Contents of /trunk/kernel26-alx/patches-2.6.29-r2/0103-2.6.29.4-all-fixes.patch
Parent Directory | Revision Log
Revision 1022 -
(show annotations)
(download)
Sun Apr 25 14:59:21 2010 UTC (14 years, 5 months ago) by niro
File size: 100164 byte(s)
Sun Apr 25 14:59:21 2010 UTC (14 years, 5 months ago) by niro
File size: 100164 byte(s)
-added alx kernel
1 | diff --git a/Documentation/filesystems/Locking b/Documentation/filesystems/Locking |
2 | index ec6a939..eea7102 100644 |
3 | --- a/Documentation/filesystems/Locking |
4 | +++ b/Documentation/filesystems/Locking |
5 | @@ -502,23 +502,31 @@ prototypes: |
6 | void (*open)(struct vm_area_struct*); |
7 | void (*close)(struct vm_area_struct*); |
8 | int (*fault)(struct vm_area_struct*, struct vm_fault *); |
9 | - int (*page_mkwrite)(struct vm_area_struct *, struct page *); |
10 | + int (*page_mkwrite)(struct vm_area_struct *, struct vm_fault *); |
11 | int (*access)(struct vm_area_struct *, unsigned long, void*, int, int); |
12 | |
13 | locking rules: |
14 | BKL mmap_sem PageLocked(page) |
15 | open: no yes |
16 | close: no yes |
17 | -fault: no yes |
18 | -page_mkwrite: no yes no |
19 | +fault: no yes can return with page locked |
20 | +page_mkwrite: no yes can return with page locked |
21 | access: no yes |
22 | |
23 | - ->page_mkwrite() is called when a previously read-only page is |
24 | -about to become writeable. The file system is responsible for |
25 | -protecting against truncate races. Once appropriate action has been |
26 | -taking to lock out truncate, the page range should be verified to be |
27 | -within i_size. The page mapping should also be checked that it is not |
28 | -NULL. |
29 | + ->fault() is called when a previously not present pte is about |
30 | +to be faulted in. The filesystem must find and return the page associated |
31 | +with the passed in "pgoff" in the vm_fault structure. If it is possible that |
32 | +the page may be truncated and/or invalidated, then the filesystem must lock |
33 | +the page, then ensure it is not already truncated (the page lock will block |
34 | +subsequent truncate), and then return with VM_FAULT_LOCKED, and the page |
35 | +locked. The VM will unlock the page. |
36 | + |
37 | + ->page_mkwrite() is called when a previously read-only pte is |
38 | +about to become writeable. The filesystem again must ensure that there are |
39 | +no truncate/invalidate races, and then return with the page locked. If |
40 | +the page has been truncated, the filesystem should not look up a new page |
41 | +like the ->fault() handler, but simply return with VM_FAULT_NOPAGE, which |
42 | +will cause the VM to retry the fault. |
43 | |
44 | ->access() is called when get_user_pages() fails in |
45 | acces_process_vm(), typically used to debug a process through |
46 | diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c |
47 | index da56821..dd8eeea 100644 |
48 | --- a/arch/x86/kvm/svm.c |
49 | +++ b/arch/x86/kvm/svm.c |
50 | @@ -411,7 +411,6 @@ static __init int svm_hardware_setup(void) |
51 | |
52 | iopm_va = page_address(iopm_pages); |
53 | memset(iopm_va, 0xff, PAGE_SIZE * (1 << IOPM_ALLOC_ORDER)); |
54 | - clear_bit(0x80, iopm_va); /* allow direct access to PC debug port */ |
55 | iopm_base = page_to_pfn(iopm_pages) << PAGE_SHIFT; |
56 | |
57 | if (boot_cpu_has(X86_FEATURE_NX)) |
58 | diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
59 | index 425423e..92f0457 100644 |
60 | --- a/arch/x86/kvm/x86.c |
61 | +++ b/arch/x86/kvm/x86.c |
62 | @@ -1075,9 +1075,9 @@ void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu) |
63 | |
64 | static int is_efer_nx(void) |
65 | { |
66 | - u64 efer; |
67 | + unsigned long long efer = 0; |
68 | |
69 | - rdmsrl(MSR_EFER, efer); |
70 | + rdmsrl_safe(MSR_EFER, &efer); |
71 | return efer & EFER_NX; |
72 | } |
73 | |
74 | diff --git a/drivers/dma/dmatest.c b/drivers/dma/dmatest.c |
75 | index e190d8b..7ffc5ac 100644 |
76 | --- a/drivers/dma/dmatest.c |
77 | +++ b/drivers/dma/dmatest.c |
78 | @@ -410,9 +410,7 @@ static int __init dmatest_init(void) |
79 | chan = dma_request_channel(mask, filter, NULL); |
80 | if (chan) { |
81 | err = dmatest_add_channel(chan); |
82 | - if (err == 0) |
83 | - continue; |
84 | - else { |
85 | + if (err) { |
86 | dma_release_channel(chan); |
87 | break; /* add_channel failed, punt */ |
88 | } |
89 | diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h |
90 | index 8851197..700ebec 100644 |
91 | --- a/drivers/hid/hid-ids.h |
92 | +++ b/drivers/hid/hid-ids.h |
93 | @@ -110,6 +110,11 @@ |
94 | #define USB_VENDOR_ID_BERKSHIRE 0x0c98 |
95 | #define USB_DEVICE_ID_BERKSHIRE_PCWD 0x1140 |
96 | |
97 | +#define USB_VENDOR_ID_CH 0x068e |
98 | +#define USB_DEVICE_ID_CH_PRO_PEDALS 0x00f2 |
99 | +#define USB_DEVICE_ID_CH_COMBATSTICK 0x00f4 |
100 | +#define USB_DEVICE_ID_CH_FLIGHT_SIM_YOKE 0x00ff |
101 | + |
102 | #define USB_VENDOR_ID_CHERRY 0x046a |
103 | #define USB_DEVICE_ID_CHERRY_CYMOTION 0x0023 |
104 | |
105 | diff --git a/drivers/hid/usbhid/hid-quirks.c b/drivers/hid/usbhid/hid-quirks.c |
106 | index 4391717..d8f7423 100644 |
107 | --- a/drivers/hid/usbhid/hid-quirks.c |
108 | +++ b/drivers/hid/usbhid/hid-quirks.c |
109 | @@ -50,6 +50,9 @@ static const struct hid_blacklist { |
110 | { USB_VENDOR_ID_ATEN, USB_DEVICE_ID_ATEN_2PORTKVM, HID_QUIRK_NOGET }, |
111 | { USB_VENDOR_ID_ATEN, USB_DEVICE_ID_ATEN_4PORTKVM, HID_QUIRK_NOGET }, |
112 | { USB_VENDOR_ID_ATEN, USB_DEVICE_ID_ATEN_4PORTKVMC, HID_QUIRK_NOGET }, |
113 | + { USB_VENDOR_ID_CH, USB_DEVICE_ID_CH_COMBATSTICK, HID_QUIRK_NOGET }, |
114 | + { USB_VENDOR_ID_CH, USB_DEVICE_ID_CH_FLIGHT_SIM_YOKE, HID_QUIRK_NOGET }, |
115 | + { USB_VENDOR_ID_CH, USB_DEVICE_ID_CH_PRO_PEDALS, HID_QUIRK_NOGET }, |
116 | { USB_VENDOR_ID_DMI, USB_DEVICE_ID_DMI_ENC, HID_QUIRK_NOGET }, |
117 | { USB_VENDOR_ID_ELO, USB_DEVICE_ID_ELO_TS2700, HID_QUIRK_NOGET }, |
118 | { USB_VENDOR_ID_SUN, USB_DEVICE_ID_RARITAN_KVM_DONGLE, HID_QUIRK_NOGET }, |
119 | diff --git a/drivers/hwmon/w83781d.c b/drivers/hwmon/w83781d.c |
120 | index dbfb30c..0bdab95 100644 |
121 | --- a/drivers/hwmon/w83781d.c |
122 | +++ b/drivers/hwmon/w83781d.c |
123 | @@ -1462,7 +1462,8 @@ static struct w83781d_data *w83781d_update_device(struct device *dev) |
124 | data->pwm[i] = |
125 | w83781d_read_value(data, |
126 | W83781D_REG_PWM[i]); |
127 | - if ((data->type != w83782d || !client->driver) |
128 | + /* Only W83782D on SMBus has PWM3 and PWM4 */ |
129 | + if ((data->type != w83782d || !client) |
130 | && i == 1) |
131 | break; |
132 | } |
133 | diff --git a/drivers/i2c/algos/i2c-algo-bit.c b/drivers/i2c/algos/i2c-algo-bit.c |
134 | index eb8f72c..0e034a4 100644 |
135 | --- a/drivers/i2c/algos/i2c-algo-bit.c |
136 | +++ b/drivers/i2c/algos/i2c-algo-bit.c |
137 | @@ -104,7 +104,7 @@ static int sclhi(struct i2c_algo_bit_data *adap) |
138 | * chips may hold it low ("clock stretching") while they |
139 | * are processing data internally. |
140 | */ |
141 | - if (time_after_eq(jiffies, start + adap->timeout)) |
142 | + if (time_after(jiffies, start + adap->timeout)) |
143 | return -ETIMEDOUT; |
144 | cond_resched(); |
145 | } |
146 | diff --git a/drivers/i2c/algos/i2c-algo-pca.c b/drivers/i2c/algos/i2c-algo-pca.c |
147 | index d50b329..2346a89 100644 |
148 | --- a/drivers/i2c/algos/i2c-algo-pca.c |
149 | +++ b/drivers/i2c/algos/i2c-algo-pca.c |
150 | @@ -270,10 +270,21 @@ static int pca_xfer(struct i2c_adapter *i2c_adap, |
151 | |
152 | case 0x30: /* Data byte in I2CDAT has been transmitted; NOT ACK has been received */ |
153 | DEB2("NOT ACK received after data byte\n"); |
154 | + pca_stop(adap); |
155 | goto out; |
156 | |
157 | case 0x38: /* Arbitration lost during SLA+W, SLA+R or data bytes */ |
158 | DEB2("Arbitration lost\n"); |
159 | + /* |
160 | + * The PCA9564 data sheet (2006-09-01) says "A |
161 | + * START condition will be transmitted when the |
162 | + * bus becomes free (STOP or SCL and SDA high)" |
163 | + * when the STA bit is set (p. 11). |
164 | + * |
165 | + * In case this won't work, try pca_reset() |
166 | + * instead. |
167 | + */ |
168 | + pca_start(adap); |
169 | goto out; |
170 | |
171 | case 0x58: /* Data byte has been received; NOT ACK has been returned */ |
172 | diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c |
173 | index 7199437..b411249 100644 |
174 | --- a/drivers/md/bitmap.c |
175 | +++ b/drivers/md/bitmap.c |
176 | @@ -985,6 +985,9 @@ static int bitmap_init_from_disk(struct bitmap *bitmap, sector_t start) |
177 | oldindex = index; |
178 | oldpage = page; |
179 | |
180 | + bitmap->filemap[bitmap->file_pages++] = page; |
181 | + bitmap->last_page_size = count; |
182 | + |
183 | if (outofdate) { |
184 | /* |
185 | * if bitmap is out of date, dirty the |
186 | @@ -997,15 +1000,9 @@ static int bitmap_init_from_disk(struct bitmap *bitmap, sector_t start) |
187 | write_page(bitmap, page, 1); |
188 | |
189 | ret = -EIO; |
190 | - if (bitmap->flags & BITMAP_WRITE_ERROR) { |
191 | - /* release, page not in filemap yet */ |
192 | - put_page(page); |
193 | + if (bitmap->flags & BITMAP_WRITE_ERROR) |
194 | goto err; |
195 | - } |
196 | } |
197 | - |
198 | - bitmap->filemap[bitmap->file_pages++] = page; |
199 | - bitmap->last_page_size = count; |
200 | } |
201 | paddr = kmap_atomic(page, KM_USER0); |
202 | if (bitmap->flags & BITMAP_HOSTENDIAN) |
203 | @@ -1015,9 +1012,11 @@ static int bitmap_init_from_disk(struct bitmap *bitmap, sector_t start) |
204 | kunmap_atomic(paddr, KM_USER0); |
205 | if (b) { |
206 | /* if the disk bit is set, set the memory bit */ |
207 | - bitmap_set_memory_bits(bitmap, i << CHUNK_BLOCK_SHIFT(bitmap), |
208 | - ((i+1) << (CHUNK_BLOCK_SHIFT(bitmap)) >= start) |
209 | - ); |
210 | + int needed = ((sector_t)(i+1) << (CHUNK_BLOCK_SHIFT(bitmap)) |
211 | + >= start); |
212 | + bitmap_set_memory_bits(bitmap, |
213 | + (sector_t)i << CHUNK_BLOCK_SHIFT(bitmap), |
214 | + needed); |
215 | bit_cnt++; |
216 | set_page_attr(bitmap, page, BITMAP_PAGE_CLEAN); |
217 | } |
218 | @@ -1153,8 +1152,9 @@ void bitmap_daemon_work(struct bitmap *bitmap) |
219 | spin_lock_irqsave(&bitmap->lock, flags); |
220 | clear_page_attr(bitmap, page, BITMAP_PAGE_CLEAN); |
221 | } |
222 | - bmc = bitmap_get_counter(bitmap, j << CHUNK_BLOCK_SHIFT(bitmap), |
223 | - &blocks, 0); |
224 | + bmc = bitmap_get_counter(bitmap, |
225 | + (sector_t)j << CHUNK_BLOCK_SHIFT(bitmap), |
226 | + &blocks, 0); |
227 | if (bmc) { |
228 | /* |
229 | if (j < 100) printk("bitmap: j=%lu, *bmc = 0x%x\n", j, *bmc); |
230 | @@ -1168,7 +1168,8 @@ void bitmap_daemon_work(struct bitmap *bitmap) |
231 | } else if (*bmc == 1) { |
232 | /* we can clear the bit */ |
233 | *bmc = 0; |
234 | - bitmap_count_page(bitmap, j << CHUNK_BLOCK_SHIFT(bitmap), |
235 | + bitmap_count_page(bitmap, |
236 | + (sector_t)j << CHUNK_BLOCK_SHIFT(bitmap), |
237 | -1); |
238 | |
239 | /* clear the bit */ |
240 | @@ -1484,7 +1485,7 @@ void bitmap_dirty_bits(struct bitmap *bitmap, unsigned long s, unsigned long e) |
241 | unsigned long chunk; |
242 | |
243 | for (chunk = s; chunk <= e; chunk++) { |
244 | - sector_t sec = chunk << CHUNK_BLOCK_SHIFT(bitmap); |
245 | + sector_t sec = (sector_t)chunk << CHUNK_BLOCK_SHIFT(bitmap); |
246 | bitmap_set_memory_bits(bitmap, sec, 1); |
247 | bitmap_file_set_bit(bitmap, sec); |
248 | } |
249 | diff --git a/drivers/md/md.c b/drivers/md/md.c |
250 | index a307f87..dc85211 100644 |
251 | --- a/drivers/md/md.c |
252 | +++ b/drivers/md/md.c |
253 | @@ -2844,11 +2844,8 @@ array_state_store(mddev_t *mddev, const char *buf, size_t len) |
254 | } else |
255 | err = -EBUSY; |
256 | spin_unlock_irq(&mddev->write_lock); |
257 | - } else { |
258 | - mddev->ro = 0; |
259 | - mddev->recovery_cp = MaxSector; |
260 | - err = do_md_run(mddev); |
261 | - } |
262 | + } else |
263 | + err = -EINVAL; |
264 | break; |
265 | case active: |
266 | if (mddev->pers) { |
267 | diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c |
268 | index 7301631..d849533 100644 |
269 | --- a/drivers/md/raid10.c |
270 | +++ b/drivers/md/raid10.c |
271 | @@ -1807,17 +1807,17 @@ static sector_t sync_request(mddev_t *mddev, sector_t sector_nr, int *skipped, i |
272 | r10_bio->sector = sect; |
273 | |
274 | raid10_find_phys(conf, r10_bio); |
275 | - /* Need to check if this section will still be |
276 | + |
277 | + /* Need to check if the array will still be |
278 | * degraded |
279 | */ |
280 | - for (j=0; j<conf->copies;j++) { |
281 | - int d = r10_bio->devs[j].devnum; |
282 | - if (conf->mirrors[d].rdev == NULL || |
283 | - test_bit(Faulty, &conf->mirrors[d].rdev->flags)) { |
284 | + for (j=0; j<conf->raid_disks; j++) |
285 | + if (conf->mirrors[j].rdev == NULL || |
286 | + test_bit(Faulty, &conf->mirrors[j].rdev->flags)) { |
287 | still_degraded = 1; |
288 | break; |
289 | } |
290 | - } |
291 | + |
292 | must_sync = bitmap_start_sync(mddev->bitmap, sect, |
293 | &sync_blocks, still_degraded); |
294 | |
295 | diff --git a/drivers/net/e1000/e1000_main.c b/drivers/net/e1000/e1000_main.c |
296 | index 6bd63cc..d436e27 100644 |
297 | --- a/drivers/net/e1000/e1000_main.c |
298 | +++ b/drivers/net/e1000/e1000_main.c |
299 | @@ -3712,7 +3712,7 @@ static irqreturn_t e1000_intr(int irq, void *data) |
300 | struct e1000_hw *hw = &adapter->hw; |
301 | u32 rctl, icr = er32(ICR); |
302 | |
303 | - if (unlikely((!icr) || test_bit(__E1000_RESETTING, &adapter->flags))) |
304 | + if (unlikely((!icr) || test_bit(__E1000_DOWN, &adapter->flags))) |
305 | return IRQ_NONE; /* Not our interrupt */ |
306 | |
307 | /* IMS will not auto-mask if INT_ASSERTED is not set, and if it is |
308 | diff --git a/drivers/net/ehea/ehea_main.c b/drivers/net/ehea/ehea_main.c |
309 | index dfe9226..9a59414 100644 |
310 | --- a/drivers/net/ehea/ehea_main.c |
311 | +++ b/drivers/net/ehea/ehea_main.c |
312 | @@ -529,14 +529,17 @@ static inline struct sk_buff *get_skb_by_index(struct sk_buff **skb_array, |
313 | x &= (arr_len - 1); |
314 | |
315 | pref = skb_array[x]; |
316 | - prefetchw(pref); |
317 | - prefetchw(pref + EHEA_CACHE_LINE); |
318 | - |
319 | - pref = (skb_array[x]->data); |
320 | - prefetch(pref); |
321 | - prefetch(pref + EHEA_CACHE_LINE); |
322 | - prefetch(pref + EHEA_CACHE_LINE * 2); |
323 | - prefetch(pref + EHEA_CACHE_LINE * 3); |
324 | + if (pref) { |
325 | + prefetchw(pref); |
326 | + prefetchw(pref + EHEA_CACHE_LINE); |
327 | + |
328 | + pref = (skb_array[x]->data); |
329 | + prefetch(pref); |
330 | + prefetch(pref + EHEA_CACHE_LINE); |
331 | + prefetch(pref + EHEA_CACHE_LINE * 2); |
332 | + prefetch(pref + EHEA_CACHE_LINE * 3); |
333 | + } |
334 | + |
335 | skb = skb_array[skb_index]; |
336 | skb_array[skb_index] = NULL; |
337 | return skb; |
338 | @@ -553,12 +556,14 @@ static inline struct sk_buff *get_skb_by_index_ll(struct sk_buff **skb_array, |
339 | x &= (arr_len - 1); |
340 | |
341 | pref = skb_array[x]; |
342 | - prefetchw(pref); |
343 | - prefetchw(pref + EHEA_CACHE_LINE); |
344 | + if (pref) { |
345 | + prefetchw(pref); |
346 | + prefetchw(pref + EHEA_CACHE_LINE); |
347 | |
348 | - pref = (skb_array[x]->data); |
349 | - prefetchw(pref); |
350 | - prefetchw(pref + EHEA_CACHE_LINE); |
351 | + pref = (skb_array[x]->data); |
352 | + prefetchw(pref); |
353 | + prefetchw(pref + EHEA_CACHE_LINE); |
354 | + } |
355 | |
356 | skb = skb_array[wqe_index]; |
357 | skb_array[wqe_index] = NULL; |
358 | diff --git a/drivers/net/ne2k-pci.c b/drivers/net/ne2k-pci.c |
359 | index f090d3b..453d6bb 100644 |
360 | --- a/drivers/net/ne2k-pci.c |
