* |
304 | - * Leave lazy mode, flushing any hypercalls made here. |
305 | - * This must be done before restoring TLS segments so |
306 | - * the GDT and LDT are properly updated, and must be |
307 | - * done before math_state_restore, so the TS bit is up |
308 | - * to date. |
309 | + * Leave lazy mode, flushing any hypercalls made here. This |
310 | + * must be done after loading TLS entries in the GDT but before |
311 | + * loading segments that might reference them, and and it must |
312 | + * be done before math_state_restore, so the TS bit is up to |
313 | + * date. |
314 | */ |
315 | arch_end_context_switch(next_p); |
316 | |
317 | + /* Switch DS and ES. |
318 | + * |
319 | + * Reading them only returns the selectors, but writing them (if |
320 | + * nonzero) loads the full descriptor from the GDT or LDT. The |
321 | + * LDT for next is loaded in switch_mm, and the GDT is loaded |
322 | + * above. |
323 | + * |
324 | + * We therefore need to write new values to the segment |
325 | + * registers on every context switch unless both the new and old |
326 | + * values are zero. |
327 | + * |
328 | + * Note that we don't need to do anything for CS and SS, as |
329 | + * those are saved and restored as part of pt_regs. |
330 | + */ |
331 | + savesegment(es, prev->es); |
332 | + if (unlikely(next->es | prev->es)) |
333 | + loadsegment(es, next->es); |
334 | + |
335 | + savesegment(ds, prev->ds); |
336 | + if (unlikely(next->ds | prev->ds)) |
337 | + loadsegment(ds, next->ds); |
338 | + |
339 | /* |
340 | * Switch FS and GS. |
341 | * |
342 | - * Segment register != 0 always requires a reload. Also |
343 | - * reload when it has changed. When prev process used 64bit |
344 | - * base always reload to avoid an information leak. |
345 | + * These are even more complicated than FS and GS: they have |
346 | + * 64-bit bases are that controlled by arch_prctl. Those bases |
347 | + * only differ from the values in the GDT or LDT if the selector |
348 | + * is 0. |
349 | + * |
350 | + * Loading the segment register resets the hidden base part of |
351 | + * the register to 0 or the value from the GDT / LDT. If the |
352 | + * next base address zero, writing 0 to the segment register is |
353 | + * much faster than using wrmsr to explicitly zero the base. |
354 | + * |
355 | + * The thread_struct.fs and thread_struct.gs values are 0 |
356 | + * if the fs and gs bases respectively are not overridden |
357 | + * from the values implied by fsindex and gsindex. They |
358 | + * are nonzero, and store the nonzero base addresses, if |
359 | + * the bases are overridden. |
360 | + * |
361 | + * (fs != 0 && fsindex != 0) || (gs != 0 && gsindex != 0) should |
362 | + * be impossible. |
363 | + * |
364 | + * Therefore we need to reload the segment registers if either |
365 | + * the old or new selector is nonzero, and we need to override |
366 | + * the base address if next thread expects it to be overridden. |
367 | + * |
368 | + * This code is unnecessarily slow in the case where the old and |
369 | + * new indexes are zero and the new base is nonzero -- it will |
370 | + * unnecessarily write 0 to the selector before writing the new |
371 | + * base address. |
372 | + * |
373 | + * Note: This all depends on arch_prctl being the only way that |
374 | + * user code can override the segment base. Once wrfsbase and |
375 | + * wrgsbase are enabled, most of this code will need to change. |
376 | */ |
377 | if (unlikely(fsindex | next->fsindex | prev->fs)) { |
378 | loadsegment(fs, next->fsindex); |
379 | + |
380 | /* |
381 | - * Check if the user used a selector != 0; if yes |
382 | - * clear 64bit base, since overloaded base is always |
383 | - * mapped to the Null selector |
384 | + * If user code wrote a nonzero value to FS, then it also |
385 | + * cleared the overridden base address. |
386 | + * |
387 | + * XXX: if user code wrote 0 to FS and cleared the base |
388 | + * address itself, we won't notice and we'll incorrectly |
389 | + * restore the prior base address next time we reschdule |
390 | + * the process. |
391 | */ |
392 | if (fsindex) |
393 | prev->fs = 0; |
394 | } |
395 | - /* when next process has a 64bit base use it */ |
396 | if (next->fs) |
397 | wrmsrl(MSR_FS_BASE, next->fs); |
398 | prev->fsindex = fsindex; |
399 | |
400 | if (unlikely(gsindex | next->gsindex | prev->gs)) { |
401 | load_gs_index(next->gsindex); |
402 | + |
403 | + /* This works (and fails) the same way as fsindex above. */ |
404 | if (gsindex) |
405 | prev->gs = 0; |
406 | } |
407 | diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c |
408 | index f7fec09e3e3a..4e942f31b1a7 100644 |
409 | --- a/arch/x86/kernel/tls.c |
410 | +++ b/arch/x86/kernel/tls.c |
411 | @@ -27,6 +27,37 @@ static int get_free_idx(void) |
412 | return -ESRCH; |
413 | } |
414 | |
415 | +static bool tls_desc_okay(const struct user_desc *info) |
416 | +{ |
417 | + if (LDT_empty(info)) |
418 | + return true; |
419 | + |
420 | + /* |
421 | + * espfix is required for 16-bit data segments, but espfix |
422 | + * only works for LDT segments. |
423 | + */ |
424 | + if (!info->seg_32bit) |
425 | + return false; |
426 | + |
427 | + /* Only allow data segments in the TLS array. */ |
428 | + if (info->contents > 1) |
429 | + return false; |
430 | + |
431 | + /* |
432 | + * Non-present segments with DPL 3 present an interesting attack |
433 | + * surface. The kernel should handle such segments correctly, |
434 | + * but TLS is very difficult to protect in a sandbox, so prevent |
435 | + * such segments from being created. |
436 | + * |
437 | + * If userspace needs to remove a TLS entry, it can still delete |
438 | + * it outright. |
439 | + */ |
440 | + if (info->seg_not_present) |
441 | + return false; |
442 | + |
443 | + return true; |
444 | +} |
445 | + |
446 | static void set_tls_desc(struct task_struct *p, int idx, |
447 | const struct user_desc *info, int n) |
448 | { |
449 | @@ -66,6 +97,9 @@ int do_set_thread_area(struct task_struct *p, int idx, |
450 | if (copy_from_user(&info, u_info, sizeof(info))) |
451 | return -EFAULT; |
452 | |
453 | + if (!tls_desc_okay(&info)) |
454 | + return -EINVAL; |
455 | + |
456 | if (idx == -1) |
457 | idx = info.entry_number; |
458 | |
459 | @@ -192,6 +226,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset, |
460 | { |
461 | struct user_desc infobuf[GDT_ENTRY_TLS_ENTRIES]; |
462 | const struct user_desc *info; |
463 | + int i; |
464 | |
465 | if (pos >= GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) || |
466 | (pos % sizeof(struct user_desc)) != 0 || |
467 | @@ -205,6 +240,10 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset, |
468 | else |
469 | info = infobuf; |
470 | |
471 | + for (i = 0; i < count / sizeof(struct user_desc); i++) |
472 | + if (!tls_desc_okay(info + i)) |
473 | + return -EINVAL; |
474 | + |
475 | set_tls_desc(target, |
476 | GDT_ENTRY_TLS_MIN + (pos / sizeof(struct user_desc)), |
477 | info, count / sizeof(struct user_desc)); |
478 | diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c |
479 | index de801f22128a..07ab8e9733c5 100644 |
480 | --- a/arch/x86/kernel/traps.c |
481 | +++ b/arch/x86/kernel/traps.c |
482 | @@ -387,7 +387,7 @@ NOKPROBE_SYMBOL(do_int3); |
483 | * for scheduling or signal handling. The actual stack switch is done in |
484 | * entry.S |
485 | */ |
486 | -asmlinkage __visible struct pt_regs *sync_regs(struct pt_regs *eregs) |
487 | +asmlinkage __visible notrace struct pt_regs *sync_regs(struct pt_regs *eregs) |
488 | { |
489 | struct pt_regs *regs = eregs; |
490 | /* Did already sync */ |
491 | @@ -413,7 +413,7 @@ struct bad_iret_stack { |
492 | struct pt_regs regs; |
493 | }; |
494 | |
495 | -asmlinkage __visible |
496 | +asmlinkage __visible notrace |
497 | struct bad_iret_stack *fixup_bad_iret(struct bad_iret_stack *s) |
498 | { |
499 | /* |
500 | @@ -436,6 +436,7 @@ struct bad_iret_stack *fixup_bad_iret(struct bad_iret_stack *s) |
501 | BUG_ON(!user_mode_vm(&new_stack->regs)); |
502 | return new_stack; |
503 | } |
504 | +NOKPROBE_SYMBOL(fixup_bad_iret); |
505 | #endif |
506 | |
507 | /* |
508 | diff --git a/crypto/af_alg.c b/crypto/af_alg.c |
509 | index 6a3ad8011585..1de4beeb25f8 100644 |
510 | --- a/crypto/af_alg.c |
511 | +++ b/crypto/af_alg.c |
512 | @@ -449,6 +449,9 @@ void af_alg_complete(struct crypto_async_request *req, int err) |
513 | { |
514 | struct af_alg_completion *completion = req->data; |
515 | |
516 | + if (err == -EINPROGRESS) |
517 | + return; |
518 | + |
519 | completion->err = err; |
520 | complete(&completion->completion); |
521 | } |
522 | diff --git a/drivers/gpu/drm/tegra/gem.c b/drivers/gpu/drm/tegra/gem.c |
523 | index ce023fa3e8ae..ab9a4539a446 100644 |
524 | --- a/drivers/gpu/drm/tegra/gem.c |
525 | +++ b/drivers/gpu/drm/tegra/gem.c |
526 | @@ -259,16 +259,12 @@ void tegra_bo_free_object(struct drm_gem_object *gem) |
527 | int tegra_bo_dumb_create(struct drm_file *file, struct drm_device *drm, |
528 | struct drm_mode_create_dumb *args) |
529 | { |
530 | - int min_pitch = DIV_ROUND_UP(args->width * args->bpp, 8); |
531 | + unsigned int min_pitch = DIV_ROUND_UP(args->width * args->bpp, 8); |
532 | struct tegra_drm *tegra = drm->dev_private; |
533 | struct tegra_bo *bo; |
534 | |
535 | - min_pitch = round_up(min_pitch, tegra->pitch_align); |
536 | - if (args->pitch < min_pitch) |
537 | - args->pitch = min_pitch; |
538 | - |
539 | - if (args->size < args->pitch * args->height) |
540 | - args->size = args->pitch * args->height; |
541 | + args->pitch = round_up(min_pitch, tegra->pitch_align); |
542 | + args->size = args->pitch * args->height; |
543 | |
544 | bo = tegra_bo_create_with_handle(file, drm, args->size, 0, |
545 | &args->handle); |
546 | diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c |
547 | index 67f8b31e2054..da3604e73e8a 100644 |
548 | --- a/drivers/md/bitmap.c |
549 | +++ b/drivers/md/bitmap.c |
550 | @@ -879,7 +879,6 @@ void bitmap_unplug(struct bitmap *bitmap) |
551 | { |
552 | unsigned long i; |
553 | int dirty, need_write; |
554 | - int wait = 0; |
555 | |
556 | if (!bitmap || !bitmap->storage.filemap || |
557 | test_bit(BITMAP_STALE, &bitmap->flags)) |
558 | @@ -897,16 +896,13 @@ void bitmap_unplug(struct bitmap *bitmap) |
559 | clear_page_attr(bitmap, i, BITMAP_PAGE_PENDING); |
560 | write_page(bitmap, bitmap->storage.filemap[i], 0); |
561 | } |
562 | - if (dirty) |
563 | - wait = 1; |
564 | - } |
565 | - if (wait) { /* if any writes were performed, we need to wait on them */ |
566 | - if (bitmap->storage.file) |
567 | - wait_event(bitmap->write_wait, |
568 | - atomic_read(&bitmap->pending_writes)==0); |
569 | - else |
570 | - md_super_wait(bitmap->mddev); |
571 | } |
572 | + if (bitmap->storage.file) |
573 | + wait_event(bitmap->write_wait, |
574 | + atomic_read(&bitmap->pending_writes)==0); |
575 | + else |
576 | + md_super_wait(bitmap->mddev); |
577 | + |
578 | if (test_bit(BITMAP_WRITE_ERROR, &bitmap->flags)) |
579 | bitmap_file_kick(bitmap); |
580 | } |
581 | diff --git a/drivers/md/dm-bufio.c b/drivers/md/dm-bufio.c |
582 | index 0be200b6dbf2..b1dc0717a19c 100644 |
583 | --- a/drivers/md/dm-bufio.c |
584 | +++ b/drivers/md/dm-bufio.c |
585 | @@ -532,6 +532,19 @@ static void use_dmio(struct dm_buffer *b, int rw, sector_t block, |
586 | end_io(&b->bio, r); |
587 | } |
588 | |
589 | +static void inline_endio(struct bio *bio, int error) |
590 | +{ |
591 | + bio_end_io_t *end_fn = bio->bi_private; |
592 | + |
593 | + /* |
594 | + * Reset the bio to free any attached resources |
595 | + * (e.g. bio integrity profiles). |
596 | + */ |
597 | + bio_reset(bio); |
598 | + |
599 | + end_fn(bio, error); |
600 | +} |
601 | + |
602 | static void use_inline_bio(struct dm_buffer *b, int rw, sector_t block, |
603 | bio_end_io_t *end_io) |
604 | { |
605 | @@ -543,7 +556,12 @@ static void use_inline_bio(struct dm_buffer *b, int rw, sector_t block, |
606 | b->bio.bi_max_vecs = DM_BUFIO_INLINE_VECS; |
607 | b->bio.bi_iter.bi_sector = block << b->c->sectors_per_block_bits; |
608 | b->bio.bi_bdev = b->c->bdev; |
609 | - b->bio.bi_end_io = end_io; |
610 | + b->bio.bi_end_io = inline_endio; |
611 | + /* |
612 | + * Use of .bi_private isn't a problem here because |
613 | + * the dm_buffer's inline bio is local to bufio. |
614 | + */ |
615 | + b->bio.bi_private = end_io; |
616 | |
617 | /* |
618 | * We assume that if len >= PAGE_SIZE ptr is page-aligned. |
619 | diff --git a/drivers/md/dm-cache-target.c b/drivers/md/dm-cache-target.c |
620 | index 7130505c2425..da496cfb458d 100644 |
621 | --- a/drivers/md/dm-cache-target.c |
