diff --git a/.abf.yml b/.abf.yml index db6a596..602901b 100644 --- a/.abf.yml +++ b/.abf.yml @@ -1,6 +1,6 @@ sources: - linux-5.4.tar.xz: 98ae49ad49397d5a4dcb3ff9a082223edf7c5bbd - patch-5.4.83.xz: fd46a3194568fde38ce5deb974b522c835beed22 + linux-5.10.tar.xz: be0b909f1fbb760cc2d5cf146e1da3b2af0cf899 + patch-5.10.1.xz: bd49d5869b7b8654f0492622893e1b5b56ca245e public_key_GOST_1.pem: b4fb6bf1cf73824944931a8f0c2cb7bf427e0774 public_key_GOST_2.pem: cba209bd331f29031c5d945949b230a8d7a4dc12 public_key_GOST_3.pem: e5a223dd7c556d4d0cac326f5ed9fc12dd769afb diff --git a/0001-AltHa-LSM-module.patch b/0001-AltHa-LSM-module.patch index 024ad6b..e31983e 100644 --- a/0001-AltHa-LSM-module.patch +++ b/0001-AltHa-LSM-module.patch @@ -1,4 +1,4 @@ -From f690c6792f5ca5737627ebf800086d7408f17456 Mon Sep 17 00:00:00 2001 +From e9343095462964e78faadde92bab44a6a13cd4da Mon Sep 17 00:00:00 2001 From: Kernel Bot Date: Wed, 21 Aug 2019 16:11:26 +0300 Subject: [PATCH 1/2] AltHa LSM module @@ -15,7 +15,7 @@ Changelog: * lists handling rewritten * indentation fixed -Rediffed for vanilla kernel 5.4.25 +Rediffed for vanilla kernel 5.10.1 Signed-off-by: Mikhail Novosyolov --- security/Kconfig | 3 +- @@ -29,7 +29,7 @@ Signed-off-by: Mikhail Novosyolov create mode 100644 security/altha/altha_lsm.c diff --git a/security/Kconfig b/security/Kconfig -index 2a1a2d396228..d21a120b66d4 100644 +index 7561f6f99f1d..b7551d9001e6 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -238,6 +238,7 @@ source "security/loadpin/Kconfig" @@ -41,34 +41,34 @@ index 2a1a2d396228..d21a120b66d4 100644 source "security/integrity/Kconfig" @@ -281,7 +282,7 @@ config LSM - default "lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo" if DEFAULT_SECURITY_APPARMOR - default "lockdown,yama,loadpin,safesetid,integrity,tomoyo" if DEFAULT_SECURITY_TOMOYO - default "lockdown,yama,loadpin,safesetid,integrity" if DEFAULT_SECURITY_DAC -- default "lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" -+ default "lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor,altha" + default "lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR + default "lockdown,yama,loadpin,safesetid,integrity,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO + default "lockdown,yama,loadpin,safesetid,integrity,bpf" if DEFAULT_SECURITY_DAC +- default "lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor,bpf" ++ default "lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor,bpf,altha" help A comma-separated list of LSMs, in initialization order. Any LSMs left off this list will be ignored. This can be diff --git a/security/Makefile b/security/Makefile -index be1dd9d2cb2f..7c9628c2017e 100644 +index 3baf435de541..9cc6f5b1b099 100644 --- a/security/Makefile +++ b/security/Makefile -@@ -12,6 +12,7 @@ subdir-$(CONFIG_SECURITY_YAMA) += yama - subdir-$(CONFIG_SECURITY_LOADPIN) += loadpin +@@ -13,6 +13,7 @@ subdir-$(CONFIG_SECURITY_LOADPIN) += loadpin subdir-$(CONFIG_SECURITY_SAFESETID) += safesetid subdir-$(CONFIG_SECURITY_LOCKDOWN_LSM) += lockdown + subdir-$(CONFIG_BPF_LSM) += bpf +subdir-$(CONFIG_SECURITY_ALTHA) += altha # always enable default capabilities obj-y += commoncap.o -@@ -29,6 +30,7 @@ obj-$(CONFIG_SECURITY_YAMA) += yama/ - obj-$(CONFIG_SECURITY_LOADPIN) += loadpin/ - obj-$(CONFIG_SECURITY_SAFESETID) += safesetid/ +@@ -32,6 +33,7 @@ obj-$(CONFIG_SECURITY_SAFESETID) += safesetid/ obj-$(CONFIG_SECURITY_LOCKDOWN_LSM) += lockdown/ + obj-$(CONFIG_CGROUPS) += device_cgroup.o + obj-$(CONFIG_BPF_LSM) += bpf/ +obj-$(CONFIG_SECURITY_ALTHA) += altha/ - obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o # Object integrity file lists + subdir-$(CONFIG_INTEGRITY) += integrity diff --git a/security/altha/Kconfig b/security/altha/Kconfig new file mode 100644 index 000000000000..4bafdef4e58e @@ -427,5 +427,5 @@ index 000000000000..7d1cc8f8a1a7 +}; + -- -2.20.1 +2.25.1 diff --git a/fs-aufs.patch b/0001-Apply-AUFS-5.patch similarity index 98% rename from fs-aufs.patch rename to 0001-Apply-AUFS-5.patch index da82948..b8c5b10 100644 --- a/fs-aufs.patch +++ b/0001-Apply-AUFS-5.patch @@ -1,5 +1,233 @@ -From: aufs <> -Subject: aufs +From 71f7f6257f0bd1985837051f528c489e047b5678 Mon Sep 17 00:00:00 2001 +From: Mikhail Novosyolov +Date: Sun, 20 Dec 2020 18:28:09 +0300 +Subject: [PATCH] Apply AUFS 5 + +Rediffed from https://abf.io/kernels_stable/kernel-5.9/raw/22b55ffc8e/fs-aufs.patch + +Signed-off-by: Mikhail Novosyolov +--- + Documentation/ABI/testing/debugfs-aufs | 55 + + Documentation/ABI/testing/sysfs-aufs | 31 + + Documentation/filesystems/aufs/README | 401 ++++ + .../filesystems/aufs/design/01intro.txt | 171 ++ + .../filesystems/aufs/design/02struct.txt | 258 +++ + .../filesystems/aufs/design/03atomic_open.txt | 85 + + .../filesystems/aufs/design/03lookup.txt | 113 + + .../filesystems/aufs/design/04branch.txt | 74 + + .../filesystems/aufs/design/05wbr_policy.txt | 64 + + .../filesystems/aufs/design/06dirren.dot | 31 + + .../filesystems/aufs/design/06dirren.txt | 102 + + .../filesystems/aufs/design/06fhsm.txt | 120 + + .../filesystems/aufs/design/06mmap.txt | 72 + + .../filesystems/aufs/design/06xattr.txt | 96 + + .../filesystems/aufs/design/07export.txt | 58 + + .../filesystems/aufs/design/08shwh.txt | 52 + + .../filesystems/aufs/design/10dynop.txt | 47 + + MAINTAINERS | 13 + + drivers/block/loop.c | 18 + + fs/Kconfig | 1 + + fs/Makefile | 1 + + fs/aufs/Kconfig | 199 ++ + fs/aufs/Makefile | 46 + + fs/aufs/aufs.h | 62 + + fs/aufs/branch.c | 1427 ++++++++++++ + fs/aufs/branch.h | 366 +++ + fs/aufs/conf.mk | 40 + + fs/aufs/cpup.c | 1458 ++++++++++++ + fs/aufs/cpup.h | 100 + + fs/aufs/dbgaufs.c | 526 +++++ + fs/aufs/dbgaufs.h | 53 + + fs/aufs/dcsub.c | 225 ++ + fs/aufs/dcsub.h | 137 ++ + fs/aufs/debug.c | 441 ++++ + fs/aufs/debug.h | 226 ++ + fs/aufs/dentry.c | 1154 ++++++++++ + fs/aufs/dentry.h | 268 +++ + fs/aufs/dinfo.c | 554 +++++ + fs/aufs/dir.c | 763 +++++++ + fs/aufs/dir.h | 134 ++ + fs/aufs/dirren.c | 1316 +++++++++++ + fs/aufs/dirren.h | 140 ++ + fs/aufs/dynop.c | 367 +++ + fs/aufs/dynop.h | 77 + + fs/aufs/export.c | 838 +++++++ + fs/aufs/f_op.c | 819 +++++++ + fs/aufs/fhsm.c | 427 ++++ + fs/aufs/file.c | 863 ++++++++ + fs/aufs/file.h | 342 +++ + fs/aufs/finfo.c | 149 ++ + fs/aufs/fstype.h | 401 ++++ + fs/aufs/hbl.h | 65 + + fs/aufs/hfsnotify.c | 288 +++ + fs/aufs/hfsplus.c | 60 + + fs/aufs/hnotify.c | 715 ++++++ + fs/aufs/i_op.c | 1502 +++++++++++++ + fs/aufs/i_op_add.c | 936 ++++++++ + fs/aufs/i_op_del.c | 513 +++++ + fs/aufs/i_op_ren.c | 1250 +++++++++++ + fs/aufs/iinfo.c | 286 +++ + fs/aufs/inode.c | 529 +++++ + fs/aufs/inode.h | 698 ++++++ + fs/aufs/ioctl.c | 220 ++ + fs/aufs/lcnt.h | 186 ++ + fs/aufs/loop.c | 148 ++ + fs/aufs/loop.h | 55 + + fs/aufs/magic.mk | 31 + + fs/aufs/module.c | 273 +++ + fs/aufs/module.h | 166 ++ + fs/aufs/mvdown.c | 706 ++++++ + fs/aufs/opts.c | 1880 ++++++++++++++++ + fs/aufs/opts.h | 225 ++ + fs/aufs/plink.c | 516 +++++ + fs/aufs/poll.c | 51 + + fs/aufs/posix_acl.c | 105 + + fs/aufs/procfs.c | 170 ++ + fs/aufs/rdu.c | 384 ++++ + fs/aufs/rwsem.h | 73 + + fs/aufs/sbinfo.c | 314 +++ + fs/aufs/super.c | 1047 +++++++++ + fs/aufs/super.h | 589 +++++ + fs/aufs/sysaufs.c | 93 + + fs/aufs/sysaufs.h | 102 + + fs/aufs/sysfs.c | 374 ++++ + fs/aufs/sysrq.c | 149 ++ + fs/aufs/vdir.c | 896 ++++++++ + fs/aufs/vfsub.c | 895 ++++++++ + fs/aufs/vfsub.h | 354 +++ + fs/aufs/wbr_policy.c | 830 +++++++ + fs/aufs/whout.c | 1062 +++++++++ + fs/aufs/whout.h | 86 + + fs/aufs/wkq.c | 372 ++++ + fs/aufs/wkq.h | 89 + + fs/aufs/xattr.c | 356 +++ + fs/aufs/xino.c | 1966 +++++++++++++++++ + fs/dcache.c | 4 +- + fs/exec.c | 1 + + fs/fcntl.c | 5 +- + fs/file_table.c | 2 + + fs/inode.c | 7 +- + fs/namespace.c | 9 + + fs/notify/group.c | 1 + + fs/open.c | 1 + + fs/proc/base.c | 2 +- + fs/proc/nommu.c | 5 +- + fs/proc/task_mmu.c | 7 +- + fs/proc/task_nommu.c | 5 +- + fs/read_write.c | 26 + + fs/splice.c | 12 +- + fs/sync.c | 3 +- + fs/xattr.c | 1 + + include/linux/fs.h | 10 + + include/linux/lockdep.h | 3 + + include/linux/mm.h | 22 + + include/linux/mm_types.h | 2 + + include/linux/mnt_namespace.h | 3 + + include/linux/splice.h | 6 + + include/uapi/linux/aufs_type.h | 452 ++++ + kernel/fork.c | 2 +- + kernel/locking/lockdep.c | 4 +- + kernel/task_work.c | 1 + + mm/Makefile | 2 +- + mm/filemap.c | 2 +- + mm/mmap.c | 33 +- + mm/nommu.c | 10 +- + mm/prfile.c | 86 + + security/security.c | 8 + + 127 files changed, 38091 insertions(+), 32 deletions(-) + create mode 100644 Documentation/ABI/testing/debugfs-aufs + create mode 100644 Documentation/ABI/testing/sysfs-aufs + create mode 100644 Documentation/filesystems/aufs/README + create mode 100644 Documentation/filesystems/aufs/design/01intro.txt + create mode 100644 Documentation/filesystems/aufs/design/02struct.txt + create mode 100644 Documentation/filesystems/aufs/design/03atomic_open.txt + create mode 100644 Documentation/filesystems/aufs/design/03lookup.txt + create mode 100644 Documentation/filesystems/aufs/design/04branch.txt + create mode 100644 Documentation/filesystems/aufs/design/05wbr_policy.txt + create mode 100644 Documentation/filesystems/aufs/design/06dirren.dot + create mode 100644 Documentation/filesystems/aufs/design/06dirren.txt + create mode 100644 Documentation/filesystems/aufs/design/06fhsm.txt + create mode 100644 Documentation/filesystems/aufs/design/06mmap.txt + create mode 100644 Documentation/filesystems/aufs/design/06xattr.txt + create mode 100644 Documentation/filesystems/aufs/design/07export.txt + create mode 100644 Documentation/filesystems/aufs/design/08shwh.txt + create mode 100644 Documentation/filesystems/aufs/design/10dynop.txt + create mode 100644 fs/aufs/Kconfig + create mode 100644 fs/aufs/Makefile + create mode 100644 fs/aufs/aufs.h + create mode 100644 fs/aufs/branch.c + create mode 100644 fs/aufs/branch.h + create mode 100644 fs/aufs/conf.mk + create mode 100644 fs/aufs/cpup.c + create mode 100644 fs/aufs/cpup.h + create mode 100644 fs/aufs/dbgaufs.c + create mode 100644 fs/aufs/dbgaufs.h + create mode 100644 fs/aufs/dcsub.c + create mode 100644 fs/aufs/dcsub.h + create mode 100644 fs/aufs/debug.c + create mode 100644 fs/aufs/debug.h + create mode 100644 fs/aufs/dentry.c + create mode 100644 fs/aufs/dentry.h + create mode 100644 fs/aufs/dinfo.c + create mode 100644 fs/aufs/dir.c + create mode 100644 fs/aufs/dir.h + create mode 100644 fs/aufs/dirren.c + create mode 100644 fs/aufs/dirren.h + create mode 100644 fs/aufs/dynop.c + create mode 100644 fs/aufs/dynop.h + create mode 100644 fs/aufs/export.c + create mode 100644 fs/aufs/f_op.c + create mode 100644 fs/aufs/fhsm.c + create mode 100644 fs/aufs/file.c + create mode 100644 fs/aufs/file.h + create mode 100644 fs/aufs/finfo.c + create mode 100644 fs/aufs/fstype.h + create mode 100644 fs/aufs/hbl.h + create mode 100644 fs/aufs/hfsnotify.c + create mode 100644 fs/aufs/hfsplus.c + create mode 100644 fs/aufs/hnotify.c + create mode 100644 fs/aufs/i_op.c + create mode 100644 fs/aufs/i_op_add.c + create mode 100644 fs/aufs/i_op_del.c + create mode 100644 fs/aufs/i_op_ren.c + create mode 100644 fs/aufs/iinfo.c + create mode 100644 fs/aufs/inode.c + create mode 100644 fs/aufs/inode.h + create mode 100644 fs/aufs/ioctl.c + create mode 100644 fs/aufs/lcnt.h + create mode 100644 fs/aufs/loop.c + create mode 100644 fs/aufs/loop.h + create mode 100644 fs/aufs/magic.mk + create mode 100644 fs/aufs/module.c + create mode 100644 fs/aufs/module.h + create mode 100644 fs/aufs/mvdown.c + create mode 100644 fs/aufs/opts.c + create mode 100644 fs/aufs/opts.h + create mode 100644 fs/aufs/plink.c + create mode 100644 fs/aufs/poll.c + create mode 100644 fs/aufs/posix_acl.c + create mode 100644 fs/aufs/procfs.c + create mode 100644 fs/aufs/rdu.c + create mode 100644 fs/aufs/rwsem.h + create mode 100644 fs/aufs/sbinfo.c + create mode 100644 fs/aufs/super.c + create mode 100644 fs/aufs/super.h + create mode 100644 fs/aufs/sysaufs.c + create mode 100644 fs/aufs/sysaufs.h + create mode 100644 fs/aufs/sysfs.c + create mode 100644 fs/aufs/sysrq.c + create mode 100644 fs/aufs/vdir.c + create mode 100644 fs/aufs/vfsub.c + create mode 100644 fs/aufs/vfsub.h + create mode 100644 fs/aufs/wbr_policy.c + create mode 100644 fs/aufs/whout.c + create mode 100644 fs/aufs/whout.h + create mode 100644 fs/aufs/wkq.c + create mode 100644 fs/aufs/wkq.h + create mode 100644 fs/aufs/xattr.c + create mode 100644 fs/aufs/xino.c + create mode 100644 include/uapi/linux/aufs_type.h + create mode 100644 mm/prfile.c diff --git a/Documentation/ABI/testing/debugfs-aufs b/Documentation/ABI/testing/debugfs-aufs new file mode 100644 @@ -1934,10 +2162,10 @@ index 000000000000..d55cae285dff +Currently this approach is applied to address_space_operations for +regular files only. diff --git a/MAINTAINERS b/MAINTAINERS -index fe6fa5d3a63e..854ce5d3374e 100644 +index 281de213ef47..407ae5c24566 100644 --- a/MAINTAINERS +++ b/MAINTAINERS -@@ -2832,6 +2832,19 @@ F: include/linux/audit.h +@@ -3009,6 +3009,19 @@ F: include/linux/audit.h F: include/uapi/linux/audit.h F: kernel/audit* @@ -1958,10 +2186,10 @@ index fe6fa5d3a63e..854ce5d3374e 100644 M: Miguel Ojeda Sandonis S: Maintained diff --git a/drivers/block/loop.c b/drivers/block/loop.c -index 57ed6b70d295..d0c30cbcacbe 100644 +index a58084c2ed7c..7be7ca3f5454 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c -@@ -749,6 +749,24 @@ static int loop_change_fd(struct