3 files changed, 49 insertions, 30 deletions
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 0f3527d6184a..72fcd3069a90 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -896,10 +896,13 @@ static void cgroup_diput(struct dentry *dentry, struct inode *inode)
                mutex_unlock(&cgroup_mutex);
                /*
-                 * Drop the active superblock reference that we took when we
+                 * We want to drop the active superblock reference from the
-                 * created the cgroup
+                 * cgroup creation after all the dentry refs are gone -
+                 * kill_sb gets mighty unhappy otherwise.  Mark
+                 * dentry->d_fsdata with cgroup_diput() to tell
+                 * cgroup_d_release() to call deactivate_super().
                 */
-                deactivate_super(cgrp->root->sb);
+                dentry->d_fsdata = cgroup_diput;
                /*
                 * if we're getting rid of the cgroup, refcount should ensure
@@ -925,6 +928,13 @@ static int cgroup_delete(const struct dentry *d)
        return 1;
 }
+static void cgroup_d_release(struct dentry *dentry)
+{
+        /* did cgroup_diput() tell me to deactivate super? */
+        if (dentry->d_fsdata == cgroup_diput)
+                deactivate_super(dentry->d_sb);
+}
 static void remove_dir(struct dentry *d)
 {
        struct dentry *parent = dget(d->d_parent);
@@ -1532,6 +1542,7 @@ static int cgroup_get_rootdir(struct super_block *sb)
        static const struct dentry_operations cgroup_dops = {
                .d_iput = cgroup_diput,
                .d_delete = cgroup_delete,
+                .d_release = cgroup_d_release,
        };
        struct inode *inode =
diff --git a/kernel/sys.c b/kernel/sys.c
index 9ff89cb9657a..f0ec44dcd415 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -1786,27 +1786,13 @@ SYSCALL_DEFINE1(umask, int, mask)
 }
 #ifdef CONFIG_CHECKPOINT_RESTORE
-static bool vma_flags_mismatch(struct vm_area_struct *vma,
-                               unsigned long required,
-                               unsigned long banned)
-{
-        return (vma->vm_flags & required) != required ||
-                (vma->vm_flags & banned);
-}
 static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd)
 {
+        struct vm_area_struct *vma;
        struct file *exe_file;
        struct dentry *dentry;
        int err;
-        /*
-         * Setting new mm::exe_file is only allowed when no VM_EXECUTABLE vma's
-         * remain. So perform a quick test first.
-         */
-        if (mm->num_exe_file_vmas)
-                return -EBUSY;
        exe_file = fget(fd);
        if (!exe_file)
                return -EBADF;
@@ -1827,17 +1813,30 @@ static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd)
        if (err)
                goto exit;
+        down_write(&mm->mmap_sem);
+        /*
+         * Forbid mm->exe_file change if there are mapped other files.
+         */
+        err = -EBUSY;
+        for (vma = mm->mmap; vma; vma = vma->vm_next) {
+                if (vma->vm_file && !path_equal(&vma->vm_file->f_path,
+                                                &exe_file->f_path))
+                        goto exit_unlock;
+        }
        /*
         * The symlink can be changed only once, just to disallow arbitrary
         * transitions malicious software might bring in. This means one
         * could make a snapshot over all processes running and monitor
         * /proc/pid/exe changes to notice unusual activity if needed.
