Merge branch 'akpm' (Andrew's fixups) · tjh.dev/kernel@46edaed

+9 -9

MAINTAINERS

··· 1077 1077 ARM/SAMSUNG S5P SERIES Multi Format Codec (MFC) SUPPORT 1078 1078 M: Kyungmin Park <kyungmin.park@samsung.com> 1079 1079 M: Kamil Debski <k.debski@samsung.com> 1080 - M: Jeongtae Park <jtp.park@samsung.com> 1080 + M: Jeongtae Park <jtp.park@samsung.com> 1081 1081 L: linux-arm-kernel@lists.infradead.org 1082 1082 L: linux-media@vger.kernel.org 1083 1083 S: Maintained ··· 1743 1743 CAPABILITIES 1744 1744 M: Serge Hallyn <serge.hallyn@canonical.com> 1745 1745 L: linux-security-module@vger.kernel.org 1746 - S: Supported 1746 + S: Supported 1747 1747 F: include/linux/capability.h 1748 1748 F: security/capability.c 1749 - F: security/commoncap.c 1749 + F: security/commoncap.c 1750 1750 F: kernel/capability.c 1751 1751 1752 1752 CELL BROADBAND ENGINE ARCHITECTURE ··· 2146 2146 F: drivers/net/wan/pc300* 2147 2147 2148 2148 CYTTSP TOUCHSCREEN DRIVER 2149 - M: Javier Martinez Canillas <javier@dowhile0.org> 2150 - L: linux-input@vger.kernel.org 2151 - S: Maintained 2152 - F: drivers/input/touchscreen/cyttsp* 2153 - F: include/linux/input/cyttsp.h 2149 + M: Javier Martinez Canillas <javier@dowhile0.org> 2150 + L: linux-input@vger.kernel.org 2151 + S: Maintained 2152 + F: drivers/input/touchscreen/cyttsp* 2153 + F: include/linux/input/cyttsp.h 2154 2154 2155 2155 DAMA SLAVE for AX.25 2156 2156 M: Joerg Reuter <jreuter@yaina.de> ··· 5185 5185 F: drivers/firmware/pcdp.* 5186 5186 5187 5187 PCI ERROR RECOVERY 5188 - M: Linas Vepstas <linasvepstas@gmail.com> 5188 + M: Linas Vepstas <linasvepstas@gmail.com> 5189 5189 L: linux-pci@vger.kernel.org 5190 5190 S: Supported 5191 5191 F: Documentation/PCI/pci-error-recovery.txt

+1 -1

drivers/platform/x86/acerhdf.c

··· 5 5 * 6 6 * (C) 2009 - Peter Feuerer peter (a) piie.net 7 7 * http://piie.net 8 - * 2009 Borislav Petkov <petkovbb@gmail.com> 8 + * 2009 Borislav Petkov bp (a) alien8.de 9 9 * 10 10 * Inspired by and many thanks to: 11 11 * o acerfand - Rachel Greenham

-1

fs/exec.c

··· 819 819 /* Notify parent that we're no longer interested in the old VM */ 820 820 tsk = current; 821 821 old_mm = current->mm; 822 - sync_mm_rss(old_mm); 823 822 mm_release(tsk, old_mm); 824 823 825 824 if (old_mm) {

+6 -4

include/linux/prctl.h

··· 127 127 #define PR_SET_PTRACER 0x59616d61 128 128 # define PR_SET_PTRACER_ANY ((unsigned long)-1) 129 129 130 - #define PR_SET_CHILD_SUBREAPER 36 131 - #define PR_GET_CHILD_SUBREAPER 37 130 + #define PR_SET_CHILD_SUBREAPER 36 131 + #define PR_GET_CHILD_SUBREAPER 37 132 132 133 133 /* 134 134 * If no_new_privs is set, then operations that grant new privileges (i.e. ··· 142 142 * asking selinux for a specific new context (e.g. with runcon) will result 143 143 * in execve returning -EPERM. 144 144 */ 145 - #define PR_SET_NO_NEW_PRIVS 38 146 - #define PR_GET_NO_NEW_PRIVS 39 145 + #define PR_SET_NO_NEW_PRIVS 38 146 + #define PR_GET_NO_NEW_PRIVS 39 147 + 148 + #define PR_GET_TID_ADDRESS 40 147 149 148 150 #endif /* _LINUX_PRCTL_H */

+1

include/linux/sched.h

··· 439 439 /* leave room for more dump flags */ 440 440 #define MMF_VM_MERGEABLE 16 /* KSM may merge identical pages */ 441 441 #define MMF_VM_HUGEPAGE 17 /* set when VM_HUGEPAGE is set on vma */ 442 + #define MMF_EXE_FILE_CHANGED 18 /* see prctl_set_mm_exe_file() */ 442 443 443 444 #define MMF_INIT_MASK (MMF_DUMPABLE_MASK | MMF_DUMP_FILTER_MASK) 444 445

