8 files changed, 150 insertions, 66 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index d96045789b54..77770a034d59 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -467,23 +467,16 @@ static int audit_prepare_user_tty(pid_t pid, uid_t loginuid, u32 sessionid)
        struct task_struct *tsk;
        int err;
-        read_lock(&tasklist_lock);
+        rcu_read_lock();
        tsk = find_task_by_vpid(pid);
-        err = -ESRCH;
+        if (!tsk) {
-        if (!tsk)
+                rcu_read_unlock();
-                goto out;
+                return -ESRCH;
-        err = 0;
+        }
+        get_task_struct(tsk);
-        spin_lock_irq(&tsk->sighand->siglock);
+        rcu_read_unlock();
-        if (!tsk->signal->audit_tty)
+        err = tty_audit_push_task(tsk, loginuid, sessionid);
-                err = -EPERM;
+        put_task_struct(tsk);
-        spin_unlock_irq(&tsk->sighand->siglock);
-        if (err)
-                goto out;
-        tty_audit_push_task(tsk, loginuid, sessionid);
-out:
-        read_unlock(&tasklist_lock);
        return err;
 }
@@ -506,7 +499,7 @@ int audit_send_list(void *_dest)
 }
 struct sk_buff *audit_make_reply(int pid, int seq, int type, int done,
-                                 int multi, void *payload, int size)
+                                 int multi, const void *payload, int size)
 {
        struct sk_buff  *skb;
        struct nlmsghdr *nlh;
@@ -555,8 +548,8 @@ static int audit_send_reply_thread(void *arg)
 * Allocates an skb, builds the netlink message, and sends it to the pid.
 * No failure notifications.
 */
-void audit_send_reply(int pid, int seq, int type, int done, int multi,
+static void audit_send_reply(int pid, int seq, int type, int done, int multi,
-                      void *payload, int size)
+                             const void *payload, int size)
 {
        struct sk_buff *skb;
        struct task_struct *tsk;
@@ -880,40 +873,40 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
        case AUDIT_TTY_GET: {
                struct audit_tty_status s;
                struct task_struct *tsk;
+                unsigned long flags;
-                read_lock(&tasklist_lock);
+                rcu_read_lock();
                tsk = find_task_by_vpid(pid);
-                if (!tsk)
+                if (tsk && lock_task_sighand(tsk, &flags)) {
-                        err = -ESRCH;
-                else {
-                        spin_lock_irq(&tsk->sighand->siglock);
                        s.enabled = tsk->signal->audit_tty != 0;
-                        spin_unlock_irq(&tsk->sighand->siglock);
+                        unlock_task_sighand(tsk, &flags);
-                }
+                } else
-                read_unlock(&tasklist_lock);
+                        err = -ESRCH;
-                audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_TTY_GET, 0, 0,
+                rcu_read_unlock();
-                                 &s, sizeof(s));
+                if (!err)
+                        audit_send_reply(NETLINK_CB(skb).pid, seq,
+                                         AUDIT_TTY_GET, 0, 0, &s, sizeof(s));
                break;
        }
        case AUDIT_TTY_SET: {
                struct audit_tty_status *s;
                struct task_struct *tsk;
+                unsigned long flags;
                if (nlh->nlmsg_len < sizeof(struct audit_tty_status))
                        return -EINVAL;
                s = data;
                if (s->enabled != 0 && s->enabled != 1)
                        return -EINVAL;
-                read_lock(&tasklist_lock);
+                rcu_read_lock();
                tsk = find_task_by_vpid(pid);
-                if (!tsk)
+                if (tsk && lock_task_sighand(tsk, &flags)) {
-                        err = -ESRCH;
-                else {
-                        spin_lock_irq(&tsk->sighand->siglock);
                        tsk->signal->audit_tty = s->enabled != 0;
-                        spin_unlock_irq(&tsk->sighand->siglock);
+                        unlock_task_sighand(tsk, &flags);
-                }
+                } else
-                read_unlock(&tasklist_lock);
+                        err = -ESRCH;
+                rcu_read_unlock();
                break;
        }
        default:
diff --git a/kernel/audit.h b/kernel/audit.h
index f7206db4e13d..91e7071c4d2c 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -84,10 +84,7 @@ extern int audit_compare_dname_path(const char *dname, const char *path,
                                    int *dirlen);
 extern struct sk_buff *     audit_make_reply(int pid, int seq, int type,
                                             int done, int multi,
-                                             void *payload, int size);
+                                             const void *payload, int size);
-extern void                 audit_send_reply(int pid, int seq, int type,
-                                             int done, int multi,
-                                             void *payload, int size);
 extern void                 audit_panic(const char *message);
 struct audit_netlink_list {
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index 7f18d3a4527e..37b2bea170c8 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -223,7 +223,7 @@ static void untag_chunk(struct node *p)
 {
        struct audit_chunk *chunk = find_chunk(p);
        struct fsnotify_mark *entry = &chunk->mark;
-        struct audit_chunk *new;
+        struct audit_chunk *new = NULL;
        struct audit_tree *owner;
        int size = chunk->count - 1;
        int i, j;
@@ -232,9 +232,14 @@ static void untag_chunk(struct node *p)