622 | +++ b/drivers/md/dm-cache-target.c |
623 | @@ -951,10 +951,14 @@ static void migration_success_post_commit(struct dm_cache_migration *mg) |
624 | } |
625 | |
626 | } else { |
627 | - clear_dirty(cache, mg->new_oblock, mg->cblock); |
628 | - if (mg->requeue_holder) |
629 | + if (mg->requeue_holder) { |
630 | + clear_dirty(cache, mg->new_oblock, mg->cblock); |
631 | cell_defer(cache, mg->new_ocell, true); |
632 | - else { |
633 | + } else { |
634 | + /* |
635 | + * The block was promoted via an overwrite, so it's dirty. |
636 | + */ |
637 | + set_dirty(cache, mg->new_oblock, mg->cblock); |
638 | bio_endio(mg->new_ocell->holder, 0); |
639 | cell_defer(cache, mg->new_ocell, false); |
640 | } |
641 | @@ -1070,7 +1074,8 @@ static void issue_copy(struct dm_cache_migration *mg) |
642 | |
643 | avoid = is_discarded_oblock(cache, mg->new_oblock); |
644 | |
645 | - if (!avoid && bio_writes_complete_block(cache, bio)) { |
646 | + if (writeback_mode(&cache->features) && |
647 | + !avoid && bio_writes_complete_block(cache, bio)) { |
648 | issue_overwrite(mg, bio); |
649 | return; |
650 | } |
651 | @@ -2549,11 +2554,11 @@ static int __cache_map(struct cache *cache, struct bio *bio, struct dm_bio_priso |
652 | static int cache_map(struct dm_target *ti, struct bio *bio) |
653 | { |
654 | int r; |
655 | - struct dm_bio_prison_cell *cell; |
656 | + struct dm_bio_prison_cell *cell = NULL; |
657 | struct cache *cache = ti->private; |
658 | |
659 | r = __cache_map(cache, bio, &cell); |
660 | - if (r == DM_MAPIO_REMAPPED) { |
661 | + if (r == DM_MAPIO_REMAPPED && cell) { |
662 | inc_ds(cache, bio, cell); |
663 | cell_defer(cache, cell, false); |
664 | } |
665 | diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c |
666 | index cd15e0801228..ce11a90a33c3 100644 |
667 | --- a/drivers/md/dm-crypt.c |
668 | +++ b/drivers/md/dm-crypt.c |
669 | @@ -711,7 +711,7 @@ static int crypt_iv_tcw_whitening(struct crypt_config *cc, |
670 | for (i = 0; i < ((1 << SECTOR_SHIFT) / 8); i++) |
671 | crypto_xor(data + i * 8, buf, 8); |
672 | out: |
673 | - memset(buf, 0, sizeof(buf)); |
674 | + memzero_explicit(buf, sizeof(buf)); |
675 | return r; |
676 | } |
677 | |
678 | diff --git a/drivers/md/dm-thin.c b/drivers/md/dm-thin.c |
679 | index 0f86d802b533..aae19133cfac 100644 |
680 | --- a/drivers/md/dm-thin.c |
681 | +++ b/drivers/md/dm-thin.c |
682 | @@ -990,6 +990,24 @@ static void schedule_external_copy(struct thin_c *tc, dm_block_t virt_block, |
683 | schedule_zero(tc, virt_block, data_dest, cell, bio); |
684 | } |
685 | |
686 | +static void set_pool_mode(struct pool *pool, enum pool_mode new_mode); |
687 | + |
688 | +static void check_for_space(struct pool *pool) |
689 | +{ |
690 | + int r; |
691 | + dm_block_t nr_free; |
692 | + |
693 | + if (get_pool_mode(pool) != PM_OUT_OF_DATA_SPACE) |
694 | + return; |
695 | + |
696 | + r = dm_pool_get_free_block_count(pool->pmd, &nr_free); |
697 | + if (r) |
698 | + return; |
699 | + |
700 | + if (nr_free) |
701 | + set_pool_mode(pool, PM_WRITE); |
702 | +} |
703 | + |
704 | /* |
705 | * A non-zero return indicates read_only or fail_io mode. |
706 | * Many callers don't care about the return value. |
707 | @@ -1004,6 +1022,8 @@ static int commit(struct pool *pool) |
708 | r = dm_pool_commit_metadata(pool->pmd); |
709 | if (r) |
710 | metadata_operation_failed(pool, "dm_pool_commit_metadata", r); |
711 | + else |
712 | + check_for_space(pool); |
713 | |
714 | return r; |
715 | } |
716 | @@ -1022,8 +1042,6 @@ static void check_low_water_mark(struct pool *pool, dm_block_t free_blocks) |
717 | } |
718 | } |
719 | |
720 | -static void set_pool_mode(struct pool *pool, enum pool_mode new_mode); |
721 | - |
722 | static int alloc_data_block(struct thin_c *tc, dm_block_t *result) |
723 | { |
724 | int r; |
725 | @@ -1824,7 +1842,7 @@ static void set_pool_mode(struct pool *pool, enum pool_mode new_mode) |
726 | pool->process_bio = process_bio_read_only; |
727 | pool->process_discard = process_discard; |
728 | pool->process_prepared_mapping = process_prepared_mapping; |
729 | - pool->process_prepared_discard = process_prepared_discard_passdown; |
730 | + pool->process_prepared_discard = process_prepared_discard; |
731 | |
732 | if (!pool->pf.error_if_no_space && no_space_timeout) |
733 | queue_delayed_work(pool->wq, &pool->no_space_timeout, no_space_timeout); |
734 | @@ -3248,14 +3266,14 @@ static void thin_dtr(struct dm_target *ti) |
735 | struct thin_c *tc = ti->private; |
736 | unsigned long flags; |
737 | |
738 | - thin_put(tc); |
739 | - wait_for_completion(&tc->can_destroy); |
740 | - |
741 | spin_lock_irqsave(&tc->pool->lock, flags); |
742 | list_del_rcu(&tc->list); |
743 | spin_unlock_irqrestore(&tc->pool->lock, flags); |
744 | synchronize_rcu(); |
745 | |
746 | + thin_put(tc); |
747 | + wait_for_completion(&tc->can_destroy); |
748 | + |
749 | mutex_lock(&dm_thin_pool_table.mutex); |
750 | |
751 | __pool_dec(tc->pool); |
752 | diff --git a/drivers/md/persistent-data/dm-space-map-metadata.c b/drivers/md/persistent-data/dm-space-map-metadata.c |
753 | index 786b689bdfc7..f4e22bcc7fb8 100644 |
754 | --- a/drivers/md/persistent-data/dm-space-map-metadata.c |
755 | +++ b/drivers/md/persistent-data/dm-space-map-metadata.c |
756 | @@ -564,7 +564,9 @@ static int sm_bootstrap_get_nr_blocks(struct dm_space_map *sm, dm_block_t *count |
757 | { |
758 | struct sm_metadata *smm = container_of(sm, struct sm_metadata, sm); |
759 | |
760 | - return smm->ll.nr_blocks; |
761 | + *count = smm->ll.nr_blocks; |
762 | + |
763 | + return 0; |
764 | } |
765 | |
766 | static int sm_bootstrap_get_nr_free(struct dm_space_map *sm, dm_block_t *count) |
767 | diff --git a/drivers/mfd/tc6393xb.c b/drivers/mfd/tc6393xb.c |
768 | index 11c19e538551..48579e5ef02c 100644 |
769 | --- a/drivers/mfd/tc6393xb.c |
770 | +++ b/drivers/mfd/tc6393xb.c |
771 | @@ -263,6 +263,17 @@ static int tc6393xb_ohci_disable(struct platform_device *dev) |
772 | return 0; |
773 | } |
774 | |
775 | +static int tc6393xb_ohci_suspend(struct platform_device *dev) |
776 | +{ |
777 | + struct tc6393xb_platform_data *tcpd = dev_get_platdata(dev->dev.parent); |
778 | + |
779 | + /* We can't properly store/restore OHCI state, so fail here */ |
780 | + if (tcpd->resume_restore) |
781 | + return -EBUSY; |
782 | + |
783 | + return tc6393xb_ohci_disable(dev); |
784 | +} |
785 | + |
786 | static int tc6393xb_fb_enable(struct platform_device *dev) |
787 | { |
788 | struct tc6393xb *tc6393xb = dev_get_drvdata(dev->dev.parent); |
789 | @@ -403,7 +414,7 @@ static struct mfd_cell tc6393xb_cells[] = { |
790 | .num_resources = ARRAY_SIZE(tc6393xb_ohci_resources), |
791 | .resources = tc6393xb_ohci_resources, |
792 | .enable = tc6393xb_ohci_enable, |
793 | - .suspend = tc6393xb_ohci_disable, |
794 | + .suspend = tc6393xb_ohci_suspend, |
795 | .resume = tc6393xb_ohci_enable, |
796 | .disable = tc6393xb_ohci_disable, |
797 | }, |
798 | diff --git a/drivers/mfd/twl4030-power.c b/drivers/mfd/twl4030-power.c |
799 | index 542f1a8247f5..33a35fbd48c9 100644 |
800 | --- a/drivers/mfd/twl4030-power.c |
801 | +++ b/drivers/mfd/twl4030-power.c |
802 | @@ -828,6 +828,9 @@ static struct twl4030_power_data osc_off_idle = { |
803 | |
804 | static struct of_device_id twl4030_power_of_match[] = { |
805 | { |
806 | + .compatible = "ti,twl4030-power", |
807 | + }, |
808 | + { |
809 | .compatible = "ti,twl4030-power-reset", |
810 | .data = &omap3_reset, |
811 | }, |
812 | diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c |
813 | index ede41f05c392..dad364b09952 100644 |
814 | --- a/drivers/mmc/card/block.c |
815 | +++ b/drivers/mmc/card/block.c |
816 | @@ -260,7 +260,7 @@ static ssize_t force_ro_show(struct device *dev, struct device_attribute *attr, |
817 | int ret; |
818 | struct mmc_blk_data *md = mmc_blk_get(dev_to_disk(dev)); |
819 | |
820 | - ret = snprintf(buf, PAGE_SIZE, "%d", |
821 | + ret = snprintf(buf, PAGE_SIZE, "%d\n", |
822 | get_disk_ro(dev_to_disk(dev)) ^ |
823 | md->read_only); |
824 | mmc_blk_put(md); |
825 | diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c |
826 | index 8f216edbdf08..fd0b3fc56244 100644 |
827 | --- a/drivers/mmc/host/dw_mmc.c |
828 | +++ b/drivers/mmc/host/dw_mmc.c |
829 | @@ -624,6 +624,13 @@ static void dw_mci_ctrl_rd_thld(struct dw_mci *host, struct mmc_data *data) |
830 | |
831 | WARN_ON(!(data->flags & MMC_DATA_READ)); |
832 | |
833 | + /* |
834 | + * CDTHRCTL doesn't exist prior to 240A (in fact that register offset is |
835 | + * in the FIFO region, so we really shouldn't access it). |
836 | + */ |
837 | + if (host->verid < DW_MMC_240A) |
838 | + return; |
839 | + |
840 | if (host->timing != MMC_TIMING_MMC_HS200 && |
841 | host->timing != MMC_TIMING_UHS_SDR104) |
842 | goto disable; |
843 | diff --git a/drivers/mmc/host/omap_hsmmc.c b/drivers/mmc/host/omap_hsmmc.c |
844 | index 965672663ef0..c20ad02f8729 100644 |
845 | --- a/drivers/mmc/host/omap_hsmmc.c |
846 | +++ b/drivers/mmc/host/omap_hsmmc.c |
847 | @@ -609,6 +609,7 @@ static void omap_hsmmc_set_clock(struct omap_hsmmc_host *host) |
848 | */ |
849 | if ((mmc_slot(host).features & HSMMC_HAS_HSPE_SUPPORT) && |
850 | (ios->timing != MMC_TIMING_MMC_DDR52) && |
851 | + (ios->timing != MMC_TIMING_UHS_DDR50) && |
852 | ((OMAP_HSMMC_READ(host->base, CAPA) & HSS) == HSS)) { |
853 | regval = OMAP_HSMMC_READ(host->base, HCTL); |
854 | if (clkdiv && (clk_get_rate(host->fclk)/clkdiv) > 25000000) |
855 | @@ -628,7 +629,8 @@ static void omap_hsmmc_set_bus_width(struct omap_hsmmc_host *host) |
856 | u32 con; |
857 | |
858 | con = OMAP_HSMMC_READ(host->base, CON); |
859 | - if (ios->timing == MMC_TIMING_MMC_DDR52) |
860 | + if (ios->timing == MMC_TIMING_MMC_DDR52 || |
861 | + ios->timing == MMC_TIMING_UHS_DDR50) |
862 | con |= DDR; /* configure in DDR mode */ |
863 | else |
864 | con &= ~DDR; |
865 | diff --git a/drivers/mmc/host/sdhci-pci-o2micro.c b/drivers/mmc/host/sdhci-pci-o2micro.c |
866 | index 5670e381b0cf..e2ec108dba0e 100644 |
867 | --- a/drivers/mmc/host/sdhci-pci-o2micro.c |
868 | +++ b/drivers/mmc/host/sdhci-pci-o2micro.c |
869 | @@ -127,8 +127,6 @@ void sdhci_pci_o2_fujin2_pci_init(struct sdhci_pci_chip *chip) |
870 | return; |
871 | scratch_32 &= ~((1 << 21) | (1 << 30)); |
872 | |
873 | - /* Set RTD3 function disabled */ |
874 | - scratch_32 |= ((1 << 29) | (1 << 28)); |
875 | pci_write_config_dword(chip->pdev, O2_SD_FUNC_REG3, scratch_32); |
876 | |
877 | /* Set L1 Entrance Timer */ |
878 | diff --git a/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c b/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c |
879 | index 8f8b9373de95..9d61ee914c48 100644 |
880 | --- a/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c |
881 | +++ b/drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c |
882 | @@ -1282,6 +1282,7 @@ int brcmf_proto_msgbuf_attach(struct brcmf_pub *drvr) |
883 | } |
884 | INIT_WORK(&msgbuf->txflow_work, brcmf_msgbuf_txflow_worker); |
885 | count = BITS_TO_LONGS(if_msgbuf->nrof_flowrings); |
886 | + count = count * sizeof(unsigned long); |
887 | msgbuf->flow_map = kzalloc(count, GFP_ATOMIC); |
888 | if (!msgbuf->flow_map) |
889 | goto fail; |
890 | diff --git a/drivers/regulator/anatop-regulator.c b/drivers/regulator/anatop-regulator.c |
891 | index 4f730af70e7c..30e8d7ad5813 100644 |
892 | --- a/drivers/regulator/anatop-regulator.c |
893 | +++ b/drivers/regulator/anatop-regulator.c |
894 | @@ -283,6 +283,14 @@ static int anatop_regulator_probe(struct platform_device *pdev) |
895 | sreg->sel = 0; |
896 | sreg->bypass = true; |
897 | } |
898 | + |
899 | + /* |
900 | + * In case vddpu was disabled by the bootloader, we need to set |
901 | + * a sane default until imx6-cpufreq was probed and changes the |
902 | + * voltage to the correct value. In this case we set 1.25V. |
903 | + */ |
904 | + if (!sreg->sel && !strcmp(sreg->name, "vddpu")) |
905 | + sreg->sel = 22; |
906 | } else { |
907 | rdesc->ops = &anatop_rops; |
908 | } |
909 | diff --git a/drivers/scsi/NCR5380.c b/drivers/scsi/NCR5380.c |
910 | index 45da3c823322..ab1c09eaa5b8 100644 |
911 | --- a/drivers/scsi/NCR5380.c |
912 | +++ b/drivers/scsi/NCR5380.c |
913 | @@ -2647,14 +2647,14 @@ static void NCR5380_dma_complete(NCR5380_instance * instance) { |
914 | * |
915 | * Purpose : abort a command |
916 | * |
917 | - * Inputs : cmd - the Scsi_Cmnd to abort, code - code to set the |
918 | - * host byte of the result field to, if zero DID_ABORTED is |
919 | + * Inputs : cmd - the Scsi_Cmnd to abort, code - code to set the |
920 | + * host byte of the result field to, if zero DID_ABORTED is |
921 | * used. |
922 | * |
