17 files changed, 88 insertions, 70 deletions
diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt
index 55e8ee1900a5..3263084eef9e 100644
--- a/fs/Kconfig.binfmt
+++ b/fs/Kconfig.binfmt
@@ -42,7 +42,7 @@ config BINFMT_ELF_FDPIC
 config BINFMT_FLAT
        bool "Kernel support for flat binaries"
-        depends on !MMU
+        depends on !MMU && (!FRV || BROKEN)
        help
          Support uClinux FLAT format binaries.
diff --git a/fs/afs/callback.c b/fs/afs/callback.c
index a78d5b236bb1..587ef5123cd8 100644
--- a/fs/afs/callback.c
+++ b/fs/afs/callback.c
@@ -8,7 +8,7 @@
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 *
- * Authors: David Woodhouse <dwmw2@cambridge.redhat.com>
+ * Authors: David Woodhouse <dwmw2@infradead.org>
 *          David Howells <dhowells@redhat.com>
 *
 */
diff --git a/fs/afs/inode.c b/fs/afs/inode.c
index 08db82e1343a..bb47217f6a18 100644
--- a/fs/afs/inode.c
+++ b/fs/afs/inode.c
@@ -8,7 +8,7 @@
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 *
- * Authors: David Woodhouse <dwmw2@cambridge.redhat.com>
+ * Authors: David Woodhouse <dwmw2@infradead.org>
 *          David Howells <dhowells@redhat.com>
 *
 */
diff --git a/fs/afs/super.c b/fs/afs/super.c
index 4b572b801d8d..7e3faeef6818 100644
--- a/fs/afs/super.c
+++ b/fs/afs/super.c
@@ -10,7 +10,7 @@
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 *
 * Authors: David Howells <dhowells@redhat.com>
- *          David Woodhouse <dwmw2@redhat.com>
+ *          David Woodhouse <dwmw2@infradead.org>
 *
 */
diff --git a/fs/aio.c b/fs/aio.c
index b5253e77eb2f..0fb3117ddd93 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -591,10 +591,6 @@ static void use_mm(struct mm_struct *mm)
        atomic_inc(&mm->mm_count);
        tsk->mm = mm;
        tsk->active_mm = mm;
-        /*
-         * Note that on UML this *requires* PF_BORROWED_MM to be set, otherwise
-         * it won't work. Update it accordingly if you change it here
-         */
        switch_mm(active_mm, mm, tsk);
        task_unlock(tsk);
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
index ddd35d873391..d051a32e6270 100644
--- a/fs/binfmt_elf_fdpic.c
+++ b/fs/binfmt_elf_fdpic.c
@@ -390,7 +390,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm,
        }
        /* expand the stack mapping to use up the entire allocation granule */
-        fullsize = ksize((char *) current->mm->start_brk);
+        fullsize = kobjsize((char *) current->mm->start_brk);
        if (!IS_ERR_VALUE(do_mremap(current->mm->start_brk, stack_size,
                                    fullsize, 0, 0)))
                stack_size = fullsize;
diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c
index 3b40d45a3a16..2cb1acda3a82 100644
--- a/fs/binfmt_flat.c
+++ b/fs/binfmt_flat.c
@@ -548,7 +548,7 @@ static int load_flat_file(struct linux_binprm * bprm,
                        PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE, 0);
                /* Remap to use all availabe slack region space */
                if (realdatastart && (realdatastart < (unsigned long)-4096)) {
-                        reallen = ksize((void *)realdatastart);
+                        reallen = kobjsize((void *)realdatastart);
                        if (reallen > len) {
                                realdatastart = do_mremap(realdatastart, len,
                                        reallen, MREMAP_FIXED, realdatastart);
@@ -600,7 +600,7 @@ static int load_flat_file(struct linux_binprm * bprm,
                        PROT_READ | PROT_EXEC | PROT_WRITE, MAP_PRIVATE, 0);
                /* Remap to use all availabe slack region space */
                if (textpos && (textpos < (unsigned long) -4096)) {
-                        reallen = ksize((void *)textpos);
+                        reallen = kobjsize((void *)textpos);
                        if (reallen > len) {
                                textpos = do_mremap(textpos, len, reallen,
                                        MREMAP_FIXED, textpos);
@@ -683,7 +683,7 @@ static int load_flat_file(struct linux_binprm * bprm,
                 */
                current->mm->start_brk = datapos + data_len + bss_len;
                current->mm->brk = (current->mm->start_brk + 3) & ~3;
-                current->mm->context.end_brk = memp + ksize((void *) memp) - stack_len;
+                current->mm->context.end_brk = memp + kobjsize((void *) memp) - stack_len;
        }
        if (flags & FLAT_FLAG_KTRACE)
@@ -790,7 +790,7 @@ static int load_flat_file(struct linux_binprm * bprm,
        /* zero the BSS,  BRK and stack areas */
        memset((void*)(datapos + data_len), 0, bss_len + 
-                        (memp + ksize((void *) memp) - stack_len -      /* end brk */
+                        (memp + kobjsize((void *) memp) - stack_len -   /* end brk */
                        libinfo->lib_list[id].start_brk) +              /* start brk */
                        stack_len);
diff --git a/fs/block_dev.c b/fs/block_dev.c
index 7d822fae7765..470c10ceb0fb 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -12,6 +12,7 @@
 #include <linux/kmod.h>
 #include <linux/major.h>
 #include <linux/smp_lock.h>
+#include <linux/device_cgroup.h>
 #include <linux/highmem.h>
 #include <linux/blkdev.h>
 #include <linux/module.h>
@@ -928,9 +929,14 @@ static int do_open(struct block_device *bdev, struct file *file, int for_part)
 {
        struct module *owner = NULL;
        struct gendisk *disk;
-        int ret = -ENXIO;
+        int ret;
        int part;
+        ret = devcgroup_inode_permission(bdev->bd_inode, file->f_mode);
+        if (ret != 0)
+                return ret;
+        ret = -ENXIO;
        file->f_mapping = bdev->bd_inode->i_mapping;
        lock_kernel();
        disk = get_gendisk(bdev->bd_dev, &part);
diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c
index cb52cbbe45ff..f58e41d3ba48 100644
--- a/fs/cifs/asn1.c
+++ b/fs/cifs/asn1.c
@@ -186,6 +186,11 @@ asn1_length_decode(struct asn1_ctx *ctx, unsigned int *def, unsigned int *len)
                        }
                }
        }
+        /* don't trust len bigger than ctx buffer */
+        if (*len > ctx->end - ctx->pointer)
+                return 0;
        return 1;
 }
@@ -203,6 +208,10 @@ asn1_header_decode(struct asn1_ctx *ctx,
        if (!asn1_length_decode(ctx, &def, &len))
                return 0;
+        /* primitive shall be definite, indefinite shall be constructed */
+        if (*con == ASN1_PRI && !def)
+                return 0;
        if (def)
                *eoc = ctx->pointer + len;
        else
@@ -389,6 +398,11 @@ asn1_oid_decode(struct asn1_ctx *ctx,
        unsigned long *optr;
        size = eoc - ctx->pointer + 1;
+        /* first subid actually encodes first two subids */
+        if (size < 2 || size > ULONG_MAX/sizeof(unsigned long))
+                return 0;
        *oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC);
        if (*oid == NULL)
                return 0;
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 951ee33a022d..c15c25745e05 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -660,8 +660,6 @@ int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm,
 int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
                                      struct ecryptfs_auth_tok **auth_tok,
                                      char *sig);
-int ecryptfs_write_zeros(struct file *file, pgoff_t index, int start,
-                         int num_zeros);
 int ecryptfs_write_lower(struct inode *ecryptfs_inode, char *data,
                         loff_t offset, size_t size);
 int ecryptfs_write_lower_page_segment(struct inode *ecryptfs_inode,
diff --git a/fs/ecryptfs/read_write.c b/fs/ecryptfs/read_write.c
index ebf55150be56..75c2ea9fee35 100644
--- a/fs/ecryptfs/read_write.c
+++ b/fs/ecryptfs/read_write.c
@@ -157,20 +157,6 @@ int ecryptfs_write(struct file *ecryptfs_file, char *data, loff_t offset,
                               ecryptfs_page_idx, rc);
                        goto out;
                }
-                if (start_offset_in_page) {
-                        /* Read in the page from the lower
-                         * into the eCryptfs inode page cache,
-                         * decrypting */
-                        rc = ecryptfs_decrypt_page(ecryptfs_page);
-                        if (rc) {
-                                printk(KERN_ERR "%s: Error decrypting "
-                                       "page; rc = [%d]\n",
-                                       __func__, rc);