361 | +++ b/drivers/net/ne2k-pci.c |
362 | @@ -373,18 +373,17 @@ static int __devinit ne2k_pci_init_one (struct pci_dev *pdev, |
363 | dev->ethtool_ops = &ne2k_pci_ethtool_ops; |
364 | NS8390_init(dev, 0); |
365 | |
366 | + memcpy(dev->dev_addr, SA_prom, 6); |
367 | + memcpy(dev->perm_addr, dev->dev_addr, dev->addr_len); |
368 | + |
369 | i = register_netdev(dev); |
370 | if (i) |
371 | goto err_out_free_netdev; |
372 | |
373 | - for(i = 0; i < 6; i++) |
374 | - dev->dev_addr[i] = SA_prom[i]; |
375 | printk("%s: %s found at %#lx, IRQ %d, %pM.\n", |
376 | dev->name, pci_clone_list[chip_idx].name, ioaddr, dev->irq, |
377 | dev->dev_addr); |
378 | |
379 | - memcpy(dev->perm_addr, dev->dev_addr, dev->addr_len); |
380 | - |
381 | return 0; |
382 | |
383 | err_out_free_netdev: |
384 | diff --git a/drivers/serial/mpc52xx_uart.c b/drivers/serial/mpc52xx_uart.c |
385 | index 0c3a2ab..28d2c8d 100644 |
386 | --- a/drivers/serial/mpc52xx_uart.c |
387 | +++ b/drivers/serial/mpc52xx_uart.c |
388 | @@ -522,7 +522,7 @@ mpc52xx_uart_startup(struct uart_port *port) |
389 | |
390 | /* Request IRQ */ |
391 | ret = request_irq(port->irq, mpc52xx_uart_int, |
392 | - IRQF_DISABLED | IRQF_SAMPLE_RANDOM | IRQF_SHARED, |
393 | + IRQF_DISABLED | IRQF_SAMPLE_RANDOM, |
394 | "mpc52xx_psc_uart", port); |
395 | if (ret) |
396 | return ret; |
397 | diff --git a/drivers/usb/gadget/usbstring.c b/drivers/usb/gadget/usbstring.c |
398 | index 4154be3..58c4d37 100644 |
399 | --- a/drivers/usb/gadget/usbstring.c |
400 | +++ b/drivers/usb/gadget/usbstring.c |
401 | @@ -38,7 +38,7 @@ static int utf8_to_utf16le(const char *s, __le16 *cp, unsigned len) |
402 | uchar = (c & 0x1f) << 6; |
403 | |
404 | c = (u8) *s++; |
405 | - if ((c & 0xc0) != 0xc0) |
406 | + if ((c & 0xc0) != 0x80) |
407 | goto fail; |
408 | c &= 0x3f; |
409 | uchar |= c; |
410 | @@ -49,13 +49,13 @@ static int utf8_to_utf16le(const char *s, __le16 *cp, unsigned len) |
411 | uchar = (c & 0x0f) << 12; |
412 | |
413 | c = (u8) *s++; |
414 | - if ((c & 0xc0) != 0xc0) |
415 | + if ((c & 0xc0) != 0x80) |
416 | goto fail; |
417 | c &= 0x3f; |
418 | uchar |= c << 6; |
419 | |
420 | c = (u8) *s++; |
421 | - if ((c & 0xc0) != 0xc0) |
422 | + if ((c & 0xc0) != 0x80) |
423 | goto fail; |
424 | c &= 0x3f; |
425 | uchar |= c; |
426 | diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c |
427 | index bb3143e..5daa517 100644 |
428 | --- a/drivers/usb/serial/ftdi_sio.c |
429 | +++ b/drivers/usb/serial/ftdi_sio.c |
430 | @@ -56,6 +56,7 @@ static __u16 vendor = FTDI_VID; |
431 | static __u16 product; |
432 | |
433 | struct ftdi_private { |
434 | + struct kref kref; |
435 | ftdi_chip_type_t chip_type; |
436 | /* type of device, either SIO or FT8U232AM */ |
437 | int baud_base; /* baud base clock for divisor setting */ |
438 | @@ -1352,6 +1353,7 @@ static int ftdi_sio_port_probe(struct usb_serial_port *port) |
439 | return -ENOMEM; |
440 | } |
441 | |
442 | + kref_init(&priv->kref); |
443 | spin_lock_init(&priv->rx_lock); |
444 | spin_lock_init(&priv->tx_lock); |
445 | init_waitqueue_head(&priv->delta_msr_wait); |
446 | @@ -1468,6 +1470,13 @@ static void ftdi_shutdown(struct usb_serial *serial) |
447 | dbg("%s", __func__); |
448 | } |
449 | |
450 | +static void ftdi_sio_priv_release(struct kref *k) |
451 | +{ |
452 | + struct ftdi_private *priv = container_of(k, struct ftdi_private, kref); |
453 | + |
454 | + kfree(priv); |
455 | +} |
456 | + |
457 | static int ftdi_sio_port_remove(struct usb_serial_port *port) |
458 | { |
459 | struct ftdi_private *priv = usb_get_serial_port_data(port); |
460 | @@ -1482,7 +1491,7 @@ static int ftdi_sio_port_remove(struct usb_serial_port *port) |
461 | |
462 | if (priv) { |
463 | usb_set_serial_port_data(port, NULL); |
464 | - kfree(priv); |
465 | + kref_put(&priv->kref, ftdi_sio_priv_release); |
466 | } |
467 | |
468 | return 0; |
469 | @@ -1547,7 +1556,8 @@ static int ftdi_open(struct tty_struct *tty, |
470 | dev_err(&port->dev, |
471 | "%s - failed submitting read urb, error %d\n", |
472 | __func__, result); |
473 | - |
474 | + else |
475 | + kref_get(&priv->kref); |
476 | |
477 | return result; |
478 | } /* ftdi_open */ |
479 | @@ -1589,11 +1599,11 @@ static void ftdi_close(struct tty_struct *tty, |
480 | mutex_unlock(&port->serial->disc_mutex); |
481 | |
482 | /* cancel any scheduled reading */ |
483 | - cancel_delayed_work(&priv->rx_work); |
484 | - flush_scheduled_work(); |
485 | + cancel_delayed_work_sync(&priv->rx_work); |
486 | |
487 | /* shutdown our bulk read */ |
488 | usb_kill_urb(port->read_urb); |
489 | + kref_put(&priv->kref, ftdi_sio_priv_release); |
490 | } /* ftdi_close */ |
491 | |
492 | |
493 | diff --git a/drivers/video/fb_defio.c b/drivers/video/fb_defio.c |
494 | index 0820265..0a7a667 100644 |
495 | --- a/drivers/video/fb_defio.c |
496 | +++ b/drivers/video/fb_defio.c |
497 | @@ -85,8 +85,9 @@ EXPORT_SYMBOL_GPL(fb_deferred_io_fsync); |
498 | |
499 | /* vm_ops->page_mkwrite handler */ |
500 | static int fb_deferred_io_mkwrite(struct vm_area_struct *vma, |
501 | - struct page *page) |
502 | + struct vm_fault *vmf) |
503 | { |
504 | + struct page *page = vmf->page; |
505 | struct fb_info *info = vma->vm_private_data; |
506 | struct fb_deferred_io *fbdefio = info->fbdefio; |
507 | struct page *cur; |
508 | diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h |
509 | index 5e1d4e3..7dd1b6d 100644 |
510 | --- a/fs/btrfs/ctree.h |
511 | +++ b/fs/btrfs/ctree.h |
512 | @@ -2060,7 +2060,7 @@ int btrfs_merge_bio_hook(struct page *page, unsigned long offset, |
513 | unsigned long btrfs_force_ra(struct address_space *mapping, |
514 | struct file_ra_state *ra, struct file *file, |
515 | pgoff_t offset, pgoff_t last_index); |
516 | -int btrfs_page_mkwrite(struct vm_area_struct *vma, struct page *page); |
517 | +int btrfs_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf); |
518 | int btrfs_readpage(struct file *file, struct page *page); |
519 | void btrfs_delete_inode(struct inode *inode); |
520 | void btrfs_put_inode(struct inode *inode); |
521 | diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c |
522 | index 7d4f948..17e608c 100644 |
523 | --- a/fs/btrfs/inode.c |
524 | +++ b/fs/btrfs/inode.c |
525 | @@ -4292,8 +4292,9 @@ static void btrfs_invalidatepage(struct page *page, unsigned long offset) |
526 | * beyond EOF, then the page is guaranteed safe against truncation until we |
527 | * unlock the page. |
528 | */ |
529 | -int btrfs_page_mkwrite(struct vm_area_struct *vma, struct page *page) |
530 | +int btrfs_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf) |
531 | { |
532 | + struct page *page = vmf->page; |
533 | struct inode *inode = fdentry(vma->vm_file)->d_inode; |
534 | struct btrfs_root *root = BTRFS_I(inode)->root; |
535 | struct extent_io_tree *io_tree = &BTRFS_I(inode)->io_tree; |
536 | @@ -4306,10 +4307,15 @@ int btrfs_page_mkwrite(struct vm_area_struct *vma, struct page *page) |
537 | u64 page_end; |
538 | |
539 | ret = btrfs_check_data_free_space(root, inode, PAGE_CACHE_SIZE); |
540 | - if (ret) |
541 | + if (ret) { |
542 | + if (ret == -ENOMEM) |
543 | + ret = VM_FAULT_OOM; |
544 | + else /* -ENOSPC, -EIO, etc */ |
545 | + ret = VM_FAULT_SIGBUS; |
546 | goto out; |
547 | + } |
548 | |
549 | - ret = -EINVAL; |
550 | + ret = VM_FAULT_NOPAGE; /* make the VM retry the fault */ |
551 | again: |
552 | lock_page(page); |
553 | size = i_size_read(inode); |
554 | diff --git a/fs/buffer.c b/fs/buffer.c |
555 | index 891e1c7..4eb8992 100644 |
556 | --- a/fs/buffer.c |
557 | +++ b/fs/buffer.c |
558 | @@ -2465,20 +2465,22 @@ int block_commit_write(struct page *page, unsigned from, unsigned to) |
559 | * unlock the page. |
560 | */ |
561 | int |
562 | -block_page_mkwrite(struct vm_area_struct *vma, struct page *page, |
563 | +block_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf, |
564 | get_block_t get_block) |
565 | { |
566 | + struct page *page = vmf->page; |
567 | struct inode *inode = vma->vm_file->f_path.dentry->d_inode; |
568 | unsigned long end; |
569 | loff_t size; |
570 | - int ret = -EINVAL; |
571 | + int ret = VM_FAULT_NOPAGE; /* make the VM retry the fault */ |
572 | |
573 | lock_page(page); |
574 | size = i_size_read(inode); |
575 | if ((page->mapping != inode->i_mapping) || |
576 | (page_offset(page) > size)) { |
577 | /* page got truncated out from underneath us */ |
578 | - goto out_unlock; |
579 | + unlock_page(page); |
580 | + goto out; |
581 | } |
582 | |
583 | /* page is wholly or partially inside EOF */ |
584 | @@ -2491,8 +2493,16 @@ block_page_mkwrite(struct vm_area_struct *vma, struct page *page, |
585 | if (!ret) |
586 | ret = block_commit_write(page, 0, end); |
587 | |
588 | -out_unlock: |
589 | - unlock_page(page); |
590 | + if (unlikely(ret)) { |
591 | + unlock_page(page); |
592 | + if (ret == -ENOMEM) |
593 | + ret = VM_FAULT_OOM; |
594 | + else /* -ENOSPC, -EIO, etc */ |
595 | + ret = VM_FAULT_SIGBUS; |
596 | + } else |
597 | + ret = VM_FAULT_LOCKED; |
598 | + |
599 | +out: |
600 | return ret; |
601 | } |
602 | |
603 | diff --git a/fs/cifs/cifs_unicode.h b/fs/cifs/cifs_unicode.h |
604 | index 14eb9a2..604ce8a 100644 |
605 | --- a/fs/cifs/cifs_unicode.h |
606 | +++ b/fs/cifs/cifs_unicode.h |
607 | @@ -64,6 +64,13 @@ int cifs_strtoUCS(__le16 *, const char *, int, const struct nls_table *); |
608 | #endif |
609 | |
610 | /* |
611 | + * To be safe - for UCS to UTF-8 with strings loaded with the rare long |
612 | + * characters alloc more to account for such multibyte target UTF-8 |
613 | + * characters. |
614 | + */ |
615 | +#define UNICODE_NAME_MAX ((4 * NAME_MAX) + 2) |
616 | + |
617 | +/* |
618 | * UniStrcat: Concatenate the second string to the first |
619 | * |
620 | * Returns: |
621 | diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c |
622 | index 71ae000..4fbb6b5 100644 |
623 | --- a/fs/cifs/cifssmb.c |
624 | +++ b/fs/cifs/cifssmb.c |
625 | @@ -91,23 +91,22 @@ static int |
626 | cifs_strncpy_to_host(char **dst, const char *src, const int maxlen, |
627 | const bool is_unicode, const struct nls_table *nls_codepage) |
628 | { |
629 | - int plen; |
630 | + int src_len, dst_len; |
631 | |
632 | if (is_unicode) { |
633 | - plen = UniStrnlen((wchar_t *)src, maxlen); |
634 | - *dst = kmalloc(plen + 2, GFP_KERNEL); |
635 | + src_len = UniStrnlen((wchar_t *)src, maxlen); |
636 | + *dst = kmalloc((4 * src_len) + 2, GFP_KERNEL); |
637 | if (!*dst) |
638 | goto cifs_strncpy_to_host_ErrExit; |
639 | - cifs_strfromUCS_le(*dst, (__le16 *)src, plen, nls_codepage); |
640 | + dst_len = cifs_strfromUCS_le(*dst, (__le16 *)src, src_len, nls_codepage); |
641 | + (*dst)[dst_len + 1] = 0; |
642 | } else { |
643 | - plen = strnlen(src, maxlen); |
644 | - *dst = kmalloc(plen + 2, GFP_KERNEL); |
645 | + src_len = strnlen(src, maxlen); |
646 | + *dst = kmalloc(src_len + 1, GFP_KERNEL); |
647 | if (!*dst) |
648 | goto cifs_strncpy_to_host_ErrExit; |
649 | - strncpy(*dst, src, plen); |
650 | + strlcpy(*dst, src, src_len + 1); |
651 | } |
652 | - (*dst)[plen] = 0; |
653 | - (*dst)[plen+1] = 0; /* harmless for ASCII case, needed for Unicode */ |
654 | return 0; |
655 | |
656 | cifs_strncpy_to_host_ErrExit: |
657 | diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c |
658 | index 4b64f39..0344b26 100644 |
659 | --- a/fs/cifs/connect.c |
660 | +++ b/fs/cifs/connect.c |
661 | @@ -3667,16 +3667,12 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses, |
662 | BCC(smb_buffer_response)) { |
663 | kfree(tcon->nativeFileSystem); |
664 | tcon->nativeFileSystem = |
665 | - kzalloc(2*(length + 1), GFP_KERNEL); |
666 | + kzalloc((4 * length) + 2, GFP_KERNEL); |
667 | if (tcon->nativeFileSystem) |
668 | cifs_strfromUCS_le( |
669 | tcon->nativeFileSystem, |
670 | (__le16 *) bcc_ptr, |
671 | length, nls_codepage); |
672 | - bcc_ptr += 2 * length; |
673 | - bcc_ptr[0] = 0; /* null terminate the string */ |
674 | - bcc_ptr[1] = 0; |
675 | - bcc_ptr += 2; |
676 | } |
677 | /* else do not bother copying these information fields*/ |
678 | } else { |
679 | diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c |
680 | index 4c89c57..b2990b1 100644 |
681 | --- a/fs/cifs/misc.c |
682 | +++ b/fs/cifs/misc.c |
683 | @@ -691,14 +691,15 @@ cifs_convertUCSpath(char *target, const __le16 *source, int maxlen, |
684 | NLS_MAX_CHARSET_SIZE); |
685 | if (len > 0) { |
686 | j += len; |
687 | - continue; |
688 | + goto overrun_chk; |
689 | } else { |
690 | target[j] = '?'; |
691 | } |
692 | } |
693 | j++; |
694 | /* make sure we do not overrun callers allocated temp buffer */ |
695 | - if (j >= (2 * NAME_MAX)) |
696 | +overrun_chk: |
697 | + if (j >= UNICODE_NAME_MAX) |
698 | break; |
699 | } |
700 | cUCS_out: |
701 | diff --git a/fs/cifs/readdir.c b/fs/cifs/readdir.c |
702 | index c2c01ff..0bdd5a6 100644 |
703 | --- a/fs/cifs/readdir.c |
704 | +++ b/fs/cifs/readdir.c |
705 | @@ -1072,7 +1072,7 @@ int cifs_readdir(struct file *file, void *direntry, filldir_t filldir) |
706 | with the rare long characters alloc more to account for |
707 | such multibyte target UTF-8 characters. cifs_unicode.c, |
708 | which actually does the conversion, has the same limit */ |
709 | - tmp_buf = kmalloc((2 * NAME_MAX) + 4, GFP_KERNEL); |
710 | + tmp_buf = kmalloc(UNICODE_NAME_MAX, GFP_KERNEL); |
711 | for (i = 0; (i < num_to_fill) && (rc == 0); i++) { |
712 | if (current_entry == NULL) { |
713 | /* evaluate whether this case is an error */ |
714 | diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c |
715 | index 5c68b42..23e8f99 100644 |
716 | --- a/fs/cifs/sess.c |
717 | +++ b/fs/cifs/sess.c |
718 | @@ -111,7 +111,7 @@ static __le16 get_next_vcnum(struct cifsSesInfo *ses) |
719 | get_vc_num_exit: |
720 | write_unlock(&cifs_tcp_ses_lock); |
721 | |
722 | - return le16_to_cpu(vcnum); |
723 | + return cpu_to_le16(vcnum); |
724 | } |
725 | |
726 | static __u32 cifs_ssetup_hdr(struct cifsSesInfo *ses, SESSION_SETUP_ANDX *pSMB) |
727 | @@ -285,27 +285,26 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft, |
728 | int words_left, len; |
729 | char *data = *pbcc_area; |
730 | |
731 | - |
732 | - |
733 | cFYI(1, ("bleft %d", bleft)); |
734 | |
735 | - |
736 | - /* SMB header is unaligned, so cifs servers word align start of |
737 | - Unicode strings */ |
738 | - data++; |
739 | - bleft--; /* Windows servers do not always double null terminate |
740 | - their final Unicode string - in which case we |
741 | - now will not attempt to decode the byte of junk |
742 | - which follows it */ |
743 | + /* |
744 | + * Windows servers do not always double null terminate their final |
745 | + * Unicode string. Check to see if there are an uneven number of bytes |
746 | + * left. If so, then add an extra NULL pad byte to the end of the |
747 | + * response. |
748 | + * |
749 | + * See section 2.7.2 in "Implementing CIFS" for details |
750 | + */ |
751 | + if (bleft % 2) { |
752 | + data[bleft] = 0; |
753 | + ++bleft; |
754 | + } |
755 | |
756 | words_left = bleft / 2; |
757 | |
758 | /* save off server operating system */ |
759 | len = UniStrnlen((wchar_t *) data, words_left); |
760 | |
761 | -/* We look for obvious messed up bcc or strings in response so we do not go off |
762 | - the end since (at least) WIN2K and Windows XP have a major bug in not null |
763 | - terminating last Unicode string in response */ |
764 | if (len >= words_left) |
765 | return rc; |
766 | |
767 | @@ -343,13 +342,10 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft, |
