7 files changed, 77 insertions, 41 deletions
diff --git a/kernel/fork.c b/kernel/fork.c
index 8d932b1c9056..1766d324d5e3 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1141,6 +1141,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
        if ((clone_flags & (CLONE_NEWNS|CLONE_FS)) == (CLONE_NEWNS|CLONE_FS))
                return ERR_PTR(-EINVAL);
+        if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
+                return ERR_PTR(-EINVAL);
        /*
         * Thread groups must share signals as well, and detached threads
         * can only be started up within the thread group.
@@ -1807,7 +1810,7 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
         * If unsharing a user namespace must also unshare the thread.
         */
        if (unshare_flags & CLONE_NEWUSER)
-                unshare_flags |= CLONE_THREAD;
+                unshare_flags |= CLONE_THREAD | CLONE_FS;
        /*
         * If unsharing a pid namespace must also unshare the thread.
         */
diff --git a/kernel/futex.c b/kernel/futex.c
index f0090a993dab..b26dcfc02c94 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -223,7 +223,8 @@ static void drop_futex_key_refs(union futex_key *key)
 * @rw:         mapping needs to be read/write (values: VERIFY_READ,
 *              VERIFY_WRITE)
 *
- * Returns a negative error code or 0
+ * Return: a negative error code or 0
+ *
 * The key words are stored in *key on success.
 *
 * For shared mappings, it's (page->index, file_inode(vma->vm_file),
@@ -705,9 +706,9 @@ lookup_pi_state(u32 uval, struct futex_hash_bucket *hb,
 *                      be "current" except in the case of requeue pi.
 * @set_waiters:        force setting the FUTEX_WAITERS bit (1) or not (0)
 *
- * Returns:
+ * Return:
- *  0 - ready to wait
+ *  0 - ready to wait;
- *  1 - acquired the lock
+ *  1 - acquired the lock;
 * <0 - error
 *
 * The hb->lock and futex_key refs shall be held by the caller.
@@ -1191,9 +1192,9 @@ void requeue_pi_wake_futex(struct futex_q *q, union futex_key *key,
 * then direct futex_lock_pi_atomic() to force setting the FUTEX_WAITERS bit.
 * hb1 and hb2 must be held by the caller.
 *
- * Returns:
+ * Return:
- *  0 - failed to acquire the lock atomicly
+ *  0 - failed to acquire the lock atomically;
- *  1 - acquired the lock
+ *  1 - acquired the lock;
 * <0 - error
 */
 static int futex_proxy_trylock_atomic(u32 __user *pifutex,
@@ -1254,8 +1255,8 @@ static int futex_proxy_trylock_atomic(u32 __user *pifutex,
 * Requeue waiters on uaddr1 to uaddr2. In the requeue_pi case, try to acquire
 * uaddr2 atomically on behalf of the top waiter.
 *
- * Returns:
+ * Return:
- * >=0 - on success, the number of tasks requeued or woken
+ * >=0 - on success, the number of tasks requeued or woken;
 *  <0 - on error
 */
 static int futex_requeue(u32 __user *uaddr1, unsigned int flags,
@@ -1536,8 +1537,8 @@ static inline void queue_me(struct futex_q *q, struct futex_hash_bucket *hb)
 * The q->lock_ptr must not be held by the caller. A call to unqueue_me() must
 * be paired with exactly one earlier call to queue_me().
 *
- * Returns:
+ * Return:
- *   1 - if the futex_q was still queued (and we removed unqueued it)
+ *   1 - if the futex_q was still queued (and we removed unqueued it);
 *   0 - if the futex_q was already removed by the waking thread
 */
 static int unqueue_me(struct futex_q *q)
@@ -1707,9 +1708,9 @@ static long futex_wait_restart(struct restart_block *restart);
 * the pi_state owner as well as handle race conditions that may allow us to
 * acquire the lock. Must be called with the hb lock held.
 *
- * Returns:
+ * Return:
- *  1 - success, lock taken
+ *  1 - success, lock taken;
- *  0 - success, lock not taken
+ *  0 - success, lock not taken;
 * <0 - on error (-EFAULT)
 */
 static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked)
@@ -1824,8 +1825,8 @@ static void futex_wait_queue_me(struct futex_hash_bucket *hb, struct futex_q *q,
 * Return with the hb lock held and a q.key reference on success, and unlocked
 * with no q.key reference on failure.
