diff options
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/exit.c | 2 | ||||
| -rw-r--r-- | kernel/lockdep.c | 17 | ||||
| -rw-r--r-- | kernel/pid_namespace.c | 3 | ||||
| -rw-r--r-- | kernel/time/tick-broadcast.c | 3 | ||||
| -rw-r--r-- | kernel/user.c | 2 | ||||
| -rw-r--r-- | kernel/user_namespace.c | 11 |
6 files changed, 27 insertions, 11 deletions
diff --git a/kernel/exit.c b/kernel/exit.c index 51e485ca9935..60bc027c61c3 100644 --- a/kernel/exit.c +++ b/kernel/exit.c | |||
| @@ -835,7 +835,7 @@ void do_exit(long code) | |||
| 835 | /* | 835 | /* |
| 836 | * Make sure we are holding no locks: | 836 | * Make sure we are holding no locks: |
| 837 | */ | 837 | */ |
| 838 | debug_check_no_locks_held(); | 838 | debug_check_no_locks_held(tsk); |
| 839 | /* | 839 | /* |
| 840 | * We can do this unlocked here. The futex code uses this flag | 840 | * We can do this unlocked here. The futex code uses this flag |
| 841 | * just to verify whether the pi state cleanup has been done | 841 | * just to verify whether the pi state cleanup has been done |
diff --git a/kernel/lockdep.c b/kernel/lockdep.c index 259db207b5d9..8a0efac4f99d 100644 --- a/kernel/lockdep.c +++ b/kernel/lockdep.c | |||
| @@ -4088,7 +4088,7 @@ void debug_check_no_locks_freed(const void *mem_from, unsigned long mem_len) | |||
| 4088 | } | 4088 | } |
| 4089 | EXPORT_SYMBOL_GPL(debug_check_no_locks_freed); | 4089 | EXPORT_SYMBOL_GPL(debug_check_no_locks_freed); |
| 4090 | 4090 | ||
| 4091 | static void print_held_locks_bug(void) | 4091 | static void print_held_locks_bug(struct task_struct *curr) |
| 4092 | { | 4092 | { |
| 4093 | if (!debug_locks_off()) | 4093 | if (!debug_locks_off()) |
| 4094 | return; | 4094 | return; |
| @@ -4097,21 +4097,22 @@ static void print_held_locks_bug(void) | |||
| 4097 | 4097 | ||
| 4098 | printk("\n"); | 4098 | printk("\n"); |
| 4099 | printk("=====================================\n"); | 4099 | printk("=====================================\n"); |
| 4100 | printk("[ BUG: %s/%d still has locks held! ]\n", | 4100 | printk("[ BUG: lock held at task exit time! ]\n"); |
| 4101 | current->comm, task_pid_nr(current)); | ||
| 4102 | print_kernel_ident(); | 4101 | print_kernel_ident(); |
| 4103 | printk("-------------------------------------\n"); | 4102 | printk("-------------------------------------\n"); |
| 4104 | lockdep_print_held_locks(current); | 4103 | printk("%s/%d is exiting with locks still held!\n", |
| 4104 | curr->comm, task_pid_nr(curr)); | ||
| 4105 | lockdep_print_held_locks(curr); | ||
| 4106 | |||
| 4105 | printk("\nstack backtrace:\n"); | 4107 | printk("\nstack backtrace:\n"); |
| 4106 | dump_stack(); | 4108 | dump_stack(); |
| 4107 | } | 4109 | } |
| 4108 | 4110 | ||
| 4109 | void debug_check_no_locks_held(void) | 4111 | void debug_check_no_locks_held(struct task_struct *task) |
| 4110 | { | 4112 | { |
| 4111 | if (unlikely(current->lockdep_depth > 0)) | 4113 | if (unlikely(task->lockdep_depth > 0)) |
| 4112 | print_held_locks_bug(); | 4114 | print_held_locks_bug(task); |
| 4113 | } | 4115 | } |
| 4114 | EXPORT_SYMBOL_GPL(debug_check_no_locks_held); | ||
| 4115 | 4116 | ||
| 4116 | void debug_show_all_locks(void) | 4117 | void debug_show_all_locks(void) |
| 4117 | { | 4118 | { |
diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c index c1c3dc1c6023..bea15bdf82b0 100644 --- a/kernel/pid_namespace.c +++ b/kernel/pid_namespace.c | |||
| @@ -181,6 +181,7 @@ void zap_pid_ns_processes(struct pid_namespace *pid_ns) | |||
| 181 | int nr; | 181 | int nr; |
| 182 | int rc; | 182 | int rc; |
