Push to branch refs/heads/master: 2bc06916edd369639cd3e7b4981ed2f6a2d11fb6 --> c9bfc3b0c85dc9ccdb76527777197b71bd6fdc9d
Documentation/filesystems/00-INDEX | 2 + Documentation/filesystems/porting | 4 +- Documentation/filesystems/wrapfs.txt | 172 +++++++ Documentation/kernel-parameters.txt | 2 + MAINTAINERS | 9 + Makefile | 4 +- arch/alpha/include/asm/uaccess.h | 19 +- arch/alpha/kernel/pci-sysfs.c | 4 +- arch/arm/common/sa1111.c | 22 +- arch/arm/kernel/ptrace.c | 2 +- arch/arm/kernel/sys_oabi-compat.c | 8 +- arch/arm/mach-omap2/omap_hwmod_3xxx_data.c | 12 + arch/avr32/include/asm/uaccess.h | 11 +- arch/avr32/kernel/avr32_ksyms.c | 2 +- arch/avr32/lib/copy_user.S | 8 +- arch/avr32/mach-at32ap/pio.c | 2 +- arch/blackfin/include/asm/uaccess.h | 9 +- arch/cris/include/asm/uaccess.h | 71 ++- arch/frv/include/asm/uaccess.h | 12 +- arch/hexagon/include/asm/uaccess.h | 3 +- arch/ia64/include/asm/uaccess.h | 20 +- arch/m32r/include/asm/uaccess.h | 2 +- arch/microblaze/include/asm/uaccess.h | 11 +- arch/mips/include/asm/pgtable.h | 45 +- arch/mips/kernel/scall64-n32.S | 2 +- arch/mips/kernel/scall64-o32.S | 2 +- arch/mips/mm/sc-rm7k.c | 2 +- arch/mn10300/include/asm/uaccess.h | 1 + arch/mn10300/lib/usercopy.c | 5 +- arch/openrisc/include/asm/uaccess.h | 35 +- arch/parisc/include/asm/errno.h | 4 +- arch/parisc/include/asm/uaccess.h | 7 +- arch/parisc/kernel/syscall.S | 2 +- arch/parisc/kernel/unaligned.c | 10 +- arch/powerpc/include/asm/cputable.h | 1 + arch/powerpc/include/asm/uaccess.h | 21 +- arch/powerpc/kernel/prom.c | 2 +- arch/powerpc/mm/hash_utils_64.c | 29 +- arch/powerpc/mm/numa.c | 18 +- arch/s390/include/asm/auxvec.h | 2 + arch/s390/include/asm/elf.h | 1 + arch/s390/include/asm/hugetlb.h | 1 + arch/s390/include/asm/uaccess.h | 8 +- arch/score/include/asm/uaccess.h | 46 +- arch/sh/include/asm/uaccess.h | 5 +- arch/sh/include/asm/uaccess_64.h | 1 + arch/sparc/include/asm/uaccess_32.h | 4 +- arch/x86/boot/Makefile | 3 + arch/x86/ia32/ia32entry.S | 2 +- arch/x86/include/asm/hugetlb.h | 1 + arch/x86/include/asm/microcode.h | 1 + arch/x86/include/asm/tlbflush.h | 7 + arch/x86/include/asm/uaccess_64.h | 24 +- arch/x86/kernel/amd_nb.c | 4 +- arch/x86/kernel/apic/apic.c | 3 + arch/x86/kernel/early-quirks.c | 106 +++- arch/x86/kernel/kprobes.c | 12 + arch/x86/kernel/microcode_amd.c | 54 +- arch/x86/kernel/paravirt.c | 4 +- arch/x86/kvm/vmx.c | 62 ++- arch/x86/kvm/x86.c | 15 +- arch/x86/pci/fixup.c | 7 + block/genhd.c | 1 + crypto/ahash.c | 3 +- crypto/blkcipher.c | 3 +- crypto/cryptd.c | 9 +- crypto/gcm.c | 26 +- crypto/scatterwalk.c | 3 +- drivers/acpi/acpica/dsmethod.c | 3 + drivers/acpi/sysfs.c | 7 +- drivers/ata/libahci.c | 1 + drivers/ata/sata_dwc_460ex.c | 4 +- drivers/base/isa.c | 2 +- drivers/base/module.c | 8 +- drivers/base/regmap/regcache.c | 2 +- drivers/bcma/bcma_private.h | 2 - drivers/bluetooth/ath3k.c | 4 + drivers/bluetooth/btusb.c | 2 + drivers/char/Kconfig | 1 - drivers/char/i8k.c | 18 +- drivers/char/ipmi/ipmi_si_intf.c | 2 +- drivers/char/tpm/tpm_tis.c | 9 +- drivers/crypto/s5p-sss.c | 61 ++- drivers/edac/i7core_edac.c | 2 +- drivers/edac/sb_edac.c | 2 +- drivers/firewire/net.c | 46 +- drivers/gpu/drm/drm_crtc.c | 3 + drivers/gpu/drm/drm_edid.c | 8 + drivers/gpu/drm/i915/i915_drv.c | 29 ++ drivers/gpu/drm/radeon/atombios_encoders.c | 4 + drivers/gpu/drm/radeon/radeon_atombios.c | 4 +- drivers/gpu/drm/radeon/radeon_connectors.c | 15 +- drivers/gpu/drm/radeon/radeon_device.c | 21 + drivers/gpu/drm/radeon/radeon_ttm.c | 4 +- drivers/hid/usbhid/hiddev.c | 10 +- drivers/hwmon/adt7411.c | 5 +- drivers/i2c/busses/i2c-eg20t.c | 18 +- drivers/infiniband/core/multicast.c | 13 +- drivers/infiniband/core/ucm.c | 4 + drivers/infiniband/core/ucma.c | 4 + drivers/infiniband/core/uverbs_main.c | 5 + drivers/infiniband/hw/cxgb3/cxio_hal.c | 2 +- drivers/infiniband/hw/ipath/ipath_file_ops.c | 5 + drivers/infiniband/hw/mlx4/ah.c | 2 +- drivers/infiniband/hw/mlx4/qp.c | 2 +- drivers/infiniband/hw/qib/qib_file_ops.c | 5 + drivers/infiniband/ulp/ipoib/ipoib.h | 1 + drivers/infiniband/ulp/ipoib/ipoib_cm.c | 16 + drivers/infiniband/ulp/ipoib/ipoib_ib.c | 9 + drivers/infiniband/ulp/ipoib/ipoib_main.c | 2 +- drivers/input/joystick/xpad.c | 7 + drivers/input/misc/pmic8xxx-pwrkey.c | 8 +- drivers/input/misc/pwm-beeper.c | 70 ++- drivers/input/misc/uinput.c | 6 + drivers/input/mouse/elantech.c | 8 +- drivers/input/serio/i8042.c | 17 +- drivers/input/serio/libps2.c | 10 +- drivers/input/tablet/gtco.c | 10 +- drivers/input/touchscreen/wacom_w8001.c | 2 +- drivers/md/dm-flakey.c | 23 +- drivers/media/video/usbvision/usbvision-video.c | 7 - drivers/mmc/core/mmc.c | 7 + drivers/mtd/maps/pmcmsp-flash.c | 6 +- drivers/mtd/nand/davinci_nand.c | 3 + drivers/mtd/nand/nand_base.c | 2 +- drivers/mtd/ubi/build.c | 5 +- drivers/mtd/ubi/eba.c | 19 +- drivers/net/bonding/bond_3ad.c | 13 +- drivers/net/bonding/bond_alb.c | 7 +- drivers/net/bonding/bonding.h | 3 + drivers/net/can/at91_can.c | 5 +- drivers/net/can/dev.c | 33 +- drivers/net/ethernet/atheros/atlx/atl2.c | 2 +- drivers/net/ethernet/ethoc.c | 10 +- drivers/net/ethernet/ibm/ehea/ehea_main.c | 9 +- drivers/net/ethernet/mellanox/mlx4/mcg.c | 4 +- drivers/net/ppp/ppp_generic.c | 5 +- drivers/net/wireless/ath/ath5k/led.c | 2 +- drivers/net/wireless/brcm80211/brcmsmac/stf.c | 2 +- drivers/net/wireless/mac80211_hwsim.c | 1 + drivers/pci/pci-sysfs.c | 7 +- drivers/pci/probe.c | 6 +- drivers/pps/clients/pps_parport.c | 2 +- drivers/s390/block/dasd.c | 10 +- drivers/s390/net/qeth_l2_main.c | 1 + drivers/s390/net/qeth_l3_main.c | 1 + drivers/scsi/aacraid/commctrl.c | 13 +- drivers/scsi/aacraid/commsup.c | 4 + drivers/scsi/arcmsr/arcmsr_hba.c | 8 +- drivers/scsi/megaraid/megaraid_sas_base.c | 6 +- drivers/scsi/megaraid/megaraid_sas_fusion.c | 2 +- drivers/staging/iio/accel/kxsd9.c | 6 +- drivers/staging/iio/accel/sca3000_core.c | 2 +- drivers/staging/iio/industrialio-trigger.c | 25 +- drivers/staging/pohmelfs/Kconfig | 1 + drivers/tty/serial/samsung.c | 4 +- drivers/tty/vt/keyboard.c | 30 +- drivers/tty/vt/vt.c | 5 +- drivers/usb/class/cdc-acm.c | 5 +- drivers/usb/class/cdc-acm.h | 1 - drivers/usb/core/config.c | 93 +++- drivers/usb/core/devio.c | 25 +- drivers/usb/core/hcd-pci.c | 8 + drivers/usb/gadget/f_fs.c | 6 +- drivers/usb/gadget/fsl_qe_udc.c | 7 +- drivers/usb/host/xhci-hub.c | 3 + drivers/usb/host/xhci-mem.c | 5 + drivers/usb/host/xhci-pci.c | 7 +- drivers/usb/musb/musb_host.c | 21 +- drivers/usb/renesas_usbhs/fifo.c | 18 +- drivers/usb/renesas_usbhs/mod_gadget.c | 9 +- drivers/usb/serial/cp210x.c | 4 + drivers/usb/serial/ftdi_sio.c | 3 + drivers/usb/serial/ftdi_sio_ids.h | 12 + drivers/usb/serial/mos7720.c | 2 +- drivers/usb/serial/mos7840.c | 4 +- drivers/usb/serial/option.c | 142 +++++- drivers/usb/storage/usb.c | 5 +- drivers/virtio/virtio_balloon.c | 2 + drivers/xen/events.c | 6 +- drivers/xen/xen-pciback/conf_space.c | 6 +- drivers/xen/xenfs/xenbus.c | 14 +- fs/9p/acl.c | 40 +- fs/9p/vfs_inode.c | 2 +- fs/9p/vfs_inode_dotl.c | 2 +- fs/Kconfig | 1 + fs/Makefile | 1 + fs/adfs/inode.c | 2 +- fs/affs/inode.c | 2 +- fs/attr.c | 35 +- fs/btrfs/acl.c | 4 +- fs/btrfs/ctree.h | 1 + fs/btrfs/file.c | 2 +- fs/btrfs/inode.c | 4 +- fs/btrfs/ioctl.c | 33 ++ fs/ceph/file.c | 13 +- fs/ceph/inode.c | 2 +- fs/cifs/inode.c | 4 +- fs/cifs/sess.c | 207 ++++---- fs/dcache.c | 5 +- fs/ecryptfs/file.c | 15 +- fs/ecryptfs/inode.c | 2 +- fs/ecryptfs/main.c | 7 + fs/exofs/inode.c | 2 +- fs/ext2/acl.c | 12 +- fs/ext2/inode.c | 2 +- fs/ext3/acl.c | 12 +- fs/ext3/inode.c | 6 +- fs/ext4/acl.c | 12 +- fs/ext4/extents.c | 8 +- fs/ext4/ialloc.c | 10 +- fs/ext4/inode.c | 8 +- fs/ext4/mballoc.c | 17 +- fs/ext4/super.c | 35 +- fs/fat/file.c | 2 +- fs/fuse/dir.c | 2 +- fs/generic_acl.c | 15 +- fs/gfs2/acl.c | 16 +- fs/gfs2/inode.c | 2 +- fs/hfs/inode.c | 2 +- fs/hfsplus/inode.c | 2 +- fs/hostfs/hostfs_kern.c | 9 +- fs/hpfs/inode.c | 2 +- fs/hugetlbfs/inode.c | 7 +- fs/isofs/rock.c | 13 +- fs/jffs2/acl.c | 9 +- fs/jffs2/fs.c | 2 +- fs/jfs/file.c | 2 +- fs/jfs/xattr.c | 6 +- fs/libfs.c | 2 +- fs/logfs/file.c | 2 +- fs/minix/file.c | 2 +- fs/ncpfs/inode.c | 2 +- fs/nfs/callback_xdr.c | 6 +- fs/nfs/nfs4proc.c | 20 +- fs/nfs/write.c | 5 +- fs/nfsd/vfs.c | 12 +- fs/nilfs2/inode.c | 2 +- fs/nilfs2/the_nilfs.c | 2 +- fs/ntfs/inode.c | 2 +- fs/ocfs2/acl.c | 9 +- fs/ocfs2/dlm/dlmconvert.c | 12 +- fs/ocfs2/dlmfs/dlmfs.c | 2 +- fs/ocfs2/file.c | 36 +- fs/omfs/file.c | 2 +- fs/posix_acl.c | 30 ++ fs/proc/base.c | 5 +- fs/proc/generic.c | 2 +- fs/proc/proc_sysctl.c | 2 +- fs/proc/root.c | 7 + fs/ramfs/file-nommu.c | 2 +- fs/reiserfs/inode.c | 2 +- fs/reiserfs/xattr_acl.c | 8 +- fs/seq_file.c | 4 +- fs/sysfs/inode.c | 2 +- fs/sysv/file.c | 2 +- fs/ubifs/file.c | 26 +- fs/ubifs/tnc_commit.c | 2 +- fs/udf/file.c | 2 +- fs/ufs/truncate.c | 2 +- fs/utimes.c | 4 +- fs/wrapfs/Kconfig | 9 + fs/wrapfs/Makefile | 7 + fs/wrapfs/dentry.c | 52 ++ fs/wrapfs/file.c | 377 ++++++++++++++ fs/wrapfs/inode.c | 623 ++++++++++++++++++++++++ fs/wrapfs/lookup.c | 325 ++++++++++++ fs/wrapfs/main.c | 175 +++++++ fs/wrapfs/mmap.c | 94 ++++ fs/wrapfs/super.c | 208 ++++++++ fs/wrapfs/wrapfs.h | 208 ++++++++ fs/xfs/xfs_acl.c | 26 +- fs/xfs/xfs_file.c | 6 +- fs/xfs/xfs_ioctl.c | 3 +- fs/xfs/xfs_iops.c | 26 +- fs/xfs/xfs_vnodeops.c | 5 +- fs/xfs/xfs_vnodeops.h | 7 +- include/asm-generic/uaccess.h | 20 +- include/linux/bcma/bcma.h | 1 + include/linux/bcma/bcma_regs.h | 1 + include/linux/can/dev.h | 3 +- include/linux/etherdevice.h | 11 + include/linux/fs.h | 13 +- include/linux/hash.h | 20 + include/linux/hugetlb.h | 9 + include/linux/i8042.h | 6 - include/linux/magic.h | 2 + include/linux/migrate.h | 3 + include/linux/mm.h | 1 + include/linux/mroute.h | 2 +- include/linux/mroute6.h | 2 +- include/linux/netdevice.h | 21 +- include/linux/posix_acl.h | 1 + include/linux/serio.h | 24 +- include/linux/sunrpc/msg_prot.h | 4 +- include/linux/usb_usual.h | 2 + include/net/tcp.h | 2 + include/rdma/ib.h | 21 + kernel/auditsc.c | 333 +++++++------ kernel/exit.c | 29 +- kernel/sched.c | 53 +- kernel/trace/trace.c | 15 +- mm/huge_memory.c | 55 +-- mm/hugetlb.c | 20 +- mm/ksm.c | 3 +- mm/memory.c | 39 +- mm/migrate.c | 4 +- mm/shmem.c | 2 +- net/ax25/ax25_ip.c | 15 - net/batman-adv/routing.c | 9 + net/batman-adv/send.c | 6 + net/batman-adv/soft-interface.c | 8 +- net/batman-adv/translation-table.c | 42 +- net/batman-adv/types.h | 1 + net/bluetooth/l2cap_sock.c | 2 +- net/bluetooth/rfcomm/sock.c | 19 +- net/core/rtnetlink.c | 18 +- net/ipv4/ipmr.c | 3 +- net/ipv4/route.c | 3 +- net/ipv4/tcp_input.c | 17 +- net/ipv4/tcp_output.c | 3 +- net/ipv6/ip6mr.c | 5 +- net/ipv6/route.c | 4 +- net/irda/af_irda.c | 12 +- net/l2tp/l2tp_ppp.c | 7 +- net/llc/af_llc.c | 1 + net/netfilter/nf_conntrack_core.c | 4 +- net/netfilter/nfnetlink_queue.c | 3 - net/netlabel/netlabel_kapi.c | 12 +- net/rds/recv.c | 2 + net/sunrpc/svc.c | 7 +- net/tipc/node.c | 3 +- net/wireless/nl80211.c | 2 +- net/x25/x25_facilities.c | 1 + net/xfrm/xfrm_state.c | 1 + net/xfrm/xfrm_user.c | 9 +- security/keys/key.c | 2 +- security/keys/proc.c | 2 +- sound/core/control.c | 2 + sound/core/rawmidi.c | 4 +- sound/core/timer.c | 77 ++- sound/drivers/dummy.c | 1 + sound/pci/au88x0/au88x0_core.c | 5 +- sound/pci/echoaudio/echoaudio.c | 4 +- virt/kvm/assigned-dev.c | 2 +- virt/kvm/kvm_main.c | 2 + 346 files changed, 4918 insertions(+), 1323 deletions(-) commit c9bfc3b0c85dc9ccdb76527777197b71bd6fdc9d Author: Erez Zadok <[email protected]> Date: Tue Dec 27 18:11:05 2016 -0500 Wrapfs: inode_change_ok renamed setattr_prepare Signed-off-by: Erez Zadok <[email protected]> commit b57476ab7d5a47efcd04c9682e042192747f8c90 Author: Erez Zadok <[email protected]> Date: Sun May 22 01:29:56 2016 -0400 Wrapfs: support NFS exports Based on patch from Sandeep Joshi <[email protected]>. Signed-off-by: Erez Zadok <[email protected]> commit 4eac6921ad31e4da55b7549c3259724e01ddfdee Author: Erez Zadok <[email protected]> Date: Sun May 22 01:29:56 2016 -0400 Wrapfs: use d_splice_alias Refactor interpose code to allow lookup to use d_splice_alias. Signed-off-by: Erez Zadok <[email protected]> commit 9d7c8c9d9f99908bdb96f06812bb978b4b798d62 Author: Erez Zadok <[email protected]> Date: Mon Dec 14 18:40:47 2015 -0500 Wrapfs: update nlinks after rename Signed-off-by: Logeswari P Viswanath <[email protected]> Signed-off-by: Erez Zadok <[email protected]> commit daf43401a9c485948e858fdfa509580c29b068c5 Author: Erez Zadok <[email protected]> Date: Wed Nov 4 01:39:26 2015 -0500 Wrapfs: update copyright year to 2015 commit 57c8fb00b9bc63c37acefe2cfbdec9ea393e70e9 Author: Erez Zadok <[email protected]> Date: Wed Nov 4 01:39:26 2015 -0500 Wrapfs: use vfs xattr helpers Signed-off-by: Erez Zadok <[email protected]> commit 45c25c952d18814fc0da1c201595ac3ffb796195 Author: Erez Zadok <[email protected]> Date: Fri Aug 15 23:25:45 2014 -0400 Wrapfs: properly copy meta-data after AIO operations from lower inode Signed-off-by: Mengyang Li <[email protected]> Signed-off-by: Erez Zadok <[email protected]> commit ddbebdd479ba827b8e96c85e9e95ec1ee3cb2694 Author: Erez Zadok <[email protected]> Date: Mon Aug 11 19:03:44 2014 -0400 Wrapfs: leave placeholders for updating upper inode after AIO Signed-off-by: Erez Zadok <[email protected]> commit d0c368e168614c51689d1a72101f466c047befe5 Author: Erez Zadok <[email protected]> Date: Sun Aug 10 03:02:42 2014 -0400 Wrapfs: protect lower_file by ref-count during aio operation Signed-off-by: Erez Zadok <[email protected]> Signed-off-by: Mengyang Li <[email protected]> commit dbab5b71a8688ef506dc1c402ccca6c132b5b9b2 Author: Erez Zadok <[email protected]> Date: Wed Jun 25 23:27:33 2014 -0400 Wrapfs: fix ->llseek to update upper and lower offsets Fixes bug: xfstests generic/257. f_pos consistently is required by and only by dir_ops->wrapfs_readdir, main_ops is not affected. Signed-off-by: Erez Zadok <[email protected]> Signed-off-by: Mengyang Li <[email protected]> commit 134d4bd67a74e6b47288b13e3a8e9b2636768b72 Author: Erez Zadok <[email protected]> Date: Wed Jun 25 23:27:33 2014 -0400 Wrapfs: support extended attributes (xattr) operations Signed-off-by: Erez Zadok <[email protected]> Signed-off-by: Mengyang Li <[email protected]> commit eab916b5d21fa428809a25883e6c796750ec3177 Author: Erez Zadok <[email protected]> Date: Fri Jun 20 20:31:38 2014 -0400 Wrapfs: support asynchronous-IO (AIO) operations Signed-off-by: Li Mengyang <[email protected]> Signed-off-by: Erez Zadok <[email protected]> commit 6fc9b16e2e8ddbe9ada996fcf6d8b444555b3a2f Author: Erez Zadok <[email protected]> Date: Fri Jun 20 20:31:38 2014 -0400 Wrapfs: support direct-IO (DIO) operations Signed-off-by: Li Mengyang <[email protected]> Signed-off-by: Erez Zadok <[email protected]> commit a48e07096b9d0cc7cdd806c43cb82b7f248eb001 Author: Erez Zadok <[email protected]> Date: Thu May 15 00:16:03 2014 -0400 Wrapfs: implement vm_ops->page_mkwrite Some file systems (e.g., ext4) require it. Reported by Ted Ts'o. Signed-off-by: Erez Zadok <[email protected]> commit 090dbbfa895b1758194633b1a176760edf15b86c Author: Erez Zadok <[email protected]> Date: Thu Apr 3 14:06:57 2014 -0400 Wrapfs: update documentation Signed-off-by: Erez Zadok <[email protected]> commit 8c885021c31d7fbbd5e4481406806cbb6a933d79 Author: Erez Zadok <[email protected]> Date: Thu Apr 3 14:06:53 2014 -0400 Wrapfs: update maintainers Signed-off-by: Erez Zadok <[email protected]> commit c849a8e97f74218650222e1793da5fc521078665 Author: Erez Zadok <[email protected]> Date: Tue Jan 21 03:20:34 2014 -0500 Wrapfs: update documentation Signed-off-by: Erez Zadok <[email protected]> commit 4b562173617e81eb88d92f3681d899085d636221 Author: Erez Zadok <[email protected]> Date: Tue Jan 21 01:16:11 2014 -0500 Wrapfs: 2014 Copyright update Signed-off-by: Erez Zadok <[email protected]> commit cbe057e05c62af5d7640f6bba37709f5f6c3a350 Author: Erez Zadok <[email protected]> Date: Wed Jun 5 01:44:31 2013 -0400 Wrapfs: copy lower inode attributes in ->ioctl Some ioctls (e.g., EXT2_IOC_SETFLAGS) can change inode attributes, so copy them from lower inode. Signed-off-by: Erez Zadok <[email protected]> commit 331c9d467cc0c3f28680b1d1bfcef3a043bbde65 Author: Erez Zadok <[email protected]> Date: Wed Jun 5 01:43:31 2013 -0400 Wrapfs: remove unnecessary call to vm_unmap in ->mmap Code is unnecessary and causes deadlocks in newer kernels. Signed-off-by: Erez Zadok <[email protected]> commit 14e2e31603f970284cbef6a874b77864469c36f3 Author: Erez Zadok <[email protected]> Date: Sun Jun 2 21:55:03 2013 -0400 patch copyright-2013.patch commit dc010c28924bccd3ed1082afc9d9d61e92afd830 Author: Erez Zadok <[email protected]> Date: Sun Jan 29 20:33:14 2012 -0500 Wrapfs: use set_nlink() Signed-off-by: Erez Zadok <[email protected]> commit df8c5b54a8aff2b894e4e9aaafd5e53e96036709 Author: Erez Zadok <[email protected]> Date: Fri Sep 9 00:47:49 2011 -0400 Wrapfs: drop our dentry in ->rmdir Also clear nlinks on our inode. Signed-off-by: Erez Zadok <[email protected]> commit 66b801075eca50badf267a448215d2b82428c0f0 Author: Erez Zadok <[email protected]> Date: Tue Sep 6 00:10:32 2011 -0400 Wrapfs: use d_alloc_root Signed-off-by: Erez Zadok <[email protected]> commit 77e6a1113973d3c380faeb46376d0f686456a787 Author: Erez Zadok <[email protected]> Date: Tue Sep 6 00:10:31 2011 -0400 Wrapfs: use d_set_d_op Signed-off-by: Erez Zadok <[email protected]> commit 749a3a32da3b514fcdfac329fb0e6625479d8a3a Author: Erez Zadok <[email protected]> Date: Tue Sep 6 00:10:30 2011 -0400 Wrapfs: use updated vfs_path_lookup prototype Signed-off-by: Erez Zadok <[email protected]> commit 88a93472ef6a6de835a18e4c679063a46d5c7b4c Author: Erez Zadok <[email protected]> Date: Tue Sep 6 00:10:30 2011 -0400 Wrapfs: ->fsync updates for new prototype Signed-off-by: Erez Zadok <[email protected]> commit da855850e637fc5b5541225926fcd35105846046 Author: Erez Zadok <[email protected]> Date: Tue Sep 6 00:10:29 2011 -0400 Wrapfs: support LOOKUP_RCU in ->d_revalidate Signed-off-by: Erez Zadok <[email protected]> commit 6cd61beed7a8017400f94c0e45ddd1b8f100677a Author: Erez Zadok <[email protected]> Date: Tue Sep 6 00:10:28 2011 -0400 Wrapfs: new ->permission prototype and fixes. Signed-off-by: Erez Zadok <[email protected]> commit 02218ee3fe1bcb267240b30f43c9e374b5c73276 Author: Erez Zadok <[email protected]> Date: Mon May 2 02:00:02 2011 -0400 Wrapfs: lookup fixes Don't use lookup_one_len any longer (doesn't work for NFS). Initialize lower wrapfs_dentry_info so lower_path is NULL. Signed-off-by: Erez Zadok <[email protected]> commit 90f69499a10b1deaf5ff9459fd9f941678f8d0f6 Author: Erez Zadok <[email protected]> Date: Fri Mar 18 13:14:28 2011 -0400 Wrapfs: remove extra debug in rmdir Signed-off-by: Erez Zadok <[email protected]> commit 2a15fdd995fa5ae7f6d87ddfb80dcd775f880906 Author: Erez Zadok <[email protected]> Date: Fri Mar 18 12:38:01 2011 -0400 Wrapfs: checkpatch fixes Signed-off-by: Erez Zadok <[email protected]> commit d2db026063201632a1faaab975e742ff6ddf41a4 