923 | - * Returns : 0 - success, -1 on failure. |
924 | + * Returns : SUCCESS - success, FAILED on failure. |
925 | * |
926 | - * XXX - there is no way to abort the command that is currently |
927 | - * connected, you have to wait for it to complete. If this is |
928 | + * XXX - there is no way to abort the command that is currently |
929 | + * connected, you have to wait for it to complete. If this is |
930 | * a problem, we could implement longjmp() / setjmp(), setjmp() |
931 | * called where the loop started in NCR5380_main(). |
932 | * |
933 | @@ -2704,7 +2704,7 @@ static int NCR5380_abort(Scsi_Cmnd * cmd) { |
934 | * aborted flag and get back into our main loop. |
935 | */ |
936 | |
937 | - return 0; |
938 | + return SUCCESS; |
939 | } |
940 | #endif |
941 | |
942 | diff --git a/drivers/scsi/aha1740.c b/drivers/scsi/aha1740.c |
943 | index 5f3101797c93..31ace4bef8fe 100644 |
944 | --- a/drivers/scsi/aha1740.c |
945 | +++ b/drivers/scsi/aha1740.c |
946 | @@ -531,7 +531,7 @@ static int aha1740_eh_abort_handler (Scsi_Cmnd *dummy) |
947 | * quiet as possible... |
948 | */ |
949 | |
950 | - return 0; |
951 | + return SUCCESS; |
952 | } |
953 | |
954 | static struct scsi_host_template aha1740_template = { |
955 | diff --git a/drivers/scsi/atari_NCR5380.c b/drivers/scsi/atari_NCR5380.c |
956 | index 79e6f045c2a9..e3bbc0a0f9f1 100644 |
957 | --- a/drivers/scsi/atari_NCR5380.c |
958 | +++ b/drivers/scsi/atari_NCR5380.c |
959 | @@ -2607,7 +2607,7 @@ static void NCR5380_reselect(struct Scsi_Host *instance) |
960 | * host byte of the result field to, if zero DID_ABORTED is |
961 | * used. |
962 | * |
963 | - * Returns : 0 - success, -1 on failure. |
964 | + * Returns : SUCCESS - success, FAILED on failure. |
965 | * |
966 | * XXX - there is no way to abort the command that is currently |
967 | * connected, you have to wait for it to complete. If this is |
968 | diff --git a/drivers/scsi/esas2r/esas2r_main.c b/drivers/scsi/esas2r/esas2r_main.c |
969 | index 6504a195c874..45aa684f8b74 100644 |
970 | --- a/drivers/scsi/esas2r/esas2r_main.c |
971 | +++ b/drivers/scsi/esas2r/esas2r_main.c |
972 | @@ -1057,7 +1057,7 @@ int esas2r_eh_abort(struct scsi_cmnd *cmd) |
973 | |
974 | cmd->scsi_done(cmd); |
975 | |
976 | - return 0; |
977 | + return SUCCESS; |
978 | } |
979 | |
980 | spin_lock_irqsave(&a->queue_lock, flags); |
981 | diff --git a/drivers/scsi/megaraid.c b/drivers/scsi/megaraid.c |
982 | index ac5d94cfd52f..2485255f3414 100644 |
983 | --- a/drivers/scsi/megaraid.c |
984 | +++ b/drivers/scsi/megaraid.c |
985 | @@ -1945,7 +1945,7 @@ megaraid_abort_and_reset(adapter_t *adapter, Scsi_Cmnd *cmd, int aor) |
986 | cmd->device->id, (u32)cmd->device->lun); |
987 | |
988 | if(list_empty(&adapter->pending_list)) |
989 | - return FALSE; |
990 | + return FAILED; |
991 | |
992 | list_for_each_safe(pos, next, &adapter->pending_list) { |
993 | |
994 | @@ -1968,7 +1968,7 @@ megaraid_abort_and_reset(adapter_t *adapter, Scsi_Cmnd *cmd, int aor) |
995 | (aor==SCB_ABORT) ? "ABORTING":"RESET", |
996 | scb->idx); |
997 | |
998 | - return FALSE; |
999 | + return FAILED; |
1000 | } |
1001 | else { |
1002 | |
1003 | @@ -1993,12 +1993,12 @@ megaraid_abort_and_reset(adapter_t *adapter, Scsi_Cmnd *cmd, int aor) |
1004 | list_add_tail(SCSI_LIST(cmd), |
1005 | &adapter->completed_list); |
1006 | |
1007 | - return TRUE; |
1008 | + return SUCCESS; |
1009 | } |
1010 | } |
1011 | } |
1012 | |
1013 | - return FALSE; |
1014 | + return FAILED; |
1015 | } |
1016 | |
1017 | static inline int |
1018 | diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c |
1019 | index 22a04e37b70a..373ebd3f1e3c 100644 |
1020 | --- a/drivers/scsi/megaraid/megaraid_sas_base.c |
1021 | +++ b/drivers/scsi/megaraid/megaraid_sas_base.c |
1022 | @@ -980,7 +980,7 @@ megasas_issue_blocked_abort_cmd(struct megasas_instance *instance, |
1023 | cpu_to_le32(upper_32_bits(cmd_to_abort->frame_phys_addr)); |
1024 | |
1025 | cmd->sync_cmd = 1; |
1026 | - cmd->cmd_status = 0xFF; |
1027 | + cmd->cmd_status = ENODATA; |
1028 | |
1029 | instance->instancet->issue_dcmd(instance, cmd); |
1030 | |
1031 | diff --git a/drivers/scsi/sun3_NCR5380.c b/drivers/scsi/sun3_NCR5380.c |
1032 | index 1a2367a1b1f2..6d248a299bc4 100644 |
1033 | --- a/drivers/scsi/sun3_NCR5380.c |
1034 | +++ b/drivers/scsi/sun3_NCR5380.c |
1035 | @@ -2590,15 +2590,15 @@ static void NCR5380_reselect (struct Scsi_Host *instance) |
1036 | * Purpose : abort a command |
1037 | * |
1038 | * Inputs : cmd - the struct scsi_cmnd to abort, code - code to set the |
1039 | - * host byte of the result field to, if zero DID_ABORTED is |
1040 | + * host byte of the result field to, if zero DID_ABORTED is |
1041 | * used. |
1042 | * |
1043 | - * Returns : 0 - success, -1 on failure. |
1044 | + * Returns : SUCCESS - success, FAILED on failure. |
1045 | * |
1046 | - * XXX - there is no way to abort the command that is currently |
1047 | - * connected, you have to wait for it to complete. If this is |
1048 | + * XXX - there is no way to abort the command that is currently |
1049 | + * connected, you have to wait for it to complete. If this is |
1050 | * a problem, we could implement longjmp() / setjmp(), setjmp() |
1051 | - * called where the loop started in NCR5380_main(). |
1052 | + * called where the loop started in NCR5380_main(). |
1053 | */ |
1054 | |
1055 | static int NCR5380_abort(struct scsi_cmnd *cmd) |
1056 | diff --git a/drivers/thermal/thermal_core.c b/drivers/thermal/thermal_core.c |
1057 | index 71b0ec0c370d..284733e1fb6f 100644 |
1058 | --- a/drivers/thermal/thermal_core.c |
1059 | +++ b/drivers/thermal/thermal_core.c |
1060 | @@ -1824,10 +1824,10 @@ static int __init thermal_init(void) |
1061 | |
1062 | exit_netlink: |
1063 | genetlink_exit(); |
1064 | -unregister_governors: |
1065 | - thermal_unregister_governors(); |
1066 | unregister_class: |
1067 | class_unregister(&thermal_class); |
1068 | +unregister_governors: |
1069 | + thermal_unregister_governors(); |
1070 | error: |
1071 | idr_destroy(&thermal_tz_idr); |
1072 | idr_destroy(&thermal_cdev_idr); |
1073 | diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c |
1074 | index a1d36e62179c..040dab90a1fe 100644 |
1075 | --- a/fs/btrfs/disk-io.c |
1076 | +++ b/fs/btrfs/disk-io.c |
1077 | @@ -4043,12 +4043,6 @@ again: |
1078 | if (ret) |
1079 | break; |
1080 | |
1081 | - /* opt_discard */ |
1082 | - if (btrfs_test_opt(root, DISCARD)) |
1083 | - ret = btrfs_error_discard_extent(root, start, |
1084 | - end + 1 - start, |
1085 | - NULL); |
1086 | - |
1087 | clear_extent_dirty(unpin, start, end, GFP_NOFS); |
1088 | btrfs_error_unpin_extent_range(root, start, end); |
1089 | cond_resched(); |
1090 | @@ -4066,6 +4060,25 @@ again: |
1091 | return 0; |
1092 | } |
1093 | |
1094 | +static void btrfs_free_pending_ordered(struct btrfs_transaction *cur_trans, |
1095 | + struct btrfs_fs_info *fs_info) |
1096 | +{ |
1097 | + struct btrfs_ordered_extent *ordered; |
1098 | + |
1099 | + spin_lock(&fs_info->trans_lock); |
1100 | + while (!list_empty(&cur_trans->pending_ordered)) { |
1101 | + ordered = list_first_entry(&cur_trans->pending_ordered, |
1102 | + struct btrfs_ordered_extent, |
1103 | + trans_list); |
1104 | + list_del_init(&ordered->trans_list); |
1105 | + spin_unlock(&fs_info->trans_lock); |
1106 | + |
1107 | + btrfs_put_ordered_extent(ordered); |
1108 | + spin_lock(&fs_info->trans_lock); |
1109 | + } |
1110 | + spin_unlock(&fs_info->trans_lock); |
1111 | +} |
1112 | + |
1113 | void btrfs_cleanup_one_transaction(struct btrfs_transaction *cur_trans, |
1114 | struct btrfs_root *root) |
1115 | { |
1116 | @@ -4077,6 +4090,7 @@ void btrfs_cleanup_one_transaction(struct btrfs_transaction *cur_trans, |
1117 | cur_trans->state = TRANS_STATE_UNBLOCKED; |
1118 | wake_up(&root->fs_info->transaction_wait); |
1119 | |
1120 | + btrfs_free_pending_ordered(cur_trans, root->fs_info); |
1121 | btrfs_destroy_delayed_inodes(root); |
1122 | btrfs_assert_delayed_root_empty(root); |
1123 | |
1124 | diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c |
1125 | index 98042c1a48b4..96c3bffa30fc 100644 |
1126 | --- a/fs/btrfs/extent-tree.c |
1127 | +++ b/fs/btrfs/extent-tree.c |
1128 | @@ -4343,11 +4343,21 @@ static inline int need_do_async_reclaim(struct btrfs_space_info *space_info, |
1129 | } |
1130 | |
1131 | static int btrfs_need_do_async_reclaim(struct btrfs_space_info *space_info, |
1132 | - struct btrfs_fs_info *fs_info) |
1133 | + struct btrfs_fs_info *fs_info, |
1134 | + int flush_state) |
1135 | { |
1136 | u64 used; |
1137 | |
1138 | spin_lock(&space_info->lock); |
1139 | + /* |
1140 | + * We run out of space and have not got any free space via flush_space, |
1141 | + * so don't bother doing async reclaim. |
1142 | + */ |
1143 | + if (flush_state > COMMIT_TRANS && space_info->full) { |
1144 | + spin_unlock(&space_info->lock); |
1145 | + return 0; |
1146 | + } |
1147 | + |
1148 | used = space_info->bytes_used + space_info->bytes_reserved + |
1149 | space_info->bytes_pinned + space_info->bytes_readonly + |
1150 | space_info->bytes_may_use; |
1151 | @@ -4380,11 +4390,12 @@ static void btrfs_async_reclaim_metadata_space(struct work_struct *work) |
1152 | flush_space(fs_info->fs_root, space_info, to_reclaim, |
1153 | to_reclaim, flush_state); |
1154 | flush_state++; |
1155 | - if (!btrfs_need_do_async_reclaim(space_info, fs_info)) |
1156 | + if (!btrfs_need_do_async_reclaim(space_info, fs_info, |
1157 | + flush_state)) |
1158 | return; |
1159 | } while (flush_state <= COMMIT_TRANS); |
1160 | |
1161 | - if (btrfs_need_do_async_reclaim(space_info, fs_info)) |
1162 | + if (btrfs_need_do_async_reclaim(space_info, fs_info, flush_state)) |
1163 | queue_work(system_unbound_wq, work); |
1164 | } |
1165 | |
1166 | @@ -5704,7 +5715,8 @@ void btrfs_prepare_extent_commit(struct btrfs_trans_handle *trans, |
1167 | update_global_block_rsv(fs_info); |
1168 | } |
1169 | |
1170 | -static int unpin_extent_range(struct btrfs_root *root, u64 start, u64 end) |
1171 | +static int unpin_extent_range(struct btrfs_root *root, u64 start, u64 end, |
1172 | + const bool return_free_space) |
1173 | { |
1174 | struct btrfs_fs_info *fs_info = root->fs_info; |
1175 | struct btrfs_block_group_cache *cache = NULL; |
1176 | @@ -5728,7 +5740,8 @@ static int unpin_extent_range(struct btrfs_root *root, u64 start, u64 end) |
1177 | |
1178 | if (start < cache->last_byte_to_unpin) { |
1179 | len = min(len, cache->last_byte_to_unpin - start); |
1180 | - btrfs_add_free_space(cache, start, len); |
1181 | + if (return_free_space) |
1182 | + btrfs_add_free_space(cache, start, len); |
1183 | } |
1184 | |
1185 | start += len; |
1186 | @@ -5792,7 +5805,7 @@ int btrfs_finish_extent_commit(struct btrfs_trans_handle *trans, |
1187 | end + 1 - start, NULL); |
1188 | |
1189 | clear_extent_dirty(unpin, start, end, GFP_NOFS); |
1190 | - unpin_extent_range(root, start, end); |
1191 | + unpin_extent_range(root, start, end, true); |
1192 | cond_resched(); |
1193 | } |
1194 | |
1195 | @@ -9476,7 +9489,7 @@ out: |
1196 | |
1197 | int btrfs_error_unpin_extent_range(struct btrfs_root *root, u64 start, u64 end) |
1198 | { |
1199 | - return unpin_extent_range(root, start, end); |
1200 | + return unpin_extent_range(root, start, end, false); |
1201 | } |
1202 | |
1203 | int btrfs_error_discard_extent(struct btrfs_root *root, u64 bytenr, |
1204 | diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c |
1205 | index 225302b39afb..6a98bddd8f33 100644 |
1206 | --- a/fs/btrfs/extent_map.c |
1207 | +++ b/fs/btrfs/extent_map.c |
1208 | @@ -287,8 +287,6 @@ int unpin_extent_cache(struct extent_map_tree *tree, u64 start, u64 len, |
1209 | if (!em) |
1210 | goto out; |
1211 | |
1212 | - if (!test_bit(EXTENT_FLAG_LOGGING, &em->flags)) |
1213 | - list_move(&em->list, &tree->modified_extents); |
1214 | em->generation = gen; |
1215 | clear_bit(EXTENT_FLAG_PINNED, &em->flags); |
1216 | em->mod_start = em->start; |
1217 | diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c |
1218 | index ac734ec4cc20..269e21dd1506 100644 |
1219 | --- a/fs/btrfs/ordered-data.c |
1220 | +++ b/fs/btrfs/ordered-data.c |
1221 | @@ -220,6 +220,7 @@ static int __btrfs_add_ordered_extent(struct inode *inode, u64 file_offset, |
1222 | INIT_LIST_HEAD(&entry->work_list); |
1223 | init_completion(&entry->completion); |
1224 | INIT_LIST_HEAD(&entry->log_list); |
1225 | + INIT_LIST_HEAD(&entry->trans_list); |
1226 | |
1227 | trace_btrfs_ordered_extent_add(inode, entry); |
1228 | |
1229 | @@ -443,6 +444,8 @@ void btrfs_get_logged_extents(struct inode *inode, |
1230 | ordered = rb_entry(n, struct btrfs_ordered_extent, rb_node); |
