diff options
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/cgroup.c | 1 | ||||
-rw-r--r-- | kernel/futex.c | 27 | ||||
-rw-r--r-- | kernel/kfifo.c | 107 | ||||
-rw-r--r-- | kernel/kmod.c | 12 | ||||
-rw-r--r-- | kernel/module.c | 17 | ||||
-rw-r--r-- | kernel/signal.c | 3 | ||||
-rw-r--r-- | kernel/smp.c | 2 | ||||
-rw-r--r-- | kernel/trace/ftrace.c | 6 | ||||
-rw-r--r-- | kernel/trace/ring_buffer.c | 4 | ||||
-rw-r--r-- | kernel/trace/trace_events_filter.c | 29 |
10 files changed, 132 insertions, 76 deletions
diff --git a/kernel/cgroup.c b/kernel/cgroup.c index 0249f4be9b5c..1fbcc748044a 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c | |||
@@ -2468,7 +2468,6 @@ static struct cgroup_pidlist *cgroup_pidlist_find(struct cgroup *cgrp, | |||
2468 | /* make sure l doesn't vanish out from under us */ | 2468 | /* make sure l doesn't vanish out from under us */ |
2469 | down_write(&l->mutex); | 2469 | down_write(&l->mutex); |
2470 | mutex_unlock(&cgrp->pidlist_mutex); | 2470 | mutex_unlock(&cgrp->pidlist_mutex); |
2471 | l->use_count++; | ||
2472 | return l; | 2471 | return l; |
2473 | } | 2472 | } |
2474 | } | 2473 | } |
diff --git a/kernel/futex.c b/kernel/futex.c index 8e3c3ffe1b9a..d9b3a2228f9d 100644 --- a/kernel/futex.c +++ b/kernel/futex.c | |||
@@ -203,8 +203,6 @@ static void drop_futex_key_refs(union futex_key *key) | |||
203 | * @uaddr: virtual address of the futex | 203 | * @uaddr: virtual address of the futex |
204 | * @fshared: 0 for a PROCESS_PRIVATE futex, 1 for PROCESS_SHARED | 204 | * @fshared: 0 for a PROCESS_PRIVATE futex, 1 for PROCESS_SHARED |
205 | * @key: address where result is stored. | 205 | * @key: address where result is stored. |
206 | * @rw: mapping needs to be read/write (values: VERIFY_READ, | ||
207 | * VERIFY_WRITE) | ||
208 | * | 206 | * |
209 | * Returns a negative error code or 0 | 207 | * Returns a negative error code or 0 |
210 | * The key words are stored in *key on success. | 208 | * The key words are stored in *key on success. |
@@ -216,7 +214,7 @@ static void drop_futex_key_refs(union futex_key *key) | |||
216 | * lock_page() might sleep, the caller should not hold a spinlock. | 214 | * lock_page() might sleep, the caller should not hold a spinlock. |
217 | */ | 215 | */ |
218 | static int | 216 | static int |
219 | get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) | 217 | get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key) |
220 | { | 218 | { |
221 | unsigned long address = (unsigned long)uaddr; | 219 | unsigned long address = (unsigned long)uaddr; |
222 | struct mm_struct *mm = current->mm; | 220 | struct mm_struct *mm = current->mm; |
@@ -239,7 +237,7 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) | |||
239 | * but access_ok() should be faster than find_vma() | 237 | * but access_ok() should be faster than find_vma() |
240 | */ | 238 | */ |
241 | if (!fshared) { | 239 | if (!fshared) { |
242 | if (unlikely(!access_ok(rw, uaddr, sizeof(u32)))) | 240 | if (unlikely(!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))) |
243 | return -EFAULT; | 241 | return -EFAULT; |
244 | key->private.mm = mm; | 242 | key->private.mm = mm; |
245 | key->private.address = address; | 243 | key->private.address = address; |
@@ -248,7 +246,7 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) | |||
248 | } | 246 | } |
249 | 247 | ||
250 | again: | 248 | again: |
251 | err = get_user_pages_fast(address, 1, rw == VERIFY_WRITE, &page); | 249 | err = get_user_pages_fast(address, 1, 1, &page); |
252 | if (err < 0) | 250 | if (err < 0) |
253 | return err; | 251 | return err; |
254 | 252 | ||
@@ -867,7 +865,7 @@ static int futex_wake(u32 __user *uaddr, int fshared, int nr_wake, u32 bitset) | |||
867 | if (!bitset) | 865 | if (!bitset) |
868 | return -EINVAL; | 866 | return -EINVAL; |
869 | 867 | ||
870 | ret = get_futex_key(uaddr, fshared, &key, VERIFY_READ); | 868 | ret = get_futex_key(uaddr, fshared, &key); |
871 | if (unlikely(ret != 0)) | 869 | if (unlikely(ret != 0)) |