 *
- * Returns:
+ * Return:
- *  0 - uaddr contains val and hb has been locked
+ *  0 - uaddr contains val and hb has been locked;
 * <1 - -EFAULT or -EWOULDBLOCK (uaddr does not contain val) and hb is unlocked
 */
 static int futex_wait_setup(u32 __user *uaddr, u32 val, unsigned int flags,
@@ -2203,9 +2204,9 @@ pi_faulted:
 * the wakeup and return the appropriate error code to the caller.  Must be
 * called with the hb lock held.
 *
- * Returns
+ * Return:
- *  0 - no early wakeup detected
+ *  0 = no early wakeup detected;
- * <0 - -ETIMEDOUT or -ERESTARTNOINTR
+ * <0 = -ETIMEDOUT or -ERESTARTNOINTR
 */
 static inline
 int handle_early_requeue_pi_wakeup(struct futex_hash_bucket *hb,
@@ -2247,7 +2248,6 @@ int handle_early_requeue_pi_wakeup(struct futex_hash_bucket *hb,
 * @val:        the expected value of uaddr
 * @abs_time:   absolute timeout
 * @bitset:     32 bit wakeup bitset set by userspace, defaults to all
- * @clockrt:    whether to use CLOCK_REALTIME (1) or CLOCK_MONOTONIC (0)
 * @uaddr2:     the pi futex we will take prior to returning to user-space
 *
 * The caller will wait on uaddr and will be requeued by futex_requeue() to
@@ -2258,7 +2258,7 @@ int handle_early_requeue_pi_wakeup(struct futex_hash_bucket *hb,
 * there was a need to.
 *
 * We call schedule in futex_wait_queue_me() when we enqueue and return there
- * via the following:
+ * via the following--
 * 1) wakeup on uaddr2 after an atomic lock acquisition by futex_requeue()
 * 2) wakeup on uaddr2 after a requeue
 * 3) signal
@@ -2276,8 +2276,8 @@ int handle_early_requeue_pi_wakeup(struct futex_hash_bucket *hb,
 *
 * If 4 or 7, we cleanup and return with -ETIMEDOUT.
 *
- * Returns:
+ * Return:
- *  0 - On success
+ *  0 - On success;
 * <0 - On error
 */
 static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags,
diff --git a/kernel/signal.c b/kernel/signal.c
index 2ec870a4c3c4..dd72567767d9 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -485,6 +485,9 @@ flush_signal_handlers(struct task_struct *t, int force_default)
                if (force_default || ka->sa.sa_handler != SIG_IGN)
                        ka->sa.sa_handler = SIG_DFL;
                ka->sa.sa_flags = 0;
+#ifdef __ARCH_HAS_SA_RESTORER
+                ka->sa.sa_restorer = NULL;
+#endif
                sigemptyset(&ka->sa.sa_mask);
                ka++;
        }
@@ -2682,7 +2685,7 @@ static int do_sigpending(void *set, unsigned long sigsetsize)
 /**
 *  sys_rt_sigpending - examine a pending signal that has been raised
 *                      while blocked
- *  @set: stores pending signals
+ *  @uset: stores pending signals
 *  @sigsetsize: size of sigset_t type or larger
 */
 SYSCALL_DEFINE2(rt_sigpending, sigset_t __user *, uset, size_t, sigsetsize)
diff --git a/kernel/trace/Kconfig b/kernel/trace/Kconfig
index 192473b22799..fc382d6e2765 100644
--- a/kernel/trace/Kconfig
+++ b/kernel/trace/Kconfig
@@ -414,24 +414,28 @@ config PROBE_EVENTS
        def_bool n
 config DYNAMIC_FTRACE
-        bool "enable/disable ftrace tracepoints dynamically"
+        bool "enable/disable function tracing dynamically"
        depends on FUNCTION_TRACER
        depends on HAVE_DYNAMIC_FTRACE
        default y
        help
-          This option will modify all the calls to ftrace dynamically
+          This option will modify all the calls to function tracing
-          (will patch them out of the binary image and replace them
+          dynamically (will patch them out of the binary image and
-          with a No-Op instruction) as they are called. A table is
+          replace them with a No-Op instruction) on boot up. During
-          created to dynamically enable them again.
+          compile time, a table is made of all the locations that ftrace
+          can function trace, and this table is linked into the kernel
+          image. When this is enabled, functions can be individually
+          enabled, and the functions not enabled will not affect
+          performance of the system.