1231 | if (!list_empty(&ordered->log_list)) |
1232 | continue; |
1233 | + if (test_bit(BTRFS_ORDERED_LOGGED, &ordered->flags)) |
1234 | + continue; |
1235 | list_add_tail(&ordered->log_list, logged_list); |
1236 | atomic_inc(&ordered->refs); |
1237 | } |
1238 | @@ -472,7 +475,8 @@ void btrfs_submit_logged_extents(struct list_head *logged_list, |
1239 | spin_unlock_irq(&log->log_extents_lock[index]); |
1240 | } |
1241 | |
1242 | -void btrfs_wait_logged_extents(struct btrfs_root *log, u64 transid) |
1243 | +void btrfs_wait_logged_extents(struct btrfs_trans_handle *trans, |
1244 | + struct btrfs_root *log, u64 transid) |
1245 | { |
1246 | struct btrfs_ordered_extent *ordered; |
1247 | int index = transid % 2; |
1248 | @@ -497,7 +501,8 @@ void btrfs_wait_logged_extents(struct btrfs_root *log, u64 transid) |
1249 | wait_event(ordered->wait, test_bit(BTRFS_ORDERED_IO_DONE, |
1250 | &ordered->flags)); |
1251 | |
1252 | - btrfs_put_ordered_extent(ordered); |
1253 | + if (!test_and_set_bit(BTRFS_ORDERED_LOGGED, &ordered->flags)) |
1254 | + list_add_tail(&ordered->trans_list, &trans->ordered); |
1255 | spin_lock_irq(&log->log_extents_lock[index]); |
1256 | } |
1257 | spin_unlock_irq(&log->log_extents_lock[index]); |
1258 | diff --git a/fs/btrfs/ordered-data.h b/fs/btrfs/ordered-data.h |
1259 | index d81a274d621e..0124bffc775f 100644 |
1260 | --- a/fs/btrfs/ordered-data.h |
1261 | +++ b/fs/btrfs/ordered-data.h |
1262 | @@ -71,6 +71,8 @@ struct btrfs_ordered_sum { |
1263 | ordered extent */ |
1264 | #define BTRFS_ORDERED_TRUNCATED 9 /* Set when we have to truncate an extent */ |
1265 | |
1266 | +#define BTRFS_ORDERED_LOGGED 10 /* Set when we've waited on this ordered extent |
1267 | + * in the logging code. */ |
1268 | struct btrfs_ordered_extent { |
1269 | /* logical offset in the file */ |
1270 | u64 file_offset; |
1271 | @@ -121,6 +123,9 @@ struct btrfs_ordered_extent { |
1272 | /* If we need to wait on this to be done */ |
1273 | struct list_head log_list; |
1274 | |
1275 | + /* If the transaction needs to wait on this ordered extent */ |
1276 | + struct list_head trans_list; |
1277 | + |
1278 | /* used to wait for the BTRFS_ORDERED_COMPLETE bit */ |
1279 | wait_queue_head_t wait; |
1280 | |
1281 | @@ -197,7 +202,8 @@ void btrfs_get_logged_extents(struct inode *inode, |
1282 | void btrfs_put_logged_extents(struct list_head *logged_list); |
1283 | void btrfs_submit_logged_extents(struct list_head *logged_list, |
1284 | struct btrfs_root *log); |
1285 | -void btrfs_wait_logged_extents(struct btrfs_root *log, u64 transid); |
1286 | +void btrfs_wait_logged_extents(struct btrfs_trans_handle *trans, |
1287 | + struct btrfs_root *log, u64 transid); |
1288 | void btrfs_free_logged_extents(struct btrfs_root *log, u64 transid); |
1289 | int __init ordered_data_init(void); |
1290 | void ordered_data_exit(void); |
1291 | diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c |
1292 | index c4124de4435b..6daa28c6a1dc 100644 |
1293 | --- a/fs/btrfs/super.c |
1294 | +++ b/fs/btrfs/super.c |
1295 | @@ -1731,7 +1731,7 @@ static int btrfs_statfs(struct dentry *dentry, struct kstatfs *buf) |
1296 | buf->f_bfree -= block_rsv->size >> bits; |
1297 | spin_unlock(&block_rsv->lock); |
1298 | |
1299 | - buf->f_bavail = total_free_data; |
1300 | + buf->f_bavail = div_u64(total_free_data, factor); |
1301 | ret = btrfs_calc_avail_data_space(fs_info->tree_root, &total_free_data); |
1302 | if (ret) { |
1303 | mutex_unlock(&fs_info->chunk_mutex); |
1304 | diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c |
1305 | index 98a25df1c430..6c4a9cdef79b 100644 |
1306 | --- a/fs/btrfs/transaction.c |
1307 | +++ b/fs/btrfs/transaction.c |
1308 | @@ -220,6 +220,7 @@ loop: |
1309 | INIT_LIST_HEAD(&cur_trans->pending_snapshots); |
1310 | INIT_LIST_HEAD(&cur_trans->pending_chunks); |
1311 | INIT_LIST_HEAD(&cur_trans->switch_commits); |
1312 | + INIT_LIST_HEAD(&cur_trans->pending_ordered); |
1313 | list_add_tail(&cur_trans->list, &fs_info->trans_list); |
1314 | extent_io_tree_init(&cur_trans->dirty_pages, |
1315 | fs_info->btree_inode->i_mapping); |
1316 | @@ -488,6 +489,7 @@ again: |
1317 | h->sync = false; |
1318 | INIT_LIST_HEAD(&h->qgroup_ref_list); |
1319 | INIT_LIST_HEAD(&h->new_bgs); |
1320 | + INIT_LIST_HEAD(&h->ordered); |
1321 | |
1322 | smp_mb(); |
1323 | if (cur_trans->state >= TRANS_STATE_BLOCKED && |
1324 | @@ -719,6 +721,12 @@ static int __btrfs_end_transaction(struct btrfs_trans_handle *trans, |
1325 | if (!list_empty(&trans->new_bgs)) |
1326 | btrfs_create_pending_block_groups(trans, root); |
1327 | |
1328 | + if (!list_empty(&trans->ordered)) { |
1329 | + spin_lock(&info->trans_lock); |
1330 | + list_splice(&trans->ordered, &cur_trans->pending_ordered); |
1331 | + spin_unlock(&info->trans_lock); |
1332 | + } |
1333 | + |
1334 | trans->delayed_ref_updates = 0; |
1335 | if (!trans->sync) { |
1336 | must_run_delayed_refs = |
1337 | @@ -1630,6 +1638,28 @@ static inline void btrfs_wait_delalloc_flush(struct btrfs_fs_info *fs_info) |
1338 | btrfs_wait_ordered_roots(fs_info, -1); |
1339 | } |
1340 | |
1341 | +static inline void |
1342 | +btrfs_wait_pending_ordered(struct btrfs_transaction *cur_trans, |
1343 | + struct btrfs_fs_info *fs_info) |
1344 | +{ |
1345 | + struct btrfs_ordered_extent *ordered; |
1346 | + |
1347 | + spin_lock(&fs_info->trans_lock); |
1348 | + while (!list_empty(&cur_trans->pending_ordered)) { |
1349 | + ordered = list_first_entry(&cur_trans->pending_ordered, |
1350 | + struct btrfs_ordered_extent, |
1351 | + trans_list); |
1352 | + list_del_init(&ordered->trans_list); |
1353 | + spin_unlock(&fs_info->trans_lock); |
1354 | + |
1355 | + wait_event(ordered->wait, test_bit(BTRFS_ORDERED_COMPLETE, |
1356 | + &ordered->flags)); |
1357 | + btrfs_put_ordered_extent(ordered); |
1358 | + spin_lock(&fs_info->trans_lock); |
1359 | + } |
1360 | + spin_unlock(&fs_info->trans_lock); |
1361 | +} |
1362 | + |
1363 | int btrfs_commit_transaction(struct btrfs_trans_handle *trans, |
1364 | struct btrfs_root *root) |
1365 | { |
1366 | @@ -1679,6 +1709,7 @@ int btrfs_commit_transaction(struct btrfs_trans_handle *trans, |
1367 | } |
1368 | |
1369 | spin_lock(&root->fs_info->trans_lock); |
1370 | + list_splice(&trans->ordered, &cur_trans->pending_ordered); |
1371 | if (cur_trans->state >= TRANS_STATE_COMMIT_START) { |
1372 | spin_unlock(&root->fs_info->trans_lock); |
1373 | atomic_inc(&cur_trans->use_count); |
1374 | @@ -1731,6 +1762,8 @@ int btrfs_commit_transaction(struct btrfs_trans_handle *trans, |
1375 | |
1376 | btrfs_wait_delalloc_flush(root->fs_info); |
1377 | |
1378 | + btrfs_wait_pending_ordered(cur_trans, root->fs_info); |
1379 | + |
1380 | btrfs_scrub_pause(root); |
1381 | /* |
1382 | * Ok now we need to make sure to block out any other joins while we |
1383 | diff --git a/fs/btrfs/transaction.h b/fs/btrfs/transaction.h |
1384 | index 579be51b27e5..25bd9abc60e6 100644 |
1385 | --- a/fs/btrfs/transaction.h |
1386 | +++ b/fs/btrfs/transaction.h |
1387 | @@ -56,6 +56,7 @@ struct btrfs_transaction { |
1388 | wait_queue_head_t commit_wait; |
1389 | struct list_head pending_snapshots; |
1390 | struct list_head pending_chunks; |
1391 | + struct list_head pending_ordered; |
1392 | struct list_head switch_commits; |
1393 | struct btrfs_delayed_ref_root delayed_refs; |
1394 | int aborted; |
1395 | @@ -105,6 +106,7 @@ struct btrfs_trans_handle { |
1396 | */ |
1397 | struct btrfs_root *root; |
1398 | struct seq_list delayed_ref_elem; |
1399 | + struct list_head ordered; |
1400 | struct list_head qgroup_ref_list; |
1401 | struct list_head new_bgs; |
1402 | }; |
1403 | diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c |
1404 | index 1d1ba083ca6e..86c39671d6ff 100644 |
1405 | --- a/fs/btrfs/tree-log.c |
1406 | +++ b/fs/btrfs/tree-log.c |
1407 | @@ -2598,9 +2598,9 @@ int btrfs_sync_log(struct btrfs_trans_handle *trans, |
1408 | if (atomic_read(&log_root_tree->log_commit[index2])) { |
1409 | blk_finish_plug(&plug); |
1410 | btrfs_wait_marked_extents(log, &log->dirty_log_pages, mark); |
1411 | + btrfs_wait_logged_extents(trans, log, log_transid); |
1412 | wait_log_commit(trans, log_root_tree, |
1413 | root_log_ctx.log_transid); |
1414 | - btrfs_free_logged_extents(log, log_transid); |
1415 | mutex_unlock(&log_root_tree->log_mutex); |
1416 | ret = root_log_ctx.log_ret; |
1417 | goto out; |
1418 | @@ -2643,7 +2643,7 @@ int btrfs_sync_log(struct btrfs_trans_handle *trans, |
1419 | btrfs_wait_marked_extents(log_root_tree, |
1420 | &log_root_tree->dirty_log_pages, |
1421 | EXTENT_NEW | EXTENT_DIRTY); |
1422 | - btrfs_wait_logged_extents(log, log_transid); |
1423 | + btrfs_wait_logged_extents(trans, log, log_transid); |
1424 | |
1425 | btrfs_set_super_log_root(root->fs_info->super_for_commit, |
1426 | log_root_tree->node->start); |
1427 | @@ -3618,7 +3618,7 @@ static int log_one_extent(struct btrfs_trans_handle *trans, |
1428 | fi = btrfs_item_ptr(leaf, path->slots[0], |
1429 | struct btrfs_file_extent_item); |
1430 | |
1431 | - btrfs_set_token_file_extent_generation(leaf, fi, em->generation, |
1432 | + btrfs_set_token_file_extent_generation(leaf, fi, trans->transid, |
1433 | &token); |
1434 | if (test_bit(EXTENT_FLAG_PREALLOC, &em->flags)) { |
1435 | skip_csum = true; |
1436 | diff --git a/fs/dcache.c b/fs/dcache.c |
1437 | index 34b40be8af11..47caaec45df2 100644 |
1438 | --- a/fs/dcache.c |
1439 | +++ b/fs/dcache.c |
1440 | @@ -2407,6 +2407,8 @@ static void switch_names(struct dentry *dentry, struct dentry *target, |
1441 | */ |
1442 | unsigned int i; |
1443 | BUILD_BUG_ON(!IS_ALIGNED(DNAME_INLINE_LEN, sizeof(long))); |
1444 | + kmemcheck_mark_initialized(dentry->d_iname, DNAME_INLINE_LEN); |
1445 | + kmemcheck_mark_initialized(target->d_iname, DNAME_INLINE_LEN); |
1446 | if (!exchange) { |
1447 | memcpy(dentry->d_iname, target->d_name.name, |
1448 | target->d_name.len + 1); |
1449 | diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c |
1450 | index 2f6735dbf1a9..31b148f3e772 100644 |
1451 | --- a/fs/ecryptfs/crypto.c |
1452 | +++ b/fs/ecryptfs/crypto.c |
1453 | @@ -1917,7 +1917,6 @@ ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size, |
1454 | break; |
1455 | case 2: |
1456 | dst[dst_byte_offset++] |= (src_byte); |
1457 | - dst[dst_byte_offset] = 0; |
1458 | current_bit_offset = 0; |
1459 | break; |
1460 | } |
1461 | diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c |
1462 | index db0fad3269c0..a06ad2f7ed80 100644 |
1463 | --- a/fs/ecryptfs/file.c |
1464 | +++ b/fs/ecryptfs/file.c |
1465 | @@ -190,23 +190,11 @@ static int ecryptfs_open(struct inode *inode, struct file *file) |
1466 | { |
1467 | int rc = 0; |
1468 | struct ecryptfs_crypt_stat *crypt_stat = NULL; |
1469 | - struct ecryptfs_mount_crypt_stat *mount_crypt_stat; |
1470 | struct dentry *ecryptfs_dentry = file->f_path.dentry; |
1471 | /* Private value of ecryptfs_dentry allocated in |
1472 | * ecryptfs_lookup() */ |
1473 | struct ecryptfs_file_info *file_info; |
1474 | |
1475 | - mount_crypt_stat = &ecryptfs_superblock_to_private( |
1476 | - ecryptfs_dentry->d_sb)->mount_crypt_stat; |
1477 | - if ((mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) |
1478 | - && ((file->f_flags & O_WRONLY) || (file->f_flags & O_RDWR) |
1479 | - || (file->f_flags & O_CREAT) || (file->f_flags & O_TRUNC) |
1480 | - || (file->f_flags & O_APPEND))) { |
1481 | - printk(KERN_WARNING "Mount has encrypted view enabled; " |
1482 | - "files may only be read\n"); |
1483 | - rc = -EPERM; |
1484 | - goto out; |
1485 | - } |
1486 | /* Released in ecryptfs_release or end of function if failure */ |
1487 | file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL); |
1488 | ecryptfs_set_file_private(file, file_info); |
1489 | diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c |
1490 | index 1b119d3bf924..34eb8433d93f 100644 |
1491 | --- a/fs/ecryptfs/main.c |
1492 | +++ b/fs/ecryptfs/main.c |
1493 | @@ -493,6 +493,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags |
1494 | { |
1495 | struct super_block *s; |
1496 | struct ecryptfs_sb_info *sbi; |
1497 | + struct ecryptfs_mount_crypt_stat *mount_crypt_stat; |
1498 | struct ecryptfs_dentry_info *root_info; |
1499 | const char *err = "Getting sb failed"; |
1500 | struct inode *inode; |
1501 | @@ -511,6 +512,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags |
1502 | err = "Error parsing options"; |
1503 | goto out; |
1504 | } |
1505 | + mount_crypt_stat = &sbi->mount_crypt_stat; |
1506 | |
1507 | s = sget(fs_type, NULL, set_anon_super, flags, NULL); |
1508 | if (IS_ERR(s)) { |
1509 | @@ -557,11 +559,19 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags |
1510 | |
1511 | /** |
1512 | * Set the POSIX ACL flag based on whether they're enabled in the lower |
1513 | - * mount. Force a read-only eCryptfs mount if the lower mount is ro. |
1514 | - * Allow a ro eCryptfs mount even when the lower mount is rw. |
1515 | + * mount. |
1516 | */ |
1517 | s->s_flags = flags & ~MS_POSIXACL; |
1518 | - s->s_flags |= path.dentry->d_sb->s_flags & (MS_RDONLY | MS_POSIXACL); |
1519 | + s->s_flags |= path.dentry->d_sb->s_flags & MS_POSIXACL; |
1520 | + |
1521 | + /** |
1522 | + * Force a read-only eCryptfs mount when: |
1523 | + * 1) The lower mount is ro |
1524 | + * 2) The ecryptfs_encrypted_view mount option is specified |
1525 | + */ |
1526 | + if (path.dentry->d_sb->s_flags & MS_RDONLY || |
1527 | + mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) |
1528 | + s->s_flags |= MS_RDONLY; |
1529 | |
1530 | s->s_maxbytes = path.dentry->d_sb->s_maxbytes; |
1531 | s->s_blocksize = path.dentry->d_sb->s_blocksize; |
1532 | diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c |
1533 | index 76de83e25a89..0da8365fa74e 100644 |
1534 | --- a/fs/f2fs/data.c |
1535 | +++ b/fs/f2fs/data.c |
1536 | @@ -1002,21 +1002,19 @@ inline_data: |
1537 | goto out; |
1538 | } |
1539 | |
1540 | - if (dn.data_blkaddr == NEW_ADDR) { |
1541 | + if (f2fs_has_inline_data(inode)) { |
1542 | + err = f2fs_read_inline_data(inode, page); |
1543 | + if (err) { |
1544 | + page_cache_release(page); |
1545 | + goto fail; |
1546 | + } |
1547 | + } else if (dn.data_blkaddr == NEW_ADDR) { |
1548 | zero_user_segment(page, 0, PAGE_CACHE_SIZE); |
1549 | } else { |
1550 | - if (f2fs_has_inline_data(inode)) { |
1551 | - err = f2fs_read_inline_data(inode, page); |
1552 | - if (err) { |
1553 | - page_cache_release(page); |
1554 | - goto fail; |
1555 | - } |
1556 | - } else { |
1557 | - err = f2fs_submit_page_bio(sbi, page, dn.data_blkaddr, |
1558 | - READ_SYNC); |
1559 | - if (err) |
1560 | - goto fail; |
1561 | - } |
1562 | + err = f2fs_submit_page_bio(sbi, page, dn.data_blkaddr, |
1563 | + READ_SYNC); |
1564 | + if (err) |
1565 | + goto fail; |
1566 | |
1567 | lock_page(page); |
1568 | if (unlikely(!PageUptodate(page))) { |
1569 | diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c |
1570 | index f488bbae541a..735d7522a3a9 100644 |
1571 | --- a/fs/isofs/rock.c |
1572 | +++ b/fs/isofs/rock.c |
1573 | @@ -30,6 +30,7 @@ struct rock_state { |
1574 | int cont_size; |
1575 | int cont_extent; |
1576 | int cont_offset; |
1577 | + int cont_loops; |
1578 | struct inode *inode; |
1579 | }; |
1580 | |
1581 | @@ -73,6 +74,9 @@ static void init_rock_state(struct rock_state *rs, struct inode *inode) |
1582 | rs->inode = inode; |
1583 | } |
1584 | |
1585 | +/* Maximum number of Rock Ridge continuation entries */ |
1586 | +#define RR_MAX_CE_ENTRIES 32 |
1587 | + |
1588 | /* |
1589 | * Returns 0 if the caller should continue scanning, 1 if the scan must end |
1590 | * and -ve on error. |
1591 | @@ -105,6 +109,8 @@ static int rock_continue(struct rock_state *rs) |
1592 | goto out; |
1593 | } |
1594 | ret = -EIO; |
1595 | + if (++rs->cont_loops >= RR_MAX_CE_ENTRIES) |
1596 | + goto out; |
1597 | bh = sb_bread(rs->inode->i_sb, rs->cont_extent); |
1598 | if (bh) { |
1599 | memcpy(rs->buffer, bh->b_data + rs->cont_offset, |
1600 | @@ -356,6 +362,9 @@ repeat: |
1601 | rs.cont_size = isonum_733(rr->u.CE.size); |
1602 | break; |
1603 | case SIG('E', 'R'): |
1604 | + /* Invalid length of ER tag id? */ |
1605 | + if (rr->u.ER.len_id + offsetof(struct rock_ridge, u.ER.data) > rr->len) |
1606 | + goto out; |
1607 | ISOFS_SB(inode->i_sb)->s_rock = 1; |
1608 | printk(KERN_DEBUG "ISO 9660 Extensions: "); |
1609 | { |
1610 | diff --git a/fs/namespace.c b/fs/namespace.c |
1611 | index 550dbff08677..37f4c501fbea 100644 |
1612 | --- a/fs/namespace.c |
1613 | +++ b/fs/namespace.c |
1614 | @@ -1286,6 +1286,8 @@ void umount_tree(struct mount *mnt, int how) |
1615 | } |
1616 | if (last) { |
1617 | last->mnt_hash.next = unmounted.first; |
1618 | + if (unmounted.first) |
1619 | + unmounted.first->pprev = &last->mnt_hash.next; |
1620 | unmounted.first = tmp_list.first; |
1621 | unmounted.first->pprev = &unmounted.first; |
1622 | } |
1623 | @@ -1430,6 +1432,9 @@ SYSCALL_DEFINE2(umount, char __user *, name, int, flags) |
1624 | goto dput_and_out; |
1625 | if (mnt->mnt.mnt_flags & MNT_LOCKED) |
1626 | goto dput_and_out; |
1627 | + retval = -EPERM; |
1628 | + if (flags & MNT_FORCE && !capable(CAP_SYS_ADMIN)) |
1629 | + goto dput_and_out; |
1630 | |
1631 | retval = do_umount(mnt, flags); |
1632 | dput_and_out: |
1633 | @@ -1955,7 +1960,13 @@ static int do_remount(struct path *path, int flags, int mnt_flags, |
1634 | } |
1635 | if ((mnt->mnt.mnt_flags & MNT_LOCK_NODEV) && |
1636 | !(mnt_flags & MNT_NODEV)) { |
1637 | - return -EPERM; |
1638 | + /* Was the nodev implicitly added in mount? */ |
1639 | + if ((mnt->mnt_ns->user_ns != &init_user_ns) && |
1640 | + !(sb->s_type->fs_flags & FS_USERNS_DEV_MOUNT)) { |
1641 | + mnt_flags |= MNT_NODEV; |
1642 | + } else { |
1643 | + return -EPERM; |
1644 | + } |
1645 | } |
1646 | if ((mnt->mnt.mnt_flags & MNT_LOCK_NOSUID) && |
1647 | !(mnt_flags & MNT_NOSUID)) { |
1648 | diff --git a/fs/ncpfs/ioctl.c b/fs/ncpfs/ioctl.c |
1649 | index d5659d96ee7f..cf7e043a9447 100644 |
1650 | --- a/fs/ncpfs/ioctl.c |
1651 | +++ b/fs/ncpfs/ioctl.c |
1652 | @@ -447,7 +447,6 @@ static long __ncp_ioctl(struct inode *inode, unsigned int cmd, unsigned long arg |
1653 | result = -EIO; |
1654 | } |
1655 | } |
1656 | - result = 0; |
1657 | } |
1658 | mutex_unlock(&server->root_setup_lock); |
1659 | |
1660 | diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c |
1661 | index d3ebdae1d9b8..338e5140c628 100644 |
1662 | --- a/fs/nfs/nfs4proc.c |
1663 | +++ b/fs/nfs/nfs4proc.c |
1664 | @@ -7692,6 +7692,9 @@ nfs4_proc_layoutget(struct nfs4_layoutget *lgp, gfp_t gfp_flags) |
1665 | |
1666 | dprintk("--> %s\n", __func__); |
1667 | |
1668 | + /* nfs4_layoutget_release calls pnfs_put_layout_hdr */ |
1669 | + pnfs_get_layout_hdr(NFS_I(inode)->layout); |
1670 | + |
1671 | lgp->args.layout.pages = nfs4_alloc_pages(max_pages, gfp_flags); |
1672 | if (!lgp->args.layout.pages) { |
1673 | nfs4_layoutget_release(lgp); |
1674 | @@ -7704,9 +7707,6 @@ nfs4_proc_layoutget(struct nfs4_layoutget *lgp, gfp_t gfp_flags) |
1675 | lgp->res.seq_res.sr_slot = NULL; |
1676 | nfs4_init_sequence(&lgp->args.seq_args, &lgp->res.seq_res, 0); |
1677 | |
1678 | - /* nfs4_layoutget_release calls pnfs_put_layout_hdr */ |
1679 | - pnfs_get_layout_hdr(NFS_I(inode)->layout); |
1680 | - |
1681 | task = rpc_run_task(&task_setup_data); |
1682 | if (IS_ERR(task)) |
1683 | return ERR_CAST(task); |
1684 | diff --git a/fs/proc/base.c b/fs/proc/base.c |
1685 | index baf852b648ad..3ec60dee75da 100644 |
1686 | --- a/fs/proc/base.c |
1687 | +++ b/fs/proc/base.c |
1688 | @@ -2493,6 +2493,57 @@ static const struct file_operations proc_projid_map_operations = { |
1689 | .llseek = seq_lseek, |
1690 | .release = proc_id_map_release, |
1691 | }; |
1692 | + |
1693 | +static int proc_setgroups_open(struct inode *inode, struct file *file) |
1694 | +{ |
1695 | + struct user_namespace *ns = NULL; |
1696 | + struct task_struct *task; |
1697 | + int ret; |
1698 | + |
1699 | + ret = -ESRCH; |
1700 | + task = get_proc_task(inode); |
1701 | + if (task) { |
1702 | + rcu_read_lock(); |
1703 | + ns = get_user_ns(task_cred_xxx(task, user_ns)); |
1704 | + rcu_read_unlock(); |
1705 | + put_task_struct(task); |
1706 | + } |
1707 | + if (!ns) |
1708 | + goto err; |
1709 | + |
1710 | + if (file->f_mode & FMODE_WRITE) { |
1711 | + ret = -EACCES; |
1712 | + if (!ns_capable(ns, CAP_SYS_ADMIN)) |
1713 | + goto err_put_ns; |
1714 | + } |
1715 | + |
1716 | + ret = single_open(file, &proc_setgroups_show, ns); |
1717 | + if (ret) |
1718 | + goto err_put_ns; |
1719 | + |
1720 | + return 0; |
1721 | +err_put_ns: |
1722 | + put_user_ns(ns); |
1723 | +err: |
1724 | + return ret; |
1725 | +} |
1726 | + |
1727 | +static int proc_setgroups_release(struct inode *inode, struct file *file) |
1728 | +{ |
1729 | + struct seq_file *seq = file->private_data; |
1730 | + struct user_namespace *ns = seq->private; |
1731 | + int ret = single_release(inode, file); |
1732 | + put_user_ns(ns); |
1733 | + return ret; |
1734 | +} |
1735 | + |
1736 | +static const struct file_operations proc_setgroups_operations = { |
1737 | + .open = proc_setgroups_open, |
1738 | + .write = proc_setgroups_write, |
1739 | + .read = seq_read, |
1740 | + .llseek = seq_lseek, |
1741 | + .release = proc_setgroups_release, |
1742 | +}; |
1743 | #endif /* CONFIG_USER_NS */ |
1744 | |
1745 | static int proc_pid_personality(struct seq_file *m, struct pid_namespace *ns, |
1746 | @@ -2601,6 +2652,7 @@ static const struct pid_entry tgid_base_stuff[] = { |
1747 | REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), |
1748 | REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), |
1749 | REG("projid_map", S_IRUGO|S_IWUSR, proc_projid_map_operations), |
1750 | + REG("setgroups", S_IRUGO|S_IWUSR, proc_setgroups_operations), |
1751 | #endif |
1752 | #ifdef CONFIG_CHECKPOINT_RESTORE |
1753 | REG("timers", S_IRUGO, proc_timers_operations), |
1754 | @@ -2944,6 +2996,7 @@ static const struct pid_entry tid_base_stuff[] = { |
1755 | REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), |
1756 | REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), |
1757 | REG("projid_map", S_IRUGO|S_IWUSR, proc_projid_map_operations), |
1758 | + REG("setgroups", S_IRUGO|S_IWUSR, proc_setgroups_operations), |
1759 | #endif |
1760 | }; |
1761 | |
1762 | diff --git a/fs/udf/dir.c b/fs/udf/dir.c |
1763 | index a012c51caffd..a7690b46ce0a 100644 |
1764 | --- a/fs/udf/dir.c |
1765 | +++ b/fs/udf/dir.c |
1766 | @@ -167,7 +167,8 @@ static int udf_readdir(struct file *file, struct dir_context *ctx) |
1767 | continue; |
1768 | } |
1769 | |
1770 | - flen = udf_get_filename(dir->i_sb, nameptr, fname, lfi); |
1771 | + flen = udf_get_filename(dir->i_sb, nameptr, lfi, fname, |
1772 | + UDF_NAME_LEN); |
1773 | if (!flen) |
1774 | continue; |
1775 | |
1776 | diff --git a/fs/udf/inode.c b/fs/udf/inode.c |
1777 | index c9b4df5810d5..5bc71d9a674a 100644 |
1778 | --- a/fs/udf/inode.c |
1779 | +++ b/fs/udf/inode.c |
1780 | @@ -1489,6 +1489,20 @@ reread: |
1781 | } |
1782 | inode->i_generation = iinfo->i_unique; |
1783 | |
1784 | + /* Sanity checks for files in ICB so that we don't get confused later */ |
1785 | + if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB) { |
1786 | + /* |
1787 | + * For file in ICB data is stored in allocation descriptor |
1788 | + * so sizes should match |
1789 | + */ |
1790 | + if (iinfo->i_lenAlloc != inode->i_size) |
1791 | + goto out; |
1792 | + /* File in ICB has to fit in there... */ |
1793 | + if (inode->i_size > inode->i_sb->s_blocksize - |
1794 | + udf_file_entry_alloc_offset(inode)) |
1795 | + goto out; |
1796 | + } |
1797 | + |
1798 | switch (fe->icbTag.fileType) { |
1799 | case ICBTAG_FILE_TYPE_DIRECTORY: |
1800 | inode->i_op = &udf_dir_inode_operations; |
1801 | diff --git a/fs/udf/namei.c b/fs/udf/namei.c |
1802 | index c12e260fd6c4..6ff19b54b51f 100644 |
1803 | --- a/fs/udf/namei.c |
1804 | +++ b/fs/udf/namei.c |
1805 | @@ -233,7 +233,8 @@ static struct fileIdentDesc *udf_find_entry(struct inode *dir, |
1806 | if (!lfi) |
1807 | continue; |
1808 | |
1809 | - flen = udf_get_filename(dir->i_sb, nameptr, fname, lfi); |
1810 | + flen = udf_get_filename(dir->i_sb, nameptr, lfi, fname, |
1811 | + UDF_NAME_LEN); |
1812 | if (flen && udf_match(flen, fname, child->len, child->name)) |
1813 | goto out_ok; |
1814 | } |
1815 | diff --git a/fs/udf/symlink.c b/fs/udf/symlink.c |
1816 | index 6fb7945c1e6e..ac10ca939f26 100644 |
1817 | --- a/fs/udf/symlink.c |
1818 | +++ b/fs/udf/symlink.c |
1819 | @@ -30,49 +30,73 @@ |
1820 | #include <linux/buffer_head.h> |
1821 | #include "udf_i.h" |
1822 | |
1823 | -static void udf_pc_to_char(struct super_block *sb, unsigned char *from, |
1824 | - int fromlen, unsigned char *to) |
1825 | +static int udf_pc_to_char(struct super_block *sb, unsigned char *from, |
1826 | + int fromlen, unsigned char *to, int tolen) |
1827 | { |
1828 | struct pathComponent *pc; |
1829 | int elen = 0; |
1830 | + int comp_len; |
1831 | unsigned char *p = to; |
1832 | |
1833 | + /* Reserve one byte for terminating \0 */ |
1834 | + tolen--; |
1835 | while (elen < fromlen) { |
1836 | pc = (struct pathComponent *)(from + elen); |
1837 | + elen += sizeof(struct pathComponent); |
1838 | switch (pc->componentType) { |
1839 | case 1: |
1840 | /* |