Author: Erez Zadok <[email protected]> Date: Fri Mar 18 00:45:17 2011 -0400 Wrapfs: port to 2.6.39 Remove lock/unlock_kernel in ->fasync. Convert from ->get_sb to ->mount op. Remove include to smp_lock.h, added sched.h. Signed-off-by: Erez Zadok <[email protected]> commit 884bf32599dc410496da35ef012e3e7e81b25487 Author: Erez Zadok <[email protected]> Date: Thu Mar 17 23:21:55 2011 -0400 Wrapfs: copyright update for 2011 Signed-off-by: Erez Zadok <[email protected]> commit aa966f17d2c8c77012b052ae074d24661ecfbf04 Author: Erez Zadok <[email protected]> Date: Thu Mar 17 23:21:55 2011 -0400 Wrapfs: better handling of NFS silly-renamed files In ->unlink, if we try to unlink an NFS silly-renamed file, NFS returns -EBUSY. We have to treat it as a success and return 0 to the VFS. NFS will remove silly-deleted files later on anyway. Signed-off-by: Erez Zadok <[email protected]> commit b0007dbca5e8ea6a6d4ed887b87391e1074c760f Author: Erez Zadok <[email protected]> Date: Thu Mar 17 23:21:55 2011 -0400 Wrapfs: update parent directory inode size in inode ops After ->unlink, ->rmdir, and ->rename, we need to copy the (possibly changed) inode size of the parent directory(ies) where the operation took place. Signed-off-by: Erez Zadok <[email protected]> commit d898f54f5259a6c695be315756cba42f03ccb3b2 Author: Erez Zadok <[email protected]> Date: Thu Mar 17 23:21:55 2011 -0400 Wrapfs: remove unnecessary calls to copy lower inode->n_links Removed from ->create, ->symlink, and ->mknod. Signed-off-by: Erez Zadok <[email protected]> commit ebd07f1da534e960f21b8ff17762fb57f99384de Author: Erez Zadok <[email protected]> Date: Mon Mar 7 23:20:33 2011 -0500 Wrapfs: ->setattr fixes Call inode_change_ok on our inode, not lower. Don't copy inode sizes (VFS does it). Pass lower file in struct iattr passed to notify_change on lower inode. Signed-off-by: Erez Zadok <[email protected]> commit 588ba336c40d430e2038c6a47ca939ddd6079788 Author: Erez Zadok <[email protected]> Date: Sun Mar 6 16:23:16 2011 -0500 Wrapfs: update ->permission prototye and code for new iperm flag Signed-off-by: Erez Zadok <[email protected]> commit f0ca650444b5369bca515dc2df2da7ac69b6327f Author: Erez Zadok <[email protected]> Date: Fri Nov 12 18:15:05 2010 -0500 Wrapfs: handle maxbytes properly Signed-off-by: Erez Zadok <[email protected]> commit 10419979b470517a570e0b7f0ea0aec5b744dd8f Author: Erez Zadok <[email protected]> Date: Sat Sep 11 15:49:33 2010 -0400 Wrapfs: support ->unlocked_ioctl and ->compat_ioctl Old ->ioctl was split into ->unlocked_ioctl and ->compat_ioctl. Compat version doesn't need to lock_kernel any longer. Signed-off-by: Erez Zadok <[email protected]> commit cdfebc0b4e7e589a5d7e59ea20779ba96ba9895f Author: Erez Zadok <[email protected]> Date: Tue Aug 10 23:50:14 2010 -0400 Wrapfs: new vfs_statfs and ->evict_inode prototypes Signed-off-by: Erez Zadok <[email protected]> commit 29922bb7824fa6a5155a82c713c9c4ec26bd2036 Author: Erez Zadok <[email protected]> Date: Fri Aug 6 23:37:29 2010 -0400 Wrapfs: update ->fsync prototype Signed-off-by: Erez Zadok <[email protected]> commit 307a2457dfa1680d7a838f7356a5f04a4cb1974b Author: Erez Zadok <[email protected]> Date: Tue Apr 20 21:22:02 2010 -0400 Wrapfs: update documentation Signed-off-by: Erez Zadok <[email protected]> commit c8b56d5f13fe7b1e603813c757e646543e63aa58 Author: Erez Zadok <[email protected]> Date: Tue Apr 20 15:32:09 2010 -0400 Wrapfs: include slab.h Signed-off-by: Erez Zadok <[email protected]> commit 6bd115b1a0cf7695f67b45073db0d645d5220e8f Author: Erez Zadok <[email protected]> Date: Tue Apr 20 15:26:02 2010 -0400 Wrapfs: avoid an extra path_get/put pair in wrapfs_open Signed-off-by: Erez Zadok <[email protected]> commit 485cf836cb25cc26128560c8fe1773ae9947530f Author: Erez Zadok <[email protected]> Date: Fri Feb 26 03:18:04 2010 -0500 Wrapfs: decrement nd_path on follow_link error Signed-off-by: Erez Zadok <[email protected]> commit aa31a90ec5585eb0cbb35ea69c0273593fcd6a03 Author: Erez Zadok <[email protected]> Date: Tue Jan 5 04:27:00 2010 -0500 Wrapfs: don't mention kernel version in modload message Signed-off-by: Erez Zadok <[email protected]> commit 42eb496cc1f19ac060f46e576d22c4843abbfaae Author: Erez Zadok <[email protected]> Date: Tue Jan 5 04:28:11 2010 -0500 Wrapfs/VFS: remove init_lower_nd and unexport release_lower_nd Only wrapfs_create used it, and it is unnecessary to init a completely new nameidata for the lower file system. Signed-off-by: Erez Zadok <[email protected]> commit 65d6c3de9b35748ea85e7e87c9792a1f921efdb3 Author: Erez Zadok <[email protected]> Date: Mon Jan 4 20:45:06 2010 -0500 Kconfig: hook to configure Wrapfs Signed-off-by: Erez Zadok <[email protected]> commit ae45a1f446e0e6e4c2e12ff72b22a6ee0a5fe6e0 Author: Erez Zadok <[email protected]> Date: Mon Jan 4 20:45:06 2010 -0500 Makefile: hook to compile Wrapfs Signed-off-by: Erez Zadok <[email protected]> commit 9d064ffe6323c45d39eef56df04a6e2666acc868 Author: Erez Zadok <[email protected]> Date: Mon Jan 4 20:45:06 2010 -0500 VFS: export release_open_intent symbol Needed to release the resources of the lower nameidata structures that we create and pass to lower file systems (e.g., when calling vfs_create). Signed-off-by: Erez Zadok <[email protected]> commit 6cfb4fd62cfe0d37990fcd1e5a9700a2da92cf71 Author: Erez Zadok <[email protected]> Date: Mon Jan 4 20:45:06 2010 -0500 Wrapfs: file system magic number Signed-off-by: Erez Zadok <[email protected]> commit 1a8dcaa75901218d3ce0778d58f5611e5dbfdbb3 Author: Erez Zadok <[email protected]> Date: Mon Jan 4 20:45:06 2010 -0500 Wrapfs: Kconfig options Signed-off-by: Erez Zadok <[email protected]> commit c42b9cdb834ea54c06ecd195d97a478f8bb52f17 Author: Erez Zadok <[email protected]> Date: Mon Jan 4 20:45:06 2010 -0500 Wrapfs: main Makefile Signed-off-by: Erez Zadok <[email protected]> commit aafca41906918d72d3141001451969c37281cbff Author: Erez Zadok <[email protected]> Date: Mon Jan 4 20:45:06 2010 -0500 Wrapfs: vm_ops operations Includes necessary address_space workaround ops. Signed-off-by: Erez Zadok <[email protected]> commit dacc1b81d051aa35c9e75d38de0fd887f29a653e Author: Erez Zadok <[email protected]> Date: Mon Jan 4 20:45:06 2010 -0500 Wrapfs: mount-time and module-linkage functions Signed-off-by: Erez Zadok <[email protected]> commit 1d2b656de3d579cbc198e4dfe60762d4b5c3dfc1 Author: Erez Zadok <[email protected]> Date: Mon Jan 4 20:45:06 2010 -0500 Wrapfs: lookup-related functions Main lookup function, nameidata helpers, and stacking-interposition functions. Signed-off-by: Erez Zadok <[email protected]> commit 40e3168de935fed4a442f4dd35739440e0094c63 Author: Erez Zadok <[email protected]> Date: Mon Jan 4 20:45:06 2010 -0500 Wrapfs: file operations Signed-off-by: Erez Zadok <[email protected]> commit b9246b74e3425df7a5b5dcd64c566b9696d25532 Author: Erez Zadok <[email protected]> Date: Mon Jan 4 20:45:06 2010 -0500 Wrapfs: dentry operations Signed-off-by: Erez Zadok <[email protected]> commit ce8009981e810a519535a618da65011d46b2b37a Author: Erez Zadok <[email protected]> Date: Mon Jan 4 20:45:06 2010 -0500 Wrapfs: inode operations Signed-off-by: Erez Zadok <[email protected]> commit 0bcae7ed925fdf3886cf9472c66d1380dd5132cc Author: Erez Zadok <[email protected]> Date: Mon Jan 4 20:45:06 2010 -0500 Wrapfs: superblock operations Signed-off-by: Erez Zadok <[email protected]> commit 132f877b9b5e6fab4e1c5651d425b895efe845d5 Author: Erez Zadok <[email protected]> Date: Mon Jan 4 20:45:06 2010 -0500 Wrapfs: main header file Signed-off-by: Erez Zadok <[email protected]> commit fb3d8ecc8404c54843d2ce42dded2c79548fb2a5 Author: Erez Zadok <[email protected]> Date: Mon Jan 4 20:45:06 2010 -0500 Wrapfs: Maintainers Signed-off-by: Erez Zadok <[email protected]> commit 8a9af5c68c604af55a45c51fe609414713899f23 Author: Erez Zadok <[email protected]> Date: Mon Jan 4 20:45:06 2010 -0500 Documentation: index entry for Wrapfs Signed-off-by: Erez Zadok <[email protected]> commit 4e03bdd0d2a790da80bde0cfd488b4b2e055d5b8 Author: Erez Zadok <[email protected]> Date: Mon Jan 4 20:45:06 2010 -0500 Wrapfs: introduction and usage documentation Signed-off-by: Erez Zadok <[email protected]> commit 61718ee3175ce93d7d832a6eb89c427c2d9ac4da Author: Ben Hutchings <[email protected]> Date: Sun Nov 20 01:01:45 2016 +0000 Linux 3.2.84 commit c5422dad633d2a0838ffd8fc72af6b4b83755e33 Author: Dan Carpenter <[email protected]> Date: Tue Nov 22 11:00:20 2011 +0300 ext3: NULL dereference in ext3_evict_inode() commit bcdd0c1600903e9222abfcde28947406020ccb5d upstream. This is an fsfuzzer bug. ->s_journal is set at the end of ext3_load_journal() but we try to use it in the error handling from ext3_get_journal() while it's still NULL. [ 337.039041] BUG: unable to handle kernel NULL pointer dereference at 0000000000000024 [ 337.040380] IP: [<ffffffff816e6539>] _raw_spin_lock+0x9/0x30 [ 337.041687] PGD 0 [ 337.043118] Oops: 0002 [#1] SMP [ 337.044483] CPU 3 [ 337.044495] Modules linked in: ecb md4 cifs fuse kvm_intel kvm brcmsmac brcmutil crc8 cordic r8169 [last unloaded: scsi_wait_scan] [ 337.047633] [ 337.049259] Pid: 8308, comm: mount Not tainted 3.2.0-rc2-next-20111121+ #24 SAMSUNG ELECTRONICS CO., LTD. RV411/RV511/E3511/S3511 /RV411/RV511/E3511/S3511 [ 337.051064] RIP: 0010:[<ffffffff816e6539>] [<ffffffff816e6539>] _raw_spin_lock+0x9/0x30 [ 337.052879] RSP: 0018:ffff8800b1d11ae8 EFLAGS: 00010282 [ 337.054668] RAX: 0000000000000100 RBX: 0000000000000000 RCX: ffff8800b77c2000 [ 