--- /dev/null
+From 13648b0118a24f4fc76c34e6c7b6ccf447e46a2a Mon Sep 17 00:00:00 2001
+From: Vineet Gupta <vgupta@synopsys.com>
+Date: Fri, 27 Feb 2015 10:39:17 +0530
+Subject: ARC: Fix KSTK_ESP()
+
+From: Vineet Gupta <vgupta@synopsys.com>
+
+commit 13648b0118a24f4fc76c34e6c7b6ccf447e46a2a upstream.
+
+/proc/<pid>/maps currently don't annotate stack vma with "[stack]"
+This is because KSTK_ESP ie expected to return usermode SP of tsk while
+currently it returns the kernel mode SP of a sleeping tsk.
+
+While the fix is trivial, we also need to adjust the ARC kernel stack
+unwinder to not use KSTK_SP and friends any more.
+
+Reported-and-suggested-by: Alexey Brodkin <abrodkin@synopsys.com>
+Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arc/include/asm/processor.h | 9 +++++----
+ arch/arc/kernel/stacktrace.c | 6 +++---
+ 2 files changed, 8 insertions(+), 7 deletions(-)
+
+--- a/arch/arc/include/asm/processor.h
++++ b/arch/arc/include/asm/processor.h
+@@ -69,18 +69,19 @@ unsigned long thread_saved_pc(struct tas
+ #define release_segments(mm) do { } while (0)
+
+ #define KSTK_EIP(tsk) (task_pt_regs(tsk)->ret)
++#define KSTK_ESP(tsk) (task_pt_regs(tsk)->sp)
+
+ /*
+ * Where abouts of Task's sp, fp, blink when it was last seen in kernel mode.
+ * Look in process.c for details of kernel stack layout
+ */
+-#define KSTK_ESP(tsk) (tsk->thread.ksp)
++#define TSK_K_ESP(tsk) (tsk->thread.ksp)
+
+-#define KSTK_REG(tsk, off) (*((unsigned int *)(KSTK_ESP(tsk) + \
++#define TSK_K_REG(tsk, off) (*((unsigned int *)(TSK_K_ESP(tsk) + \
+ sizeof(struct callee_regs) + off)))
+
+-#define KSTK_BLINK(tsk) KSTK_REG(tsk, 4)
+-#define KSTK_FP(tsk) KSTK_REG(tsk, 0)
++#define TSK_K_BLINK(tsk) TSK_K_REG(tsk, 4)
++#define TSK_K_FP(tsk) TSK_K_REG(tsk, 0)
+
+ /*
+ * Do necessary setup to start up a newly executed thread.
+--- a/arch/arc/kernel/stacktrace.c
++++ b/arch/arc/kernel/stacktrace.c
+@@ -64,9 +64,9 @@ static void seed_unwind_frame_info(struc
+
+ frame_info->task = tsk;
+
+- frame_info->regs.r27 = KSTK_FP(tsk);
+- frame_info->regs.r28 = KSTK_ESP(tsk);
+- frame_info->regs.r31 = KSTK_BLINK(tsk);
++ frame_info->regs.r27 = TSK_K_FP(tsk);
++ frame_info->regs.r28 = TSK_K_ESP(tsk);
++ frame_info->regs.r31 = TSK_K_BLINK(tsk);
+ frame_info->regs.r63 = (unsigned int)__switch_to;
+
+ /* In the prologue of __switch_to, first FP is saved on stack
--- /dev/null
+From 0a280962dc6e117e0e4baa668453f753579265d9 Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Sat, 21 Feb 2015 22:19:57 -0500
+Subject: autofs4 copy_dev_ioctl(): keep the value of ->size we'd used for allocation
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit 0a280962dc6e117e0e4baa668453f753579265d9 upstream.
+
+X-Coverup: just ask spender
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/autofs4/dev-ioctl.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/fs/autofs4/dev-ioctl.c
++++ b/fs/autofs4/dev-ioctl.c
+@@ -95,7 +95,7 @@ static int check_dev_ioctl_version(int c
+ */
+ static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *in)
+ {
+- struct autofs_dev_ioctl tmp;
++ struct autofs_dev_ioctl tmp, *res;
+
+ if (copy_from_user(&tmp, in, sizeof(tmp)))
+ return ERR_PTR(-EFAULT);
+@@ -103,7 +103,11 @@ static struct autofs_dev_ioctl *copy_dev
+ if (tmp.size < sizeof(tmp))
+ return ERR_PTR(-EINVAL);
+
+- return memdup_user(in, tmp.size);
++ res = memdup_user(in, tmp.size);
++ if (!IS_ERR(res))
++ res->size = tmp.size;
++
++ return res;
+ }
+
+ static inline void free_dev_ioctl(struct autofs_dev_ioctl *param)
--- /dev/null
+From 0db59e59299f0b67450c5db21f7f316c8fb04e84 Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Sat, 21 Feb 2015 22:05:11 -0500
+Subject: debugfs: leave freeing a symlink body until inode eviction
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit 0db59e59299f0b67450c5db21f7f316c8fb04e84 upstream.