         */
-        down_write(&mm->mmap_sem);
+        err = -EPERM;
-        if (likely(!mm->exe_file))
+        if (test_and_set_bit(MMF_EXE_FILE_CHANGED, &mm->flags))
-                set_mm_exe_file(mm, exe_file);
+                goto exit_unlock;
-        else
-                err = -EBUSY;
+        set_mm_exe_file(mm, exe_file);
+exit_unlock:
        up_write(&mm->mmap_sem);
 exit:
@@ -1862,7 +1861,7 @@ static int prctl_set_mm(int opt, unsigned long addr,
        if (opt == PR_SET_MM_EXE_FILE)
                return prctl_set_mm_exe_file(mm, (unsigned int)addr);
-        if (addr >= TASK_SIZE)
+        if (addr >= TASK_SIZE || addr < mmap_min_addr)
                return -EINVAL;
        error = -EINVAL;
@@ -1924,12 +1923,6 @@ static int prctl_set_mm(int opt, unsigned long addr,
                        error = -EFAULT;
                        goto out;
                }
-#ifdef CONFIG_STACK_GROWSUP
-                if (vma_flags_mismatch(vma, VM_READ | VM_WRITE | VM_GROWSUP, 0))
-#else
-                if (vma_flags_mismatch(vma, VM_READ | VM_WRITE | VM_GROWSDOWN, 0))
-#endif
-                        goto out;
                if (opt == PR_SET_MM_START_STACK)
                        mm->start_stack = addr;
                else if (opt == PR_SET_MM_ARG_START)
@@ -1981,12 +1974,22 @@ out:
        up_read(&mm->mmap_sem);
        return error;
 }
+static int prctl_get_tid_address(struct task_struct *me, int __user **tid_addr)
+{
+        return put_user(me->clear_child_tid, tid_addr);
+}
 #else /* CONFIG_CHECKPOINT_RESTORE */
 static int prctl_set_mm(int opt, unsigned long addr,
                        unsigned long arg4, unsigned long arg5)
 {
        return -EINVAL;
 }
+static int prctl_get_tid_address(struct task_struct *me, int __user **tid_addr)
+{
+        return -EINVAL;
+}
 #endif
 SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
@@ -2124,6 +2127,9 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
                                else
                                        return -EINVAL;
                                break;
+                case PR_GET_TID_ADDRESS:
+                        error = prctl_get_tid_address(me, (int __user **)arg2);
+                        break;
                        default:
                                return -EINVAL;
                        }
diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
index 6e46cacf5969..6f46a00a1e8a 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -962,6 +962,7 @@ static cycle_t logarithmic_accumulation(cycle_t offset, int shift)
                timekeeper.xtime.tv_sec++;
                leap = second_overflow(timekeeper.xtime.tv_sec);
                timekeeper.xtime.tv_sec += leap;
+                timekeeper.wall_to_monotonic.tv_sec -= leap;
        }
        /* Accumulate raw time */
@@ -1077,6 +1078,7 @@ static void update_wall_time(void)
                timekeeper.xtime.tv_sec++;
                leap = second_overflow(timekeeper.xtime.tv_sec);
                timekeeper.xtime.tv_sec += leap;
+                timekeeper.wall_to_monotonic.tv_sec -= leap;
        }
        timekeeping_update(false);

diff --git a/kernel/cgroup.c b/kernel/cgroup.c index 0f3527d6184a..72fcd3069a90 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c
@@ -896,10 +896,13 @@ static void cgroup_diput(struct dentry dentry, struct inode inode)
896	mutex_unlock(&cgroup_mutex);	896	mutex_unlock(&cgroup_mutex);
897		897
898	/*	898	/*
899	* Drop the active superblock reference that we took when we	899	* We want to drop the active superblock reference from the
900	* created the cgroup	900	* cgroup creation after all the dentry refs are gone -
		901	* kill_sb gets mighty unhappy otherwise. Mark
		902	* dentry->d_fsdata with cgroup_diput() to tell
		903	* cgroup_d_release() to call deactivate_super().