872 | goto out; | 870 | goto out; |
873 | 871 | ||
@@ -913,10 +911,10 @@ futex_wake_op(u32 __user *uaddr1, int fshared, u32 __user *uaddr2, | |||
913 | int ret, op_ret; | 911 | int ret, op_ret; |
914 | 912 | ||
915 | retry: | 913 | retry: |
916 | ret = get_futex_key(uaddr1, fshared, &key1, VERIFY_READ); | 914 | ret = get_futex_key(uaddr1, fshared, &key1); |
917 | if (unlikely(ret != 0)) | 915 | if (unlikely(ret != 0)) |
918 | goto out; | 916 | goto out; |
919 | ret = get_futex_key(uaddr2, fshared, &key2, VERIFY_WRITE); | 917 | ret = get_futex_key(uaddr2, fshared, &key2); |
920 | if (unlikely(ret != 0)) | 918 | if (unlikely(ret != 0)) |
921 | goto out_put_key1; | 919 | goto out_put_key1; |
922 | 920 | ||
@@ -1175,11 +1173,10 @@ retry: | |||
1175 | pi_state = NULL; | 1173 | pi_state = NULL; |
1176 | } | 1174 | } |
1177 | 1175 | ||
1178 | ret = get_futex_key(uaddr1, fshared, &key1, VERIFY_READ); | 1176 | ret = get_futex_key(uaddr1, fshared, &key1); |
1179 | if (unlikely(ret != 0)) | 1177 | if (unlikely(ret != 0)) |
1180 | goto out; | 1178 | goto out; |
1181 | ret = get_futex_key(uaddr2, fshared, &key2, | 1179 | ret = get_futex_key(uaddr2, fshared, &key2); |
1182 | requeue_pi ? VERIFY_WRITE : VERIFY_READ); | ||
1183 | if (unlikely(ret != 0)) | 1180 | if (unlikely(ret != 0)) |
1184 | goto out_put_key1; | 1181 | goto out_put_key1; |
1185 | 1182 | ||
@@ -1738,7 +1735,7 @@ static int futex_wait_setup(u32 __user *uaddr, u32 val, int fshared, | |||
1738 | */ | 1735 | */ |
1739 | retry: | 1736 | retry: |
1740 | q->key = FUTEX_KEY_INIT; | 1737 | q->key = FUTEX_KEY_INIT; |
1741 | ret = get_futex_key(uaddr, fshared, &q->key, VERIFY_READ); | 1738 | ret = get_futex_key(uaddr, fshared, &q->key); |
1742 | if (unlikely(ret != 0)) | 1739 | if (unlikely(ret != 0)) |
1743 | return ret; | 1740 | return ret; |
1744 | 1741 | ||
@@ -1904,7 +1901,7 @@ static int futex_lock_pi(u32 __user *uaddr, int fshared, | |||
1904 | q.requeue_pi_key = NULL; | 1901 | q.requeue_pi_key = NULL; |
1905 | retry: | 1902 | retry: |
1906 | q.key = FUTEX_KEY_INIT; | 1903 | q.key = FUTEX_KEY_INIT; |
1907 | ret = get_futex_key(uaddr, fshared, &q.key, VERIFY_WRITE); | 1904 | ret = get_futex_key(uaddr, fshared, &q.key); |
1908 | if (unlikely(ret != 0)) | 1905 | if (unlikely(ret != 0)) |
1909 | goto out; | 1906 | goto out; |
1910 | 1907 | ||
@@ -2023,7 +2020,7 @@ retry: | |||
2023 | if ((uval & FUTEX_TID_MASK) != task_pid_vnr(current)) | 2020 | if ((uval & FUTEX_TID_MASK) != task_pid_vnr(current)) |
2024 | return -EPERM; | 2021 | return -EPERM; |
2025 | 2022 | ||
2026 | ret = get_futex_key(uaddr, fshared, &key, VERIFY_WRITE); | 2023 | ret = get_futex_key(uaddr, fshared, &key); |
2027 | if (unlikely(ret != 0)) | 2024 | if (unlikely(ret != 0)) |
2028 | goto out; | 2025 | goto out; |
2029 | 2026 | ||
@@ -2215,7 +2212,7 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, int fshared, | |||
2215 | rt_waiter.task = NULL; | 2212 | rt_waiter.task = NULL; |
2216 | 2213 | ||
2217 | key2 = FUTEX_KEY_INIT; | 2214 | key2 = FUTEX_KEY_INIT; |
2218 | ret = get_futex_key(uaddr2, fshared, &key2, VERIFY_WRITE); | 2215 | ret = get_futex_key(uaddr2, fshared, &key2); |
2219 | if (unlikely(ret != 0)) | 2216 | if (unlikely(ret != 0)) |
2220 | goto out; | 2217 | goto out; |
2221 | 2218 | ||
diff --git a/kernel/kfifo.c b/kernel/kfifo.c index e92d519f93b1..32c5c15d750d 100644 --- a/kernel/kfifo.c +++ b/kernel/kfifo.c | |||
@@ -28,7 +28,7 @@ | |||
28 | #include <linux/log2.h> | 28 | #include <linux/log2.h> |
29 | #include <linux/uaccess.h> | 29 | #include <linux/uaccess.h> |
30 | 30 | ||
31 | static void _kfifo_init(struct kfifo *fifo, unsigned char *buffer, | 31 | static void _kfifo_init(struct kfifo *fifo, void *buffer, |
32 | unsigned int size) | 32 | unsigned int size) |
33 | { | 33 | { |
34 | fifo->buffer = buffer; | 34 | fifo->buffer = buffer; |
@@ -41,10 +41,10 @@ static void _kfifo_init(struct kfifo *fifo, unsigned char *buffer, | |||
