17 files changed, 603 insertions, 200 deletions
diff --git a/scripts/Makefile.build b/scripts/Makefile.build
index 2554a15ecf2b..0c5969fa795f 100644
--- a/scripts/Makefile.build
+++ b/scripts/Makefile.build
@@ -199,11 +199,8 @@ sub_cmd_record_mcount = perl $(srctree)/scripts/recordmcount.pl "$(ARCH)" \
        "$(if $(part-of-module),1,0)" "$(@)";
 recordmcount_source := $(srctree)/scripts/recordmcount.pl
 endif # BUILD_C_RECORDMCOUNT
-cmd_record_mcount =                                             \
+cmd_record_mcount = $(if $(findstring $(strip $(CC_FLAGS_FTRACE)),$(_c_flags)), \
-        if [ "$(findstring $(CC_FLAGS_FTRACE),$(_c_flags))" =   \
+        $(sub_cmd_record_mcount))
-             "$(CC_FLAGS_FTRACE)" ]; then                       \
-                $(sub_cmd_record_mcount)                        \
-        fi
 endif # CC_USING_RECORD_MCOUNT
 endif # CONFIG_FTRACE_MCOUNT_RECORD
@@ -225,6 +222,9 @@ endif
 ifdef CONFIG_RETPOLINE
  objtool_args += --retpoline
 endif
+ifdef CONFIG_X86_SMAP
+  objtool_args += --uaccess
+endif
 # 'OBJECT_FILES_NON_STANDARD := y': skip objtool checking for a directory
 # 'OBJECT_FILES_NON_STANDARD_foo.o := 'y': skip objtool checking for a file
diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan
index 38b2b4818e8e..019771b845c5 100644
--- a/scripts/Makefile.ubsan
+++ b/scripts/Makefile.ubsan
@@ -3,7 +3,6 @@ ifdef CONFIG_UBSAN
      CFLAGS_UBSAN += $(call cc-option, -fsanitize=shift)
      CFLAGS_UBSAN += $(call cc-option, -fsanitize=integer-divide-by-zero)
      CFLAGS_UBSAN += $(call cc-option, -fsanitize=unreachable)
-      CFLAGS_UBSAN += $(call cc-option, -fsanitize=vla-bound)
      CFLAGS_UBSAN += $(call cc-option, -fsanitize=signed-integer-overflow)
      CFLAGS_UBSAN += $(call cc-option, -fsanitize=bounds)
      CFLAGS_UBSAN += $(call cc-option, -fsanitize=object-size)
diff --git a/scripts/atomic/gen-atomics.sh b/scripts/atomic/gen-atomics.sh
index 27400b0cd732..000dc6437893 100644
--- a/scripts/atomic/gen-atomics.sh
+++ b/scripts/atomic/gen-atomics.sh
@@ -13,7 +13,7 @@ gen-atomic-long.sh              asm-generic/atomic-long.h
 gen-atomic-fallback.sh          linux/atomic-fallback.h
 EOF
 while read script header; do
-        ${ATOMICDIR}/${script} ${ATOMICTBL} > ${LINUXDIR}/include/${header}
+        /bin/sh ${ATOMICDIR}/${script} ${ATOMICTBL} > ${LINUXDIR}/include/${header}
        HASH="$(sha1sum ${LINUXDIR}/include/${header})"
        HASH="${HASH%% *}"
        printf "// %s\n" "${HASH}" >> ${LINUXDIR}/include/${header}
diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 5b756278df13..a09333fd7cef 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -5977,7 +5977,7 @@ sub process {
                                while ($fmt =~ /(\%[\*\d\.]*p(\w))/g) {
                                        $specifier = $1;
                                        $extension = $2;
-                                        if ($extension !~ /[SsBKRraEhMmIiUDdgVCbGNOx]/) {
+                                        if ($extension !~ /[SsBKRraEhMmIiUDdgVCbGNOxt]/) {
                                                $bad_specifier = $specifier;
                                                last;
                                        }
diff --git a/scripts/coccinelle/api/stream_open.cocci b/scripts/coccinelle/api/stream_open.cocci
new file mode 100644
index 000000000000..350145da7669
--- /dev/null
+++ b/scripts/coccinelle/api/stream_open.cocci
@@ -0,0 +1,363 @@
+// SPDX-License-Identifier: GPL-2.0
+// Author: Kirill Smelkov (kirr@nexedi.com)
+//
+// Search for stream-like files that are using nonseekable_open and convert
+// them to stream_open. A stream-like file is a file that does not use ppos in
+// its read and write. Rationale for the conversion is to avoid deadlock in
+// between read and write.
+virtual report
+virtual patch
+virtual explain  // explain decisions in the patch (SPFLAGS="-D explain")
+// stream-like reader & writer - ones that do not depend on f_pos.
+@ stream_reader @
+identifier readstream, ppos;
+identifier f, buf, len;
+type loff_t;
+@@
+  ssize_t readstream(struct file *f, char *buf, size_t len, loff_t *ppos)
+  {
+    ... when != ppos
+  }
+@ stream_writer @
+identifier writestream, ppos;
+identifier f, buf, len;
+type loff_t;
+@@
+  ssize_t writestream(struct file *f, const char *buf, size_t len, loff_t *ppos)
+  {
+    ... when != ppos
+  }
+// a function that blocks
+@ blocks @
+identifier block_f;
+identifier wait_event =~ "^wait_event_.*";
+@@
+  block_f(...) {
+    ... when exists
+    wait_event(...)