901	*/	904	*/
902	deactivate_super(cgrp->root->sb);	905	dentry->d_fsdata = cgroup_diput;
903		906
904	/*	907	/*
905	* if we're getting rid of the cgroup, refcount should ensure	908	* if we're getting rid of the cgroup, refcount should ensure
@@ -925,6 +928,13 @@ static int cgroup_delete(const struct dentry *d)
925	return 1;	928	return 1;
926	}	929	}
927		930
		931	static void cgroup_d_release(struct dentry *dentry)
		932	{
		933	/* did cgroup_diput() tell me to deactivate super? */
		934	if (dentry->d_fsdata == cgroup_diput)
		935	deactivate_super(dentry->d_sb);
		936	}
		937
928	static void remove_dir(struct dentry *d)	938	static void remove_dir(struct dentry *d)
929	{	939	{
930	struct dentry *parent = dget(d->d_parent);	940	struct dentry *parent = dget(d->d_parent);
@@ -1532,6 +1542,7 @@ static int cgroup_get_rootdir(struct super_block *sb)
1532	static const struct dentry_operations cgroup_dops = {	1542	static const struct dentry_operations cgroup_dops = {
1533	.d_iput = cgroup_diput,	1543	.d_iput = cgroup_diput,
1534	.d_delete = cgroup_delete,	1544	.d_delete = cgroup_delete,
		1545	.d_release = cgroup_d_release,
1535	};	1546	};
1536		1547
1537	struct inode *inode =	1548	struct inode *inode =


diff --git a/kernel/sys.c b/kernel/sys.c index 9ff89cb9657a..f0ec44dcd415 100644 --- a/kernel/sys.c +++ b/kernel/sys.c
@@ -1786,27 +1786,13 @@ SYSCALL_DEFINE1(umask, int, mask)
1786	}	1786	}
1787		1787
1788	#ifdef CONFIG_CHECKPOINT_RESTORE	1788	#ifdef CONFIG_CHECKPOINT_RESTORE
1789	static bool vma_flags_mismatch(struct vm_area_struct *vma,
1790	unsigned long required,
1791	unsigned long banned)
1792	{
1793	return (vma->vm_flags & required) != required \|\|
1794	(vma->vm_flags & banned);
1795	}
1796
1797	static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd)	1789	static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd)
1798	{	1790	{
		1791	struct vm_area_struct *vma;
1799	struct file *exe_file;	1792	struct file *exe_file;
1800	struct dentry *dentry;	1793	struct dentry *dentry;
1801	int err;	1794	int err;
1802		1795
1803	/*
1804	* Setting new mm::exe_file is only allowed when no VM_EXECUTABLE vma's
1805	* remain. So perform a quick test first.
1806	*/
1807	if (mm->num_exe_file_vmas)
1808	return -EBUSY;
1809
1810	exe_file = fget(fd);	1796	exe_file = fget(fd);
1811	if (!exe_file)	1797	if (!exe_file)
1812	return -EBADF;	1798	return -EBADF;
@@ -1827,17 +1813,30 @@ static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd)
1827	if (err)	1813	if (err)
1828	goto exit;	1814	goto exit;
1829		1815
		1816	down_write(&mm->mmap_sem);
		1817
		1818	/*
		1819	* Forbid mm->exe_file change if there are mapped other files.
		1820	*/
		1821	err = -EBUSY;
		1822	for (vma = mm->mmap; vma; vma = vma->vm_next) {
		1823	if (vma->vm_file && !path_equal(&vma->vm_file->f_path,
		1824	&exe_file->f_path))
		1825	goto exit_unlock;
		1826	}
		1827
1830	/*	1828	/*
1831	* The symlink can be changed only once, just to disallow arbitrary	1829	* The symlink can be changed only once, just to disallow arbitrary
1832	* transitions malicious software might bring in. This means one	1830	* transitions malicious software might bring in. This means one
1833	* could make a snapshot over all processes running and monitor	1831	* could make a snapshot over all processes running and monitor
1834	* /proc/pid/exe changes to notice unusual activity if needed.	1832	* /proc/pid/exe changes to notice unusual activity if needed.