41 | * kfifo_init - initialize a FIFO using a preallocated buffer | 41 | * kfifo_init - initialize a FIFO using a preallocated buffer |
42 | * @fifo: the fifo to assign the buffer | 42 | * @fifo: the fifo to assign the buffer |
43 | * @buffer: the preallocated buffer to be used. | 43 | * @buffer: the preallocated buffer to be used. |
44 | * @size: the size of the internal buffer, this have to be a power of 2. | 44 | * @size: the size of the internal buffer, this has to be a power of 2. |
45 | * | 45 | * |
46 | */ | 46 | */ |
47 | void kfifo_init(struct kfifo *fifo, unsigned char *buffer, unsigned int size) | 47 | void kfifo_init(struct kfifo *fifo, void *buffer, unsigned int size) |
48 | { | 48 | { |
49 | /* size must be a power of 2 */ | 49 | /* size must be a power of 2 */ |
50 | BUG_ON(!is_power_of_2(size)); | 50 | BUG_ON(!is_power_of_2(size)); |
@@ -159,8 +159,9 @@ static inline void __kfifo_out_data(struct kfifo *fifo, | |||
159 | memcpy(to + l, fifo->buffer, len - l); | 159 | memcpy(to + l, fifo->buffer, len - l); |
160 | } | 160 | } |
161 | 161 | ||
162 | static inline unsigned int __kfifo_from_user_data(struct kfifo *fifo, | 162 | static inline int __kfifo_from_user_data(struct kfifo *fifo, |
163 | const void __user *from, unsigned int len, unsigned int off) | 163 | const void __user *from, unsigned int len, unsigned int off, |
164 | unsigned *lenout) | ||
164 | { | 165 | { |
165 | unsigned int l; | 166 | unsigned int l; |
166 | int ret; | 167 | int ret; |
@@ -177,16 +178,20 @@ static inline unsigned int __kfifo_from_user_data(struct kfifo *fifo, | |||
177 | /* first put the data starting from fifo->in to buffer end */ | 178 | /* first put the data starting from fifo->in to buffer end */ |
178 | l = min(len, fifo->size - off); | 179 | l = min(len, fifo->size - off); |
179 | ret = copy_from_user(fifo->buffer + off, from, l); | 180 | ret = copy_from_user(fifo->buffer + off, from, l); |
180 | 181 | if (unlikely(ret)) { | |
181 | if (unlikely(ret)) | 182 | *lenout = ret; |
182 | return ret + len - l; | 183 | return -EFAULT; |
184 | } | ||
185 | *lenout = l; | ||
183 | 186 | ||
184 | /* then put the rest (if any) at the beginning of the buffer */ | 187 | /* then put the rest (if any) at the beginning of the buffer */ |
185 | return copy_from_user(fifo->buffer, from + l, len - l); | 188 | ret = copy_from_user(fifo->buffer, from + l, len - l); |
189 | *lenout += ret ? ret : len - l; | ||
190 | return ret ? -EFAULT : 0; | ||
186 | } | 191 | } |
187 | 192 | ||
188 | static inline unsigned int __kfifo_to_user_data(struct kfifo *fifo, | 193 | static inline int __kfifo_to_user_data(struct kfifo *fifo, |
189 | void __user *to, unsigned int len, unsigned int off) | 194 | void __user *to, unsigned int len, unsigned int off, unsigned *lenout) |
190 | { | 195 | { |
191 | unsigned int l; | 196 | unsigned int l; |
192 | int ret; | 197 | int ret; |
@@ -203,12 +208,21 @@ static inline unsigned int __kfifo_to_user_data(struct kfifo *fifo, | |||
203 | /* first get the data from fifo->out until the end of the buffer */ | 208 | /* first get the data from fifo->out until the end of the buffer */ |
204 | l = min(len, fifo->size - off); | 209 | l = min(len, fifo->size - off); |
205 | ret = copy_to_user(to, fifo->buffer + off, l); | 210 | ret = copy_to_user(to, fifo->buffer + off, l); |
206 | 211 | *lenout = l; | |
207 | if (unlikely(ret)) | 212 | if (unlikely(ret)) { |
208 | return ret + len - l; | 213 | *lenout -= ret; |
214 | return -EFAULT; | ||
215 | } | ||
209 | 216 | ||
210 | /* then get the rest (if any) from the beginning of the buffer */ | 217 | /* then get the rest (if any) from the beginning of the buffer */ |
211 | return copy_to_user(to + l, fifo->buffer, len - l); | 218 | len -= l; |
219 | ret = copy_to_user(to + l, fifo->buffer, len); | ||
220 | if (unlikely(ret)) { | ||
221 | *lenout += len - ret; | ||
222 | return -EFAULT; | ||
223 | } | ||
224 | *lenout += len; | ||
225 | return 0; | ||
212 | } | 226 | } |
213 | 227 | ||