337.056400] RDX: ffff8800a97b5c00 RSI: 0000000000000000 RDI: 0000000000000024 [ 337.058099] RBP: ffff8800b1d11ae8 R08: 6000000000000000 R09: e018000000000000 [ 337.059841] R10: ff67366cc2607c03 R11: 00000000110688e6 R12: 0000000000000000 [ 337.061607] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8800a78f06e8 [ 337.063385] FS: 00007f9d95652800(0000) GS:ffff8800b7180000(0000) knlGS:0000000000000000 [ 337.065110] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 337.066801] CR2: 0000000000000024 CR3: 00000000aef2c000 CR4: 00000000000006e0 [ 337.068581] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 337.070321] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 337.072105] Process mount (pid: 8308, threadinfo ffff8800b1d10000, task ffff8800b1d02be0) [ 337.073800] Stack: [ 337.075487] ffff8800b1d11b08 ffffffff811f48cf ffff88007ac9b158 0000000000000000 [ 337.077255] ffff8800b1d11b38 ffffffff8119405d ffff88007ac9b158 ffff88007ac9b250 [ 337.078851] ffffffff8181bda0 ffffffff8181bda0 ffff8800b1d11b68 ffffffff81131e31 [ 337.080284] Call Trace: [ 337.081706] [<ffffffff811f48cf>] log_start_commit+0x1f/0x40 [ 337.083107] [<ffffffff8119405d>] ext3_evict_inode+0x1fd/0x2a0 [ 337.084490] [<ffffffff81131e31>] evict+0xa1/0x1a0 [ 337.085857] [<ffffffff81132031>] iput+0x101/0x210 [ 337.087220] [<ffffffff811339d1>] iget_failed+0x21/0x30 [ 337.088581] [<ffffffff811905fc>] ext3_iget+0x15c/0x450 [ 337.089936] [<ffffffff8118b0c1>] ? ext3_rsv_window_add+0x81/0x100 [ 337.091284] [<ffffffff816df9a4>] ext3_get_journal+0x15/0xde [ 337.092641] [<ffffffff811a2e9b>] ext3_fill_super+0xf2b/0x1c30 [ 337.093991] [<ffffffff810ddf7d>] ? register_shrinker+0x4d/0x60 [ 337.095332] [<ffffffff8111c112>] mount_bdev+0x1a2/0x1e0 [ 337.096680] [<ffffffff811a1f70>] ? ext3_setup_super+0x210/0x210 [ 337.098026] [<ffffffff8119a770>] ext3_mount+0x10/0x20 [ 337.099362] [<ffffffff8111cbee>] mount_fs+0x3e/0x1b0 [ 337.100759] [<ffffffff810eda1b>] ? __alloc_percpu+0xb/0x10 [ 337.102330] [<ffffffff81135385>] vfs_kern_mount+0x65/0xc0 [ 337.103889] [<ffffffff8113611f>] do_kern_mount+0x4f/0x100 [ 337.105442] [<ffffffff811378fc>] do_mount+0x19c/0x890 [ 337.106989] [<ffffffff810e8456>] ? memdup_user+0x46/0x90 [ 337.108572] [<ffffffff810e84f3>] ? strndup_user+0x53/0x70 [ 337.110114] [<ffffffff811383fb>] sys_mount+0x8b/0xe0 [ 337.111617] [<ffffffff816ed93b>] system_call_fastpath+0x16/0x1b [ 337.113133] Code: 38 c2 74 0f 66 0f 1f 44 00 00 f3 90 0f b6 03 38 c2 75 f7 48 83 c4 08 5b 5d c3 0f 1f 84 00 00 00 00 00 55 b8 00 01 00 00 48 89 e5 <f0> 66 0f c1 07 0f b6 d4 38 c2 74 0c 0f 1f 00 f3 90 0f b6 07 38 [ 337.116588] RIP [<ffffffff816e6539>] _raw_spin_lock+0x9/0x30 [ 337.118260] RSP <ffff8800b1d11ae8> [ 337.119998] CR2: 0000000000000024 [ 337.188701] ---[ end trace c36d790becac1615 ]--- Signed-off-by: Dan Carpenter <[email protected]> Signed-off-by: Jan Kara <[email protected]> Cc: Amir Goldstein <[email protected]> Signed-off-by: Ben Hutchings <[email protected]> commit b8b2dc10d09e5c087033481050efdb48d457c512 Author: Jan Beulich <[email protected]> Date: Mon Aug 15 09:02:38 2016 -0600 xenbus: don't look up transaction IDs for ordinary writes commit 9a035a40f7f3f6708b79224b86c5777a3334f7ea upstream. This should really only be done for XS_TRANSACTION_END messages, or else at least some of the xenstore-* tools don't work anymore. Fixes: 0beef634b8 ("xenbus: don't BUG() on user mode induced condition") Reported-by: Richard Schütz <[email protected]> Signed-off-by: Jan Beulich <[email protected]> Tested-by: Richard Schütz <[email protected]> Signed-off-by: David Vrabel <[email protected]> Cc: Ed Swierk <[email protected]> [bwh: Backported to 3.2: adjust filename] Signed-off-by: Ben Hutchings <[email protected]> commit e3ea2576a59f960617808253b6923538328a51a4 Author: Jan Beulich <[email protected]> Date: Thu Jul 7 01:23:57 2016 -0600 xenbus: don't BUG() on user mode induced condition commit 0beef634b86a1350c31da5fcc2992f0d7c8a622b upstream. Inability to locate a user mode specified transaction ID should not lead to a kernel crash. For other than XS_TRANSACTION_START also don't issue anything to xenbus if the specified ID doesn't match that of any active transaction. Signed-off-by: Jan Beulich <[email protected]> Signed-off-by: David Vrabel <[email protected]> Cc: Ed Swierk <[email protected]> [bwh: Backported to 3.2: adjust filename, context] Signed-off-by: Ben Hutchings <[email protected]> commit 13e7cda6f0ecffe0266cca709fb8ab9c81dbb2a2 Author: Vladis Dronov <[email protected]> Date: Sun Jan 31 14:14:52 2016 -0200 usbvision: revert commit 588afcc1 commit d5468d7afaa9c9e961e150f0455a14a9f4872a98 upstream. Commit 588afcc1c0e4 ("[media] usbvision fix overflow of interfaces array")' should be reverted, because: * "!dev->actconfig->interface[ifnum]" won't catch a case where the value is not NULL but some garbage. This way the system may crash later with GPF. * "(ifnum >= USB_MAXINTERFACES)" does not cover all the error conditions. "ifnum" should be compared to "dev->actconfig-> desc.bNumInterfaces", i.e. compared to the number of "struct usb_interface" kzalloc()-ed, not to USB_MAXINTERFACES. * There is a "struct usb_device" leak in this error path, as there is usb_get_dev(), but no usb_put_dev() on this path. * There is a bug of the same type several lines below with number of endpoints. The code is accessing hard-coded second endpoint ("interface->endpoint[1].desc") which may not exist. It would be great to handle this in the same patch too. * All the concerns above are resolved by already-accepted commit fa52bd50 ("[media] usbvision: fix crash on detecting device with invalid configuration") * Mailing list message: http://www.spinics.net/lists/linux-media/msg94832.html Signed-off-by: Vladis Dronov <[email protected]> Signed-off-by: Hans Verkuil <[email protected]> Signed-off-by: Mauro Carvalho Chehab <[email protected]> Cc: Luis Henriques <[email protected]> [bwh: Backported to 3.2: adjust filename] Signed-off-by: Ben Hutchings <[email protected]> commit a06d3be52bce98746341cfb290203603fd028290 Author: Jan Kara <[email protected]> Date: Mon Sep 19 17:39:09 2016 +0200 posix_acl: Clear SGID bit when setting file permissions commit 073931017b49d9458aa351605b43a7e34598caef upstream. When file permissions are modified via chmod(2) and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok(). Setting a POSIX ACL via setxattr(2) sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way; this allows to bypass the check in chmod(2). Fix that. References: CVE-2016-7097 Reviewed-by: Christoph Hellwig <[email protected]> Reviewed-by: Jeff Layton <[email protected]> Signed-off-by: Jan Kara <[email protected]> Signed-off-by: Andreas Gruenbacher <[email protected]> [bwh: Backported to 3.2: - Drop changes to ceph, f2fs, hfsplus, orangefs - Use capable() instead of capable_wrt_inode_uidgid() - Update ext3 and generic_acl.c as well - In gfs2, jfs, and xfs, take care to avoid leaking the allocated ACL if posix_acl_update_mode() determines it's not needed - Adjust context] Signed-off-by: Ben Hutchings <[email protected]> commit cef37d3ae1c1847b553e22160fe33f2892bd39d4 Author: Liu Bo <[email protected]> Date: Wed Nov 28 10:43:11 2012 +0000 Btrfs: skip adding an acl attribute if we don't have to commit 755ac67f83e515af55adbfe55134eb7d90839cdb upstream. If the acl can be exactly represented in the traditional file mode permission bits, we don't set another acl attribute. Signed-off-by: Liu Bo <[email protected]> Signed-off-by: Chris Mason <[email protected]> Signed-off-by: Ben Hutchings <[email protected]> commit 7230a82ecc91aaf0c62b048afb15f3b8e2d8059f Author: Jan Kara <[email protected]> Date: Thu May 26 17:21:32 2016 +0200 fs: Avoid premature clearing of capabilities commit 030b533c4fd4d2ec3402363323de4bb2983c9cee upstream. Currently, notify_change() clears capabilities or IMA attributes by calling security_inode_killpriv() before calling into ->setattr. Thus it happens before any other permission checks in inode_change_ok() and user is thus allowed to trigger clearing of capabilities or IMA attributes for any file he can look up e.g. by calling chown for that file. This is unexpected and can lead to user DoSing a system. Fix the problem by calling security_inode_killpriv() at the end of inode_change_ok() instead of from notify_change(). At that moment we are sure user has permissions to do the requested change. References: CVE-2015-1350 Reviewed-by: Christoph Hellwig <[email protected]> Signed-off-by: Jan Kara <[email protected]> Signed-off-by: Ben Hutchings <[email protected]> commit 44b25c3e25af81daebf188ba1bc94b123ea40138 Author: Jan Kara <[email protected]> Date: Thu May 26 16:55:18 2016 +0200 fs: Give dentry to inode_change_ok() instead of inode commit 31051c85b5e2aaaf6315f74c72a732673632a905 upstream. inode_change_ok() will be resposible for clearing capabilities and IMA extended attributes and as such will need dentry. Give it as an argument to inode_change_ok() instead of an inode. Also rename inode_change_ok() to setattr_prepare() to better relect that it does also some modifications in addition to checks. Reviewed-by: Christoph Hellwig <[email protected]> Signed-off-by: Jan Kara <[email protected]> [bwh: Backported to 3.2: - Drop changes to f2fs, lustre, orangefs, overlayfs - Adjust filenames, context - In nfsd, pass dentry to nfsd_sanitize_attrs() - In xfs, pass dentry to xfs_change_file_space(), xfs_set_mode(), xfs_setattr_nonsize(), and xfs_setattr_size() - Update