tjh.dev
+1
-1
arch/x86/purgatory/Makefile
+1
-1
arch/x86/purgatory/Makefile
···
6
6
targets += $(purgatory-y)
7
7
PURGATORY_OBJS = $(addprefix $(obj)/,$(purgatory-y))
8
8
9
-
$(obj)/sha256.o: $(srctree)/lib/sha256.c
9
+
$(obj)/sha256.o: $(srctree)/lib/sha256.c FORCE
10
10
$(call if_changed_rule,cc_o_c)
11
11
12
12
LDFLAGS_purgatory.ro := -e purgatory_start -r --no-undefined -nostdlib -z nodefaultlib
+13
-9
fs/autofs/dev-ioctl.c
+13
-9
fs/autofs/dev-ioctl.c
···
135
135
cmd);
136
136
goto out;
137
137
}
138
+
} else {
139
+
unsigned int inr = _IOC_NR(cmd);
140
+
141
+
if (inr == AUTOFS_DEV_IOCTL_OPENMOUNT_CMD ||
142
+
inr == AUTOFS_DEV_IOCTL_REQUESTER_CMD ||
143
+
inr == AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD) {
144
+
err = -EINVAL;
145
+
goto out;
146
+
}
138
147
}
139
148
140
149
err = 0;
···
280
271
dev_t devid;
281
272
int err, fd;
282
273
283
-
/* param->path has already been checked */
274
+
/* param->path has been checked in validate_dev_ioctl() */
275
+
284
276
if (!param->openmount.devid)
285
277
return -EINVAL;
286
278
···
443
433
dev_t devid;
444
434
int err = -ENOENT;
445
435
446
-
if (param->size <= AUTOFS_DEV_IOCTL_SIZE) {
447
-
err = -EINVAL;
448
-
goto out;
449
-
}
436
+
/* param->path has been checked in validate_dev_ioctl() */
450
437
451
438
devid = sbi->sb->s_dev;
452
439
···
528
521
unsigned int devid, magic;
529
522
int err = -ENOENT;
530
523
531
-
if (param->size <= AUTOFS_DEV_IOCTL_SIZE) {
532
-
err = -EINVAL;
533
-
goto out;
534
-
}
524
+
/* param->path has been checked in validate_dev_ioctl() */
535
525
536
526
name = param->path;
537
527
type = param->ismountpoint.in.type;
+2
-3
fs/binfmt_elf.c
+2
-3
fs/binfmt_elf.c
···
1259
1259
goto out_free_ph;
1260
1260
}
1261
1261
1262
-
len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr +
1263
-
ELF_MIN_ALIGN - 1);
1264
-
bss = eppnt->p_memsz + eppnt->p_vaddr;
1262
+
len = ELF_PAGEALIGN(eppnt->p_filesz + eppnt->p_vaddr);
1263
+
bss = ELF_PAGEALIGN(eppnt->p_memsz + eppnt->p_vaddr);
1265
1264
if (bss > len) {
1266
1265
error = vm_brk(len, bss - len);
1267
1266
if (error)
+2
-1
fs/proc/task_mmu.c
+2
-1
fs/proc/task_mmu.c
···
831
831
SEQ_PUT_DEC(" kB\nSwap: ", mss->swap);
832
832
SEQ_PUT_DEC(" kB\nSwapPss: ",
833
833
mss->swap_pss >> PSS_SHIFT);
834
-
SEQ_PUT_DEC(" kB\nLocked: ", mss->pss >> PSS_SHIFT);
834
+
SEQ_PUT_DEC(" kB\nLocked: ",
835
+
mss->pss_locked >> PSS_SHIFT);
835
836
seq_puts(m, " kB\n");
836
837
}
837
838
if (!rollup_mode) {
+81
-60
fs/reiserfs/prints.c
+81
-60
fs/reiserfs/prints.c
···
76
76
}
77
77
78
78
/* %k */
79
-
static void sprintf_le_key(char *buf, struct reiserfs_key *key)
79
+
static int scnprintf_le_key(char *buf, size_t size, struct reiserfs_key *key)
80
80
{
81
81
if (key)
82
-
sprintf(buf, "[%d %d %s %s]", le32_to_cpu(key->k_dir_id),
83
-
le32_to_cpu(key->k_objectid), le_offset(key),
84
-
le_type(key));
82
+
return scnprintf(buf, size, "[%d %d %s %s]",
83
+
le32_to_cpu(key->k_dir_id),
84
+
le32_to_cpu(key->k_objectid), le_offset(key),
85
+
le_type(key));
85
86
else
86
-
sprintf(buf, "[NULL]");
87
+
return scnprintf(buf, size, "[NULL]");
87
88
}
88
89
89
90
/* %K */
90
-