214 | unsigned int __kfifo_in_n(struct kfifo *fifo, | 228 | unsigned int __kfifo_in_n(struct kfifo *fifo, |
@@ -235,7 +249,7 @@ EXPORT_SYMBOL(__kfifo_in_n); | |||
235 | * Note that with only one concurrent reader and one concurrent | 249 | * Note that with only one concurrent reader and one concurrent |
236 | * writer, you don't need extra locking to use these functions. | 250 | * writer, you don't need extra locking to use these functions. |
237 | */ | 251 | */ |
238 | unsigned int kfifo_in(struct kfifo *fifo, const unsigned char *from, | 252 | unsigned int kfifo_in(struct kfifo *fifo, const void *from, |
239 | unsigned int len) | 253 | unsigned int len) |
240 | { | 254 | { |
241 | len = min(kfifo_avail(fifo), len); | 255 | len = min(kfifo_avail(fifo), len); |
@@ -277,7 +291,7 @@ EXPORT_SYMBOL(__kfifo_out_n); | |||
277 | * Note that with only one concurrent reader and one concurrent | 291 | * Note that with only one concurrent reader and one concurrent |
278 | * writer, you don't need extra locking to use these functions. | 292 | * writer, you don't need extra locking to use these functions. |
279 | */ | 293 | */ |
280 | unsigned int kfifo_out(struct kfifo *fifo, unsigned char *to, unsigned int len) | 294 | unsigned int kfifo_out(struct kfifo *fifo, void *to, unsigned int len) |
281 | { | 295 | { |
282 | len = min(kfifo_len(fifo), len); | 296 | len = min(kfifo_len(fifo), len); |
283 | 297 | ||
@@ -288,6 +302,27 @@ unsigned int kfifo_out(struct kfifo *fifo, unsigned char *to, unsigned int len) | |||
288 | } | 302 | } |
289 | EXPORT_SYMBOL(kfifo_out); | 303 | EXPORT_SYMBOL(kfifo_out); |
290 | 304 | ||
305 | /** | ||
306 | * kfifo_out_peek - copy some data from the FIFO, but do not remove it | ||
307 | * @fifo: the fifo to be used. | ||
308 | * @to: where the data must be copied. | ||
309 | * @len: the size of the destination buffer. | ||
310 | * @offset: offset into the fifo | ||
311 | * | ||
312 | * This function copies at most @len bytes at @offset from the FIFO | ||
313 | * into the @to buffer and returns the number of copied bytes. | ||
314 | * The data is not removed from the FIFO. | ||
315 | */ | ||
316 | unsigned int kfifo_out_peek(struct kfifo *fifo, void *to, unsigned int len, | ||
317 | unsigned offset) | ||
318 | { | ||
319 | len = min(kfifo_len(fifo), len + offset); | ||
320 | |||
321 | __kfifo_out_data(fifo, to, len, offset); | ||
322 | return len; | ||
323 | } | ||
324 | EXPORT_SYMBOL(kfifo_out_peek); | ||
325 | |||
291 | unsigned int __kfifo_out_generic(struct kfifo *fifo, | 326 | unsigned int __kfifo_out_generic(struct kfifo *fifo, |
292 | void *to, unsigned int len, unsigned int recsize, | 327 | void *to, unsigned int len, unsigned int recsize, |
293 | unsigned int *total) | 328 | unsigned int *total) |
@@ -299,10 +334,13 @@ EXPORT_SYMBOL(__kfifo_out_generic); | |||
299 | unsigned int __kfifo_from_user_n(struct kfifo *fifo, | 334 | unsigned int __kfifo_from_user_n(struct kfifo *fifo, |
300 | const void __user *from, unsigned int len, unsigned int recsize) | 335 | const void __user *from, unsigned int len, unsigned int recsize) |
301 | { | 336 | { |
337 | unsigned total; | ||
338 | |||
302 | if (kfifo_avail(fifo) < len + recsize) | 339 | if (kfifo_avail(fifo) < len + recsize) |
303 | return len + 1; | 340 | return len + 1; |
304 | 341 | ||
305 | return __kfifo_from_user_data(fifo, from, len, recsize); | 342 | __kfifo_from_user_data(fifo, from, len, recsize, &total); |
343 | return total; | ||
306 | } | 344 | } |
307 | EXPORT_SYMBOL(__kfifo_from_user_n); | 345 | EXPORT_SYMBOL(__kfifo_from_user_n); |
308 | 346 | ||
@@ -313,18 +351,21 @@ EXPORT_SYMBOL(__kfifo_from_user_n); | |||
313 | * @len: the length of the data to be added. | 351 | * @len: the length of the data to be added. |
314 | * | 352 | * |
315 | * This function copies at most @len bytes from the @from into the | 353 | * This function copies at most @len bytes from the @from into the |
316 | * FIFO depending and returns the number of copied bytes. | 354 | * FIFO depending and returns -EFAULT/0. |