ext3 as well - Mark pohmelfs as BROKEN; it's long dead upstream] Signed-off-by: Ben Hutchings <[email protected]> commit 4538dfea79538a98e1468088b05627f82ac69789 Author: Stefan Richter <[email protected]> Date: Sat Oct 29 21:28:18 2016 +0200 firewire: net: guard against rx buffer overflows commit 667121ace9dbafb368618dbabcf07901c962ddac upstream. The IP-over-1394 driver firewire-net lacked input validation when handling incoming fragmented datagrams. A maliciously formed fragment with a respectively large datagram_offset would cause a memcpy past the datagram buffer. So, drop any packets carrying a fragment with offset + length larger than datagram_size. In addition, ensure that - GASP header, unfragmented encapsulation header, or fragment encapsulation header actually exists before we access it, - the encapsulated datagram or fragment is of nonzero size. Reported-by: Eyal Itkin <[email protected]> Reviewed-by: Eyal Itkin <[email protected]> Fixes: CVE 2016-8633 Signed-off-by: Stefan Richter <[email protected]> [bwh: Backported to 3.2: fwnet_receive_broadcast() never matches IPv6 packets] Signed-off-by: Ben Hutchings <[email protected]> commit 5d14051db0eb5b81f1e5814681f3c60c232a33d8 Author: Dan Carpenter <[email protected]> Date: Thu Sep 15 16:44:56 2016 +0300 scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() commit 7bc2b55a5c030685b399bb65b6baa9ccc3d1f167 upstream. We need to put an upper bound on "user_len" so the memcpy() doesn't overflow. Reported-by: Marco Grassi <[email protected]> Signed-off-by: Dan Carpenter <[email protected]> Reviewed-by: Tomas Henzl <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]> [bwh: Backported to 3.2: - Adjust context - Use literal 1032 insetad of ARCMSR_API_DATA_BUFLEN] Signed-off-by: Ben Hutchings <[email protected]> commit b70315cfd846c29a85c7348c4ff948fa54252d3a Author: David Howells <[email protected]> Date: Wed Oct 26 15:01:54 2016 +0100 KEYS: Fix short sprintf buffer in /proc/keys show function commit 03dab869b7b239c4e013ec82aea22e181e441cfc upstream. This fixes CVE-2016-7042. Fix a short sprintf buffer in proc_keys_show(). If the gcc stack protector is turned on, this can cause a panic due to stack corruption. The problem is that xbuf[] is not big enough to hold a 64-bit timeout rendered as weeks: (gdb) p 0xffffffffffffffffULL/(60*60*24*7) $2 = 30500568904943 That's 14 chars plus NUL, not 11 chars plus NUL. Expand the buffer to 16 chars. I think the unpatched code apparently works if the stack-protector is not enabled because on a 32-bit machine the buffer won't be overflowed and on a 64-bit machine there's a 64-bit aligned pointer at one side and an int that isn't checked again on the other side. The panic incurred looks something like: Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff81352ebe CPU: 0 PID: 1692 Comm: reproducer Not tainted 4.7.2-201.fc24.x86_64 #1 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 0000000000000086 00000000fbbd2679 ffff8800a044bc00 ffffffff813d941f ffffffff81a28d58 ffff8800a044bc98 ffff8800a044bc88 ffffffff811b2cb6 ffff880000000010 ffff8800a044bc98 ffff8800a044bc30 00000000fbbd2679 Call Trace: [<ffffffff813d941f>] dump_stack+0x63/0x84 [<ffffffff811b2cb6>] panic+0xde/0x22a [<ffffffff81352ebe>] ? proc_keys_show+0x3ce/0x3d0 [<ffffffff8109f7f9>] __stack_chk_fail+0x19/0x30 [<ffffffff81352ebe>] proc_keys_show+0x3ce/0x3d0 [<ffffffff81350410>] ? key_validate+0x50/0x50 [<ffffffff8134db30>] ? key_default_cmp+0x20/0x20 [<ffffffff8126b31c>] seq_read+0x2cc/0x390 [<ffffffff812b6b12>] proc_reg_read+0x42/0x70 [<ffffffff81244fc7>] __vfs_read+0x37/0x150 [<ffffffff81357020>] ? security_file_permission+0xa0/0xc0 [<ffffffff81246156>] vfs_read+0x96/0x130 [<ffffffff81247635>] SyS_read+0x55/0xc0 [<ffffffff817eb872>] entry_SYSCALL_64_fastpath+0x1a/0xa4 Reported-by: Ondrej Kozina <[email protected]> Signed-off-by: David Howells <[email protected]> Tested-by: Ondrej Kozina <[email protected]> Signed-off-by: James Morris <[email protected]> Signed-off-by: Ben Hutchings <[email protected]> commit 4ccd61d9e112c13be97d614883a5ddc426233b7f Author: Jaganath Kanakkassery <[email protected]> Date: Thu May 14 12:58:08 2015 +0530 Bluetooth: Fix potential NULL dereference in RFCOMM bind callback commit 951b6a0717db97ce420547222647bcc40bf1eacd upstream. addr can be NULL and it should not be dereferenced before NULL checking. Signed-off-by: Jaganath Kanakkassery <[email protected]> Signed-off-by: Marcel Holtmann <[email protected]> [bwh: Backported to 3.2: - There's no 'chan' variable - Keep using batostr() to log addresses - Adjust context] Signed-off-by: Ben Hutchings <[email protected]> commit e22b0efe1f8f2b84371c8288a5179d3489f406b5 Author: zhong jiang <[email protected]> Date: Wed Sep 28 15:22:30 2016 -0700 mm,ksm: fix endless looping in allocating memory when ksm enable commit 5b398e416e880159fe55eefd93c6588fa072cd66 upstream. I hit the following hung task when runing a OOM LTP test case with 4.1 kernel. Call trace: [<ffffffc000086a88>] __switch_to+0x74/0x8c [<ffffffc000a1bae0>] __schedule+0x23c/0x7bc [<ffffffc000a1c09c>] schedule+0x3c/0x94 [<ffffffc000a1eb84>] rwsem_down_write_failed+0x214/0x350 [<ffffffc000a1e32c>] down_write+0x64/0x80 [<ffffffc00021f794>] __ksm_exit+0x90/0x19c [<ffffffc0000be650>] mmput+0x118/0x11c [<ffffffc0000c3ec4>] do_exit+0x2dc/0xa74 [<ffffffc0000c46f8>] do_group_exit+0x4c/0xe4 [<ffffffc0000d0f34>] get_signal+0x444/0x5e0 [<ffffffc000089fcc>] do_signal+0x1d8/0x450 [<ffffffc00008a35c>] do_notify_resume+0x70/0x78 The oom victim cannot terminate because it needs to take mmap_sem for write while the lock is held by ksmd for read which loops in the page allocator ksm_do_scan scan_get_next_rmap_item down_read get_next_rmap_item alloc_rmap_item #ksmd will loop permanently. There is no way forward because the oom victim cannot release any memory in 4.1 based kernel. Since 4.6 we have the oom reaper which would solve this problem because it would release the memory asynchronously. Nevertheless we can relax alloc_rmap_item requirements and use __GFP_NORETRY because the allocation failure is acceptable as ksm_do_scan would just retry later after the lock got dropped. Such a patch would be also easy to backport to older stable kernels which diff --git a/Documentation/filesystems/porting b/Documentation/filesystems/porting index b4a3d76..56a9c6e 100644 --- a/Documentation/filesystems/porting +++ b/Documentation/filesystems/porting @@ -288,8 +288,8 @@ implementing on-disk size changes. Start with a copy of the old inode_setattr and vmtruncate, and the reorder the vmtruncate + foofs_vmtruncate sequence to be in order of zeroing blocks using block_truncate_page or similar helpers, size update and on finally on-disk truncation which should not fail. -inode_change_ok now includes the size checks for ATTR_SIZE and must be called -in the beginning of ->setattr unconditionally. +setattr_prepare (which used to be inode_change_ok) now includes the size checks +for ATTR_SIZE and must be called in the beginning of ->setattr unconditionally. [mandatory] diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt index f0001eb..ac601c4 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt @@ -2699,6 +2699,8 @@ bytes respectively. Such letter suffixes can also be entirely omitted. sector if the number is odd); i = IGNORE_DEVICE (don't bind to this device); + j = NO_REPORT_LUNS (don't use report luns + command, uas only); l = NOT_LOCKABLE (don't try to lock and unlock ejectable media); m = MAX_SECTORS_64 (don't transfer more diff --git a/Makefile b/Makefile index 5b500f9..ba25eb9 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ VERSION = 3 PATCHLEVEL = 2 -SUBLEVEL = 80 +SUBLEVEL = 84 EXTRAVERSION = NAME = Saber-toothed Squirrel @@ -352,7 +352,7 @@ AFLAGS_MODULE = LDFLAGS_MODULE = CFLAGS_KERNEL = AFLAGS_KERNEL = -CFLAGS_GCOV = -fprofile-arcs -ftest-coverage +CFLAGS_GCOV = -fprofile-arcs -ftest-coverage -fno-tree-loop-im # Use LINUXINCLUDE when you must reference the include/ directory. diff --git a/arch/alpha/include/asm/uaccess.h b/arch/alpha/include/asm/uaccess.h index b49ec2f..3cd6132 100644 --- a/arch/alpha/include/asm/uaccess.h +++ b/arch/alpha/include/asm/uaccess.h @@ -371,14 +371,6 @@ __copy_tofrom_user_nocheck(void *to, const void *from, long len) return __cu_len; } -extern inline long -__copy_tofrom_user(void *to, const void *from, long len, const void __user *validate) -{ - if (__access_ok((unsigned long)validate, len, get_fs())) - len = __copy_tofrom_user_nocheck(to, from, len); - return len; -} - #define __copy_to_user(to,from,n) \ ({ \ __chk_user_ptr(to); \ @@ -393,17 +385,22 @@ __copy_tofrom_user(void *to, const void *from, long len, const void __user *vali #define __copy_to_user_inatomic __copy_to_user #define __copy_from_user_inatomic __copy_from_user - extern inline long copy_to_user(void __user *to, const void *from, long n) { - return __copy_tofrom_user((__force void *)to, from, n, to); + if (likely(__access_ok((unsigned long)to, n, get_fs()))) + n = __copy_tofrom_user_nocheck((__force void *)to, from, n); + return n; } extern inline long copy_from_user(void *to, const void __user *from, long n) { - return __copy_tofrom_user(to, (__force void *)from, n, from); + if (likely(__access_ok((unsigned long)from, n, get_fs()))) + n = __copy_tofrom_user_nocheck(to, (__force void *)from, n); + else + memset(to, 0, n); + return n; } extern void __do_clear_user(void); diff --git a/arch/alpha/kernel/pci-sysfs.c b/arch/alpha/kernel/pci-sysfs.c index 53649c7..cb63d52 100644 --- a/arch/alpha/kernel/pci-sysfs.c +++ b/arch/alpha/kernel/pci-sysfs.c @@ -78,10 +78,10 @@ static int pci_mmap_resource(struct kobject *kobj, if (i >= PCI_ROM_RESOURCE) return -ENODEV; - if (!