+
+As it is, we have debugfs_remove() racing with symlink traversals.
+Supply ->evict_inode() and do freeing there - inode will remain
+pinned until we are done with the symlink body.
+
+And rip the idiocy with checking if dentry is positive right after
+we'd verified debugfs_positive(), which is a stronger check...
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/debugfs/inode.c | 34 +++++++++++++++++-----------------
+ 1 file changed, 17 insertions(+), 17 deletions(-)
+
+--- a/fs/debugfs/inode.c
++++ b/fs/debugfs/inode.c
+@@ -245,10 +245,19 @@ static int debugfs_show_options(struct s
+ return 0;
+ }
+
++static void debugfs_evict_inode(struct inode *inode)
++{
++ truncate_inode_pages(&inode->i_data, 0);
++ clear_inode(inode);
++ if (S_ISLNK(inode->i_mode))
++ kfree(inode->i_private);
++}
++
+ static const struct super_operations debugfs_super_operations = {
+ .statfs = simple_statfs,
+ .remount_fs = debugfs_remount,
+ .show_options = debugfs_show_options,
++ .evict_inode = debugfs_evict_inode,
+ };
+
+ static int debug_fill_super(struct super_block *sb, void *data, int silent)
+@@ -465,23 +474,14 @@ static int __debugfs_remove(struct dentr
+ int ret = 0;
+
+ if (debugfs_positive(dentry)) {
+- if (dentry->d_inode) {
+- dget(dentry);
+- switch (dentry->d_inode->i_mode & S_IFMT) {
+- case S_IFDIR:
+- ret = simple_rmdir(parent->d_inode, dentry);
+- break;
+- case S_IFLNK:
+- kfree(dentry->d_inode->i_private);
+- /* fall through */
+- default:
+- simple_unlink(parent->d_inode, dentry);
+- break;
+- }
+- if (!ret)
+- d_delete(dentry);
+- dput(dentry);
+- }
++ dget(dentry);
++ if (S_ISDIR(dentry->d_inode->i_mode))
++ ret = simple_rmdir(parent->d_inode, dentry);
++ else
++ simple_unlink(parent->d_inode, dentry);
++ if (!ret)
++ d_delete(dentry);
++ dput(dentry);
+ }
+ return ret;
+ }
--- /dev/null
+From 7e0e953bb0cf649f93277ac8fb67ecbb7f7b04a9 Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Sat, 21 Feb 2015 22:16:11 -0500
+Subject: procfs: fix race between symlink removals and traversals
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit 7e0e953bb0cf649f93277ac8fb67ecbb7f7b04a9 upstream.
+
+use_pde()/unuse_pde() in ->follow_link()/->put_link() resp.
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/proc/generic.c | 12 ------------
+ fs/proc/inode.c | 21 +++++++++++++++++++++
+ fs/proc/internal.h | 1 +
+ 3 files changed, 22 insertions(+), 12 deletions(-)
+
+--- a/fs/proc/generic.c
++++ b/fs/proc/generic.c
+@@ -19,7 +19,6 @@
+ #include <linux/mount.h>
+ #include <linux/init.h>
+ #include <linux/idr.h>
+-#include <linux/namei.h>
+ #include <linux/bitops.h>
+ #include <linux/spinlock.h>
+ #include <linux/completion.h>
+@@ -162,17 +161,6 @@ void proc_free_inum(unsigned int inum)
+ spin_unlock_irqrestore(&proc_inum_lock, flags);
+ }
+
+-static void *proc_follow_link(struct dentry *dentry, struct nameidata *nd)
+-{
+- nd_set_link(nd, __PDE_DATA(dentry->d_inode));
+- return NULL;
+-}
+-
+-static const struct inode_operations proc_link_inode_operations = {
+- .readlink = generic_readlink,
+- .follow_link = proc_follow_link,
+-};
+-
+ /*
+ * Don't create negative dentries here, return -ENOENT by hand
+ * instead.