317 | * | 355 | * |
318 | * Note that with only one concurrent reader and one concurrent | 356 | * Note that with only one concurrent reader and one concurrent |
319 | * writer, you don't need extra locking to use these functions. | 357 | * writer, you don't need extra locking to use these functions. |
320 | */ | 358 | */ |
321 | unsigned int kfifo_from_user(struct kfifo *fifo, | 359 | int kfifo_from_user(struct kfifo *fifo, |
322 | const void __user *from, unsigned int len) | 360 | const void __user *from, unsigned int len, unsigned *total) |
323 | { | 361 | { |
362 | int ret; | ||
324 | len = min(kfifo_avail(fifo), len); | 363 | len = min(kfifo_avail(fifo), len); |
325 | len -= __kfifo_from_user_data(fifo, from, len, 0); | 364 | ret = __kfifo_from_user_data(fifo, from, len, 0, total); |
365 | if (ret) | ||
366 | return ret; | ||
326 | __kfifo_add_in(fifo, len); | 367 | __kfifo_add_in(fifo, len); |
327 | return len; | 368 | return 0; |
328 | } | 369 | } |
329 | EXPORT_SYMBOL(kfifo_from_user); | 370 | EXPORT_SYMBOL(kfifo_from_user); |
330 | 371 | ||
@@ -339,17 +380,17 @@ unsigned int __kfifo_to_user_n(struct kfifo *fifo, | |||
339 | void __user *to, unsigned int len, unsigned int reclen, | 380 | void __user *to, unsigned int len, unsigned int reclen, |
340 | unsigned int recsize) | 381 | unsigned int recsize) |
341 | { | 382 | { |
342 | unsigned int ret; | 383 | unsigned int ret, total; |
343 | 384 | ||
344 | if (kfifo_len(fifo) < reclen + recsize) | 385 | if (kfifo_len(fifo) < reclen + recsize) |
345 | return len; | 386 | return len; |
346 | 387 | ||
347 | ret = __kfifo_to_user_data(fifo, to, reclen, recsize); | 388 | ret = __kfifo_to_user_data(fifo, to, reclen, recsize, &total); |
348 | 389 | ||
349 | if (likely(ret == 0)) | 390 | if (likely(ret == 0)) |
350 | __kfifo_add_out(fifo, reclen + recsize); | 391 | __kfifo_add_out(fifo, reclen + recsize); |
351 | 392 | ||
352 | return ret; | 393 | return total; |
353 | } | 394 | } |
354 | EXPORT_SYMBOL(__kfifo_to_user_n); | 395 | EXPORT_SYMBOL(__kfifo_to_user_n); |
355 | 396 | ||
@@ -358,20 +399,22 @@ EXPORT_SYMBOL(__kfifo_to_user_n); | |||
358 | * @fifo: the fifo to be used. | 399 | * @fifo: the fifo to be used. |
359 | * @to: where the data must be copied. | 400 | * @to: where the data must be copied. |
360 | * @len: the size of the destination buffer. | 401 | * @len: the size of the destination buffer. |
402 | @ @lenout: pointer to output variable with copied data | ||
361 | * | 403 | * |
362 | * This function copies at most @len bytes from the FIFO into the | 404 | * This function copies at most @len bytes from the FIFO into the |
363 | * @to buffer and returns the number of copied bytes. | 405 | * @to buffer and 0 or -EFAULT. |
364 | * | 406 | * |
365 | * Note that with only one concurrent reader and one concurrent | 407 | * Note that with only one concurrent reader and one concurrent |
366 | * writer, you don't need extra locking to use these functions. | 408 | * writer, you don't need extra locking to use these functions. |
367 | */ | 409 | */ |
368 | unsigned int kfifo_to_user(struct kfifo *fifo, | 410 | int kfifo_to_user(struct kfifo *fifo, |
369 | void __user *to, unsigned int len) | 411 | void __user *to, unsigned int len, unsigned *lenout) |
370 | { | 412 | { |
413 | int ret; | ||
371 | len = min(kfifo_len(fifo), len); | 414 | len = min(kfifo_len(fifo), len); |
372 | len -= __kfifo_to_user_data(fifo, to, len, 0); | 415 | ret = __kfifo_to_user_data(fifo, to, len, 0, lenout); |
373 | __kfifo_add_out(fifo, len); | 416 | __kfifo_add_out(fifo, *lenout); |
374 | return len; | 417 | return ret; |
375 | } | 418 | } |
376 | EXPORT_SYMBOL(kfifo_to_user); | 419 | EXPORT_SYMBOL(kfifo_to_user); |
377 | 420 | ||
diff --git a/kernel/kmod.c b/kernel/kmod.c index 25b103190364..bf0e231d9702 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c | |||
@@ -520,13 +520,15 @@ int call_usermodehelper_pipe(char *path, char **argv, char **envp, | |||