+12

ipc/shm.c

··· 393 393 return sfd->file->f_op->fsync(sfd->file, start, end, datasync); 394 394 } 395 395 396 + static long shm_fallocate(struct file *file, int mode, loff_t offset, 397 + loff_t len) 398 + { 399 + struct shm_file_data *sfd = shm_file_data(file); 400 + 401 + if (!sfd->file->f_op->fallocate) 402 + return -EOPNOTSUPP; 403 + return sfd->file->f_op->fallocate(file, mode, offset, len); 404 + } 405 + 396 406 static unsigned long shm_get_unmapped_area(struct file *file, 397 407 unsigned long addr, unsigned long len, unsigned long pgoff, 398 408 unsigned long flags) ··· 420 410 .get_unmapped_area = shm_get_unmapped_area, 421 411 #endif 422 412 .llseek = noop_llseek, 413 + .fallocate = shm_fallocate, 423 414 }; 424 415 425 416 static const struct file_operations shm_file_operations_huge = { ··· 429 418 .release = shm_release, 430 419 .get_unmapped_area = shm_get_unmapped_area, 431 420 .llseek = noop_llseek, 421 + .fallocate = shm_fallocate, 432 422 }; 433 423 434 424 int is_file_shm_hugepages(struct file *file)

+8 -5

kernel/exit.c

··· 423 423 * user space pages. We don't need them, and if we didn't close them 424 424 * they would be locked into memory. 425 425 */ 426 + mm_release(current, current->mm); 426 427 exit_mm(current); 427 428 /* 428 429 * We don't want to get frozen, in case system-wide hibernation ··· 641 640 struct mm_struct *mm = tsk->mm; 642 641 struct core_state *core_state; 643 642 644 - mm_release(tsk, mm); 645 643 if (!mm) 646 644 return; 647 645 /* ··· 960 960 preempt_count()); 961 961 962 962 acct_update_integrals(tsk); 963 - /* sync mm's RSS info before statistics gathering */ 964 - if (tsk->mm) 965 - sync_mm_rss(tsk->mm); 963 + 964 + /* Set exit_code before complete_vfork_done() in mm_release() */ 965 + tsk->exit_code = code; 966 + 967 + /* Release mm and sync mm's RSS info before statistics gathering */ 968 + mm_release(tsk, tsk->mm); 969 + 966 970 group_dead = atomic_dec_and_test(&tsk->signal->live); 967 971 if (group_dead) { 968 972 hrtimer_cancel(&tsk->signal->real_timer); ··· 979 975 tty_audit_exit(); 980 976 audit_free(tsk); 981 977 982 - tsk->exit_code = code; 983 978 taskstats_exit(tsk, group_dead); 984 979 985 980 exit_mm(tsk);

+8

kernel/fork.c

··· 619 619 module_put(mm->binfmt->module); 620 620 mmdrop(mm); 621 621 } 622 + 623 + /* 624 + * Final rss-counter synchronization. After this point there must be 625 + * no pagefaults into this mm from the current context. Otherwise 626 + * mm->rss_stat will be inconsistent. 627 + */ 628 + if (mm) 629 + sync_mm_rss(mm); 622 630 } 623 631 EXPORT_SYMBOL_GPL(mmput); 624 632