        spin_unlock(&hash_lock);
+        if (size)
+                new = alloc_chunk(size);
        spin_lock(&entry->lock);
        if (chunk->dead || !entry->i.inode) {
                spin_unlock(&entry->lock);
+                if (new)
+                        free_chunk(new);
                goto out;
        }
@@ -255,9 +260,9 @@ static void untag_chunk(struct node *p)
                goto out;
        }
-        new = alloc_chunk(size);
        if (!new)
                goto Fallback;
        fsnotify_duplicate_mark(&new->mark, entry);
        if (fsnotify_add_mark(&new->mark, new->mark.group, new->mark.i.inode, NULL, 1)) {
                free_chunk(new);
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index f0c9b2e7542d..d2e3c7866460 100644
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@@ -60,7 +60,7 @@ struct audit_parent {
 };
 /* fsnotify handle. */
-struct fsnotify_group *audit_watch_group;
+static struct fsnotify_group *audit_watch_group;
 /* fsnotify events we care about. */
 #define AUDIT_FS_WATCH (FS_MOVE | FS_CREATE | FS_DELETE | FS_DELETE_SELF |\
@@ -123,7 +123,7 @@ void audit_put_watch(struct audit_watch *watch)
        }
 }
-void audit_remove_watch(struct audit_watch *watch)
+static void audit_remove_watch(struct audit_watch *watch)
 {
        list_del(&watch->wlist);
        audit_put_parent(watch->parent);
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index eb7675499fb5..add2819af71b 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1252,6 +1252,18 @@ static int audit_filter_user_rules(struct netlink_skb_parms *cb,
                case AUDIT_LOGINUID:
                        result = audit_comparator(cb->loginuid, f->op, f->val);
                        break;
+                case AUDIT_SUBJ_USER:
+                case AUDIT_SUBJ_ROLE:
+                case AUDIT_SUBJ_TYPE:
+                case AUDIT_SUBJ_SEN:
+                case AUDIT_SUBJ_CLR:
+                        if (f->lsm_rule)
+                                result = security_audit_rule_match(cb->sid,
+                                                                   f->type,
+                                                                   f->op,
+                                                                   f->lsm_rule,
+                                                                   NULL);
+                        break;
                }
                if (!result)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 1b31c130d034..f49a0318c2ed 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -241,6 +241,10 @@ struct audit_context {
                        pid_t                   pid;
                        struct audit_cap_data   cap;
                } capset;
+                struct {
+                        int                     fd;
+                        int                     flags;
+                } mmap;
        };
        int fds[2];
@@ -1305,6 +1309,10 @@ static void show_special(struct audit_context *context, int *call_panic)
                audit_log_cap(ab, "cap_pp", &context->capset.cap.permitted);
                audit_log_cap(ab, "cap_pe", &context->capset.cap.effective);
                break; }
+        case AUDIT_MMAP: {
+                audit_log_format(ab, "fd=%d flags=0x%x", context->mmap.fd,
+                                 context->mmap.flags);
+                break; }
        }
        audit_log_end(ab);
 }
@@ -2476,6 +2484,14 @@ void __audit_log_capset(pid_t pid,
        context->type = AUDIT_CAPSET;
 }
+void __audit_mmap_fd(int fd, int flags)
+{
+        struct audit_context *context = current->audit_context;
+        context->mmap.fd = fd;
+        context->mmap.flags = flags;
+        context->type = AUDIT_MMAP;
+}
 /**
 * audit_core_dumps - record information about processes that end abnormally
 * @signr: signal value
diff --git a/kernel/jump_label.c b/kernel/jump_label.c
index 7be868bf25c6..3b79bd938330 100644
--- a/kernel/jump_label.c
+++ b/kernel/jump_label.c
@@ -39,6 +39,16 @@ struct jump_label_module_entry {
        struct module *mod;
 };
+void jump_label_lock(void)
+{
+        mutex_lock(&jump_label_mutex);
+}
+void jump_label_unlock(void)
+{
+        mutex_unlock(&jump_label_mutex);
+}
 static int jump_label_cmp(const void *a, const void *b)
 {
        const struct jump_entry *jea = a;
@@ -152,7 +162,7 @@ void jump_label_update(unsigned long key, enum jump_label_type type)
        struct jump_label_module_entry *e_module;
        int count;
-        mutex_lock(&jump_label_mutex);
+        jump_label_lock();
        entry = get_jump_label_entry((jump_label_t)key);
        if (entry) {
                count = entry->nr_entries;
@@ -168,13 +178,14 @@ void jump_label_update(unsigned long key, enum jump_label_type type)
                        count = e_module->nr_entries;
                        iter = e_module->table;
                        while (count--) {
-                                if (kernel_text_address(iter->code))
+                                if (iter->key &&
+                                                kernel_text_address(iter->code))
                                        arch_jump_label_transform(iter, type);
                                iter++;
                        }
                }
        }
-        mutex_unlock(&jump_label_mutex);
+        jump_label_unlock();
 }
 static int addr_conflict(struct jump_entry *entry, void *start, void *end)
@@ -231,6 +242,7 @@ out:
 * overlaps with any of the jump label patch addresses. Code
 * that wants to modify kernel text should first verify that
 * it does not overlap with any of the jump label addresses.
+ * Caller must hold jump_label_mutex.