loop_device *lo, struct block_device *bdev, +@@ -765,6 +765,24 @@ static int loop_change_fd(struct loop_device *lo, struct block_device *bdev, return error; } @@ -1987,25 +2215,25 @@ index 57ed6b70d295..d0c30cbcacbe 100644 static ssize_t loop_attr_show(struct device *dev, char *page, diff --git a/fs/Kconfig b/fs/Kconfig -index 2501e6f1f965..38a6a5991da9 100644 +index aa4c12282301..b29bad13b249 100644 --- a/fs/Kconfig +++ b/fs/Kconfig -@@ -264,6 +264,7 @@ source "fs/pstore/Kconfig" - source "fs/sysv/Kconfig" +@@ -288,6 +288,7 @@ source "fs/sysv/Kconfig" source "fs/ufs/Kconfig" source "fs/erofs/Kconfig" + source "fs/vboxsf/Kconfig" +source "fs/aufs/Kconfig" endif # MISC_FILESYSTEMS diff --git a/fs/Makefile b/fs/Makefile -index 14231b4cf383..8765e191ebe0 100644 +index 999d1a23f036..0cd76857ca76 100644 --- a/fs/Makefile +++ b/fs/Makefile -@@ -132,3 +132,4 @@ obj-$(CONFIG_CEPH_FS) += ceph/ - obj-$(CONFIG_PSTORE) += pstore/ - obj-$(CONFIG_EFIVAR_FS) += efivarfs/ +@@ -136,3 +136,4 @@ obj-$(CONFIG_EFIVAR_FS) += efivarfs/ obj-$(CONFIG_EROFS_FS) += erofs/ + obj-$(CONFIG_VBOXSF_FS) += vboxsf/ + obj-$(CONFIG_ZONEFS_FS) += zonefs/ +obj-$(CONFIG_AUFS_FS) += aufs/ diff --git a/fs/aufs/Kconfig b/fs/aufs/Kconfig new file mode 100644 @@ -2334,10 +2562,10 @@ index 000000000000..9a573445876f +#endif /* __AUFS_H__ */ diff --git a/fs/aufs/branch.c b/fs/aufs/branch.c new file mode 100644 -index 000000000000..1f141fc8ffed +index 000000000000..26d41e1bc0c3 --- /dev/null +++ b/fs/aufs/branch.c -@@ -0,0 +1,1428 @@ +@@ -0,0 +1,1427 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2005-2020 Junjiro R. Okajima @@ -3630,11 +3858,10 @@ index 000000000000..1f141fc8ffed + spin_unlock(&hf->f_lock); + if (writer) { + h_inode = file_inode(hf); ++ if (hf->f_mode & FMODE_READ) ++ i_readcount_inc(h_inode); + put_write_access(h_inode); + __mnt_drop_write(hf->f_path.mnt); -+ if ((hf->f_mode & (FMODE_READ | FMODE_WRITE)) -+ == FMODE_READ) -+ i_readcount_inc(h_inode); + } + } + @@ -17260,7 +17487,7 @@ index 000000000000..231edd1b4753 +} diff --git a/fs/aufs/i_op.c b/fs/aufs/i_op.c new file mode 100644 -index 000000000000..fc565a70cf57 +index 000000000000..2d09f80153b2 --- /dev/null +++ b/fs/aufs/i_op.c @@ -0,0 +1,1502 @@ @@ -17915,7 +18142,7 @@ index 000000000000..fc565a70cf57 +{ + if (p->hdir) { + au_pin_hdir_set_owner(p, p->task); -+ rwsem_release(&p->hdir->hi_inode->i_rwsem.dep_map, 1, _RET_IP_); ++ rwsem_release(&p->hdir->hi_inode->i_rwsem.dep_map, _RET_IP_); + } +} + @@ -27656,10 +27883,10 @@ index 000000000000..0789335650de +} diff --git a/fs/aufs/procfs.c b/fs/aufs/procfs.c new file mode 100644 -index 000000000000..20bb15d45472 +index 000000000000..50ee0a9c1bcb --- /dev/null +++ b/fs/aufs/procfs.c -@@ -0,0 +1,171 @@ +@@ -0,0 +1,170 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2010-2020 Junjiro R. Okajima @@ -27791,10 +28018,9 @@ index 000000000000..20bb15d45472 + return err; +} + -+static const struct file_operations au_procfs_plm_fop = { -+ .write = au_procfs_plm_write, -+ .release = au_procfs_plm_release, -+ .owner = THIS_MODULE ++static const struct proc_ops au_procfs_plm_op = { ++ .proc_write = au_procfs_plm_write, ++ .proc_release = au_procfs_plm_release +}; + +/* ---------------------------------------------------------------------- */ @@ -27818,7 +28044,7 @@ index 000000000000..20bb15d45472 + goto out; + + entry = proc_create(AUFS_PLINK_MAINT_NAME, S_IFREG | 0200, -+ au_procfs_dir, &au_procfs_plm_fop); ++ au_procfs_dir, &au_procfs_plm_op); + if (unlikely(!entry)) + goto out_dir; + @@ -31914,10 +32140,10 @@ index 000000000000..5ba006b80724 +} diff --git a/fs/aufs/vfsub.c b/fs/aufs/vfsub.c new file mode 100644 -index 000000000000..e954cd7d0110 +index 000000000000..a5e10c5c004f --- /dev/null +++ b/fs/aufs/vfsub.c -@@ -0,0 +1,902 @@ +@@ -0,0 +1,895 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2005-2020 Junjiro R. Okajima @@ -31996,15 +32222,8 @@ index 000000000000..e954cd7d0110 + +struct file *vfsub_dentry_open(struct path *path, int flags) +{ -+ struct file *file; -+ -+ file = dentry_open(path, flags /* | __FMODE_NONOTIFY */, ++ return dentry_open(path, flags /* | __FMODE_NONOTIFY */, + current_cred()); -+ if (!IS_ERR_OR_NULL(file) -+ && (file->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) -+ i_readcount_inc(d_inode(path->dentry)); -+ -+ return file; +} + +struct file *vfsub_filp_open(const char *path, int oflags, int mode) @@ -35178,7 +35397,7 @@ index 000000000000..65459ba0e790 +#endif /* __AUFS_WHOUT_H__ */ diff --git a/fs/aufs/wkq.c b/fs/aufs/wkq.c new file mode 100644 -index 000000000000..9d92e1fd2e4b +index 000000000000..4d66bb2dc657 --- /dev/null +++ b/fs/aufs/wkq.c @@ -0,0 +1,372 @@ @@ -35389,7 +35608,7 @@ index 000000000000..9d92e1fd2e4b + if (!hl) + return; + while ((p = *hl++)) /* assignment */ -+ rwsem_release(p->instance, 0, /*p->acquire_ip*/_RET_IP_); ++ rwsem_release(p->instance, /*p->acquire_ip*/_RET_IP_); +} +#endif + @@ -37984,10 +38203,10 @@ index 000000000000..b3152c0ce0b5 + return err; +} diff --git a/fs/dcache.c b/fs/dcache.c -index e88cf0554e65..00d7e6a08026 100644 +index ea0485861d93..30dec552278d 100644 --- a/fs/dcache.c +++ b/fs/dcache.c -@@ -1264,7 +1264,7 @@ enum d_walk_ret { +@@ -1285,7 +1285,7 @@ enum d_walk_ret { * * The @enter() callbacks are called with d_lock held. */ @@ -37996,7 +38215,7 @@ index e88cf0554e65..00d7e6a08026 100644 enum d_walk_ret (*enter)(void *, struct dentry *)) { struct dentry *this_parent; -@@ -1369,6 +1369,7 @@ static void d_walk(struct dentry *parent, void *data, +@@ -1390,6 +1390,7 @@ static void d_walk(struct dentry *parent, void *data, seq = 1; goto again; } @@ -38004,7 +38223,7 @@ index e88cf0554e65..00d7e6a08026 100644 struct check_mount { struct vfsmount *mnt; -@@ -2914,6 +2915,7 @@ void d_exchange(struct dentry *dentry1, struct dentry *dentry2) +@@ -2935,6 +2936,7 @@ void d_exchange(struct dentry *dentry1, struct dentry *dentry2) write_sequnlock(&rename_lock); } @@ -38013,10 +38232,10 @@ index e88cf0554e65..00d7e6a08026 100644 /** * d_ancestor - search for an ancestor diff --git a/fs/exec.c b/fs/exec.c -index d62cd1d71098..6f5bd2b1a200 100644 +index 547a2390baf5..18d51d0face6 100644 --- a/fs/exec.c +++ b/fs/exec.c -@@ -110,6 +110,7 @@ bool path_noexec(const struct path *path) +@@ -113,6 +113,7 @@ bool path_noexec(const struct path *path) return (path->mnt->mnt_flags & MNT_NOEXEC) || (path->mnt->mnt_sb->s_iflags & SB_I_NOEXEC); } @@ -38025,7 +38244,7 @@ index d62cd1d71098..6f5bd2b1a200 100644 #ifdef CONFIG_USELIB /* diff --git a/fs/fcntl.c b/fs/fcntl.c -index 3d40771e8e7c..0468c845190f 100644 +index 19ac5baad50f..b18afdf81e76 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c @@ -32,7 +32,7 @@ @@ -38055,7 +38274,7 @@ index 3d40771e8e7c..0468c845190f 100644 static void f_modown(struct file *filp, struct pid *pid, enum pid_type type, int force) diff --git a/fs/file_table.c b/fs/file_table.c -index 30d55c9a1744..34b9bbf4c556 100644 +index 709ada3151da..27a3e3c9f2a8 100644 --- a/fs/file_table.c +++ b/fs/file_table.c @@ -162,6 +162,7 @@ struct file *alloc_empty_file(int flags, const struct cred *cred) @@ -38066,7 +38285,7 @@ index 30d55c9a1744..34b9bbf4c556 100644 /* * Variant of alloc_empty_file() that doesn't check and modify nr_files. -@@ -375,6 +376,7 @@ void __fput_sync(struct file *file) +@@ -376,6 +377,7 @@ void __fput_sync(struct file *file) } EXPORT_SYMBOL(fput); @@ -38075,10 +38294,10 @@ index 30d55c9a1744..34b9bbf4c556 100644 void __init files_init(void) { diff --git a/fs/inode.c b/fs/inode.c -index c5267a4db0f5..bff1c4d26e06 100644 +index 9d78c37b00b8..9f23bc13f59f 100644 --- a/fs/inode.c +++ b/fs/inode.c -@@ -893,6 +893,8 @@ unsigned int get_next_ino(void) +@@ -896,6 +896,8 @@ unsigned int get_next_ino(void) unsigned int *p = &get_cpu_var(last_ino); unsigned int res = *p; @@ -38087,7 +38306,7 @@ index c5267a4db0f5..bff1c4d26e06 100644 #ifdef CONFIG_SMP if (unlikely((res & (LAST_INO_BATCH-1)) == 0)) { static atomic_t shared_last_ino; -@@ -905,7 +907,7 @@ unsigned int get_next_ino(void) +@@ -908,7 +910,7 @@ unsigned int get_next_ino(void) res++; /* get_next_ino should not provide a 0 inode number */ if (unlikely(!res)) @@ -38096,25 +38315,23 @@ index c5267a4db0f5..bff1c4d26e06 100644 *p = res; put_cpu_var(last_ino); return res; -@@ -1681,7 +1683,7 @@ EXPORT_SYMBOL(generic_update_time); +@@ -1770,12 +1772,13 @@ EXPORT_SYMBOL(generic_update_time); * This does the actual work of updating an inodes time or version. Must have * had called mnt_want_write() before calling this. */ -static int update_time(struct inode *inode, struct timespec64 *time, int flags) +int update_time(struct inode *inode, struct timespec64 *time, int flags) { - int (*update_time)(struct inode *, struct timespec64 *, int); - -@@ -1690,6 +1692,7 @@ static int update_time(struct inode *inode, struct timespec64 *time, int flags) - - return update_time(inode, time, flags); + if (inode->i_op->update_time) + return inode->i_op->update_time(inode, time, flags); + return generic_update_time(inode, time, flags); } +EXPORT_SYMBOL_GPL(update_time); /** * touch_atime - update the access time diff --git a/fs/namespace.c b/fs/namespace.c -index 2adfe7b166a3..516c2f397d33 100644 +index cebaa3e81794..38078cbede43 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -431,6 +431,7 @@ void __mnt_drop_write(struct vfsmount *mnt) @@ -38125,7 +38342,7 @@ index 2adfe7b166a3..516c2f397d33 100644 /** * mnt_drop_write - give up write access to a mount -@@ -776,6 +777,13 @@ static inline int check_mnt(struct mount *mnt) +@@ -792,6 +793,13 @@ static inline int check_mnt(struct mount *mnt) return mnt->mnt_ns == current->nsproxy->mnt_ns; } @@ -38139,7 +38356,7 @@ index 2adfe7b166a3..516c2f397d33 100644 /* * vfsmount lock must be held for write */ -@@ -1897,6 +1905,7 @@ int iterate_mounts(int (*f)(struct vfsmount *, void *), void *arg, +@@ -1955,6 +1963,7 @@ int iterate_mounts(int (*f)(struct vfsmount *, void *), void *arg, } return 0; } @@ -38148,10 +38365,10 @@ index 2adfe7b166a3..516c2f397d33 100644 static void lock_mnt_tree(struct mount *mnt) { diff --git a/fs/notify/group.c b/fs/notify/group.c -index 133f723aca07..0b9f7f6d8390 100644 +index a4a4b1c64d32..86dc2efb1850 100644 --- a/fs/notify/group.c +++ b/fs/notify/group.c -@@ -99,6 +99,7 @@ void fsnotify_get_group(struct fsnotify_group *group) +@@ -100,6 +100,7 @@ void fsnotify_get_group(struct fsnotify_group *group) { refcount_inc(&group->refcnt); } @@ -38160,7 +38377,7 @@ index 133f723aca07..0b9f7f6d8390 100644 /* * Drop a reference to a group. Free it if it's through. diff --git a/fs/open.c b/fs/open.c -index dcbd01611237..bfbba52d86d4 100644 +index 9af548fb841b..2ff09b709f7b 100644 --- a/fs/open.c +++ b/fs/open.c @@ -65,6 +65,7 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs, @@ -38172,10 +38389,10 @@ index dcbd01611237..bfbba52d86d4 100644 long vfs_truncate(const struct path *path, loff_t length) { diff --git a/fs/proc/base.c b/fs/proc/base.c -index ebea9501afb8..dc7edc5f7267 100644 +index b362523a9829..669448bb8a73 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c -@@ -2037,7 +2037,7 @@ static int map_files_get_link(struct dentry *dentry, struct path *path) +@@ -2184,7 +2184,7 @@ static int map_files_get_link(struct dentry *dentry, struct path *path) rc = -ENOENT; vma = find_exact_vma(mm, vm_start, vm_end); if (vma && vma->vm_file) { @@ -38185,10 +38402,10 @@ index ebea9501afb8..dc7edc5f7267 100644 rc = 0; } diff --git a/fs/proc/nommu.c b/fs/proc/nommu.c -index 14c2badb8fd9..65afe5287e43 100644 +index 13452b32e2bd..38acccfef9d4 100644 --- a/fs/proc/nommu.c +++ b/fs/proc/nommu.c -@@ -41,7 +41,10 @@ static int nommu_region_show(struct seq_file *m, struct vm_region *region) +@@ -40,7 +40,10 @@ static int nommu_region_show(struct seq_file *m, struct vm_region *region) file = region->vm_file; if (file) { @@ -38201,10 +38418,10 @@ index 14c2badb8fd9..65afe5287e43 100644 ino = inode->i_ino; } diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index 9442631fd4af..1fa8a5fcdeee 100644 +index ee5a235b3056..80a46dcede7b 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c -@@ -309,7 +309,10 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma) +@@ -280,7 +280,10 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma) const char *name = NULL; if (file) { @@ -38216,7 +38433,7 @@ index 9442631fd4af..1fa8a5fcdeee 100644 dev = inode->i_sb->s_dev; ino = inode->i_ino; pgoff = ((loff_t)vma->vm_pgoff) << PAGE_SHIFT; -@@ -1819,7 +1822,7 @@ static int show_numa_map(struct seq_file *m, void *v) +@@ -1855,7 +1858,7 @@ static int show_numa_map(struct seq_file *m, void *v) struct proc_maps_private *proc_priv = &numa_priv->proc_maps; struct vm_area_struct *vma = v; struct numa_maps *md = &numa_priv->md; @@ -38226,7 +38443,7 @@ index 9442631fd4af..1fa8a5fcdeee 100644 struct mempolicy *pol; char buffer[64]; diff --git a/fs/proc/task_nommu.c b/fs/proc/task_nommu.c -index 7907e6419e57..d17209cf52bc 100644 +index a6d21fc0033c..02c2de31196e 100644 --- a/fs/proc/task_nommu.c +++ b/fs/proc/task_nommu.c @@ -155,7 +155,10 @@ static int nommu_vma_show(struct seq_file *m, struct vm_area_struct *vma) @@ -38242,19 +38459,19 @@ index 7907e6419e57..d17209cf52bc 100644 ino = inode->i_ino; pgoff = (loff_t)vma->vm_pgoff << PAGE_SHIFT; diff --git a/fs/read_write.c b/fs/read_write.c -index 7458fccc59e1..9f5ff742f870 100644 +index 75f764b43418..4ba9dca3af5b 100644 --- a/fs/read_write.c +++ b/fs/read_write.c -@@ -468,6 +468,7 @@ ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos) - +@@ -503,6 +503,7 @@ ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos) + inc_syscr(current); return ret; } +EXPORT_SYMBOL_GPL(vfs_read); static ssize_t new_sync_write(struct file *filp, const char __user *buf, size_t len, loff_t *ppos) { -@@ -498,6 +499,30 @@ static ssize_t __vfs_write(struct file *file, const char __user *p, - return -EINVAL; +@@ -522,6 +523,30 @@ static ssize_t new_sync_write(struct file *filp, const char __user *buf, size_t + return ret; } +vfs_readf_t vfs_readf(struct file *file) @@ -38281,11 +38498,11 @@ index 7458fccc59e1..9f5ff742f870 100644 +} +EXPORT_SYMBOL_GPL(vfs_writef); + + /* caller is responsible for file_start_write/file_end_write */ ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos) { - mm_segment_t old_fs; -@@ -566,6 +591,7 @@ ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_ - +@@ -613,6 +638,7 @@ ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_ + file_end_write(file); return ret; } +EXPORT_SYMBOL_GPL(vfs_write); @@ -38293,10 +38510,10 @@ index 7458fccc59e1..9f5ff742f870 100644 /* file_ppos returns &file->f_pos or NULL if file is stream */ static inline loff_t *file_ppos(struct file *file) diff --git a/fs/splice.c b/fs/splice.c -index e509239d7e06..d47bcda3ae68 100644 +index 866d5c2367b2..3e1787cae69a 100644 --- a/fs/splice.c +++ b/fs/splice.c -@@ -834,8 +834,8 @@ EXPORT_SYMBOL(generic_splice_sendpage); +@@ -756,8 +756,8 @@ static int warn_unsupported(struct file *file, const char *op) /* * Attempt to initiate a splice from pipe to file. */ @@ -38305,14 +38522,9 @@ index e509239d7e06..d47bcda3ae68 100644 +long do_splice_from(struct pipe_inode_info *pipe, struct file *out, + loff_t *ppos, size_t len, unsigned int flags) { - ssize_t (*splice_write)(struct pipe_inode_info *, struct file *, - loff_t *, size_t, unsigned int); -@@ -847,13 +847,14 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out, - - return splice_write(pipe, out, ppos, len, flags); - } -+EXPORT_SYMBOL_GPL(do_splice_from); - + if (unlikely(!out->f_op->splice_write)) + return warn_unsupported(out, "write"); +@@ -767,9 +767,9 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out, /* * Attempt to initiate a splice from a file to a pipe. */ @@ -38323,18 +38535,26 @@ index e509239d7e06..d47bcda3ae68 100644 + struct pipe_inode_info *pipe, size_t len, + unsigned int flags) { - ssize_t (*splice_read)(struct file *, loff_t *, - struct pipe_inode_info *, size_t, unsigned int); -@@ -876,6 +877,7 @@ static long do_splice_to(struct file *in, loff_t *ppos, + int ret; - return splice_read(in, ppos, pipe, len, flags); +@@ -787,6 +787,7 @@ static long do_splice_to(struct file *in, loff_t *ppos, + return warn_unsupported(in, "read"); + return in->f_op->splice_read(in, ppos, pipe, len, flags); + } ++EXPORT_SYMBOL_GPL(do_splice_from); + + /** + * splice_direct_to_actor - splices data directly between two non-pipes +@@ -933,6 +934,7 @@ static int direct_splice_actor(struct pipe_inode_info *pipe, + return do_splice_from(pipe, file, sd->opos, sd->total_len, + sd->flags); } +EXPORT_SYMBOL_GPL(do_splice_to); /** - * splice_direct_to_actor - splices data directly between two non-pipes + * do_splice_direct - splices data directly between two files diff --git a/fs/sync.c b/fs/sync.c -index 4d1ff010bc5a..67c66358f3fe 100644 +index 1373a610dc78..fa5c7fba7f1b 100644 --- a/fs/sync.c +++ b/fs/sync.c @@ -28,7 +28,7 @@ @@ -38355,10 +38575,10 @@ index 4d1ff010bc5a..67c66358f3fe 100644 /* * Write out and wait upon all dirty data associated with this diff --git a/fs/xattr.c b/fs/xattr.c -index 90dd78f0eb27..40b01dd1b14a 100644 +index cd7a563e8bcd..7d989d57b0f0 100644 --- a/fs/xattr.c +++ b/fs/xattr.c -@@ -296,6 +296,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, +@@ -360,6 +360,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, *xattr_value = value; return error; } @@ -38367,10 +38587,10 @@ index 90dd78f0eb27..40b01dd1b14a 100644 ssize_t __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name, diff --git a/include/linux/fs.h b/include/linux/fs.h -index 5bd384dbdca5..ae20eb35c7f6 100644 +index 8667d0cdc71e..097457929cdc 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h -@@ -1350,6 +1350,7 @@ extern void fasync_free(struct fasync_struct *); +@@ -1332,6 +1332,7 @@ extern void fasync_free(struct fasync_struct *); /* can be called from interrupts */ extern void kill_fasync(struct fasync_struct **, int, int); @@ -38386,9 +38606,9 @@ index 5bd384dbdca5..ae20eb35c7f6 100644 int (*flock) (struct file *, int, struct file_lock *); ssize_t (*splice_write)(struct pipe_inode_info *, struct file *, loff_t *, size_t, unsigned int); ssize_t (*splice_read)(struct file *, loff_t *, struct pipe_inode_info *, size_t, unsigned int); -@@ -1913,6 +1915,12 @@ ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector, - struct iovec *fast_pointer, - struct iovec **ret_pointer); +@@ -1908,6 +1910,12 @@ static inline int call_mmap(struct file *file, struct vm_area_struct *vma) + return file->f_op->mmap(file, vma); + } +typedef ssize_t (*vfs_readf_t)(struct file *, char __user *, size_t, loff_t *); +typedef ssize_t (*vfs_writef_t)(struct file *, const char __user *, size_t, @@ -38396,10 +38616,10 @@ index 5bd384dbdca5..ae20eb35c7f6 100644 +vfs_readf_t vfs_readf(struct file *file); +vfs_writef_t vfs_writef(struct file *file); + - extern ssize_t __vfs_read(struct file *, char __user *, size_t, loff_t *); extern ssize_t vfs_read(struct file *, char __user *, size_t, loff_t *); extern ssize_t vfs_write(struct file *, const char __user *, size_t, loff_t *); -@@ -2333,6 +2341,7 @@ extern int current_umask(void); + extern ssize_t vfs_copy_file_range(struct file *, loff_t , struct file *, +@@ -2328,6 +2336,7 @@ extern int current_umask(void); extern void ihold(struct inode * inode); extern void iput(struct inode *); extern int generic_update_time(struct inode *, struct timespec64 *, int); @@ -38407,19 +38627,19 @@ index 5bd384dbdca5..ae20eb35c7f6 100644 /* /sys/fs */ extern struct kobject *fs_kobj; -@@ -2621,6 +2630,7 @@ static inline bool sb_is_blkdev_sb(struct super_block *sb) - return false; +@@ -2564,6 +2573,7 @@ static inline bool sb_is_blkdev_sb(struct super_block *sb) } - #endif + + void emergency_thaw_all(void); +extern int __sync_filesystem(struct super_block *, int); extern int sync_filesystem(struct super_block *); extern const struct file_operations def_blk_fops; extern const struct file_operations def_chr_fops; diff --git a/include/linux/lockdep.h b/include/linux/lockdep.h -index b8a835fd611b..f452521f2e05 100644 +index f5594879175a..93bb86198167 100644 --- a/include/linux/lockdep.h +++ b/include/linux/lockdep.h -@@ -331,6 +331,8 @@ static inline int lockdep_match_key(struct lockdep_map *lock, +@@ -241,6 +241,8 @@ static inline int lockdep_match_key(struct lockdep_map *lock, return lock->key == key; } @@ -38428,7 +38648,7 @@ index b8a835fd611b..f452521f2e05 100644 /* * Acquire a lock. * -@@ -473,6 +475,7 @@ struct lockdep_map { }; +@@ -375,6 +377,7 @@ static inline void lockdep_unregister_key(struct lock_class_key *key) #define lockdep_depth(tsk) (0) @@ -38437,10 +38657,10 @@ index b8a835fd611b..f452521f2e05 100644 #define lockdep_assert_held(l) do { (void)(l); } while (0) diff --git a/include/linux/mm.h b/include/linux/mm.h -index 3285dae06c03..e2e9873d1e1f 100644 +index db6ae4d3fb4e..1a632192d9d9 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h -@@ -1522,6 +1522,28 @@ static inline void unmap_shared_mapping_range(struct address_space *mapping, +@@ -1712,6 +1712,28 @@ static inline void unmap_shared_mapping_range(struct address_space *mapping, unmap_mapping_range(mapping, holebegin, holelen, 0); } @@ -38470,10 +38690,10 @@ index 3285dae06c03..e2e9873d1e1f 100644 void *buf, int len, unsigned int gup_flags); extern int access_remote_vm(struct mm_struct *mm, unsigned long addr, diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h -index 270aa8fd2800..33848c2165e2 100644 +index 5a9238f6caad..ad387c3cb14f 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h -@@ -267,6 +267,7 @@ struct vm_region { +@@ -280,6 +280,7 @@ struct vm_region { unsigned long vm_top; /* region allocated to here */ unsigned long vm_pgoff; /* the offset in vm_file corresponding to vm_start */ struct file *vm_file; /* the backing file or NULL */ @@ -38481,7 +38701,7 @@ index 270aa8fd2800..33848c2165e2 100644 int vm_usage; /* region usage count (access under nommu_region_sem) */ bool vm_icache_flushed : 1; /* true if the icache has been flushed for -@@ -341,6 +342,7 @@ struct vm_area_struct { +@@ -359,6 +360,7 @@ struct vm_area_struct { unsigned long vm_pgoff; /* Offset (within vm_file) in PAGE_SIZE units */ struct file * vm_file; /* File we map to (can be NULL). */ @@ -38490,18 +38710,19 @@ index 270aa8fd2800..33848c2165e2 100644 #ifdef CONFIG_SWAP diff --git a/include/linux/mnt_namespace.h b/include/linux/mnt_namespace.h -index 35942084cd40..24f5fd1a789d 100644 +index 8f882f5881e8..6b9808f09843 100644 --- a/include/linux/mnt_namespace.h +++ b/include/linux/mnt_namespace.h -@@ -6,11 +6,14 @@ - struct mnt_namespace; +@@ -7,12 +7,15 @@ struct mnt_namespace; struct fs_struct; struct user_namespace; + struct ns_common; +struct vfsmount; extern struct mnt_namespace *copy_mnt_ns(unsigned long, struct mnt_namespace *, struct user_namespace *, struct fs_struct *); extern void put_mnt_ns(struct mnt_namespace *ns); + extern struct ns_common *from_mnt_ns(struct mnt_namespace *); +extern int is_current_mnt_ns(struct vfsmount *mnt); + @@ -38509,10 +38730,10 @@ index 35942084cd40..24f5fd1a789d 100644 extern const struct file_operations proc_mountinfo_operations; extern const struct file_operations proc_mountstats_operations; diff --git a/include/linux/splice.h b/include/linux/splice.h -index 74b4911ac16d..19789fbea567 100644 +index a55179fd60fc..8e21c53cf883 100644 --- a/include/linux/splice.h +++ b/include/linux/splice.h -@@ -87,4 +87,10 @@ extern void splice_shrink_spd(struct splice_pipe_desc *); +@@ -93,4 +93,10 @@ extern void splice_shrink_spd(struct splice_pipe_desc *); extern const struct pipe_buf_operations page_cache_pipe_buf_ops; extern const struct pipe_buf_operations default_pipe_buf_ops; @@ -38525,7 +38746,7 @@ index 74b4911ac16d..19789fbea567 100644 #endif diff --git a/include/uapi/linux/aufs_type.h b/include/uapi/linux/aufs_type.h new file mode 100644 -index 000000000000..80d475cda6f4 +index 000000000000..34738b8cf349 --- /dev/null +++ b/include/uapi/linux/aufs_type.h @@ -0,0 +1,452 @@ @@ -38571,7 +38792,7 @@ index 000000000000..80d475cda6f4 +#include +#endif /* __KERNEL__ */ + -+#define AUFS_VERSION "5.4.3-20200518" ++#define AUFS_VERSION "5.7-20200622" + +/* todo? move this to linux-2.6.19/include/magic.h */ +#define AUFS_SUPER_MAGIC ('a' << 24 | 'u' << 16 | 'f' << 8 | 's') @@ -38982,23 +39203,23 @@ index 000000000000..80d475cda6f4 + +#endif /* __AUFS_TYPE_H__ */ diff --git a/kernel/fork.c b/kernel/fork.c -index 9180f4416dba..43fe7f1db781 100644 +index 6d266388d380..dd7f13c3bee7 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -562,7 +562,7 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, +@@ -554,7 +554,7 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, struct inode *inode = file_inode(file); struct address_space *mapping = file->f_mapping; - get_file(file); + vma_get_file(tmp); if (tmp->vm_flags & VM_DENYWRITE) - atomic_dec(&inode->i_writecount); + put_write_access(inode); i_mmap_lock_write(mapping); diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c -index 9ab1a965c3b9..3bdd026fd01d 100644 +index c1418b47f625..be002c3a3083 100644 --- a/kernel/locking/lockdep.c +++ b/kernel/locking/lockdep.c -@@ -153,7 +153,7 @@ static +@@ -188,7 +188,7 @@ static struct lock_class lock_classes[MAX_LOCKDEP_KEYS]; static DECLARE_BITMAP(lock_classes_in_use, MAX_LOCKDEP_KEYS); @@ -39007,7 +39228,7 @@ index 9ab1a965c3b9..3bdd026fd01d 100644 { unsigned int class_idx = hlock->class_idx; -@@ -174,6 +174,8 @@ static inline struct lock_class *hlock_class(struct held_lock *hlock) +@@ -209,6 +209,8 @@ static inline struct lock_class *hlock_class(struct held_lock *hlock) */ return lock_classes + class_idx; } @@ -39017,20 +39238,20 @@ index 9ab1a965c3b9..3bdd026fd01d 100644 #ifdef CONFIG_LOCK_STAT static DEFINE_PER_CPU(struct lock_class_stats[MAX_LOCKDEP_KEYS], cpu_lock_stats); diff --git a/kernel/task_work.c b/kernel/task_work.c -index 0fef395662a6..83fb1ecfc33d 100644 +index 8d6e1217c451..0e73637adda8 100644 --- a/kernel/task_work.c +++ b/kernel/task_work.c -@@ -116,3 +116,4 @@ void task_work_run(void) +@@ -154,3 +154,4 @@ void task_work_run(void) } while (work); } } +EXPORT_SYMBOL_GPL(task_work_run); diff --git a/mm/Makefile b/mm/Makefile -index d996846697ef..fbadb91df4e4 100644 +index d73aed0fc99c..93076a66ad6a 100644 --- a/mm/Makefile +++ b/mm/Makefile -@@ -42,7 +42,7 @@ obj-y := filemap.o mempool.o oom_kill.o fadvise.o \ - mm_init.o mmu_context.o percpu.o slab_common.o \ +@@ -52,7 +52,7 @@ obj-y := filemap.o mempool.o oom_kill.o fadvise.o \ + mm_init.o percpu.o slab_common.o \ compaction.o vmacache.o \ interval_tree.o list_lru.o workingset.o \ - debug.o gup.o $(mmu-y) @@ -39039,10 +39260,10 @@ index d996846697ef..fbadb91df4e4 100644 # Give 'page_alloc' its own module-parameter namespace page-alloc-y := page_alloc.o