+    ... when exists
+  }
+// stream_reader that can block inside.
+//
+// XXX wait_* can be called not directly from current function (e.g. func -> f -> g -> wait())
+// XXX currently reader_blocks supports only direct and 1-level indirect cases.
+@ reader_blocks_direct @
+identifier stream_reader.readstream;
+identifier wait_event =~ "^wait_event_.*";
+@@
+  readstream(...)
+  {
+    ... when exists
+    wait_event(...)
+    ... when exists
+  }
+@ reader_blocks_1 @
+identifier stream_reader.readstream;
+identifier blocks.block_f;
+@@
+  readstream(...)
+  {
+    ... when exists
+    block_f(...)
+    ... when exists
+  }
+@ reader_blocks depends on reader_blocks_direct || reader_blocks_1 @
+identifier stream_reader.readstream;
+@@
+  readstream(...) {
+    ...
+  }
+// file_operations + whether they have _any_ .read, .write, .llseek ... at all.
+//
+// XXX add support for file_operations xxx[N] = ...     (sound/core/pcm_native.c)
+@ fops0 @
+identifier fops;
+@@
+  struct file_operations fops = {
+    ...
+  };
+@ has_read @
+identifier fops0.fops;
+identifier read_f;
+@@
+  struct file_operations fops = {
+    .read = read_f,
+  };
+@ has_read_iter @
+identifier fops0.fops;
+identifier read_iter_f;
+@@
+  struct file_operations fops = {
+    .read_iter = read_iter_f,
+  };
+@ has_write @
+identifier fops0.fops;
+identifier write_f;
+@@
+  struct file_operations fops = {
+    .write = write_f,
+  };
+@ has_write_iter @
+identifier fops0.fops;
+identifier write_iter_f;
+@@
+  struct file_operations fops = {
+    .write_iter = write_iter_f,
+  };
+@ has_llseek @
+identifier fops0.fops;
+identifier llseek_f;
+@@
+  struct file_operations fops = {
+    .llseek = llseek_f,
+  };
+@ has_no_llseek @
+identifier fops0.fops;
+@@
+  struct file_operations fops = {
+    .llseek = no_llseek,
+  };
+@ has_mmap @
+identifier fops0.fops;
+identifier mmap_f;
+@@
+  struct file_operations fops = {
+    .mmap = mmap_f,
+  };
+@ has_copy_file_range @
+identifier fops0.fops;
+identifier copy_file_range_f;
+@@
+  struct file_operations fops = {
+    .copy_file_range = copy_file_range_f,
+  };
+@ has_remap_file_range @
+identifier fops0.fops;
+identifier remap_file_range_f;
+@@
+  struct file_operations fops = {
+    .remap_file_range = remap_file_range_f,
+  };
+@ has_splice_read @
+identifier fops0.fops;
+identifier splice_read_f;
+@@
+  struct file_operations fops = {
+    .splice_read = splice_read_f,
+  };
+@ has_splice_write @
+identifier fops0.fops;
+identifier splice_write_f;
+@@
+  struct file_operations fops = {
+    .splice_write = splice_write_f,
+  };
+// file_operations that is candidate for stream_open conversion - it does not
+// use mmap and other methods that assume @offset access to file.
+//
+// XXX for simplicity require no .{read/write}_iter and no .splice_{read/write} for now.
+// XXX maybe_steam.fops cannot be used in other rules - it gives "bad rule maybe_stream or bad variable fops".
+@ maybe_stream depends on (!has_llseek || has_no_llseek) && !has_mmap && !has_copy_file_range && !has_remap_file_range && !has_read_iter && !has_write_iter && !has_splice_read && !has_splice_write @
+identifier fops0.fops;
+@@
+  struct file_operations fops = {
+  };
+// ---- conversions ----
+// XXX .open = nonseekable_open -> .open = stream_open
+// XXX .open = func -> openfunc -> nonseekable_open
+// read & write
+//
+// if both are used in the same file_operations together with an opener -
+// under that conditions we can use stream_open instead of nonseekable_open.
+@ fops_rw depends on maybe_stream @
+identifier fops0.fops, openfunc;
+identifier stream_reader.readstream;
+identifier stream_writer.writestream;
+@@
+  struct file_operations fops = {
+      .open  = openfunc,
+      .read  = readstream,
+      .write = writestream,
+  };
+@ report_rw depends on report @
+identifier fops_rw.openfunc;
+position p1;
+@@
+  openfunc(...) {
+    <...
+     nonseekable_open@p1
+    ...>
+  }
+@ script:python depends on report && reader_blocks @
+fops << fops0.fops;
+p << report_rw.p1;
+@@
+coccilib.report.print_report(p[0],
+  "ERROR: %s: .read() can deadlock .write(); change nonseekable_open -> stream_open to fix." % (fops,))
+@ script:python depends on report && !reader_blocks @
+fops << fops0.fops;
+p << report_rw.p1;
+@@
+coccilib.report.print_report(p[0],
+  "WARNING: %s: .read() and .write() have stream semantic; safe to change nonseekable_open -> stream_open." % (fops,))
+@ explain_rw_deadlocked depends on explain && reader_blocks @
+identifier fops_rw.openfunc;
+@@
+  openfunc(...) {
+    <...