520 | return -ENOMEM; | 520 | return -ENOMEM; |
521 | 521 | ||
522 | ret = call_usermodehelper_stdinpipe(sub_info, filp); | 522 | ret = call_usermodehelper_stdinpipe(sub_info, filp); |
523 | if (ret < 0) | 523 | if (ret < 0) { |
524 | goto out; | 524 | call_usermodehelper_freeinfo(sub_info); |
525 | return ret; | ||
526 | } | ||
525 | 527 | ||
526 | return call_usermodehelper_exec(sub_info, UMH_WAIT_EXEC); | 528 | ret = call_usermodehelper_exec(sub_info, UMH_WAIT_EXEC); |
529 | if (ret < 0) /* Failed to execute helper, close pipe */ | ||
530 | filp_close(*filp, NULL); | ||
527 | 531 | ||
528 | out: | ||
529 | call_usermodehelper_freeinfo(sub_info); | ||
530 | return ret; | 532 | return ret; |
531 | } | 533 | } |
532 | EXPORT_SYMBOL(call_usermodehelper_pipe); | 534 | EXPORT_SYMBOL(call_usermodehelper_pipe); |
diff --git a/kernel/module.c b/kernel/module.c index e96b8ed1cb6a..f82386bd9ee9 100644 --- a/kernel/module.c +++ b/kernel/module.c | |||
@@ -1010,6 +1010,12 @@ static const struct kernel_symbol *resolve_symbol(Elf_Shdr *sechdrs, | |||
1010 | * J. Corbet <corbet@lwn.net> | 1010 | * J. Corbet <corbet@lwn.net> |
1011 | */ | 1011 | */ |
1012 | #if defined(CONFIG_KALLSYMS) && defined(CONFIG_SYSFS) | 1012 | #if defined(CONFIG_KALLSYMS) && defined(CONFIG_SYSFS) |
1013 | |||
1014 | static inline bool sect_empty(const Elf_Shdr *sect) | ||
1015 | { | ||
1016 | return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0; | ||
1017 | } | ||
1018 | |||
1013 | struct module_sect_attr | 1019 | struct module_sect_attr |
1014 | { | 1020 | { |
1015 | struct module_attribute mattr; | 1021 | struct module_attribute mattr; |
@@ -1051,8 +1057,7 @@ static void add_sect_attrs(struct module *mod, unsigned int nsect, | |||
1051 | 1057 | ||
1052 | /* Count loaded sections and allocate structures */ | 1058 | /* Count loaded sections and allocate structures */ |
1053 | for (i = 0; i < nsect; i++) | 1059 | for (i = 0; i < nsect; i++) |
1054 | if (sechdrs[i].sh_flags & SHF_ALLOC | 1060 | if (!sect_empty(&sechdrs[i])) |
1055 | && sechdrs[i].sh_size) | ||
1056 | nloaded++; | 1061 | nloaded++; |
1057 | size[0] = ALIGN(sizeof(*sect_attrs) | 1062 | size[0] = ALIGN(sizeof(*sect_attrs) |
1058 | + nloaded * sizeof(sect_attrs->attrs[0]), | 1063 | + nloaded * sizeof(sect_attrs->attrs[0]), |
@@ -1070,9 +1075,7 @@ static void add_sect_attrs(struct module *mod, unsigned int nsect, | |||
1070 | sattr = §_attrs->attrs[0]; | 1075 | sattr = §_attrs->attrs[0]; |
1071 | gattr = §_attrs->grp.attrs[0]; | 1076 | gattr = §_attrs->grp.attrs[0]; |
1072 | for (i = 0; i < nsect; i++) { | 1077 | for (i = 0; i < nsect; i++) { |
1073 | if (! (sechdrs[i].sh_flags & SHF_ALLOC)) | 1078 | if (sect_empty(&sechdrs[i])) |
1074 | continue; | ||
1075 | if (!sechdrs[i].sh_size) | ||
1076 | continue; | 1079 | continue; |
1077 | sattr->address = sechdrs[i].sh_addr; | 1080 | sattr->address = sechdrs[i].sh_addr; |
1078 | sattr->name = kstrdup(secstrings + sechdrs[i].sh_name, | 1081 | sattr->name = kstrdup(secstrings + sechdrs[i].sh_name, |
@@ -1156,7 +1159,7 @@ static void add_notes_attrs(struct module *mod, unsigned int nsect, | |||
1156 | /* Count notes sections and allocate structures. */ | 1159 | /* Count notes sections and allocate structures. */ |
1157 | notes = 0; | 1160 | notes = 0; |
1158 | for (i = 0; i < nsect; i++) | 1161 | for (i = 0; i < nsect; i++) |
1159 | if ((sechdrs[i].sh_flags & SHF_ALLOC) && | 1162 | if (!sect_empty(&sechdrs[i]) && |
1160 | (sechdrs[i].sh_type == SHT_NOTE)) | 1163 | (sechdrs[i].sh_type == SHT_NOTE)) |
1161 | ++notes; | 1164 | ++notes; |
1162 | 1165 | ||
@@ -1172,7 +1175,7 @@ static void add_notes_attrs(struct module *mod, unsigned int nsect, | |||
1172 | notes_attrs->notes = notes; | 1175 | notes_attrs->notes = notes; |
1173 | nattr = ¬es_attrs->attrs[0]; | 1176 | nattr = ¬es_attrs->attrs[0]; |
1174 | for (loaded = i = 0; i < nsect; ++i) { | 1177 | for (loaded = i = 0; i < nsect; ++i) { |