 *
 * returns 1 if there is an overlap, 0 otherwise
 */
@@ -241,7 +253,6 @@ int jump_label_text_reserved(void *start, void *end)
        struct jump_entry *iter_stop = __start___jump_table;
        int conflict = 0;
-        mutex_lock(&jump_label_mutex);
        iter = iter_start;
        while (iter < iter_stop) {
                if (addr_conflict(iter, start, end)) {
@@ -256,10 +267,16 @@ int jump_label_text_reserved(void *start, void *end)
        conflict = module_conflict(start, end);
 #endif
 out:
-        mutex_unlock(&jump_label_mutex);
        return conflict;
 }
+/*
+ * Not all archs need this.
+ */
+void __weak arch_jump_label_text_poke_early(jump_label_t addr)
+{
+}
 static __init int init_jump_label(void)
 {
        int ret;
@@ -267,7 +284,7 @@ static __init int init_jump_label(void)
        struct jump_entry *iter_stop = __stop___jump_table;
        struct jump_entry *iter;
-        mutex_lock(&jump_label_mutex);
+        jump_label_lock();
        ret = build_jump_label_hashtable(__start___jump_table,
                                         __stop___jump_table);
        iter = iter_start;
@@ -275,7 +292,7 @@ static __init int init_jump_label(void)
                arch_jump_label_text_poke_early(iter->code);
                iter++;
        }
-        mutex_unlock(&jump_label_mutex);
+        jump_label_unlock();
        return ret;
 }
 early_initcall(init_jump_label);
@@ -366,6 +383,39 @@ static void remove_jump_label_module(struct module *mod)
        }
 }
+static void remove_jump_label_module_init(struct module *mod)
+{
+        struct hlist_head *head;
+        struct hlist_node *node, *node_next, *module_node, *module_node_next;
+        struct jump_label_entry *e;
+        struct jump_label_module_entry *e_module;
+        struct jump_entry *iter;
+        int i, count;
+        /* if the module doesn't have jump label entries, just return */
+        if (!mod->num_jump_entries)
+                return;
+        for (i = 0; i < JUMP_LABEL_TABLE_SIZE; i++) {
+                head = &jump_label_table[i];
+                hlist_for_each_entry_safe(e, node, node_next, head, hlist) {
+                        hlist_for_each_entry_safe(e_module, module_node,
+                                                  module_node_next,
+                                                  &(e->modules), hlist) {
+                                if (e_module->mod != mod)
+                                        continue;
+                                count = e_module->nr_entries;
+                                iter = e_module->table;
+                                while (count--) {
+                                        if (within_module_init(iter->code, mod))
+                                                iter->key = 0;
+                                        iter++;
+                                }
+                        }
+                }
+        }
+}
 static int
 jump_label_module_notify(struct notifier_block *self, unsigned long val,
                         void *data)
@@ -375,16 +425,21 @@ jump_label_module_notify(struct notifier_block *self, unsigned long val,
        switch (val) {
        case MODULE_STATE_COMING:
-                mutex_lock(&jump_label_mutex);
+                jump_label_lock();
                ret = add_jump_label_module(mod);
                if (ret)
                        remove_jump_label_module(mod);
-                mutex_unlock(&jump_label_mutex);
+                jump_label_unlock();
                break;
        case MODULE_STATE_GOING:
-                mutex_lock(&jump_label_mutex);
+                jump_label_lock();
                remove_jump_label_module(mod);
-                mutex_unlock(&jump_label_mutex);
+                jump_label_unlock();
+                break;
+        case MODULE_STATE_LIVE:
+                jump_label_lock();
+                remove_jump_label_module_init(mod);
+                jump_label_unlock();
                break;
        }
        return ret;
diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index 99865c33a60d..9737a76e106f 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -1145,14 +1145,13 @@ int __kprobes register_kprobe(struct kprobe *p)
        if (ret)
                return ret;
+        jump_label_lock();
        preempt_disable();
        if (!kernel_text_address((unsigned long) p->addr) ||
            in_kprobes_functions((unsigned long) p->addr) ||
            ftrace_text_reserved(p->addr, p->addr) ||
-            jump_label_text_reserved(p->addr, p->addr)) {
+            jump_label_text_reserved(p->addr, p->addr))
-                preempt_enable();
+                goto fail_with_jump_label;
-                return -EINVAL;
-        }
        /* User can pass only KPROBE_FLAG_DISABLED to register_kprobe */
        p->flags &= KPROBE_FLAG_DISABLED;
@@ -1166,10 +1165,9 @@ int __kprobes register_kprobe(struct kprobe *p)
                 * We must hold a refcount of the probed module while updating
                 * its code to prohibit unexpected unloading.
                 */
-                if (unlikely(!try_module_get(probed_mod))) {
+                if (unlikely(!try_module_get(probed_mod)))
-                        preempt_enable();
+                        goto fail_with_jump_label;
-                        return -EINVAL;
-                }
                /*
                 * If the module freed .init.text, we couldn't insert
                 * kprobes in there.