+-    nonseekable_open
+    nonseekable_open /* read & write (was deadlock) */
+    ...>
+  }
+@ explain_rw_nodeadlock depends on explain && !reader_blocks @
+identifier fops_rw.openfunc;
+@@
+  openfunc(...) {
+    <...
+-    nonseekable_open
+    nonseekable_open /* read & write (no direct deadlock) */
+    ...>
+  }
+@ patch_rw depends on patch @
+identifier fops_rw.openfunc;
+@@
+  openfunc(...) {
+    <...
+-   nonseekable_open
+   stream_open
+    ...>
+  }
+// read, but not write
+@ fops_r depends on maybe_stream && !has_write @
+identifier fops0.fops, openfunc;
+identifier stream_reader.readstream;
+@@
+  struct file_operations fops = {
+      .open  = openfunc,
+      .read  = readstream,
+  };
+@ report_r depends on report @
+identifier fops_r.openfunc;
+position p1;
+@@
+  openfunc(...) {
+    <...
+    nonseekable_open@p1
+    ...>
+  }
+@ script:python depends on report @
+fops << fops0.fops;
+p << report_r.p1;
+@@
+coccilib.report.print_report(p[0],
+  "WARNING: %s: .read() has stream semantic; safe to change nonseekable_open -> stream_open." % (fops,))
+@ explain_r depends on explain @
+identifier fops_r.openfunc;
+@@
+  openfunc(...) {
+    <...
+-   nonseekable_open
+   nonseekable_open /* read only */
+    ...>
+  }
+@ patch_r depends on patch @
+identifier fops_r.openfunc;
+@@
+  openfunc(...) {
+    <...
+-   nonseekable_open
+   stream_open
+    ...>
+  }
+// write, but not read
+@ fops_w depends on maybe_stream && !has_read @
+identifier fops0.fops, openfunc;
+identifier stream_writer.writestream;
+@@
+  struct file_operations fops = {
+      .open  = openfunc,
+      .write = writestream,
+  };
+@ report_w depends on report @
+identifier fops_w.openfunc;
+position p1;
+@@
+  openfunc(...) {
+    <...
+    nonseekable_open@p1
+    ...>
+  }
+@ script:python depends on report @
+fops << fops0.fops;
+p << report_w.p1;
+@@
+coccilib.report.print_report(p[0],
+  "WARNING: %s: .write() has stream semantic; safe to change nonseekable_open -> stream_open." % (fops,))
+@ explain_w depends on explain @
+identifier fops_w.openfunc;
+@@
+  openfunc(...) {
+    <...
+-   nonseekable_open
+   nonseekable_open /* write only */
+    ...>
+  }
+@ patch_w depends on patch @
+identifier fops_w.openfunc;
+@@
+  openfunc(...) {
+    <...
+-   nonseekable_open
+   stream_open
+    ...>
+  }
+// no read, no write - don't change anything
diff --git a/scripts/coccinelle/free/put_device.cocci b/scripts/coccinelle/free/put_device.cocci
index 7395697e7f19..c9f071b0a0ab 100644
--- a/scripts/coccinelle/free/put_device.cocci
+++ b/scripts/coccinelle/free/put_device.cocci
@@ -32,6 +32,7 @@ if (id == NULL || ...) { ... return ...; }
 (    id
 |    (T2)dev_get_drvdata(&id->dev)
 |    (T3)platform_get_drvdata(id)
+|    &id->dev
 );
 | return@p2 ...;
 )
diff --git a/scripts/coccinelle/misc/badty.cocci b/scripts/coccinelle/misc/badty.cocci
index 481cf301ccfc..08470362199c 100644
--- a/scripts/coccinelle/misc/badty.cocci
+++ b/scripts/coccinelle/misc/badty.cocci
@@ -1,4 +1,4 @@
-/// Use ARRAY_SIZE instead of dividing sizeof array with sizeof an element
+/// Correct the size argument to alloc functions
 ///
 //# This makes an effort to find cases where the argument to sizeof is wrong
 //# in memory allocation functions by checking the type of the allocated memory
diff --git a/scripts/gcc-plugins/Kconfig b/scripts/gcc-plugins/Kconfig
index 74271dba4f94..80220ed26a35 100644
--- a/scripts/gcc-plugins/Kconfig
+++ b/scripts/gcc-plugins/Kconfig
@@ -13,17 +13,19 @@ config HAVE_GCC_PLUGINS
          An arch should select this symbol if it supports building with
          GCC plugins.
-menuconfig GCC_PLUGINS
+config GCC_PLUGINS
-        bool "GCC plugins"
+        bool
        depends on HAVE_GCC_PLUGINS
        depends on PLUGIN_HOSTCC != ""
+        default y
        help
          GCC plugins are loadable modules that provide extra features to the
          compiler. They are useful for runtime instrumentation and static analysis.