+--- a/fs/proc/inode.c
++++ b/fs/proc/inode.c
+@@ -23,6 +23,7 @@
+ #include <linux/slab.h>
+ #include <linux/mount.h>
+ #include <linux/magic.h>
++#include <linux/namei.h>
+
+ #include <asm/uaccess.h>
+
+@@ -401,6 +402,26 @@ static const struct file_operations proc
+ };
+ #endif
+
++static void *proc_follow_link(struct dentry *dentry, struct nameidata *nd)
++{
++ struct proc_dir_entry *pde = PDE(dentry->d_inode);
++ if (unlikely(!use_pde(pde)))
++ return ERR_PTR(-EINVAL);
++ nd_set_link(nd, pde->data);
++ return pde;
++}
++
++static void proc_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
++{
++ unuse_pde(p);
++}
++
++const struct inode_operations proc_link_inode_operations = {
++ .readlink = generic_readlink,
++ .follow_link = proc_follow_link,
++ .put_link = proc_put_link,
++};
++
+ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
+ {
+ struct inode *inode = new_inode_pseudo(sb);
+--- a/fs/proc/internal.h
++++ b/fs/proc/internal.h
+@@ -202,6 +202,7 @@ struct pde_opener {
+ int closing;
+ struct completion *c;
+ };
++extern const struct inode_operations proc_link_inode_operations;
+
+ extern const struct inode_operations proc_pid_link_inode_operations;
+
tty-fix-tty_wait_until_sent-on-64-bit-machines.patch
usb-serial-fix-potential-use-after-free-after-failed-probe.patch
usb-serial-fix-tty-device-error-handling-at-probe.patch
+autofs4-copy_dev_ioctl-keep-the-value-of-size-we-d-used-for-allocation.patch
+debugfs-leave-freeing-a-symlink-body-until-inode-eviction.patch
+procfs-fix-race-between-symlink-removals-and-traversals.patch
+sunrpc-fix-braino-in-poll.patch
+arc-fix-kstk_esp.patch
+tty-fix-up-atime-mtime-mess-take-four.patch
--- /dev/null
+From 1711fd9addf214823b993468567cab1f8254fc51 Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@ZenIV.linux.org.uk>
+Date: Sat, 7 Mar 2015 21:08:46 +0000
+Subject: sunrpc: fix braino in ->poll()
+
+From: Al Viro <viro@ZenIV.linux.org.uk>
+
+commit 1711fd9addf214823b993468567cab1f8254fc51 upstream.
+
+POLL_OUT isn't what callers of ->poll() are expecting to see; it's
+actually __SI_POLL | 2 and it's a siginfo code, not a poll bitmap
+bit...
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Bruce Fields <bfields@fieldses.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/sunrpc/cache.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/sunrpc/cache.c
++++ b/net/sunrpc/cache.c
+@@ -920,7 +920,7 @@ static unsigned int cache_poll(struct fi
+ poll_wait(filp, &queue_wait, wait);
+
+ /* alway allow write */
+- mask = POLL_OUT | POLLWRNORM;
++ mask = POLLOUT | POLLWRNORM;
+
+ if (!rp)
+ return mask;
--- /dev/null
+From f0bf0bd07943bfde8f5ac39a32664810a379c7d3 Mon Sep 17 00:00:00 2001
+From: Jiri Slaby <jslaby@suse.cz>
+Date: Fri, 27 Feb 2015 18:40:31 +0100
+Subject: tty: fix up atime/mtime mess, take four
+
+From: Jiri Slaby <jslaby@suse.cz>
+
+commit f0bf0bd07943bfde8f5ac39a32664810a379c7d3 upstream.
+
+This problem was taken care of three times already in
+* b0de59b5733d18b0d1974a060860a8b5c1b36a2e (TTY: do not update
+ atime/mtime on read/write),
+* 37b7f3c76595e23257f61bd80b223de8658617ee (TTY: fix atime/mtime
+ regression), and
+* b0b885657b6c8ef63a46bc9299b2a7715d19acde (tty: fix up atime/mtime
+ mess, take three)
+
+But it still misses one point. As John Paul correctly points out, we
+do not care about setting date. If somebody ever changes wall
+time backwards (by mistake for example), tty timestamps are never
+updated until the original wall time passes.
+
+So check the absolute difference of times and if it large than "8
+seconds or so", always update the time. That means we will update
+immediatelly when changing time. Ergo, CAP_SYS_TIME can foul the
+check, but it was always that way.
+
+Thanks John for serving me this so nicely debugged.
+
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Reported-by: John Paul Perry <john_paul.perry@alcatel-lucent.com>
+Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/tty_io.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/tty/tty_io.c
++++ b/drivers/tty/tty_io.c
+@@ -996,8 +996,8 @@ EXPORT_SYMBOL(start_tty);
+ /* We limit tty time update visibility to every 8 seconds or so. */
+ static void tty_update_time(struct timespec *time)
+ {
+- unsigned long sec = get_seconds() & ~7;
+- if ((long)(sec - time->tv_sec) > 0)
++ unsigned long sec = get_seconds();
++ if (abs(sec - time->tv_sec) & ~7)
+ time->tv_sec = sec;
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