@@ -1177,16 +1175,18 @@ int __kprobes register_kprobe(struct kprobe *p)
                if (within_module_init((unsigned long)p->addr, probed_mod) &&
                    probed_mod->state != MODULE_STATE_COMING) {
                        module_put(probed_mod);
-                        preempt_enable();
+                        goto fail_with_jump_label;
-                        return -EINVAL;
                }
        }
        preempt_enable();
+        jump_label_unlock();
        p->nmissed = 0;
        INIT_LIST_HEAD(&p->list);
        mutex_lock(&kprobe_mutex);
+        jump_label_lock(); /* needed to call jump_label_text_reserved() */
        get_online_cpus();      /* For avoiding text_mutex deadlock. */
        mutex_lock(&text_mutex);
@@ -1214,12 +1214,18 @@ int __kprobes register_kprobe(struct kprobe *p)
 out:
        mutex_unlock(&text_mutex);
        put_online_cpus();
+        jump_label_unlock();
        mutex_unlock(&kprobe_mutex);
        if (probed_mod)
                module_put(probed_mod);
        return ret;
+fail_with_jump_label:
+        preempt_enable();
+        jump_label_unlock();
+        return -EINVAL;
 }
 EXPORT_SYMBOL_GPL(register_kprobe);

diff --git a/kernel/audit.c b/kernel/audit.c index d96045789b54..77770a034d59 100644 --- a/kernel/audit.c +++ b/kernel/audit.c
@@ -467,23 +467,16 @@ static int audit_prepare_user_tty(pid_t pid, uid_t loginuid, u32 sessionid)
467	struct task_struct *tsk;	467	struct task_struct *tsk;
468	int err;	468	int err;
469		469
470	read_lock(&tasklist_lock);	470	rcu_read_lock();
471	tsk = find_task_by_vpid(pid);	471	tsk = find_task_by_vpid(pid);
472	err = -ESRCH;	472	if (!tsk) {
473	if (!tsk)	473	rcu_read_unlock();
474	goto out;	474	return -ESRCH;
475	err = 0;	475	}
476		476	get_task_struct(tsk);
477	spin_lock_irq(&tsk->sighand->siglock);	477	rcu_read_unlock();
478	if (!tsk->signal->audit_tty)	478	err = tty_audit_push_task(tsk, loginuid, sessionid);
479	err = -EPERM;	479	put_task_struct(tsk);
480	spin_unlock_irq(&tsk->sighand->siglock);
481	if (err)
482	goto out;
483
484	tty_audit_push_task(tsk, loginuid, sessionid);
485	out:
486	read_unlock(&tasklist_lock);
487	return err;	480	return err;
488	}	481	}
489		482
@@ -506,7 +499,7 @@ int audit_send_list(void *_dest)
506	}	499	}
507		500
508	struct sk_buff *audit_make_reply(int pid, int seq, int type, int done,	501	struct sk_buff *audit_make_reply(int pid, int seq, int type, int done,
509	int multi, void *payload, int size)	502	int multi, const void *payload, int size)
510	{	503	{
511	struct sk_buff *skb;	504	struct sk_buff *skb;
512	struct nlmsghdr *nlh;	505	struct nlmsghdr *nlh;
@@ -555,8 +548,8 @@ static int audit_send_reply_thread(void *arg)
555	* Allocates an skb, builds the netlink message, and sends it to the pid.	548	* Allocates an skb, builds the netlink message, and sends it to the pid.
556	* No failure notifications.	549	* No failure notifications.
557	*/	550	*/
558	void audit_send_reply(int pid, int seq, int type, int done, int multi,	551	static void audit_send_reply(int pid, int seq, int type, int done, int multi,
559	void *payload, int size)	552	const void *payload, int size)
560	{	553	{
561	struct sk_buff *skb;	554	struct sk_buff *skb;
562	struct task_struct *tsk;	555	struct task_struct *tsk;
@@ -880,40 +873,40 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
880	case AUDIT_TTY_GET: {	873	case AUDIT_TTY_GET: {
881	struct audit_tty_status s;	874	struct audit_tty_status s;
882	struct task_struct *tsk;	875	struct task_struct *tsk;
		876	unsigned long flags;
883		877
884	read_lock(&tasklist_lock);	878	rcu_read_lock();
885	tsk = find_task_by_vpid(pid);	879	tsk = find_task_by_vpid(pid);
886	if (!tsk)	880	if (tsk && lock_task_sighand(tsk, &flags)) {
887	err = -ESRCH;
888	else {
889	spin_lock_irq(&tsk->sighand->siglock);
890	s.enabled = tsk->signal->audit_tty != 0;	881	s.enabled = tsk->signal->audit_tty != 0;
891	spin_unlock_irq(&tsk->sighand->siglock);	882	unlock_task_sighand(tsk, &flags);
892	}	883	} else
893	read_unlock(&tasklist_lock);	884	err = -ESRCH;
894	audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_TTY_GET, 0, 0,	885	rcu_read_unlock();
895	&s, sizeof(s));	886
		887	if (!err)
		888	audit_send_reply(NETLINK_CB(skb).pid, seq,
		889	AUDIT_TTY_GET, 0, 0, &s, sizeof(s));
896	break;	890	break;
897	}	891	}
898	case AUDIT_TTY_SET: {	892	case AUDIT_TTY_SET: {
899	struct audit_tty_status *s;	893	struct audit_tty_status *s;
900	struct task_struct *tsk;	894	struct task_struct *tsk;
		895	unsigned long flags;