768 | return rc; |
769 | |
770 | kfree(ses->serverDomain); |
771 | - ses->serverDomain = kzalloc(2 * (len + 1), GFP_KERNEL); /* BB FIXME wrong length */ |
772 | - if (ses->serverDomain != NULL) { |
773 | + ses->serverDomain = kzalloc((4 * len) + 2, GFP_KERNEL); |
774 | + if (ses->serverDomain != NULL) |
775 | cifs_strfromUCS_le(ses->serverDomain, (__le16 *)data, len, |
776 | nls_cp); |
777 | - ses->serverDomain[2*len] = 0; |
778 | - ses->serverDomain[(2*len) + 1] = 0; |
779 | - } |
780 | data += 2 * (len + 1); |
781 | words_left -= len + 1; |
782 | |
783 | @@ -702,12 +698,18 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time, |
784 | } |
785 | |
786 | /* BB check if Unicode and decode strings */ |
787 | - if (smb_buf->Flags2 & SMBFLG2_UNICODE) |
788 | + if (smb_buf->Flags2 & SMBFLG2_UNICODE) { |
789 | + /* unicode string area must be word-aligned */ |
790 | + if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) { |
791 | + ++bcc_ptr; |
792 | + --bytes_remaining; |
793 | + } |
794 | rc = decode_unicode_ssetup(&bcc_ptr, bytes_remaining, |
795 | - ses, nls_cp); |
796 | - else |
797 | + ses, nls_cp); |
798 | + } else { |
799 | rc = decode_ascii_ssetup(&bcc_ptr, bytes_remaining, |
800 | ses, nls_cp); |
801 | + } |
802 | |
803 | ssetup_exit: |
804 | if (spnego_key) { |
805 | diff --git a/fs/eventpoll.c b/fs/eventpoll.c |
806 | index 011b9b8..e323e47 100644 |
807 | --- a/fs/eventpoll.c |
808 | +++ b/fs/eventpoll.c |
809 | @@ -1136,7 +1136,7 @@ error_return: |
810 | |
811 | SYSCALL_DEFINE1(epoll_create, int, size) |
812 | { |
813 | - if (size < 0) |
814 | + if (size <= 0) |
815 | return -EINVAL; |
816 | |
817 | return sys_epoll_create1(0); |
818 | diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h |
819 | index b0c87dc..90909f9 100644 |
820 | --- a/fs/ext4/ext4.h |
821 | +++ b/fs/ext4/ext4.h |
822 | @@ -1097,7 +1097,7 @@ extern int ext4_meta_trans_blocks(struct inode *, int nrblocks, int idxblocks); |
823 | extern int ext4_chunk_trans_blocks(struct inode *, int nrblocks); |
824 | extern int ext4_block_truncate_page(handle_t *handle, |
825 | struct address_space *mapping, loff_t from); |
826 | -extern int ext4_page_mkwrite(struct vm_area_struct *vma, struct page *page); |
827 | +extern int ext4_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf); |
828 | |
829 | /* ioctl.c */ |
830 | extern long ext4_ioctl(struct file *, unsigned int, unsigned long); |
831 | diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c |
832 | index c7fed5b..2c0439d 100644 |
833 | --- a/fs/ext4/inode.c |
834 | +++ b/fs/ext4/inode.c |
835 | @@ -5116,8 +5116,9 @@ static int ext4_bh_unmapped(handle_t *handle, struct buffer_head *bh) |
836 | return !buffer_mapped(bh); |
837 | } |
838 | |
839 | -int ext4_page_mkwrite(struct vm_area_struct *vma, struct page *page) |
840 | +int ext4_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf) |
841 | { |
842 | + struct page *page = vmf->page; |
843 | loff_t size; |
844 | unsigned long len; |
845 | int ret = -EINVAL; |
846 | @@ -5169,6 +5170,8 @@ int ext4_page_mkwrite(struct vm_area_struct *vma, struct page *page) |
847 | goto out_unlock; |
848 | ret = 0; |
849 | out_unlock: |
850 | + if (ret) |
851 | + ret = VM_FAULT_SIGBUS; |
852 | up_read(&inode->i_alloc_sem); |
853 | return ret; |
854 | } |
855 | diff --git a/fs/fcntl.c b/fs/fcntl.c |
856 | index bd215cc..fc2aaa6 100644 |
857 | --- a/fs/fcntl.c |
858 | +++ b/fs/fcntl.c |
859 | @@ -117,11 +117,13 @@ SYSCALL_DEFINE2(dup2, unsigned int, oldfd, unsigned int, newfd) |
860 | { |
861 | if (unlikely(newfd == oldfd)) { /* corner case */ |
862 | struct files_struct *files = current->files; |
863 | + int retval = oldfd; |
864 | + |
865 | rcu_read_lock(); |
866 | if (!fcheck_files(files, oldfd)) |
867 | - oldfd = -EBADF; |
868 | + retval = -EBADF; |
869 | rcu_read_unlock(); |
870 | - return oldfd; |
871 | + return retval; |
872 | } |
873 | return sys_dup3(oldfd, newfd, 0); |
874 | } |
875 | diff --git a/fs/fuse/file.c b/fs/fuse/file.c |
876 | index 821d10f..4e340fe 100644 |
877 | --- a/fs/fuse/file.c |
878 | +++ b/fs/fuse/file.c |
879 | @@ -1234,8 +1234,9 @@ static void fuse_vma_close(struct vm_area_struct *vma) |
880 | * - sync(2) |
881 | * - try_to_free_pages() with order > PAGE_ALLOC_COSTLY_ORDER |
882 | */ |
883 | -static int fuse_page_mkwrite(struct vm_area_struct *vma, struct page *page) |
884 | +static int fuse_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf) |
885 | { |
886 | + struct page *page = vmf->page; |
887 | /* |
888 | * Don't use page->mapping as it may become NULL from a |
889 | * concurrent truncate. |
890 | diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c |
891 | index 459b73d..75ca5ac 100644 |
892 | --- a/fs/fuse/inode.c |
893 | +++ b/fs/fuse/inode.c |
894 | @@ -908,6 +908,7 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent) |
895 | err_put_root: |
896 | dput(root_dentry); |
897 | err_put_conn: |
898 | + bdi_destroy(&fc->bdi); |
899 | fuse_conn_put(fc); |
900 | err_fput: |
901 | fput(file); |
902 | diff --git a/fs/gfs2/ops_file.c b/fs/gfs2/ops_file.c |
903 | index 93fe41b..0093a33 100644 |
904 | --- a/fs/gfs2/ops_file.c |
905 | +++ b/fs/gfs2/ops_file.c |
906 | @@ -336,8 +336,9 @@ static int gfs2_allocate_page_backing(struct page *page) |
907 | * blocks allocated on disk to back that page. |
908 | */ |
909 | |
910 | -static int gfs2_page_mkwrite(struct vm_area_struct *vma, struct page *page) |
911 | +static int gfs2_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf) |
912 | { |
913 | + struct page *page = vmf->page; |
914 | struct inode *inode = vma->vm_file->f_path.dentry->d_inode; |
915 | struct gfs2_inode *ip = GFS2_I(inode); |
916 | struct gfs2_sbd *sdp = GFS2_SB(inode); |
917 | @@ -409,6 +410,10 @@ out_unlock: |
918 | gfs2_glock_dq(&gh); |
919 | out: |
920 | gfs2_holder_uninit(&gh); |
921 | + if (ret == -ENOMEM) |
922 | + ret = VM_FAULT_OOM; |
923 | + else if (ret) |
924 | + ret = VM_FAULT_SIGBUS; |
925 | return ret; |
926 | } |
927 | |
928 | diff --git a/fs/ioctl.c b/fs/ioctl.c |
929 | index 240ec63..344d9f3 100644 |
930 | --- a/fs/ioctl.c |
931 | +++ b/fs/ioctl.c |
932 | @@ -258,7 +258,7 @@ int __generic_block_fiemap(struct inode *inode, |
933 | long long length = 0, map_len = 0; |
934 | u64 logical = 0, phys = 0, size = 0; |
935 | u32 flags = FIEMAP_EXTENT_MERGED; |
936 | - int ret = 0; |
937 | + int ret = 0, past_eof = 0, whole_file = 0; |
938 | |
939 | if ((ret = fiemap_check_flags(fieinfo, FIEMAP_FLAG_SYNC))) |
940 | return ret; |
941 | @@ -266,6 +266,9 @@ int __generic_block_fiemap(struct inode *inode, |
942 | start_blk = logical_to_blk(inode, start); |
943 | |
944 | length = (long long)min_t(u64, len, i_size_read(inode)); |
945 | + if (length < len) |
946 | + whole_file = 1; |
947 | + |
948 | map_len = length; |
949 | |
950 | do { |
951 | @@ -282,11 +285,26 @@ int __generic_block_fiemap(struct inode *inode, |
952 | |
953 | /* HOLE */ |
954 | if (!buffer_mapped(&tmp)) { |
955 | + length -= blk_to_logical(inode, 1); |
956 | + start_blk++; |
957 | + |
958 | + /* |
959 | + * we want to handle the case where there is an |
960 | + * allocated block at the front of the file, and then |
961 | + * nothing but holes up to the end of the file properly, |
962 | + * to make sure that extent at the front gets properly |
963 | + * marked with FIEMAP_EXTENT_LAST |
964 | + */ |
965 | + if (!past_eof && |
966 | + blk_to_logical(inode, start_blk) >= |
967 | + blk_to_logical(inode, 0)+i_size_read(inode)) |
968 | + past_eof = 1; |
969 | + |
970 | /* |
971 | * first hole after going past the EOF, this is our |
972 | * last extent |
973 | */ |
974 | - if (length <= 0) { |
975 | + if (past_eof && size) { |
976 | flags = FIEMAP_EXTENT_MERGED|FIEMAP_EXTENT_LAST; |
977 | ret = fiemap_fill_next_extent(fieinfo, logical, |
978 | phys, size, |
979 | @@ -294,15 +312,37 @@ int __generic_block_fiemap(struct inode *inode, |
980 | break; |
981 | } |
982 | |
983 | - length -= blk_to_logical(inode, 1); |
984 | - |
985 | /* if we have holes up to/past EOF then we're done */ |
986 | - if (length <= 0) |
987 | + if (length <= 0 || past_eof) |
988 | break; |
989 | - |
990 | - start_blk++; |
991 | } else { |
992 | - if (length <= 0 && size) { |
993 | + /* |
994 | + * we have gone over the length of what we wanted to |
995 | + * map, and it wasn't the entire file, so add the extent |
996 | + * we got last time and exit. |
997 | + * |
998 | + * This is for the case where say we want to map all the |
999 | + * way up to the second to the last block in a file, but |
1000 | + * the last block is a hole, making the second to last |
1001 | + * block FIEMAP_EXTENT_LAST. In this case we want to |
1002 | + * see if there is a hole after the second to last block |
1003 | + * so we can mark it properly. If we found data after |
1004 | + * we exceeded the length we were requesting, then we |
1005 | + * are good to go, just add the extent to the fieinfo |
1006 | + * and break |
1007 | + */ |
1008 | + if (length <= 0 && !whole_file) { |
1009 | + ret = fiemap_fill_next_extent(fieinfo, logical, |
1010 | + phys, size, |
1011 | + flags); |
1012 | + break; |
1013 | + } |
1014 | + |
1015 | + /* |
1016 | + * if size != 0 then we know we already have an extent |
1017 | + * to add, so add it. |
1018 | + */ |
1019 | + if (size) { |
1020 | ret = fiemap_fill_next_extent(fieinfo, logical, |
1021 | phys, size, |
1022 | flags); |
1023 | @@ -319,19 +359,14 @@ int __generic_block_fiemap(struct inode *inode, |
1024 | start_blk += logical_to_blk(inode, size); |
1025 | |
1026 | /* |
1027 | - * if we are past the EOF we need to loop again to see |
1028 | - * if there is a hole so we can mark this extent as the |
1029 | - * last one, and if not keep mapping things until we |
1030 | - * find a hole, or we run out of slots in the extent |
1031 | - * array |
1032 | + * If we are past the EOF, then we need to make sure as |
1033 | + * soon as we find a hole that the last extent we found |
1034 | + * is marked with FIEMAP_EXTENT_LAST |
1035 | */ |
1036 | - if (length <= 0) |
1037 | - continue; |
1038 | - |
1039 | - ret = fiemap_fill_next_extent(fieinfo, logical, phys, |
1040 | - size, flags); |
1041 | - if (ret) |
1042 | - break; |
1043 | + if (!past_eof && |
1044 | + logical+size >= |
1045 | + blk_to_logical(inode, 0)+i_size_read(inode)) |
1046 | + past_eof = 1; |
1047 | } |
1048 | cond_resched(); |
1049 | } while (1); |
1050 | diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c |
1051 | index 64f1c31..38af057 100644 |
1052 | --- a/fs/lockd/svc.c |
1053 | +++ b/fs/lockd/svc.c |
1054 | @@ -115,6 +115,16 @@ static void set_grace_period(void) |
1055 | schedule_delayed_work(&grace_period_end, grace_period); |
1056 | } |
1057 | |
1058 | +static void restart_grace(void) |
1059 | +{ |
1060 | + if (nlmsvc_ops) { |
1061 | + cancel_delayed_work_sync(&grace_period_end); |
1062 | + locks_end_grace(&lockd_manager); |
1063 | + nlmsvc_invalidate_all(); |
1064 | + set_grace_period(); |
1065 | + } |
1066 | +} |
1067 | + |
1068 | /* |
1069 | * This is the lockd kernel thread |
1070 | */ |
1071 | @@ -160,10 +170,7 @@ lockd(void *vrqstp) |
1072 | |
1073 | if (signalled()) { |
1074 | flush_signals(current); |
1075 | - if (nlmsvc_ops) { |
1076 | - nlmsvc_invalidate_all(); |
1077 | - set_grace_period(); |
1078 | - } |
1079 | + restart_grace(); |
1080 | continue; |
1081 | } |
1082 | |
1083 | diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c |
1084 | index 672368f..3b2f697 100644 |
1085 | --- a/fs/nfs/dir.c |
1086 | +++ b/fs/nfs/dir.c |
1087 | @@ -1624,8 +1624,7 @@ static int nfs_rename(struct inode *old_dir, struct dentry *old_dentry, |
1088 | } else if (atomic_read(&new_dentry->d_count) > 1) |
1089 | /* dentry still busy? */ |
1090 | goto out; |
1091 | - } else |
1092 | - nfs_drop_nlink(new_inode); |
1093 | + } |
1094 | |
1095 | go_ahead: |
1096 | /* |
1097 | @@ -1638,10 +1637,8 @@ go_ahead: |
1098 | } |
1099 | nfs_inode_return_delegation(old_inode); |
1100 | |
1101 | - if (new_inode != NULL) { |
1102 | + if (new_inode != NULL) |
1103 | nfs_inode_return_delegation(new_inode); |
1104 | - d_delete(new_dentry); |
1105 | - } |
1106 | |
1107 | error = NFS_PROTO(old_dir)->rename(old_dir, &old_dentry->d_name, |
1108 | new_dir, &new_dentry->d_name); |
1109 | @@ -1650,6 +1647,8 @@ out: |
1110 | if (rehash) |
1111 | d_rehash(rehash); |
1112 | if (!error) { |
1113 | + if (new_inode != NULL) |
1114 | + nfs_drop_nlink(new_inode); |
1115 | d_move(old_dentry, new_dentry); |
1116 | nfs_set_verifier(new_dentry, |
1117 | nfs_save_change_attribute(new_dir)); |
1118 | diff --git a/fs/nfs/file.c b/fs/nfs/file.c |
1119 | index 90f292b..523e7e0 100644 |
1120 | --- a/fs/nfs/file.c |
1121 | +++ b/fs/nfs/file.c |
1122 | @@ -451,8 +451,9 @@ const struct address_space_operations nfs_file_aops = { |
1123 | .launder_page = nfs_launder_page, |
1124 | }; |
1125 | |
1126 | -static int nfs_vm_page_mkwrite(struct vm_area_struct *vma, struct page *page) |
1127 | +static int nfs_vm_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf) |
1128 | { |
1129 | + struct page *page = vmf->page; |
1130 | struct file *filp = vma->vm_file; |
1131 | struct dentry *dentry = filp->f_path.dentry; |
1132 | unsigned pagelen; |
1133 | @@ -479,11 +480,11 @@ static int nfs_vm_page_mkwrite(struct vm_area_struct *vma, struct page *page) |
1134 | goto out_unlock; |
1135 | |
1136 | ret = nfs_updatepage(filp, page, 0, pagelen); |
1137 | - if (ret == 0) |
1138 | - ret = pagelen; |
1139 | out_unlock: |
1140 | + if (!ret) |
1141 | + return VM_FAULT_LOCKED; |
1142 | unlock_page(page); |
1143 | - return ret; |
1144 | + return VM_FAULT_SIGBUS; |
1145 | } |
1146 | |
1147 | static struct vm_operations_struct nfs_file_vm_ops = { |
1148 | diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c |
1149 | index 9250067..4c5fb99 100644 |
1150 | --- a/fs/nfsd/nfs4xdr.c |
1151 | +++ b/fs/nfsd/nfs4xdr.c |
1152 | @@ -1843,6 +1843,15 @@ nfsd4_encode_dirent_fattr(struct nfsd4_readdir *cd, |
1153 | dentry = lookup_one_len(name, cd->rd_fhp->fh_dentry, namlen); |
1154 | if (IS_ERR(dentry)) |
1155 | return nfserrno(PTR_ERR(dentry)); |
1156 | + if (!dentry->d_inode) { |
1157 | + /* |
1158 | + * nfsd_buffered_readdir drops the i_mutex between |
1159 | + * readdir and calling this callback, leaving a window |
1160 | + * where this directory entry could have gone away. |
1161 | + */ |
1162 | + dput(dentry); |
1163 | + return nfserr_noent; |
1164 | + } |
1165 | |
1166 | exp_get(exp); |
1167 | /* |
1168 | @@ -1905,6 +1914,7 @@ nfsd4_encode_dirent(void *ccdv, const char *name, int namlen, |
1169 | struct nfsd4_readdir *cd = container_of(ccd, struct nfsd4_readdir, common); |
1170 | int buflen; |
1171 | __be32 *p = cd->buffer; |
1172 | + __be32 *cookiep; |
1173 | __be32 nfserr = nfserr_toosmall; |
1174 | |
1175 | /* In nfsv4, "." and ".." never make it onto the wire.. */ |
1176 | @@ -1921,7 +1931,7 @@ nfsd4_encode_dirent(void *ccdv, const char *name, int namlen, |
1177 | goto fail; |
1178 | |
1179 | *p++ = xdr_one; /* mark entry present */ |
1180 | - cd->offset = p; /* remember pointer */ |
1181 | + cookiep = p; |
1182 | p = xdr_encode_hyper(p, NFS_OFFSET_MAX); /* offset of next entry */ |
1183 | p = xdr_encode_array(p, name, namlen); /* name length & name */ |
1184 | |
1185 | @@ -1935,6 +1945,8 @@ nfsd4_encode_dirent(void *ccdv, const char *name, int namlen, |
1186 | goto fail; |
1187 | case nfserr_dropit: |
1188 | goto fail; |