+33 -27

kernel/sys.c

··· 1786 1786 } 1787 1787 1788 1788 #ifdef CONFIG_CHECKPOINT_RESTORE 1789 - static bool vma_flags_mismatch(struct vm_area_struct *vma, 1790 - unsigned long required, 1791 - unsigned long banned) 1792 - { 1793 - return (vma->vm_flags & required) != required || 1794 - (vma->vm_flags & banned); 1795 - } 1796 - 1797 1789 static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd) 1798 1790 { 1791 + struct vm_area_struct *vma; 1799 1792 struct file *exe_file; 1800 1793 struct dentry *dentry; 1801 1794 int err; 1802 - 1803 - /* 1804 - * Setting new mm::exe_file is only allowed when no VM_EXECUTABLE vma's 1805 - * remain. So perform a quick test first. 1806 - */ 1807 - if (mm->num_exe_file_vmas) 1808 - return -EBUSY; 1809 1795 1810 1796 exe_file = fget(fd); 1811 1797 if (!exe_file) ··· 1813 1827 if (err) 1814 1828 goto exit; 1815 1829 1830 + down_write(&mm->mmap_sem); 1831 + 1832 + /* 1833 + * Forbid mm->exe_file change if there are mapped other files. 1834 + */ 1835 + err = -EBUSY; 1836 + for (vma = mm->mmap; vma; vma = vma->vm_next) { 1837 + if (vma->vm_file && !path_equal(&vma->vm_file->f_path, 1838 + &exe_file->f_path)) 1839 + goto exit_unlock; 1840 + } 1841 + 1816 1842 /* 1817 1843 * The symlink can be changed only once, just to disallow arbitrary 1818 1844 * transitions malicious software might bring in. This means one 1819 1845 * could make a snapshot over all processes running and monitor 1820 1846 * /proc/pid/exe changes to notice unusual activity if needed. 1821 1847 */ 1822 - down_write(&mm->mmap_sem); 1823 - if (likely(!mm->exe_file)) 1824 - set_mm_exe_file(mm, exe_file); 1825 - else 1826 - err = -EBUSY; 1848 + err = -EPERM; 1849 + if (test_and_set_bit(MMF_EXE_FILE_CHANGED, &mm->flags)) 1850 + goto exit_unlock; 1851 + 1852 + set_mm_exe_file(mm, exe_file); 1853 + exit_unlock: 1827 1854 up_write(&mm->mmap_sem); 1828 1855 1829 1856 exit: ··· 1861 1862 if (opt == PR_SET_MM_EXE_FILE) 1862 1863 return prctl_set_mm_exe_file(mm, (unsigned int)addr); 1863 1864 1864 - if (addr >= TASK_SIZE) 1865 + if (addr >= TASK_SIZE || addr < mmap_min_addr) 1865 1866 return -EINVAL; 1866 1867 1867 1868 error = -EINVAL; ··· 1923 1924 error = -EFAULT; 1924 1925 goto out; 1925 1926 } 1926 - #ifdef CONFIG_STACK_GROWSUP 1927 - if (vma_flags_mismatch(vma, VM_READ | VM_WRITE | VM_GROWSUP, 0)) 1928 - #else 1929 - if (vma_flags_mismatch(vma, VM_READ | VM_WRITE | VM_GROWSDOWN, 0)) 1930 - #endif 1931 - goto out; 1932 1927 if (opt == PR_SET_MM_START_STACK) 1933 1928 mm->start_stack = addr; 1934 1929 else if (opt == PR_SET_MM_ARG_START) ··· 1974 1981 up_read(&mm->mmap_sem); 1975 1982 return error; 1976 1983 } 1984 + 1985 + static int prctl_get_tid_address(struct task_struct *me, int __user **tid_addr) 1986 + { 1987 + return put_user(me->clear_child_tid, tid_addr); 1988 + } 1989 + 1977 1990 #else /* CONFIG_CHECKPOINT_RESTORE */ 1978 1991 static int prctl_set_mm(int opt, unsigned long addr, 1979 1992 unsigned long arg4, unsigned long arg5) 1993 + { 1994 + return -EINVAL; 1995 + } 1996 + static int prctl_get_tid_address(struct task_struct *me, int __user **tid_addr) 1980 1997 { 1981 1998 return -EINVAL; 1982 1999 } ··· 2127 2124 else 2128 2125 return -EINVAL; 2129 2126 break; 2127 + case PR_GET_TID_ADDRESS: 2128 + error = prctl_get_tid_address(me, (int __user **)arg2); 2129 + break; 2130 2130 default: 2131 2131 return -EINVAL; 2132 2132 }

+3 -2

lib/btree.c

··· 319 319 320 320 if (head->height == 0) 321 321 return NULL; 322 - retry: 323 322 longcpy(key, __key, geo->keylen); 323 + retry: 324 324 dec_key(geo, key); 325 325 326 326 node = head->node; ··· 351 351 } 352 352 miss: 353 353 if (retry_key) { 354 - __key = retry_key; 354 + longcpy(key, retry_key, geo->keylen); 355 355 retry_key = NULL; 356 356 goto retry; 357 357 } ··· 509 509 int btree_insert(struct btree_head *head, struct btree_geo *geo, 510 510 unsigned long *key, void *val, gfp_t gfp) 511 511 { 512 + BUG_ON(!val); 512 513 return btree_insert_level(head, geo, key, val, 1, gfp); 513 514 } 514 515 EXPORT_SYMBOL_GPL(btree_insert);