-                                ClearPageUptodate(ecryptfs_page);
-                                page_cache_release(ecryptfs_page);
-                                goto out;
-                        }
-                }
                ecryptfs_page_virt = kmap_atomic(ecryptfs_page, KM_USER0);
                /*
@@ -349,14 +335,6 @@ int ecryptfs_read(char *data, loff_t offset, size_t size,
                               ecryptfs_page_idx, rc);
                        goto out;
                }
-                rc = ecryptfs_decrypt_page(ecryptfs_page);
-                if (rc) {
-                        printk(KERN_ERR "%s: Error decrypting "
-                               "page; rc = [%d]\n", __func__, rc);
-                        ClearPageUptodate(ecryptfs_page);
-                        page_cache_release(ecryptfs_page);
-                        goto out;
-                }
                ecryptfs_page_virt = kmap_atomic(ecryptfs_page, KM_USER0);
                memcpy((data + data_offset),
                       ((char *)ecryptfs_page_virt + start_offset_in_page),
diff --git a/fs/ext3/resize.c b/fs/ext3/resize.c
index 28cfd0b40527..77278e947e94 100644
--- a/fs/ext3/resize.c
+++ b/fs/ext3/resize.c
@@ -580,7 +580,8 @@ static int reserve_backup_gdb(handle_t *handle, struct inode *inode,
        }
        blk = EXT3_SB(sb)->s_sbh->b_blocknr + 1 + EXT3_SB(sb)->s_gdb_count;
-        data = (__le32 *)dind->b_data + EXT3_SB(sb)->s_gdb_count;
+        data = (__le32 *)dind->b_data + (EXT3_SB(sb)->s_gdb_count %
+                                         EXT3_ADDR_PER_BLOCK(sb));
        end = (__le32 *)dind->b_data + EXT3_ADDR_PER_BLOCK(sb);
        /* Get each reserved primary GDT block and verify it holds backups */
diff --git a/fs/libfs.c b/fs/libfs.c
index b004dfadd891..892d41cb3382 100644
--- a/fs/libfs.c
+++ b/fs/libfs.c
@@ -528,6 +528,23 @@ ssize_t simple_read_from_buffer(void __user *to, size_t count, loff_t *ppos,
        return count;
 }
+ssize_t memory_read_from_buffer(void *to, size_t count, loff_t *ppos,
+                                const void *from, size_t available)
+{
+        loff_t pos = *ppos;
+        if (pos < 0)
+                return -EINVAL;
+        if (pos >= available)
+                return 0;
+        if (count > available - pos)
+                count = available - pos;
+        memcpy(to, from + pos, count);
+        *ppos = pos + count;
+        return count;
+}
 /*
 * Transaction based IO.
 * The file expects a single write which triggers the transaction, and then
@@ -800,6 +817,7 @@ EXPORT_SYMBOL(simple_statfs);
 EXPORT_SYMBOL(simple_sync_file);
 EXPORT_SYMBOL(simple_unlink);
 EXPORT_SYMBOL(simple_read_from_buffer);
+EXPORT_SYMBOL(memory_read_from_buffer);
 EXPORT_SYMBOL(simple_transaction_get);
 EXPORT_SYMBOL(simple_transaction_read);
 EXPORT_SYMBOL(simple_transaction_release);
diff --git a/fs/proc/array.c b/fs/proc/array.c
index 9e3b8c33c24b..797d775e0354 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -288,7 +288,7 @@ static void render_cap_t(struct seq_file *m, const char *header,
        seq_printf(m, "%s", header);
        CAP_FOR_EACH_U32(__capi) {
                seq_printf(m, "%08x",
-                           a->cap[(_LINUX_CAPABILITY_U32S-1) - __capi]);
+                           a->cap[(_KERNEL_CAPABILITY_U32S-1) - __capi]);
        }
        seq_printf(m, "\n");
 }
diff --git a/fs/proc/base.c b/fs/proc/base.c
index c447e0743a3c..3b455371e7ff 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -127,6 +127,25 @@ struct pid_entry {
                NULL, &proc_single_file_operations,     \
                { .proc_show = &proc_##OTYPE } )
+/*
+ * Count the number of hardlinks for the pid_entry table, excluding the .
+ * and .. links.
+ */
+static unsigned int pid_entry_count_dirs(const struct pid_entry *entries,
+        unsigned int n)
+{
+        unsigned int i;
+        unsigned int count;
+        count = 0;
+        for (i = 0; i < n; ++i) {
+                if (S_ISDIR(entries[i].mode))
+                        ++count;
+        }
+        return count;
+}
 int maps_protect;
 EXPORT_SYMBOL(maps_protect);
@@ -2585,10 +2604,9 @@ static struct dentry *proc_pid_instantiate(struct inode *dir,
        inode->i_op = &proc_tgid_base_inode_operations;
        inode->i_fop = &proc_tgid_base_operations;
        inode->i_flags|=S_IMMUTABLE;
-        inode->i_nlink = 5;
-#ifdef CONFIG_SECURITY
+        inode->i_nlink = 2 + pid_entry_count_dirs(tgid_base_stuff,
-        inode->i_nlink += 1;
+                ARRAY_SIZE(tgid_base_stuff));
-#endif
        dentry->d_op = &pid_dentry_operations;
@@ -2816,10 +2834,9 @@ static struct dentry *proc_task_instantiate(struct inode *dir,
        inode->i_op = &proc_tid_base_inode_operations;
        inode->i_fop = &proc_tid_base_operations;
        inode->i_flags|=S_IMMUTABLE;
-        inode->i_nlink = 4;
-#ifdef CONFIG_SECURITY
+        inode->i_nlink = 2 + pid_entry_count_dirs(tid_base_stuff,
-        inode->i_nlink += 1;
+                ARRAY_SIZE(tid_base_stuff));
-#endif
        dentry->d_op = &pid_dentry_operations;
diff --git a/fs/proc/proc_misc.c b/fs/proc/proc_misc.c
index 32dc14cd8900..7e277f2ad466 100644
--- a/fs/proc/proc_misc.c
+++ b/fs/proc/proc_misc.c
@@ -716,7 +716,7 @@ static ssize_t kpagecount_read(struct file *file, char __user *buf,
        pfn = src / KPMSIZE;
        count = min_t(size_t, count, (max_pfn * KPMSIZE) - src);
        if (src & KPMMASK || count & KPMMASK)
-                return -EIO;
+                return -EINVAL;
        while (count > 0) {
                ppage = NULL;
@@ -726,7 +726,7 @@ static ssize_t kpagecount_read(struct file *file, char __user *buf,
                if (!ppage)
                        pcount = 0;
                else
-                        pcount = atomic_read(&ppage->_count);
+                        pcount = page_mapcount(ppage);
                if (put_user(pcount, out++)) {
                        ret = -EFAULT;
@@ -782,7 +782,7 @@ static ssize_t kpageflags_read(struct file *file, char __user *buf,
        pfn = src / KPMSIZE;
        count = min_t(unsigned long, count, (max_pfn * KPMSIZE) - src);
        if (src & KPMMASK || count & KPMMASK)
-                return -EIO;
+                return -EINVAL;
        while (count > 0) {
                ppage = NULL;
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 88717c0f941b..17403629e330 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -496,7 +496,7 @@ const struct file_operations proc_clear_refs_operations = {
 };
 struct pagemapread {
-        char __user *out, *end;
+        u64 __user *out, *end;
 };
 #define PM_ENTRY_BYTES      sizeof(u64)
@@ -519,21 +519,11 @@ struct pagemapread {
 static int add_to_pagemap(unsigned long addr, u64 pfn,
                          struct pagemapread *pm)
 {
-        /*
-         * Make sure there's room in the buffer for an
-         * entire entry.  Otherwise, only copy part of
-         * the pfn.
-         */
-        if (pm->out + PM_ENTRY_BYTES >= pm->end) {
-                if (copy_to_user(pm->out, &pfn, pm->end - pm->out))
-                        return -EFAULT;
-                pm->out = pm->end;
-                return PM_END_OF_BUFFER;
-        }
        if (put_user(pfn, pm->out))
                return -EFAULT;
-        pm->out += PM_ENTRY_BYTES;
+        pm->out++;
+        if (pm->out >= pm->end)
+                return PM_END_OF_BUFFER;
        return 0;
 }
@@ -634,7 +624,7 @@ static ssize_t pagemap_read(struct file *file, char __user *buf,
        ret = -EINVAL;
        /* file position must be aligned */
-        if (*ppos % PM_ENTRY_BYTES)
+        if ((*ppos % PM_ENTRY_BYTES) || (count % PM_ENTRY_BYTES))
                goto out_task;
        ret = 0;
@@ -664,8 +654,8 @@ static ssize_t pagemap_read(struct file *file, char __user *buf,
                goto out_pages;
        }
-        pm.out = buf;
+        pm.out = (u64 *)buf;
-        pm.end = buf + count;
+        pm.end = (u64 *)(buf + count);
        if (!ptrace_may_attach(task)) {
                ret = -EIO;
@@ -690,9 +680,9 @@ static ssize_t pagemap_read(struct file *file, char __user *buf,
                if (ret == PM_END_OF_BUFFER)
                        ret = 0;
                /* don't need mmap_sem for these, but this looks cleaner */
-                *ppos += pm.out - buf;
+                *ppos += (char *)pm.out - buf;
                if (!ret)
-                        ret = pm.out - buf;
+                        ret = (char *)pm.out - buf;
        }
 out_pages:

diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt index 55e8ee1900a5..3263084eef9e 100644 --- a/fs/Kconfig.binfmt +++ b/fs/Kconfig.binfmt
@@ -42,7 +42,7 @@ config BINFMT_ELF_FDPIC
42		42
43	config BINFMT_FLAT	43	config BINFMT_FLAT
44	bool "Kernel support for flat binaries"	44	bool "Kernel support for flat binaries"
45	depends on !MMU	45	depends on !MMU && (!FRV \|\| BROKEN)
46	help	46	help
47	Support uClinux FLAT format binaries.	47	Support uClinux FLAT format binaries.
48		48


diff --git a/fs/afs/callback.c b/fs/afs/callback.c index a78d5b236bb1..587ef5123cd8 100644 --- a/fs/afs/callback.c +++ b/fs/afs/callback.c
@@ -8,7 +8,7 @@
8	* along with this program; if not, write to the Free Software	8	* along with this program; if not, write to the Free Software
9	* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.	9	* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
10	*	10	*
11	* Authors: David Woodhouse <dwmw2@cambridge.redhat.com>	11	* Authors: David Woodhouse <dwmw2@infradead.org>
12	* David Howells <dhowells@redhat.com>	12	* David Howells <dhowells@redhat.com>
13	*	13	*
14	*/	14	*/