1189 | + case nfserr_noent: |
1190 | + goto skip_entry; |
1191 | default: |
1192 | /* |
1193 | * If the client requested the RDATTR_ERROR attribute, |
1194 | @@ -1953,6 +1965,8 @@ nfsd4_encode_dirent(void *ccdv, const char *name, int namlen, |
1195 | } |
1196 | cd->buflen -= (p - cd->buffer); |
1197 | cd->buffer = p; |
1198 | + cd->offset = cookiep; |
1199 | +skip_entry: |
1200 | cd->common.err = nfs_ok; |
1201 | return 0; |
1202 | fail: |
1203 | diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c |
1204 | index 8672b95..c2a87c8 100644 |
1205 | --- a/fs/ocfs2/file.c |
1206 | +++ b/fs/ocfs2/file.c |
1207 | @@ -1912,6 +1912,22 @@ out_sems: |
1208 | return written ? written : ret; |
1209 | } |
1210 | |
1211 | +static int ocfs2_splice_to_file(struct pipe_inode_info *pipe, |
1212 | + struct file *out, |
1213 | + struct splice_desc *sd) |
1214 | +{ |
1215 | + int ret; |
1216 | + |
1217 | + ret = ocfs2_prepare_inode_for_write(out->f_path.dentry, &sd->pos, |
1218 | + sd->total_len, 0, NULL); |
1219 | + if (ret < 0) { |
1220 | + mlog_errno(ret); |
1221 | + return ret; |
1222 | + } |
1223 | + |
1224 | + return splice_from_pipe_feed(pipe, sd, pipe_to_file); |
1225 | +} |
1226 | + |
1227 | static ssize_t ocfs2_file_splice_write(struct pipe_inode_info *pipe, |
1228 | struct file *out, |
1229 | loff_t *ppos, |
1230 | @@ -1919,38 +1935,76 @@ static ssize_t ocfs2_file_splice_write(struct pipe_inode_info *pipe, |
1231 | unsigned int flags) |
1232 | { |
1233 | int ret; |
1234 | - struct inode *inode = out->f_path.dentry->d_inode; |
1235 | + struct address_space *mapping = out->f_mapping; |
1236 | + struct inode *inode = mapping->host; |
1237 | + struct splice_desc sd = { |
1238 | + .total_len = len, |
1239 | + .flags = flags, |
1240 | + .pos = *ppos, |
1241 | + .u.file = out, |
1242 | + }; |
1243 | |
1244 | mlog_entry("(0x%p, 0x%p, %u, '%.*s')\n", out, pipe, |
1245 | (unsigned int)len, |
1246 | out->f_path.dentry->d_name.len, |
1247 | out->f_path.dentry->d_name.name); |
1248 | |
1249 | - mutex_lock_nested(&inode->i_mutex, I_MUTEX_PARENT); |
1250 | + if (pipe->inode) |
1251 | + mutex_lock_nested(&pipe->inode->i_mutex, I_MUTEX_PARENT); |
1252 | |
1253 | - ret = ocfs2_rw_lock(inode, 1); |
1254 | - if (ret < 0) { |
1255 | - mlog_errno(ret); |
1256 | - goto out; |
1257 | - } |
1258 | + splice_from_pipe_begin(&sd); |
1259 | + do { |
1260 | + ret = splice_from_pipe_next(pipe, &sd); |
1261 | + if (ret <= 0) |
1262 | + break; |
1263 | |
1264 | - ret = ocfs2_prepare_inode_for_write(out->f_path.dentry, ppos, len, 0, |
1265 | - NULL); |
1266 | - if (ret < 0) { |
1267 | - mlog_errno(ret); |
1268 | - goto out_unlock; |
1269 | - } |
1270 | + mutex_lock_nested(&inode->i_mutex, I_MUTEX_CHILD); |
1271 | + ret = ocfs2_rw_lock(inode, 1); |
1272 | + if (ret < 0) |
1273 | + mlog_errno(ret); |
1274 | + else { |
1275 | + ret = ocfs2_splice_to_file(pipe, out, &sd); |
1276 | + ocfs2_rw_unlock(inode, 1); |
1277 | + } |
1278 | + mutex_unlock(&inode->i_mutex); |
1279 | + } while (ret > 0); |
1280 | + splice_from_pipe_end(pipe, &sd); |
1281 | |
1282 | if (pipe->inode) |
1283 | - mutex_lock_nested(&pipe->inode->i_mutex, I_MUTEX_CHILD); |
1284 | - ret = generic_file_splice_write_nolock(pipe, out, ppos, len, flags); |
1285 | - if (pipe->inode) |
1286 | mutex_unlock(&pipe->inode->i_mutex); |
1287 | |
1288 | -out_unlock: |
1289 | - ocfs2_rw_unlock(inode, 1); |
1290 | -out: |
1291 | - mutex_unlock(&inode->i_mutex); |
1292 | + if (sd.num_spliced) |
1293 | + ret = sd.num_spliced; |
1294 | + |
1295 | + if (ret > 0) { |
1296 | + unsigned long nr_pages; |
1297 | + |
1298 | + *ppos += ret; |
1299 | + nr_pages = (ret + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT; |
1300 | + |
1301 | + /* |
1302 | + * If file or inode is SYNC and we actually wrote some data, |
1303 | + * sync it. |
1304 | + */ |
1305 | + if (unlikely((out->f_flags & O_SYNC) || IS_SYNC(inode))) { |
1306 | + int err; |
1307 | + |
1308 | + mutex_lock(&inode->i_mutex); |
1309 | + err = ocfs2_rw_lock(inode, 1); |
1310 | + if (err < 0) { |
1311 | + mlog_errno(err); |
1312 | + } else { |
1313 | + err = generic_osync_inode(inode, mapping, |
1314 | + OSYNC_METADATA|OSYNC_DATA); |
1315 | + ocfs2_rw_unlock(inode, 1); |
1316 | + } |
1317 | + mutex_unlock(&inode->i_mutex); |
1318 | + |
1319 | + if (err) |
1320 | + ret = err; |
1321 | + } |
1322 | + balance_dirty_pages_ratelimited_nr(mapping, nr_pages); |
1323 | + } |
1324 | |
1325 | mlog_exit(ret); |
1326 | return ret; |
1327 | diff --git a/fs/ocfs2/mmap.c b/fs/ocfs2/mmap.c |
1328 | index eea1d24..b606496 100644 |
1329 | --- a/fs/ocfs2/mmap.c |
1330 | +++ b/fs/ocfs2/mmap.c |
1331 | @@ -154,8 +154,9 @@ out: |
1332 | return ret; |
1333 | } |
1334 | |
1335 | -static int ocfs2_page_mkwrite(struct vm_area_struct *vma, struct page *page) |
1336 | +static int ocfs2_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf) |
1337 | { |
1338 | + struct page *page = vmf->page; |
1339 | struct inode *inode = vma->vm_file->f_path.dentry->d_inode; |
1340 | struct buffer_head *di_bh = NULL; |
1341 | sigset_t blocked, oldset; |
1342 | @@ -196,7 +197,8 @@ out: |
1343 | ret2 = ocfs2_vm_op_unblock_sigs(&oldset); |
1344 | if (ret2 < 0) |
1345 | mlog_errno(ret2); |
1346 | - |
1347 | + if (ret) |
1348 | + ret = VM_FAULT_SIGBUS; |
1349 | return ret; |
1350 | } |
1351 | |
1352 | diff --git a/fs/splice.c b/fs/splice.c |
1353 | index 4c1029a..caa79d2 100644 |
1354 | --- a/fs/splice.c |
1355 | +++ b/fs/splice.c |
1356 | @@ -554,8 +554,8 @@ static int pipe_to_sendpage(struct pipe_inode_info *pipe, |
1357 | * SPLICE_F_MOVE isn't set, or we cannot move the page, we simply create |
1358 | * a new page in the output file page cache and fill/dirty that. |
1359 | */ |
1360 | -static int pipe_to_file(struct pipe_inode_info *pipe, struct pipe_buffer *buf, |
1361 | - struct splice_desc *sd) |
1362 | +int pipe_to_file(struct pipe_inode_info *pipe, struct pipe_buffer *buf, |
1363 | + struct splice_desc *sd) |
1364 | { |
1365 | struct file *file = sd->u.file; |
1366 | struct address_space *mapping = file->f_mapping; |
1367 | @@ -599,108 +599,178 @@ static int pipe_to_file(struct pipe_inode_info *pipe, struct pipe_buffer *buf, |
1368 | out: |
1369 | return ret; |
1370 | } |
1371 | +EXPORT_SYMBOL(pipe_to_file); |
1372 | + |
1373 | +static void wakeup_pipe_writers(struct pipe_inode_info *pipe) |
1374 | +{ |
1375 | + smp_mb(); |
1376 | + if (waitqueue_active(&pipe->wait)) |
1377 | + wake_up_interruptible(&pipe->wait); |
1378 | + kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT); |
1379 | +} |
1380 | |
1381 | /** |
1382 | - * __splice_from_pipe - splice data from a pipe to given actor |
1383 | + * splice_from_pipe_feed - feed available data from a pipe to a file |
1384 | * @pipe: pipe to splice from |
1385 | * @sd: information to @actor |
1386 | * @actor: handler that splices the data |
1387 | * |
1388 | * Description: |
1389 | - * This function does little more than loop over the pipe and call |
1390 | - * @actor to do the actual moving of a single struct pipe_buffer to |
1391 | - * the desired destination. See pipe_to_file, pipe_to_sendpage, or |
1392 | - * pipe_to_user. |
1393 | + |
1394 | + * This function loops over the pipe and calls @actor to do the |
1395 | + * actual moving of a single struct pipe_buffer to the desired |
1396 | + * destination. It returns when there's no more buffers left in |
1397 | + * the pipe or if the requested number of bytes (@sd->total_len) |
1398 | + * have been copied. It returns a positive number (one) if the |
1399 | + * pipe needs to be filled with more data, zero if the required |
1400 | + * number of bytes have been copied and -errno on error. |
1401 | * |
1402 | + * This, together with splice_from_pipe_{begin,end,next}, may be |
1403 | + * used to implement the functionality of __splice_from_pipe() when |
1404 | + * locking is required around copying the pipe buffers to the |
1405 | + * destination. |
1406 | */ |
1407 | -ssize_t __splice_from_pipe(struct pipe_inode_info *pipe, struct splice_desc *sd, |
1408 | - splice_actor *actor) |
1409 | +int splice_from_pipe_feed(struct pipe_inode_info *pipe, struct splice_desc *sd, |
1410 | + splice_actor *actor) |
1411 | { |
1412 | - int ret, do_wakeup, err; |
1413 | - |
1414 | - ret = 0; |
1415 | - do_wakeup = 0; |
1416 | - |
1417 | - for (;;) { |
1418 | - if (pipe->nrbufs) { |
1419 | - struct pipe_buffer *buf = pipe->bufs + pipe->curbuf; |
1420 | - const struct pipe_buf_operations *ops = buf->ops; |
1421 | + int ret; |
1422 | |
1423 | - sd->len = buf->len; |
1424 | - if (sd->len > sd->total_len) |
1425 | - sd->len = sd->total_len; |
1426 | + while (pipe->nrbufs) { |
1427 | + struct pipe_buffer *buf = pipe->bufs + pipe->curbuf; |
1428 | + const struct pipe_buf_operations *ops = buf->ops; |
1429 | |
1430 | - err = actor(pipe, buf, sd); |
1431 | - if (err <= 0) { |
1432 | - if (!ret && err != -ENODATA) |
1433 | - ret = err; |
1434 | + sd->len = buf->len; |
1435 | + if (sd->len > sd->total_len) |
1436 | + sd->len = sd->total_len; |
1437 | |
1438 | - break; |
1439 | - } |
1440 | + ret = actor(pipe, buf, sd); |
1441 | + if (ret <= 0) { |
1442 | + if (ret == -ENODATA) |
1443 | + ret = 0; |
1444 | + return ret; |
1445 | + } |
1446 | + buf->offset += ret; |
1447 | + buf->len -= ret; |
1448 | |
1449 | - ret += err; |
1450 | - buf->offset += err; |
1451 | - buf->len -= err; |
1452 | + sd->num_spliced += ret; |
1453 | + sd->len -= ret; |
1454 | + sd->pos += ret; |
1455 | + sd->total_len -= ret; |
1456 | |
1457 | - sd->len -= err; |
1458 | - sd->pos += err; |
1459 | - sd->total_len -= err; |
1460 | - if (sd->len) |
1461 | - continue; |
1462 | + if (!buf->len) { |
1463 | + buf->ops = NULL; |
1464 | + ops->release(pipe, buf); |
1465 | + pipe->curbuf = (pipe->curbuf + 1) & (PIPE_BUFFERS - 1); |
1466 | + pipe->nrbufs--; |
1467 | + if (pipe->inode) |
1468 | + sd->need_wakeup = true; |
1469 | + } |
1470 | |
1471 | - if (!buf->len) { |
1472 | - buf->ops = NULL; |
1473 | - ops->release(pipe, buf); |
1474 | - pipe->curbuf = (pipe->curbuf + 1) & (PIPE_BUFFERS - 1); |
1475 | - pipe->nrbufs--; |
1476 | - if (pipe->inode) |
1477 | - do_wakeup = 1; |
1478 | - } |
1479 | + if (!sd->total_len) |
1480 | + return 0; |
1481 | + } |
1482 | |
1483 | - if (!sd->total_len) |
1484 | - break; |
1485 | - } |
1486 | + return 1; |
1487 | +} |
1488 | +EXPORT_SYMBOL(splice_from_pipe_feed); |
1489 | |
1490 | - if (pipe->nrbufs) |
1491 | - continue; |
1492 | +/** |
1493 | + * splice_from_pipe_next - wait for some data to splice from |
1494 | + * @pipe: pipe to splice from |
1495 | + * @sd: information about the splice operation |
1496 | + * |
1497 | + * Description: |
1498 | + * This function will wait for some data and return a positive |
1499 | + * value (one) if pipe buffers are available. It will return zero |
1500 | + * or -errno if no more data needs to be spliced. |
1501 | + */ |
1502 | +int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd) |
1503 | +{ |
1504 | + while (!pipe->nrbufs) { |
1505 | if (!pipe->writers) |
1506 | - break; |
1507 | - if (!pipe->waiting_writers) { |
1508 | - if (ret) |
1509 | - break; |
1510 | - } |
1511 | + return 0; |
1512 | |
1513 | - if (sd->flags & SPLICE_F_NONBLOCK) { |
1514 | - if (!ret) |
1515 | - ret = -EAGAIN; |
1516 | - break; |
1517 | - } |
1518 | + if (!pipe->waiting_writers && sd->num_spliced) |
1519 | + return 0; |
1520 | |
1521 | - if (signal_pending(current)) { |
1522 | - if (!ret) |
1523 | - ret = -ERESTARTSYS; |
1524 | - break; |
1525 | - } |
1526 | + if (sd->flags & SPLICE_F_NONBLOCK) |
1527 | + return -EAGAIN; |
1528 | |
1529 | - if (do_wakeup) { |
1530 | - smp_mb(); |
1531 | - if (waitqueue_active(&pipe->wait)) |
1532 | - wake_up_interruptible_sync(&pipe->wait); |
1533 | - kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT); |
1534 | - do_wakeup = 0; |
1535 | + if (signal_pending(current)) |
1536 | + return -ERESTARTSYS; |
1537 | + |
1538 | + if (sd->need_wakeup) { |
1539 | + wakeup_pipe_writers(pipe); |
1540 | + sd->need_wakeup = false; |
1541 | } |
1542 | |
1543 | pipe_wait(pipe); |
1544 | } |
1545 | |
1546 | - if (do_wakeup) { |
1547 | - smp_mb(); |
1548 | - if (waitqueue_active(&pipe->wait)) |
1549 | - wake_up_interruptible(&pipe->wait); |
1550 | - kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT); |
1551 | - } |
1552 | + return 1; |
1553 | +} |
1554 | +EXPORT_SYMBOL(splice_from_pipe_next); |
1555 | |
1556 | - return ret; |
1557 | +/** |
1558 | + * splice_from_pipe_begin - start splicing from pipe |
1559 | + * @pipe: pipe to splice from |
1560 | + * |
1561 | + * Description: |
1562 | + * This function should be called before a loop containing |
1563 | + * splice_from_pipe_next() and splice_from_pipe_feed() to |
1564 | + * initialize the necessary fields of @sd. |
1565 | + */ |
1566 | +void splice_from_pipe_begin(struct splice_desc *sd) |
1567 | +{ |
1568 | + sd->num_spliced = 0; |
1569 | + sd->need_wakeup = false; |
1570 | +} |
1571 | +EXPORT_SYMBOL(splice_from_pipe_begin); |
1572 | + |
1573 | +/** |
1574 | + * splice_from_pipe_end - finish splicing from pipe |
1575 | + * @pipe: pipe to splice from |
1576 | + * @sd: information about the splice operation |
1577 | + * |
1578 | + * Description: |
1579 | + * This function will wake up pipe writers if necessary. It should |
1580 | + * be called after a loop containing splice_from_pipe_next() and |
1581 | + * splice_from_pipe_feed(). |
1582 | + */ |
1583 | +void splice_from_pipe_end(struct pipe_inode_info *pipe, struct splice_desc *sd) |
1584 | +{ |
1585 | + if (sd->need_wakeup) |
1586 | + wakeup_pipe_writers(pipe); |
1587 | +} |
1588 | +EXPORT_SYMBOL(splice_from_pipe_end); |
1589 | + |
1590 | +/** |
1591 | + * __splice_from_pipe - splice data from a pipe to given actor |
1592 | + * @pipe: pipe to splice from |
1593 | + * @sd: information to @actor |
1594 | + * @actor: handler that splices the data |
1595 | + * |
1596 | + * Description: |
1597 | + * This function does little more than loop over the pipe and call |
1598 | + * @actor to do the actual moving of a single struct pipe_buffer to |
1599 | + * the desired destination. See pipe_to_file, pipe_to_sendpage, or |
1600 | + * pipe_to_user. |
1601 | + * |
1602 | + */ |
1603 | +ssize_t __splice_from_pipe(struct pipe_inode_info *pipe, struct splice_desc *sd, |
1604 | + splice_actor *actor) |
1605 | +{ |
1606 | + int ret; |
1607 | + |
1608 | + splice_from_pipe_begin(sd); |
1609 | + do { |
1610 | + ret = splice_from_pipe_next(pipe, sd); |
1611 | + if (ret > 0) |
1612 | + ret = splice_from_pipe_feed(pipe, sd, actor); |
1613 | + } while (ret > 0); |
1614 | + splice_from_pipe_end(pipe, sd); |
1615 | + |
1616 | + return sd->num_spliced ? sd->num_spliced : ret; |
1617 | } |
1618 | EXPORT_SYMBOL(__splice_from_pipe); |
1619 | |
1620 | @@ -714,7 +784,7 @@ EXPORT_SYMBOL(__splice_from_pipe); |
1621 | * @actor: handler that splices the data |
1622 | * |
1623 | * Description: |
1624 | - * See __splice_from_pipe. This function locks the input and output inodes, |
1625 | + * See __splice_from_pipe. This function locks the pipe inode, |
1626 | * otherwise it's identical to __splice_from_pipe(). |
1627 | * |
1628 | */ |
1629 | @@ -723,7 +793,6 @@ ssize_t splice_from_pipe(struct pipe_inode_info *pipe, struct file *out, |
1630 | splice_actor *actor) |
1631 | { |
1632 | ssize_t ret; |
1633 | - struct inode *inode = out->f_mapping->host; |
1634 | struct splice_desc sd = { |
1635 | .total_len = len, |