1841 | * Symlink points to some place which should be agreed |
1842 | * upon between originator and receiver of the media. Ignore. |
1843 | */ |
1844 | - if (pc->lengthComponentIdent > 0) |
1845 | + if (pc->lengthComponentIdent > 0) { |
1846 | + elen += pc->lengthComponentIdent; |
1847 | break; |
1848 | + } |
1849 | /* Fall through */ |
1850 | case 2: |
1851 | + if (tolen == 0) |
1852 | + return -ENAMETOOLONG; |
1853 | p = to; |
1854 | *p++ = '/'; |
1855 | + tolen--; |
1856 | break; |
1857 | case 3: |
1858 | + if (tolen < 3) |
1859 | + return -ENAMETOOLONG; |
1860 | memcpy(p, "../", 3); |
1861 | p += 3; |
1862 | + tolen -= 3; |
1863 | break; |
1864 | case 4: |
1865 | + if (tolen < 2) |
1866 | + return -ENAMETOOLONG; |
1867 | memcpy(p, "./", 2); |
1868 | p += 2; |
1869 | + tolen -= 2; |
1870 | /* that would be . - just ignore */ |
1871 | break; |
1872 | case 5: |
1873 | - p += udf_get_filename(sb, pc->componentIdent, p, |
1874 | - pc->lengthComponentIdent); |
1875 | + elen += pc->lengthComponentIdent; |
1876 | + if (elen > fromlen) |
1877 | + return -EIO; |
1878 | + comp_len = udf_get_filename(sb, pc->componentIdent, |
1879 | + pc->lengthComponentIdent, |
1880 | + p, tolen); |
1881 | + p += comp_len; |
1882 | + tolen -= comp_len; |
1883 | + if (tolen == 0) |
1884 | + return -ENAMETOOLONG; |
1885 | *p++ = '/'; |
1886 | + tolen--; |
1887 | break; |
1888 | } |
1889 | - elen += sizeof(struct pathComponent) + pc->lengthComponentIdent; |
1890 | } |
1891 | if (p > to + 1) |
1892 | p[-1] = '\0'; |
1893 | else |
1894 | p[0] = '\0'; |
1895 | + return 0; |
1896 | } |
1897 | |
1898 | static int udf_symlink_filler(struct file *file, struct page *page) |
1899 | @@ -80,11 +104,17 @@ static int udf_symlink_filler(struct file *file, struct page *page) |
1900 | struct inode *inode = page->mapping->host; |
1901 | struct buffer_head *bh = NULL; |
1902 | unsigned char *symlink; |
1903 | - int err = -EIO; |
1904 | + int err; |
1905 | unsigned char *p = kmap(page); |
1906 | struct udf_inode_info *iinfo; |
1907 | uint32_t pos; |
1908 | |
1909 | + /* We don't support symlinks longer than one block */ |
1910 | + if (inode->i_size > inode->i_sb->s_blocksize) { |
1911 | + err = -ENAMETOOLONG; |
1912 | + goto out_unmap; |
1913 | + } |
1914 | + |
1915 | iinfo = UDF_I(inode); |
1916 | pos = udf_block_map(inode, 0); |
1917 | |
1918 | @@ -94,14 +124,18 @@ static int udf_symlink_filler(struct file *file, struct page *page) |
1919 | } else { |
1920 | bh = sb_bread(inode->i_sb, pos); |
1921 | |
1922 | - if (!bh) |
1923 | - goto out; |
1924 | + if (!bh) { |
1925 | + err = -EIO; |
1926 | + goto out_unlock_inode; |
1927 | + } |
1928 | |
1929 | symlink = bh->b_data; |
1930 | } |
1931 | |
1932 | - udf_pc_to_char(inode->i_sb, symlink, inode->i_size, p); |
1933 | + err = udf_pc_to_char(inode->i_sb, symlink, inode->i_size, p, PAGE_SIZE); |
1934 | brelse(bh); |
1935 | + if (err) |
1936 | + goto out_unlock_inode; |
1937 | |
1938 | up_read(&iinfo->i_data_sem); |
1939 | SetPageUptodate(page); |
1940 | @@ -109,9 +143,10 @@ static int udf_symlink_filler(struct file *file, struct page *page) |
1941 | unlock_page(page); |
1942 | return 0; |
1943 | |
1944 | -out: |
1945 | +out_unlock_inode: |
1946 | up_read(&iinfo->i_data_sem); |
1947 | SetPageError(page); |
1948 | +out_unmap: |
1949 | kunmap(page); |
1950 | unlock_page(page); |
1951 | return err; |
1952 | diff --git a/fs/udf/udfdecl.h b/fs/udf/udfdecl.h |
1953 | index 1cc3c993ebd0..47bb3f5ca360 100644 |
1954 | --- a/fs/udf/udfdecl.h |
1955 | +++ b/fs/udf/udfdecl.h |
1956 | @@ -211,7 +211,8 @@ udf_get_lb_pblock(struct super_block *sb, struct kernel_lb_addr *loc, |
1957 | } |
1958 | |
1959 | /* unicode.c */ |
1960 | -extern int udf_get_filename(struct super_block *, uint8_t *, uint8_t *, int); |
1961 | +extern int udf_get_filename(struct super_block *, uint8_t *, int, uint8_t *, |
1962 | + int); |
1963 | extern int udf_put_filename(struct super_block *, const uint8_t *, uint8_t *, |
1964 | int); |
1965 | extern int udf_build_ustr(struct ustr *, dstring *, int); |
1966 | diff --git a/fs/udf/unicode.c b/fs/udf/unicode.c |
1967 | index afd470e588ff..b84fee372734 100644 |
1968 | --- a/fs/udf/unicode.c |
1969 | +++ b/fs/udf/unicode.c |
1970 | @@ -28,7 +28,8 @@ |
1971 | |
1972 | #include "udf_sb.h" |
1973 | |
1974 | -static int udf_translate_to_linux(uint8_t *, uint8_t *, int, uint8_t *, int); |
1975 | +static int udf_translate_to_linux(uint8_t *, int, uint8_t *, int, uint8_t *, |
1976 | + int); |
1977 | |
1978 | static int udf_char_to_ustr(struct ustr *dest, const uint8_t *src, int strlen) |
1979 | { |
1980 | @@ -333,8 +334,8 @@ try_again: |
1981 | return u_len + 1; |
1982 | } |
1983 | |
1984 | -int udf_get_filename(struct super_block *sb, uint8_t *sname, uint8_t *dname, |
1985 | - int flen) |
1986 | +int udf_get_filename(struct super_block *sb, uint8_t *sname, int slen, |
1987 | + uint8_t *dname, int dlen) |
1988 | { |
1989 | struct ustr *filename, *unifilename; |
1990 | int len = 0; |
1991 | @@ -347,7 +348,7 @@ int udf_get_filename(struct super_block *sb, uint8_t *sname, uint8_t *dname, |
1992 | if (!unifilename) |
1993 | goto out1; |
1994 | |
1995 | - if (udf_build_ustr_exact(unifilename, sname, flen)) |
1996 | + if (udf_build_ustr_exact(unifilename, sname, slen)) |
1997 | goto out2; |
1998 | |
1999 | if (UDF_QUERY_FLAG(sb, UDF_FLAG_UTF8)) { |
2000 | @@ -366,7 +367,8 @@ int udf_get_filename(struct super_block *sb, uint8_t *sname, uint8_t *dname, |
2001 | } else |
2002 | goto out2; |
2003 | |
2004 | - len = udf_translate_to_linux(dname, filename->u_name, filename->u_len, |
2005 | + len = udf_translate_to_linux(dname, dlen, |
2006 | + filename->u_name, filename->u_len, |
2007 | unifilename->u_name, unifilename->u_len); |
2008 | out2: |
2009 | kfree(unifilename); |
2010 | @@ -403,10 +405,12 @@ int udf_put_filename(struct super_block *sb, const uint8_t *sname, |
2011 | #define EXT_MARK '.' |
2012 | #define CRC_MARK '#' |
2013 | #define EXT_SIZE 5 |
2014 | +/* Number of chars we need to store generated CRC to make filename unique */ |
2015 | +#define CRC_LEN 5 |
2016 | |
2017 | -static int udf_translate_to_linux(uint8_t *newName, uint8_t *udfName, |
2018 | - int udfLen, uint8_t *fidName, |
2019 | - int fidNameLen) |
2020 | +static int udf_translate_to_linux(uint8_t *newName, int newLen, |
2021 | + uint8_t *udfName, int udfLen, |
2022 | + uint8_t *fidName, int fidNameLen) |
2023 | { |
2024 | int index, newIndex = 0, needsCRC = 0; |
2025 | int extIndex = 0, newExtIndex = 0, hasExt = 0; |
2026 | @@ -439,7 +443,7 @@ static int udf_translate_to_linux(uint8_t *newName, uint8_t *udfName, |
2027 | newExtIndex = newIndex; |
2028 | } |
2029 | } |
2030 | - if (newIndex < 256) |
2031 | + if (newIndex < newLen) |
2032 | newName[newIndex++] = curr; |
2033 | else |
2034 | needsCRC = 1; |
2035 | @@ -467,13 +471,13 @@ static int udf_translate_to_linux(uint8_t *newName, uint8_t *udfName, |
2036 | } |
2037 | ext[localExtIndex++] = curr; |
2038 | } |
2039 | - maxFilenameLen = 250 - localExtIndex; |
2040 | + maxFilenameLen = newLen - CRC_LEN - localExtIndex; |
2041 | if (newIndex > maxFilenameLen) |
2042 | newIndex = maxFilenameLen; |
2043 | else |
2044 | newIndex = newExtIndex; |
2045 | - } else if (newIndex > 250) |
2046 | - newIndex = 250; |
2047 | + } else if (newIndex > newLen - CRC_LEN) |
2048 | + newIndex = newLen - CRC_LEN; |
2049 | newName[newIndex++] = CRC_MARK; |
2050 | valueCRC = crc_itu_t(0, fidName, fidNameLen); |
2051 | newName[newIndex++] = hex_asc_upper_hi(valueCRC >> 8); |
2052 | diff --git a/include/linux/audit.h b/include/linux/audit.h |
2053 | index 22cfddb75566..1e4676e7bf63 100644 |
2054 | --- a/include/linux/audit.h |
2055 | +++ b/include/linux/audit.h |
2056 | @@ -47,6 +47,7 @@ struct sk_buff; |
2057 | |
2058 | struct audit_krule { |
2059 | int vers_ops; |
2060 | + u32 pflags; |
2061 | u32 flags; |
2062 | u32 listnr; |
2063 | u32 action; |
2064 | @@ -64,6 +65,9 @@ struct audit_krule { |
2065 | u64 prio; |
2066 | }; |
2067 | |
2068 | +/* Flag to indicate legacy AUDIT_LOGINUID unset usage */ |
2069 | +#define AUDIT_LOGINUID_LEGACY 0x1 |
2070 | + |
2071 | struct audit_field { |
2072 | u32 type; |
2073 | u32 val; |
2074 | diff --git a/include/linux/cred.h b/include/linux/cred.h |
2075 | index b2d0820837c4..2fb2ca2127ed 100644 |
2076 | --- a/include/linux/cred.h |
2077 | +++ b/include/linux/cred.h |
2078 | @@ -68,6 +68,7 @@ extern void groups_free(struct group_info *); |
2079 | extern int set_current_groups(struct group_info *); |
2080 | extern void set_groups(struct cred *, struct group_info *); |
2081 | extern int groups_search(const struct group_info *, kgid_t); |
2082 | +extern bool may_setgroups(void); |
2083 | |
2084 | /* access the groups "array" with this macro */ |
2085 | #define GROUP_AT(gi, i) \ |
2086 | diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h |
2087 | index e95372654f09..9f3579ff543d 100644 |
2088 | --- a/include/linux/user_namespace.h |
2089 | +++ b/include/linux/user_namespace.h |
2090 | @@ -17,6 +17,10 @@ struct uid_gid_map { /* 64 bytes -- 1 cache line */ |
2091 | } extent[UID_GID_MAP_MAX_EXTENTS]; |
2092 | }; |
2093 | |
2094 | +#define USERNS_SETGROUPS_ALLOWED 1UL |
2095 | + |
2096 | +#define USERNS_INIT_FLAGS USERNS_SETGROUPS_ALLOWED |
2097 | + |
2098 | struct user_namespace { |
2099 | struct uid_gid_map uid_map; |
2100 | struct uid_gid_map gid_map; |
2101 | @@ -27,6 +31,7 @@ struct user_namespace { |
2102 | kuid_t owner; |
2103 | kgid_t group; |
2104 | unsigned int proc_inum; |
2105 | + unsigned long flags; |
2106 | |
2107 | /* Register of per-UID persistent keyrings for this namespace */ |
2108 | #ifdef CONFIG_PERSISTENT_KEYRINGS |
2109 | @@ -63,6 +68,9 @@ extern const struct seq_operations proc_projid_seq_operations; |
2110 | extern ssize_t proc_uid_map_write(struct file *, const char __user *, size_t, loff_t *); |
2111 | extern ssize_t proc_gid_map_write(struct file *, const char __user *, size_t, loff_t *); |
2112 | extern ssize_t proc_projid_map_write(struct file *, const char __user *, size_t, loff_t *); |
2113 | +extern ssize_t proc_setgroups_write(struct file *, const char __user *, size_t, loff_t *); |
2114 | +extern int proc_setgroups_show(struct seq_file *m, void *v); |
2115 | +extern bool userns_may_setgroups(const struct user_namespace *ns); |
2116 | #else |
2117 | |
2118 | static inline struct user_namespace *get_user_ns(struct user_namespace *ns) |
2119 | @@ -87,6 +95,10 @@ static inline void put_user_ns(struct user_namespace *ns) |
2120 | { |
2121 | } |
2122 | |
2123 | +static inline bool userns_may_setgroups(const struct user_namespace *ns) |
2124 | +{ |
2125 | + return true; |
2126 | +} |
2127 | #endif |
2128 | |
2129 | #endif /* _LINUX_USER_H */ |
2130 | diff --git a/kernel/audit.c b/kernel/audit.c |
2131 | index 6726aa6f82be..a0918e23d647 100644 |
2132 | --- a/kernel/audit.c |
2133 | +++ b/kernel/audit.c |
2134 | @@ -429,7 +429,7 @@ static void kauditd_send_skb(struct sk_buff *skb) |
2135 | * This function doesn't consume an skb as might be expected since it has to |
2136 | * copy it anyways. |
2137 | */ |
2138 | -static void kauditd_send_multicast_skb(struct sk_buff *skb) |
2139 | +static void kauditd_send_multicast_skb(struct sk_buff *skb, gfp_t gfp_mask) |
2140 | { |
2141 | struct sk_buff *copy; |
2142 | struct audit_net *aunet = net_generic(&init_net, audit_net_id); |
2143 | @@ -448,11 +448,11 @@ static void kauditd_send_multicast_skb(struct sk_buff *skb) |
2144 | * no reason for new multicast clients to continue with this |
2145 | * non-compliance. |
2146 | */ |
2147 | - copy = skb_copy(skb, GFP_KERNEL); |
2148 | + copy = skb_copy(skb, gfp_mask); |
2149 | if (!copy) |
2150 | return; |
2151 | |
2152 | - nlmsg_multicast(sock, copy, 0, AUDIT_NLGRP_READLOG, GFP_KERNEL); |
2153 | + nlmsg_multicast(sock, copy, 0, AUDIT_NLGRP_READLOG, gfp_mask); |
2154 | } |
2155 | |
2156 | /* |
2157 | @@ -1959,7 +1959,7 @@ void audit_log_end(struct audit_buffer *ab) |
2158 | } else { |
2159 | struct nlmsghdr *nlh = nlmsg_hdr(ab->skb); |
2160 | |
2161 | - kauditd_send_multicast_skb(ab->skb); |
2162 | + kauditd_send_multicast_skb(ab->skb, ab->gfp_mask); |
2163 | |
2164 | /* |
2165 | * The original kaudit unicast socket sends up messages with |
2166 | diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c |
2167 | index c447cd9848d1..72ec3294d59f 100644 |
2168 | --- a/kernel/auditfilter.c |
2169 | +++ b/kernel/auditfilter.c |
2170 | @@ -431,19 +431,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, |
2171 | if ((f->type == AUDIT_LOGINUID) && (f->val == AUDIT_UID_UNSET)) { |