901		896
902	if (nlh->nlmsg_len < sizeof(struct audit_tty_status))	897	if (nlh->nlmsg_len < sizeof(struct audit_tty_status))
903	return -EINVAL;	898	return -EINVAL;
904	s = data;	899	s = data;
905	if (s->enabled != 0 && s->enabled != 1)	900	if (s->enabled != 0 && s->enabled != 1)
906	return -EINVAL;	901	return -EINVAL;
907	read_lock(&tasklist_lock);	902	rcu_read_lock();
908	tsk = find_task_by_vpid(pid);	903	tsk = find_task_by_vpid(pid);
909	if (!tsk)	904	if (tsk && lock_task_sighand(tsk, &flags)) {
910	err = -ESRCH;
911	else {
912	spin_lock_irq(&tsk->sighand->siglock);
913	tsk->signal->audit_tty = s->enabled != 0;	905	tsk->signal->audit_tty = s->enabled != 0;
914	spin_unlock_irq(&tsk->sighand->siglock);	906	unlock_task_sighand(tsk, &flags);
915	}	907	} else
916	read_unlock(&tasklist_lock);	908	err = -ESRCH;
		909	rcu_read_unlock();
917	break;	910	break;
918	}	911	}
919	default:	912	default:


diff --git a/kernel/audit.h b/kernel/audit.h index f7206db4e13d..91e7071c4d2c 100644 --- a/kernel/audit.h +++ b/kernel/audit.h
@@ -84,10 +84,7 @@ extern int audit_compare_dname_path(const char dname, const char path,
84	int *dirlen);	84	int *dirlen);
85	extern struct sk_buff * audit_make_reply(int pid, int seq, int type,	85	extern struct sk_buff * audit_make_reply(int pid, int seq, int type,
86	int done, int multi,	86	int done, int multi,
87	void *payload, int size);	87	const void *payload, int size);
88	extern void audit_send_reply(int pid, int seq, int type,
89	int done, int multi,
90	void *payload, int size);
91	extern void audit_panic(const char *message);	88	extern void audit_panic(const char *message);
92		89
93	struct audit_netlink_list {	90	struct audit_netlink_list {


diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c index 7f18d3a4527e..37b2bea170c8 100644 --- a/kernel/audit_tree.c +++ b/kernel/audit_tree.c
@@ -223,7 +223,7 @@ static void untag_chunk(struct node *p)
223	{	223	{
224	struct audit_chunk *chunk = find_chunk(p);	224	struct audit_chunk *chunk = find_chunk(p);
225	struct fsnotify_mark *entry = &chunk->mark;	225	struct fsnotify_mark *entry = &chunk->mark;
226	struct audit_chunk *new;	226	struct audit_chunk *new = NULL;
227	struct audit_tree *owner;	227	struct audit_tree *owner;
228	int size = chunk->count - 1;	228	int size = chunk->count - 1;
229	int i, j;	229	int i, j;
@@ -232,9 +232,14 @@ static void untag_chunk(struct node *p)
232		232
233	spin_unlock(&hash_lock);	233	spin_unlock(&hash_lock);
234		234
		235	if (size)
		236	new = alloc_chunk(size);
		237
235	spin_lock(&entry->lock);	238	spin_lock(&entry->lock);
236	if (chunk->dead \|\| !entry->i.inode) {	239	if (chunk->dead \|\| !entry->i.inode) {
237	spin_unlock(&entry->lock);	240	spin_unlock(&entry->lock);
		241	if (new)
		242	free_chunk(new);
238	goto out;	243	goto out;
239	}	244	}
240		245
@@ -255,9 +260,9 @@ static void untag_chunk(struct node *p)
255	goto out;	260	goto out;
256	}	261	}
257		262
258	new = alloc_chunk(size);
259	if (!new)	263	if (!new)
260	goto Fallback;	264	goto Fallback;
		265
261	fsnotify_duplicate_mark(&new->mark, entry);	266	fsnotify_duplicate_mark(&new->mark, entry);
262	if (fsnotify_add_mark(&new->mark, new->mark.group, new->mark.i.inode, NULL, 1)) {	267	if (fsnotify_add_mark(&new->mark, new->mark.group, new->mark.i.inode, NULL, 1)) {
263	free_chunk(new);	268	free_chunk(new);


diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c index f0c9b2e7542d..d2e3c7866460 100644 --- a/kernel/audit_watch.c +++ b/kernel/audit_watch.c
@@ -60,7 +60,7 @@ struct audit_parent {
60	};	60	};
61		61
62	/* fsnotify handle. */	62	/* fsnotify handle. */
63	struct fsnotify_group *audit_watch_group;	63	static struct fsnotify_group *audit_watch_group;
64		64
65	/* fsnotify events we care about. */	65	/* fsnotify events we care about. */
66	#define AUDIT_FS_WATCH (FS_MOVE \| FS_CREATE \| FS_DELETE \| FS_DELETE_SELF \|\	66	#define AUDIT_FS_WATCH (FS_MOVE \| FS_CREATE \| FS_DELETE \| FS_DELETE_SELF \|\
@@ -123,7 +123,7 @@ void audit_put_watch(struct audit_watch *watch)
123	}	123	}
124	}	124	}
125		125
126	void audit_remove_watch(struct audit_watch *watch)	126	static void audit_remove_watch(struct audit_watch *watch)
127	{	127	{
128	list_del(&watch->wlist);	128	list_del(&watch->wlist);
129	audit_put_parent(watch->parent);	129	audit_put_parent(watch->parent);


diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index eb7675499fb5..add2819af71b 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c
@@ -1252,6 +1252,18 @@ static int audit_filter_user_rules(struct netlink_skb_parms *cb,