diff --git a/mm/filemap.c b/mm/filemap.c -index 1f5731768222..a3def534d7c1 100644 +index 0b2067b3c328..3334207431c7 100644 --- a/mm/filemap.c +++ b/mm/filemap.c -@@ -2675,7 +2675,7 @@ vm_fault_t filemap_page_mkwrite(struct vm_fault *vmf) +@@ -2909,7 +2909,7 @@ vm_fault_t filemap_page_mkwrite(struct vm_fault *vmf) vm_fault_t ret = VM_FAULT_LOCKED; sb_start_pagefault(inode->i_sb); @@ -39052,10 +39273,10 @@ index 1f5731768222..a3def534d7c1 100644 if (page->mapping != inode->i_mapping) { unlock_page(page); diff --git a/mm/mmap.c b/mm/mmap.c -index 514cc19c5916..68aed9b1a7f5 100644 +index 5c8b4485860d..59f2f758d77e 100644 --- a/mm/mmap.c +++ b/mm/mmap.c -@@ -176,7 +176,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) +@@ -179,7 +179,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) if (vma->vm_ops && vma->vm_ops->close) vma->vm_ops->close(vma); if (vma->vm_file) @@ -39064,7 +39285,7 @@ index 514cc19c5916..68aed9b1a7f5 100644 mpol_put(vma_policy(vma)); vm_area_free(vma); return next; -@@ -932,7 +932,7 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start, +@@ -951,7 +951,7 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start, if (remove_next) { if (file) { uprobe_munmap(next, next->vm_start, next->vm_end); @@ -39073,7 +39294,7 @@ index 514cc19c5916..68aed9b1a7f5 100644 } if (next->anon_vma) anon_vma_merge(vma, next); -@@ -1855,8 +1855,8 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1897,8 +1897,8 @@ unsigned long mmap_region(struct file *file, unsigned long addr, return addr; unmap_and_free_vma: @@ -39083,7 +39304,7 @@ index 514cc19c5916..68aed9b1a7f5 100644 /* Undo any partial mapping done by a device driver. */ unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); -@@ -2685,7 +2685,7 @@ int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2757,7 +2757,7 @@ int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, goto out_free_mpol; if (new->vm_file) @@ -39092,7 +39313,7 @@ index 514cc19c5916..68aed9b1a7f5 100644 if (new->vm_ops && new->vm_ops->open) new->vm_ops->open(new); -@@ -2704,7 +2704,7 @@ int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2776,7 +2776,7 @@ int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, if (new->vm_ops && new->vm_ops->close) new->vm_ops->close(new); if (new->vm_file) @@ -39101,7 +39322,7 @@ index 514cc19c5916..68aed9b1a7f5 100644 unlink_anon_vmas(new); out_free_mpol: mpol_put(vma_policy(new)); -@@ -2896,7 +2896,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, +@@ -2969,7 +2969,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, struct vm_area_struct *vma; unsigned long populate = 0; unsigned long ret = -EINVAL; @@ -39110,7 +39331,7 @@ index 514cc19c5916..68aed9b1a7f5 100644 pr_warn_once("%s (%d) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.\n", current->comm, current->pid); -@@ -2971,10 +2971,27 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, +@@ -3044,10 +3044,27 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, } } @@ -39118,7 +39339,7 @@ index 514cc19c5916..68aed9b1a7f5 100644 + vma_get_file(vma); + file = vma->vm_file; + prfile = vma->vm_prfile; - ret = do_mmap_pgoff(vma->vm_file, start, size, + ret = do_mmap(vma->vm_file, start, size, prot, flags, pgoff, &populate, NULL); + if (!IS_ERR_VALUE(ret) && file && prfile) { + struct vm_area_struct *new_vma; @@ -39137,9 +39358,9 @@ index 514cc19c5916..68aed9b1a7f5 100644 + if (prfile) + fput(prfile); out: - up_write(&mm->mmap_sem); + mmap_write_unlock(mm); if (populate) -@@ -3264,7 +3281,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -3334,7 +3351,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, if (anon_vma_clone(new_vma, vma)) goto out_free_mempol; if (new_vma->vm_file) @@ -39149,10 +39370,10 @@ index 514cc19c5916..68aed9b1a7f5 100644 new_vma->vm_ops->open(new_vma); vma_link(mm, new_vma, prev, rb_link, rb_parent); diff --git a/mm/nommu.c b/mm/nommu.c -index 3b67bd20c2af..55ce55c1b21d 100644 +index 0faf39b32cdb..78ecad7204c8 100644 --- a/mm/nommu.c +++ b/mm/nommu.c -@@ -556,7 +556,7 @@ static void __put_nommu_region(struct vm_region *region) +@@ -533,7 +533,7 @@ static void __put_nommu_region(struct vm_region *region) up_write(&nommu_region_sem); if (region->vm_file) @@ -39161,7 +39382,7 @@ index 3b67bd20c2af..55ce55c1b21d 100644 /* IO memory and memory shared directly out of the pagecache * from ramfs/tmpfs mustn't be released here */ -@@ -694,7 +694,7 @@ static void delete_vma(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -665,7 +665,7 @@ static void delete_vma(struct mm_struct *mm, struct vm_area_struct *vma) if (vma->vm_ops && vma->vm_ops->close) vma->vm_ops->close(vma); if (vma->vm_file) @@ -39170,7 +39391,7 @@ index 3b67bd20c2af..55ce55c1b21d 100644 put_nommu_region(vma->vm_region); vm_area_free(vma); } -@@ -1217,7 +1217,7 @@ unsigned long do_mmap(struct file *file, +@@ -1188,7 +1188,7 @@ unsigned long do_mmap(struct file *file, goto error_just_free; } } @@ -39179,7 +39400,7 @@ index 3b67bd20c2af..55ce55c1b21d 100644 kmem_cache_free(vm_region_jar, region); region = pregion; result = start; -@@ -1294,10 +1294,10 @@ unsigned long do_mmap(struct file *file, +@@ -1265,10 +1265,10 @@ unsigned long do_mmap(struct file *file, up_write(&nommu_region_sem); error: if (region->vm_file) @@ -39284,20 +39505,11 @@ index 000000000000..00d51187c325 + fput(pr); +} +#endif /* !CONFIG_MMU */ -diff --git a/security/device_cgroup.c b/security/device_cgroup.c -index 725674f3276d..83f6494c52a2 100644 ---- a/security/device_cgroup.c -+++ b/security/device_cgroup.c -@@ -824,3 +824,4 @@ int __devcgroup_check_permission(short type, u32 major, u32 minor, - - return 0; - } -+EXPORT_SYMBOL_GPL(__devcgroup_check_permission); diff --git a/security/security.c b/security/security.c -index 1bc000f834e2..306f2c9f7ee2 100644 +index a28045dc9e7f..310cf38efeec 100644 --- a/security/security.c +++ b/security/security.c -@@ -1036,6 +1036,7 @@ int security_path_rmdir(const struct path *dir, struct dentry *dentry) +@@ -1093,6 +1093,7 @@ int security_path_rmdir(const struct path *dir, struct dentry *dentry) return 0; return call_int_hook(path_rmdir, 0, dir, dentry); } @@ -39305,7 +39517,7 @@ index 1bc000f834e2..306f2c9f7ee2 100644 int security_path_unlink(const struct path *dir, struct dentry *dentry) { -@@ -1052,6 +1053,7 @@ int security_path_symlink(const struct path *dir, struct dentry *dentry, +@@ -1109,6 +1110,7 @@ int security_path_symlink(const struct path *dir, struct dentry *dentry, return 0; return call_int_hook(path_symlink, 0, dir, dentry, old_name); } @@ -39313,7 +39525,7 @@ index 1bc000f834e2..306f2c9f7ee2 100644 int security_path_link(struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry) -@@ -1060,6 +1062,7 @@ int security_path_link(struct dentry *old_dentry, const struct path *new_dir, +@@ -1117,6 +1119,7 @@ int security_path_link(struct dentry *old_dentry, const struct path *new_dir, return 0; return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry); } @@ -39321,7 +39533,7 @@ index 1bc000f834e2..306f2c9f7ee2 100644 int security_path_rename(const struct path *old_dir, struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry, -@@ -1087,6 +1090,7 @@ int security_path_truncate(const struct path *path) +@@ -1144,6 +1147,7 @@ int security_path_truncate(const struct path *path) return 0; return call_int_hook(path_truncate, 0, path); } @@ -39329,7 +39541,7 @@ index 1bc000f834e2..306f2c9f7ee2 100644 int security_path_chmod(const struct path *path, umode_t mode) { -@@ -1094,6 +1098,7 @@ int security_path_chmod(const struct path *path, umode_t mode) +@@ -1151,6 +1155,7 @@ int security_path_chmod(const struct path *path, umode_t mode) return 0; return call_int_hook(path_chmod, 0, path, mode); } @@ -39337,7 +39549,7 @@ index 1bc000f834e2..306f2c9f7ee2 100644 int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) { -@@ -1101,6 +1106,7 @@ int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) +@@ -1158,6 +1163,7 @@ int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) return 0; return call_int_hook(path_chown, 0, path, uid, gid); } @@ -39345,7 +39557,7 @@ index 1bc000f834e2..306f2c9f7ee2 100644 int security_path_chroot(const struct path *path) { -@@ -1201,6 +1207,7 @@ int security_inode_permission(struct inode *inode, int mask) +@@ -1258,6 +1264,7 @@ int security_inode_permission(struct inode *inode, int mask) return 0; return call_int_hook(inode_permission, 0, inode, mask); } @@ -39353,7 +39565,7 @@ index 1bc000f834e2..306f2c9f7ee2 100644 int security_inode_setattr(struct dentry *dentry, struct iattr *attr) { -@@ -1378,6 +1385,7 @@ int security_file_permission(struct file *file, int mask) +@@ -1450,6 +1457,7 @@ int security_file_permission(struct file *file, int mask) return fsnotify_perm(file, mask); } @@ -39361,3 +39573,6 @@ index 1bc000f834e2..306f2c9f7ee2 100644 int security_file_alloc(struct file *file) { +-- +2.25.1 + diff --git a/audit-make-it-less-verbose.patch b/0001-audit-make-it-less-verbose.patch similarity index 74% rename from audit-make-it-less-verbose.patch rename to 0001-audit-make-it-less-verbose.patch index bd020c3..581d3de 100644 --- a/audit-make-it-less-verbose.patch +++ b/0001-audit-make-it-less-verbose.patch @@ -1,7 +1,7 @@ -From bd9b98a36fb8afa9d3a3900817b340543215da6d Mon Sep 17 00:00:00 2001 +From edce12c92c0d1e02a6f41344290ee7adee745ef4 Mon Sep 17 00:00:00 2001 From: Evgenii Shatokhin Date: Wed, 11 Dec 2019 21:10:42 +0300 -Subject: [PATCH 1/4] audit: make it less verbose +Subject: [PATCH] audit: make it less verbose It seems, if audit itself is not installed and therefore nothing listens to the messages from the kernel's audit subsystem, the latter spams the @@ -11,15 +11,16 @@ Let us make them debug-level and thus invisible by default. http://bugs.rosalinux.ru/show_bug.cgi?id=6235 http://bugs.rosalinux.ru/show_bug.cgi?id=6459 +Signed-off-by: Mikhail Novosyolov --- kernel/audit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/audit.c b/kernel/audit.c -index da8dc0db5bd3..b1d0cebb78dd 100644 +index 68cee3bc8cfe..805633090ea5 100644 --- a/kernel/audit.c +++ b/kernel/audit.c -@@ -529,7 +529,7 @@ static void kauditd_printk_skb(struct sk_buff *skb) +@@ -535,7 +535,7 @@ static void kauditd_printk_skb(struct sk_buff *skb) char *data = nlmsg_data(nlh); if (nlh->nlmsg_type != AUDIT_EOE && printk_ratelimit()) @@ -29,5 +30,5 @@ index da8dc0db5bd3..b1d0cebb78dd 100644 /** -- -2.20.1 +2.25.1 diff --git a/disable-mrproper-prepare-scripts-configs-in-devel-rpms.patch b/0001-disable-mrproper-prepare-scripts-configs-in-devel-rp.patch similarity index 59% rename from disable-mrproper-prepare-scripts-configs-in-devel-rpms.patch rename to 0001-disable-mrproper-prepare-scripts-configs-in-devel-rp.patch index 67ddc4a..2ffcdfc 100644 --- a/disable-mrproper-prepare-scripts-configs-in-devel-rpms.patch +++ b/0001-disable-mrproper-prepare-scripts-configs-in-devel-rp.patch @@ -1,19 +1,22 @@ -From 48ce0cd16a2ea82bf0146ca82d883d677e1ab574 Mon Sep 17 00:00:00 2001 +From 1a821310ed4c0519e7fe534ea0a4ba46e604ee4f Mon Sep 17 00:00:00 2001 From: Evgenii Shatokhin Date: Wed, 11 Dec 2019 21:15:36 +0300 -Subject: [PATCH 3/4] disable mrproper prepare scripts configs in devel rpms +Subject: [PATCH] disable mrproper prepare scripts configs in devel rpms + +This is for disabling *config, mrproper, prepare, scripts on -devel rpms +Needed, because otherwise the -devel won't build correctly. Signed-off-by: Mikhail Novosyolov --- - Makefile | 23 ++++++----------------- + Makefile | 22 +++++----------------- scripts/kconfig/Makefile | 17 ----------------- - 2 files changed, 6 insertions(+), 34 deletions(-) + 2 files changed, 5 insertions(+), 34 deletions(-) diff --git a/Makefile b/Makefile -index e67f2e95b71d..a30833efd9a2 100644 +index 076d4e6b9ccc..75bf27049d60 100644 --- a/Makefile +++ b/Makefile -@@ -1093,8 +1093,7 @@ include/config/kernel.release: FORCE +@@ -1186,8 +1186,7 @@ include/config/kernel.release: FORCE # Carefully list dependencies so we do not try to build scripts twice # in parallel PHONY += scripts @@ -23,36 +26,35 @@ index e67f2e95b71d..a30833efd9a2 100644 # Things we need to do before we recursively start building the kernel # or the modules are listed in "prepare". -@@ -1112,7 +1111,7 @@ prepare0: archprepare +@@ -1206,7 +1205,7 @@ prepare0: archprepare $(Q)$(MAKE) $(build)=. # All the preparing.. --prepare: prepare0 prepare-objtool +-prepare: prepare0 prepare-objtool prepare-resolve_btfids +prepare: # Support for using generic headers in asm-generic asm-generic := -f $(srctree)/scripts/Makefile.asm-generic obj -@@ -1363,15 +1362,8 @@ CLEAN_DIRS += include/ksym - CLEAN_FILES += modules.builtin.modinfo +@@ -1472,15 +1471,7 @@ CLEAN_FILES += include/ksym vmlinux.symvers \ + compile_commands.json # Directories & files removed with 'make mrproper' --MRPROPER_DIRS += include/config include/generated \ +-MRPROPER_FILES += include/config include/generated \ - arch/$(SRCARCH)/include/generated .tmp_objdiff \ -- debian/ snap/ tar-install/ --MRPROPER_FILES += .config .config.old .version \ +- debian snap tar-install \ +- .config .config.old .version \ - Module.symvers \ - signing_key.pem signing_key.priv signing_key.x509 \ - x509.genkey extra_certificates signing_key.x509.keyid \ - signing_key.x509.signer vmlinux-gdb.py \ - *.spec -+MRPROPER_DIRS += "" +MRPROPER_FILES += "" # Directories & files removed with 'make distclean' - DISTCLEAN_DIRS += -@@ -1394,13 +1386,10 @@ clean: archclean vmlinuxclean + DISTCLEAN_FILES += tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS +@@ -1500,13 +1491,10 @@ clean: archclean vmlinuxclean + # mrproper - Delete all generated files, including .config # - mrproper: rm-dirs := $(wildcard $(MRPROPER_DIRS)) mrproper: rm-files := $(wildcard $(MRPROPER_FILES)) -mrproper-dirs := $(addprefix _mrproper_,scripts) @@ -63,55 +65,55 @@ index e67f2e95b71d..a30833efd9a2 100644 -mrproper: clean $(mrproper-dirs) +mrproper: clean - $(call cmd,rmdirs) $(call cmd,rmfiles) + # distclean diff --git a/scripts/kconfig/Makefile b/scripts/kconfig/Makefile -index ef2f2336c469..0a8eb06085ba 100644 +index e46df0a2d4f9..edceb8d1d213 100644 --- a/scripts/kconfig/Makefile +++ b/scripts/kconfig/Makefile -@@ -24,19 +24,14 @@ endif +@@ -20,19 +20,14 @@ endif unexport CONFIG_ xconfig: $(obj)/qconf -- $< $(silent) $(Kconfig) +- $(Q)$< $(silent) $(Kconfig) gconfig: $(obj)/gconf -- $< $(silent) $(Kconfig) +- $(Q)$< $(silent) $(Kconfig) menuconfig: $(obj)/mconf -- $< $(silent) $(Kconfig) +- $(Q)$< $(silent) $(Kconfig) config: $(obj)/conf -- $< $(silent) --oldaskconfig $(Kconfig) +- $(Q)$< $(silent) --oldaskconfig $(Kconfig) nconfig: $(obj)/nconf -- $< $(silent) $(Kconfig) +- $(Q)$< $(silent) $(Kconfig) build_menuconfig: $(obj)/mconf -@@ -52,11 +47,9 @@ localyesconfig localmodconfig: $(obj)/conf - cmp -s .tmp.config .config || \ - (mv -f .config .config.old.1; \ - mv -f .tmp.config .config; \ -- $< $(silent) --oldconfig $(Kconfig); \ - mv -f .config.old.1 .config.old) \ - else \ - mv -f .tmp.config .config; \ -- $< $(silent) --oldconfig $(Kconfig); \ +@@ -48,11 +43,9 @@ localyesconfig localmodconfig: $(obj)/conf + cmp -s .tmp.config .config || \ + (mv -f .config .config.old.1; \ + mv -f .tmp.config .config; \ +- $< $(silent) --oldconfig $(Kconfig); \ + mv -f .config.old.1 .config.old) \ + else \ + mv -f .tmp.config .config; \ +- $< $(silent) --oldconfig $(Kconfig); \ fi $(Q)rm -f .tmp.config -@@ -70,24 +63,14 @@ simple-targets := oldconfig allnoconfig allyesconfig allmodconfig \ +@@ -68,24 +61,14 @@ simple-targets := oldconfig allnoconfig allyesconfig allmodconfig \ PHONY += $(simple-targets) $(simple-targets): $(obj)/conf -- $< $(silent) --$@ $(Kconfig) +- $(Q)$< $(silent) --$@ $(Kconfig) PHONY += savedefconfig defconfig savedefconfig: $(obj)/conf -- $< $(silent) --$@=defconfig $(Kconfig) +- $(Q)$< $(silent) --$@=defconfig $(Kconfig) defconfig: $(obj)/conf -ifneq ($(wildcard $(srctree)/arch/$(SRCARCH)/configs/$(KBUILD_DEFCONFIG)),) @@ -128,5 +130,5 @@ index ef2f2336c469..0a8eb06085ba 100644 configfiles=$(wildcard $(srctree)/kernel/configs/$@ $(srctree)/arch/$(SRCARCH)/configs/$@) -- -2.20.1 +2.25.1 diff --git a/0001-mm-add-sysctl-to-disable-disk-based-swap.patch b/0001-mm-add-sysctl-to-disable-disk-based-swap.patch deleted file mode 100644 index 91f11b5..0000000 --- a/0001-mm-add-sysctl-to-disable-disk-based-swap.patch +++ /dev/null @@ -1,170 +0,0 @@ -From 739b745efb929453f41472e111760be6f8be6a3a Mon Sep 17 00:00:00 2001 -From: Mikhail Novosyolov -Date: Sat, 1 Aug 2020 12:43:53 +0300 -Subject: [PATCH] mm: add sysctl to disable disk-based swap - -Sometimes it is needed to disallow using disk-based swaps, for example, -when it is required to ensure that any secret information is not left on disk. - -When something is written to disk, it can be restored in most cases -unless being overwritten. When memory data is stored on disk, we cannot be -sure that it will be overwritten and so cannot be sure that secret information -is deleted securely. - -CONFIG_INIT_ON_FREE_DEFAULT_ON=y makes the kernel overwrite everything that is -deleted from memory, but it does not ensure that regions of the disk with swap -are overwritten. Currently there is no way to ensure wiping swap on disk. - -In such conditions it makes sense to disallow usage of disk-based swap. -This patch adds sysctl vm.disk_based_swap, by default is is 1, which means that -disk-based swap (both swap files and swap partitions) can be used. -If = 0, than only zram swap is allowed, zram is not a disk-based swap -(but note that zram can offload parts of it to disk, CONFIG_ZRAM_WRITEBACK, -it is not controlled by this sysctl). - -This patch is based on patches from Chromium OS Linux kernel [1, 2, 3, 4] -Patch [5] is taken as an example of adding a sysctl. - -TODO: print a message why swap was blocked. - -[1] https://gitlab.freedesktop.org/seanpaul/dpu-staging/commit/0b992f2dbb044896c3584e10bd5b97cf41e2ec6d -[2] https://chromium.googlesource.com/chromiumos/third_party/kernel/+/880b2d77404682761ae2e19297f1183fd434b0ec%5E%21/ -[3] https://chromium.googlesource.com/chromiumos/third_party/kernel/+blame/refs/heads/chromeos-5.4/mm/swapfile.c -[4] https://chromium.googlesource.com/chromiumos/third_party/kernel/+blame/refs/heads/chromeos-5.4/kernel/sysctl.c -[5] https://patchwork.kernel.org/patch/10858771/ - -Author of [2] in Chromium OS kernel: -Co-authored-by: Will Drewry - -Signed-off-by: Mikhail Novosyolov ---- - Documentation/admin-guide/sysctl/vm.rst | 8 ++++++++ - include/linux/mm.h | 2 ++ - init/Kconfig | 11 +++++++++++ - kernel/sysctl.c | 9 +++++++++ - mm/swapfile.c | 16 ++++++++++++++++ - 5 files changed, 46 insertions(+) - -diff --git a/Documentation/admin-guide/sysctl/vm.rst b/Documentation/admin-guide/sysctl/vm.rst -index 64aeee1009ca..9d60154695f6 100644 ---- a/Documentation/admin-guide/sysctl/vm.rst -+++ b/Documentation/admin-guide/sysctl/vm.rst -@@ -35,6 +35,7 @@ Currently, these files are in /proc/sys/vm: - - dirty_ratio - - dirtytime_expire_seconds - - dirty_writeback_centisecs -+- disk_based_swap - - drop_caches - - extfrag_threshold - - hugetlb_shm_group -@@ -209,6 +210,13 @@ out to disk. This tunable expresses the interval between those wakeups, in - - Setting this to zero disables periodic writeback altogether. - -+disk_based_swap -+=============== -+ -+Disables (0) or enables (1) usage of disk-based swap, both swap files and -+swap partitions. When disabled, only zram swap can be used, and disk-based -+swap is prohibited then. -+ - - drop_caches - =========== -diff --git a/include/linux/mm.h b/include/linux/mm.h -index 3285dae06c03..f8b9522da07d 100644 ---- a/include/linux/mm.h -+++ b/include/linux/mm.h -@@ -2901,5 +2901,7 @@ static inline int pages_identical(struct page *page1, struct page *page2) - return !memcmp_pages(page1, page2); - } - -+extern int sysctl_disk_based_swap; -+ - #endif /* __KERNEL__ */ - #endif /* _LINUX_MM_H */ -diff --git a/init/Kconfig b/init/Kconfig -index 87e4f2ac7c5e..4187799a9d13 100644 ---- a/init/Kconfig -+++ b/init/Kconfig -@@ -280,6 +280,17 @@ config SWAP - used to provide more virtual memory than the actual RAM present - in your computer. If unsure say Y. - -+config DISK_BASED_SWAP_DEFAULT_ON -+ bool "Allow disk-based swap" -+ depends on SWAP -+ default y -+ help -+ If true, disk-based swap (either a file or a partition) is allowed, -+ otherwise only zram swap is allowed. -+ sysctl vm.disk_based_swap = [ 1 | 0 ] -+ Note that zram writeback feature is not controlled by this sysctl. -+ If unsure say Y. -+ - config SYSVIPC - bool "System V IPC" - ---help--- -diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index 70665934d53e..5f2e4613e655 100644 ---- a/kernel/sysctl.c -+++ b/kernel/sysctl.c -@@ -1405,6 +1405,15 @@ static struct ctl_table vm_table[] = { - .proc_handler = dirtytime_interval_handler, - .extra1 = SYSCTL_ZERO, - }, -+ { -+ .procname = "disk_based_swap", -+ .data = &sysctl_disk_based_swap, -+ .maxlen = sizeof(sysctl_disk_based_swap), -+ .mode = 0644, -+ .proc_handler = proc_dointvec_minmax, -+ .extra1 = SYSCTL_ZERO, -+ .extra2 = SYSCTL_ONE, -+ }, - { - .procname = "swappiness", - .data = &vm_swappiness, -diff --git a/mm/swapfile.c b/mm/swapfile.c -index 891a3ef48651..ef79f4d03809 100644 ---- a/mm/swapfile.c -+++ b/mm/swapfile.c -@@ -2871,12 +2871,26 @@ static struct swap_info_struct *alloc_swap_info(void) - return p; - } - -+#ifdef CONFIG_DISK_BASED_SWAP_DEFAULT_ON -+int sysctl_disk_based_swap __read_mostly = 1; -+#else -+int sysctl_disk_based_swap __read_mostly = 0; -+#endif -+ - static int claim_swapfile(struct swap_info_struct *p, struct inode *inode) - { - int error; - - if (S_ISBLK(inode->i_mode)) { -+ char name[BDEVNAME_SIZE]; - p->bdev = bdgrab(I_BDEV(inode)); -+ bdevname(p->bdev, name); -+ // If sysctl vm.disk_based_swap = false, prohibit any swaps but zram -+ if (!sysctl_disk_based_swap && strncmp(name, "zram", strlen("zram"))) { -+ bdput(p->bdev); -+ p->bdev = NULL; -+ return -EINVAL; -+ } - error = blkdev_get(p->bdev, - FMODE_READ | FMODE_WRITE | FMODE_EXCL, p); - if (error < 0) { -@@ -2889,6 +2903,8 @@ static int claim_swapfile(struct swap_info_struct *p, struct inode *inode) - return error; - p->flags |= SWP_BLKDEV; - } else if (S_ISREG(inode->i_mode)) { -+ if (!sysctl_disk_based_swap) -+ return -EINVAL; - p->bdev = inode->i_sb->s_bdev; - } - --- -2.17.1 - diff --git a/perf-xmlto-skip-validation.patch b/0001-perf-skip-xmlto-validation.patch similarity index 53% rename from perf-xmlto-skip-validation.patch rename to 0001-perf-skip-xmlto-validation.patch index 63273a3..09c812e 100644 --- a/perf-xmlto-skip-validation.patch +++ b/0001-perf-skip-xmlto-validation.patch @@ -1,18 +1,23 @@ -From fca5cb9534cbe7da52c234021aa802542fccceff Mon Sep 17 00:00:00 2001 +From 8d376cb0241182ae4859db3aa7f790996054ae75 Mon Sep 17 00:00:00 2001 From: Evgenii Shatokhin Date: Wed, 11 Dec 2019 21:12:06 +0300 -Subject: [PATCH 2/4] perf: skip xmlto validation +Subject: [PATCH] perf: skip xmlto validation +Perf docs are built after all the kernels. To validate the xml files +generated during that process, xmlto tries to get DTD files from the Net. +If it fails, the whole build fails, which is unfortunate. Let us avoid this. + +Signed-off-by: Mikhail Novosyolov --- tools/perf/Documentation/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/perf/Documentation/Makefile b/tools/perf/Documentation/Makefile -index adc5a7e44b98..317dac191d8c 100644 +index 6e54979c2124..ccbc7a68769d 100644 --- a/tools/perf/Documentation/Makefile +++ b/tools/perf/Documentation/Makefile @@ -51,7 +51,7 @@ ASCIIDOC=asciidoc - ASCIIDOC_EXTRA = --unsafe -f asciidoc.conf + ASCIIDOC_EXTRA += --unsafe -f asciidoc.conf ASCIIDOC_HTML = xhtml11 MANPAGE_XSL = manpage-normal.xsl -XMLTO_EXTRA = @@ -21,5 +26,5 @@ index adc5a7e44b98..317dac191d8c 100644 RM ?= rm -f DOC_REF = origin/man -- -2.20.1 +2.25.1 diff --git a/0002-Documentation-for-AltHa-LSM.patch b/0002-Documentation-for-AltHa-LSM.patch index 44cc39e..1975004 100644 --- a/0002-Documentation-for-AltHa-LSM.patch +++ b/0002-Documentation-for-AltHa-LSM.patch @@ -1,8 +1,9 @@ -From b7faaef27bb8ede32f5cf2958fa6d84976806f14 Mon Sep 17 00:00:00 2001 +From fe0e9e1b7fc6bc4a8ca0e0473bf88297ca7020a7 Mon Sep 17 00:00:00 2001 From: "Anton V. Boyarshinov" Date: Thu, 17 May 2018 08:30:25 +0000 Subject: [PATCH 2/2] Documentation for AltHa LSM +Signed-off-by: Mikhail Novosyolov --- Documentation/admin-guide/LSM/AltHa.rst | 43 +++++++++++++++++++++++++ Documentation/admin-guide/LSM/index.rst | 1 + @@ -68,5 +69,5 @@ index a6ba95fbaa9f..20b57e7adadd 100644 SafeSetID + AltHa -- -2.20.1 +2.25.1 diff --git a/0003-security-altha-altha_lsm.c-build-fixed-with-kernel-5.patch b/0003-security-altha-altha_lsm.c-build-fixed-with-kernel-5.patch new file mode 100644 index 0000000..b87bd68 --- /dev/null +++ b/0003-security-altha-altha_lsm.c-build-fixed-with-kernel-5.patch @@ -0,0 +1,68 @@ +From d89442861500242809d99c9e178b0ed1dd741b28 Mon Sep 17 00:00:00 2001 +From: Kernel Bot +Date: Mon, 24 Aug 2020 17:16:53 +0300 +Subject: [PATCH 3/4] security/altha/altha_lsm.c: build fixed with kernel 5.8 + +--- + security/altha/altha_lsm.c | 19 ++++++++++++++----- + 1 file changed, 14 insertions(+), 5 deletions(-) + +diff --git a/security/altha/altha_lsm.c b/security/altha/altha_lsm.c +index 7d1cc8f8a1a7..41f0fc7ac8e5 100644 +--- a/security/altha/altha_lsm.c ++++ b/security/altha/altha_lsm.c +@@ -216,6 +216,15 @@ struct altha_readdir_callback { + int found; + }; + ++int compare_paths(const struct path *path1, const struct path *path2) ++{ ++ char a1[PATH_MAX]; ++ char a2[PATH_MAX]; ++ char* p1, *p2; ++ p1=d_path(path1,a1,PATH_MAX); ++ p2=d_path(path2,a2,PATH_MAX); ++ return strcmp(p1,p2); ++} + + int is_olock_dir(struct inode *inode) + { +@@ -233,14 +242,14 @@ int is_olock_dir(struct inode *inode) + } + + /* Hooks */ +-static int altha_bprm_set_creds(struct linux_binprm *bprm) ++static int altha_bprm_creds_from_file(struct linux_binprm *bprm, struct file * fi) + { + struct altha_list_struct *node; + /* when it's not a shebang issued script interpreter */ +- if (rstrscript_enabled && !bprm->called_set_creds) { ++ if (rstrscript_enabled && bprm->filename == bprm->interp) { + down_read(&interpreters_sem); + list_for_each_entry(node, &interpreters_list, list) { +- if (path_equal(&bprm->file->f_path, &node->path)) { ++ if (compare_paths(&bprm->file->f_path, &node->path) == 0) { + uid_t cur_uid = from_kuid(bprm->cred->user_ns, + bprm->cred->uid); + pr_notice_ratelimited +@@ -257,7 +266,7 @@ static int altha_bprm_set_creds(struct linux_binprm *bprm) + uid_t cur_uid = from_kuid(bprm->cred->user_ns, bprm->cred->uid); + down_read(&nosuid_exceptions_sem); + list_for_each_entry(node, &nosuid_exceptions_list, list) { +- if (path_equal(&bprm->file->f_path, &node->path)) { ++ if (compare_paths(&bprm->file->f_path, &node->path) == 