diff --git a/fs/afs/inode.c b/fs/afs/inode.c index 08db82e1343a..bb47217f6a18 100644 --- a/fs/afs/inode.c +++ b/fs/afs/inode.c
@@ -8,7 +8,7 @@
8	* along with this program; if not, write to the Free Software	8	* along with this program; if not, write to the Free Software
9	* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.	9	* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
10	*	10	*
11	* Authors: David Woodhouse <dwmw2@cambridge.redhat.com>	11	* Authors: David Woodhouse <dwmw2@infradead.org>
12	* David Howells <dhowells@redhat.com>	12	* David Howells <dhowells@redhat.com>
13	*	13	*
14	*/	14	*/


diff --git a/fs/afs/super.c b/fs/afs/super.c index 4b572b801d8d..7e3faeef6818 100644 --- a/fs/afs/super.c +++ b/fs/afs/super.c
@@ -10,7 +10,7 @@
10	* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.	10	* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
11	*	11	*
12	* Authors: David Howells <dhowells@redhat.com>	12	* Authors: David Howells <dhowells@redhat.com>
13	* David Woodhouse <dwmw2@redhat.com>	13	* David Woodhouse <dwmw2@infradead.org>
14	*	14	*
15	*/	15	*/
16		16


diff --git a/fs/aio.c b/fs/aio.c index b5253e77eb2f..0fb3117ddd93 100644 --- a/fs/aio.c +++ b/fs/aio.c
@@ -591,10 +591,6 @@ static void use_mm(struct mm_struct *mm)
591	atomic_inc(&mm->mm_count);	591	atomic_inc(&mm->mm_count);
592	tsk->mm = mm;	592	tsk->mm = mm;
593	tsk->active_mm = mm;	593	tsk->active_mm = mm;
594	/*
595	* Note that on UML this requires PF_BORROWED_MM to be set, otherwise
596	* it won't work. Update it accordingly if you change it here
597	*/
598	switch_mm(active_mm, mm, tsk);	594	switch_mm(active_mm, mm, tsk);
599	task_unlock(tsk);	595	task_unlock(tsk);
600		596


diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c index ddd35d873391..d051a32e6270 100644 --- a/fs/binfmt_elf_fdpic.c +++ b/fs/binfmt_elf_fdpic.c
@@ -390,7 +390,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm,
390	}	390	}
391		391
392	/* expand the stack mapping to use up the entire allocation granule */	392	/* expand the stack mapping to use up the entire allocation granule */
393	fullsize = ksize((char *) current->mm->start_brk);	393	fullsize = kobjsize((char *) current->mm->start_brk);
394	if (!IS_ERR_VALUE(do_mremap(current->mm->start_brk, stack_size,	394	if (!IS_ERR_VALUE(do_mremap(current->mm->start_brk, stack_size,
395	fullsize, 0, 0)))	395	fullsize, 0, 0)))
396	stack_size = fullsize;	396	stack_size = fullsize;


diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c index 3b40d45a3a16..2cb1acda3a82 100644 --- a/fs/binfmt_flat.c +++ b/fs/binfmt_flat.c
@@ -548,7 +548,7 @@ static int load_flat_file(struct linux_binprm * bprm,
548	PROT_READ\|PROT_WRITE\|PROT_EXEC, MAP_PRIVATE, 0);	548	PROT_READ\|PROT_WRITE\|PROT_EXEC, MAP_PRIVATE, 0);
549	/* Remap to use all availabe slack region space */	549	/* Remap to use all availabe slack region space */
550	if (realdatastart && (realdatastart < (unsigned long)-4096)) {	550	if (realdatastart && (realdatastart < (unsigned long)-4096)) {
551	reallen = ksize((void *)realdatastart);	551	reallen = kobjsize((void *)realdatastart);
552	if (reallen > len) {	552	if (reallen > len) {
553	realdatastart = do_mremap(realdatastart, len,	553	realdatastart = do_mremap(realdatastart, len,
554	reallen, MREMAP_FIXED, realdatastart);	554	reallen, MREMAP_FIXED, realdatastart);
@@ -600,7 +600,7 @@ static int load_flat_file(struct linux_binprm * bprm,
600	PROT_READ \| PROT_EXEC \| PROT_WRITE, MAP_PRIVATE, 0);	600	PROT_READ \| PROT_EXEC \| PROT_WRITE, MAP_PRIVATE, 0);
601	/* Remap to use all availabe slack region space */	601	/* Remap to use all availabe slack region space */
602	if (textpos && (textpos < (unsigned long) -4096)) {	602	if (textpos && (textpos < (unsigned long) -4096)) {
603	reallen = ksize((void *)textpos);	603	reallen = kobjsize((void *)textpos);
604	if (reallen > len) {	604	if (reallen > len) {
605	textpos = do_mremap(textpos, len, reallen,	605	textpos = do_mremap(textpos, len, reallen,
606	MREMAP_FIXED, textpos);	606	MREMAP_FIXED, textpos);
@@ -683,7 +683,7 @@ static int load_flat_file(struct linux_binprm * bprm,
683	*/	683	*/
684	current->mm->start_brk = datapos + data_len + bss_len;	684	current->mm->start_brk = datapos + data_len + bss_len;
685	current->mm->brk = (current->mm->start_brk + 3) & ~3;	685	current->mm->brk = (current->mm->start_brk + 3) & ~3;
686	current->mm->context.end_brk = memp + ksize((void *) memp) - stack_len;	686	current->mm->context.end_brk = memp + kobjsize((void *) memp) - stack_len;
687	}	687	}
688		688
689	if (flags & FLAT_FLAG_KTRACE)	689	if (flags & FLAT_FLAG_KTRACE)
@@ -790,7 +790,7 @@ static int load_flat_file(struct linux_binprm * bprm,
790		790
791	/* zero the BSS, BRK and stack areas */	791	/* zero the BSS, BRK and stack areas */
792	memset((void*)(datapos + data_len), 0, bss_len +	792	memset((void*)(datapos + data_len), 0, bss_len +
793	(memp + ksize((void ) memp) - stack_len - / end brk */	793	(memp + kobjsize((void ) memp) - stack_len - / end brk */
794	libinfo->lib_list[id].start_brk) + /* start brk */	794	libinfo->lib_list[id].start_brk) + /* start brk */
795	stack_len);	795	stack_len);
796		796


diff --git a/fs/block_dev.c b/fs/block_dev.c index 7d822fae7765..470c10ceb0fb 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c
@@ -12,6 +12,7 @@
12	#include <linux/kmod.h>	12	#include <linux/kmod.h>
13	#include <linux/major.h>	13	#include <linux/major.h>
14	#include <linux/smp_lock.h>	14	#include <linux/smp_lock.h>
		15	#include <linux/device_cgroup.h>
15	#include <linux/highmem.h>	16	#include <linux/highmem.h>
16	#include <linux/blkdev.h>	17	#include <linux/blkdev.h>
17	#include <linux/module.h>	18	#include <linux/module.h>
@@ -928,9 +929,14 @@ static int do_open(struct block_device bdev, struct file file, int for_part)
928	{	929	{
929	struct module *owner = NULL;	930	struct module *owner = NULL;
930	struct gendisk *disk;	931	struct gendisk *disk;
931	int ret = -ENXIO;	932	int ret;
932	int part;	933	int part;
933		934
		935	ret = devcgroup_inode_permission(bdev->bd_inode, file->f_mode);
		936	if (ret != 0)
		937	return ret;
		938
		939	ret = -ENXIO;
934	file->f_mapping = bdev->bd_inode->i_mapping;	940	file->f_mapping = bdev->bd_inode->i_mapping;
935	lock_kernel();	941	lock_kernel();
936	disk = get_gendisk(bdev->bd_dev, &part);	942	disk = get_gendisk(bdev->bd_dev, &part);


diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c index cb52cbbe45ff..f58e41d3ba48 100644 --- a/fs/cifs/asn1.c +++ b/fs/cifs/asn1.c
@@ -186,6 +186,11 @@ asn1_length_decode(struct asn1_ctx ctx, unsigned int def, unsigned int *len)
186	}	186	}
187	}	187	}
188	}	188	}
		189
		190	/* don't trust len bigger than ctx buffer */
		191	if (*len > ctx->end - ctx->pointer)
		192	return 0;
		193
189	return 1;	194	return 1;
190	}	195	}
191		196
@@ -203,6 +208,10 @@ asn1_header_decode(struct asn1_ctx *ctx,
203	if (!asn1_length_decode(ctx, &def, &len))	208	if (!asn1_length_decode(ctx, &def, &len))
204	return 0;	209	return 0;
205		210
		211	/* primitive shall be definite, indefinite shall be constructed */
		212	if (*con == ASN1_PRI && !def)
		213	return 0;
		214
206	if (def)	215	if (def)
207	*eoc = ctx->pointer + len;	216	*eoc = ctx->pointer + len;
208	else	217	else
@@ -389,6 +398,11 @@ asn1_oid_decode(struct asn1_ctx *ctx,
389	unsigned long *optr;	398	unsigned long *optr;
390		399
391	size = eoc - ctx->pointer + 1;	400	size = eoc - ctx->pointer + 1;
		401
		402	/* first subid actually encodes first two subids */
		403	if (size < 2 \|\| size > ULONG_MAX/sizeof(unsigned long))
		404	return 0;
		405
392	oid = kmalloc(size sizeof(unsigned long), GFP_ATOMIC);	406	oid = kmalloc(size sizeof(unsigned long), GFP_ATOMIC);
393	if (*oid == NULL)	407	if (*oid == NULL)
394	return 0;	408	return 0;


diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index 951ee33a022d..c15c25745e05 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -660,8 +660,6 @@ int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm,
660	int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,	660	int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
661	struct ecryptfs_auth_tok **auth_tok,	661	struct ecryptfs_auth_tok **auth_tok,
662	char *sig);	662	char *sig);
663	int ecryptfs_write_zeros(struct file *file, pgoff_t index, int start,
664	int num_zeros);
665	int ecryptfs_write_lower(struct inode ecryptfs_inode, char data,	663	int ecryptfs_write_lower(struct inode ecryptfs_inode, char data,
666	loff_t offset, size_t size);	664	loff_t offset, size_t size);
667	int ecryptfs_write_lower_page_segment(struct inode *ecryptfs_inode,	665	int ecryptfs_write_lower_page_segment(struct inode *ecryptfs_inode,


diff --git a/fs/ecryptfs/read_write.c b/fs/ecryptfs/read_write.c index ebf55150be56..75c2ea9fee35 100644 --- a/fs/ecryptfs/read_write.c +++ b/fs/ecryptfs/read_write.c
@@ -157,20 +157,6 @@ int ecryptfs_write(struct file ecryptfs_file, char data, loff_t offset,
157	ecryptfs_page_idx, rc);	157	ecryptfs_page_idx, rc);
158	goto out;	158	goto out;
159	}	159	}
160	if (start_offset_in_page) {
161	/* Read in the page from the lower
162	* into the eCryptfs inode page cache,
163	* decrypting */
164	rc = ecryptfs_decrypt_page(ecryptfs_page);
165	if (rc) {
166	printk(KERN_ERR "%s: Error decrypting "
167	"page; rc = [%d]\n",
168	__func__, rc);
169	ClearPageUptodate(ecryptfs_page);
170	page_cache_release(ecryptfs_page);
171	goto out;
172	}
173	}
174	ecryptfs_page_virt = kmap_atomic(ecryptfs_page, KM_USER0);	160	ecryptfs_page_virt = kmap_atomic(ecryptfs_page, KM_USER0);
175		161
176	/*	162	/*
@@ -349,14 +335,6 @@ int ecryptfs_read(char *data, loff_t offset, size_t size,
349	ecryptfs_page_idx, rc);	335	ecryptfs_page_idx, rc);
350	goto out;	336	goto out;
351	}	337	}
352	rc = ecryptfs_decrypt_page(ecryptfs_page);
353	if (rc) {
354	printk(KERN_ERR "%s: Error decrypting "
355	"page; rc = [%d]\n", __func__, rc);
356	ClearPageUptodate(ecryptfs_page);
357	page_cache_release(ecryptfs_page);
358	goto out;
359	}
360	ecryptfs_page_virt = kmap_atomic(ecryptfs_page, KM_USER0);	338	ecryptfs_page_virt = kmap_atomic(ecryptfs_page, KM_USER0);
361	memcpy((data + data_offset),	339	memcpy((data + data_offset),
362	((char *)ecryptfs_page_virt + start_offset_in_page),	340	((char *)ecryptfs_page_virt + start_offset_in_page),


diff --git a/fs/ext3/resize.c b/fs/ext3/resize.c index 28cfd0b40527..77278e947e94 100644 --- a/fs/ext3/resize.c +++ b/fs/ext3/resize.c
@@ -580,7 +580,8 @@ static int reserve_backup_gdb(handle_t handle, struct inode inode,
580	}	580	}
581		581
582	blk = EXT3_SB(sb)->s_sbh->b_blocknr + 1 + EXT3_SB(sb)->s_gdb_count;	582	blk = EXT3_SB(sb)->s_sbh->b_blocknr + 1 + EXT3_SB(sb)->s_gdb_count;
583	data = (__le32 *)dind->b_data + EXT3_SB(sb)->s_gdb_count;	583	data = (__le32 *)dind->b_data + (EXT3_SB(sb)->s_gdb_count %
		584	EXT3_ADDR_PER_BLOCK(sb));
584	end = (__le32 *)dind->b_data + EXT3_ADDR_PER_BLOCK(sb);	585	end = (__le32 *)dind->b_data + EXT3_ADDR_PER_BLOCK(sb);
585		586
586	/* Get each reserved primary GDT block and verify it holds backups */	587	/* Get each reserved primary GDT block and verify it holds backups */