1636 | .flags = flags, |
1637 | @@ -731,24 +800,11 @@ ssize_t splice_from_pipe(struct pipe_inode_info *pipe, struct file *out, |
1638 | .u.file = out, |
1639 | }; |
1640 | |
1641 | - /* |
1642 | - * The actor worker might be calling ->write_begin and |
1643 | - * ->write_end. Most of the time, these expect i_mutex to |
1644 | - * be held. Since this may result in an ABBA deadlock with |
1645 | - * pipe->inode, we have to order lock acquiry here. |
1646 | - * |
1647 | - * Outer lock must be inode->i_mutex, as pipe_wait() will |
1648 | - * release and reacquire pipe->inode->i_mutex, AND inode must |
1649 | - * never be a pipe. |
1650 | - */ |
1651 | - WARN_ON(S_ISFIFO(inode->i_mode)); |
1652 | - mutex_lock_nested(&inode->i_mutex, I_MUTEX_PARENT); |
1653 | if (pipe->inode) |
1654 | - mutex_lock_nested(&pipe->inode->i_mutex, I_MUTEX_CHILD); |
1655 | + mutex_lock(&pipe->inode->i_mutex); |
1656 | ret = __splice_from_pipe(pipe, &sd, actor); |
1657 | if (pipe->inode) |
1658 | mutex_unlock(&pipe->inode->i_mutex); |
1659 | - mutex_unlock(&inode->i_mutex); |
1660 | |
1661 | return ret; |
1662 | } |
1663 | @@ -839,17 +895,29 @@ generic_file_splice_write(struct pipe_inode_info *pipe, struct file *out, |
1664 | }; |
1665 | ssize_t ret; |
1666 | |
1667 | - WARN_ON(S_ISFIFO(inode->i_mode)); |
1668 | - mutex_lock_nested(&inode->i_mutex, I_MUTEX_PARENT); |
1669 | - ret = file_remove_suid(out); |
1670 | - if (likely(!ret)) { |
1671 | - if (pipe->inode) |
1672 | - mutex_lock_nested(&pipe->inode->i_mutex, I_MUTEX_CHILD); |
1673 | - ret = __splice_from_pipe(pipe, &sd, pipe_to_file); |
1674 | - if (pipe->inode) |
1675 | - mutex_unlock(&pipe->inode->i_mutex); |
1676 | - } |
1677 | - mutex_unlock(&inode->i_mutex); |
1678 | + if (pipe->inode) |
1679 | + mutex_lock_nested(&pipe->inode->i_mutex, I_MUTEX_PARENT); |
1680 | + |
1681 | + splice_from_pipe_begin(&sd); |
1682 | + do { |
1683 | + ret = splice_from_pipe_next(pipe, &sd); |
1684 | + if (ret <= 0) |
1685 | + break; |
1686 | + |
1687 | + mutex_lock_nested(&inode->i_mutex, I_MUTEX_CHILD); |
1688 | + ret = file_remove_suid(out); |
1689 | + if (!ret) |
1690 | + ret = splice_from_pipe_feed(pipe, &sd, pipe_to_file); |
1691 | + mutex_unlock(&inode->i_mutex); |
1692 | + } while (ret > 0); |
1693 | + splice_from_pipe_end(pipe, &sd); |
1694 | + |
1695 | + if (pipe->inode) |
1696 | + mutex_unlock(&pipe->inode->i_mutex); |
1697 | + |
1698 | + if (sd.num_spliced) |
1699 | + ret = sd.num_spliced; |
1700 | + |
1701 | if (ret > 0) { |
1702 | unsigned long nr_pages; |
1703 | |
1704 | diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c |
1705 | index 93b6de5..0ff89fe 100644 |
1706 | --- a/fs/ubifs/file.c |
1707 | +++ b/fs/ubifs/file.c |
1708 | @@ -1434,8 +1434,9 @@ static int ubifs_releasepage(struct page *page, gfp_t unused_gfp_flags) |
1709 | * mmap()d file has taken write protection fault and is being made |
1710 | * writable. UBIFS must ensure page is budgeted for. |
1711 | */ |
1712 | -static int ubifs_vm_page_mkwrite(struct vm_area_struct *vma, struct page *page) |
1713 | +static int ubifs_vm_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf) |
1714 | { |
1715 | + struct page *page = vmf->page; |
1716 | struct inode *inode = vma->vm_file->f_path.dentry->d_inode; |
1717 | struct ubifs_info *c = inode->i_sb->s_fs_info; |
1718 | struct timespec now = ubifs_current_time(inode); |
1719 | @@ -1447,7 +1448,7 @@ static int ubifs_vm_page_mkwrite(struct vm_area_struct *vma, struct page *page) |
1720 | ubifs_assert(!(inode->i_sb->s_flags & MS_RDONLY)); |
1721 | |
1722 | if (unlikely(c->ro_media)) |
1723 | - return -EROFS; |
1724 | + return VM_FAULT_SIGBUS; /* -EROFS */ |
1725 | |
1726 | /* |
1727 | * We have not locked @page so far so we may budget for changing the |
1728 | @@ -1480,7 +1481,7 @@ static int ubifs_vm_page_mkwrite(struct vm_area_struct *vma, struct page *page) |
1729 | if (err == -ENOSPC) |
1730 | ubifs_warn("out of space for mmapped file " |
1731 | "(inode number %lu)", inode->i_ino); |
1732 | - return err; |
1733 | + return VM_FAULT_SIGBUS; |
1734 | } |
1735 | |
1736 | lock_page(page); |
1737 | @@ -1520,6 +1521,8 @@ static int ubifs_vm_page_mkwrite(struct vm_area_struct *vma, struct page *page) |
1738 | out_unlock: |
1739 | unlock_page(page); |
1740 | ubifs_release_budget(c, &req); |
1741 | + if (err) |
1742 | + err = VM_FAULT_SIGBUS; |
1743 | return err; |
1744 | } |
1745 | |
1746 | diff --git a/fs/xfs/linux-2.6/xfs_file.c b/fs/xfs/linux-2.6/xfs_file.c |
1747 | index e14c4e3..f4e2554 100644 |
1748 | --- a/fs/xfs/linux-2.6/xfs_file.c |
1749 | +++ b/fs/xfs/linux-2.6/xfs_file.c |
1750 | @@ -234,9 +234,9 @@ xfs_file_mmap( |
1751 | STATIC int |
1752 | xfs_vm_page_mkwrite( |
1753 | struct vm_area_struct *vma, |
1754 | - struct page *page) |
1755 | + struct vm_fault *vmf) |
1756 | { |
1757 | - return block_page_mkwrite(vma, page, xfs_get_blocks); |
1758 | + return block_page_mkwrite(vma, vmf, xfs_get_blocks); |
1759 | } |
1760 | |
1761 | const struct file_operations xfs_file_operations = { |
1762 | diff --git a/include/linux/buffer_head.h b/include/linux/buffer_head.h |
1763 | index bd7ac79..2c2d216 100644 |
1764 | --- a/include/linux/buffer_head.h |
1765 | +++ b/include/linux/buffer_head.h |
1766 | @@ -223,7 +223,7 @@ int cont_write_begin(struct file *, struct address_space *, loff_t, |
1767 | get_block_t *, loff_t *); |
1768 | int generic_cont_expand_simple(struct inode *inode, loff_t size); |
1769 | int block_commit_write(struct page *page, unsigned from, unsigned to); |
1770 | -int block_page_mkwrite(struct vm_area_struct *vma, struct page *page, |
1771 | +int block_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf, |
1772 | get_block_t get_block); |
1773 | void block_sync_page(struct page *); |
1774 | sector_t generic_block_bmap(struct address_space *, sector_t, get_block_t *); |
1775 | diff --git a/include/linux/compiler.h b/include/linux/compiler.h |
1776 | index d95da10..0011cd7 100644 |
1777 | --- a/include/linux/compiler.h |
1778 | +++ b/include/linux/compiler.h |
1779 | @@ -75,7 +75,8 @@ struct ftrace_branch_data { |
1780 | * Note: DISABLE_BRANCH_PROFILING can be used by special lowlevel code |
1781 | * to disable branch tracing on a per file basis. |
1782 | */ |
1783 | -#if defined(CONFIG_TRACE_BRANCH_PROFILING) && !defined(DISABLE_BRANCH_PROFILING) |
1784 | +#if defined(CONFIG_TRACE_BRANCH_PROFILING) \ |
1785 | + && !defined(DISABLE_BRANCH_PROFILING) && !defined(__CHECKER__) |
1786 | void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); |
1787 | |
1788 | #define likely_notrace(x) __builtin_expect(!!(x), 1) |
1789 | diff --git a/include/linux/mm.h b/include/linux/mm.h |
1790 | index 3daa05f..93d0a69 100644 |
1791 | --- a/include/linux/mm.h |
1792 | +++ b/include/linux/mm.h |
1793 | @@ -145,6 +145,7 @@ extern pgprot_t protection_map[16]; |
1794 | |
1795 | #define FAULT_FLAG_WRITE 0x01 /* Fault was a write access */ |
1796 | #define FAULT_FLAG_NONLINEAR 0x02 /* Fault was via a nonlinear mapping */ |
1797 | +#define FAULT_FLAG_MKWRITE 0x04 /* Fault was mkwrite of existing pte */ |
1798 | |
1799 | /* |
1800 | * This interface is used by x86 PAT code to identify a pfn mapping that is |
1801 | @@ -197,7 +198,7 @@ struct vm_operations_struct { |
1802 | |
1803 | /* notification that a previously read-only page is about to become |
1804 | * writable, if an error is returned it will cause a SIGBUS */ |
1805 | - int (*page_mkwrite)(struct vm_area_struct *vma, struct page *page); |
1806 | + int (*page_mkwrite)(struct vm_area_struct *vma, struct vm_fault *vmf); |
1807 | |
1808 | /* called by access_process_vm when get_user_pages() fails, typically |
1809 | * for use by special VMAs that can switch between memory and hardware |
1810 | diff --git a/include/linux/splice.h b/include/linux/splice.h |
1811 | index 528dcb9..5f3faa9 100644 |
1812 | --- a/include/linux/splice.h |
1813 | +++ b/include/linux/splice.h |
1814 | @@ -36,6 +36,8 @@ struct splice_desc { |
1815 | void *data; /* cookie */ |
1816 | } u; |
1817 | loff_t pos; /* file position */ |
1818 | + size_t num_spliced; /* number of bytes already spliced */ |
1819 | + bool need_wakeup; /* need to wake up writer */ |
1820 | }; |
1821 | |
1822 | struct partial_page { |
1823 | @@ -66,6 +68,16 @@ extern ssize_t splice_from_pipe(struct pipe_inode_info *, struct file *, |
1824 | splice_actor *); |
1825 | extern ssize_t __splice_from_pipe(struct pipe_inode_info *, |
1826 | struct splice_desc *, splice_actor *); |
1827 | +extern int splice_from_pipe_feed(struct pipe_inode_info *, struct splice_desc *, |
1828 | + splice_actor *); |
1829 | +extern int splice_from_pipe_next(struct pipe_inode_info *, |
1830 | + struct splice_desc *); |
1831 | +extern void splice_from_pipe_begin(struct splice_desc *); |
1832 | +extern void splice_from_pipe_end(struct pipe_inode_info *, |
1833 | + struct splice_desc *); |
1834 | +extern int pipe_to_file(struct pipe_inode_info *, struct pipe_buffer *, |
1835 | + struct splice_desc *); |
1836 | + |
1837 | extern ssize_t splice_to_pipe(struct pipe_inode_info *, |
1838 | struct splice_pipe_desc *); |
1839 | extern ssize_t splice_direct_to_actor(struct file *, struct splice_desc *, |
1840 | diff --git a/include/net/cipso_ipv4.h b/include/net/cipso_ipv4.h |
1841 | index bedc7f6..abd4436 100644 |
1842 | --- a/include/net/cipso_ipv4.h |
1843 | +++ b/include/net/cipso_ipv4.h |
1844 | @@ -40,6 +40,7 @@ |
1845 | #include <linux/net.h> |
1846 | #include <linux/skbuff.h> |
1847 | #include <net/netlabel.h> |
1848 | +#include <net/request_sock.h> |
1849 | #include <asm/atomic.h> |
1850 | |
1851 | /* known doi values */ |
1852 | @@ -215,6 +216,10 @@ int cipso_v4_sock_setattr(struct sock *sk, |
1853 | const struct netlbl_lsm_secattr *secattr); |
1854 | void cipso_v4_sock_delattr(struct sock *sk); |
1855 | int cipso_v4_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr); |
1856 | +int cipso_v4_req_setattr(struct request_sock *req, |
1857 | + const struct cipso_v4_doi *doi_def, |
1858 | + const struct netlbl_lsm_secattr *secattr); |
1859 | +void cipso_v4_req_delattr(struct request_sock *req); |
1860 | int cipso_v4_skbuff_setattr(struct sk_buff *skb, |
1861 | const struct cipso_v4_doi *doi_def, |
1862 | const struct netlbl_lsm_secattr *secattr); |
1863 | @@ -247,6 +252,18 @@ static inline int cipso_v4_sock_getattr(struct sock *sk, |
1864 | return -ENOSYS; |
1865 | } |
1866 | |
1867 | +static inline int cipso_v4_req_setattr(struct request_sock *req, |
1868 | + const struct cipso_v4_doi *doi_def, |
1869 | + const struct netlbl_lsm_secattr *secattr) |
1870 | +{ |
1871 | + return -ENOSYS; |
1872 | +} |
1873 | + |
1874 | +static inline void cipso_v4_req_delattr(struct request_sock *req) |
1875 | +{ |
1876 | + return; |
1877 | +} |
1878 | + |
1879 | static inline int cipso_v4_skbuff_setattr(struct sk_buff *skb, |
1880 | const struct cipso_v4_doi *doi_def, |
1881 | const struct netlbl_lsm_secattr *secattr) |
1882 | diff --git a/include/net/netlabel.h b/include/net/netlabel.h |
1883 | index 749011e..bf77b5c 100644 |
1884 | --- a/include/net/netlabel.h |
1885 | +++ b/include/net/netlabel.h |
1886 | @@ -36,6 +36,7 @@ |
1887 | #include <linux/in.h> |
1888 | #include <linux/in6.h> |
1889 | #include <net/netlink.h> |
1890 | +#include <net/request_sock.h> |
1891 | #include <asm/atomic.h> |
1892 | |
1893 | struct cipso_v4_doi; |
1894 | @@ -413,6 +414,9 @@ int netlbl_sock_getattr(struct sock *sk, |
1895 | int netlbl_conn_setattr(struct sock *sk, |
1896 | struct sockaddr *addr, |
1897 | const struct netlbl_lsm_secattr *secattr); |
1898 | +int netlbl_req_setattr(struct request_sock *req, |
1899 | + const struct netlbl_lsm_secattr *secattr); |
1900 | +void netlbl_req_delattr(struct request_sock *req); |
1901 | int netlbl_skbuff_setattr(struct sk_buff *skb, |
1902 | u16 family, |
1903 | const struct netlbl_lsm_secattr *secattr); |
1904 | @@ -519,7 +523,7 @@ static inline int netlbl_enabled(void) |
1905 | return 0; |
1906 | } |
1907 | static inline int netlbl_sock_setattr(struct sock *sk, |
1908 | - const struct netlbl_lsm_secattr *secattr) |
1909 | + const struct netlbl_lsm_secattr *secattr) |
1910 | { |
1911 | return -ENOSYS; |
1912 | } |
1913 | @@ -537,6 +541,15 @@ static inline int netlbl_conn_setattr(struct sock *sk, |
1914 | { |
1915 | return -ENOSYS; |
1916 | } |
1917 | +static inline int netlbl_req_setattr(struct request_sock *req, |
1918 | + const struct netlbl_lsm_secattr *secattr) |
1919 | +{ |
1920 | + return -ENOSYS; |
1921 | +} |
1922 | +static inline void netlbl_req_delattr(struct request_sock *req) |
1923 | +{ |
1924 | + return; |
1925 | +} |
1926 | static inline int netlbl_skbuff_setattr(struct sk_buff *skb, |
1927 | u16 family, |
1928 | const struct netlbl_lsm_secattr *secattr) |
1929 | diff --git a/mm/memory.c b/mm/memory.c |
1930 | index d7df5ba..c304626 100644 |
1931 | --- a/mm/memory.c |
1932 | +++ b/mm/memory.c |
1933 | @@ -1940,6 +1940,15 @@ static int do_wp_page(struct mm_struct *mm, struct vm_area_struct *vma, |
1934 | * get_user_pages(.write=1, .force=1). |
1935 | */ |
1936 | if (vma->vm_ops && vma->vm_ops->page_mkwrite) { |
1937 | + struct vm_fault vmf; |
1938 | + int tmp; |
1939 | + |
1940 | + vmf.virtual_address = (void __user *)(address & |
1941 | + PAGE_MASK); |
1942 | + vmf.pgoff = old_page->index; |
1943 | + vmf.flags = FAULT_FLAG_WRITE|FAULT_FLAG_MKWRITE; |
1944 | + vmf.page = old_page; |
1945 | + |
1946 | /* |
1947 | * Notify the address space that the page is about to |
1948 | * become writable so that it can prohibit this or wait |
1949 | @@ -1951,8 +1960,21 @@ static int do_wp_page(struct mm_struct *mm, struct vm_area_struct *vma, |
1950 | page_cache_get(old_page); |
1951 | pte_unmap_unlock(page_table, ptl); |
1952 | |
1953 | - if (vma->vm_ops->page_mkwrite(vma, old_page) < 0) |
1954 | + tmp = vma->vm_ops->page_mkwrite(vma, &vmf); |
1955 | + if (unlikely(tmp & |
1956 | + (VM_FAULT_ERROR | VM_FAULT_NOPAGE))) { |
1957 | + ret = tmp; |
1958 | goto unwritable_page; |
1959 | + } |
1960 | + if (unlikely(!(tmp & VM_FAULT_LOCKED))) { |
1961 | + lock_page(old_page); |
1962 | + if (!old_page->mapping) { |
1963 | + ret = 0; /* retry the fault */ |
1964 | + unlock_page(old_page); |
1965 | + goto unwritable_page; |
1966 | + } |
1967 | + } else |
1968 | + VM_BUG_ON(!PageLocked(old_page)); |
1969 | |
1970 | /* |
1971 | * Since we dropped the lock we need to revalidate |
1972 | @@ -1962,9 +1984,11 @@ static int do_wp_page(struct mm_struct *mm, struct vm_area_struct *vma, |
1973 | */ |
1974 | page_table = pte_offset_map_lock(mm, pmd, address, |
1975 | &ptl); |
1976 | - page_cache_release(old_page); |
1977 | - if (!pte_same(*page_table, orig_pte)) |
1978 | + if (!pte_same(*page_table, orig_pte)) { |
1979 | + unlock_page(old_page); |
1980 | + page_cache_release(old_page); |
1981 | goto unlock; |
1982 | + } |
1983 | |
1984 | page_mkwrite = 1; |
1985 | } |
1986 | @@ -2076,9 +2100,6 @@ gotten: |
1987 | unlock: |
1988 | pte_unmap_unlock(page_table, ptl); |
1989 | if (dirty_page) { |
1990 | - if (vma->vm_file) |
1991 | - file_update_time(vma->vm_file); |
1992 | - |
1993 | /* |
1994 | * Yes, Virginia, this is actually required to prevent a race |
1995 | * with clear_page_dirty_for_io() from clearing the page dirty |
1996 | @@ -2087,21 +2108,46 @@ unlock: |
1997 | * |
1998 | * do_no_page is protected similarly. |
1999 | */ |
2000 | - wait_on_page_locked(dirty_page); |
2001 | - set_page_dirty_balance(dirty_page, page_mkwrite); |