1252	case AUDIT_LOGINUID:	1252	case AUDIT_LOGINUID:
1253	result = audit_comparator(cb->loginuid, f->op, f->val);	1253	result = audit_comparator(cb->loginuid, f->op, f->val);
1254	break;	1254	break;
		1255	case AUDIT_SUBJ_USER:
		1256	case AUDIT_SUBJ_ROLE:
		1257	case AUDIT_SUBJ_TYPE:
		1258	case AUDIT_SUBJ_SEN:
		1259	case AUDIT_SUBJ_CLR:
		1260	if (f->lsm_rule)
		1261	result = security_audit_rule_match(cb->sid,
		1262	f->type,
		1263	f->op,
		1264	f->lsm_rule,
		1265	NULL);
		1266	break;
1255	}	1267	}
1256		1268
1257	if (!result)	1269	if (!result)


diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 1b31c130d034..f49a0318c2ed 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c
@@ -241,6 +241,10 @@ struct audit_context {
241	pid_t pid;	241	pid_t pid;
242	struct audit_cap_data cap;	242	struct audit_cap_data cap;
243	} capset;	243	} capset;
		244	struct {
		245	int fd;
		246	int flags;
		247	} mmap;
244	};	248	};
245	int fds[2];	249	int fds[2];
246		250
@@ -1305,6 +1309,10 @@ static void show_special(struct audit_context context, int call_panic)
1305	audit_log_cap(ab, "cap_pp", &context->capset.cap.permitted);	1309	audit_log_cap(ab, "cap_pp", &context->capset.cap.permitted);
1306	audit_log_cap(ab, "cap_pe", &context->capset.cap.effective);	1310	audit_log_cap(ab, "cap_pe", &context->capset.cap.effective);
1307	break; }	1311	break; }
		1312	case AUDIT_MMAP: {
		1313	audit_log_format(ab, "fd=%d flags=0x%x", context->mmap.fd,
		1314	context->mmap.flags);
		1315	break; }
1308	}	1316	}
1309	audit_log_end(ab);	1317	audit_log_end(ab);
1310	}	1318	}
@@ -2476,6 +2484,14 @@ void __audit_log_capset(pid_t pid,
2476	context->type = AUDIT_CAPSET;	2484	context->type = AUDIT_CAPSET;
2477	}	2485	}
2478		2486
		2487	void __audit_mmap_fd(int fd, int flags)
		2488	{
		2489	struct audit_context *context = current->audit_context;
		2490	context->mmap.fd = fd;
		2491	context->mmap.flags = flags;
		2492	context->type = AUDIT_MMAP;
		2493	}
		2494
2479	/**	2495	/**
2480	* audit_core_dumps - record information about processes that end abnormally	2496	* audit_core_dumps - record information about processes that end abnormally
2481	* @signr: signal value	2497	* @signr: signal value


diff --git a/kernel/jump_label.c b/kernel/jump_label.c index 7be868bf25c6..3b79bd938330 100644 --- a/kernel/jump_label.c +++ b/kernel/jump_label.c
@@ -39,6 +39,16 @@ struct jump_label_module_entry {
39	struct module *mod;	39	struct module *mod;
40	};	40	};
41		41
		42	void jump_label_lock(void)
		43	{
		44	mutex_lock(&jump_label_mutex);
		45	}
		46
		47	void jump_label_unlock(void)
		48	{
		49	mutex_unlock(&jump_label_mutex);
		50	}
		51
42	static int jump_label_cmp(const void a, const void b)	52	static int jump_label_cmp(const void a, const void b)
43	{	53	{
44	const struct jump_entry *jea = a;	54	const struct jump_entry *jea = a;
@@ -152,7 +162,7 @@ void jump_label_update(unsigned long key, enum jump_label_type type)
152	struct jump_label_module_entry *e_module;	162	struct jump_label_module_entry *e_module;
153	int count;	163	int count;
154		164
155	mutex_lock(&jump_label_mutex);	165	jump_label_lock();
156	entry = get_jump_label_entry((jump_label_t)key);	166	entry = get_jump_label_entry((jump_label_t)key);
157	if (entry) {	167	if (entry) {
158	count = entry->nr_entries;	168	count = entry->nr_entries;
@@ -168,13 +178,14 @@ void jump_label_update(unsigned long key, enum jump_label_type type)
168	count = e_module->nr_entries;	178	count = e_module->nr_entries;
169	iter = e_module->table;	179	iter = e_module->table;
170	while (count--) {	180	while (count--) {
171	if (kernel_text_address(iter->code))	181	if (iter->key &&
		182	kernel_text_address(iter->code))
172	arch_jump_label_transform(iter, type);	183	arch_jump_label_transform(iter, type);
173	iter++;	184	iter++;
174	}	185	}
175	}	186	}
176	}	187	}
177	mutex_unlock(&jump_label_mutex);	188	jump_label_unlock();
178	}	189	}
179		190
180	static int addr_conflict(struct jump_entry entry, void start, void *end)	191	static int addr_conflict(struct jump_entry entry, void start, void *end)
@@ -231,6 +242,7 @@ out:
231	* overlaps with any of the jump label patch addresses. Code	242	* overlaps with any of the jump label patch addresses. Code
232	* that wants to modify kernel text should first verify that	243	* that wants to modify kernel text should first verify that
233	* it does not overlap with any of the jump label addresses.	244	* it does not overlap with any of the jump label addresses.