diff --git a/fs/libfs.c b/fs/libfs.c index b004dfadd891..892d41cb3382 100644 --- a/fs/libfs.c +++ b/fs/libfs.c
@@ -528,6 +528,23 @@ ssize_t simple_read_from_buffer(void __user to, size_t count, loff_t ppos,
528	return count;	528	return count;
529	}	529	}
530		530
		531	ssize_t memory_read_from_buffer(void to, size_t count, loff_t ppos,
		532	const void *from, size_t available)
		533	{
		534	loff_t pos = *ppos;
		535
		536	if (pos < 0)
		537	return -EINVAL;
		538	if (pos >= available)
		539	return 0;
		540	if (count > available - pos)
		541	count = available - pos;
		542	memcpy(to, from + pos, count);
		543	*ppos = pos + count;
		544
		545	return count;
		546	}
		547
531	/*	548	/*
532	* Transaction based IO.	549	* Transaction based IO.
533	* The file expects a single write which triggers the transaction, and then	550	* The file expects a single write which triggers the transaction, and then
@@ -800,6 +817,7 @@ EXPORT_SYMBOL(simple_statfs);
800	EXPORT_SYMBOL(simple_sync_file);	817	EXPORT_SYMBOL(simple_sync_file);
801	EXPORT_SYMBOL(simple_unlink);	818	EXPORT_SYMBOL(simple_unlink);
802	EXPORT_SYMBOL(simple_read_from_buffer);	819	EXPORT_SYMBOL(simple_read_from_buffer);
		820	EXPORT_SYMBOL(memory_read_from_buffer);
803	EXPORT_SYMBOL(simple_transaction_get);	821	EXPORT_SYMBOL(simple_transaction_get);
804	EXPORT_SYMBOL(simple_transaction_read);	822	EXPORT_SYMBOL(simple_transaction_read);
805	EXPORT_SYMBOL(simple_transaction_release);	823	EXPORT_SYMBOL(simple_transaction_release);


diff --git a/fs/proc/array.c b/fs/proc/array.c index 9e3b8c33c24b..797d775e0354 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c
@@ -288,7 +288,7 @@ static void render_cap_t(struct seq_file m, const char header,
288	seq_printf(m, "%s", header);	288	seq_printf(m, "%s", header);
289	CAP_FOR_EACH_U32(__capi) {	289	CAP_FOR_EACH_U32(__capi) {
290	seq_printf(m, "%08x",	290	seq_printf(m, "%08x",
291	a->cap[(_LINUX_CAPABILITY_U32S-1) - __capi]);	291	a->cap[(_KERNEL_CAPABILITY_U32S-1) - __capi]);
292	}	292	}
293	seq_printf(m, "\n");	293	seq_printf(m, "\n");
294	}	294	}


diff --git a/fs/proc/base.c b/fs/proc/base.c index c447e0743a3c..3b455371e7ff 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c
@@ -127,6 +127,25 @@ struct pid_entry {
127	NULL, &proc_single_file_operations, \	127	NULL, &proc_single_file_operations, \
128	{ .proc_show = &proc_##OTYPE } )	128	{ .proc_show = &proc_##OTYPE } )
129		129
		130	/*
		131	* Count the number of hardlinks for the pid_entry table, excluding the .
		132	* and .. links.
		133	*/
		134	static unsigned int pid_entry_count_dirs(const struct pid_entry *entries,
		135	unsigned int n)
		136	{
		137	unsigned int i;
		138	unsigned int count;
		139
		140	count = 0;
		141	for (i = 0; i < n; ++i) {
		142	if (S_ISDIR(entries[i].mode))
		143	++count;
		144	}
		145
		146	return count;
		147	}
		148
130	int maps_protect;	149	int maps_protect;
131	EXPORT_SYMBOL(maps_protect);	150	EXPORT_SYMBOL(maps_protect);
132		151
@@ -2585,10 +2604,9 @@ static struct dentry proc_pid_instantiate(struct inode dir,
2585	inode->i_op = &proc_tgid_base_inode_operations;	2604	inode->i_op = &proc_tgid_base_inode_operations;
2586	inode->i_fop = &proc_tgid_base_operations;	2605	inode->i_fop = &proc_tgid_base_operations;
2587	inode->i_flags\|=S_IMMUTABLE;	2606	inode->i_flags\|=S_IMMUTABLE;
2588	inode->i_nlink = 5;	2607
2589	#ifdef CONFIG_SECURITY	2608	inode->i_nlink = 2 + pid_entry_count_dirs(tgid_base_stuff,
2590	inode->i_nlink += 1;	2609	ARRAY_SIZE(tgid_base_stuff));
2591	#endif
2592		2610
2593	dentry->d_op = &pid_dentry_operations;	2611	dentry->d_op = &pid_dentry_operations;
2594		2612
@@ -2816,10 +2834,9 @@ static struct dentry proc_task_instantiate(struct inode dir,
2816	inode->i_op = &proc_tid_base_inode_operations;	2834	inode->i_op = &proc_tid_base_inode_operations;
2817	inode->i_fop = &proc_tid_base_operations;	2835	inode->i_fop = &proc_tid_base_operations;
2818	inode->i_flags\|=S_IMMUTABLE;	2836	inode->i_flags\|=S_IMMUTABLE;
2819	inode->i_nlink = 4;	2837
2820	#ifdef CONFIG_SECURITY	2838	inode->i_nlink = 2 + pid_entry_count_dirs(tid_base_stuff,
2821	inode->i_nlink += 1;	2839	ARRAY_SIZE(tid_base_stuff));
2822	#endif
2823		2840
2824	dentry->d_op = &pid_dentry_operations;	2841	dentry->d_op = &pid_dentry_operations;
2825		2842