__pci_mmap_fits(pdev, i, vma, sparse)) + if (res->flags & IORESOURCE_MEM && iomem_is_exclusive(res->start)) return -EINVAL; - if (iomem_is_exclusive(res->start)) + if (!__pci_mmap_fits(pdev, i, vma, sparse)) return -EINVAL; pcibios_resource_to_bus(pdev, &bar, res); diff --git a/arch/arm/common/sa1111.c b/arch/arm/common/sa1111.c index 61691cd..cab1725 100644 --- a/arch/arm/common/sa1111.c +++ b/arch/arm/common/sa1111.c @@ -878,9 +878,9 @@ struct sa1111_save_data { #ifdef CONFIG_PM -static int sa1111_suspend(struct platform_device *dev, pm_message_t state) +static int sa1111_suspend_noirq(struct device *dev) { - struct sa1111 *sachip = platform_get_drvdata(dev); + struct sa1111 *sachip = dev_get_drvdata(dev); struct sa1111_save_data *save; unsigned long flags; unsigned int val; @@ -938,9 +938,9 @@ static int sa1111_suspend(struct platform_device *dev, pm_message_t state) * restored by their respective drivers, and must be called * via LDM after this function. */ -static int sa1111_resume(struct platform_device *dev) +static int sa1111_resume_noirq(struct device *dev) { - struct sa1111 *sachip = platform_get_drvdata(dev); + struct sa1111 *sachip = dev_get_drvdata(dev); struct sa1111_save_data *save; unsigned long flags, id; void __iomem *base; @@ -956,7 +956,7 @@ static int sa1111_resume(struct platform_device *dev) id = sa1111_readl(sachip->base + SA1111_SKID); if ((id & SKID_ID_MASK) != SKID_SA1111_ID) { __sa1111_remove(sachip); - platform_set_drvdata(dev, NULL); + dev_set_drvdata(dev, NULL); kfree(save); return 0; } @@ -1002,8 +1002,8 @@ static int sa1111_resume(struct platform_device *dev) } #else -#define sa1111_suspend NULL -#define sa1111_resume NULL +#define sa1111_suspend_noirq NULL +#define sa1111_resume_noirq NULL #endif static int __devinit sa1111_probe(struct platform_device *pdev) @@ -1037,6 +1037,11 @@ static int sa1111_remove(struct platform_device *pdev) return 0; } +static struct dev_pm_ops sa1111_pm_ops = { + .suspend_noirq = sa1111_suspend_noirq, + .resume_noirq = sa1111_resume_noirq, +}; + /* * Not sure if this should be on the system bus or not yet. * We really want some way to register a system device at @@ -1049,10 +1054,9 @@ static int sa1111_remove(struct platform_device *pdev) static struct platform_driver sa1111_device_driver = { .probe = sa1111_probe, .remove = sa1111_remove, - .suspend = sa1111_suspend, - .resume = sa1111_resume, .driver = { .name = "sa1111", + .pm = &sa1111_pm_ops, }, }; diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c index 90fa8b3..8b17fb4 100644 --- a/arch/arm/kernel/ptrace.c +++ b/arch/arm/kernel/ptrace.c @@ -726,8 +726,8 @@ static int vfp_set(struct task_struct *target, if (ret) return ret; - vfp_flush_hwstate(thread); thread->vfpstate.hard = new_vfp; + vfp_flush_hwstate(thread); return 0; } diff --git a/arch/arm/kernel/sys_oabi-compat.c b/arch/arm/kernel/sys_oabi-compat.c index af0aaeb..32884a6 100644 --- a/arch/arm/kernel/sys_oabi-compat.c +++ b/arch/arm/kernel/sys_oabi-compat.c @@ -275,8 +275,12 @@ asmlinkage long sys_oabi_epoll_wait(int epfd, mm_segment_t fs; long ret, err, i; - if (maxevents <= 0 || maxevents > (INT_MAX/sizeof(struct epoll_event))) + if (maxevents <= 0 || + maxevents > (INT_MAX/sizeof(*kbuf)) || + maxevents > (INT_MAX/sizeof(*events))) return -EINVAL; + if (!access_ok(VERIFY_WRITE, events, sizeof(*events) * maxevents)) + return -EFAULT; kbuf = kmalloc(sizeof(*kbuf) * maxevents, GFP_KERNEL); if (!kbuf) return -ENOMEM; @@ -313,6 +317,8 @@ asmlinkage long sys_oabi_semtimedop(int semid, if (nsops < 1 || nsops > SEMOPM) return -EINVAL; + if (!access_ok(VERIFY_READ, tsops, sizeof(*tsops) * nsops)) + return -EFAULT; sops = kmalloc(sizeof(*sops) * nsops, GFP_KERNEL); if (!sops) return -ENOMEM; diff --git a/arch/arm/mach-omap2/omap_hwmod_3xxx_data.c b/arch/arm/mach-omap2/omap_hwmod_3xxx_data.c index eef43e2..d8a185d 100644 --- a/arch/arm/mach-omap2/omap_hwmod_3xxx_data.c +++ b/arch/arm/mach-omap2/omap_hwmod_3xxx_data.c @@ -1470,8 +1470,20 @@ static struct omap_hwmod omap3xxx_dss_dispc_hwmod = { * display serial interface controller */ +static struct omap_hwmod_class_sysconfig omap3xxx_dsi_sysc = { + .rev_offs = 0x0000, + .sysc_offs = 0x0010, + .syss_offs = 0x0014, + .sysc_flags = (SYSC_HAS_AUTOIDLE | SYSC_HAS_CLOCKACTIVITY | + SYSC_HAS_ENAWAKEUP | SYSC_HAS_SIDLEMODE | + SYSC_HAS_SOFTRESET | SYSS_HAS_RESET_STATUS), + .idlemodes = (SIDLE_FORCE | SIDLE_NO | SIDLE_SMART), + .sysc_fields = &omap_hwmod_sysc_type1, +}; + static struct omap_hwmod_class omap3xxx_dsi_hwmod_class = { .name = "dsi", + .sysc = &omap3xxx_dsi_sysc, }; static struct omap_hwmod_irq_info omap3xxx_dsi1_irqs[] = { diff --git a/arch/avr32/include/asm/uaccess.h b/arch/avr32/include/asm/uaccess.h index 245b2ee..a0a9b8c 100644 --- a/arch/avr32/include/asm/uaccess.h +++ b/arch/avr32/include/asm/uaccess.h @@ -74,7 +74,7 @@ extern __kernel_size_t __copy_user(void *to, const void *from, extern __kernel_size_t copy_to_user(void __user *to, const void *from, __kernel_size_t n); -extern __kernel_size_t copy_from_user(void *to, const void __user *from, +extern __kernel_size_t ___copy_from_user(void *to, const void __user *from, __kernel_size_t n); static inline __kernel_size_t __copy_to_user(void __user *to, const void *from, @@ -88,6 +88,15 @@ static inline __kernel_size_t __copy_from_user(void *to, { return __copy_user(to, (const void __force *)from, n); } +static inline __kernel_size_t copy_from_user(void *to, + const void __user *from, + __kernel_size_t n) +{ + size_t res = ___copy_from_user(to, from, n); + if (unlikely(res)) + memset(to + (n - res), 0, res); + return res; +} #define __copy_to_user_inatomic __copy_to_user #define __copy_from_user_inatomic __copy_from_user diff --git a/arch/avr32/kernel/avr32_ksyms.c b/arch/avr32/kernel/avr32_ksyms.c index d93ead0..7c6cf14 100644 --- a/arch/avr32/kernel/avr32_ksyms.c +++ b/arch/avr32/kernel/avr32_ksyms.c @@ -36,7 +36,7 @@ EXPORT_SYMBOL(copy_page); /* * Userspace access stuff. */ -EXPORT_SYMBOL(copy_from_user); +EXPORT_SYMBOL(___copy_from_user); EXPORT_SYMBOL(copy_to_user); EXPORT_SYMBOL(__copy_user); EXPORT_SYMBOL(strncpy_from_user); diff --git a/arch/avr32/lib/copy_user.S b/arch/avr32/lib/copy_user.S index ea59c04..0753734 100644 --- a/arch/avr32/lib/copy_user.S +++ b/arch/avr32/lib/copy_user.S @@ -23,13 +23,13 @@ */ .text .align 1 - .global copy_from_user - .type copy_from_user, @function -copy_from_user: + .global ___copy_from_user + .type ___copy_from_user, @function +___copy_from_user: branch_if_kernel r8, __copy_user ret_if_privileged r8, r11, r10, r10 rjmp __copy_user - .size copy_from_user, . - copy_from_user + .size ___copy_from_user, . - ___copy_from_user .global copy_to_user .type copy_to_user, @function diff --git a/arch/avr32/mach-at32ap/pio.c b/arch/avr32/mach-at32ap/pio.c index 903c7d8..a8e208e 100644 --- a/arch/avr32/mach-at32ap/pio.c +++ b/arch/avr32/mach-at32ap/pio.c @@ -435,7 +435,7 @@ void __init at32_init_pio(struct platform_device *pdev) struct resource *regs; struct pio_device *pio; - if (pdev->id > MAX_NR_PIO_DEVICES) { + if (pdev->id >= MAX_NR_PIO_DEVICES) { dev_err(&pdev->dev, "only %d PIO devices supported\n", MAX_NR_PIO_DEVICES); return; diff --git a/arch/blackfin/include/asm/uaccess.h b/arch/blackfin/include/asm/uaccess.h index 5cc1115..8f9d497 100644 --- a/arch/blackfin/include/asm/uaccess.h +++ b/arch/blackfin/include/asm/uaccess.h @@ -194,11 +194,12 @@ static inline int bad_user_access_length(void) static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { - if (access_ok(VERIFY_READ, from, n)) + if (likely(access_ok(VERIFY_READ, from, n))) { memcpy(to, (const void __force *)from, n); - else - return n; - return 0; + return 0; + } + memset(to, 0, n); + return n; } static inline unsigned long __must_check diff --git a/arch/cris/include/asm/uaccess.h b/arch/cris/include/asm/uaccess.h index 9145408..93bfa8a 100644 --- a/arch/cris/include/asm/uaccess.h +++ b/arch/cris/include/asm/uaccess.h @@ -176,30 +176,6 @@ extern unsigned long __copy_user(void __user *to, const void *from, unsigned lon extern unsigned long __copy_user_zeroing(void *to, const void __user *from, unsigned long n); extern unsigned long __do_clear_user(void __user *to, unsigned long n); -static inline unsigned long -__generic_copy_to_user(void __user *to, const void *from, unsigned long n) -{ - if (access_ok(VERIFY_WRITE, to, n)) - return __copy_user(to,from,n); - return n; -} - -static inline unsigned long -__generic_copy_from_user(void *to, const void __user *from, unsigned long n) -{ - if (access_ok(VERIFY_READ, from, n)) - return __copy_user_zeroing(to,from,n); - return n; -} - -static inline unsigned long -__generic_clear_user(void __user *to, unsigned long n) -{ - if (access_ok(VERIFY_WRITE, to, n)) - return __do_clear_user(to,n); - return n; -} - static inline long __strncpy_from_user(char *dst, const char __user *src, long count) { @@ -262,7 +238,7 @@ __constant_copy_from_user(void *to, const void __user *from, unsigned long n) else if (n == 24) __asm_copy_from_user_24(to, from, ret); else - ret = __generic_copy_from_user(to, from, n); + ret = __copy_user_zeroing(to, from, n); return ret; } @@ -312,7 +288,7 @@ __constant_copy_to_user(void __user *to, const void *from, unsigned long n) else if (n == 24) __asm_copy_to_user_24(to, from, ret); else - ret = __generic_copy_to_user(to, from, n); + ret = __copy_user(to, from, n); return ret; } @@ -344,26 +320,43 @@ __constant_clear_user(void __user *to, unsigned long n) else if (n == 24) __asm_clear_24(to, ret); else - ret = __generic_clear_user(to, n); + ret = __do_clear_user(to, n); return ret; } -#define clear_user(to, n) \ -(__builtin_constant_p(n) ? \ - __constant_clear_user(to, n) : \ - __generic_clear_user(to, n)) +static inline size_t clear_user(void __user *to, size_t n) +{ + if (unlikely(!access_ok(VERIFY_WRITE, to, n))) + return n; + if (__builtin_constant_p(n)) + return __constant_clear_user(to, n); + else + return __do_clear_user(to, n); +} -#define copy_from_user(to, from, n) \ -(__builtin_constant_p(n) ? \ - __constant_copy_from_user(to, from, n) : \ - __generic_copy_from_user(to, from, n)) +static inline size_t copy_from_user(void *to, const void __user *from, size_t n) +{ + if (unlikely(!access_ok(VERIFY_READ, from, n))) { + memset(to, 0, n); + return n; + } + if (__builtin_constant_p(n)) + return __constant_copy_from_user(to, from, n); + else + return __copy_user_zeroing(to, from, n); +} -#define copy_to_user(to, from, n) \ -(__builtin_constant_p(n) ? \ - __constant_copy_to_user(to, from, n) : \ - __generic_copy_to_user(to, from, n)) +static inline size_t copy_to_user(void __user *to, const void *from, size_t n) +{ + if (unlikely(!access_ok(VERIFY_WRITE, to, n))) + return n; + if (__builtin_constant_p(n)) + return __constant_copy_to_user(to, from, n); + else + return __copy_user(to, from, n); +} /* We let the __ versions of copy_from/to_user inline, because they're often * used in fast paths and have only a small space overhead. diff --git a/arch/frv/include/asm/uaccess.h b/arch/frv/include/asm/uaccess.h index 0b67ec5..3a74137 100644 --- a/arch/frv/include/asm/uaccess.h +++ b/arch/frv/include/asm/uaccess.h @@ -263,19 +263,25 @@ do { \ extern long __memset_user(void *dst, unsigned long count); extern long __memcpy_user(void *dst, const void *src, unsigned long count); -#define clear_user(dst,count) __memset_user(____force(dst), (count)) +#define __clear_user(dst,count) __memset_user(____force(dst), (count)) #define __copy_from_user_inatomic(to, from, n) __memcpy_user((to), ____force(from), (n)) #define __copy_to_user_inatomic(to, from, n) __memcpy_user(____force(to), (from), (n)) #else -#define clear_user(dst,count) (memset(____force(dst), 0, (count)), 0) +#define __clear_user(dst,count) (memset(____force(dst), 0, (count)), 0) #define __copy_from_user_inatomic(to, from, n) (memcpy((to), ____force(from), (n)), 0) #define __copy_to_user_inatomic(to, from, n) (memcpy(____force(to), (from), (n)), 0) #endif -#define __clear_user clear_user +static inline unsigned long __must_check +clear_user(void __user *to, unsigned long n) +{ + if (likely(__access_ok(to, n))) + n = __clear_user(to, n); + return n; +} static inline unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n) diff --git a/arch/hexagon/include/asm/uaccess.h b/arch/hexagon/include/asm/uaccess.h index 7e706ea..c73897c 100644 --- a/arch/hexagon/include/asm/uaccess.h +++ b/arch/hexagon/include/asm/uaccess.h @@ -102,7 +102,8 @@ static inline long hexagon_strncpy_from_user(char *dst, const char __user *src, { long res = __strnlen_user(src, n); - /* return from strnlen can't be zero -- that would be rubbish. */ + if (unlikely(!res)) + return -EFAULT; if (res > n) { copy_from_user(dst, src, n); diff --git a/arch/ia64/include/asm/uaccess.h b/arch/ia64/include/asm/uaccess.h index 449c8c0..810926c 100644 --- a/arch/ia64/include/asm/uaccess.h +++ b/arch/ia64/include/asm/uaccess.h @@ -262,17 +262,15 @@ __copy_from_user (void *to, const void __user *from, unsigned long count) __cu_len; \ }) -#define copy_from_user(to, from, n) \ -({ \ - void *__cu_to = (to); \ - const void __user *__cu_from = (from); \ - long __cu_len = (n); \ - \ - __chk_user_ptr(__cu_from); \ - if (__access_ok(__cu_from, __cu_len, get_fs())) \ - __cu_len = __copy_user((__force void __user *) __cu_to, __cu_from, __cu_len); \ - __cu_len; \ -}) +static inline unsigned long +copy_from_user(void *to, const void __user *from, unsigned long n) +{ + if (likely(__access_ok(from, n, get_fs()))) + n = __copy_user((__force void __user *) to, from, n); + else + memset(to, 0, n); + return n; +} #define __copy_in_user(to, from, size) __copy_user((to), (from), (size)) diff --git a/arch/m32r/include/asm/uaccess.h b/arch/m32r/include/asm/uaccess.h index 1c7047b..a26d28d 100644 --- a/arch/m32r/include/asm/uaccess.h +++ b/arch/m32r/include/asm/uaccess.h @@ -215,7 +215,7 @@ extern int fixup_exception(struct pt_regs *regs); #define __get_user_nocheck(x,ptr,size) \ ({ \ long __gu_err = 0; \ - unsigned long __gu_val; \ + unsigned long __gu_val = 0; \ might_sleep(); \ __get_user_size(__gu_val,(ptr),(size),__gu_err); \ (x) = (__typeof__(*(ptr)))__gu_val; \ diff --git a/arch/microblaze/include/asm/uaccess.h b/arch/microblaze/include/asm/uaccess.h index 072b007..7a5b1ee 100644 --- a/arch/microblaze/include/asm/uaccess.h +++ b/arch/microblaze/include/asm/uaccess.h @@ -218,7 +218,7 @@ extern long __user_bad(void); #define __get_user(x, ptr) \ ({ \ - unsigned long __gu_val; \ + unsigned long __gu_val = 0; \ /*unsigned long __gu_ptr = (unsigned long)(ptr);*/ \ long __gu_err; \ switch (sizeof(*(ptr))) { \ @@ -364,10 +364,13 @@ extern long __user_bad(void); static inline long copy_from_user(void *to, const void __user *from, unsigned long n) { + unsigned long res = n; might_sleep(); - if (access_ok(VERIFY_READ, from, n)) - return __copy_from_user(to, from, n); - return n; + if (likely(access_ok(VERIFY_READ, from, n))) + res = __copy_from_user(to, from, n); + if (unlikely(res)) + memset(to + (n - res), 0, res); + return res; } #define __copy_to_user(to, from, n) \ diff --git a/arch/mips/include/asm/pgtable.h b/arch/mips/include/asm/pgtable.h index 95bcedb..d9e9925 100644 --- a/arch/mips/include/asm/pgtable.h +++ b/arch/mips/include/asm/pgtable.h @@ -168,20 +168,39 @@ static inline void set_pte(pte_t *ptep, pte_t pteval) unsigned long page_global = _PAGE_GLOBAL; unsigned long tmp; - __asm__ __volatile__ ( - " .set push\n" - " .set noreorder\n" - "1: " LL_INSN " %[tmp], %[buddy]\n" - " bnez %[tmp], 2f\n" - " or %[tmp], %[tmp], %[global]\n" - " " SC_INSN " %[tmp], %[buddy]\n" - " beqz %[tmp], 1b\n" - " nop\n" - "2:\n" - " .set pop" - : [buddy] "+m" (buddy->pte), - [tmp] "=&r" (tmp) + if (kernel_uses_llsc && R10000_LLSC_WAR) { + __asm__ __volatile__ ( + " .set arch=r4000 \n" + " .set push \n" + " .set noreorder \n" + "1:" LL_INSN " %[tmp], %[buddy] \n" + " bnez %[tmp], 2f \n" + " or %[tmp], %[tmp], %[global] \n" + SC_INSN " %[tmp], %[buddy] \n" + " beqzl %[tmp], 1b \n" + " nop \n" + "2: \n" + " .set pop \n" + " .set mips0 \n" + : [buddy] "+m" (buddy->pte), [tmp] "=&r" (tmp) : [global] "r" (page_global)); + } else if (kernel_uses_llsc) { + __asm__ __volatile__ ( + " .set arch=r4000 \n" + " .set push \n" + " .set noreorder \n" + "1:" LL_INSN " %[tmp], %[buddy] \n" + " bnez %[tmp], 2f \n" + " or %[tmp], %[tmp], %[global] \n" + SC_INSN " %[tmp], %[buddy] \n" + " beqz %[tmp], 1b \n" + " nop \n" + "2: \n" + " .set pop \n" + " .set mips0 \n" + : [buddy] "+m" (buddy->pte), [tmp] "=&r" (tmp) + : [global] "r" (page_global)); + } #else /* !CONFIG_SMP */ if (pte_none(*buddy)) pte_val(*buddy) = pte_val(*buddy) | _PAGE_GLOBAL; diff --git a/arch/mips/kernel/scall64-n32.S b/arch/mips/kernel/scall64-n32.S index 5476ce4..cf68520 100644 --- a/arch/mips/kernel/scall64-n32.S +++ b/arch/mips/kernel/scall64-n32.S @@ -366,7 +366,7 @@ EXPORT(sysn32_call_table) PTR sys_ni_syscall /* available, was setaltroot */ PTR sys_add_key PTR sys_request_key - PTR sys_keyctl /* 6245 */ + PTR compat_sys_keyctl /* 6245 */ PTR sys_set_thread_area PTR sys_inotify_init PTR sys_inotify_add_watch diff --git a/arch/mips/kernel/scall64-o32.S b/arch/mips/kernel/scall64-o32.S index 6651759..4eb5391 100644 --- a/arch/mips/kernel/scall64-o32.S +++ b/arch/mips/kernel/scall64-o32.S @@ -486,7 +486,7 @@ sys_call_table: PTR sys_ni_syscall /* available, was setaltroot */ PTR sys_add_key /* 4280 */ PTR sys_request_key - PTR sys_keyctl + PTR compat_sys_keyctl PTR sys_set_thread_area PTR sys_inotify_init PTR sys_inotify_add_watch /* 4285 */ diff --git a/arch/mips/mm/sc-rm7k.c b/arch/mips/mm/sc-rm7k.c index 274af3b..a30eb5d 100644 --- a/arch/mips/mm/sc-rm7k.c +++ b/arch/mips/mm/sc-rm7k.c @@ -162,7 +162,7 @@ static void rm7k_tc_disable(void) local_irq_save(flags); blast_rm7k_tcache(); clear_c0_config(RM7K_CONF_TE); - local_irq_save(flags); + local_irq_restore(flags); } static void rm7k_sc_disable(void) diff --git a/arch/mn10300/include/asm/uaccess.h b/arch/mn10300/include/asm/uaccess.h index 780560b..570a25d 100644 --- a/arch/mn10300/include/asm/uaccess.h +++ b/arch/mn10300/include/asm/uaccess.h @@ -181,6 +181,7 @@ struct __large_struct { unsigned long buf[100]; }; "2:\n" \ " .section .fixup,\"ax\"\n" \ "3:\n\t" \ + " mov 0,%1\n" \ " mov %3,%0\n" \ " jmp 2b\n" \ " .previous\n" \ diff --git a/arch/mn10300/lib/usercopy.c b/arch/mn10300/lib/usercopy.c index 7826e6c..a29c5dc 100644 --- a/arch/mn10300/lib/usercopy.c +++ b/arch/mn10300/lib/usercopy.c @@ -9,7 +9,8 @@ * as published by the Free Software Foundation; either version * 2 of the Licence, or (at your option) any later version. */ -#include <asm/uaccess.h> +#include <linux/string.h> +#include <linux/uaccess.h> unsigned