static void sprintf_cpu_key(char *buf, struct cpu_key *key)
91
+
static int scnprintf_cpu_key(char *buf, size_t size, struct cpu_key *key)
91
92
{
92
93
if (key)
93
-
sprintf(buf, "[%d %d %s %s]", key->on_disk_key.k_dir_id,
94
-
key->on_disk_key.k_objectid, reiserfs_cpu_offset(key),
95
-
cpu_type(key));
94
+
return scnprintf(buf, size, "[%d %d %s %s]",
95
+
key->on_disk_key.k_dir_id,
96
+
key->on_disk_key.k_objectid,
97
+
reiserfs_cpu_offset(key), cpu_type(key));
96
98
else
97
-
sprintf(buf, "[NULL]");
99
+
return scnprintf(buf, size, "[NULL]");
98
100
}
99
101
100
-
static void sprintf_de_head(char *buf, struct reiserfs_de_head *deh)
102
+
static int scnprintf_de_head(char *buf, size_t size,
103
+
struct reiserfs_de_head *deh)
101
104
{
102
105
if (deh)
103
-
sprintf(buf,
104
-
"[offset=%d dir_id=%d objectid=%d location=%d state=%04x]",
105
-
deh_offset(deh), deh_dir_id(deh), deh_objectid(deh),
106
-
deh_location(deh), deh_state(deh));
106
+
return scnprintf(buf, size,
107
+
"[offset=%d dir_id=%d objectid=%d location=%d state=%04x]",
108
+
deh_offset(deh), deh_dir_id(deh),
109
+
deh_objectid(deh), deh_location(deh),
110
+
deh_state(deh));
107
111
else
108
-
sprintf(buf, "[NULL]");
112
+
return scnprintf(buf, size, "[NULL]");
109
113
110
114
}
111
115
112
-
static void sprintf_item_head(char *buf, struct item_head *ih)
116
+
static int scnprintf_item_head(char *buf, size_t size, struct item_head *ih)
113
117
{
114
118
if (ih) {
115
-
strcpy(buf,
116
-
(ih_version(ih) == KEY_FORMAT_3_6) ? "*3.6* " : "*3.5*");
117
-
sprintf_le_key(buf + strlen(buf), &(ih->ih_key));
118
-
sprintf(buf + strlen(buf), ", item_len %d, item_location %d, "
119
-
"free_space(entry_count) %d",
120
-
ih_item_len(ih), ih_location(ih), ih_free_space(ih));
119
+
char *p = buf;
120
+
char * const end = buf + size;
121
+
122
+
p += scnprintf(p, end - p, "%s",
123
+
(ih_version(ih) == KEY_FORMAT_3_6) ?
124
+
"*3.6* " : "*3.5*");
125
+
126
+
p += scnprintf_le_key(p, end - p, &ih->ih_key);
127
+
128
+
p += scnprintf(p, end - p,
129
+
", item_len %d, item_location %d, free_space(entry_count) %d",
130
+
ih_item_len(ih), ih_location(ih),
131
+
ih_free_space(ih));
132
+
return p - buf;
121
133
} else
122
-
sprintf(buf, "[NULL]");
134
+
return scnprintf(buf, size, "[NULL]");
123
135
}
124
136
125
-
static void sprintf_direntry(char *buf, struct reiserfs_dir_entry *de)
137
+
static int scnprintf_direntry(char *buf, size_t size,
138
+
struct reiserfs_dir_entry *de)
126
139
{
127
140
char name[20];
128
141
129
142
memcpy(name, de->de_name, de->de_namelen > 19 ? 19 : de->de_namelen);
130
143
name[de->de_namelen > 19 ? 19 : de->de_namelen] = 0;
131
-
sprintf(buf, "\"%s\"==>[%d %d]", name, de->de_dir_id, de->de_objectid);
144
+
return scnprintf(buf, size, "\"%s\"==>[%d %d]",
145
+
name, de->de_dir_id, de->de_objectid);
132
146
}
133
147
134
-
static void sprintf_block_head(char *buf, struct buffer_head *bh)
148
+
static int scnprintf_block_head(char *buf, size_t size, struct buffer_head *bh)
135
149
{
136
-
sprintf(buf, "level=%d, nr_items=%d, free_space=%d rdkey ",
137
-
B_LEVEL(bh), B_NR_ITEMS(bh), B_FREE_SPACE(bh));
150
+
return scnprintf(buf, size,
151
+