          See Documentation/gcc-plugins.txt for details.
-if GCC_PLUGINS
+menu "GCC plugins"
+        depends on GCC_PLUGINS
 config GCC_PLUGIN_CYC_COMPLEXITY
        bool "Compute the cyclomatic complexity of a function" if EXPERT
@@ -66,71 +68,6 @@ config GCC_PLUGIN_LATENT_ENTROPY
           * https://grsecurity.net/
           * https://pax.grsecurity.net/
-config GCC_PLUGIN_STRUCTLEAK
-        bool "Zero initialize stack variables"
-        help
-          While the kernel is built with warnings enabled for any missed
-          stack variable initializations, this warning is silenced for
-          anything passed by reference to another function, under the
-          occasionally misguided assumption that the function will do
-          the initialization. As this regularly leads to exploitable
-          flaws, this plugin is available to identify and zero-initialize
-          such variables, depending on the chosen level of coverage.
-          This plugin was originally ported from grsecurity/PaX. More
-          information at:
-           * https://grsecurity.net/
-           * https://pax.grsecurity.net/
-choice
-        prompt "Coverage"
-        depends on GCC_PLUGIN_STRUCTLEAK
-        default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
-        help
-          This chooses the level of coverage over classes of potentially
-          uninitialized variables. The selected class will be
-          zero-initialized before use.
-        config GCC_PLUGIN_STRUCTLEAK_USER
-                bool "structs marked for userspace"
-                help
-                  Zero-initialize any structures on the stack containing
-                  a __user attribute. This can prevent some classes of
-                  uninitialized stack variable exploits and information
-                  exposures, like CVE-2013-2141:
-                  https://git.kernel.org/linus/b9e146d8eb3b9eca
-        config GCC_PLUGIN_STRUCTLEAK_BYREF
-                bool "structs passed by reference"
-                help
-                  Zero-initialize any structures on the stack that may
-                  be passed by reference and had not already been
-                  explicitly initialized. This can prevent most classes
-                  of uninitialized stack variable exploits and information
-                  exposures, like CVE-2017-1000410:
-                  https://git.kernel.org/linus/06e7e776ca4d3654
-        config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
-                bool "anything passed by reference"
-                help
-                  Zero-initialize any stack variables that may be passed
-                  by reference and had not already been explicitly
-                  initialized. This is intended to eliminate all classes
-                  of uninitialized stack variable exploits and information
-                  exposures.
-endchoice
-config GCC_PLUGIN_STRUCTLEAK_VERBOSE
-        bool "Report forcefully initialized variables"
-        depends on GCC_PLUGIN_STRUCTLEAK
-        depends on !COMPILE_TEST        # too noisy
-        help
-          This option will cause a warning to be printed each time the
-          structleak plugin finds a variable it thinks needs to be
-          initialized. Since not all existing initializers are detected
-          by the plugin, this can produce false positive warnings.
 config GCC_PLUGIN_RANDSTRUCT
        bool "Randomize layout of sensitive kernel structures"
        select MODVERSIONS if MODULES
@@ -171,59 +108,8 @@ config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
          in structures.  This reduces the performance hit of RANDSTRUCT
          at the cost of weakened randomization.
-config GCC_PLUGIN_STACKLEAK
-        bool "Erase the kernel stack before returning from syscalls"
-        depends on GCC_PLUGINS
-        depends on HAVE_ARCH_STACKLEAK
-        help
-          This option makes the kernel erase the kernel stack before
-          returning from system calls. That reduces the information which
-          kernel stack leak bugs can reveal and blocks some uninitialized
-          stack variable attacks.
-          The tradeoff is the performance impact: on a single CPU system kernel
-          compilation sees a 1% slowdown, other systems and workloads may vary
-          and you are advised to test this feature on your expected workload
-          before deploying it.
-          This plugin was ported from grsecurity/PaX. More information at:
-           * https://grsecurity.net/
-           * https://pax.grsecurity.net/
-config STACKLEAK_TRACK_MIN_SIZE
-        int "Minimum stack frame size of functions tracked by STACKLEAK"
-        default 100
-        range 0 4096
-        depends on GCC_PLUGIN_STACKLEAK
-        help
-          The STACKLEAK gcc plugin instruments the kernel code for tracking
-          the lowest border of the kernel stack (and for some other purposes).
-          It inserts the stackleak_track_stack() call for the functions with
-          a stack frame size greater than or equal to this parameter.
-          If unsure, leave the default value 100.
-config STACKLEAK_METRICS
-        bool "Show STACKLEAK metrics in the /proc file system"
-        depends on GCC_PLUGIN_STACKLEAK
-        depends on PROC_FS
-        help
-          If this is set, STACKLEAK metrics for every task are available in
-          the /proc file system. In particular, /proc/<pid>/stack_depth
-          shows the maximum kernel stack consumption for the current and
-          previous syscalls. Although this information is not precise, it
-          can be useful for estimating the STACKLEAK performance impact for
-          your workloads.
-config STACKLEAK_RUNTIME_DISABLE
-        bool "Allow runtime disabling of kernel stack erasing"
-        depends on GCC_PLUGIN_STACKLEAK
-        help
-          This option provides 'stack_erasing' sysctl, which can be used in
-          runtime to control kernel stack erasing for kernels built with
-          CONFIG_GCC_PLUGIN_STACKLEAK.
 config GCC_PLUGIN_ARM_SSP_PER_TASK
        bool
        depends on GCC_PLUGINS && ARM
-endif
+endmenu
diff --git a/scripts/kconfig/lxdialog/inputbox.c b/scripts/kconfig/lxdialog/inputbox.c
index 611945611bf8..1dcfb288ee63 100644
--- a/scripts/kconfig/lxdialog/inputbox.c
+++ b/scripts/kconfig/lxdialog/inputbox.c
@@ -113,7 +113,8 @@ do_resize:
                        case KEY_DOWN:
                                break;
                        case KEY_BACKSPACE:
-                        case 127:
+                        case 8:   /* ^H */
+                        case 127: /* ^? */
                                if (pos) {
                                        wattrset(dialog, dlg.inputbox.atr);
                                        if (input_x == 0) {
diff --git a/scripts/kconfig/nconf.c b/scripts/kconfig/nconf.c
index a4670f4e825a..ac92c0ded6c5 100644
--- a/scripts/kconfig/nconf.c
+++ b/scripts/kconfig/nconf.c
@@ -1048,7 +1048,7 @@ static int do_match(int key, struct match_state *state, int *ans)
                state->match_direction = FIND_NEXT_MATCH_UP;
                *ans = get_mext_match(state->pattern,
                                state->match_direction);
-        } else if (key == KEY_BACKSPACE || key == 127) {
+        } else if (key == KEY_BACKSPACE || key == 8 || key == 127) {
                state->pattern[strlen(state->pattern)-1] = '\0';
                adj_match_dir(&state->match_direction);
        } else
diff --git a/scripts/kconfig/nconf.gui.c b/scripts/kconfig/nconf.gui.c
index 7be620a1fcdb..77f525a8617c 100644
--- a/scripts/kconfig/nconf.gui.c
+++ b/scripts/kconfig/nconf.gui.c
@@ -439,7 +439,8 @@ int dialog_inputbox(WINDOW *main_window,
                case KEY_F(F_EXIT):
                case KEY_F(F_BACK):
                        break;
-                case 127:
+                case 8:   /* ^H */
+                case 127: /* ^? */
                case KEY_BACKSPACE:
                        if (cursor_position > 0) {
                                memmove(&result[cursor_position-1],
diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
index dc0e8c5a1402..e3c06b9482a2 100755
--- a/scripts/link-vmlinux.sh
+++ b/scripts/link-vmlinux.sh
@@ -35,7 +35,7 @@ set -e
 info()
 {
        if [ "${quiet}" != "silent_" ]; then
-                printf "  %-7s %s\n" ${1} ${2}
+                printf "  %-7s %s\n" "${1}" "${2}"
        fi
 }
@@ -91,6 +91,25 @@ vmlinux_link()
        fi
 }
+# generate .BTF typeinfo from DWARF debuginfo
+gen_btf()
+{
+        local pahole_ver;
+        if ! [ -x "$(command -v ${PAHOLE})" ]; then
+                info "BTF" "${1}: pahole (${PAHOLE}) is not available"
+                return 0
+        fi
+        pahole_ver=$(${PAHOLE} --version | sed -E 's/v([0-9]+)\.([0-9]+)/\1\2/')
+        if [ "${pahole_ver}" -lt "113" ]; then
+                info "BTF" "${1}: pahole version $(${PAHOLE} --version) is too old, need at least v1.13"
+                return 0
+        fi
+        info "BTF" ${1}
+        LLVM_OBJCOPY=${OBJCOPY} ${PAHOLE} -J ${1}
+}
 # Create ${2} .o file with all symbols from the ${1} object file
 kallsyms()
@@ -248,6 +267,10 @@ fi
 info LD vmlinux
 vmlinux_link "${kallsymso}" vmlinux
+if [ -n "${CONFIG_DEBUG_INFO_BTF}" ]; then
+        gen_btf vmlinux
+fi
 if [ -n "${CONFIG_BUILDTIME_EXTABLE_SORT}" ]; then
        info SORTEX vmlinux
        sortextable vmlinux
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index 0b0d1080b1c5..f277e116e0eb 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -639,7 +639,7 @@ static void handle_modversions(struct module *mod, struct elf_info *info,
                               info->sechdrs[sym->st_shndx].sh_offset -
                               (info->hdr->e_type != ET_REL ?