1175 | if (!(sechdrs[i].sh_flags & SHF_ALLOC)) | 1178 | if (sect_empty(&sechdrs[i])) |
1176 | continue; | 1179 | continue; |
1177 | if (sechdrs[i].sh_type == SHT_NOTE) { | 1180 | if (sechdrs[i].sh_type == SHT_NOTE) { |
1178 | nattr->attr.name = mod->sect_attrs->attrs[loaded].name; | 1181 | nattr->attr.name = mod->sect_attrs->attrs[loaded].name; |
diff --git a/kernel/signal.c b/kernel/signal.c index d09692b40376..934ae5e687b9 100644 --- a/kernel/signal.c +++ b/kernel/signal.c | |||
@@ -979,7 +979,8 @@ static void print_fatal_signal(struct pt_regs *regs, int signr) | |||
979 | for (i = 0; i < 16; i++) { | 979 | for (i = 0; i < 16; i++) { |
980 | unsigned char insn; | 980 | unsigned char insn; |
981 | 981 | ||
982 | __get_user(insn, (unsigned char *)(regs->ip + i)); | 982 | if (get_user(insn, (unsigned char *)(regs->ip + i))) |
983 | break; | ||
983 | printk("%02x ", insn); | 984 | printk("%02x ", insn); |
984 | } | 985 | } |
985 | } | 986 | } |
diff --git a/kernel/smp.c b/kernel/smp.c index de735a6637d0..f10408422444 100644 --- a/kernel/smp.c +++ b/kernel/smp.c | |||
@@ -347,7 +347,7 @@ int smp_call_function_any(const struct cpumask *mask, | |||
347 | goto call; | 347 | goto call; |
348 | 348 | ||
349 | /* Try for same node. */ | 349 | /* Try for same node. */ |
350 | nodemask = cpumask_of_node(cpu); | 350 | nodemask = cpumask_of_node(cpu_to_node(cpu)); |
351 | for (cpu = cpumask_first_and(nodemask, mask); cpu < nr_cpu_ids; | 351 | for (cpu = cpumask_first_and(nodemask, mask); cpu < nr_cpu_ids; |
352 | cpu = cpumask_next_and(cpu, nodemask, mask)) { | 352 | cpu = cpumask_next_and(cpu, nodemask, mask)) { |
353 | if (cpu_online(cpu)) | 353 | if (cpu_online(cpu)) |
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 7968762c8167..1e6640f80454 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c | |||
@@ -1690,7 +1690,7 @@ ftrace_regex_lseek(struct file *file, loff_t offset, int origin) | |||
1690 | static int ftrace_match(char *str, char *regex, int len, int type) | 1690 | static int ftrace_match(char *str, char *regex, int len, int type) |
1691 | { | 1691 | { |
1692 | int matched = 0; | 1692 | int matched = 0; |
1693 | char *ptr; | 1693 | int slen; |
1694 | 1694 | ||
1695 | switch (type) { | 1695 | switch (type) { |
1696 | case MATCH_FULL: | 1696 | case MATCH_FULL: |
@@ -1706,8 +1706,8 @@ static int ftrace_match(char *str, char *regex, int len, int type) | |||
1706 | matched = 1; | 1706 | matched = 1; |
1707 | break; | 1707 | break; |
1708 | case MATCH_END_ONLY: | 1708 | case MATCH_END_ONLY: |
1709 | ptr = strstr(str, regex); | 1709 | slen = strlen(str); |
1710 | if (ptr && (ptr[len] == 0)) | 1710 | if (slen >= len && memcmp(str + slen - len, regex, len) == 0) |
1711 | matched = 1; | 1711 | matched = 1; |
1712 | break; | 1712 | break; |
1713 | } | 1713 | } |
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 2326b04c95c4..edefe3b2801b 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c | |||
@@ -2869,7 +2869,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) | |||
2869 | * Splice the empty reader page into the list around the head. | 2869 | * Splice the empty reader page into the list around the head. |
2870 | */ | 2870 | */ |
2871 | reader = rb_set_head_page(cpu_buffer); | 2871 | reader = rb_set_head_page(cpu_buffer); |
2872 | cpu_buffer->reader_page->list.next = reader->list.next; | 2872 | cpu_buffer->reader_page->list.next = rb_list_head(reader->list.next); |
2873 | cpu_buffer->reader_page->list.prev = reader->list.prev; | 2873 | cpu_buffer->reader_page->list.prev = reader->list.prev; |
2874 | 2874 | ||
2875 | /* | 2875 | /* |
@@ -2906,7 +2906,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) | |||
2906 | * | 2906 | * |
2907 | * Now make the new head point back to the reader page. | 2907 | * Now make the new head point back to the reader page. |
2908 | */ | 2908 | */ |
2909 | reader->list.next->prev = &cpu_buffer->reader_page->list; | 2909 | rb_list_head(reader->list.next)->prev = &cpu_buffer->reader_page->list; |