"level=%d, nr_items=%d, free_space=%d rdkey ",
152
+
B_LEVEL(bh), B_NR_ITEMS(bh), B_FREE_SPACE(bh));
138
153
}
139
154
140
-
static void sprintf_buffer_head(char *buf, struct buffer_head *bh)
155
+
static int scnprintf_buffer_head(char *buf, size_t size, struct buffer_head *bh)
141
156
{
142
-
sprintf(buf,
143
-
"dev %pg, size %zd, blocknr %llu, count %d, state 0x%lx, page %p, (%s, %s, %s)",
144
-
bh->b_bdev, bh->b_size,
145
-
(unsigned long long)bh->b_blocknr, atomic_read(&(bh->b_count)),
146
-
bh->b_state, bh->b_page,
147
-
buffer_uptodate(bh) ? "UPTODATE" : "!UPTODATE",
148
-
buffer_dirty(bh) ? "DIRTY" : "CLEAN",
149
-
buffer_locked(bh) ? "LOCKED" : "UNLOCKED");
157
+
return scnprintf(buf, size,
158
+
"dev %pg, size %zd, blocknr %llu, count %d, state 0x%lx, page %p, (%s, %s, %s)",
159
+
bh->b_bdev, bh->b_size,
160
+
(unsigned long long)bh->b_blocknr,
161
+
atomic_read(&(bh->b_count)),
162
+
bh->b_state, bh->b_page,
163
+
buffer_uptodate(bh) ? "UPTODATE" : "!UPTODATE",
164
+
buffer_dirty(bh) ? "DIRTY" : "CLEAN",
165
+
buffer_locked(bh) ? "LOCKED" : "UNLOCKED");
150
166
}
151
167
152
-
static void sprintf_disk_child(char *buf, struct disk_child *dc)
168
+
static int scnprintf_disk_child(char *buf, size_t size, struct disk_child *dc)
153
169
{
154
-
sprintf(buf, "[dc_number=%d, dc_size=%u]", dc_block_number(dc),
155
-
dc_size(dc));
170
+
return scnprintf(buf, size, "[dc_number=%d, dc_size=%u]",
171
+
dc_block_number(dc), dc_size(dc));
156
172
}
157
173
158
174
static char *is_there_reiserfs_struct(char *fmt, int *what)
···
205
189
char *fmt1 = fmt_buf;
206
190
char *k;
207
191
char *p = error_buf;
192
+
char * const end = &error_buf[sizeof(error_buf)];
208
193
int what;
209
194
210
195
spin_lock(&error_lock);
211
196
212
-
strcpy(fmt1, fmt);
197
+
if (WARN_ON(strscpy(fmt_buf, fmt, sizeof(fmt_buf)) < 0)) {
198
+
strscpy(error_buf, "format string too long", end - error_buf);
199
+
goto out_unlock;
200
+
}
213
201
214
202
while ((k = is_there_reiserfs_struct(fmt1, &what)) != NULL) {
215
203
*k = 0;
216
204
217
-
p += vsprintf(p, fmt1, args);
205
+
p += vscnprintf(p, end - p, fmt1, args);
218
206
219
207
switch (what) {
220
208
case 'k':
221
-
sprintf_le_key(p, va_arg(args, struct reiserfs_key *));
209
+
p += scnprintf_le_key(p, end - p,
210
+
va_arg(args, struct reiserfs_key *));
222
211
break;
223
212
case 'K':
224
-
sprintf_cpu_key(p, va_arg(args, struct cpu_key *));
213
+
p += scnprintf_cpu_key(p, end - p,
214
+
va_arg(args, struct cpu_key *));
225
215
break;
226
216
case 'h':
227
-
sprintf_item_head(p, va_arg(args, struct item_head *));
217
+
p += scnprintf_item_head(p, end - p,
218
+
va_arg(args, struct item_head *));
228
219
break;
229
220
case 't':
230
-
sprintf_direntry(p,
231
-
va_arg(args,
232
-
struct reiserfs_dir_entry *));
221
+
p += scnprintf_direntry(p, end - p,
222
+
va_arg(args, struct reiserfs_dir_entry *));
233
223
break;
234
224
case 'y':
235
-
sprintf_disk_child(p,
236
-
va_arg(args, struct disk_child *));
225
+
p += scnprintf_disk_child(p, end - p,
226
+
va_arg(args, struct disk_child *));
237
227
break;
238
228
case 'z':
239
-
sprintf_block_head(p,
240
-
va_arg(args, struct buffer_head *));
229
+