long __generic_copy_to_user(void *to, const void *from, unsigned long n) @@ -24,6 +25,8 @@ __generic_copy_from_user(void *to, const void *from, unsigned long n) { if (access_ok(VERIFY_READ, from, n)) __copy_user_zeroing(to, from, n); + else + memset(to, 0, n); return n; } diff --git a/arch/openrisc/include/asm/uaccess.h b/arch/openrisc/include/asm/uaccess.h index c310e45..1acfe52 100644 --- a/arch/openrisc/include/asm/uaccess.h +++ b/arch/openrisc/include/asm/uaccess.h @@ -274,28 +274,20 @@ __copy_tofrom_user(void *to, const void *from, unsigned long size); static inline unsigned long copy_from_user(void *to, const void *from, unsigned long n) { - unsigned long over; - - if (access_ok(VERIFY_READ, from, n)) - return __copy_tofrom_user(to, from, n); - if ((unsigned long)from < TASK_SIZE) { - over = (unsigned long)from + n - TASK_SIZE; - return __copy_tofrom_user(to, from, n - over) + over; - } - return n; + unsigned long res = n; + + if (likely(access_ok(VERIFY_READ, from, n))) + res = __copy_tofrom_user(to, from, n); + if (unlikely(res)) + memset(to + (n - res), 0, res); + return res; } static inline unsigned long copy_to_user(void *to, const void *from, unsigned long n) { - unsigned long over; - - if (access_ok(VERIFY_WRITE, to, n)) - return __copy_tofrom_user(to, from, n); - if ((unsigned long)to < TASK_SIZE) { - over = (unsigned long)to + n - TASK_SIZE; - return __copy_tofrom_user(to, from, n - over) + over; - } + if (likely(access_ok(VERIFY_WRITE, to, n))) + n = __copy_tofrom_user(to, from, n); return n; } @@ -304,13 +296,8 @@ extern unsigned long __clear_user(void *addr, unsigned long size); static inline __must_check unsigned long clear_user(void *addr, unsigned long size) { - - if (access_ok(VERIFY_WRITE, addr, size)) - return __clear_user(addr, size); - if ((unsigned long)addr < TASK_SIZE) { - unsigned long over = (unsigned long)addr + size - TASK_SIZE; - return __clear_user(addr, size - over) + over; - } + if (likely(access_ok(VERIFY_WRITE, addr, size))) + size = __clear_user(addr, size); return size; } diff --git a/arch/parisc/include/asm/errno.h b/arch/parisc/include/asm/errno.h index 135ad60..290112e 100644 --- a/arch/parisc/include/asm/errno.h +++ b/arch/parisc/include/asm/errno.h @@ -97,10 +97,10 @@ #define ENOTCONN 235 /* Transport endpoint is not connected */ #define ESHUTDOWN 236 /* Cannot send after transport endpoint shutdown */ #define ETOOMANYREFS 237 /* Too many references: cannot splice */ -#define EREFUSED ECONNREFUSED /* for HP's NFS apparently */ #define ETIMEDOUT 238 /* Connection timed out */ #define ECONNREFUSED 239 /* Connection refused */ -#define EREMOTERELEASE 240 /* Remote peer released connection */ +#define EREFUSED ECONNREFUSED /* for HP's NFS apparently */ +#define EREMOTERELEASE 240 /* Remote peer released connection */ #define EHOSTDOWN 241 /* Host is down */ #define EHOSTUNREACH 242 /* No route to host */ diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h index 337353de..a615403 100644 --- a/arch/parisc/include/asm/uaccess.h +++ b/arch/parisc/include/asm/uaccess.h @@ -10,6 +10,8 @@ #include <asm/errno.h> #include <asm-generic/uaccess-unaligned.h> +#include <linux/string.h> + #define VERIFY_READ 0 #define VERIFY_WRITE 1 @@ -255,13 +257,14 @@ static inline unsigned long __must_check copy_from_user(void *to, unsigned long n) { int sz = __compiletime_object_size(to); - int ret = -EFAULT; + unsigned long ret = n; if (likely(sz == -1 || !__builtin_constant_p(n) || sz >= n)) ret = __copy_from_user(to, from, n); else copy_from_user_overflow(); - + if (unlikely(ret)) + memset(to + (n - ret), 0, ret); return ret; } diff --git a/arch/parisc/kernel/syscall.S b/arch/parisc/kernel/syscall.S index 82a52b2..ed3df44 100644 --- a/arch/parisc/kernel/syscall.S +++ b/arch/parisc/kernel/syscall.S @@ -314,7 +314,7 @@ tracesys_next: ldo -16(%r30),%r29 /* Reference param save area */ #endif - comiclr,>>= __NR_Linux_syscalls, %r20, %r0 + comiclr,>> __NR_Linux_syscalls, %r20, %r0 b,n .Lsyscall_nosys LDREGX %r20(%r19), %r19 diff --git a/arch/parisc/kernel/unaligned.c b/arch/parisc/kernel/unaligned.c index 234e368..43d802b 100644 --- a/arch/parisc/kernel/unaligned.c +++ b/arch/parisc/kernel/unaligned.c @@ -663,7 +663,7 @@ void handle_unaligned(struct pt_regs *regs) break; } - if (modify && R1(regs->iir)) + if (ret == 0 && modify && R1(regs->iir)) regs->gr[R1(regs->iir)] = newbase; @@ -674,6 +674,14 @@ void handle_unaligned(struct pt_regs *regs) if (ret) { + /* + * The unaligned handler failed. + * If we were called by __get_user() or __put_user() jump + * to it's exception fixup handler instead of crashing. + */ + if (!user_mode(regs) && fixup_exception(regs)) + return; + printk(KERN_CRIT "Unaligned handler failed, ret = %d\n", ret); die_if_kernel("Unaligned data reference", regs, 28); diff --git a/arch/powerpc/include/asm/cputable.h b/arch/powerpc/include/asm/cputable.h index e30442c..9b604c0 100644 --- a/arch/powerpc/include/asm/cputable.h +++ b/arch/powerpc/include/asm/cputable.h @@ -30,6 +30,7 @@ #define PPC_FEATURE_PSERIES_PERFMON_COMPAT \ 0x00000040 +/* Reserved - do not use 0x00000004 */ #define PPC_FEATURE_TRUE_LE 0x00000002 #define PPC_FEATURE_PPC_LE 0x00000001 diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h index bd0fb84..4d4a30c 100644 --- a/arch/powerpc/include/asm/uaccess.h +++ b/arch/powerpc/include/asm/uaccess.h @@ -332,30 +332,17 @@ extern unsigned long __copy_tofrom_user(void __user *to, static inline unsigned long copy_from_user(void *to, const void __user *from, unsigned long n) { - unsigned long over; - - if (access_ok(VERIFY_READ, from, n)) + if (likely(access_ok(VERIFY_READ, from, n))) return __copy_tofrom_user((__force void __user *)to, from, n); - if ((unsigned long)from < TASK_SIZE) { - over = (unsigned long)from + n - TASK_SIZE; - return __copy_tofrom_user((__force void __user *)to, from, - n - over) + over; - } + memset(to, 0, n); return n; } static inline unsigned long copy_to_user(void __user *to, const void *from, unsigned long n) { - unsigned long over; - if (access_ok(VERIFY_WRITE, to, n)) return __copy_tofrom_user(to, (__force void __user *)from, n); - if ((unsigned long)to < TASK_SIZE) { - over = (unsigned long)to + n - TASK_SIZE; - return __copy_tofrom_user(to, (__force void __user *)from, - n - over) + over; - } return n; } @@ -446,10 +433,6 @@ static inline unsigned long clear_user(void __user *addr, unsigned long size) might_sleep(); if (likely(access_ok(VERIFY_WRITE, addr, size))) return __clear_user(addr, size); - if ((unsigned long)addr < TASK_SIZE) { - unsigned long over = (unsigned long)addr + size - TASK_SIZE; - return __clear_user(addr, size - over) + over; - } return size; } diff --git a/arch/powerpc/kernel/prom.c b/arch/powerpc/kernel/prom.c index fa1235b..c021af8 100644 --- a/arch/powerpc/kernel/prom.c +++ b/arch/powerpc/kernel/prom.c @@ -159,7 +159,7 @@ static struct ibm_pa_feature { {CPU_FTR_NOEXECUTE, 0, 0, 0, 6, 0}, {CPU_FTR_NODSISRALIGN, 0, 0, 1, 1, 1}, {0, MMU_FTR_CI_LARGE_PAGE, 0, 1, 2, 0}, - {CPU_FTR_REAL_LE, PPC_FEATURE_TRUE_LE, 5, 0, 0}, + {CPU_FTR_REAL_LE, 0, PPC_FEATURE_TRUE_LE, 5, 0, 0}, }; static void __init scan_features(unsigned long node, unsigned char *ftrs, diff --git a/arch/powerpc/mm/hash_utils_64.c b/arch/powerpc/mm/hash_utils_64.c index 2d28218..e9a8b8c 100644 --- a/arch/powerpc/mm/hash_utils_64.c +++ b/arch/powerpc/mm/hash_utils_64.c @@ -1074,6 +1074,30 @@ int hash_page(unsigned long ea, unsigned long access, unsigned long trap) } EXPORT_SYMBOL_GPL(hash_page); +#ifdef CONFIG_PPC_MM_SLICES +static bool should_hash_preload(struct mm_struct *mm, unsigned long ea) +{ + int psize = get_slice_psize(mm, ea); + + /* We only prefault standard pages for now */ + if (unlikely(psize != mm->context.user_psize)) + return false; + + /* + * Don't prefault if subpage protection is enabled for the EA. + */ + if (unlikely((psize == MMU_PAGE_4K) && subpage_protection(mm, ea))) + return false; + + return true; +} +#else +static bool should_hash_preload(struct mm_struct *mm, unsigned long ea) +{ + return true; +} +#endif + void hash_preload(struct mm_struct *mm, unsigned long ea, unsigned long access, unsigned long trap) { @@ -1085,11 +1109,8 @@ void hash_preload(struct mm_struct *mm, unsigned long ea, BUG_ON(REGION_ID(ea) != USER_REGION_ID); -#ifdef CONFIG_PPC_MM_SLICES - /* We only prefault standard pages for now */ - if (unlikely(get_slice_psize(mm, ea) != mm->context.user_psize)) + if (!should_hash_preload(mm, ea)) return; -#endif DBG_LOW("hash_preload(mm=%p, mm->pgdir=%p, ea=%016lx, access=%lx," " trap=%lx\n", mm, mm->pgd, ea, access, trap); diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c index f4b78a3..9a5ec9a 100644 --- a/arch/powerpc/mm/numa.c +++ b/arch/powerpc/mm/numa.c @@ -1275,17 +1275,33 @@ int hot_add_scn_to_nid(unsigned long scn_addr) static u64 hot_add_drconf_memory_max(void) { struct device_node *memory = NULL; + struct device_node *dn = NULL; unsigned int drconf_cell_cnt = 0; u64 lmb_size = 0; const u32 *dm = 0; + const __be64 *lrdr = NULL; + struct of_drconf_cell drmem; + + dn = of_find_node_by_path("/rtas"); + if (dn) { + lrdr = of_get_property(dn, "ibm,lrdr-capacity", NULL); + of_node_put(dn); + if (lrdr) + return be64_to_cpup(lrdr); + } memory = of_find_node_by_path("/ibm,dynamic-reconfiguration-memory");
_______________________________________________ unionfs-cvs mailing list: http://unionfs.filesystems.org/ [email protected] http://www.fsl.cs.sunysb.edu/mailman/listinfo/unionfs-cvs