1835	*/	1833	*/
1836	down_write(&mm->mmap_sem);	1834	err = -EPERM;
1837	if (likely(!mm->exe_file))	1835	if (test_and_set_bit(MMF_EXE_FILE_CHANGED, &mm->flags))
1838	set_mm_exe_file(mm, exe_file);	1836	goto exit_unlock;
1839	else	1837
1840	err = -EBUSY;	1838	set_mm_exe_file(mm, exe_file);
		1839	exit_unlock:
1841	up_write(&mm->mmap_sem);	1840	up_write(&mm->mmap_sem);
1842		1841
1843	exit:	1842	exit:
@@ -1862,7 +1861,7 @@ static int prctl_set_mm(int opt, unsigned long addr,
1862	if (opt == PR_SET_MM_EXE_FILE)	1861	if (opt == PR_SET_MM_EXE_FILE)
1863	return prctl_set_mm_exe_file(mm, (unsigned int)addr);	1862	return prctl_set_mm_exe_file(mm, (unsigned int)addr);
1864		1863
1865	if (addr >= TASK_SIZE)	1864	if (addr >= TASK_SIZE \|\| addr < mmap_min_addr)
1866	return -EINVAL;	1865	return -EINVAL;
1867		1866
1868	error = -EINVAL;	1867	error = -EINVAL;
@@ -1924,12 +1923,6 @@ static int prctl_set_mm(int opt, unsigned long addr,
1924	error = -EFAULT;	1923	error = -EFAULT;
1925	goto out;	1924	goto out;
1926	}	1925	}
1927	#ifdef CONFIG_STACK_GROWSUP
1928	if (vma_flags_mismatch(vma, VM_READ \| VM_WRITE \| VM_GROWSUP, 0))
1929	#else
1930	if (vma_flags_mismatch(vma, VM_READ \| VM_WRITE \| VM_GROWSDOWN, 0))
1931	#endif
1932	goto out;
1933	if (opt == PR_SET_MM_START_STACK)	1926	if (opt == PR_SET_MM_START_STACK)
1934	mm->start_stack = addr;	1927	mm->start_stack = addr;
1935	else if (opt == PR_SET_MM_ARG_START)	1928	else if (opt == PR_SET_MM_ARG_START)
@@ -1981,12 +1974,22 @@ out:
1981	up_read(&mm->mmap_sem);	1974	up_read(&mm->mmap_sem);
1982	return error;	1975	return error;
1983	}	1976	}
		1977
		1978	static int prctl_get_tid_address(struct task_struct me, int __user *tid_addr)
		1979	{
		1980	return put_user(me->clear_child_tid, tid_addr);
		1981	}
		1982
1984	#else /* CONFIG_CHECKPOINT_RESTORE */	1983	#else /* CONFIG_CHECKPOINT_RESTORE */
1985	static int prctl_set_mm(int opt, unsigned long addr,	1984	static int prctl_set_mm(int opt, unsigned long addr,
1986	unsigned long arg4, unsigned long arg5)	1985	unsigned long arg4, unsigned long arg5)
1987	{	1986	{
1988	return -EINVAL;	1987	return -EINVAL;
1989	}	1988	}
		1989	static int prctl_get_tid_address(struct task_struct me, int __user *tid_addr)
		1990	{
		1991	return -EINVAL;
		1992	}
1990	#endif	1993	#endif
1991		1994
1992	SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,	1995	SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
@@ -2124,6 +2127,9 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
2124	else	2127	else
2125	return -EINVAL;	2128	return -EINVAL;
2126	break;	2129	break;
		2130	case PR_GET_TID_ADDRESS:
		2131	error = prctl_get_tid_address(me, (int __user **)arg2);
		2132	break;
2127	default:	2133	default:
2128	return -EINVAL;	2134	return -EINVAL;
2129	}	2135	}


diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c index 6e46cacf5969..6f46a00a1e8a 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c
@@ -962,6 +962,7 @@ static cycle_t logarithmic_accumulation(cycle_t offset, int shift)
962	timekeeper.xtime.tv_sec++;	962	timekeeper.xtime.tv_sec++;
963	leap = second_overflow(timekeeper.xtime.tv_sec);	963	leap = second_overflow(timekeeper.xtime.tv_sec);
964	timekeeper.xtime.tv_sec += leap;	964	timekeeper.xtime.tv_sec += leap;
		965	timekeeper.wall_to_monotonic.tv_sec -= leap;
965	}	966	}
966		967
967	/* Accumulate raw time */	968	/* Accumulate raw time */
@@ -1077,6 +1078,7 @@ static void update_wall_time(void)
1077	timekeeper.xtime.tv_sec++;	1078	timekeeper.xtime.tv_sec++;
1078	leap = second_overflow(timekeeper.xtime.tv_sec);	1079	leap = second_overflow(timekeeper.xtime.tv_sec);
1079	timekeeper.xtime.tv_sec += leap;	1080	timekeeper.xtime.tv_sec += leap;
		1081	timekeeper.wall_to_monotonic.tv_sec -= leap;
1080	}	1082	}
1081		1083
1082	timekeeping_update(false);	1084	timekeeping_update(false);