| 183 | struct task_struct *task, *me = current; | 183 | struct task_struct *task, *me = current; |
| 184 | int init_pids = thread_group_leader(me) ? 1 : 2; | ||
| 184 | 185 | ||
| 185 | /* Don't allow any more processes into the pid namespace */ | 186 | /* Don't allow any more processes into the pid namespace */ |
| 186 | disable_pid_allocation(pid_ns); | 187 | disable_pid_allocation(pid_ns); |
| @@ -230,7 +231,7 @@ void zap_pid_ns_processes(struct pid_namespace *pid_ns) | |||
| 230 | */ | 231 | */ |
| 231 | for (;;) { | 232 | for (;;) { |
| 232 | set_current_state(TASK_UNINTERRUPTIBLE); | 233 | set_current_state(TASK_UNINTERRUPTIBLE); |
| 233 | if (pid_ns->nr_hashed == 1) | 234 | if (pid_ns->nr_hashed == init_pids) |
| 234 | break; | 235 | break; |
| 235 | schedule(); | 236 | schedule(); |
| 236 | } | 237 | } |
diff --git a/kernel/time/tick-broadcast.c b/kernel/time/tick-broadcast.c index 2fb8cb88df8d..7f32fe0e52cd 100644 --- a/kernel/time/tick-broadcast.c +++ b/kernel/time/tick-broadcast.c | |||
| @@ -67,7 +67,8 @@ static void tick_broadcast_start_periodic(struct clock_event_device *bc) | |||
| 67 | */ | 67 | */ |
| 68 | int tick_check_broadcast_device(struct clock_event_device *dev) | 68 | int tick_check_broadcast_device(struct clock_event_device *dev) |
| 69 | { | 69 | { |
| 70 | if ((tick_broadcast_device.evtdev && | 70 | if ((dev->features & CLOCK_EVT_FEAT_DUMMY) || |
| 71 | (tick_broadcast_device.evtdev && | ||
| 71 | tick_broadcast_device.evtdev->rating >= dev->rating) || | 72 | tick_broadcast_device.evtdev->rating >= dev->rating) || |
| 72 | (dev->features & CLOCK_EVT_FEAT_C3STOP)) | 73 | (dev->features & CLOCK_EVT_FEAT_C3STOP)) |
| 73 | return 0; | 74 | return 0; |
diff --git a/kernel/user.c b/kernel/user.c index e81978e8c03b..8e635a18ab52 100644 --- a/kernel/user.c +++ b/kernel/user.c | |||
| @@ -51,6 +51,8 @@ struct user_namespace init_user_ns = { | |||
| 51 | .owner = GLOBAL_ROOT_UID, | 51 | .owner = GLOBAL_ROOT_UID, |
| 52 | .group = GLOBAL_ROOT_GID, | 52 | .group = GLOBAL_ROOT_GID, |
| 53 | .proc_inum = PROC_USER_INIT_INO, | 53 | .proc_inum = PROC_USER_INIT_INO, |
| 54 | .may_mount_sysfs = true, | ||
| 55 | .may_mount_proc = true, | ||
| 54 | }; | 56 | }; |
| 55 | EXPORT_SYMBOL_GPL(init_user_ns); | 57 | EXPORT_SYMBOL_GPL(init_user_ns); |
| 56 | 58 | ||
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index b14f4d342043..a54f26f82eb2 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c | |||
| @@ -61,6 +61,15 @@ int create_user_ns(struct cred *new) | |||
| 61 | kgid_t group = new->egid; | 61 | kgid_t group = new->egid; |
| 62 | int ret; | 62 | int ret; |
| 63 | 63 | ||
| 64 | /* | ||
| 65 | * Verify that we can not violate the policy of which files | ||
| 66 | * may be accessed that is specified by the root directory, | ||
| 67 | * by verifing that the root directory is at the root of the | ||
| 68 | * mount namespace which allows all files to be accessed. | ||
| 69 | */ | ||
| 70 | if (current_chrooted()) | ||
| 71 | return -EPERM; | ||
| 72 | |||
| 64 | /* The creator needs a mapping in the parent user namespace | 73 | /* The creator needs a mapping in the parent user namespace |
| 65 | * or else we won't be able to reasonably tell userspace who | 74 | * or else we won't be able to reasonably tell userspace who |
| 66 | * created a user_namespace. | 75 | * created a user_namespace. |
| @@ -87,6 +96,8 @@ int create_user_ns(struct cred *new) | |||
| 87 | 96 | ||
| 88 | set_cred_user_ns(new, ns); | 97 | set_cred_user_ns(new, ns); |
| 89 | 98 | ||
| 99 | update_mnt_policy(ns); | ||
| 100 | |||
| 90 | return 0; | 101 | return 0; |
| 91 | } | 102 | } |
| 92 | 103 | ||