diff options
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/acct.c | 17 | ||||
| -rw-r--r-- | kernel/cgroup.c | 46 | ||||
| -rw-r--r-- | kernel/fork.c | 2 | ||||
| -rw-r--r-- | kernel/kexec.c | 6 | ||||
| -rw-r--r-- | kernel/profile.c | 4 | ||||
| -rw-r--r-- | kernel/ptrace.c | 11 |
6 files changed, 53 insertions, 33 deletions
diff --git a/kernel/acct.c b/kernel/acct.c index 24f8c81fc48d..e4c0e1fee9b0 100644 --- a/kernel/acct.c +++ b/kernel/acct.c | |||
| @@ -353,17 +353,18 @@ restart: | |||
| 353 | 353 | ||
| 354 | void acct_exit_ns(struct pid_namespace *ns) | 354 | void acct_exit_ns(struct pid_namespace *ns) |
| 355 | { | 355 | { |
| 356 | struct bsd_acct_struct *acct; | 356 | struct bsd_acct_struct *acct = ns->bacct; |
| 357 | 357 | ||
| 358 | spin_lock(&acct_lock); | 358 | if (acct == NULL) |
| 359 | acct = ns->bacct; | 359 | return; |
| 360 | if (acct != NULL) { | ||
| 361 | if (acct->file != NULL) | ||
| 362 | acct_file_reopen(acct, NULL, NULL); | ||
| 363 | 360 | ||
| 364 | kfree(acct); | 361 | del_timer_sync(&acct->timer); |
| 365 | } | 362 | spin_lock(&acct_lock); |
| 363 | if (acct->file != NULL) | ||
| 364 | acct_file_reopen(acct, NULL, NULL); | ||
| 366 | spin_unlock(&acct_lock); | 365 | spin_unlock(&acct_lock); |
| 366 | |||
| 367 | kfree(acct); | ||
| 367 | } | 368 | } |
| 368 | 369 | ||
| 369 | /* | 370 | /* |
diff --git a/kernel/cgroup.c b/kernel/cgroup.c index 3a53c771e503..6d870f2d1228 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c | |||
| @@ -4435,7 +4435,15 @@ __setup("cgroup_disable=", cgroup_disable); | |||
| 4435 | */ | 4435 | */ |
| 4436 | unsigned short css_id(struct cgroup_subsys_state *css) | 4436 | unsigned short css_id(struct cgroup_subsys_state *css) |
| 4437 | { | 4437 | { |
| 4438 | struct css_id *cssid = rcu_dereference(css->id); | 4438 | struct css_id *cssid; |
| 4439 | |||
| 4440 | /* | ||
| 4441 | * This css_id() can return correct value when somone has refcnt | ||
| 4442 | * on this or this is under rcu_read_lock(). Once css->id is allocated, | ||
| 4443 | * it's unchanged until freed. | ||
| 4444 | */ | ||
| 4445 | cssid = rcu_dereference_check(css->id, | ||
| 4446 | rcu_read_lock_held() || atomic_read(&css->refcnt)); | ||
| 4439 | 4447 | ||
| 4440 | if (cssid) | 4448 | if (cssid) |
| 4441 | return cssid->id; | 4449 | return cssid->id; |
| @@ -4445,7 +4453,10 @@ EXPORT_SYMBOL_GPL(css_id); | |||
| 4445 | 4453 | ||
| 4446 | unsigned short css_depth(struct cgroup_subsys_state *css) | 4454 | unsigned short css_depth(struct cgroup_subsys_state *css) |
| 4447 | { | 4455 | { |
| 4448 | struct css_id *cssid = rcu_dereference(css->id); | 4456 | struct css_id *cssid; |
| 4457 | |||
| 4458 | cssid = rcu_dereference_check(css->id, | ||
| 4459 | rcu_read_lock_held() || atomic_read(&css->refcnt)); | ||
| 4449 | 4460 | ||
| 4450 | if (cssid) | 4461 | if (cssid) |
| 4451 | return cssid->depth; | 4462 | return cssid->depth; |
| @@ -4453,15 +4464,36 @@ unsigned short css_depth(struct cgroup_subsys_state *css) | |||
| 4453 | } | 4464 | } |
| 4454 | EXPORT_SYMBOL_GPL(css_depth); | 4465 | EXPORT_SYMBOL_GPL(css_depth); |
| 4455 | 4466 | ||
| 4467 | /** | ||
| 4468 | * css_is_ancestor - test "root" css is an ancestor of "child" | ||