2172 | f->type = AUDIT_LOGINUID_SET; |
2173 | f->val = 0; |
2174 | - } |
2175 | - |
2176 | - if ((f->type == AUDIT_PID) || (f->type == AUDIT_PPID)) { |
2177 | - struct pid *pid; |
2178 | - rcu_read_lock(); |
2179 | - pid = find_vpid(f->val); |
2180 | - if (!pid) { |
2181 | - rcu_read_unlock(); |
2182 | - err = -ESRCH; |
2183 | - goto exit_free; |
2184 | - } |
2185 | - f->val = pid_nr(pid); |
2186 | - rcu_read_unlock(); |
2187 | + entry->rule.pflags |= AUDIT_LOGINUID_LEGACY; |
2188 | } |
2189 | |
2190 | err = audit_field_valid(entry, f); |
2191 | @@ -619,6 +607,13 @@ static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule) |
2192 | data->buflen += data->values[i] = |
2193 | audit_pack_string(&bufp, krule->filterkey); |
2194 | break; |
2195 | + case AUDIT_LOGINUID_SET: |
2196 | + if (krule->pflags & AUDIT_LOGINUID_LEGACY && !f->val) { |
2197 | + data->fields[i] = AUDIT_LOGINUID; |
2198 | + data->values[i] = AUDIT_UID_UNSET; |
2199 | + break; |
2200 | + } |
2201 | + /* fallthrough if set */ |
2202 | default: |
2203 | data->values[i] = f->val; |
2204 | } |
2205 | @@ -635,6 +630,7 @@ static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b) |
2206 | int i; |
2207 | |
2208 | if (a->flags != b->flags || |
2209 | + a->pflags != b->pflags || |
2210 | a->listnr != b->listnr || |
2211 | a->action != b->action || |
2212 | a->field_count != b->field_count) |
2213 | @@ -753,6 +749,7 @@ struct audit_entry *audit_dupe_rule(struct audit_krule *old) |
2214 | new = &entry->rule; |
2215 | new->vers_ops = old->vers_ops; |
2216 | new->flags = old->flags; |
2217 | + new->pflags = old->pflags; |
2218 | new->listnr = old->listnr; |
2219 | new->action = old->action; |
2220 | for (i = 0; i < AUDIT_BITMASK_SIZE; i++) |
2221 | diff --git a/kernel/groups.c b/kernel/groups.c |
2222 | index 451698f86cfa..664411f171b5 100644 |
2223 | --- a/kernel/groups.c |
2224 | +++ b/kernel/groups.c |
2225 | @@ -6,6 +6,7 @@ |
2226 | #include <linux/slab.h> |
2227 | #include <linux/security.h> |
2228 | #include <linux/syscalls.h> |
2229 | +#include <linux/user_namespace.h> |
2230 | #include <asm/uaccess.h> |
2231 | |
2232 | /* init to 2 - one for init_task, one to ensure it is never freed */ |
2233 | @@ -213,6 +214,14 @@ out: |
2234 | return i; |
2235 | } |
2236 | |
2237 | +bool may_setgroups(void) |
2238 | +{ |
2239 | + struct user_namespace *user_ns = current_user_ns(); |
2240 | + |
2241 | + return ns_capable(user_ns, CAP_SETGID) && |
2242 | + userns_may_setgroups(user_ns); |
2243 | +} |
2244 | + |
2245 | /* |
2246 | * SMP: Our groups are copy-on-write. We can set them safely |
2247 | * without another task interfering. |
2248 | @@ -223,7 +232,7 @@ SYSCALL_DEFINE2(setgroups, int, gidsetsize, gid_t __user *, grouplist) |
2249 | struct group_info *group_info; |
2250 | int retval; |
2251 | |
2252 | - if (!ns_capable(current_user_ns(), CAP_SETGID)) |
2253 | + if (!may_setgroups()) |
2254 | return -EPERM; |
2255 | if ((unsigned)gidsetsize > NGROUPS_MAX) |
2256 | return -EINVAL; |
2257 | diff --git a/kernel/pid.c b/kernel/pid.c |
2258 | index 9b9a26698144..82430c858d69 100644 |
2259 | --- a/kernel/pid.c |
2260 | +++ b/kernel/pid.c |
2261 | @@ -341,6 +341,8 @@ out: |
2262 | |
2263 | out_unlock: |
2264 | spin_unlock_irq(&pidmap_lock); |
2265 | + put_pid_ns(ns); |
2266 | + |
2267 | out_free: |
2268 | while (++i <= ns->level) |
2269 | free_pidmap(pid->numbers + i); |
2270 | diff --git a/kernel/uid16.c b/kernel/uid16.c |
2271 | index 602e5bbbceff..d58cc4d8f0d1 100644 |
2272 | --- a/kernel/uid16.c |
2273 | +++ b/kernel/uid16.c |
2274 | @@ -176,7 +176,7 @@ SYSCALL_DEFINE2(setgroups16, int, gidsetsize, old_gid_t __user *, grouplist) |
2275 | struct group_info *group_info; |
2276 | int retval; |
2277 | |
2278 | - if (!ns_capable(current_user_ns(), CAP_SETGID)) |
2279 | + if (!may_setgroups()) |
2280 | return -EPERM; |
2281 | if ((unsigned)gidsetsize > NGROUPS_MAX) |
2282 | return -EINVAL; |
2283 | diff --git a/kernel/user.c b/kernel/user.c |
2284 | index 4efa39350e44..2d09940c9632 100644 |
2285 | --- a/kernel/user.c |
2286 | +++ b/kernel/user.c |
2287 | @@ -51,6 +51,7 @@ struct user_namespace init_user_ns = { |
2288 | .owner = GLOBAL_ROOT_UID, |
2289 | .group = GLOBAL_ROOT_GID, |
2290 | .proc_inum = PROC_USER_INIT_INO, |
2291 | + .flags = USERNS_INIT_FLAGS, |
2292 | #ifdef CONFIG_PERSISTENT_KEYRINGS |
2293 | .persistent_keyring_register_sem = |
2294 | __RWSEM_INITIALIZER(init_user_ns.persistent_keyring_register_sem), |
2295 | diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c |
2296 | index aa312b0dc3ec..a2e37c5d2f63 100644 |
2297 | --- a/kernel/user_namespace.c |
2298 | +++ b/kernel/user_namespace.c |
2299 | @@ -24,6 +24,7 @@ |
2300 | #include <linux/fs_struct.h> |
2301 | |
2302 | static struct kmem_cache *user_ns_cachep __read_mostly; |
2303 | +static DEFINE_MUTEX(userns_state_mutex); |
2304 | |
2305 | static bool new_idmap_permitted(const struct file *file, |
2306 | struct user_namespace *ns, int cap_setid, |
2307 | @@ -99,6 +100,11 @@ int create_user_ns(struct cred *new) |
2308 | ns->owner = owner; |
2309 | ns->group = group; |
2310 | |
2311 | + /* Inherit USERNS_SETGROUPS_ALLOWED from our parent */ |
2312 | + mutex_lock(&userns_state_mutex); |
2313 | + ns->flags = parent_ns->flags; |
2314 | + mutex_unlock(&userns_state_mutex); |
2315 | + |
2316 | set_cred_user_ns(new, ns); |
2317 | |
2318 | #ifdef CONFIG_PERSISTENT_KEYRINGS |
2319 | @@ -583,9 +589,6 @@ static bool mappings_overlap(struct uid_gid_map *new_map, |
2320 | return false; |
2321 | } |
2322 | |
2323 | - |
2324 | -static DEFINE_MUTEX(id_map_mutex); |
2325 | - |
2326 | static ssize_t map_write(struct file *file, const char __user *buf, |
2327 | size_t count, loff_t *ppos, |
2328 | int cap_setid, |
2329 | @@ -602,7 +605,7 @@ static ssize_t map_write(struct file *file, const char __user *buf, |
2330 | ssize_t ret = -EINVAL; |
2331 | |
2332 | /* |
2333 | - * The id_map_mutex serializes all writes to any given map. |
2334 | + * The userns_state_mutex serializes all writes to any given map. |
2335 | * |
2336 | * Any map is only ever written once. |
2337 | * |
2338 | @@ -620,7 +623,7 @@ static ssize_t map_write(struct file *file, const char __user *buf, |
2339 | * order and smp_rmb() is guaranteed that we don't have crazy |
2340 | * architectures returning stale data. |
2341 | */ |
2342 | - mutex_lock(&id_map_mutex); |
2343 | + mutex_lock(&userns_state_mutex); |
2344 | |
2345 | ret = -EPERM; |
2346 | /* Only allow one successful write to the map */ |
2347 | @@ -750,7 +753,7 @@ static ssize_t map_write(struct file *file, const char __user *buf, |
2348 | *ppos = count; |
2349 | ret = count; |
2350 | out: |
2351 | - mutex_unlock(&id_map_mutex); |
2352 | + mutex_unlock(&userns_state_mutex); |
2353 | if (page) |
2354 | free_page(page); |
2355 | return ret; |
2356 | @@ -812,16 +815,21 @@ static bool new_idmap_permitted(const struct file *file, |
2357 | struct user_namespace *ns, int cap_setid, |
2358 | struct uid_gid_map *new_map) |
2359 | { |
2360 | - /* Allow mapping to your own filesystem ids */ |
2361 | - if ((new_map->nr_extents == 1) && (new_map->extent[0].count == 1)) { |
2362 | + const struct cred *cred = file->f_cred; |
2363 | + /* Don't allow mappings that would allow anything that wouldn't |
2364 | + * be allowed without the establishment of unprivileged mappings. |
2365 | + */ |
2366 | + if ((new_map->nr_extents == 1) && (new_map->extent[0].count == 1) && |
2367 | + uid_eq(ns->owner, cred->euid)) { |
2368 | u32 id = new_map->extent[0].lower_first; |
2369 | if (cap_setid == CAP_SETUID) { |
2370 | kuid_t uid = make_kuid(ns->parent, id); |
2371 | - if (uid_eq(uid, file->f_cred->fsuid)) |
2372 | + if (uid_eq(uid, cred->euid)) |
2373 | return true; |
2374 | } else if (cap_setid == CAP_SETGID) { |
2375 | kgid_t gid = make_kgid(ns->parent, id); |
2376 | - if (gid_eq(gid, file->f_cred->fsgid)) |
2377 | + if (!(ns->flags & USERNS_SETGROUPS_ALLOWED) && |
2378 | + gid_eq(gid, cred->egid)) |
2379 | return true; |
2380 | } |
2381 | } |
2382 | @@ -841,6 +849,100 @@ static bool new_idmap_permitted(const struct file *file, |
2383 | return false; |
2384 | } |
2385 | |
2386 | +int proc_setgroups_show(struct seq_file *seq, void *v) |
2387 | +{ |
2388 | + struct user_namespace *ns = seq->private; |
2389 | + unsigned long userns_flags = ACCESS_ONCE(ns->flags); |
2390 | + |
2391 | + seq_printf(seq, "%s\n", |
2392 | + (userns_flags & USERNS_SETGROUPS_ALLOWED) ? |
2393 | + "allow" : "deny"); |
2394 | + return 0; |
2395 | +} |
2396 | + |
2397 | +ssize_t proc_setgroups_write(struct file *file, const char __user *buf, |
2398 | + size_t count, loff_t *ppos) |
2399 | +{ |
2400 | + struct seq_file *seq = file->private_data; |
2401 | + struct user_namespace *ns = seq->private; |
2402 | + char kbuf[8], *pos; |
2403 | + bool setgroups_allowed; |
2404 | + ssize_t ret; |
2405 | + |
2406 | + /* Only allow a very narrow range of strings to be written */ |
2407 | + ret = -EINVAL; |
2408 | + if ((*ppos != 0) || (count >= sizeof(kbuf))) |
2409 | + goto out; |
2410 | + |
2411 | + /* What was written? */ |
2412 | + ret = -EFAULT; |
2413 | + if (copy_from_user(kbuf, buf, count)) |
2414 | + goto out; |
2415 | + kbuf[count] = '\0'; |
2416 | + pos = kbuf; |
2417 | + |
2418 | + /* What is being requested? */ |
2419 | + ret = -EINVAL; |
2420 | + if (strncmp(pos, "allow", 5) == 0) { |
2421 | + pos += 5; |
2422 | + setgroups_allowed = true; |
2423 | + } |
2424 | + else if (strncmp(pos, "deny", 4) == 0) { |
2425 | + pos += 4; |
2426 | + setgroups_allowed = false; |
2427 | + } |
2428 | + else |
2429 | + goto out; |
2430 | + |
2431 | + /* Verify there is not trailing junk on the line */ |
2432 | + pos = skip_spaces(pos); |
2433 | + if (*pos != '\0') |
2434 | + goto out; |
2435 | + |
2436 | + ret = -EPERM; |
2437 | + mutex_lock(&userns_state_mutex); |
2438 | + if (setgroups_allowed) { |
2439 | + /* Enabling setgroups after setgroups has been disabled |
2440 | + * is not allowed. |
2441 | + */ |
2442 | + if (!(ns->flags & USERNS_SETGROUPS_ALLOWED)) |
2443 | + goto out_unlock; |
2444 | + } else { |
2445 | + /* Permanently disabling setgroups after setgroups has |
2446 | + * been enabled by writing the gid_map is not allowed. |
2447 | + */ |
2448 | + if (ns->gid_map.nr_extents != 0) |
2449 | + goto out_unlock; |
2450 | + ns->flags &= ~USERNS_SETGROUPS_ALLOWED; |
2451 | + } |
2452 | + mutex_unlock(&userns_state_mutex); |
2453 | + |
2454 | + /* Report a successful write */ |
2455 | + *ppos = count; |
2456 | + ret = count; |
2457 | +out: |
2458 | + return ret; |
2459 | +out_unlock: |
2460 | + mutex_unlock(&userns_state_mutex); |
2461 | + goto out; |
2462 | +} |
2463 | + |
2464 | +bool userns_may_setgroups(const struct user_namespace *ns) |
2465 | +{ |
2466 | + bool allowed; |
2467 | + |
2468 | + mutex_lock(&userns_state_mutex); |
2469 | + /* It is not safe to use setgroups until a gid mapping in |
2470 | + * the user namespace has been established. |
2471 | + */ |
2472 | + allowed = ns->gid_map.nr_extents != 0; |
2473 | + /* Is setgroups allowed? */ |
2474 | + allowed = allowed && (ns->flags & USERNS_SETGROUPS_ALLOWED); |
2475 | + mutex_unlock(&userns_state_mutex); |
2476 | + |
2477 | + return allowed; |
2478 | +} |
2479 | + |
2480 | static void *userns_get(struct task_struct *task) |
2481 | { |
2482 | struct user_namespace *user_ns; |
2483 | diff --git a/net/mac80211/key.c b/net/mac80211/key.c |
2484 | index d808cff80153..f7afc0ac3b78 100644 |
2485 | --- a/net/mac80211/key.c |
2486 | +++ b/net/mac80211/key.c |
2487 | @@ -650,7 +650,7 @@ void ieee80211_free_sta_keys(struct ieee80211_local *local, |
2488 | int i; |
2489 | |
2490 | mutex_lock(&local->key_mtx); |
2491 | - for (i = 0; i < NUM_DEFAULT_KEYS; i++) { |
2492 | + for (i = 0; i < ARRAY_SIZE(sta->gtk); i++) { |
2493 | key = key_mtx_dereference(local, sta->gtk[i]); |
2494 | if (!key) |
2495 | continue; |
2496 | diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c |
2497 | index 7e77410ca799..fced06462b8c 100644 |
2498 | --- a/net/mac80211/rx.c |
2499 | +++ b/net/mac80211/rx.c |
2500 | @@ -1667,14 +1667,14 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) |
2501 | sc = le16_to_cpu(hdr->seq_ctrl); |
2502 | frag = sc & IEEE80211_SCTL_FRAG; |
2503 | |
2504 | - if (likely(!ieee80211_has_morefrags(fc) && frag == 0)) |
2505 | - goto out; |
2506 | - |
2507 | if (is_multicast_ether_addr(hdr->addr1)) { |
2508 | rx->local->dot11MulticastReceivedFrameCount++; |
2509 | - goto out; |
2510 | + goto out_no_led; |
2511 | } |
2512 | |
2513 | + if (likely(!ieee80211_has_morefrags(fc) && frag == 0)) |
2514 | + goto out; |