diff --git a/fs/proc/proc_misc.c b/fs/proc/proc_misc.c index 32dc14cd8900..7e277f2ad466 100644 --- a/fs/proc/proc_misc.c +++ b/fs/proc/proc_misc.c
@@ -716,7 +716,7 @@ static ssize_t kpagecount_read(struct file file, char __user buf,
716	pfn = src / KPMSIZE;	716	pfn = src / KPMSIZE;
717	count = min_t(size_t, count, (max_pfn * KPMSIZE) - src);	717	count = min_t(size_t, count, (max_pfn * KPMSIZE) - src);
718	if (src & KPMMASK \|\| count & KPMMASK)	718	if (src & KPMMASK \|\| count & KPMMASK)
719	return -EIO;	719	return -EINVAL;
720		720
721	while (count > 0) {	721	while (count > 0) {
722	ppage = NULL;	722	ppage = NULL;
@@ -726,7 +726,7 @@ static ssize_t kpagecount_read(struct file file, char __user buf,
726	if (!ppage)	726	if (!ppage)
727	pcount = 0;	727	pcount = 0;
728	else	728	else
729	pcount = atomic_read(&ppage->_count);	729	pcount = page_mapcount(ppage);
730		730
731	if (put_user(pcount, out++)) {	731	if (put_user(pcount, out++)) {
732	ret = -EFAULT;	732	ret = -EFAULT;
@@ -782,7 +782,7 @@ static ssize_t kpageflags_read(struct file file, char __user buf,
782	pfn = src / KPMSIZE;	782	pfn = src / KPMSIZE;
783	count = min_t(unsigned long, count, (max_pfn * KPMSIZE) - src);	783	count = min_t(unsigned long, count, (max_pfn * KPMSIZE) - src);
784	if (src & KPMMASK \|\| count & KPMMASK)	784	if (src & KPMMASK \|\| count & KPMMASK)
785	return -EIO;	785	return -EINVAL;
786		786
787	while (count > 0) {	787	while (count > 0) {
788	ppage = NULL;	788	ppage = NULL;


diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 88717c0f941b..17403629e330 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c
@@ -496,7 +496,7 @@ const struct file_operations proc_clear_refs_operations = {
496	};	496	};
497		497
498	struct pagemapread {	498	struct pagemapread {
499	char __user out, end;	499	u64 __user out, end;
500	};	500	};
501		501
502	#define PM_ENTRY_BYTES sizeof(u64)	502	#define PM_ENTRY_BYTES sizeof(u64)
@@ -519,21 +519,11 @@ struct pagemapread {
519	static int add_to_pagemap(unsigned long addr, u64 pfn,	519	static int add_to_pagemap(unsigned long addr, u64 pfn,
520	struct pagemapread *pm)	520	struct pagemapread *pm)
521	{	521	{
522	/*
523	* Make sure there's room in the buffer for an
524	* entire entry. Otherwise, only copy part of
525	* the pfn.
526	*/
527	if (pm->out + PM_ENTRY_BYTES >= pm->end) {
528	if (copy_to_user(pm->out, &pfn, pm->end - pm->out))
529	return -EFAULT;
530	pm->out = pm->end;
531	return PM_END_OF_BUFFER;
532	}
533
534	if (put_user(pfn, pm->out))	522	if (put_user(pfn, pm->out))
535	return -EFAULT;	523	return -EFAULT;
536	pm->out += PM_ENTRY_BYTES;	524	pm->out++;
		525	if (pm->out >= pm->end)
		526	return PM_END_OF_BUFFER;
537	return 0;	527	return 0;
538	}	528	}
539		529
@@ -634,7 +624,7 @@ static ssize_t pagemap_read(struct file file, char __user buf,
634		624
635	ret = -EINVAL;	625	ret = -EINVAL;
636	/* file position must be aligned */	626	/* file position must be aligned */
637	if (*ppos % PM_ENTRY_BYTES)	627	if ((*ppos % PM_ENTRY_BYTES) \|\| (count % PM_ENTRY_BYTES))
638	goto out_task;	628	goto out_task;
639		629
640	ret = 0;	630	ret = 0;
@@ -664,8 +654,8 @@ static ssize_t pagemap_read(struct file file, char __user buf,
664	goto out_pages;	654	goto out_pages;
665	}	655	}
666		656
667	pm.out = buf;	657	pm.out = (u64 *)buf;
668	pm.end = buf + count;	658	pm.end = (u64 *)(buf + count);
669		659
670	if (!ptrace_may_attach(task)) {	660	if (!ptrace_may_attach(task)) {
671	ret = -EIO;	661	ret = -EIO;
@@ -690,9 +680,9 @@ static ssize_t pagemap_read(struct file file, char __user buf,
690	if (ret == PM_END_OF_BUFFER)	680	if (ret == PM_END_OF_BUFFER)
691	ret = 0;	681	ret = 0;
692	/* don't need mmap_sem for these, but this looks cleaner */	682	/* don't need mmap_sem for these, but this looks cleaner */
693	*ppos += pm.out - buf;	683	ppos += (char )pm.out - buf;
694	if (!ret)	684	if (!ret)
695	ret = pm.out - buf;	685	ret = (char *)pm.out - buf;
696	}	686	}
697		687
698	out_pages:	688	out_pages: