Merge branch 'linus' into core/rcu

Merge reason: Avoid fuzz in init/main.c and update from rc6 to rc8.

Signed-off-by: Ingo Molnar <mingo@elte.hu>

10 files changed, 68 insertions, 51 deletions

diff --git a/kernel/fork.c b/kernel/fork.c
index 642e8b5edf00..637520ca0386 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -426,7 +426,6 @@ static struct mm_struct * mm_init(struct mm_struct * mm, struct task_struct *p)
         init_rwsem(&mm->mmap_sem);
         INIT_LIST_HEAD(&mm->mmlist);
         mm->flags = (current->mm) ? current->mm->flags : default_dump_filter;
-        mm->oom_adj = (current->mm) ? current->mm->oom_adj : 0;
         mm->core_state = NULL;
         mm->nr_ptes = 0;
         set_mm_counter(mm, file_rss, 0);
@@ -816,11 +815,8 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
 {
         struct signal_struct *sig;
 
-        if (clone_flags & CLONE_THREAD) {
-                atomic_inc(&current->signal->count);
-                atomic_inc(&current->signal->live);
+        if (clone_flags & CLONE_THREAD)
                 return 0;
-        }
 
         sig = kmem_cache_alloc(signal_cachep, GFP_KERNEL);
         tsk->signal = sig;
@@ -878,16 +874,6 @@ void __cleanup_signal(struct signal_struct *sig)
         kmem_cache_free(signal_cachep, sig);
 }
 
-static void cleanup_signal(struct task_struct *tsk)
-{
-        struct signal_struct *sig = tsk->signal;
-
-        atomic_dec(&sig->live);
-
-        if (atomic_dec_and_test(&sig->count))
-                __cleanup_signal(sig);
-}
-
 static void copy_flags(unsigned long clone_flags, struct task_struct *p)
 {
         unsigned long new_flags = p->flags;
@@ -1237,6 +1223,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
         }
 
         if (clone_flags & CLONE_THREAD) {
+                atomic_inc(&current->signal->count);
+                atomic_inc(&current->signal->live);
                 p->group_leader = current->group_leader;
                 list_add_tail_rcu(&p->thread_group, &p->group_leader->thread_group);
         }
@@ -1280,7 +1268,8 @@ bad_fork_cleanup_mm:
         if (p->mm)
                 mmput(p->mm);
 bad_fork_cleanup_signal:
-        cleanup_signal(p);
+        if (!(clone_flags & CLONE_THREAD))
+                __cleanup_signal(p->signal);
 bad_fork_cleanup_sighand:
         __cleanup_sighand(p->sighand);
 bad_fork_cleanup_fs:
diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c
index d222515a5a06..0ec9ed831737 100644
--- a/kernel/irq/manage.c
+++ b/kernel/irq/manage.c
@@ -607,7 +607,6 @@ __setup_irq(unsigned int irq, struct irq_desc *desc, struct irqaction *new)
                  */
                 get_task_struct(t);
                 new->thread = t;
-                wake_up_process(t);
         }
 
         /*
@@ -690,6 +689,7 @@ __setup_irq(unsigned int irq, struct irq_desc *desc, struct irqaction *new)
                                 (int)(new->flags & IRQF_TRIGGER_MASK));
         }
 
+        new->irq = irq;
         *old_ptr = new;
 
         /* Reset broken irq detection when installing new handler */
@@ -707,7 +707,13 @@ __setup_irq(unsigned int irq, struct irq_desc *desc, struct irqaction *new)
 
         spin_unlock_irqrestore(&desc->lock, flags);
 
-        new->irq = irq;
+        /*
+         * Strictly no need to wake it up, but hung_task complains
+         * when no hard interrupt wakes the thread up.
+         */
+        if (new->thread)
+                wake_up_process(new->thread);
+
         register_irq_proc(irq, desc);
         new->dir = NULL;
         register_handler_proc(irq, new);
diff --git a/kernel/module.c b/kernel/module.c
index fd1411403558..2d537186191f 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -909,16 +909,18 @@ void __symbol_put(const char *symbol)
 }
 EXPORT_SYMBOL(__symbol_put);
 
+/* Note this assumes addr is a function, which it currently always is. */
 void symbol_put_addr(void *addr)
 {
         struct module *modaddr;
+        unsigned long a = (unsigned long)dereference_function_descriptor(addr);
 
-        if (core_kernel_text((unsigned long)addr))
+        if (core_kernel_text(a))
                 return;
 
         /* module_text_address is safe here: we're supposed to have reference
          * to module from symbol_get, so it can't go away. */
-        modaddr = __module_text_address((unsigned long)addr);
+        modaddr = __module_text_address(a);
         BUG_ON(!modaddr);
         module_put(modaddr);
 }
@@ -1272,6 +1274,10 @@ static void add_notes_attrs(struct module *mod, unsigned int nsect,
         struct module_notes_attrs *notes_attrs;
         struct bin_attribute *nattr;
 
+        /* failed to create section attributes, so can't create notes */
+        if (!mod->sect_attrs)
+                return;
+
         /* Count notes sections and allocate structures.  */
         notes = 0;
         for (i = 0; i < nsect; i++)
diff --git a/kernel/perf_counter.c b/kernel/perf_counter.c
index 534e20d14d63..f274e1959885 100644
--- a/kernel/perf_counter.c
+++ b/kernel/perf_counter.c
@@ -1503,10 +1503,21 @@ static void perf_counter_enable_on_exec(struct task_struct *task)
  */
 static void __perf_counter_read(void *info)
 {
+        struct perf_cpu_context *cpuctx = &__get_cpu_var(perf_cpu_context);
         struct perf_counter *counter = info;
         struct perf_counter_context *ctx = counter->ctx;
         unsigned long flags;
 
+        /*
+         * If this is a task context, we need to check whether it is
+         * the current task context of this cpu.  If not it has been
+         * scheduled out before the smp call arrived.  In that case
+         * counter->count would have been updated to a recent sample
+         * when the counter was scheduled out.
+         */
+        if (ctx->task && cpuctx->task_ctx != ctx)
+                return;
+
         local_irq_save(flags);
         if (ctx->is_active)
                 update_context_time(ctx);
@@ -1780,7 +1791,7 @@ static int perf_counter_read_group(struct perf_counter *counter,
         size += err;
 
         list_for_each_entry(sub, &leader->sibling_list, list_entry) {
-                err = perf_counter_read_entry(counter, read_format,
+                err = perf_counter_read_entry(sub, read_format,
                                 buf + size);
                 if (err < 0)
                         return err;
@@ -2008,6 +2019,10 @@ int perf_counter_task_disable(void)
         return 0;
 }
 
+#ifndef PERF_COUNTER_INDEX_OFFSET
+# define PERF_COUNTER_INDEX_OFFSET 0
+#endif
+
 static int perf_counter_index(struct perf_counter *counter)
 {
         if (counter->state != PERF_COUNTER_STATE_ACTIVE)
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 98e02328c67d..58be76017fd0 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -49,6 +49,7 @@
 #include <linux/acpi.h>
 #include <linux/reboot.h>
 #include <linux/ftrace.h>
+#include <linux/security.h>
 #include <linux/slow-work.h>
 #include <linux/perf_counter.h>
 
@@ -1306,10 +1307,10 @@ static struct ctl_table vm_table[] = {
         {
                 .ctl_name       = CTL_UNNUMBERED,
                 .procname       = "mmap_min_addr",
-                .data           = &mmap_min_addr,
-                .maxlen         = sizeof(unsigned long),
+                .data           = &dac_mmap_min_addr,
+                .maxlen         = sizeof(unsigned long),
                 .mode           = 0644,
-                .proc_handler   = &proc_doulongvec_minmax,
+                .proc_handler   = &mmap_min_addr_handler,
         },
 #ifdef CONFIG_NUMA
         {
diff --git a/kernel/time/clockevents.c b/kernel/time/clockevents.c
index a6dcd67b041d..620b58abdc32 100644
--- a/kernel/time/clockevents.c
+++ b/kernel/time/clockevents.c
@@ -137,11 +137,12 @@ int clockevents_program_event(struct clock_event_device *dev, ktime_t expires,
  */
 int clockevents_register_notifier(struct notifier_block *nb)
 {
+        unsigned long flags;
         int ret;
 
-        spin_lock(&clockevents_lock);
+        spin_lock_irqsave(&clockevents_lock, flags);
         ret = raw_notifier_chain_register(&clockevents_chain, nb);
-        spin_unlock(&clockevents_lock);
+        spin_unlock_irqrestore(&clockevents_lock, flags);
 
         return ret;
 }
@@ -178,16 +179,18 @@ static void clockevents_notify_released(void)
  */
 void clockevents_register_device(struct clock_event_device *dev)
 {
+        unsigned long flags;
+
         BUG_ON(dev->mode != CLOCK_EVT_MODE_UNUSED);
         BUG_ON(!dev->cpumask);
 
-        spin_lock(&clockevents_lock);
+        spin_lock_irqsave(&clockevents_lock, flags);
 
         list_add(&dev->list, &clockevent_devices);
         clockevents_do_notify(CLOCK_EVT_NOTIFY_ADD, dev);
         clockevents_notify_released();
 