0) { + pr_notice_ratelimited + ("AltHa/NoSUID: %s permitted to setuid from %d\n", + bprm->filename, cur_uid); +@@ -291,7 +300,7 @@ static int altha_inode_unlink(struct inode *inode, struct dentry *dentry) + /* Initialization */ + + static struct security_hook_list altha_hooks[] = { +- LSM_HOOK_INIT(bprm_set_creds, altha_bprm_set_creds), ++ LSM_HOOK_INIT(bprm_creds_from_file, altha_bprm_creds_from_file), + LSM_HOOK_INIT(inode_unlink, altha_inode_unlink), + }; + +-- +2.25.1 + diff --git a/0004-altha-use-path-strings-instead-of-path-structs.patch b/0004-altha-use-path-strings-instead-of-path-structs.patch new file mode 100644 index 0000000..671d478 --- /dev/null +++ b/0004-altha-use-path-strings-instead-of-path-structs.patch @@ -0,0 +1,101 @@ +From 5765b709411696cd58db43e6e006a36e5a207ee0 Mon Sep 17 00:00:00 2001 +From: Kernel Bot +Date: Wed, 2 Sep 2020 15:19:59 +0300 +Subject: [PATCH 4/4] altha: use path strings instead of path structs + +Path strings continueto work even when target file was replaced. +--- + security/altha/altha_lsm.c | 30 ++++++++++++++++-------------- + 1 file changed, 16 insertions(+), 14 deletions(-) + +diff --git a/security/altha/altha_lsm.c b/security/altha/altha_lsm.c +index 41f0fc7ac8e5..ccde83ebb26c 100644 +--- a/security/altha/altha_lsm.c ++++ b/security/altha/altha_lsm.c +@@ -52,6 +52,8 @@ __setup("altha=", altha_enabled_setup); + + struct altha_list_struct { + struct path path; ++ char * spath; ++ char * spath_p; + struct list_head list; + }; + +@@ -91,6 +93,7 @@ static int altha_list_handler(struct ctl_table *table, int write, + list_for_each_entry_safe(item, tmp, list_struct, list) { + list_del(&item->list); + path_put(&item->path); ++ kfree(item->spath_p); + kfree(item); + } + +@@ -106,7 +109,9 @@ static int altha_list_handler(struct ctl_table *table, int write, + while ((p = strsep(&fluid, ":\n")) != NULL) { + if (strlen(p)) { + item = kmalloc(sizeof(*item), GFP_KERNEL); +- if (!item) { ++ if (item) ++ item->spath_p = kmalloc(PATH_MAX, GFP_KERNEL); ++ if (!item || !item->spath_p) { + pr_err + ("AltHa: can't get memory processing sysctl\n"); + kfree(copy_buffer); +@@ -118,6 +123,7 @@ static int altha_list_handler(struct ctl_table *table, int write, + ("AltHa: error lookup '%s'\n", p); + kfree(item); + } else { ++ item->spath=d_path(&item->path,item->spath_p,PATH_MAX); + list_add_tail(&item->list, list_struct); + } + } +@@ -216,16 +222,6 @@ struct altha_readdir_callback { + int found; + }; + +-int compare_paths(const struct path *path1, const struct path *path2) +-{ +- char a1[PATH_MAX]; +- char a2[PATH_MAX]; +- char* p1, *p2; +- p1=d_path(path1,a1,PATH_MAX); +- p2=d_path(path2,a2,PATH_MAX); +- return strcmp(p1,p2); +-} +- + int is_olock_dir(struct inode *inode) + { + struct altha_list_struct *node; +@@ -246,10 +242,13 @@ static int altha_bprm_creds_from_file(struct linux_binprm *bprm, struct file * f + { + struct altha_list_struct *node; + /* when it's not a shebang issued script interpreter */ +- if (rstrscript_enabled && bprm->filename == bprm->interp) { ++ if (rstrscript_enabled && bprm->executable == bprm->interpreter) { ++ char path_buffer[PATH_MAX]; ++ char *path_p; ++ path_p = d_path(&bprm->file->f_path,path_buffer,PATH_MAX); + down_read(&interpreters_sem); + list_for_each_entry(node, &interpreters_list, list) { +- if (compare_paths(&bprm->file->f_path, &node->path) == 0) { ++ if (strcmp(path_p, node->spath) == 0) { + uid_t cur_uid = from_kuid(bprm->cred->user_ns, + bprm->cred->uid); + pr_notice_ratelimited +@@ -263,10 +262,13 @@ static int altha_bprm_creds_from_file(struct linux_binprm *bprm, struct file * f + } + if (unlikely(nosuid_enabled && + !uid_eq(bprm->cred->uid, bprm->cred->euid))) { ++ char path_buffer[PATH_MAX]; ++ char *path_p; + uid_t cur_uid = from_kuid(bprm->cred->user_ns, bprm->cred->uid); ++ path_p = d_path(&bprm->file->f_path,path_buffer,PATH_MAX); + down_read(&nosuid_exceptions_sem); + list_for_each_entry(node, &nosuid_exceptions_list, list) { +- if (compare_paths(&bprm->file->f_path, &node->path) == 0) { ++ if (strcmp(path_p, node->spath) == 0) { + pr_notice_ratelimited + ("AltHa/NoSUID: %s permitted to setuid from %d\n", + bprm->filename, cur_uid); +-- +2.25.1 + diff --git a/aufs-k510.diff b/aufs-k510.diff new file mode 100644 index 0000000..49b417d --- /dev/null +++ b/aufs-k510.diff @@ -0,0 +1,658 @@ +diff --git a/fs/aufs/branch.h b/fs/aufs/branch.h +index 594c8bd674b2..82c24958edd8 100644 +--- a/fs/aufs/branch.h ++++ b/fs/aufs/branch.h +@@ -241,10 +241,8 @@ int au_xino_read(struct super_block *sb, aufs_bindex_t bindex, ino_t h_ino, + ino_t *ino); + int au_xino_write(struct super_block *sb, aufs_bindex_t bindex, ino_t h_ino, + ino_t ino); +-ssize_t xino_fread(vfs_readf_t func, struct file *file, void *buf, size_t size, +- loff_t *pos); +-ssize_t xino_fwrite(vfs_writef_t func, struct file *file, void *buf, +- size_t size, loff_t *pos); ++ssize_t xino_fread(struct file *file, void *buf, size_t size, loff_t *pos); ++ssize_t xino_fwrite(struct file *file, void *buf, size_t size, loff_t *pos); + + int au_xib_trunc(struct super_block *sb); + int au_xino_trunc(struct super_block *sb, aufs_bindex_t bindex, int idx_begin); +diff --git a/fs/aufs/cpup.c b/fs/aufs/cpup.c +index 492442339b6c..50141f5a45f9 100644 +--- a/fs/aufs/cpup.c ++++ b/fs/aufs/cpup.c +@@ -569,32 +569,19 @@ static int au_do_cpup_regular(struct au_cp_generic *cpg, + static int au_do_cpup_symlink(struct path *h_path, struct dentry *h_src, + struct inode *h_dir) + { +- int err, symlen; +- mm_segment_t old_fs; +- union { +- char *k; +- char __user *u; +- } sym; ++ int err; ++ DEFINE_DELAYED_CALL(done); ++ const char *sym; + +- err = -ENOMEM; +- sym.k = (void *)__get_free_page(GFP_NOFS); +- if (unlikely(!sym.k)) ++ sym = vfs_get_link(h_src, &done); ++ err = PTR_ERR(sym); ++ if (IS_ERR(sym)) + goto out; + +- /* unnecessary to support mmap_sem since symlink is not mmap-able */ +- old_fs = get_fs(); +- set_fs(KERNEL_DS); +- symlen = vfs_readlink(h_src, sym.u, PATH_MAX); +- err = symlen; +- set_fs(old_fs); +- +- if (symlen > 0) { +- sym.k[symlen] = 0; +- err = vfsub_symlink(h_dir, h_path, sym.k); +- } +- free_page((unsigned long)sym.k); ++ err = vfsub_symlink(h_dir, h_path, sym); + + out: ++ do_delayed_call(&done); + return err; + } + +diff --git a/fs/aufs/dynop.c b/fs/aufs/dynop.c +index 837f94d49f74..4732edb340d7 100644 +--- a/fs/aufs/dynop.c ++++ b/fs/aufs/dynop.c +@@ -180,6 +180,7 @@ static void dy_aop(struct au_dykey *key, const void *h_op, + DySetAop(writepages); + DySetAop(set_page_dirty); + DySetAop(readpages); ++ DySetAop(readahead); + DySetAop(write_begin); + DySetAop(write_end); + DySetAop(bmap); +diff --git a/fs/aufs/export.c b/fs/aufs/export.c +index 842df6f05517..f883d2bf5325 100644 +--- a/fs/aufs/export.c ++++ b/fs/aufs/export.c +@@ -121,8 +121,7 @@ void au_xigen_inc(struct inode *inode) + pos = inode->i_ino; + pos *= sizeof(igen); + igen = inode->i_generation + 1; +- sz = xino_fwrite(sbinfo->si_xwrite, sbinfo->si_xigen, &igen, +- sizeof(igen), &pos); ++ sz = xino_fwrite(sbinfo->si_xigen, &igen, sizeof(igen), &pos); + if (sz == sizeof(igen)) + return; /* success */ + +@@ -164,10 +163,10 @@ int au_xigen_new(struct inode *inode) + if (vfsub_f_size_read(file) + < pos + sizeof(inode->i_generation)) { + inode->i_generation = atomic_inc_return(&sbinfo->si_xigen_next); +- sz = xino_fwrite(sbinfo->si_xwrite, file, &inode->i_generation, ++ sz = xino_fwrite(file, &inode->i_generation, + sizeof(inode->i_generation), &pos); + } else +- sz = xino_fread(sbinfo->si_xread, file, &inode->i_generation, ++ sz = xino_fread(file, &inode->i_generation, + sizeof(inode->i_generation), &pos); + if (sz == sizeof(inode->i_generation)) + goto out; /* success */ +diff --git a/fs/aufs/f_op.c b/fs/aufs/f_op.c +index 9894e2124bd5..37eb4f6bcc23 100644 +--- a/fs/aufs/f_op.c ++++ b/fs/aufs/f_op.c +@@ -242,34 +242,6 @@ static void au_write_post(struct inode *inode, struct file *h_file, + fput(h_file); + } + +-static ssize_t aufs_read(struct file *file, char __user *buf, size_t count, +- loff_t *ppos) +-{ +- ssize_t err; +- struct inode *inode; +- struct file *h_file; +- struct super_block *sb; +- +- inode = file_inode(file); +- sb = inode->i_sb; +- si_read_lock(sb, AuLock_FLUSH | AuLock_NOPLMW); +- +- h_file = au_read_pre(file, /*keep_fi*/0, /*lsc*/0); +- err = PTR_ERR(h_file); +- if (IS_ERR(h_file)) +- goto out; +- +- /* filedata may be obsoleted by concurrent copyup, but no problem */ +- err = vfsub_read_u(h_file, buf, count, ppos); +- /* todo: necessary? */ +- /* file->f_ra = h_file->f_ra; */ +- au_read_post(inode, h_file); +- +-out: +- si_read_unlock(sb); +- return err; +-} +- + /* + * todo: very ugly + * it locks both of i_mutex and si_rwsem for read in safe. +@@ -292,33 +264,6 @@ static void au_mtx_and_read_lock(struct inode *inode) + } + } + +-static ssize_t aufs_write(struct file *file, const char __user *ubuf, +- size_t count, loff_t *ppos) +-{ +- ssize_t err; +- struct au_write_pre wpre; +- struct inode *inode; +- struct file *h_file; +- char __user *buf = (char __user *)ubuf; +- +- inode = file_inode(file); +- au_mtx_and_read_lock(inode); +- +- wpre.lsc = 0; +- h_file = au_write_pre(file, /*do_ready*/1, &wpre); +- err = PTR_ERR(h_file); +- if (IS_ERR(h_file)) +- goto out; +- +- err = vfsub_write_u(h_file, buf, count, ppos); +- au_write_post(inode, h_file, &wpre, err); +- +-out: +- si_read_unlock(inode->i_sb); +- inode_unlock(inode); +- return err; +-} +- + static ssize_t au_do_iter(struct file *h_file, int rw, struct kiocb *kio, + struct iov_iter *iov_iter) + { +@@ -788,8 +733,6 @@ const struct file_operations aufs_file_fop = { + + .llseek = default_llseek, + +- .read = aufs_read, +- .write = aufs_write, + .read_iter = aufs_read_iter, + .write_iter = aufs_write_iter, + +diff --git a/fs/aufs/file.c b/fs/aufs/file.c +index b0075b57d8bc..53d0f16c3bab 100644 +--- a/fs/aufs/file.c ++++ b/fs/aufs/file.c +@@ -790,6 +790,10 @@ static ssize_t aufs_direct_IO(struct kiocb *iocb, struct iov_iter *iter) + + /* they will never be called. */ + #ifdef CONFIG_AUFS_DEBUG ++/* ++void aufs_readahead(struct readahead_control *) ++{ AuUnsupport(); } ++*/ + static int aufs_write_begin(struct file *file, struct address_space *mapping, + loff_t pos, unsigned len, unsigned flags, + struct page **pagep, void **fsdata) +diff --git a/fs/aufs/hfsnotify.c b/fs/aufs/hfsnotify.c +index cb4eeb1e6069..d0abe8ac783f 100644 +--- a/fs/aufs/hfsnotify.c ++++ b/fs/aufs/hfsnotify.c +@@ -160,8 +160,8 @@ static void au_hfsn_free_group(struct fsnotify_group *group) + } + + static int au_hfsn_handle_event(struct fsnotify_group *group, +- struct inode *inode, + u32 mask, const void *data, int data_type, ++ struct inode *dir, + const struct qstr *file_name, u32 cookie, + struct fsnotify_iter_info *iter_info) + { +@@ -178,7 +178,7 @@ static int au_hfsn_handle_event(struct fsnotify_group *group, + if (mask & (FS_IN_IGNORED | FS_UNMOUNT)) + goto out; + +- h_dir = inode; ++ h_dir = dir; + h_inode = NULL; + #ifdef AuDbgHnotify + au_debug_on(); +diff --git a/fs/aufs/super.h b/fs/aufs/super.h +index c0cb0051242c..4638331366b7 100644 +--- a/fs/aufs/super.h ++++ b/fs/aufs/super.h +@@ -131,8 +131,6 @@ struct au_sbinfo { + unsigned int si_mntflags; + + /* external inode number (bitmap and translation table) */ +- vfs_readf_t si_xread; +- vfs_writef_t si_xwrite; + loff_t si_ximaxent; /* max entries in a xino */ + + struct file *si_xib; +diff --git a/fs/aufs/vfsub.c b/fs/aufs/vfsub.c +index a5e10c5c004f..de875cd4eedc 100644 +--- a/fs/aufs/vfsub.c ++++ b/fs/aufs/vfsub.c +@@ -513,22 +513,17 @@ ssize_t vfsub_read_u(struct file *file, char __user *ubuf, size_t count, + return err; + } + +-/* todo: kernel_read()? */ + ssize_t vfsub_read_k(struct file *file, void *kbuf, size_t count, + loff_t *ppos) + { + ssize_t err; +- mm_segment_t oldfs; +- union { +- void *k; +- char __user *u; +- } buf; +- +- buf.k = kbuf; +- oldfs = get_fs(); +- set_fs(KERNEL_DS); +- err = vfsub_read_u(file, buf.u, count, ppos); +- set_fs(oldfs); ++ ++ lockdep_off(); ++ err = kernel_read(file, kbuf, count, ppos); ++ lockdep_on(); ++ AuTraceErr(err); ++ if (err >= 0) ++ vfsub_update_h_iattr(&file->f_path, /*did*/NULL); /*ignore*/ + return err; + } + +@@ -548,17 +543,12 @@ ssize_t vfsub_write_u(struct file *file, const char __user *ubuf, size_t count, + ssize_t vfsub_write_k(struct file *file, void *kbuf, size_t count, loff_t *ppos) + { + ssize_t err; +- mm_segment_t oldfs; +- union { +- void *k; +- const char __user *u; +- } buf; +- +- buf.k = kbuf; +- oldfs = get_fs(); +- set_fs(KERNEL_DS); +- err = vfsub_write_u(file, buf.u, count, ppos); +- set_fs(oldfs); ++ ++ lockdep_off(); ++ err = kernel_write(file, kbuf, count, ppos); ++ lockdep_on(); ++ if (err >= 0) ++ vfsub_update_h_iattr(&file->f_path, /*did*/NULL); /*ignore*/ + return err; + } + +diff --git a/fs/aufs/xino.c b/fs/aufs/xino.c +index b3152c0ce0b5..ae7bd07b022d 100644 +--- a/fs/aufs/xino.c ++++ b/fs/aufs/xino.c +@@ -660,8 +660,8 @@ struct au_xi_writing { + ino_t h_ino, ino; + }; + +-static int au_xino_do_write(vfs_writef_t write, struct file *file, +- struct au_xi_calc *calc, ino_t ino); ++static int au_xino_do_write(struct file *file, struct au_xi_calc *calc, ++ ino_t ino); + + static void au_xino_call_do_new_async(void *args) + { +@@ -690,7 +690,7 @@ static void au_xino_call_do_new_async(void *args) + + file = au_xino_file(br->br_xino, a->calc.idx); + AuDebugOn(!file); +- err = au_xino_do_write(sbi->si_xwrite, file, &a->calc, a->ino); ++ err = au_xino_do_write(file, &a->calc, a->ino); + if (unlikely(err)) { + AuIOErr("err %d\n", err); + goto out; +@@ -791,7 +791,7 @@ int au_xino_read(struct super_block *sb, aufs_bindex_t bindex, ino_t h_ino, + return 0; /* no xino */ + + sbinfo = au_sbi(sb); +- sz = xino_fread(sbinfo->si_xread, file, ino, sizeof(*ino), &calc.pos); ++ sz = xino_fread(file, ino, sizeof(*ino), &calc.pos); + if (sz == sizeof(*ino)) + return 0; /* success */ + +@@ -803,12 +803,12 @@ int au_xino_read(struct super_block *sb, aufs_bindex_t bindex, ino_t h_ino, + return err; + } + +-static int au_xino_do_write(vfs_writef_t write, struct file *file, +- struct au_xi_calc *calc, ino_t ino) ++static int au_xino_do_write(struct file *file, struct au_xi_calc *calc, ++ ino_t ino) + { + ssize_t sz; + +- sz = xino_fwrite(write, file, &ino, sizeof(ino), &calc->pos); ++ sz = xino_fwrite(file, &ino, sizeof(ino), &calc->pos); + if (sz == sizeof(ino)) + return 0; /* success */ + +@@ -858,7 +858,7 @@ int au_xino_write(struct super_block *sb, aufs_bindex_t bindex, ino_t h_ino, + goto out; + } + +- err = au_xino_do_write(au_sbi(sb)->si_xwrite, file, &calc, ino); ++ err = au_xino_do_write(file, &calc, ino); + if (!err) { + br = au_sbr(sb, bindex); + if (au_opt_test(mnt_flags, TRUNC_XINO) +@@ -872,40 +872,27 @@ int au_xino_write(struct super_block *sb, aufs_bindex_t bindex, ino_t h_ino, + return -EIO; + } + +-static ssize_t xino_fread_wkq(vfs_readf_t func, struct file *file, void *buf, +- size_t size, loff_t *pos); ++static ssize_t xino_fread_wkq(struct file *file, void *buf, size_t size, ++ loff_t *pos); + + /* todo: unnecessary to support mmap_sem since kernel-space? */ +-ssize_t xino_fread(vfs_readf_t func, struct file *file, void *kbuf, size_t size, +- loff_t *pos) ++ssize_t xino_fread(struct file *file, void *kbuf, size_t size, loff_t *pos) + { + ssize_t err; +- mm_segment_t oldfs; +- union { +- void *k; +- char __user *u; +- } buf; + int i; + const int prevent_endless = 10; + + i = 0; +- buf.k = kbuf; +- oldfs = get_fs(); +- set_fs(KERNEL_DS); + do { +- err = func(file, buf.u, size, pos); ++ err = vfsub_read_k(file, kbuf, size, pos); + if (err == -EINTR + && !au_wkq_test() + && fatal_signal_pending(current)) { +- set_fs(oldfs); +- err = xino_fread_wkq(func, file, kbuf, size, pos); ++ err = xino_fread_wkq(file, kbuf, size, pos); + BUG_ON(err == -EINTR); +- oldfs = get_fs(); +- set_fs(KERNEL_DS); + } + } while (i++ < prevent_endless + && (err == -EAGAIN || err == -EINTR)); +- set_fs(oldfs); + + #if 0 /* reserved for future use */ + if (err > 0) +@@ -917,7 +904,6 @@ ssize_t xino_fread(vfs_readf_t func, struct file *file, void *kbuf, size_t size, + + struct xino_fread_args { + ssize_t *errp; +- vfs_readf_t func; + struct file *file; + void *buf; + size_t size; +@@ -927,17 +913,16 @@ struct xino_fread_args { + static void call_xino_fread(void *args) + { + struct xino_fread_args *a = args; +- *a->errp = xino_fread(a->func, a->file, a->buf, a->size, a->pos); ++ *a->errp = xino_fread(a->file, a->buf, a->size, a->pos); + } + +-static ssize_t xino_fread_wkq(vfs_readf_t func, struct file *file, void *buf, +- size_t size, loff_t *pos) ++static ssize_t xino_fread_wkq(struct file *file, void *buf, size_t size, ++ loff_t *pos) + { + ssize_t err; + int wkq_err; + struct xino_fread_args args = { + .errp = &err, +- .func = func, + .file = file, + .buf = buf, + .size = size, +@@ -951,39 +936,27 @@ static ssize_t xino_fread_wkq(vfs_readf_t func, struct file *file, void *buf, + return err; + } + +-static ssize_t xino_fwrite_wkq(vfs_writef_t func, struct file *file, void *buf, +- size_t size, loff_t *pos); ++static ssize_t xino_fwrite_wkq(struct file *file, void *buf, size_t size, ++ loff_t *pos); + +-static ssize_t do_xino_fwrite(vfs_writef_t func, struct file *file, void *kbuf, +- size_t size, loff_t *pos) ++static ssize_t do_xino_fwrite(struct file *file, void *kbuf, size_t size, ++ loff_t *pos) + { + ssize_t err; +- mm_segment_t oldfs; +- union { +- void *k; +- const char __user *u; +- } buf; + int i; + const int prevent_endless = 10; + + i = 0; +- buf.k = kbuf; +- oldfs = get_fs(); +- set_fs(KERNEL_DS); + do { +- err = func(file, buf.u, size, pos); ++ err = vfsub_write_k(file, kbuf, size, pos); + if (err == -EINTR + && !au_wkq_test() + && fatal_signal_pending(current)) { +- set_fs(oldfs); +- err = xino_fwrite_wkq(func, file, kbuf, size, pos); ++ err = xino_fwrite_wkq(file, kbuf, size, pos); + BUG_ON(err == -EINTR); +- oldfs = get_fs(); +- set_fs(KERNEL_DS); + } + } while (i++ < prevent_endless + && (err == -EAGAIN || err == -EINTR)); +- set_fs(oldfs); + + #if 0 /* reserved for future use */ + if (err > 0) +@@ -995,7 +968,6 @@ static ssize_t do_xino_fwrite(vfs_writef_t func, struct file *file, void *kbuf, + + struct do_xino_fwrite_args { + ssize_t *errp; +- vfs_writef_t func; + struct file *file; + void *buf; + size_t size; +@@ -1005,17 +977,16 @@ struct do_xino_fwrite_args { + static void call_do_xino_fwrite(void *args) + { + struct do_xino_fwrite_args *a = args; +- *a->errp = do_xino_fwrite(a->func, a->file, a->buf, a->size, a->pos); ++ *a->errp = do_xino_fwrite(a->file, a->buf, a->size, a->pos); + } + +-static ssize_t xino_fwrite_wkq(vfs_writef_t func, struct file *file, void *buf, +- size_t size, loff_t *pos) ++static ssize_t xino_fwrite_wkq(struct file *file, void *buf, size_t size, ++ loff_t *pos) + { + ssize_t err; + int wkq_err; + struct do_xino_fwrite_args args = { + .errp = &err, +- .func = func, + .file = file, + .buf = buf, + .size = size, +@@ -1033,18 +1004,17 @@ static ssize_t xino_fwrite_wkq(vfs_writef_t func, struct file *file, void *buf, + return err; + } + +-ssize_t xino_fwrite(vfs_writef_t func, struct file *file, void *buf, +- size_t size, loff_t *pos) ++ssize_t xino_fwrite(struct file *file, void *buf, size_t size, loff_t *pos) + { + ssize_t err; + + if (rlimit(RLIMIT_FSIZE) == RLIM_INFINITY) { + lockdep_off(); +- err = do_xino_fwrite(func, file, buf, size, pos); ++ err = do_xino_fwrite(file, buf, size, pos); + lockdep_on(); + } else { + lockdep_off(); +- err = xino_fwrite_wkq(func, file, buf, size, pos); ++ err = xino_fwrite_wkq(file, buf, size, pos); + lockdep_on(); + } + +@@ -1095,17 +1065,17 @@ static int xib_pindex(struct super_block *sb, unsigned long pindex) + p = sbinfo->si_xib_buf; + pos = sbinfo->si_xib_last_pindex; + pos *= PAGE_SIZE; +- sz = xino_fwrite(sbinfo->si_xwrite, xib, p, PAGE_SIZE, &pos); ++ sz = xino_fwrite(xib, p, PAGE_SIZE, &pos); + if (unlikely(sz != PAGE_SIZE)) + goto out; + + pos = pindex; + pos *= PAGE_SIZE; + if (vfsub_f_size_read(xib) >= pos + PAGE_SIZE) +- sz = xino_fread(sbinfo->si_xread, xib, p, PAGE_SIZE, &pos); ++ sz = xino_fread(xib, p, PAGE_SIZE, &pos); + else { + memset(p, 0, PAGE_SIZE); +- sz = xino_fwrite(sbinfo->si_xwrite, xib, p, PAGE_SIZE, &pos); ++ sz = xino_fwrite(xib, p, PAGE_SIZE, &pos); + } + if (sz == PAGE_SIZE) { + sbinfo->si_xib_last_pindex = pindex; +@@ -1156,7 +1126,6 @@ static int do_xib_restore(struct super_block *sb, struct file *file, void *page) + unsigned long pindex; + loff_t pos, pend; + struct au_sbinfo *sbinfo; +- vfs_readf_t func; + ino_t *ino; + unsigned long *p; + +@@ -1164,11 +1133,10 @@ static int do_xib_restore(struct super_block *sb, struct file *file, void *page) + sbinfo = au_sbi(sb); + MtxMustLock(&sbinfo->si_xib_mtx); + p = sbinfo->si_xib_buf; +- func = sbinfo->si_xread; + pend = vfsub_f_size_read(file); + pos = 0; + while (pos < pend) { +- sz = xino_fread(func, file, page, PAGE_SIZE, &pos); ++ sz = xino_fread(file, page, PAGE_SIZE, &pos); + err = sz; + if (unlikely(sz <= 0)) + goto out; +@@ -1257,7 +1225,7 @@ int au_xib_trunc(struct super_block *sb) + p = sbinfo->si_xib_buf; + memset(p, 0, PAGE_SIZE); + pos = 0; +- sz = xino_fwrite(sbinfo->si_xwrite, sbinfo->si_xib, p, PAGE_SIZE, &pos); ++ sz = xino_fwrite(sbinfo->si_xib, p, PAGE_SIZE, &pos); + if (unlikely(sz != PAGE_SIZE)) { + err = sz; + AuIOErr("err %d\n", err); +@@ -1396,7 +1364,6 @@ static void xino_clear_xib(struct super_block *sb) + SiMustWriteLock(sb); + + sbinfo = au_sbi(sb); +- /* unnecessary to clear sbinfo->si_xread and ->si_xwrite */ + if (sbinfo->si_xib) + fput(sbinfo->si_xib); + sbinfo->si_xib = NULL; +@@ -1423,8 +1390,6 @@ static int au_xino_set_xib(struct super_block *sb, struct path *path) + if (sbinfo->si_xib) + fput(sbinfo->si_xib); + sbinfo->si_xib = file; +- sbinfo->si_xread = vfs_readf(file); +- sbinfo->si_xwrite = vfs_writef(file); + xi_sb = file_inode(file)->i_sb; + sbinfo->si_ximaxent = xi_sb->s_maxbytes; + if (unlikely(sbinfo->si_ximaxent < PAGE_SIZE)) { +@@ -1445,8 +1410,7 @@ static int au_xino_set_xib(struct super_block *sb, struct path *path) + sbinfo->si_xib_next_bit = 0; + if (vfsub_f_size_read(file) < PAGE_SIZE) { + pos = 0; +- err = xino_fwrite(sbinfo->si_xwrite, file, sbinfo->si_xib_buf, +- PAGE_SIZE, &pos); ++ err = xino_fwrite(file, sbinfo->si_xib_buf, PAGE_SIZE, &pos); + if (unlikely(err != PAGE_SIZE)) + goto out_free; + } +@@ -1497,7 +1461,6 @@ static void au_xino_set_br_shared(struct super_block *sb, struct au_branch *br, + } + + struct au_xino_do_set_br { +- vfs_writef_t writef; + struct au_branch *br; + ino_t h_ino; + aufs_bindex_t bshared; +@@ -1539,7 +1502,7 @@ static int au_xino_do_set_br(struct super_block *sb, struct path *path, + goto out; + AuDebugOn(!file); + +- err = au_xino_do_write(args->writef, file, &calc, AUFS_ROOT_INO); ++ err = au_xino_do_write(file, &calc, AUFS_ROOT_INO); + if (unlikely(err)) + au_xino_put(br); + +@@ -1559,7 +1522,6 @@ static int au_xino_set_br(struct super_block *sb, struct path *path) + + bbot = au_sbbot(sb); + inode = d_inode(sb->s_root); +- args.writef = au_sbi(sb)->si_xwrite; + for (bindex = 0; bindex <= bbot; bindex++) { + args.h_ino = au_h_iptr(inode, bindex)->i_ino; + args.br = au_sbr(sb, bindex); +@@ -1714,7 +1676,6 @@ int au_xino_init_br(struct super_block *sb, struct au_branch *br, ino_t h_ino, + .br = br + }; + +- args.writef = au_sbi(sb)->si_xwrite; + args.bshared = sbr_find_shared(sb, /*btop*/0, au_sbbot(sb), + au_br_sb(br)); + err = au_xino_do_set_br(sb, base, &args); +@@ -1798,7 +1759,6 @@ void au_xino_delete_inode(struct inode *inode, const int unlinked) + struct au_hinode *hi; + struct inode *h_inode; + struct au_branch *br; +- vfs_writef_t xwrite; + struct au_xi_calc calc; + struct file *file; + +@@ -1820,7 +1780,6 @@ void au_xino_delete_inode(struct inode *inode, const int unlinked) + if (bindex < 0) + return; + +- xwrite = au_sbi(sb)->si_xwrite; + try_trunc = !!au_opt_test(mnt_flags, TRUNC_XINO); + hi = au_hinode(iinfo, bindex); + bbot = iinfo->ii_bbot; +@@ -1841,7 +1800,7 @@ void au_xino_delete_inode(struct inode *inode, const int unlinked) + if (IS_ERR_OR_NULL(file)) + continue; + +- err = au_xino_do_write(xwrite, file, &calc, /*ino*/0); ++ err = au_xino_do_write(file, &calc, /*ino*/0); + if (!err && try_trunc + && au_test_fs_trunc_xino(au_br_sb(br))) + xino_try_trunc(sb, br); diff --git a/fs-aufs-2.patch b/fs-aufs-2.patch deleted file mode 100644 index 606f5c8..0000000 --- a/fs-aufs-2.patch +++ /dev/null @@ -1,133 +0,0 @@ -From 4d4c05a8901e313264433db69cc3374cef5164f6 Mon Sep 17 00:00:00 2001 -From: Mauricio Faria de Oliveira -Date: Mon, 29 Jun 2020 15:31:22 -0300 -Subject: aufs: do not call i_readcount_inc() - -The 'struct inode.i_readcount' field is maintained at the VFS, and -should not be modified by filesystems. But aufs does in one place, -which causes it to be unbalanced. - -This started with Linux v2.6.39 commit 890275b5eb79 ("IMA: maintain -i_readcount in the VFS layer"), which moved the i_readcount updates -from IMA into the VFS (at the same places IMA was called previously) -and introduced 'mutex_lock(i_mutex)' in the ima_file_check() path. - -The former change is functionally equivalent, thus no changes are -needed in response to it. - -The latter change, on the other hand, is _not_; and is reported to -cause a deadlock in aufs (see below), thus it dropped the call to -ima_file_check(). - -However, when dropping the ima_file_check() call, aufs introduced -the i_readcount_inc() call as well, which according to the commit -changes is not necessary. - -This can be observed in aufs2-standalone.git commit 1dbd1c864e455 -("aufs2.1 standalone version for linux-2.6."), announced to the -aufs-users mailing list on 2011-04-04 [1]. - - diff --git a/ChangeLog b/ChangeLog - ... - +commit 17eac367b03334e57a93e8051eb712add24d2534 - +Author: J. R. Okajima - +Date: Fri Apr 1 16:31:22 2011 +0900 - + - + aufs: for 2.6.39, limit the support for IMA - + - + Since it acquires i_mutex and causes a deadlock, replace a - + ima_file_check() call by i_readcount_inc(). - + - + Signed-off-by: J. R. Okajima - ... - diff --git a/fs/aufs/vfsub.c b/fs/aufs/vfsub.c - ... - struct file *vfsub_dentry_open(struct path *path, int flags) - ... - + if (!IS_ERR_OR_NULL(file) - + && (file->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) - + i_readcount_inc(path->dentry->d_inode); - - - err = ima_file_check(file, au_conv_oflags(flags)); - ... - -Apparently, this might have been a misunderstanding of one hunk in -the 2.6.39 commit, that deletes the lines to increment i_readcount, -and adds the lines to acquire i_mutex. - -It reuses code from the removed function ima_counts_get() to create -ima_rdwr_violation_check(), and