		245	* Caller must hold jump_label_mutex.
234	*	246	*
235	* returns 1 if there is an overlap, 0 otherwise	247	* returns 1 if there is an overlap, 0 otherwise
236	*/	248	*/
@@ -241,7 +253,6 @@ int jump_label_text_reserved(void start, void end)
241	struct jump_entry *iter_stop = __start___jump_table;	253	struct jump_entry *iter_stop = __start___jump_table;
242	int conflict = 0;	254	int conflict = 0;
243		255
244	mutex_lock(&jump_label_mutex);
245	iter = iter_start;	256	iter = iter_start;
246	while (iter < iter_stop) {	257	while (iter < iter_stop) {
247	if (addr_conflict(iter, start, end)) {	258	if (addr_conflict(iter, start, end)) {
@@ -256,10 +267,16 @@ int jump_label_text_reserved(void start, void end)
256	conflict = module_conflict(start, end);	267	conflict = module_conflict(start, end);
257	#endif	268	#endif
258	out:	269	out:
259	mutex_unlock(&jump_label_mutex);
260	return conflict;	270	return conflict;
261	}	271	}
262		272
		273	/*
		274	* Not all archs need this.
		275	*/
		276	void __weak arch_jump_label_text_poke_early(jump_label_t addr)
		277	{
		278	}
		279
263	static __init int init_jump_label(void)	280	static __init int init_jump_label(void)
264	{	281	{
265	int ret;	282	int ret;
@@ -267,7 +284,7 @@ static __init int init_jump_label(void)
267	struct jump_entry *iter_stop = __stop___jump_table;	284	struct jump_entry *iter_stop = __stop___jump_table;
268	struct jump_entry *iter;	285	struct jump_entry *iter;
269		286
270	mutex_lock(&jump_label_mutex);	287	jump_label_lock();
271	ret = build_jump_label_hashtable(__start___jump_table,	288	ret = build_jump_label_hashtable(__start___jump_table,
272	__stop___jump_table);	289	__stop___jump_table);
273	iter = iter_start;	290	iter = iter_start;
@@ -275,7 +292,7 @@ static __init int init_jump_label(void)
275	arch_jump_label_text_poke_early(iter->code);	292	arch_jump_label_text_poke_early(iter->code);
276	iter++;	293	iter++;
277	}	294	}
278	mutex_unlock(&jump_label_mutex);	295	jump_label_unlock();
279	return ret;	296	return ret;
280	}	297	}
281	early_initcall(init_jump_label);	298	early_initcall(init_jump_label);
@@ -366,6 +383,39 @@ static void remove_jump_label_module(struct module *mod)
366	}	383	}
367	}	384	}
368		385
		386	static void remove_jump_label_module_init(struct module *mod)
		387	{
		388	struct hlist_head *head;
		389	struct hlist_node node, node_next, module_node, module_node_next;
		390	struct jump_label_entry *e;
		391	struct jump_label_module_entry *e_module;
		392	struct jump_entry *iter;
		393	int i, count;
		394
		395	/* if the module doesn't have jump label entries, just return */
		396	if (!mod->num_jump_entries)
		397	return;
		398
		399	for (i = 0; i < JUMP_LABEL_TABLE_SIZE; i++) {
		400	head = &jump_label_table[i];
		401	hlist_for_each_entry_safe(e, node, node_next, head, hlist) {
		402	hlist_for_each_entry_safe(e_module, module_node,
		403	module_node_next,
		404	&(e->modules), hlist) {
		405	if (e_module->mod != mod)
		406	continue;
		407	count = e_module->nr_entries;
		408	iter = e_module->table;
		409	while (count--) {
		410	if (within_module_init(iter->code, mod))
		411	iter->key = 0;
		412	iter++;
		413	}
		414	}
		415	}
		416	}
		417	}
		418
369	static int	419	static int
370	jump_label_module_notify(struct notifier_block *self, unsigned long val,	420	jump_label_module_notify(struct notifier_block *self, unsigned long val,
371	void *data)	421	void *data)
@@ -375,16 +425,21 @@ jump_label_module_notify(struct notifier_block *self, unsigned long val,
375		425
376	switch (val) {	426	switch (val) {
377	case MODULE_STATE_COMING:	427	case MODULE_STATE_COMING:
378	mutex_lock(&jump_label_mutex);	428	jump_label_lock();
379	ret = add_jump_label_module(mod);	429	ret = add_jump_label_module(mod);
380	if (ret)	430	if (ret)
381	remove_jump_label_module(mod);	431	remove_jump_label_module(mod);
382	mutex_unlock(&jump_label_mutex);	432	jump_label_unlock();
383	break;	433	break;