| 4469 | * @child: the css to be tested. | ||
| 4470 | * @root: the css supporsed to be an ancestor of the child. | ||
| 4471 | * | ||
| 4472 | * Returns true if "root" is an ancestor of "child" in its hierarchy. Because | ||
| 4473 | * this function reads css->id, this use rcu_dereference() and rcu_read_lock(). | ||
| 4474 | * But, considering usual usage, the csses should be valid objects after test. | ||
| 4475 | * Assuming that the caller will do some action to the child if this returns | ||
| 4476 | * returns true, the caller must take "child";s reference count. | ||
| 4477 | * If "child" is valid object and this returns true, "root" is valid, too. | ||
| 4478 | */ | ||
| 4479 | |||
| 4456 | bool css_is_ancestor(struct cgroup_subsys_state *child, | 4480 | bool css_is_ancestor(struct cgroup_subsys_state *child, |
| 4457 | const struct cgroup_subsys_state *root) | 4481 | const struct cgroup_subsys_state *root) |
| 4458 | { | 4482 | { |
| 4459 | struct css_id *child_id = rcu_dereference(child->id); | 4483 | struct css_id *child_id; |
| 4460 | struct css_id *root_id = rcu_dereference(root->id); | 4484 | struct css_id *root_id; |
| 4485 | bool ret = true; | ||
| 4461 | 4486 | ||
| 4462 | if (!child_id || !root_id || (child_id->depth < root_id->depth)) | 4487 | rcu_read_lock(); |
| 4463 | return false; | 4488 | child_id = rcu_dereference(child->id); |
| 4464 | return child_id->stack[root_id->depth] == root_id->id; | 4489 | root_id = rcu_dereference(root->id); |
| 4490 | if (!child_id | ||
| 4491 | || !root_id | ||
| 4492 | || (child_id->depth < root_id->depth) | ||
| 4493 | || (child_id->stack[root_id->depth] != root_id->id)) | ||
| 4494 | ret = false; | ||
| 4495 | rcu_read_unlock(); | ||
| 4496 | return ret; | ||
| 4465 | } | 4497 | } |
| 4466 | 4498 | ||
| 4467 | static void __free_css_id_cb(struct rcu_head *head) | 4499 | static void __free_css_id_cb(struct rcu_head *head) |
diff --git a/kernel/fork.c b/kernel/fork.c index 44b0791b0a2e..4c14942a0ee3 100644 --- a/kernel/fork.c +++ b/kernel/fork.c | |||
| @@ -1114,8 +1114,6 @@ static struct task_struct *copy_process(unsigned long clone_flags, | |||
| 1114 | 1114 | ||
| 1115 | p->bts = NULL; | 1115 | p->bts = NULL; |
| 1116 | 1116 | ||
| 1117 | p->stack_start = stack_start; | ||
| 1118 | |||
| 1119 | /* Perform scheduler related setup. Assign this task to a CPU. */ | 1117 | /* Perform scheduler related setup. Assign this task to a CPU. */ |
| 1120 | sched_fork(p, clone_flags); | 1118 | sched_fork(p, clone_flags); |
| 1121 | 1119 | ||
diff --git a/kernel/kexec.c b/kernel/kexec.c index 87ebe8adc474..474a84715eac 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c | |||
| @@ -1134,11 +1134,9 @@ int crash_shrink_memory(unsigned long new_size) | |||
| 1134 | 1134 | ||
| 1135 | free_reserved_phys_range(end, crashk_res.end); | 1135 | free_reserved_phys_range(end, crashk_res.end); |
| 1136 | 1136 | ||
| 1137 | if (start == end) { | 1137 | if (start == end) |
| 1138 | crashk_res.end = end; | ||
| 1139 | release_resource(&crashk_res); | 1138 | release_resource(&crashk_res); |
| 1140 | } else | 1139 | crashk_res.end = end - 1; |
| 1141 | crashk_res.end = end - 1; | ||
| 1142 | 1140 | ||