+          See the files in /sys/kernel/debug/tracing:
+            available_filter_functions
+            set_ftrace_filter
+            set_ftrace_notrace
          This way a CONFIG_FUNCTION_TRACER kernel is slightly larger, but
          otherwise has native performance as long as no tracing is active.
-          The changes to the code are done by a kernel thread that
-          wakes up once a second and checks to see if any ftrace calls
-          were made. If so, it runs stop_machine (stops all CPUS)
-          and modifies the code to jump over the call to ftrace.
 config DYNAMIC_FTRACE_WITH_REGS
        def_bool y
        depends on DYNAMIC_FTRACE
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index c2e2c2310374..1f835a83cb2c 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -2400,6 +2400,27 @@ static void test_ftrace_alive(struct seq_file *m)
        seq_printf(m, "#          MAY BE MISSING FUNCTION EVENTS\n");
 }
+#ifdef CONFIG_TRACER_MAX_TRACE
+static void print_snapshot_help(struct seq_file *m, struct trace_iterator *iter)
+{
+        if (iter->trace->allocated_snapshot)
+                seq_printf(m, "#\n# * Snapshot is allocated *\n#\n");
+        else
+                seq_printf(m, "#\n# * Snapshot is freed *\n#\n");
+        seq_printf(m, "# Snapshot commands:\n");
+        seq_printf(m, "# echo 0 > snapshot : Clears and frees snapshot buffer\n");
+        seq_printf(m, "# echo 1 > snapshot : Allocates snapshot buffer, if not already allocated.\n");
+        seq_printf(m, "#                      Takes a snapshot of the main buffer.\n");
+        seq_printf(m, "# echo 2 > snapshot : Clears snapshot buffer (but does not allocate)\n");
+        seq_printf(m, "#                      (Doesn't have to be '2' works with any number that\n");
+        seq_printf(m, "#                       is not a '0' or '1')\n");
+}
+#else
+/* Should never be called */
+static inline void print_snapshot_help(struct seq_file *m, struct trace_iterator *iter) { }
+#endif
 static int s_show(struct seq_file *m, void *v)
 {
        struct trace_iterator *iter = v;
@@ -2411,7 +2432,9 @@ static int s_show(struct seq_file *m, void *v)
                        seq_puts(m, "#\n");
                        test_ftrace_alive(m);
                }
-                if (iter->trace && iter->trace->print_header)
+                if (iter->snapshot && trace_empty(iter))
+                        print_snapshot_help(m, iter);
+                else if (iter->trace && iter->trace->print_header)
                        iter->trace->print_header(m);
                else
                        trace_default_header(m);
@@ -4144,8 +4167,6 @@ tracing_snapshot_write(struct file *filp, const char __user *ubuf, size_t cnt,
        default:
                if (current_trace->allocated_snapshot)
                        tracing_reset_online_cpus(&max_tr);
-                else
-                        ret = -EINVAL;
                break;
        }
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 8b650837083e..b14f4d342043 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -21,6 +21,7 @@
 #include <linux/uaccess.h>
 #include <linux/ctype.h>
 #include <linux/projid.h>
+#include <linux/fs_struct.h>
 static struct kmem_cache *user_ns_cachep __read_mostly;
@@ -837,6 +838,9 @@ static int userns_install(struct nsproxy *nsproxy, void *ns)
        if (atomic_read(&current->mm->mm_users) > 1)
                return -EINVAL;
+        if (current->fs->users != 1)
+                return -EINVAL;
        if (!ns_capable(user_ns, CAP_SYS_ADMIN))
                return -EPERM;
diff --git a/kernel/workqueue.c b/kernel/workqueue.c
index 81f2457811eb..55fac5b991b7 100644
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
@@ -457,11 +457,12 @@ static int worker_pool_assign_id(struct worker_pool *pool)
        int ret;
        mutex_lock(&worker_pool_idr_mutex);
-        idr_pre_get(&worker_pool_idr, GFP_KERNEL);
+        ret = idr_alloc(&worker_pool_idr, pool, 0, 0, GFP_KERNEL);
-        ret = idr_get_new(&worker_pool_idr, pool, &pool->id);
+        if (ret >= 0)
+                pool->id = ret;
        mutex_unlock(&worker_pool_idr_mutex);
-        return ret;
+        return ret < 0 ? ret : 0;
 }
 /*