2002 | + if (!page_mkwrite) { |
2003 | + wait_on_page_locked(dirty_page); |
2004 | + set_page_dirty_balance(dirty_page, page_mkwrite); |
2005 | + } |
2006 | put_page(dirty_page); |
2007 | + if (page_mkwrite) { |
2008 | + struct address_space *mapping = dirty_page->mapping; |
2009 | + |
2010 | + set_page_dirty(dirty_page); |
2011 | + unlock_page(dirty_page); |
2012 | + page_cache_release(dirty_page); |
2013 | + if (mapping) { |
2014 | + /* |
2015 | + * Some device drivers do not set page.mapping |
2016 | + * but still dirty their pages |
2017 | + */ |
2018 | + balance_dirty_pages_ratelimited(mapping); |
2019 | + } |
2020 | + } |
2021 | + |
2022 | + /* file_update_time outside page_lock */ |
2023 | + if (vma->vm_file) |
2024 | + file_update_time(vma->vm_file); |
2025 | } |
2026 | return ret; |
2027 | oom_free_new: |
2028 | page_cache_release(new_page); |
2029 | oom: |
2030 | - if (old_page) |
2031 | + if (old_page) { |
2032 | + if (page_mkwrite) { |
2033 | + unlock_page(old_page); |
2034 | + page_cache_release(old_page); |
2035 | + } |
2036 | page_cache_release(old_page); |
2037 | + } |
2038 | return VM_FAULT_OOM; |
2039 | |
2040 | unwritable_page: |
2041 | page_cache_release(old_page); |
2042 | - return VM_FAULT_SIGBUS; |
2043 | + return ret; |
2044 | } |
2045 | |
2046 | /* |
2047 | @@ -2645,25 +2691,25 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, |
2048 | * to become writable |
2049 | */ |
2050 | if (vma->vm_ops->page_mkwrite) { |
2051 | + int tmp; |
2052 | + |
2053 | unlock_page(page); |
2054 | - if (vma->vm_ops->page_mkwrite(vma, page) < 0) { |
2055 | - ret = VM_FAULT_SIGBUS; |
2056 | - anon = 1; /* no anon but release vmf.page */ |
2057 | - goto out_unlocked; |
2058 | - } |
2059 | - lock_page(page); |
2060 | - /* |
2061 | - * XXX: this is not quite right (racy vs |
2062 | - * invalidate) to unlock and relock the page |
2063 | - * like this, however a better fix requires |
2064 | - * reworking page_mkwrite locking API, which |
2065 | - * is better done later. |
2066 | - */ |
2067 | - if (!page->mapping) { |
2068 | - ret = 0; |
2069 | - anon = 1; /* no anon but release vmf.page */ |
2070 | - goto out; |
2071 | + vmf.flags = FAULT_FLAG_WRITE|FAULT_FLAG_MKWRITE; |
2072 | + tmp = vma->vm_ops->page_mkwrite(vma, &vmf); |
2073 | + if (unlikely(tmp & |
2074 | + (VM_FAULT_ERROR | VM_FAULT_NOPAGE))) { |
2075 | + ret = tmp; |
2076 | + goto unwritable_page; |
2077 | } |
2078 | + if (unlikely(!(tmp & VM_FAULT_LOCKED))) { |
2079 | + lock_page(page); |
2080 | + if (!page->mapping) { |
2081 | + ret = 0; /* retry the fault */ |
2082 | + unlock_page(page); |
2083 | + goto unwritable_page; |
2084 | + } |
2085 | + } else |
2086 | + VM_BUG_ON(!PageLocked(page)); |
2087 | page_mkwrite = 1; |
2088 | } |
2089 | } |
2090 | @@ -2715,19 +2761,35 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, |
2091 | pte_unmap_unlock(page_table, ptl); |
2092 | |
2093 | out: |
2094 | - unlock_page(vmf.page); |
2095 | -out_unlocked: |
2096 | - if (anon) |
2097 | - page_cache_release(vmf.page); |
2098 | - else if (dirty_page) { |
2099 | - if (vma->vm_file) |
2100 | - file_update_time(vma->vm_file); |
2101 | + if (dirty_page) { |
2102 | + struct address_space *mapping = page->mapping; |
2103 | |
2104 | - set_page_dirty_balance(dirty_page, page_mkwrite); |
2105 | + if (set_page_dirty(dirty_page)) |
2106 | + page_mkwrite = 1; |
2107 | + unlock_page(dirty_page); |
2108 | put_page(dirty_page); |
2109 | + if (page_mkwrite && mapping) { |
2110 | + /* |
2111 | + * Some device drivers do not set page.mapping but still |
2112 | + * dirty their pages |
2113 | + */ |
2114 | + balance_dirty_pages_ratelimited(mapping); |
2115 | + } |
2116 | + |
2117 | + /* file_update_time outside page_lock */ |
2118 | + if (vma->vm_file) |
2119 | + file_update_time(vma->vm_file); |
2120 | + } else { |
2121 | + unlock_page(vmf.page); |
2122 | + if (anon) |
2123 | + page_cache_release(vmf.page); |
2124 | } |
2125 | |
2126 | return ret; |
2127 | + |
2128 | +unwritable_page: |
2129 | + page_cache_release(page); |
2130 | + return ret; |
2131 | } |
2132 | |
2133 | static int do_linear_fault(struct mm_struct *mm, struct vm_area_struct *vma, |
2134 | diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c |
2135 | index 7bc9929..4ea2c38 100644 |
2136 | --- a/net/ipv4/cipso_ipv4.c |
2137 | +++ b/net/ipv4/cipso_ipv4.c |
2138 | @@ -1942,6 +1942,72 @@ socket_setattr_failure: |
2139 | } |
2140 | |
2141 | /** |
2142 | + * cipso_v4_req_setattr - Add a CIPSO option to a connection request socket |
2143 | + * @req: the connection request socket |
2144 | + * @doi_def: the CIPSO DOI to use |
2145 | + * @secattr: the specific security attributes of the socket |
2146 | + * |
2147 | + * Description: |
2148 | + * Set the CIPSO option on the given socket using the DOI definition and |
2149 | + * security attributes passed to the function. Returns zero on success and |
2150 | + * negative values on failure. |
2151 | + * |
2152 | + */ |
2153 | +int cipso_v4_req_setattr(struct request_sock *req, |
2154 | + const struct cipso_v4_doi *doi_def, |
2155 | + const struct netlbl_lsm_secattr *secattr) |
2156 | +{ |
2157 | + int ret_val = -EPERM; |
2158 | + unsigned char *buf = NULL; |
2159 | + u32 buf_len; |
2160 | + u32 opt_len; |
2161 | + struct ip_options *opt = NULL; |
2162 | + struct inet_request_sock *req_inet; |
2163 | + |
2164 | + /* We allocate the maximum CIPSO option size here so we are probably |
2165 | + * being a little wasteful, but it makes our life _much_ easier later |
2166 | + * on and after all we are only talking about 40 bytes. */ |
2167 | + buf_len = CIPSO_V4_OPT_LEN_MAX; |
2168 | + buf = kmalloc(buf_len, GFP_ATOMIC); |
2169 | + if (buf == NULL) { |
2170 | + ret_val = -ENOMEM; |
2171 | + goto req_setattr_failure; |
2172 | + } |
2173 | + |
2174 | + ret_val = cipso_v4_genopt(buf, buf_len, doi_def, secattr); |
2175 | + if (ret_val < 0) |
2176 | + goto req_setattr_failure; |
2177 | + buf_len = ret_val; |
2178 | + |
2179 | + /* We can't use ip_options_get() directly because it makes a call to |
2180 | + * ip_options_get_alloc() which allocates memory with GFP_KERNEL and |
2181 | + * we won't always have CAP_NET_RAW even though we _always_ want to |
2182 | + * set the IPOPT_CIPSO option. */ |
2183 | + opt_len = (buf_len + 3) & ~3; |
2184 | + opt = kzalloc(sizeof(*opt) + opt_len, GFP_ATOMIC); |
2185 | + if (opt == NULL) { |
2186 | + ret_val = -ENOMEM; |
2187 | + goto req_setattr_failure; |
2188 | + } |
2189 | + memcpy(opt->__data, buf, buf_len); |
2190 | + opt->optlen = opt_len; |
2191 | + opt->cipso = sizeof(struct iphdr); |
2192 | + kfree(buf); |
2193 | + buf = NULL; |
2194 | + |
2195 | + req_inet = inet_rsk(req); |
2196 | + opt = xchg(&req_inet->opt, opt); |
2197 | + kfree(opt); |
2198 | + |
2199 | + return 0; |
2200 | + |
2201 | +req_setattr_failure: |
2202 | + kfree(buf); |
2203 | + kfree(opt); |
2204 | + return ret_val; |
2205 | +} |
2206 | + |
2207 | +/** |
2208 | * cipso_v4_sock_delattr - Delete the CIPSO option from a socket |
2209 | * @sk: the socket |
2210 | * |
2211 | @@ -2016,6 +2082,70 @@ void cipso_v4_sock_delattr(struct sock *sk) |
2212 | } |
2213 | |
2214 | /** |
2215 | + * cipso_v4_req_delattr - Delete the CIPSO option from a request socket |
2216 | + * @reg: the request socket |
2217 | + * |
2218 | + * Description: |
2219 | + * Removes the CIPSO option from a request socket, if present. |
2220 | + * |
2221 | + */ |
2222 | +void cipso_v4_req_delattr(struct request_sock *req) |
2223 | +{ |
2224 | + struct ip_options *opt; |
2225 | + struct inet_request_sock *req_inet; |
2226 | + |
2227 | + req_inet = inet_rsk(req); |
2228 | + opt = req_inet->opt; |
2229 | + if (opt == NULL || opt->cipso == 0) |
2230 | + return; |
2231 | + |
2232 | + if (opt->srr || opt->rr || opt->ts || opt->router_alert) { |
2233 | + u8 cipso_len; |
2234 | + u8 cipso_off; |
2235 | + unsigned char *cipso_ptr; |
2236 | + int iter; |
2237 | + int optlen_new; |
2238 | + |
2239 | + cipso_off = opt->cipso - sizeof(struct iphdr); |
2240 | + cipso_ptr = &opt->__data[cipso_off]; |
2241 | + cipso_len = cipso_ptr[1]; |
2242 | + |
2243 | + if (opt->srr > opt->cipso) |
2244 | + opt->srr -= cipso_len; |
2245 | + if (opt->rr > opt->cipso) |
2246 | + opt->rr -= cipso_len; |
2247 | + if (opt->ts > opt->cipso) |
2248 | + opt->ts -= cipso_len; |
2249 | + if (opt->router_alert > opt->cipso) |
2250 | + opt->router_alert -= cipso_len; |
2251 | + opt->cipso = 0; |
2252 | + |
2253 | + memmove(cipso_ptr, cipso_ptr + cipso_len, |
2254 | + opt->optlen - cipso_off - cipso_len); |
2255 | + |
2256 | + /* determining the new total option length is tricky because of |
2257 | + * the padding necessary, the only thing i can think to do at |
2258 | + * this point is walk the options one-by-one, skipping the |
2259 | + * padding at the end to determine the actual option size and |
2260 | + * from there we can determine the new total option length */ |
2261 | + iter = 0; |
2262 | + optlen_new = 0; |
2263 | + while (iter < opt->optlen) |
2264 | + if (opt->__data[iter] != IPOPT_NOP) { |
2265 | + iter += opt->__data[iter + 1]; |
2266 | + optlen_new = iter; |
2267 | + } else |
2268 | + iter++; |
2269 | + opt->optlen = (optlen_new + 3) & ~3; |
2270 | + } else { |
2271 | + /* only the cipso option was present on the socket so we can |
2272 | + * remove the entire option struct */ |
2273 | + req_inet->opt = NULL; |
2274 | + kfree(opt); |
2275 | + } |
2276 | +} |
2277 | + |
2278 | +/** |
2279 | * cipso_v4_getattr - Helper function for the cipso_v4_*_getattr functions |
2280 | * @cipso: the CIPSO v4 option |
2281 | * @secattr: the security attributes |
2282 | diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c |
2283 | index d346c22..b35a950 100644 |
2284 | --- a/net/ipv4/syncookies.c |
2285 | +++ b/net/ipv4/syncookies.c |
2286 | @@ -288,10 +288,6 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, |
2287 | if (!req) |
2288 | goto out; |
2289 | |
2290 | - if (security_inet_conn_request(sk, skb, req)) { |
2291 | - reqsk_free(req); |
2292 | - goto out; |
2293 | - } |
2294 | ireq = inet_rsk(req); |
2295 | treq = tcp_rsk(req); |
2296 | treq->rcv_isn = ntohl(th->seq) - 1; |
2297 | @@ -322,6 +318,11 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, |
2298 | } |
2299 | } |
2300 | |
2301 | + if (security_inet_conn_request(sk, skb, req)) { |
2302 | + reqsk_free(req); |
2303 | + goto out; |
2304 | + } |
2305 | + |
2306 | req->expires = 0UL; |
2307 | req->retrans = 0; |
2308 | |
2309 | diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c |
2310 | index cf74c41..5499c28 100644 |
2311 | --- a/net/ipv4/tcp_ipv4.c |
2312 | +++ b/net/ipv4/tcp_ipv4.c |
2313 | @@ -1239,14 +1239,15 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb) |
2314 | |
2315 | tcp_openreq_init(req, &tmp_opt, skb); |
2316 | |
2317 | - if (security_inet_conn_request(sk, skb, req)) |
2318 | - goto drop_and_free; |
2319 | - |
2320 | ireq = inet_rsk(req); |
2321 | ireq->loc_addr = daddr; |
2322 | ireq->rmt_addr = saddr; |
2323 | ireq->no_srccheck = inet_sk(sk)->transparent; |
2324 | ireq->opt = tcp_v4_save_options(sk, skb); |
2325 | + |
2326 | + if (security_inet_conn_request(sk, skb, req)) |
2327 | + goto drop_and_free; |
2328 | + |
2329 | if (!want_cookie) |
2330 | TCP_ECN_create_request(req, tcp_hdr(skb)); |
2331 | |
2332 | diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c |
2333 | index fd9229d..a52ca1c 100644 |
2334 | --- a/net/netlabel/netlabel_kapi.c |
2335 | +++ b/net/netlabel/netlabel_kapi.c |
2336 | @@ -757,6 +757,90 @@ conn_setattr_return: |
2337 | } |
2338 | |
2339 | /** |
2340 | + * netlbl_req_setattr - Label a request socket using the correct protocol |
2341 | + * @req: the request socket to label |
2342 | + * @secattr: the security attributes |
2343 | + * |
2344 | + * Description: |
2345 | + * Attach the correct label to the given socket using the security attributes |
2346 | + * specified in @secattr. Returns zero on success, negative values on failure. |
2347 | + * |
2348 | + */ |
2349 | +int netlbl_req_setattr(struct request_sock *req, |
2350 | + const struct netlbl_lsm_secattr *secattr) |
2351 | +{ |
2352 | + int ret_val; |
2353 | + struct netlbl_dom_map *dom_entry; |
2354 | + struct netlbl_domaddr4_map *af4_entry; |
2355 | + u32 proto_type; |
2356 | + struct cipso_v4_doi *proto_cv4; |
2357 | + |
2358 | + rcu_read_lock(); |
2359 | + dom_entry = netlbl_domhsh_getentry(secattr->domain); |
2360 | + if (dom_entry == NULL) { |
2361 | + ret_val = -ENOENT; |
2362 | + goto req_setattr_return; |
2363 | + } |
2364 | + switch (req->rsk_ops->family) { |
2365 | + case AF_INET: |
2366 | + if (dom_entry->type == NETLBL_NLTYPE_ADDRSELECT) { |
2367 | + struct inet_request_sock *req_inet = inet_rsk(req); |
2368 | + af4_entry = netlbl_domhsh_getentry_af4(secattr->domain, |
2369 | + req_inet->rmt_addr); |
2370 | + if (af4_entry == NULL) { |
2371 | + ret_val = -ENOENT; |
2372 | + goto req_setattr_return; |
2373 | + } |
2374 | + proto_type = af4_entry->type; |
2375 | + proto_cv4 = af4_entry->type_def.cipsov4; |
2376 | + } else { |
2377 | + proto_type = dom_entry->type; |
2378 | + proto_cv4 = dom_entry->type_def.cipsov4; |
2379 | + } |
2380 | + switch (proto_type) { |
2381 | + case NETLBL_NLTYPE_CIPSOV4: |
2382 | + ret_val = cipso_v4_req_setattr(req, proto_cv4, secattr); |
2383 | + break; |
2384 | + case NETLBL_NLTYPE_UNLABELED: |
2385 | + /* just delete the protocols we support for right now |
2386 | + * but we could remove other protocols if needed */ |
2387 | + cipso_v4_req_delattr(req); |
2388 | + ret_val = 0; |
2389 | + break; |
2390 | + default: |
2391 | + ret_val = -ENOENT; |
2392 | + } |
2393 | + break; |
2394 | +#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
2395 | + case AF_INET6: |
2396 | + /* since we don't support any IPv6 labeling protocols right |
2397 | + * now we can optimize everything away until we do */ |
2398 | + ret_val = 0; |
2399 | + break; |
2400 | +#endif /* IPv6 */ |
2401 | + default: |
2402 | + ret_val = -EPROTONOSUPPORT; |
2403 | + } |
2404 | + |
2405 | +req_setattr_return: |
2406 | + rcu_read_unlock(); |
2407 | + return ret_val; |
2408 | +} |
2409 | + |
2410 | +/** |
2411 | +* netlbl_req_delattr - Delete all the NetLabel labels on a socket |
2412 | +* @req: the socket |
2413 | +* |
2414 | +* Description: |
2415 | +* Remove all the NetLabel labeling from @req. |
2416 | +* |
2417 | +*/ |
2418 | +void netlbl_req_delattr(struct request_sock *req) |
2419 | +{ |
2420 | + cipso_v4_req_delattr(req); |
2421 | +} |
2422 | + |
2423 | +/** |
2424 | * netlbl_skbuff_setattr - Label a packet using the correct protocol |
2425 | * @skb: the packet |
2426 | * @family: protocol family |
2427 | diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c |
2428 | index e210b21..8d24c91 100644 |
2429 | --- a/security/selinux/hooks.c |
2430 | +++ b/security/selinux/hooks.c |
2431 | @@ -311,7 +311,7 @@ static int sk_alloc_security(struct sock *sk, int family, gfp_t priority) |
2432 | ssec->sid = SECINITSID_UNLABELED; |
2433 | sk->sk_security = ssec; |
2434 | |
2435 | - selinux_netlbl_sk_security_reset(ssec, family); |
2436 | + selinux_netlbl_sk_security_reset(ssec); |
2437 | |
2438 | return 0; |
2439 | } |
2440 | @@ -2952,7 +2952,6 @@ static void selinux_inode_getsecid(const struct inode *inode, u32 *secid) |
2441 | static int selinux_revalidate_file_permission(struct file *file, int mask) |
2442 | { |