384	case MODULE_STATE_GOING:	434	case MODULE_STATE_GOING:
385	mutex_lock(&jump_label_mutex);	435	jump_label_lock();
386	remove_jump_label_module(mod);	436	remove_jump_label_module(mod);
387	mutex_unlock(&jump_label_mutex);	437	jump_label_unlock();
		438	break;
		439	case MODULE_STATE_LIVE:
		440	jump_label_lock();
		441	remove_jump_label_module_init(mod);
		442	jump_label_unlock();
388	break;	443	break;
389	}	444	}
390	return ret;	445	return ret;


diff --git a/kernel/kprobes.c b/kernel/kprobes.c index 99865c33a60d..9737a76e106f 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c
@@ -1145,14 +1145,13 @@ int __kprobes register_kprobe(struct kprobe *p)
1145	if (ret)	1145	if (ret)
1146	return ret;	1146	return ret;
1147		1147
		1148	jump_label_lock();
1148	preempt_disable();	1149	preempt_disable();
1149	if (!kernel_text_address((unsigned long) p->addr) \|\|	1150	if (!kernel_text_address((unsigned long) p->addr) \|\|
1150	in_kprobes_functions((unsigned long) p->addr) \|\|	1151	in_kprobes_functions((unsigned long) p->addr) \|\|
1151	ftrace_text_reserved(p->addr, p->addr) \|\|	1152	ftrace_text_reserved(p->addr, p->addr) \|\|
1152	jump_label_text_reserved(p->addr, p->addr)) {	1153	jump_label_text_reserved(p->addr, p->addr))
1153	preempt_enable();	1154	goto fail_with_jump_label;
1154	return -EINVAL;
1155	}
1156		1155
1157	/* User can pass only KPROBE_FLAG_DISABLED to register_kprobe */	1156	/* User can pass only KPROBE_FLAG_DISABLED to register_kprobe */
1158	p->flags &= KPROBE_FLAG_DISABLED;	1157	p->flags &= KPROBE_FLAG_DISABLED;
@@ -1166,10 +1165,9 @@ int __kprobes register_kprobe(struct kprobe *p)
1166	* We must hold a refcount of the probed module while updating	1165	* We must hold a refcount of the probed module while updating
1167	* its code to prohibit unexpected unloading.	1166	* its code to prohibit unexpected unloading.
1168	*/	1167	*/
1169	if (unlikely(!try_module_get(probed_mod))) {	1168	if (unlikely(!try_module_get(probed_mod)))
1170	preempt_enable();	1169	goto fail_with_jump_label;
1171	return -EINVAL;	1170
1172	}
1173	/*	1171	/*
1174	* If the module freed .init.text, we couldn't insert	1172	* If the module freed .init.text, we couldn't insert
1175	* kprobes in there.	1173	* kprobes in there.
@@ -1177,16 +1175,18 @@ int __kprobes register_kprobe(struct kprobe *p)
1177	if (within_module_init((unsigned long)p->addr, probed_mod) &&	1175	if (within_module_init((unsigned long)p->addr, probed_mod) &&
1178	probed_mod->state != MODULE_STATE_COMING) {	1176	probed_mod->state != MODULE_STATE_COMING) {
1179	module_put(probed_mod);	1177	module_put(probed_mod);
1180	preempt_enable();	1178	goto fail_with_jump_label;
1181	return -EINVAL;
1182	}	1179	}
1183	}	1180	}
1184	preempt_enable();	1181	preempt_enable();
		1182	jump_label_unlock();
1185		1183
1186	p->nmissed = 0;	1184	p->nmissed = 0;
1187	INIT_LIST_HEAD(&p->list);	1185	INIT_LIST_HEAD(&p->list);
1188	mutex_lock(&kprobe_mutex);	1186	mutex_lock(&kprobe_mutex);
1189		1187
		1188	jump_label_lock(); /* needed to call jump_label_text_reserved() */
		1189
1190	get_online_cpus(); /* For avoiding text_mutex deadlock. */	1190	get_online_cpus(); /* For avoiding text_mutex deadlock. */
1191	mutex_lock(&text_mutex);	1191	mutex_lock(&text_mutex);
1192		1192
@@ -1214,12 +1214,18 @@ int __kprobes register_kprobe(struct kprobe *p)
1214	out:	1214	out:
1215	mutex_unlock(&text_mutex);	1215	mutex_unlock(&text_mutex);
1216	put_online_cpus();	1216	put_online_cpus();
		1217	jump_label_unlock();
1217	mutex_unlock(&kprobe_mutex);	1218	mutex_unlock(&kprobe_mutex);
1218		1219
1219	if (probed_mod)	1220	if (probed_mod)
1220	module_put(probed_mod);	1221	module_put(probed_mod);
1221		1222
1222	return ret;	1223	return ret;
		1224
		1225	fail_with_jump_label:
		1226	preempt_enable();
		1227	jump_label_unlock();
		1228	return -EINVAL;
1223	}	1229	}
1224	EXPORT_SYMBOL_GPL(register_kprobe);	1230	EXPORT_SYMBOL_GPL(register_kprobe);
1225		1231