-        spin_unlock(&clockevents_lock);
+        spin_unlock_irqrestore(&clockevents_lock, flags);
 }
 EXPORT_SYMBOL_GPL(clockevents_register_device);
 
@@ -235,8 +238,9 @@ void clockevents_exchange_device(struct clock_event_device *old,
 void clockevents_notify(unsigned long reason, void *arg)
 {
         struct list_head *node, *tmp;
+        unsigned long flags;
 
-        spin_lock(&clockevents_lock);
+        spin_lock_irqsave(&clockevents_lock, flags);
         clockevents_do_notify(reason, arg);
 
         switch (reason) {
@@ -251,7 +255,7 @@ void clockevents_notify(unsigned long reason, void *arg)
         default:
                 break;
         }
-        spin_unlock(&clockevents_lock);
+        spin_unlock_irqrestore(&clockevents_lock, flags);
 }
 EXPORT_SYMBOL_GPL(clockevents_notify);
 #endif
diff --git a/kernel/time/tick-broadcast.c b/kernel/time/tick-broadcast.c
index 877dbedc3118..c2ec25087a35 100644
--- a/kernel/time/tick-broadcast.c
+++ b/kernel/time/tick-broadcast.c
@@ -205,11 +205,11 @@ static void tick_handle_periodic_broadcast(struct clock_event_device *dev)
  * Powerstate information: The system enters/leaves a state, where
  * affected devices might stop
  */
-static void tick_do_broadcast_on_off(void *why)
+static void tick_do_broadcast_on_off(unsigned long *reason)
 {
         struct clock_event_device *bc, *dev;
         struct tick_device *td;
-        unsigned long flags, *reason = why;
+        unsigned long flags;
         int cpu, bc_stopped;
 
         spin_lock_irqsave(&tick_broadcast_lock, flags);
@@ -276,8 +276,7 @@ void tick_broadcast_on_off(unsigned long reason, int *oncpu)
                 printk(KERN_ERR "tick-broadcast: ignoring broadcast for "
                        "offline CPU #%d\n", *oncpu);
         else
-                smp_call_function_single(*oncpu, tick_do_broadcast_on_off,
-                                         &reason, 1);
+                tick_do_broadcast_on_off(&reason);
 }
 
 /*
diff --git a/kernel/time/timer_list.c b/kernel/time/timer_list.c
index a999b92a1277..fddd69d16e03 100644
--- a/kernel/time/timer_list.c
+++ b/kernel/time/timer_list.c
@@ -286,7 +286,7 @@ static int __init init_timer_list_procfs(void)
 {
         struct proc_dir_entry *pe;
 
-        pe = proc_create("timer_list", 0644, NULL, &timer_list_fops);
+        pe = proc_create("timer_list", 0444, NULL, &timer_list_fops);
         if (!pe)
                 return -ENOMEM;
         return 0;
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
index 1e1d23c26308..25edd5cc5935 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -2278,7 +2278,11 @@ ftrace_regex_write(struct file *file, const char __user *ubuf,
         read++;
         cnt--;
 
-        if (!(iter->flags & ~FTRACE_ITER_CONT)) {
+        /*
+         * If the parser haven't finished with the last write,
+         * continue reading the user input without skipping spaces.
+         */
+        if (!(iter->flags & FTRACE_ITER_CONT)) {
                 /* skip white space */
                 while (cnt && isspace(ch)) {
                         ret = get_user(ch, ubuf++);
@@ -2288,8 +2292,9 @@ ftrace_regex_write(struct file *file, const char __user *ubuf,
                         cnt--;
                 }
 
+                /* only spaces were written */
                 if (isspace(ch)) {
-                        file->f_pos += read;
+                        *ppos += read;
                         ret = read;
                         goto out;
                 }
@@ -2319,12 +2324,12 @@ ftrace_regex_write(struct file *file, const char __user *ubuf,
                 if (ret)
                         goto out;
                 iter->buffer_idx = 0;
-        } else
+        } else {
                 iter->flags |= FTRACE_ITER_CONT;
+                iter->buffer[iter->buffer_idx++] = ch;
+        }
 
-
-        file->f_pos += read;
-
+        *ppos += read;
         ret = read;
  out:
         mutex_unlock(&ftrace_regex_lock);
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index c22b40f8f576..8c358395d338 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -3896,17 +3896,9 @@ trace_options_core_write(struct file *filp, const char __user *ubuf, size_t cnt,
         if (ret < 0)
                 return ret;
 
-        switch (val) {
-        case 0:
-                trace_flags &= ~(1 << index);
-                break;
-        case 1:
-                trace_flags |= 1 << index;
-                break;
-
-        default:
+        if (val != 0 && val != 1)
                 return -EINVAL;
-        }
+        set_tracer_flags(1 << index, val);
 
         *ppos += cnt;