                                info->sechdrs[sym->st_shndx].sh_addr : 0);
-                        crc = *crcp;
+                        crc = TO_NATIVE(*crcp);
                }
                sym_update_crc(symname + strlen("__crc_"), mod, crc,
                                export);
diff --git a/scripts/selinux/genheaders/genheaders.c b/scripts/selinux/genheaders/genheaders.c
index 1ceedea847dd..544ca126a8a8 100644
--- a/scripts/selinux/genheaders/genheaders.c
+++ b/scripts/selinux/genheaders/genheaders.c
@@ -9,7 +9,6 @@
 #include <string.h>
 #include <errno.h>
 #include <ctype.h>
-#include <sys/socket.h>
 struct security_class_mapping {
        const char *name;
diff --git a/scripts/selinux/install_policy.sh b/scripts/selinux/install_policy.sh
index 0b86c47baf7d..2dccf141241d 100755
--- a/scripts/selinux/install_policy.sh
+++ b/scripts/selinux/install_policy.sh
@@ -1,30 +1,61 @@
 #!/bin/sh
 # SPDX-License-Identifier: GPL-2.0
+set -e
 if [ `id -u` -ne 0 ]; then
        echo "$0: must be root to install the selinux policy"
        exit 1
 fi
 SF=`which setfiles`
 if [ $? -eq 1 ]; then
-        if [ -f /sbin/setfiles ]; then
+        echo "Could not find setfiles"
-                SF="/usr/setfiles"
+        echo "Do you have policycoreutils installed?"
-        else
+        exit 1
-                echo "no selinux tools installed: setfiles"
-                exit 1
-        fi
 fi
-cd mdp
 CP=`which checkpolicy`
+if [ $? -eq 1 ]; then
+        echo "Could not find checkpolicy"
+        echo "Do you have checkpolicy installed?"
+        exit 1
+fi
 VERS=`$CP -V | awk '{print $1}'`
-./mdp policy.conf file_contexts
+ENABLED=`which selinuxenabled`
-$CP -o policy.$VERS policy.conf
+if [ $? -eq 1 ]; then
+        echo "Could not find selinuxenabled"
+        echo "Do you have libselinux-utils installed?"
+        exit 1
+fi
+if selinuxenabled; then
+    echo "SELinux is already enabled"
+    echo "This prevents safely relabeling all files."
+    echo "Boot with selinux=0 on the kernel command-line or"
+    echo "SELINUX=disabled in /etc/selinux/config."
+    exit 1
+fi
+cd mdp
+./mdp -m policy.conf file_contexts
+$CP -U allow -M -o policy.$VERS policy.conf
 mkdir -p /etc/selinux/dummy/policy
 mkdir -p /etc/selinux/dummy/contexts/files
+echo "__default__:user_u:s0" > /etc/selinux/dummy/seusers
+echo "base_r:base_t:s0" > /etc/selinux/dummy/contexts/failsafe_context
+echo "base_r:base_t:s0 base_r:base_t:s0" > /etc/selinux/dummy/default_contexts
+cat > /etc/selinux/dummy/contexts/x_contexts <<EOF
+client * user_u:base_r:base_t:s0
+property * user_u:object_r:base_t:s0
+extension * user_u:object_r:base_t:s0
+selection * user_u:object_r:base_t:s0
+event * user_u:object_r:base_t:s0
+EOF
+touch /etc/selinux/dummy/contexts/virtual_domain_context
+touch /etc/selinux/dummy/contexts/virtual_image_context
 cp file_contexts /etc/selinux/dummy/contexts/files
 cp dbus_contexts /etc/selinux/dummy/contexts
 cp policy.$VERS /etc/selinux/dummy/policy
@@ -33,37 +64,22 @@ FC_FILE=/etc/selinux/dummy/contexts/files/file_contexts
 if [ ! -d /etc/selinux ]; then
        mkdir -p /etc/selinux
 fi
-if [ ! -f /etc/selinux/config ]; then
+if [ -f /etc/selinux/config ]; then
-        cat > /etc/selinux/config << EOF
+    echo "/etc/selinux/config exists, moving to /etc/selinux/config.bak."
-SELINUX=enforcing
+    mv /etc/selinux/config /etc/selinux/config.bak
+fi
+echo "Creating new /etc/selinux/config for dummy policy."
+cat > /etc/selinux/config << EOF
+SELINUX=permissive
 SELINUXTYPE=dummy
 EOF
-else
-        TYPE=`cat /etc/selinux/config | grep "^SELINUXTYPE" | tail -1 | awk -F= '{ print $2 '}`
-        if [ "eq$TYPE" != "eqdummy" ]; then
-                selinuxenabled
-                if [ $? -eq 0 ]; then
-                        echo "SELinux already enabled with a non-dummy policy."
-                        echo "Exiting.  Please install policy by hand if that"
-                        echo "is what you REALLY want."
-                        exit 1
-                fi
-                mv /etc/selinux/config /etc/selinux/config.mdpbak
-                grep -v "^SELINUXTYPE" /etc/selinux/config.mdpbak >> /etc/selinux/config
-                echo "SELINUXTYPE=dummy" >> /etc/selinux/config
-        fi
-fi
 cd /etc/selinux/dummy/contexts/files
-$SF file_contexts /
+$SF -F file_contexts /
-mounts=`cat /proc/$$/mounts | egrep "ext2|ext3|xfs|jfs|ext4|ext4dev|gfs2" | awk '{ print $2 '}`
+mounts=`cat /proc/$$/mounts | \
-$SF file_contexts $mounts
+        egrep "ext[234]|jfs|xfs|reiserfs|jffs2|gfs2|btrfs|f2fs|ocfs2" | \
+        awk '{ print $2 '}`
+$SF -F file_contexts $mounts
+echo "-F" > /.autorelabel
-dodev=`cat /proc/$$/mounts | grep "/dev "`
-if [ "eq$dodev" != "eq" ]; then
-        mount --move /dev /mnt
-        $SF file_contexts /dev
-        mount --move /mnt /dev
-fi
diff --git a/scripts/selinux/mdp/Makefile b/scripts/selinux/mdp/Makefile
index e9c92db7e2a3..8a1269a9d0ba 100644
--- a/scripts/selinux/mdp/Makefile
+++ b/scripts/selinux/mdp/Makefile
@@ -2,7 +2,7 @@
 hostprogs-y     := mdp
 HOST_EXTRACFLAGS += \
        -I$(srctree)/include/uapi -I$(srctree)/include \
-        -I$(srctree)/security/selinux/include
+        -I$(srctree)/security/selinux/include -I$(objtree)/include
 always          := $(hostprogs-y)
 clean-files     := policy.* file_contexts
diff --git a/scripts/selinux/mdp/mdp.c b/scripts/selinux/mdp/mdp.c
index 073fe7537f6c..18fd6143888b 100644
--- a/scripts/selinux/mdp/mdp.c
+++ b/scripts/selinux/mdp/mdp.c
@@ -32,7 +32,7 @@
 #include <stdlib.h>
 #include <unistd.h>
 #include <string.h>
-#include <sys/socket.h>
+#include <linux/kconfig.h>
 static void usage(char *name)
 {
@@ -95,10 +95,31 @@ int main(int argc, char *argv[])
        }
        fprintf(fout, "\n");
-        /* NOW PRINT OUT MLS STUFF */
+        /* print out mls declarations and constraints */
        if (mls) {
-                printf("MLS not yet implemented\n");
+                fprintf(fout, "sensitivity s0;\n");
-                exit(1);
+                fprintf(fout, "sensitivity s1;\n");
+                fprintf(fout, "dominance { s0 s1 }\n");
+                fprintf(fout, "category c0;\n");
+                fprintf(fout, "category c1;\n");
+                fprintf(fout, "level s0:c0.c1;\n");
+                fprintf(fout, "level s1:c0.c1;\n");
+#define SYSTEMLOW "s0"
+#define SYSTEMHIGH "s1:c0.c1"
+                for (i = 0; secclass_map[i].name; i++) {
+                        struct security_class_mapping *map = &secclass_map[i];
+                        fprintf(fout, "mlsconstrain %s {\n", map->name);
+                        for (j = 0; map->perms[j]; j++)
+                                fprintf(fout, "\t%s\n", map->perms[j]);
+                        /*
+                         * This requires all subjects and objects to be
+                         * single-level (l2 eq h2), and that the subject
+                         * level dominate the object level (h1 dom h2)
+                         * in order to have any permissions to it.
+                         */
+                        fprintf(fout, "} (l2 eq h2 and h1 dom h2);\n\n");
+                }
        }
        /* types, roles, and allows */
@@ -108,34 +129,127 @@ int main(int argc, char *argv[])
        for (i = 0; secclass_map[i].name; i++)
                fprintf(fout, "allow base_t base_t:%s *;\n",
                        secclass_map[i].name);
-        fprintf(fout, "user user_u roles { base_r };\n");
+        fprintf(fout, "user user_u roles { base_r }");
-        fprintf(fout, "\n");
+        if (mls)
+                fprintf(fout, " level %s range %s - %s", SYSTEMLOW,
+                        SYSTEMLOW, SYSTEMHIGH);
+        fprintf(fout, ";\n");
+#define SUBJUSERROLETYPE "user_u:base_r:base_t"
+#define OBJUSERROLETYPE "user_u:object_r:base_t"
        /* default sids */
        for (i = 1; i < initial_sid_to_string_len; i++)
-                fprintf(fout, "sid %s user_u:base_r:base_t\n", initial_sid_to_string[i]);
+                fprintf(fout, "sid %s " SUBJUSERROLETYPE "%s\n",
+                        initial_sid_to_string[i], mls ? ":" SYSTEMLOW : "");
        fprintf(fout, "\n");
-        fprintf(fout, "fs_use_xattr ext2 user_u:base_r:base_t;\n");
+#define FS_USE(behavior, fstype)                            \
-        fprintf(fout, "fs_use_xattr ext3 user_u:base_r:base_t;\n");
+        fprintf(fout, "fs_use_%s %s " OBJUSERROLETYPE "%s;\n", \
-        fprintf(fout, "fs_use_xattr ext4 user_u:base_r:base_t;\n");
+                behavior, fstype, mls ? ":" SYSTEMLOW : "")
-        fprintf(fout, "fs_use_xattr jfs user_u:base_r:base_t;\n");
-        fprintf(fout, "fs_use_xattr xfs user_u:base_r:base_t;\n");
+        /*
-        fprintf(fout, "fs_use_xattr reiserfs user_u:base_r:base_t;\n");
+         * Filesystems whose inode labels can be fetched via getxattr.