2910 | rb_inc_page(cpu_buffer, &cpu_buffer->head_page); | 2910 | rb_inc_page(cpu_buffer, &cpu_buffer->head_page); |
2911 | 2911 | ||
2912 | /* Finally update the reader page to the new head */ | 2912 | /* Finally update the reader page to the new head */ |
diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c index 50504cb228de..e42af9aad69f 100644 --- a/kernel/trace/trace_events_filter.c +++ b/kernel/trace/trace_events_filter.c | |||
@@ -211,8 +211,9 @@ static int filter_pred_pchar(struct filter_pred *pred, void *event, | |||
211 | { | 211 | { |
212 | char **addr = (char **)(event + pred->offset); | 212 | char **addr = (char **)(event + pred->offset); |
213 | int cmp, match; | 213 | int cmp, match; |
214 | int len = strlen(*addr) + 1; /* including tailing '\0' */ | ||
214 | 215 | ||
215 | cmp = pred->regex.match(*addr, &pred->regex, pred->regex.field_len); | 216 | cmp = pred->regex.match(*addr, &pred->regex, len); |
216 | 217 | ||
217 | match = cmp ^ pred->not; | 218 | match = cmp ^ pred->not; |
218 | 219 | ||
@@ -251,7 +252,18 @@ static int filter_pred_none(struct filter_pred *pred, void *event, | |||
251 | return 0; | 252 | return 0; |
252 | } | 253 | } |
253 | 254 | ||
254 | /* Basic regex callbacks */ | 255 | /* |
256 | * regex_match_foo - Basic regex callbacks | ||
257 | * | ||
258 | * @str: the string to be searched | ||
259 | * @r: the regex structure containing the pattern string | ||
260 | * @len: the length of the string to be searched (including '\0') | ||
261 | * | ||
262 | * Note: | ||
263 | * - @str might not be NULL-terminated if it's of type DYN_STRING | ||
264 | * or STATIC_STRING | ||
265 | */ | ||
266 | |||
255 | static int regex_match_full(char *str, struct regex *r, int len) | 267 | static int regex_match_full(char *str, struct regex *r, int len) |
256 | { | 268 | { |
257 | if (strncmp(str, r->pattern, len) == 0) | 269 | if (strncmp(str, r->pattern, len) == 0) |
@@ -261,23 +273,24 @@ static int regex_match_full(char *str, struct regex *r, int len) | |||
261 | 273 | ||
262 | static int regex_match_front(char *str, struct regex *r, int len) | 274 | static int regex_match_front(char *str, struct regex *r, int len) |
263 | { | 275 | { |
264 | if (strncmp(str, r->pattern, len) == 0) | 276 | if (strncmp(str, r->pattern, r->len) == 0) |
265 | return 1; | 277 | return 1; |
266 | return 0; | 278 | return 0; |
267 | } | 279 | } |
268 | 280 | ||
269 | static int regex_match_middle(char *str, struct regex *r, int len) | 281 | static int regex_match_middle(char *str, struct regex *r, int len) |
270 | { | 282 | { |
271 | if (strstr(str, r->pattern)) | 283 | if (strnstr(str, r->pattern, len)) |
272 | return 1; | 284 | return 1; |
273 | return 0; | 285 | return 0; |
274 | } | 286 | } |
275 | 287 | ||
276 | static int regex_match_end(char *str, struct regex *r, int len) | 288 | static int regex_match_end(char *str, struct regex *r, int len) |
277 | { | 289 | { |
278 | char *ptr = strstr(str, r->pattern); | 290 | int strlen = len - 1; |
279 | 291 | ||
280 | if (ptr && (ptr[r->len] == 0)) | 292 | if (strlen >= r->len && |
293 | memcmp(str + strlen - r->len, r->pattern, r->len) == 0) | ||
281 | return 1; | 294 | return 1; |
282 | return 0; | 295 | return 0; |
283 | } | 296 | } |
@@ -781,10 +794,8 @@ static int filter_add_pred(struct filter_parse_state *ps, | |||
781 | pred->regex.field_len = field->size; | 794 | pred->regex.field_len = field->size; |
782 | } else if (field->filter_type == FILTER_DYN_STRING) | 795 | } else if (field->filter_type == FILTER_DYN_STRING) |
783 | fn = filter_pred_strloc; | 796 | fn = filter_pred_strloc; |
784 | else { | 797 | else |
785 | fn = filter_pred_pchar; | 798 | fn = filter_pred_pchar; |
786 | pred->regex.field_len = strlen(pred->regex.pattern); | ||
787 | } | ||
788 | } else { | 799 | } else { |
789 | if (field->is_signed) | 800 | if (field->is_signed) |
790 | ret = strict_strtoll(pred->regex.pattern, 0, &val); | 801 | ret = strict_strtoll(pred->regex.pattern, 0, &val); |