p += scnprintf_block_head(p, end - p,
230
+
va_arg(args, struct buffer_head *));
241
231
break;
242
232
case 'b':
243
-
sprintf_buffer_head(p,
244
-
va_arg(args, struct buffer_head *));
233
+
p += scnprintf_buffer_head(p, end - p,
234
+
va_arg(args, struct buffer_head *));
245
235
break;
246
236
case 'a':
247
-
sprintf_de_head(p,
248
-
va_arg(args,
249
-
struct reiserfs_de_head *));
237
+
p += scnprintf_de_head(p, end - p,
238
+
va_arg(args, struct reiserfs_de_head *));
250
239
break;
251
240
}
252
241
253
-
p += strlen(p);
254
242
fmt1 = k + 2;
255
243
}
256
-
vsprintf(p, fmt1, args);
244
+
p += vscnprintf(p, end - p, fmt1, args);
245
+
out_unlock:
257
246
spin_unlock(&error_lock);
258
247
259
248
}
+8
include/asm-generic/tlb.h
+8
include/asm-generic/tlb.h
···
265
265
* For now w.r.t page table cache, mark the range_size as PAGE_SIZE
266
266
*/
267
267
268
+
#ifndef pte_free_tlb
268
269
#define pte_free_tlb(tlb, ptep, address) \
269
270
do { \
270
271
__tlb_adjust_range(tlb, address, PAGE_SIZE); \
271
272
__pte_free_tlb(tlb, ptep, address); \
272
273
} while (0)
274
+
#endif
273
275
276
+
#ifndef pmd_free_tlb
274
277
#define pmd_free_tlb(tlb, pmdp, address) \
275
278
do { \
276
279
__tlb_adjust_range(tlb, address, PAGE_SIZE); \
277
280
__pmd_free_tlb(tlb, pmdp, address); \
278
281
} while (0)
282
+
#endif
279
283
280
284
#ifndef __ARCH_HAS_4LEVEL_HACK
285
+
#ifndef pud_free_tlb
281
286
#define pud_free_tlb(tlb, pudp, address) \
282
287
do { \
283
288
__tlb_adjust_range(tlb, address, PAGE_SIZE); \
284
289
__pud_free_tlb(tlb, pudp, address); \
285
290
} while (0)
286
291
#endif
292
+
#endif
287
293
288
294
#ifndef __ARCH_HAS_5LEVEL_HACK
295
+
#ifndef p4d_free_tlb
289
296
#define p4d_free_tlb(tlb, pudp, address) \
290
297
do { \
291
298
__tlb_adjust_range(tlb, address, PAGE_SIZE); \
292
299
__p4d_free_tlb(tlb, pudp, address); \
293
300
} while (0)
301
+
#endif
294
302
#endif
295
303
296
304
#define tlb_migrate_finish(mm) do {} while (0)
-2
mm/gup.c
-2
mm/gup.c
+2
-1
mm/memblock.c
+2
-1
mm/memblock.c
···
227
227
* so we use WARN_ONCE() here to see the stack trace if
228
228
* fail happens.
229
229
*/
230
-
WARN_ONCE(1, "memblock: bottom-up allocation failed, memory hotunplug may be affected\n");
230
+
WARN_ONCE(IS_ENABLED(CONFIG_MEMORY_HOTREMOVE),
231
+
"memblock: bottom-up allocation failed, memory hotremove may be affected\n");
231
232
}
232
233
233
234
return __memblock_find_range_top_down(start, end, size, align, nid,
+12
-17
mm/mmap.c
+12
-17
mm/mmap.c
···
186
186
return next;
187
187
}
188
188
189
-
static int do_brk(unsigned long addr, unsigned long len, struct list_head *uf);
190
-
189
+
static int do_brk_flags(unsigned long addr, unsigned long request, unsigned long flags,
190
+
struct list_head *uf);
191
191
SYSCALL_DEFINE1(brk, unsigned long, brk)
192
192
{
193
193
unsigned long retval;
···
245
245
goto out;
246
246
247
247
/* Ok, looks good - let it rip. */
248
-
if (do_brk(oldbrk, newbrk-oldbrk, &uf) < 0)
248
+
if (do_brk_flags(oldbrk, newbrk-oldbrk, 0, &uf) < 0)
249
249
goto out;
250
250
251
251
set_brk:
···
2929
2929
* anonymous maps. eventually we may be able to do some
2930
2930
* brk-specific accounting here.