+37 -20

mm/shmem.c

··· 683 683 mutex_lock(&shmem_swaplist_mutex); 684 684 /* 685 685 * We needed to drop mutex to make that restrictive page 686 - * allocation; but the inode might already be freed by now, 687 - * and we cannot refer to inode or mapping or info to check. 688 - * However, we do hold page lock on the PageSwapCache page, 689 - * so can check if that still has our reference remaining. 686 + * allocation, but the inode might have been freed while we 687 + * dropped it: although a racing shmem_evict_inode() cannot 688 + * complete without emptying the radix_tree, our page lock 689 + * on this swapcache page is not enough to prevent that - 690 + * free_swap_and_cache() of our swap entry will only 691 + * trylock_page(), removing swap from radix_tree whatever. 692 + * 693 + * We must not proceed to shmem_add_to_page_cache() if the 694 + * inode has been freed, but of course we cannot rely on 695 + * inode or mapping or info to check that. However, we can 696 + * safely check if our swap entry is still in use (and here 697 + * it can't have got reused for another page): if it's still 698 + * in use, then the inode cannot have been freed yet, and we 699 + * can safely proceed (if it's no longer in use, that tells 700 + * nothing about the inode, but we don't need to unuse swap). 690 701 */ 691 702 if (!page_swapcount(*pagep)) 692 703 error = -ENOENT; ··· 741 730 742 731 /* 743 732 * There's a faint possibility that swap page was replaced before 744 - * caller locked it: it will come back later with the right page. 733 + * caller locked it: caller will come back later with the right page. 745 734 */ 746 - if (unlikely(!PageSwapCache(page))) 735 + if (unlikely(!PageSwapCache(page) || page_private(page) != swap.val)) 747 736 goto out; 748 737 749 738 /* ··· 1006 995 newpage = shmem_alloc_page(gfp, info, index); 1007 996 if (!newpage) 1008 997 return -ENOMEM; 1009 - VM_BUG_ON(shmem_should_replace_page(newpage, gfp)); 1010 998 1011 - *pagep = newpage; 1012 999 page_cache_get(newpage); 1013 1000 copy_highpage(newpage, oldpage); 1001 + flush_dcache_page(newpage); 1014 1002 1015 - VM_BUG_ON(!PageLocked(oldpage)); 1016 1003 __set_page_locked(newpage); 1017 - VM_BUG_ON(!PageUptodate(oldpage)); 1018 1004 SetPageUptodate(newpage); 1019 - VM_BUG_ON(!PageSwapBacked(oldpage)); 1020 1005 SetPageSwapBacked(newpage); 1021 - VM_BUG_ON(!swap_index); 1022 1006 set_page_private(newpage, swap_index); 1023 - VM_BUG_ON(!PageSwapCache(oldpage)); 1024 1007 SetPageSwapCache(newpage); 1025 1008 1026 1009 /* ··· 1024 1019 spin_lock_irq(&swap_mapping->tree_lock); 1025 1020 error = shmem_radix_tree_replace(swap_mapping, swap_index, oldpage, 1026 1021 newpage); 1027 - __inc_zone_page_state(newpage, NR_FILE_PAGES); 1028 - __dec_zone_page_state(oldpage, NR_FILE_PAGES); 1022 + if (!error) { 1023 + __inc_zone_page_state(newpage, NR_FILE_PAGES); 1024 + __dec_zone_page_state(oldpage, NR_FILE_PAGES); 1025 + } 1029 1026 spin_unlock_irq(&swap_mapping->tree_lock); 1030 - BUG_ON(error); 1031 1027 1032 - mem_cgroup_replace_page_cache(oldpage, newpage); 1033 - lru_cache_add_anon(newpage); 1028 + if (unlikely(error)) { 1029 + /* 1030 + * Is this possible? I think not, now that our callers check 1031 + * both PageSwapCache and page_private after getting page lock; 1032 + * but be defensive. Reverse old to newpage for clear and free. 1033 + */ 1034 + oldpage = newpage; 1035 + } else { 1036 + mem_cgroup_replace_page_cache(oldpage, newpage); 1037 + lru_cache_add_anon(newpage); 1038 + *pagep = newpage; 1039 + } 1034 1040 1035 1041 ClearPageSwapCache(oldpage); 1036 1042 set_page_private(oldpage, 0); ··· 1049 1033 unlock_page(oldpage); 1050 1034 page_cache_release(oldpage); 1051 1035 page_cache_release(oldpage); 1052 - return 0; 1036 + return error; 1053 1037 } 1054 1038 1055 1039 /* ··· 1123 1107 1124 1108 /* We have to do this with page locked to prevent races */ 1125 1109 lock_page(page); 1126 - if (!PageSwapCache(page) || page->mapping) { 1110 + if (!PageSwapCache(page) || page_private(page) != swap.val || 1111 + page->mapping) { 1127 1112 error = -EEXIST; /* try again */ 1128 1113 goto failed; 1129 1114 }

Configure Feed

Configure Feed