2443 | const struct cred *cred = current_cred(); |
2444 | - int rc; |
2445 | struct inode *inode = file->f_path.dentry->d_inode; |
2446 | |
2447 | if (!mask) { |
2448 | @@ -2964,30 +2963,16 @@ static int selinux_revalidate_file_permission(struct file *file, int mask) |
2449 | if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE)) |
2450 | mask |= MAY_APPEND; |
2451 | |
2452 | - rc = file_has_perm(cred, file, |
2453 | - file_mask_to_av(inode->i_mode, mask)); |
2454 | - if (rc) |
2455 | - return rc; |
2456 | - |
2457 | - return selinux_netlbl_inode_permission(inode, mask); |
2458 | + return file_has_perm(cred, file, file_mask_to_av(inode->i_mode, mask)); |
2459 | } |
2460 | |
2461 | static int selinux_file_permission(struct file *file, int mask) |
2462 | { |
2463 | - struct inode *inode = file->f_path.dentry->d_inode; |
2464 | - struct file_security_struct *fsec = file->f_security; |
2465 | - struct inode_security_struct *isec = inode->i_security; |
2466 | - u32 sid = current_sid(); |
2467 | - |
2468 | if (!mask) { |
2469 | /* No permission to check. Existence test. */ |
2470 | return 0; |
2471 | } |
2472 | |
2473 | - if (sid == fsec->sid && fsec->isid == isec->sid |
2474 | - && fsec->pseqno == avc_policy_seqno()) |
2475 | - return selinux_netlbl_inode_permission(inode, mask); |
2476 | - |
2477 | return selinux_revalidate_file_permission(file, mask); |
2478 | } |
2479 | |
2480 | @@ -3799,7 +3784,7 @@ static int selinux_socket_post_create(struct socket *sock, int family, |
2481 | sksec = sock->sk->sk_security; |
2482 | sksec->sid = isec->sid; |
2483 | sksec->sclass = isec->sclass; |
2484 | - err = selinux_netlbl_socket_post_create(sock); |
2485 | + err = selinux_netlbl_socket_post_create(sock->sk, family); |
2486 | } |
2487 | |
2488 | return err; |
2489 | @@ -3990,13 +3975,7 @@ static int selinux_socket_accept(struct socket *sock, struct socket *newsock) |
2490 | static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg, |
2491 | int size) |
2492 | { |
2493 | - int rc; |
2494 | - |
2495 | - rc = socket_has_perm(current, sock, SOCKET__WRITE); |
2496 | - if (rc) |
2497 | - return rc; |
2498 | - |
2499 | - return selinux_netlbl_inode_permission(SOCK_INODE(sock), MAY_WRITE); |
2500 | + return socket_has_perm(current, sock, SOCKET__WRITE); |
2501 | } |
2502 | |
2503 | static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg, |
2504 | @@ -4384,7 +4363,7 @@ static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk) |
2505 | newssec->peer_sid = ssec->peer_sid; |
2506 | newssec->sclass = ssec->sclass; |
2507 | |
2508 | - selinux_netlbl_sk_security_reset(newssec, newsk->sk_family); |
2509 | + selinux_netlbl_sk_security_reset(newssec); |
2510 | } |
2511 | |
2512 | static void selinux_sk_getsecid(struct sock *sk, u32 *secid) |
2513 | @@ -4429,15 +4408,15 @@ static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb, |
2514 | req->secid = sksec->sid; |
2515 | req->peer_secid = SECSID_NULL; |
2516 | return 0; |
2517 | + } else { |
2518 | + err = security_sid_mls_copy(sksec->sid, peersid, &newsid); |
2519 | + if (err) |
2520 | + return err; |
2521 | + req->secid = newsid; |
2522 | + req->peer_secid = peersid; |
2523 | } |
2524 | |
2525 | - err = security_sid_mls_copy(sksec->sid, peersid, &newsid); |
2526 | - if (err) |
2527 | - return err; |
2528 | - |
2529 | - req->secid = newsid; |
2530 | - req->peer_secid = peersid; |
2531 | - return 0; |
2532 | + return selinux_netlbl_inet_conn_request(req, family); |
2533 | } |
2534 | |
2535 | static void selinux_inet_csk_clone(struct sock *newsk, |
2536 | @@ -4454,7 +4433,7 @@ static void selinux_inet_csk_clone(struct sock *newsk, |
2537 | |
2538 | /* We don't need to take any sort of lock here as we are the only |
2539 | * thread with access to newsksec */ |
2540 | - selinux_netlbl_sk_security_reset(newsksec, req->rsk_ops->family); |
2541 | + selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family); |
2542 | } |
2543 | |
2544 | static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb) |
2545 | @@ -4467,8 +4446,6 @@ static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb) |
2546 | family = PF_INET; |
2547 | |
2548 | selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid); |
2549 | - |
2550 | - selinux_netlbl_inet_conn_established(sk, family); |
2551 | } |
2552 | |
2553 | static void selinux_req_classify_flow(const struct request_sock *req, |
2554 | diff --git a/security/selinux/include/netlabel.h b/security/selinux/include/netlabel.h |
2555 | index b913c8d..a5537cd 100644 |
2556 | --- a/security/selinux/include/netlabel.h |
2557 | +++ b/security/selinux/include/netlabel.h |
2558 | @@ -32,6 +32,7 @@ |
2559 | #include <linux/net.h> |
2560 | #include <linux/skbuff.h> |
2561 | #include <net/sock.h> |
2562 | +#include <net/request_sock.h> |
2563 | |
2564 | #include "avc.h" |
2565 | #include "objsec.h" |
2566 | @@ -42,8 +43,7 @@ void selinux_netlbl_cache_invalidate(void); |
2567 | void selinux_netlbl_err(struct sk_buff *skb, int error, int gateway); |
2568 | |
2569 | void selinux_netlbl_sk_security_free(struct sk_security_struct *ssec); |
2570 | -void selinux_netlbl_sk_security_reset(struct sk_security_struct *ssec, |
2571 | - int family); |
2572 | +void selinux_netlbl_sk_security_reset(struct sk_security_struct *ssec); |
2573 | |
2574 | int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, |
2575 | u16 family, |
2576 | @@ -53,8 +53,9 @@ int selinux_netlbl_skbuff_setsid(struct sk_buff *skb, |
2577 | u16 family, |
2578 | u32 sid); |
2579 | |
2580 | -void selinux_netlbl_inet_conn_established(struct sock *sk, u16 family); |
2581 | -int selinux_netlbl_socket_post_create(struct socket *sock); |
2582 | +int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family); |
2583 | +void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family); |
2584 | +int selinux_netlbl_socket_post_create(struct sock *sk, u16 family); |
2585 | int selinux_netlbl_inode_permission(struct inode *inode, int mask); |
2586 | int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, |
2587 | struct sk_buff *skb, |
2588 | @@ -85,8 +86,7 @@ static inline void selinux_netlbl_sk_security_free( |
2589 | } |
2590 | |
2591 | static inline void selinux_netlbl_sk_security_reset( |
2592 | - struct sk_security_struct *ssec, |
2593 | - int family) |
2594 | + struct sk_security_struct *ssec) |
2595 | { |
2596 | return; |
2597 | } |
2598 | @@ -113,12 +113,17 @@ static inline int selinux_netlbl_conn_setsid(struct sock *sk, |
2599 | return 0; |
2600 | } |
2601 | |
2602 | -static inline void selinux_netlbl_inet_conn_established(struct sock *sk, |
2603 | - u16 family) |
2604 | +static inline int selinux_netlbl_inet_conn_request(struct request_sock *req, |
2605 | + u16 family) |
2606 | +{ |
2607 | + return 0; |
2608 | +} |
2609 | +static inline void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family) |
2610 | { |
2611 | return; |
2612 | } |
2613 | -static inline int selinux_netlbl_socket_post_create(struct socket *sock) |
2614 | +static inline int selinux_netlbl_socket_post_create(struct sock *sk, |
2615 | + u16 family) |
2616 | { |
2617 | return 0; |
2618 | } |
2619 | diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c |
2620 | index 350794a..5786c8c 100644 |
2621 | --- a/security/selinux/netlabel.c |
2622 | +++ b/security/selinux/netlabel.c |
2623 | @@ -100,41 +100,6 @@ static struct netlbl_lsm_secattr *selinux_netlbl_sock_genattr(struct sock *sk) |
2624 | } |
2625 | |
2626 | /** |
2627 | - * selinux_netlbl_sock_setsid - Label a socket using the NetLabel mechanism |
2628 | - * @sk: the socket to label |
2629 | - * |
2630 | - * Description: |
2631 | - * Attempt to label a socket using the NetLabel mechanism. Returns zero values |
2632 | - * on success, negative values on failure. |
2633 | - * |
2634 | - */ |
2635 | -static int selinux_netlbl_sock_setsid(struct sock *sk) |
2636 | -{ |
2637 | - int rc; |
2638 | - struct sk_security_struct *sksec = sk->sk_security; |
2639 | - struct netlbl_lsm_secattr *secattr; |
2640 | - |
2641 | - if (sksec->nlbl_state != NLBL_REQUIRE) |
2642 | - return 0; |
2643 | - |
2644 | - secattr = selinux_netlbl_sock_genattr(sk); |
2645 | - if (secattr == NULL) |
2646 | - return -ENOMEM; |
2647 | - rc = netlbl_sock_setattr(sk, secattr); |
2648 | - switch (rc) { |
2649 | - case 0: |
2650 | - sksec->nlbl_state = NLBL_LABELED; |
2651 | - break; |
2652 | - case -EDESTADDRREQ: |
2653 | - sksec->nlbl_state = NLBL_REQSKB; |
2654 | - rc = 0; |
2655 | - break; |
2656 | - } |
2657 | - |
2658 | - return rc; |
2659 | -} |
2660 | - |
2661 | -/** |
2662 | * selinux_netlbl_cache_invalidate - Invalidate the NetLabel cache |
2663 | * |
2664 | * Description: |
2665 | @@ -188,13 +153,9 @@ void selinux_netlbl_sk_security_free(struct sk_security_struct *ssec) |
2666 | * The caller is responsibile for all the NetLabel sk_security_struct locking. |
2667 | * |
2668 | */ |
2669 | -void selinux_netlbl_sk_security_reset(struct sk_security_struct *ssec, |
2670 | - int family) |
2671 | +void selinux_netlbl_sk_security_reset(struct sk_security_struct *ssec) |
2672 | { |
2673 | - if (family == PF_INET) |
2674 | - ssec->nlbl_state = NLBL_REQUIRE; |
2675 | - else |
2676 | - ssec->nlbl_state = NLBL_UNSET; |
2677 | + ssec->nlbl_state = NLBL_UNSET; |
2678 | } |
2679 | |
2680 | /** |
2681 | @@ -281,127 +242,85 @@ skbuff_setsid_return: |
2682 | } |
2683 | |
2684 | /** |
2685 | - * selinux_netlbl_inet_conn_established - Netlabel the newly accepted connection |
2686 | - * @sk: the new connection |
2687 | + * selinux_netlbl_inet_conn_request - Label an incoming stream connection |
2688 | + * @req: incoming connection request socket |
2689 | * |
2690 | * Description: |
2691 | - * A new connection has been established on @sk so make sure it is labeled |
2692 | - * correctly with the NetLabel susbsystem. |
2693 | + * A new incoming connection request is represented by @req, we need to label |
2694 | + * the new request_sock here and the stack will ensure the on-the-wire label |
2695 | + * will get preserved when a full sock is created once the connection handshake |
2696 | + * is complete. Returns zero on success, negative values on failure. |
2697 | * |
2698 | */ |
2699 | -void selinux_netlbl_inet_conn_established(struct sock *sk, u16 family) |
2700 | +int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family) |
2701 | { |
2702 | int rc; |
2703 | - struct sk_security_struct *sksec = sk->sk_security; |
2704 | - struct netlbl_lsm_secattr *secattr; |
2705 | - struct inet_sock *sk_inet = inet_sk(sk); |
2706 | - struct sockaddr_in addr; |
2707 | - |
2708 | - if (sksec->nlbl_state != NLBL_REQUIRE) |
2709 | - return; |
2710 | + struct netlbl_lsm_secattr secattr; |
2711 | |
2712 | - secattr = selinux_netlbl_sock_genattr(sk); |
2713 | - if (secattr == NULL) |
2714 | - return; |
2715 | + if (family != PF_INET) |
2716 | + return 0; |
2717 | |
2718 | - rc = netlbl_sock_setattr(sk, secattr); |
2719 | - switch (rc) { |
2720 | - case 0: |
2721 | - sksec->nlbl_state = NLBL_LABELED; |
2722 | - break; |
2723 | - case -EDESTADDRREQ: |
2724 | - /* no PF_INET6 support yet because we don't support any IPv6 |
2725 | - * labeling protocols */ |
2726 | - if (family != PF_INET) { |
2727 | - sksec->nlbl_state = NLBL_UNSET; |
2728 | - return; |
2729 | - } |
2730 | - |
2731 | - addr.sin_family = family; |
2732 | - addr.sin_addr.s_addr = sk_inet->daddr; |
2733 | - if (netlbl_conn_setattr(sk, (struct sockaddr *)&addr, |
2734 | - secattr) != 0) { |
2735 | - /* we failed to label the connected socket (could be |
2736 | - * for a variety of reasons, the actual "why" isn't |
2737 | - * important here) so we have to go to our backup plan, |
2738 | - * labeling the packets individually in the netfilter |
2739 | - * local output hook. this is okay but we need to |
2740 | - * adjust the MSS of the connection to take into |
2741 | - * account any labeling overhead, since we don't know |
2742 | - * the exact overhead at this point we'll use the worst |
2743 | - * case value which is 40 bytes for IPv4 */ |
2744 | - struct inet_connection_sock *sk_conn = inet_csk(sk); |
2745 | - sk_conn->icsk_ext_hdr_len += 40 - |
2746 | - (sk_inet->opt ? sk_inet->opt->optlen : 0); |
2747 | - sk_conn->icsk_sync_mss(sk, sk_conn->icsk_pmtu_cookie); |
2748 | - |
2749 | - sksec->nlbl_state = NLBL_REQSKB; |
2750 | - } else |
2751 | - sksec->nlbl_state = NLBL_CONNLABELED; |
2752 | - break; |
2753 | - default: |
2754 | - /* note that we are failing to label the socket which could be |
2755 | - * a bad thing since it means traffic could leave the system |
2756 | - * without the desired labeling, however, all is not lost as |
2757 | - * we have a check in selinux_netlbl_inode_permission() to |
2758 | - * pick up the pieces that we might drop here because we can't |
2759 | - * return an error code */ |
2760 | - break; |
2761 | - } |
2762 | + netlbl_secattr_init(&secattr); |
2763 | + rc = security_netlbl_sid_to_secattr(req->secid, &secattr); |
2764 | + if (rc != 0) |
2765 | + goto inet_conn_request_return; |
2766 | + rc = netlbl_req_setattr(req, &secattr); |
2767 | +inet_conn_request_return: |
2768 | + netlbl_secattr_destroy(&secattr); |
2769 | + return rc; |
2770 | } |
2771 | |
2772 | /** |
2773 | - * selinux_netlbl_socket_post_create - Label a socket using NetLabel |
2774 | - * @sock: the socket to label |
2775 | + * selinux_netlbl_inet_csk_clone - Initialize the newly created sock |
2776 | + * @sk: the new sock |
2777 | * |
2778 | * Description: |
2779 | - * Attempt to label a socket using the NetLabel mechanism using the given |
2780 | - * SID. Returns zero values on success, negative values on failure. |
2781 | + * A new connection has been established using @sk, we've already labeled the |
2782 | + * socket via the request_sock struct in selinux_netlbl_inet_conn_request() but |
2783 | + * we need to set the NetLabel state here since we now have a sock structure. |
2784 | * |
2785 | */ |
2786 | -int selinux_netlbl_socket_post_create(struct socket *sock) |
2787 | +void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family) |
2788 | { |
2789 | - return selinux_netlbl_sock_setsid(sock->sk); |
2790 | + struct sk_security_struct *sksec = sk->sk_security; |
2791 | + |
2792 | + if (family == PF_INET) |
2793 | + sksec->nlbl_state = NLBL_LABELED; |
2794 | + else |
2795 | + sksec->nlbl_state = NLBL_UNSET; |
2796 | } |
2797 | |
2798 | /** |
2799 | - * selinux_netlbl_inode_permission - Verify the socket is NetLabel labeled |
2800 | - * @inode: the file descriptor's inode |
2801 | - * @mask: the permission mask |
2802 | + * selinux_netlbl_socket_post_create - Label a socket using NetLabel |
2803 | + * @sock: the socket to label |
2804 | * |
2805 | * Description: |
2806 | - * Looks at a file's inode and if it is marked as a socket protected by |
2807 | - * NetLabel then verify that the socket has been labeled, if not try to label |
2808 | - * the socket now with the inode's SID. Returns zero on success, negative |
2809 | - * values on failure. |
2810 | + * Attempt to label a socket using the NetLabel mechanism using the given |
2811 | + * SID. Returns zero values on success, negative values on failure. |
2812 | * |
2813 | */ |
2814 | -int selinux_netlbl_inode_permission(struct inode *inode, int mask) |
2815 | +int selinux_netlbl_socket_post_create(struct sock *sk, u16 family) |
2816 | { |
2817 | int rc; |
2818 | - struct sock *sk; |
2819 | - struct socket *sock; |