2931
2931
*/
2932
-
static int do_brk_flags(unsigned long addr, unsigned long request, unsigned long flags, struct list_head *uf)
2932
+
static int do_brk_flags(unsigned long addr, unsigned long len, unsigned long flags, struct list_head *uf)
2933
2933
{
2934
2934
struct mm_struct *mm = current->mm;
2935
2935
struct vm_area_struct *vma, *prev;
2936
-
unsigned long len;
2937
2936
struct rb_node **rb_link, *rb_parent;
2938
2937
pgoff_t pgoff = addr >> PAGE_SHIFT;
2939
2938
int error;
2940
-
2941
-
len = PAGE_ALIGN(request);
2942
-
if (len < request)
2943
-
return -ENOMEM;
2944
-
if (!len)
2945
-
return 0;
2946
2939
2947
2940
/* Until we need other flags, refuse anything except VM_EXEC. */
2948
2941
if ((flags & (~VM_EXEC)) != 0)
···
3008
3015
return 0;
3009
3016
}
3010
3017
3011
-
static int do_brk(unsigned long addr, unsigned long len, struct list_head *uf)
3012
-
{
3013
-
return do_brk_flags(addr, len, 0, uf);
3014
-
}
3015
-
3016
-
int vm_brk_flags(unsigned long addr, unsigned long len, unsigned long flags)
3018
+
int vm_brk_flags(unsigned long addr, unsigned long request, unsigned long flags)
3017
3019
{
3018
3020
struct mm_struct *mm = current->mm;
3021
+
unsigned long len;
3019
3022
int ret;
3020
3023
bool populate;
3021
3024
LIST_HEAD(uf);
3025
+
3026
+
len = PAGE_ALIGN(request);
3027
+
if (len < request)
3028
+
return -ENOMEM;
3029
+
if (!len)
3030
+
return 0;
3022
3031
3023
3032
if (down_write_killable(&mm->mmap_sem))
3024
3033
return -EINTR;
+7
-1
mm/rmap.c
+7
-1
mm/rmap.c
···
64
64
#include <linux/backing-dev.h>
65
65
#include <linux/page_idle.h>
66
66
#include <linux/memremap.h>
67
+
#include <linux/userfaultfd_k.h>
67
68
68
69
#include <asm/tlbflush.h>
69
70
···
1482
1481
set_pte_at(mm, address, pvmw.pte, pteval);
1483
1482
}
1484
1483
1485
-
} else if (pte_unused(pteval)) {
1484
+
} else if (pte_unused(pteval) && !userfaultfd_armed(vma)) {
1486
1485
/*
1487
1486
* The guest indicated that the page content is of no
1488
1487
* interest anymore. Simply discard the pte, vmscan
1489
1488
* will take care of the rest.
1489
+
* A future reference will then fault in a new zero
1490
+
* page. When userfaultfd is active, we must not drop
1491
+
* this page though, as its main user (postcopy
1492
+
* migration) will not expect userfaults on already
1493
+
* copied pages.
1490
1494
*/
1491
1495
dec_mm_counter(mm, mm_counter(page));
1492
1496
/* We have to invalidate as we cleared the pte */
+2
-1
net/9p/client.c
+2
-1
net/9p/client.c
+3
-3
scripts/checkpatch.pl
+3
-3
scripts/checkpatch.pl
···
5813
5813
defined $stat &&
5814
5814
$stat =~ /^\+(?![^\{]*\{\s*).*\b(\w+)\s*\(.*$String\s*,/s &&
5815
5815
$1 !~ /^_*volatile_*$/) {
5816
-
my $specifier;
5817
-
my $extension;
5818
-
my $bad_specifier = "";
5819
5816
my $stat_real;
5820
5817
5821
5818
my $lc = $stat =~ tr@\n@@;
5822
5819
$lc = $lc + $linenr;
5823
5820
for (my $count = $linenr; $count <= $lc; $count++) {
5821
+
my $specifier;
5822
+
my $extension;
5823
+
my $bad_specifier = "";
5824
5824
my $fmt = get_quoted_string($lines[$count - 1], raw_line($count, 0));
5825
5825
$fmt =~ s/%%//g;
5826
5826