2515 | + |
2516 | I802_DEBUG_INC(rx->local->rx_handlers_fragments); |
2517 | |
2518 | if (skb_linearize(rx->skb)) |
2519 | @@ -1765,9 +1765,10 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) |
2520 | status->rx_flags |= IEEE80211_RX_FRAGMENTED; |
2521 | |
2522 | out: |
2523 | + ieee80211_led_rx(rx->local); |
2524 | + out_no_led: |
2525 | if (rx->sta) |
2526 | rx->sta->rx_packets++; |
2527 | - ieee80211_led_rx(rx->local); |
2528 | return RX_CONTINUE; |
2529 | } |
2530 | |
2531 | diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c |
2532 | index 5fe443d120af..556c43df6636 100644 |
2533 | --- a/security/keys/encrypted-keys/encrypted.c |
2534 | +++ b/security/keys/encrypted-keys/encrypted.c |
2535 | @@ -1018,10 +1018,13 @@ static int __init init_encrypted(void) |
2536 | ret = encrypted_shash_alloc(); |
2537 | if (ret < 0) |
2538 | return ret; |
2539 | + ret = aes_get_sizes(); |
2540 | + if (ret < 0) |
2541 | + goto out; |
2542 | ret = register_key_type(&key_type_encrypted); |
2543 | if (ret < 0) |
2544 | goto out; |
2545 | - return aes_get_sizes(); |
2546 | + return 0; |
2547 | out: |
2548 | encrypted_shash_release(); |
2549 | return ret; |
2550 | diff --git a/tools/testing/selftests/mount/unprivileged-remount-test.c b/tools/testing/selftests/mount/unprivileged-remount-test.c |
2551 | index 1b3ff2fda4d0..517785052f1c 100644 |
2552 | --- a/tools/testing/selftests/mount/unprivileged-remount-test.c |
2553 | +++ b/tools/testing/selftests/mount/unprivileged-remount-test.c |
2554 | @@ -6,6 +6,8 @@ |
2555 | #include <sys/types.h> |
2556 | #include <sys/mount.h> |
2557 | #include <sys/wait.h> |
2558 | +#include <sys/vfs.h> |
2559 | +#include <sys/statvfs.h> |
2560 | #include <stdlib.h> |
2561 | #include <unistd.h> |
2562 | #include <fcntl.h> |
2563 | @@ -32,11 +34,14 @@ |
2564 | # define CLONE_NEWPID 0x20000000 |
2565 | #endif |
2566 | |
2567 | +#ifndef MS_REC |
2568 | +# define MS_REC 16384 |
2569 | +#endif |
2570 | #ifndef MS_RELATIME |
2571 | -#define MS_RELATIME (1 << 21) |
2572 | +# define MS_RELATIME (1 << 21) |
2573 | #endif |
2574 | #ifndef MS_STRICTATIME |
2575 | -#define MS_STRICTATIME (1 << 24) |
2576 | +# define MS_STRICTATIME (1 << 24) |
2577 | #endif |
2578 | |
2579 | static void die(char *fmt, ...) |
2580 | @@ -48,17 +53,14 @@ static void die(char *fmt, ...) |
2581 | exit(EXIT_FAILURE); |
2582 | } |
2583 | |
2584 | -static void write_file(char *filename, char *fmt, ...) |
2585 | +static void vmaybe_write_file(bool enoent_ok, char *filename, char *fmt, va_list ap) |
2586 | { |
2587 | char buf[4096]; |
2588 | int fd; |
2589 | ssize_t written; |
2590 | int buf_len; |
2591 | - va_list ap; |
2592 | |
2593 | - va_start(ap, fmt); |
2594 | buf_len = vsnprintf(buf, sizeof(buf), fmt, ap); |
2595 | - va_end(ap); |
2596 | if (buf_len < 0) { |
2597 | die("vsnprintf failed: %s\n", |
2598 | strerror(errno)); |
2599 | @@ -69,6 +71,8 @@ static void write_file(char *filename, char *fmt, ...) |
2600 | |
2601 | fd = open(filename, O_WRONLY); |
2602 | if (fd < 0) { |
2603 | + if ((errno == ENOENT) && enoent_ok) |
2604 | + return; |
2605 | die("open of %s failed: %s\n", |
2606 | filename, strerror(errno)); |
2607 | } |
2608 | @@ -87,6 +91,65 @@ static void write_file(char *filename, char *fmt, ...) |
2609 | } |
2610 | } |
2611 | |
2612 | +static void maybe_write_file(char *filename, char *fmt, ...) |
2613 | +{ |
2614 | + va_list ap; |
2615 | + |
2616 | + va_start(ap, fmt); |
2617 | + vmaybe_write_file(true, filename, fmt, ap); |
2618 | + va_end(ap); |
2619 | + |
2620 | +} |
2621 | + |
2622 | +static void write_file(char *filename, char *fmt, ...) |
2623 | +{ |
2624 | + va_list ap; |
2625 | + |
2626 | + va_start(ap, fmt); |
2627 | + vmaybe_write_file(false, filename, fmt, ap); |
2628 | + va_end(ap); |
2629 | + |
2630 | +} |
2631 | + |
2632 | +static int read_mnt_flags(const char *path) |
2633 | +{ |
2634 | + int ret; |
2635 | + struct statvfs stat; |
2636 | + int mnt_flags; |
2637 | + |
2638 | + ret = statvfs(path, &stat); |
2639 | + if (ret != 0) { |
2640 | + die("statvfs of %s failed: %s\n", |
2641 | + path, strerror(errno)); |
2642 | + } |
2643 | + if (stat.f_flag & ~(ST_RDONLY | ST_NOSUID | ST_NODEV | \ |
2644 | + ST_NOEXEC | ST_NOATIME | ST_NODIRATIME | ST_RELATIME | \ |
2645 | + ST_SYNCHRONOUS | ST_MANDLOCK)) { |
2646 | + die("Unrecognized mount flags\n"); |
2647 | + } |
2648 | + mnt_flags = 0; |
2649 | + if (stat.f_flag & ST_RDONLY) |
2650 | + mnt_flags |= MS_RDONLY; |
2651 | + if (stat.f_flag & ST_NOSUID) |
2652 | + mnt_flags |= MS_NOSUID; |
2653 | + if (stat.f_flag & ST_NODEV) |
2654 | + mnt_flags |= MS_NODEV; |
2655 | + if (stat.f_flag & ST_NOEXEC) |
2656 | + mnt_flags |= MS_NOEXEC; |
2657 | + if (stat.f_flag & ST_NOATIME) |
2658 | + mnt_flags |= MS_NOATIME; |
2659 | + if (stat.f_flag & ST_NODIRATIME) |
2660 | + mnt_flags |= MS_NODIRATIME; |
2661 | + if (stat.f_flag & ST_RELATIME) |
2662 | + mnt_flags |= MS_RELATIME; |
2663 | + if (stat.f_flag & ST_SYNCHRONOUS) |
2664 | + mnt_flags |= MS_SYNCHRONOUS; |
2665 | + if (stat.f_flag & ST_MANDLOCK) |
2666 | + mnt_flags |= ST_MANDLOCK; |
2667 | + |
2668 | + return mnt_flags; |
2669 | +} |
2670 | + |
2671 | static void create_and_enter_userns(void) |
2672 | { |
2673 | uid_t uid; |
2674 | @@ -100,13 +163,10 @@ static void create_and_enter_userns(void) |
2675 | strerror(errno)); |
2676 | } |
2677 | |
2678 | + maybe_write_file("/proc/self/setgroups", "deny"); |
2679 | write_file("/proc/self/uid_map", "0 %d 1", uid); |
2680 | write_file("/proc/self/gid_map", "0 %d 1", gid); |
2681 | |
2682 | - if (setgroups(0, NULL) != 0) { |
2683 | - die("setgroups failed: %s\n", |
2684 | - strerror(errno)); |
2685 | - } |
2686 | if (setgid(0) != 0) { |
2687 | die ("setgid(0) failed %s\n", |
2688 | strerror(errno)); |
2689 | @@ -118,7 +178,8 @@ static void create_and_enter_userns(void) |
2690 | } |
2691 | |
2692 | static |
2693 | -bool test_unpriv_remount(int mount_flags, int remount_flags, int invalid_flags) |
2694 | +bool test_unpriv_remount(const char *fstype, const char *mount_options, |
2695 | + int mount_flags, int remount_flags, int invalid_flags) |
2696 | { |
2697 | pid_t child; |
2698 | |
2699 | @@ -151,9 +212,11 @@ bool test_unpriv_remount(int mount_flags, int remount_flags, int invalid_flags) |
2700 | strerror(errno)); |
2701 | } |
2702 | |
2703 | - if (mount("testing", "/tmp", "ramfs", mount_flags, NULL) != 0) { |
2704 | - die("mount of /tmp failed: %s\n", |
2705 | - strerror(errno)); |
2706 | + if (mount("testing", "/tmp", fstype, mount_flags, mount_options) != 0) { |
2707 | + die("mount of %s with options '%s' on /tmp failed: %s\n", |
2708 | + fstype, |
2709 | + mount_options? mount_options : "", |
2710 | + strerror(errno)); |
2711 | } |
2712 | |
2713 | create_and_enter_userns(); |
2714 | @@ -181,62 +244,127 @@ bool test_unpriv_remount(int mount_flags, int remount_flags, int invalid_flags) |
2715 | |
2716 | static bool test_unpriv_remount_simple(int mount_flags) |
2717 | { |
2718 | - return test_unpriv_remount(mount_flags, mount_flags, 0); |
2719 | + return test_unpriv_remount("ramfs", NULL, mount_flags, mount_flags, 0); |
2720 | } |
2721 | |
2722 | static bool test_unpriv_remount_atime(int mount_flags, int invalid_flags) |
2723 | { |
2724 | - return test_unpriv_remount(mount_flags, mount_flags, invalid_flags); |
2725 | + return test_unpriv_remount("ramfs", NULL, mount_flags, mount_flags, |
2726 | + invalid_flags); |
2727 | +} |
2728 | + |
2729 | +static bool test_priv_mount_unpriv_remount(void) |
2730 | +{ |
2731 | + pid_t child; |
2732 | + int ret; |
2733 | + const char *orig_path = "/dev"; |
2734 | + const char *dest_path = "/tmp"; |
2735 | + int orig_mnt_flags, remount_mnt_flags; |
2736 | + |
2737 | + child = fork(); |
2738 | + if (child == -1) { |
2739 | + die("fork failed: %s\n", |
2740 | + strerror(errno)); |
2741 | + } |
2742 | + if (child != 0) { /* parent */ |
2743 | + pid_t pid; |
2744 | + int status; |
2745 | + pid = waitpid(child, &status, 0); |
2746 | + if (pid == -1) { |
2747 | + die("waitpid failed: %s\n", |
2748 | + strerror(errno)); |
2749 | + } |
2750 | + if (pid != child) { |
2751 | + die("waited for %d got %d\n", |
2752 | + child, pid); |
2753 | + } |
2754 | + if (!WIFEXITED(status)) { |
2755 | + die("child did not terminate cleanly\n"); |
2756 | + } |
2757 | + return WEXITSTATUS(status) == EXIT_SUCCESS ? true : false; |
2758 | + } |
2759 | + |
2760 | + orig_mnt_flags = read_mnt_flags(orig_path); |
2761 | + |
2762 | + create_and_enter_userns(); |
2763 | + ret = unshare(CLONE_NEWNS); |
2764 | + if (ret != 0) { |
2765 | + die("unshare(CLONE_NEWNS) failed: %s\n", |
2766 | + strerror(errno)); |
2767 | + } |
2768 | + |
2769 | + ret = mount(orig_path, dest_path, "bind", MS_BIND | MS_REC, NULL); |
2770 | + if (ret != 0) { |
2771 | + die("recursive bind mount of %s onto %s failed: %s\n", |
2772 | + orig_path, dest_path, strerror(errno)); |
2773 | + } |
2774 | + |
2775 | + ret = mount(dest_path, dest_path, "none", |
2776 | + MS_REMOUNT | MS_BIND | orig_mnt_flags , NULL); |
2777 | + if (ret != 0) { |
2778 | + /* system("cat /proc/self/mounts"); */ |
2779 | + die("remount of /tmp failed: %s\n", |
2780 | + strerror(errno)); |
2781 | + } |
2782 | + |
2783 | + remount_mnt_flags = read_mnt_flags(dest_path); |
2784 | + if (orig_mnt_flags != remount_mnt_flags) { |
2785 | + die("Mount flags unexpectedly changed during remount of %s originally mounted on %s\n", |
2786 | + dest_path, orig_path); |
2787 | + } |
2788 | + exit(EXIT_SUCCESS); |
2789 | } |
2790 | |
2791 | int main(int argc, char **argv) |
2792 | { |
2793 | - if (!test_unpriv_remount_simple(MS_RDONLY|MS_NODEV)) { |
2794 | + if (!test_unpriv_remount_simple(MS_RDONLY)) { |
2795 | die("MS_RDONLY malfunctions\n"); |
2796 | } |
2797 | - if (!test_unpriv_remount_simple(MS_NODEV)) { |
2798 | + if (!test_unpriv_remount("devpts", "newinstance", MS_NODEV, MS_NODEV, 0)) { |
2799 | die("MS_NODEV malfunctions\n"); |
2800 | } |
2801 | - if (!test_unpriv_remount_simple(MS_NOSUID|MS_NODEV)) { |
2802 | + if (!test_unpriv_remount_simple(MS_NOSUID)) { |
2803 | die("MS_NOSUID malfunctions\n"); |
2804 | } |
2805 | - if (!test_unpriv_remount_simple(MS_NOEXEC|MS_NODEV)) { |
2806 | + if (!test_unpriv_remount_simple(MS_NOEXEC)) { |
2807 | die("MS_NOEXEC malfunctions\n"); |
2808 | } |
2809 | - if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODEV, |
2810 | - MS_NOATIME|MS_NODEV)) |
2811 | + if (!test_unpriv_remount_atime(MS_RELATIME, |
2812 | + MS_NOATIME)) |
2813 | { |
2814 | die("MS_RELATIME malfunctions\n"); |
2815 | } |
2816 | - if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODEV, |
2817 | - MS_NOATIME|MS_NODEV)) |
2818 | + if (!test_unpriv_remount_atime(MS_STRICTATIME, |
2819 | + MS_NOATIME)) |
2820 | { |
2821 | die("MS_STRICTATIME malfunctions\n"); |
2822 | } |
2823 | - if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODEV, |
2824 | - MS_STRICTATIME|MS_NODEV)) |
2825 | + if (!test_unpriv_remount_atime(MS_NOATIME, |
2826 | + MS_STRICTATIME)) |
2827 | { |
2828 | - die("MS_RELATIME malfunctions\n"); |
2829 | + die("MS_NOATIME malfunctions\n"); |
2830 | } |
2831 | - if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODIRATIME|MS_NODEV, |
2832 | - MS_NOATIME|MS_NODEV)) |
2833 | + if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODIRATIME, |
2834 | + MS_NOATIME)) |
2835 | { |
2836 | - die("MS_RELATIME malfunctions\n"); |
2837 | + die("MS_RELATIME|MS_NODIRATIME malfunctions\n"); |
2838 | } |
2839 | - if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODIRATIME|MS_NODEV, |
2840 | - MS_NOATIME|MS_NODEV)) |
2841 | + if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODIRATIME, |
2842 | + MS_NOATIME)) |
2843 | { |
2844 | - die("MS_RELATIME malfunctions\n"); |
2845 | + die("MS_STRICTATIME|MS_NODIRATIME malfunctions\n"); |
2846 | } |
2847 | - if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODIRATIME|MS_NODEV, |
2848 | - MS_STRICTATIME|MS_NODEV)) |
2849 | + if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODIRATIME, |
2850 | + MS_STRICTATIME)) |
2851 | { |
2852 | - die("MS_RELATIME malfunctions\n"); |
2853 | + die("MS_NOATIME|MS_DIRATIME malfunctions\n"); |
2854 | } |
2855 | - if (!test_unpriv_remount(MS_STRICTATIME|MS_NODEV, MS_NODEV, |
2856 | - MS_NOATIME|MS_NODEV)) |
2857 | + if (!test_unpriv_remount("ramfs", NULL, MS_STRICTATIME, 0, MS_NOATIME)) |
2858 | { |
2859 | die("Default atime malfunctions\n"); |
2860 | } |
2861 | + if (!test_priv_mount_unpriv_remount()) { |
2862 | + die("Mount flags unexpectedly changed after remount\n"); |
2863 | + } |
2864 | return EXIT_SUCCESS; |
2865 | } |