2820 | - struct sk_security_struct *sksec; |
2821 | + struct sk_security_struct *sksec = sk->sk_security; |
2822 | + struct netlbl_lsm_secattr *secattr; |
2823 | |
2824 | - if (!S_ISSOCK(inode->i_mode) || |
2825 | - ((mask & (MAY_WRITE | MAY_APPEND)) == 0)) |
2826 | - return 0; |
2827 | - sock = SOCKET_I(inode); |
2828 | - sk = sock->sk; |
2829 | - if (sk == NULL) |
2830 | - return 0; |
2831 | - sksec = sk->sk_security; |
2832 | - if (sksec == NULL || sksec->nlbl_state != NLBL_REQUIRE) |
2833 | + if (family != PF_INET) |
2834 | return 0; |
2835 | |
2836 | - local_bh_disable(); |
2837 | - bh_lock_sock_nested(sk); |
2838 | - if (likely(sksec->nlbl_state == NLBL_REQUIRE)) |
2839 | - rc = selinux_netlbl_sock_setsid(sk); |
2840 | - else |
2841 | + secattr = selinux_netlbl_sock_genattr(sk); |
2842 | + if (secattr == NULL) |
2843 | + return -ENOMEM; |
2844 | + rc = netlbl_sock_setattr(sk, secattr); |
2845 | + switch (rc) { |
2846 | + case 0: |
2847 | + sksec->nlbl_state = NLBL_LABELED; |
2848 | + break; |
2849 | + case -EDESTADDRREQ: |
2850 | + sksec->nlbl_state = NLBL_REQSKB; |
2851 | rc = 0; |
2852 | - bh_unlock_sock(sk); |
2853 | - local_bh_enable(); |
2854 | + break; |
2855 | + } |
2856 | |
2857 | return rc; |
2858 | } |
2859 | diff --git a/security/smack/smack.h b/security/smack/smack.h |
2860 | index b79582e..1983196 100644 |
2861 | --- a/security/smack/smack.h |
2862 | +++ b/security/smack/smack.h |
2863 | @@ -40,7 +40,6 @@ struct superblock_smack { |
2864 | struct socket_smack { |
2865 | char *smk_out; /* outbound label */ |
2866 | char *smk_in; /* inbound label */ |
2867 | - int smk_labeled; /* label scheme */ |
2868 | char smk_packet[SMK_LABELLEN]; /* TCP peer label */ |
2869 | }; |
2870 | |
2871 | diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c |
2872 | index c1c5f36..b4e811b 100644 |
2873 | --- a/security/smack/smack_lsm.c |
2874 | +++ b/security/smack/smack_lsm.c |
2875 | @@ -7,6 +7,8 @@ |
2876 | * Casey Schaufler <casey@schaufler-ca.com> |
2877 | * |
2878 | * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> |
2879 | + * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. |
2880 | + * Paul Moore <paul.moore@hp.com> |
2881 | * |
2882 | * This program is free software; you can redistribute it and/or modify |
2883 | * it under the terms of the GNU General Public License version 2, |
2884 | @@ -20,6 +22,7 @@ |
2885 | #include <linux/ext2_fs.h> |
2886 | #include <linux/kd.h> |
2887 | #include <asm/ioctls.h> |
2888 | +#include <linux/ip.h> |
2889 | #include <linux/tcp.h> |
2890 | #include <linux/udp.h> |
2891 | #include <linux/mutex.h> |
2892 | @@ -1279,7 +1282,6 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) |
2893 | |
2894 | ssp->smk_in = csp; |
2895 | ssp->smk_out = csp; |
2896 | - ssp->smk_labeled = SMACK_CIPSO_SOCKET; |
2897 | ssp->smk_packet[0] = '\0'; |
2898 | |
2899 | sk->sk_security = ssp; |
2900 | @@ -1397,16 +1399,6 @@ static int smack_netlabel(struct sock *sk, int labeled) |
2901 | |
2902 | bh_unlock_sock(sk); |
2903 | local_bh_enable(); |
2904 | - /* |
2905 | - * Remember the label scheme used so that it is not |
2906 | - * necessary to do the netlabel setting if it has not |
2907 | - * changed the next time through. |
2908 | - * |
2909 | - * The -EDESTADDRREQ case is an indication that there's |
2910 | - * a single level host involved. |
2911 | - */ |
2912 | - if (rc == 0) |
2913 | - ssp->smk_labeled = labeled; |
2914 | |
2915 | return rc; |
2916 | } |
2917 | @@ -1551,19 +1543,14 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, |
2918 | return -EINVAL; |
2919 | |
2920 | hostsp = smack_host_label((struct sockaddr_in *)sap); |
2921 | - if (hostsp == NULL) { |
2922 | - if (ssp->smk_labeled != SMACK_CIPSO_SOCKET) |
2923 | - return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); |
2924 | - return 0; |
2925 | - } |
2926 | + if (hostsp == NULL) |
2927 | + return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); |
2928 | |
2929 | rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE); |
2930 | if (rc != 0) |
2931 | return rc; |
2932 | |
2933 | - if (ssp->smk_labeled != SMACK_UNLABELED_SOCKET) |
2934 | - return smack_netlabel(sock->sk, SMACK_UNLABELED_SOCKET); |
2935 | - return 0; |
2936 | + return smack_netlabel(sock->sk, SMACK_UNLABELED_SOCKET); |
2937 | } |
2938 | |
2939 | /** |
2940 | @@ -2275,21 +2262,14 @@ static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, |
2941 | return 0; |
2942 | |
2943 | hostsp = smack_host_label(sip); |
2944 | - if (hostsp == NULL) { |
2945 | - if (ssp->smk_labeled != SMACK_CIPSO_SOCKET) |
2946 | - return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); |
2947 | - return 0; |
2948 | - } |
2949 | + if (hostsp == NULL) |
2950 | + return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); |
2951 | |
2952 | rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE); |
2953 | if (rc != 0) |
2954 | return rc; |
2955 | |
2956 | - if (ssp->smk_labeled != SMACK_UNLABELED_SOCKET) |
2957 | - return smack_netlabel(sock->sk, SMACK_UNLABELED_SOCKET); |
2958 | - |
2959 | - return 0; |
2960 | - |
2961 | + return smack_netlabel(sock->sk, SMACK_UNLABELED_SOCKET); |
2962 | } |
2963 | |
2964 | |
2965 | @@ -2504,22 +2484,14 @@ static int smack_socket_getpeersec_dgram(struct socket *sock, |
2966 | static void smack_sock_graft(struct sock *sk, struct socket *parent) |
2967 | { |
2968 | struct socket_smack *ssp; |
2969 | - int rc; |
2970 | |
2971 | - if (sk == NULL) |
2972 | - return; |
2973 | - |
2974 | - if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) |
2975 | + if (sk == NULL || |
2976 | + (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) |
2977 | return; |
2978 | |
2979 | ssp = sk->sk_security; |
2980 | ssp->smk_in = ssp->smk_out = current_security(); |
2981 | - ssp->smk_packet[0] = '\0'; |
2982 | - |
2983 | - rc = smack_netlabel(sk, SMACK_CIPSO_SOCKET); |
2984 | - if (rc != 0) |
2985 | - printk(KERN_WARNING "Smack: \"%s\" netlbl error %d.\n", |
2986 | - __func__, -rc); |
2987 | + /* cssp->smk_packet is already set in smack_inet_csk_clone() */ |
2988 | } |
2989 | |
2990 | /** |
2991 | @@ -2534,35 +2506,82 @@ static void smack_sock_graft(struct sock *sk, struct socket *parent) |
2992 | static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, |
2993 | struct request_sock *req) |
2994 | { |
2995 | - struct netlbl_lsm_secattr skb_secattr; |
2996 | + u16 family = sk->sk_family; |
2997 | struct socket_smack *ssp = sk->sk_security; |
2998 | + struct netlbl_lsm_secattr secattr; |
2999 | + struct sockaddr_in addr; |
3000 | + struct iphdr *hdr; |
3001 | char smack[SMK_LABELLEN]; |
3002 | int rc; |
3003 | |
3004 | - if (skb == NULL) |
3005 | - return -EACCES; |
3006 | + /* handle mapped IPv4 packets arriving via IPv6 sockets */ |
3007 | + if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) |
3008 | + family = PF_INET; |
3009 | |
3010 | - netlbl_secattr_init(&skb_secattr); |
3011 | - rc = netlbl_skbuff_getattr(skb, sk->sk_family, &skb_secattr); |
3012 | + netlbl_secattr_init(&secattr); |
3013 | + rc = netlbl_skbuff_getattr(skb, family, &secattr); |
3014 | if (rc == 0) |
3015 | - smack_from_secattr(&skb_secattr, smack); |
3016 | + smack_from_secattr(&secattr, smack); |
3017 | else |
3018 | strncpy(smack, smack_known_huh.smk_known, SMK_MAXLEN); |
3019 | - netlbl_secattr_destroy(&skb_secattr); |
3020 | + netlbl_secattr_destroy(&secattr); |
3021 | + |
3022 | /* |
3023 | - * Receiving a packet requires that the other end |
3024 | - * be able to write here. Read access is not required. |
3025 | - * |
3026 | - * If the request is successful save the peer's label |
3027 | - * so that SO_PEERCRED can report it. |
3028 | - */ |
3029 | + * Receiving a packet requires that the other end be able to write |
3030 | + * here. Read access is not required. |
3031 | + */ |
3032 | rc = smk_access(smack, ssp->smk_in, MAY_WRITE); |
3033 | - if (rc == 0) |
3034 | - strncpy(ssp->smk_packet, smack, SMK_MAXLEN); |
3035 | + if (rc != 0) |
3036 | + return rc; |
3037 | + |
3038 | + /* |
3039 | + * Save the peer's label in the request_sock so we can later setup |
3040 | + * smk_packet in the child socket so that SO_PEERCRED can report it. |
3041 | + */ |
3042 | + req->peer_secid = smack_to_secid(smack); |
3043 | + |
3044 | + /* |
3045 | + * We need to decide if we want to label the incoming connection here |
3046 | + * if we do we only need to label the request_sock and the stack will |
3047 | + * propogate the wire-label to the sock when it is created. |
3048 | + */ |
3049 | + hdr = ip_hdr(skb); |
3050 | + addr.sin_addr.s_addr = hdr->saddr; |
3051 | + rcu_read_lock(); |
3052 | + if (smack_host_label(&addr) == NULL) { |
3053 | + rcu_read_unlock(); |
3054 | + netlbl_secattr_init(&secattr); |
3055 | + smack_to_secattr(smack, &secattr); |
3056 | + rc = netlbl_req_setattr(req, &secattr); |
3057 | + netlbl_secattr_destroy(&secattr); |
3058 | + } else { |
3059 | + rcu_read_unlock(); |
3060 | + netlbl_req_delattr(req); |
3061 | + } |
3062 | |
3063 | return rc; |
3064 | } |
3065 | |
3066 | +/** |
3067 | +* smack_inet_csk_clone - Copy the connection information to the new socket |
3068 | +* @sk: the new socket |
3069 | +* @req: the connection's request_sock |
3070 | +* |
3071 | +* Transfer the connection's peer label to the newly created socket. |
3072 | +*/ |
3073 | +static void smack_inet_csk_clone(struct sock *sk, |
3074 | + const struct request_sock *req) |
3075 | +{ |
3076 | + struct socket_smack *ssp = sk->sk_security; |
3077 | + char *smack; |
3078 | + |
3079 | + if (req->peer_secid != 0) { |
3080 | + smack = smack_from_secid(req->peer_secid); |
3081 | + strncpy(ssp->smk_packet, smack, SMK_MAXLEN); |
3082 | + } else |
3083 | + ssp->smk_packet[0] = '\0'; |
3084 | +} |
3085 | + |
3086 | /* |
3087 | * Key management security hooks |
3088 | * |
3089 | @@ -2915,6 +2934,7 @@ struct security_operations smack_ops = { |
3090 | .sk_free_security = smack_sk_free_security, |
3091 | .sock_graft = smack_sock_graft, |
3092 | .inet_conn_request = smack_inet_conn_request, |
3093 | + .inet_csk_clone = smack_inet_csk_clone, |
3094 | |
3095 | /* key management security hooks */ |
3096 | #ifdef CONFIG_KEYS |
3097 | diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c |
3098 | index 6094344..0547239 100644 |
3099 | --- a/sound/pci/hda/patch_sigmatel.c |
3100 | +++ b/sound/pci/hda/patch_sigmatel.c |
3101 | @@ -4007,7 +4007,12 @@ static int stac92xx_init(struct hda_codec *codec) |
3102 | pinctl = snd_hda_codec_read(codec, nid, 0, |
3103 | AC_VERB_GET_PIN_WIDGET_CONTROL, 0); |
3104 | /* if PINCTL already set then skip */ |
3105 | - if (!(pinctl & AC_PINCTL_IN_EN)) { |
3106 | + /* Also, if both INPUT and OUTPUT are set, |
3107 | + * it must be a BIOS bug; need to override, too |
3108 | + */ |
3109 | + if (!(pinctl & AC_PINCTL_IN_EN) || |
3110 | + (pinctl & AC_PINCTL_OUT_EN)) { |
3111 | + pinctl &= ~AC_PINCTL_OUT_EN; |
3112 | pinctl |= AC_PINCTL_IN_EN; |
3113 | stac92xx_auto_set_pinctl(codec, nid, |
3114 | pinctl); |
3115 | diff --git a/sound/soc/codecs/wm8990.c b/sound/soc/codecs/wm8990.c |
3116 | index a5731fa..380302d 100644 |
3117 | --- a/sound/soc/codecs/wm8990.c |
3118 | +++ b/sound/soc/codecs/wm8990.c |
3119 | @@ -744,7 +744,7 @@ SND_SOC_DAPM_MIXER_E("INMIXL", WM8990_INTDRIVBITS, WM8990_INMIXL_PWR_BIT, 0, |
3120 | inmixer_event, SND_SOC_DAPM_POST_PMU | SND_SOC_DAPM_POST_PMD), |
3121 | |
3122 | /* AINLMUX */ |
3123 | -SND_SOC_DAPM_MUX_E("AILNMUX", WM8990_INTDRIVBITS, WM8990_AINLMUX_PWR_BIT, 0, |
3124 | +SND_SOC_DAPM_MUX_E("AINLMUX", WM8990_INTDRIVBITS, WM8990_AINLMUX_PWR_BIT, 0, |
3125 | &wm8990_dapm_ainlmux_controls, inmixer_event, |
3126 | SND_SOC_DAPM_POST_PMU | SND_SOC_DAPM_POST_PMD), |
3127 | |
3128 | @@ -755,7 +755,7 @@ SND_SOC_DAPM_MIXER_E("INMIXR", WM8990_INTDRIVBITS, WM8990_INMIXR_PWR_BIT, 0, |
3129 | inmixer_event, SND_SOC_DAPM_POST_PMU | SND_SOC_DAPM_POST_PMD), |
3130 | |
3131 | /* AINRMUX */ |
3132 | -SND_SOC_DAPM_MUX_E("AIRNMUX", WM8990_INTDRIVBITS, WM8990_AINRMUX_PWR_BIT, 0, |
3133 | +SND_SOC_DAPM_MUX_E("AINRMUX", WM8990_INTDRIVBITS, WM8990_AINRMUX_PWR_BIT, 0, |
3134 | &wm8990_dapm_ainrmux_controls, inmixer_event, |
3135 | SND_SOC_DAPM_POST_PMU | SND_SOC_DAPM_POST_PMD), |
3136 | |
3137 | @@ -863,40 +863,40 @@ static const struct snd_soc_dapm_route audio_map[] = { |
3138 | {"LIN12 PGA", "LIN2 Switch", "LIN2"}, |
3139 | /* LIN34 PGA */ |
3140 | {"LIN34 PGA", "LIN3 Switch", "LIN3"}, |
3141 | - {"LIN34 PGA", "LIN4 Switch", "LIN4"}, |
3142 | + {"LIN34 PGA", "LIN4 Switch", "LIN4/RXN"}, |
3143 | /* INMIXL */ |
3144 | {"INMIXL", "Record Left Volume", "LOMIX"}, |
3145 | {"INMIXL", "LIN2 Volume", "LIN2"}, |
3146 | {"INMIXL", "LINPGA12 Switch", "LIN12 PGA"}, |
3147 | {"INMIXL", "LINPGA34 Switch", "LIN34 PGA"}, |
3148 | - /* AILNMUX */ |
3149 | - {"AILNMUX", "INMIXL Mix", "INMIXL"}, |
3150 | - {"AILNMUX", "DIFFINL Mix", "LIN12PGA"}, |
3151 | - {"AILNMUX", "DIFFINL Mix", "LIN34PGA"}, |
3152 | - {"AILNMUX", "RXVOICE Mix", "LIN4/RXN"}, |
3153 | - {"AILNMUX", "RXVOICE Mix", "RIN4/RXP"}, |
3154 | + /* AINLMUX */ |
3155 | + {"AINLMUX", "INMIXL Mix", "INMIXL"}, |
3156 | + {"AINLMUX", "DIFFINL Mix", "LIN12 PGA"}, |
3157 | + {"AINLMUX", "DIFFINL Mix", "LIN34 PGA"}, |
3158 | + {"AINLMUX", "RXVOICE Mix", "LIN4/RXN"}, |
3159 | + {"AINLMUX", "RXVOICE Mix", "RIN4/RXP"}, |
3160 | /* ADC */ |
3161 | - {"Left ADC", NULL, "AILNMUX"}, |
3162 | + {"Left ADC", NULL, "AINLMUX"}, |
3163 | |
3164 | /* RIN12 PGA */ |
3165 | {"RIN12 PGA", "RIN1 Switch", "RIN1"}, |
3166 | {"RIN12 PGA", "RIN2 Switch", "RIN2"}, |
3167 | /* RIN34 PGA */ |
3168 | {"RIN34 PGA", "RIN3 Switch", "RIN3"}, |
3169 | - {"RIN34 PGA", "RIN4 Switch", "RIN4"}, |
3170 | + {"RIN34 PGA", "RIN4 Switch", "RIN4/RXP"}, |
3171 | /* INMIXL */ |
3172 | {"INMIXR", "Record Right Volume", "ROMIX"}, |
3173 | {"INMIXR", "RIN2 Volume", "RIN2"}, |
3174 | {"INMIXR", "RINPGA12 Switch", "RIN12 PGA"}, |
3175 | {"INMIXR", "RINPGA34 Switch", "RIN34 PGA"}, |
3176 | - /* AIRNMUX */ |
3177 | - {"AIRNMUX", "INMIXR Mix", "INMIXR"}, |
3178 | - {"AIRNMUX", "DIFFINR Mix", "RIN12PGA"}, |
3179 | - {"AIRNMUX", "DIFFINR Mix", "RIN34PGA"}, |
3180 | - {"AIRNMUX", "RXVOICE Mix", "RIN4/RXN"}, |
3181 | - {"AIRNMUX", "RXVOICE Mix", "RIN4/RXP"}, |
3182 | + /* AINRMUX */ |
3183 | + {"AINRMUX", "INMIXR Mix", "INMIXR"}, |
3184 | + {"AINRMUX", "DIFFINR Mix", "RIN12 PGA"}, |
3185 | + {"AINRMUX", "DIFFINR Mix", "RIN34 PGA"}, |
3186 | + {"AINRMUX", "RXVOICE Mix", "LIN4/RXN"}, |
3187 | + {"AINRMUX", "RXVOICE Mix", "RIN4/RXP"}, |
3188 | /* ADC */ |
3189 | - {"Right ADC", NULL, "AIRNMUX"}, |
3190 | + {"Right ADC", NULL, "AINRMUX"}, |
3191 | |
3192 | /* LOMIX */ |
3193 | {"LOMIX", "LOMIX RIN3 Bypass Switch", "RIN3"}, |
3194 | @@ -937,7 +937,7 @@ static const struct snd_soc_dapm_route audio_map[] = { |
3195 | {"LOPMIX", "LOPMIX Left Mixer PGA Switch", "LOPGA"}, |
3196 | |
3197 | /* OUT3MIX */ |
3198 | - {"OUT3MIX", "OUT3MIX LIN4/RXP Bypass Switch", "LIN4/RXP"}, |
3199 | + {"OUT3MIX", "OUT3MIX LIN4/RXP Bypass Switch", "LIN4/RXN"}, |
3200 | {"OUT3MIX", "OUT3MIX Left Out PGA Switch", "LOPGA"}, |
3201 | |
3202 | /* OUT4MIX */ |
3203 | @@ -964,7 +964,7 @@ static const struct snd_soc_dapm_route audio_map[] = { |
3204 | /* Output Pins */ |
3205 | {"LON", NULL, "LONMIX"}, |
3206 | {"LOP", NULL, "LOPMIX"}, |
3207 | - {"OUT", NULL, "OUT3MIX"}, |
3208 | + {"OUT3", NULL, "OUT3MIX"}, |
3209 | {"LOUT", NULL, "LOUT PGA"}, |
3210 | {"SPKN", NULL, "SPKMIX"}, |
3211 | {"ROUT", NULL, "ROUT PGA"}, |