another hunk calls the new function -from ima_file_check(). But note that the i_readcount increment was -_not_ called from ima_file_check() previously, via ima_counts_get(): - - -void ima_counts_get(struct file *file) - +static void ima_rdwr_violation_check(struct file *file) - { - ... - + mutex_lock(&inode->i_mutex); /* file metadata: permissions, xattr */ - ... - - atomic_inc(&inode->i_readcount); - - #@@ -318,6 +308,7 @@ int ima_file_check(struct file *file, int mask) - ... - + ima_rdwr_violation_check(file); - -So, in order to avoid the unbalance caused to i_readcount, drop the -i_readcount_inc() call. - -Note the issue is not the lack of a corresponding i_readcount_dec() -call; it's the mere usage of these functions outside of VFS layer, -where i_readcount is maintained. - -Links: - -[1] https://sourceforge.net/p/aufs/mailman/message/27304125/ - snippet: - - """ - aufs2 Monday GIT release - From: - 2011-04-04 04:59:18 - - o news - - begin supporting linux-2.6.39-rcN. - ... - - aufs2-2.6.git#aufs2.1 branch - ... - aufs: for 2.6.39, limit the support for IMA - ... - """ - -Signed-off-by: Mauricio Faria de Oliveira -(cherry picked from commit 515a586eeef31e0717d5dea21e2c11a965340b3c aufs4-linux.git) -CVE-2020-11935 -Signed-off-by: Mauricio Faria de Oliveira -Acked-by: Kamal Mostafa -Signed-off-by: Khalid Elmously ---- - fs/aufs/vfsub.c | 9 +-------- - 1 file changed, 1 insertion(+), 8 deletions(-) - -diff --git a/fs/aufs/vfsub.c b/fs/aufs/vfsub.c -index e954cd7..a5e10c5 100644 ---- a/fs/aufs/vfsub.c -+++ b/fs/aufs/vfsub.c -@@ -76,15 +76,8 @@ int vfsub_update_h_iattr(struct path *h_path, int *did) - - struct file *vfsub_dentry_open(struct path *path, int flags) - { -- struct file *file; -- -- file = dentry_open(path, flags /* | __FMODE_NONOTIFY */, -+ return dentry_open(path, flags /* | __FMODE_NONOTIFY */, - current_cred()); -- if (!IS_ERR_OR_NULL(file) -- && (file->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) -- i_readcount_inc(d_inode(path->dentry)); -- -- return file; - } - - struct file *vfsub_filp_open(const char *path, int oflags, int mode) --- -cgit v1.1 - diff --git a/kernel.spec b/kernel.spec index f80b21b..ef7b6c9 100644 --- a/kernel.spec +++ b/kernel.spec @@ -19,12 +19,12 @@ %global _find_debuginfo_dwz_opts %{nil} %define kernelversion 5 -%define patchlevel 4 +%define patchlevel 10 # sublevel is used for stable-based kernels -%define sublevel 83 +%define sublevel 1 # Release number. Increase this before a rebuild. -%define rpmrel 2 +%define rpmrel 1 %define fullrpmrel %{rpmrel} %define rpmtag %{disttag} @@ -98,6 +98,16 @@ %bcond_with ccache %bcond_without flow_abi +# 1. VirtualBox is for x86_32 and x86_64 only +# 2. I do not know how to solve the problem that userspace part of VirtualBox +# will be updated ahead of these binary modules. So just off building them. +%bcond_with binary_virtualbox_host + +# shredder-kernel works only on x86_64, makes manipulations with syscalls tables, +# loading/unloading of the module failed sometimes on kernel 5.4 +# and it has not been adapted for kernel 5.10 (is not buildable) +%bcond_with binary_shredder + # Kernel flavour %if %{with nickel} %define flavour nickel @@ -146,12 +156,9 @@ %define build_debug 1 # Build kernel-headers package -# Make headers of this kernel not default for rosa2016.1 -%if %{mdvver} <= 201610 +# Headers from LTS kernel 5.4 are default in rosa2019.1/05 for now +# and headers from 4.15 are default in rosa2016.1 %define build_headers 0 -%else -%define build_headers 1 -%endif # build perf and cpupower tools %define build_perf 1 @@ -230,7 +237,7 @@ Source0: https://cdn.kernel.org/pub/linux/kernel/v%{kernelversion}.x/linux-%{ta # This is for disabling *config, mrproper, prepare, scripts on -devel rpms # Needed, because otherwise the -devel won't build correctly. -Source2: disable-mrproper-prepare-scripts-configs-in-devel-rpms.patch +Source2: 0001-disable-mrproper-prepare-scripts-configs-in-devel-rp.patch # TODO: make a separate package "ksobirator" and BR it # after testing these macros properly @@ -271,15 +278,17 @@ Patch1: https://cdn.kernel.org/pub/linux/kernel/v%{kernelversion}.x/patch-%{k # generated during that process, xmlto tries to get DTD files from the Net. # If it fails, the whole build fails, which is unfortunate. Let us avoid # this. -Patch101: perf-xmlto-skip-validation.patch +Patch101: 0001-perf-skip-xmlto-validation.patch # http://bugs.rosalinux.ru/show_bug.cgi?id=6235 # http://bugs.rosalinux.ru/show_bug.cgi?id=6459 -Patch102: audit-make-it-less-verbose.patch +Patch102: 0001-audit-make-it-less-verbose.patch # AUFS 5 from http://aufs.sourceforge.net/ -Patch109: fs-aufs.patch -Patch110: fs-aufs-2.patch +Patch109: 0001-Apply-AUFS-5.patch +# Unofficial AUFS for kernel 5.10 +# https://sourceforge.net/projects/lxpup/files/Other/huge-kernels/kernel-5.10-aufs-changes/ +Patch110: aufs-k510.diff # For kmod() generator of RPM Provides # Changes version of aacraid.ko @@ -291,13 +300,11 @@ Patch111: 0001-Remove-RPM-illegal-chars-from-module-version.patch # TODO: known problem: https://bugzilla.altlinux.org/show_bug.cgi?id=38225 Patch201: 0001-AltHa-LSM-module.patch Patch202: 0002-Documentation-for-AltHa-LSM.patch +Patch203: 0003-security-altha-altha_lsm.c-build-fixed-with-kernel-5.patch +Patch204: 0004-altha-use-path-strings-instead-of-path-structs.patch -# Other patches -Patch301: objtool-sync-check.sh-set-the-exit-code-explicitly.patch # sent to upstream, https://patchwork.kernel.org/patch/11446123/ Patch302: 0001-sign-file-full-functionality-with-modern-LibreSSL.patch -# Add sysctl to disable disk-based swap -Patch304: 0001-mm-add-sysctl-to-disable-disk-based-swap.patch # Support loading GOST-signed modules Patch305: 0001-crypto-support-loading-GOST-signed-kernel-modules.patch # Allow to off modules signature check dynamically @@ -361,14 +368,10 @@ BuildRequires: findutils util-linux %if %{with binary_extra_modules} BuildRequires: kernel-source-rtl8821ce BuildRequires: kernel-source-tripso -%ifarch %{ix86} %{x86_64} +%if %{with binary_virtualbox_host} BuildRequires: kernel-source-virtualbox -# TODO: drop it for kernels >= 5.6 -# because all guest modules have been upstreamized -# https://www.phoronix.com/scan.php?page=news_item&px=VirtualBox-Shared-Folder-5.6 -BuildRequires: kernel-source-virtualbox-vboxadditions %endif -%ifarch %{x86_64} +%if %{with binary_shredder} BuildRequires: kernel-source-shredder-kernel %endif # rosa-test-suite is maintained in certified branches only @@ -595,9 +598,11 @@ find /lib/modules/%{kver_full} -maxdepth 0 -empty -exec rm -rf {} \; || true %{devel_root}/include/generated %{devel_root}/include/keys %{devel_root}/include/kvm +%{devel_root}/include/kunit %{devel_root}/include/linux %{devel_root}/include/math-emu %{devel_root}/include/media +%{devel_root}/include/memory %{devel_root}/include/misc %{devel_root}/include/net %{devel_root}/include/pcmcia @@ -933,21 +938,22 @@ latest kernel-uml-modules-%{flavour} %{kernelversion}.%{patchlevel}.x %if %{with binary_extra_modules} -%ksob_mk_module_pkg -n 8821ce -s net/wireless +%ksob_mk_module_pkg -n 8821ce -s net/wireless -r rtl8821ce-blacklist %ksob_mk_module_pkg -n xt_TRIPSO -s net -r tripso -%ifarch %{x86_64} +%if %{with binary_shredder} %ksob_mk_module_pkg -n shredder-kernel -s extra -r rosa-shredder-user %endif +#------------------------------------------------ + # virtualbox host -%ifarch %{ix86} %{x86_64} +%if %{with binary_virtualbox_host} %ksob_mk_module_pkg -n vboxnetflt -s misc %ksob_mk_module_pkg -n vboxnetadp -s misc %ksob_mk_module_pkg -n vboxdrv -s misc %ksob_mk_module_pkg -n vboxpci -s misc -#------------------------------------------------ # a package which will pull all those modules %package -n kernel-modules-virtualbox-host-%{flavour}-%{kernelversion}.%{patchlevel}-latest Summary: Meta package to pull VirtualBox host kernel modules for kernel-%{flavour}-%{kernelversion}.%{patchlevel} @@ -964,31 +970,7 @@ Meta package to pull VirtualBox host kernel modules for kernel-%{flavour}-%{kern %files -n kernel-modules-virtualbox-host-%{flavour}-%{kernelversion}.%{patchlevel}-latest # empty -#------------------------------------------------ - -# virtualbox guest, to be dropped in kernels 5.6+ (upsreamized) -%ksob_mk_module_pkg -n vboxvideo -s misc -%ksob_mk_module_pkg -n vboxguest -s misc -%ksob_mk_module_pkg -n vboxsf -s misc - -#------------------------------------------------ -# a package which will pull all those modules -%package -n kernel-modules-virtualbox-guest-%{flavour}-%{kernelversion}.%{patchlevel}-latest -Summary: Meta package to pull VirtualBox guest kernel modules for kernel-%{flavour}-%{kernelversion}.%{patchlevel} -Group: System/Kernel and hardware -Version: %{kversion} -Release: %{fullrpmrel} -Requires: kernel-module-vboxvideo-%{flavour}-%{buildrel} -Requires: kernel-module-vboxguest-%{flavour}-%{buildrel} -Requires: kernel-module-vboxsf-%{flavour}-%{buildrel} - -%description -n kernel-modules-virtualbox-guest-%{flavour}-%{kernelversion}.%{patchlevel}-latest -Meta package to pull VirtualBox guest kernel modules for kernel-%{flavour}-%{kernelversion}.%{patchlevel} - -%files -n kernel-modules-virtualbox-guest-%{flavour}-%{kernelversion}.%{patchlevel}-latest -# end ifarch -%endif -# empty +%endif #ifarch x86 #------------------------------------------------ %if %{with nickel} @@ -1133,23 +1115,11 @@ for i in STREEBOG SHA1 SHA256 SHA512 ECRDSA RSA ; do done sed -i '/CONFIG_LSM/d' .config -echo 'CONFIG_LSM="yama,loadpin,integrity,selinux,apparmor,altha"' >> %{build_dir}/.config.append +echo 'CONFIG_LSM="yama,loadpin,integrity,selinux,apparmor,bpf,altha"' >> %{build_dir}/.config.append sed -i '/CONFIG_SECURITY_ALTHA/d' .config echo 'CONFIG_SECURITY_ALTHA=y' >> %{build_dir}/.config.append %endif -# Disable disk-based swap (swap files and partitions) on certified systems by default -# because we cannot guarantee that data stored in swap is erased from disk securely. -# Our patch, based on Chromium OS kernel, allows to use only zram if CONFIG_DISK_BASED_SWAP_DEFAULT_ON=y. -# sysctl vm.disk_based_swap = 1 to allow disk-based swap, = 0 to disable it. -# Note that CONFIG_ZRAM_WRITEBACK is still on. -#sed -i '/CONFIG_DISK_BASED_SWAP_DEFAULT_ON/d' .config -#%if %{with nickel} -#echo 'CONFIG_DISK_BASED_SWAP_DEFAULT_ON=n' >> %{build_dir}/.config.append -#%else -echo 'CONFIG_DISK_BASED_SWAP_DEFAULT_ON=y' >> %{build_dir}/.config.append -#%endif - cat %{build_dir}/.config.append >> .config # Store the config file in the appropriate directory. @@ -1381,7 +1351,7 @@ cp xt_TRIPSO.ko %{temp_modules}/%{kver_full}/kernel/net/ popd rm -fr kernel-source-tripso -%ifarch %{x86_64} +%if %{with binary_shredder} cp -r "$(rpm -q --qf '/usr/src/shredder-kernel-%%{VERSION}-%%{RELEASE}' kernel-source-shredder-kernel)" kernel-source-shredder-kernel pushd kernel-source-shredder-kernel %kmake KERNEL_PATH=%{src_dir} @@ -1391,25 +1361,8 @@ popd rm -fr kernel-source-shredder-kernel %endif -%ifarch %{ix86} %{x86_64} +%if %{with binary_virtualbox_host} # build commands for virtualbox are based on the ones from the virtualbox package -cp -r "$(rpm -q --qf '/usr/src/vboxadditions-%%{VERSION}-%%{RELEASE}' kernel-source-virtualbox-vboxadditions)" kernel-source-virtualbox-vboxadditions -mkdir -p %{temp_modules}/%{kver_full}/kernel/misc/ -pushd kernel-source-virtualbox-vboxadditions -%kmake KERN_DIR=%{src_dir} KERN_VER=%{kver_full} -C vboxguest -cp -fv vboxguest/Module.symvers vboxsf/ -%kmake KERN_DIR=%{src_dir} KERN_VER=%{kver_full} -C vboxsf -# TODO: vboxvideo is also build inside the upstream kernel... -# vboxsf is not in kernel 5.4 -# https://www.phoronix.com/scan.php?page=news_item&px=VirtualBox-Shared-Folder-5.6 -cp -fv vboxsf/Module.symvers vboxvideo/ -%kmake KERN_DIR=%{src_dir} KERN_VER=%{kver_full} -C vboxvideo -for i in vboxguest vboxsf vboxvideo -do - cp -v "${i}/${i}.ko" %{temp_modules}/%{kver_full}/kernel/misc/ -done -popd - cp -r "$(rpm -q --qf '/usr/src/virtualbox-%%{VERSION}-%%{RELEASE}' kernel-source-virtualbox)" kernel-source-virtualbox mkdir -p %{temp_modules}/%{kver_full}/kernel/misc/ pushd kernel-source-virtualbox @@ -1626,12 +1579,12 @@ cat > $kernel_files < -Date: Sat, 7 Mar 2020 19:23:40 +0300 -Subject: [PATCH] objtool/sync-check.sh: set the exit code explicitly - -Commit 6ec14aa7a58a "objtool: Silence build output" removed 'cd -' from -the end of sync-check.sh script. As a side-effect, the script now exits -with the exit code of the last executed 'check' command. If any of the -files it should check are missing (which is not an error per se), it will -return 1 and objtool will fail to build. - -Explicit 'exit 0' at the end should fix that. - -Fixes: 6ec14aa7a58a "objtool: Silence build output" -Signed-off-by: Evgenii Shatokhin ---- - tools/objtool/sync-check.sh | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/tools/objtool/sync-check.sh b/tools/objtool/sync-check.sh -index 2a1261bfbb62..f23bd02c1b77 100755 ---- a/tools/objtool/sync-check.sh -+++ b/tools/objtool/sync-check.sh -@@ -48,3 +48,5 @@ check arch/x86/include/asm/inat.h '-I "^#include [\"<]\(asm/\)*inat_types.h[ - check arch/x86/include/asm/insn.h '-I "^#include [\"<]\(asm/\)*inat.h[\">]"' - check arch/x86/lib/inat.c '-I "^#include [\"<]\(../include/\)*asm/insn.h[\">]"' - check arch/x86/lib/insn.c '-I "^#include [\"<]\(../include/\)*asm/in\(at\|sn\).h[\">]"' -+ -+exit 0 --- -2.24.0 -