-        fprintf(fout, "fs_use_xattr jffs2 user_u:base_r:base_t;\n");
+         */
-        fprintf(fout, "fs_use_xattr gfs2 user_u:base_r:base_t;\n");
+#ifdef CONFIG_EXT2_FS_SECURITY
+        FS_USE("xattr", "ext2");
+#endif
+#ifdef CONFIG_EXT4_FS_SECURITY
+#ifdef CONFIG_EXT4_USE_FOR_EXT2
+        FS_USE("xattr", "ext2");
+#endif
+        FS_USE("xattr", "ext3");
+        FS_USE("xattr", "ext4");
+#endif
+#ifdef CONFIG_JFS_SECURITY
+        FS_USE("xattr", "jfs");
+#endif
+#ifdef CONFIG_REISERFS_FS_SECURITY
+        FS_USE("xattr", "reiserfs");
+#endif
+#ifdef CONFIG_JFFS2_FS_SECURITY
+        FS_USE("xattr", "jffs2");
+#endif
+#ifdef CONFIG_XFS_FS
+        FS_USE("xattr", "xfs");
+#endif
+#ifdef CONFIG_GFS2_FS
+        FS_USE("xattr", "gfs2");
+#endif
+#ifdef CONFIG_BTRFS_FS
+        FS_USE("xattr", "btrfs");
+#endif
+#ifdef CONFIG_F2FS_FS_SECURITY
+        FS_USE("xattr", "f2fs");
+#endif
+#ifdef CONFIG_OCFS2_FS
+        FS_USE("xattr", "ocsfs2");
+#endif
+#ifdef CONFIG_OVERLAY_FS
+        FS_USE("xattr", "overlay");
+#endif
+#ifdef CONFIG_SQUASHFS_XATTR
+        FS_USE("xattr", "squashfs");
+#endif
+        /*
+         * Filesystems whose inodes are labeled from allocating task.
+         */
+        FS_USE("task", "pipefs");
+        FS_USE("task", "sockfs");
-        fprintf(fout, "fs_use_task eventpollfs user_u:base_r:base_t;\n");
+        /*
-        fprintf(fout, "fs_use_task pipefs user_u:base_r:base_t;\n");
+         * Filesystems whose inode labels are computed from both
-        fprintf(fout, "fs_use_task sockfs user_u:base_r:base_t;\n");
+         * the allocating task and the superblock label.
+         */
+#ifdef CONFIG_UNIX98_PTYS
+        FS_USE("trans", "devpts");
+#endif
+#ifdef CONFIG_HUGETLBFS
+        FS_USE("trans", "hugetlbfs");
+#endif
+#ifdef CONFIG_TMPFS
+        FS_USE("trans", "tmpfs");
+#endif
+#ifdef CONFIG_DEVTMPFS
+        FS_USE("trans", "devtmpfs");
+#endif
+#ifdef CONFIG_POSIX_MQUEUE
+        FS_USE("trans", "mqueue");
+#endif
-        fprintf(fout, "fs_use_trans mqueue user_u:base_r:base_t;\n");
+#define GENFSCON(fstype, prefix)                             \
-        fprintf(fout, "fs_use_trans devpts user_u:base_r:base_t;\n");
+        fprintf(fout, "genfscon %s %s " OBJUSERROLETYPE "%s\n", \
-        fprintf(fout, "fs_use_trans hugetlbfs user_u:base_r:base_t;\n");
+                fstype, prefix, mls ? ":" SYSTEMLOW : "")
-        fprintf(fout, "fs_use_trans tmpfs user_u:base_r:base_t;\n");
-        fprintf(fout, "fs_use_trans shm user_u:base_r:base_t;\n");
-        fprintf(fout, "genfscon proc / user_u:base_r:base_t\n");
+        /*
+         * Filesystems whose inodes are labeled from path prefix match
+         * relative to the filesystem root.  Depending on the filesystem,
+         * only a single label for all inodes may be supported.  Here
+         * we list the filesystem types for which per-file labeling is
+         * supported using genfscon; any other filesystem type can also
+         * be added by only with a single entry for all of its inodes.
+         */
+#ifdef CONFIG_PROC_FS
+        GENFSCON("proc", "/");
+#endif
+#ifdef CONFIG_SECURITY_SELINUX
+        GENFSCON("selinuxfs", "/");
+#endif
+#ifdef CONFIG_SYSFS
+        GENFSCON("sysfs", "/");
+#endif
+#ifdef CONFIG_DEBUG_FS
+        GENFSCON("debugfs", "/");
+#endif
+#ifdef CONFIG_TRACING
+        GENFSCON("tracefs", "/");
+#endif
+#ifdef CONFIG_PSTORE
+        GENFSCON("pstore", "/");
+#endif
+        GENFSCON("cgroup", "/");
+        GENFSCON("cgroup2", "/");
        fclose(fout);
@@ -144,8 +258,8 @@ int main(int argc, char *argv[])
                printf("Wrote policy, but cannot open %s for writing\n", ctxout);
                usage(argv[0]);
        }
-        fprintf(fout, "/ user_u:base_r:base_t\n");
+        fprintf(fout, "/ " OBJUSERROLETYPE "%s\n", mls ? ":" SYSTEMLOW : "");
-        fprintf(fout, "/.* user_u:base_r:base_t\n");
+        fprintf(fout, "/.* " OBJUSERROLETYPE "%s\n", mls ? ":" SYSTEMLOW : "");
        fclose(fout);
        return 0;