| 1143 | unlock: | 1141 | unlock: |
| 1144 | mutex_unlock(&kexec_mutex); | 1142 | mutex_unlock(&kexec_mutex); |
diff --git a/kernel/profile.c b/kernel/profile.c index a55d3a367ae8..dfadc5b729f1 100644 --- a/kernel/profile.c +++ b/kernel/profile.c | |||
| @@ -127,8 +127,10 @@ int __ref profile_init(void) | |||
| 127 | return 0; | 127 | return 0; |
| 128 | 128 | ||
| 129 | prof_buffer = vmalloc(buffer_bytes); | 129 | prof_buffer = vmalloc(buffer_bytes); |
| 130 | if (prof_buffer) | 130 | if (prof_buffer) { |
| 131 | memset(prof_buffer, 0, buffer_bytes); | ||
| 131 | return 0; | 132 | return 0; |
| 133 | } | ||
| 132 | 134 | ||
| 133 | free_cpumask_var(prof_cpu_mask); | 135 | free_cpumask_var(prof_cpu_mask); |
| 134 | return -ENOMEM; | 136 | return -ENOMEM; |
diff --git a/kernel/ptrace.c b/kernel/ptrace.c index 42ad8ae729a0..2f0f50b450a3 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c | |||
| @@ -14,7 +14,6 @@ | |||
| 14 | #include <linux/mm.h> | 14 | #include <linux/mm.h> |
| 15 | #include <linux/highmem.h> | 15 | #include <linux/highmem.h> |
| 16 | #include <linux/pagemap.h> | 16 | #include <linux/pagemap.h> |
| 17 | #include <linux/smp_lock.h> | ||
| 18 | #include <linux/ptrace.h> | 17 | #include <linux/ptrace.h> |
| 19 | #include <linux/security.h> | 18 | #include <linux/security.h> |
| 20 | #include <linux/signal.h> | 19 | #include <linux/signal.h> |
| @@ -666,10 +665,6 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, long, addr, long, data) | |||
| 666 | struct task_struct *child; | 665 | struct task_struct *child; |
| 667 | long ret; | 666 | long ret; |
| 668 | 667 | ||
| 669 | /* | ||
| 670 | * This lock_kernel fixes a subtle race with suid exec | ||
| 671 | */ | ||
| 672 | lock_kernel(); | ||
| 673 | if (request == PTRACE_TRACEME) { | 668 | if (request == PTRACE_TRACEME) { |
| 674 | ret = ptrace_traceme(); | 669 | ret = ptrace_traceme(); |
| 675 | if (!ret) | 670 | if (!ret) |
| @@ -703,7 +698,6 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, long, addr, long, data) | |||
| 703 | out_put_task_struct: | 698 | out_put_task_struct: |
| 704 | put_task_struct(child); | 699 | put_task_struct(child); |
| 705 | out: | 700 | out: |
| 706 | unlock_kernel(); | ||
| 707 | return ret; | 701 | return ret; |
| 708 | } | 702 | } |
| 709 | 703 | ||
| @@ -813,10 +807,6 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, | |||
| 813 | struct task_struct *child; | 807 | struct task_struct *child; |
| 814 | long ret; | 808 | long ret; |
| 815 | 809 | ||
| 816 | /* | ||
| 817 | * This lock_kernel fixes a subtle race with suid exec | ||
| 818 | */ | ||
| 819 | lock_kernel(); | ||
| 820 | if (request == PTRACE_TRACEME) { | 810 | if (request == PTRACE_TRACEME) { |
| 821 | ret = ptrace_traceme(); | 811 | ret = ptrace_traceme(); |
| 822 | goto out; | 812 | goto out; |
| @@ -846,7 +836,6 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, | |||
| 846 | out_put_task_struct: | 836 | out_put_task_struct: |
| 847 | put_task_struct(child); | 837 | put_task_struct(child); |
| 848 | out: | 838 | out: |
| 849 | unlock_kernel(); | ||
| 850 | return ret; | 839 | return ret; |
| 851 | } | 840 | } |
| 852 | #endif /* CONFIG_COMPAT */ | 841 | #endif /* CONFIG_COMPAT */ |