Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- From f21b5d48ee6a548f8c2ff6221b6ba9f28b08c7d1 Mon Sep 17 00:00:00 2001
- From: Andrew Perepechko <panda@cloudlinux.com>
- Date: Tue, 30 Dec 2014 20:18:24 +0300
- Subject: [PATCH 02/10] initial lve commit
- ---
- fs/fs_struct.c | 1 +
- fs/namespace.c | 1 +
- include/linux/nsproxy.h | 1 +
- include/linux/ve.h | 2 ++
- kernel/bc/beancounter.c | 2 ++
- kernel/cgroup.c | 2 +-
- kernel/nsproxy.c | 17 +++++++++++++++++
- kernel/pid.c | 1 +
- 8 files changed, 26 insertions(+), 1 deletion(-)
- diff --git a/fs/fs_struct.c b/fs/fs_struct.c
- index 339934e..296406b 100644
- --- a/fs/fs_struct.c
- +++ b/fs/fs_struct.c
- @@ -90,6 +90,7 @@ void free_fs_struct(struct fs_struct *fs)
- path_put(&fs->pwd);
- kmem_cache_free(fs_cachep, fs);
- }
- +EXPORT_SYMBOL(free_fs_struct);
- void exit_fs(struct task_struct *tsk)
- {
- diff --git a/fs/namespace.c b/fs/namespace.c
- index aff3577..942ba23 100644
- --- a/fs/namespace.c
- +++ b/fs/namespace.c
- @@ -2769,6 +2769,7 @@ void put_mnt_ns(struct mnt_namespace *ns)
- namespace_unlock();
- free_mnt_ns(ns);
- }
- +EXPORT_SYMBOL(put_mnt_ns);
- struct vfsmount *kern_mount_data(struct file_system_type *type, void *data)
- {
- diff --git a/include/linux/nsproxy.h b/include/linux/nsproxy.h
- index 9d529ab..380e750 100644
- --- a/include/linux/nsproxy.h
- +++ b/include/linux/nsproxy.h
- @@ -62,6 +62,7 @@ static inline struct nsproxy *task_nsproxy(struct task_struct *tsk)
- return rcu_dereference(tsk->nsproxy);
- }
- +struct nsproxy *duplicate_nsproxy(struct nsproxy *nsproxy);
- int copy_namespaces(unsigned long flags, struct task_struct *tsk, int force_admin);
- void exit_task_namespaces(struct task_struct *tsk);
- void switch_task_namespaces(struct task_struct *tsk, struct nsproxy *new);
- diff --git a/include/linux/ve.h b/include/linux/ve.h
- index 6637dd5..3474540 100644
- --- a/include/linux/ve.h
- +++ b/include/linux/ve.h
- @@ -130,6 +130,8 @@ struct ve_struct {
- #if IS_ENABLED(CONFIG_DEVTMPFS)
- struct path devtmpfs_root;
- #endif
- +
- + void *lve;
- };
- #define VE_MEMINFO_DEFAULT 1 /* default behaviour */
- diff --git a/kernel/bc/beancounter.c b/kernel/bc/beancounter.c
- index 417e2c0..362cf4e 100644
- --- a/kernel/bc/beancounter.c
- +++ b/kernel/bc/beancounter.c
- @@ -400,6 +400,7 @@ struct user_beancounter *get_beancounter_by_name(const char *name, int create)
- cgroup_kernel_close(cg);
- return ub;
- }
- +EXPORT_SYMBOL(get_beancounter_by_name);
- struct user_beancounter *get_beancounter_byuid(uid_t uid, int create)
- {
- @@ -408,6 +409,7 @@ struct user_beancounter *get_beancounter_byuid(uid_t uid, int create)
- snprintf(name, sizeof(name), "%u", uid);
- return get_beancounter_by_name(name, create);
- }
- +EXPORT_SYMBOL(get_beancounter_byuid);
- uid_t ub_legacy_id(struct user_beancounter *ub)
- {
- diff --git a/kernel/cgroup.c b/kernel/cgroup.c
- index ce08ef9..dda4b79 100644
- --- a/kernel/cgroup.c
- +++ b/kernel/cgroup.c
- @@ -5158,7 +5158,7 @@ void __css_put(struct cgroup_subsys_state *css)
- if (v == 0)
- queue_work(cgroup_destroy_wq, &css->dput_work);
- }
- -EXPORT_SYMBOL_GPL(__css_put);
- +EXPORT_SYMBOL(__css_put);
- /*
- * Notify userspace when a cgroup is released, by running the
- diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
- index 875cb82..71dc279 100644
- --- a/kernel/nsproxy.c
- +++ b/kernel/nsproxy.c
- @@ -26,6 +26,8 @@
- #include <linux/file.h>
- #include <linux/syscalls.h>
- +#include "../fs/mount.h"
- +
- static struct kmem_cache *nsproxy_cachep;
- struct nsproxy init_nsproxy = {
- @@ -59,6 +61,21 @@ static inline struct nsproxy *create_nsproxy(void)
- return nsproxy;
- }
- +struct nsproxy *duplicate_nsproxy(struct nsproxy *nsproxy)
- +{
- + struct nsproxy *ns = create_nsproxy();
- + if (ns) {
- + *ns = *nsproxy;
- + atomic_set(&ns->count, 1);
- + get_uts_ns(ns->uts_ns);
- + get_ipc_ns(ns->ipc_ns);
- + get_mnt_ns(ns->mnt_ns);
- + get_pid_ns(ns->pid_ns);
- + get_net(ns->net_ns);
- + }
- + return ns;
- +}
- +
- /*
- * Create new nsproxy and all of its the associated namespaces.
- * Return the newly created nsproxy. Do not attach this to the task,
- diff --git a/kernel/pid.c b/kernel/pid.c
- index 2e11ac4..fe178dd 100644
- --- a/kernel/pid.c
- +++ b/kernel/pid.c
- @@ -495,6 +495,7 @@ struct task_struct *find_task_by_vpid(pid_t vnr)
- {
- return find_task_by_pid_ns(vnr, task_active_pid_ns(current));
- }
- +EXPORT_SYMBOL(find_task_by_vpid);
- struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
- {
- --
- 1.9.1
- From 45c6976de863b8b746e3fe2353d800037cdfc97d Mon Sep 17 00:00:00 2001
- From: root <root@localhost.localdomain>
- Date: Sun, 28 Dec 2014 17:31:27 -0500
- Subject: [PATCH 03/10] CL7: remove unnecessary export
- ---
- fs/fs_struct.c | 1 -
- fs/namespace.c | 1 -
- kernel/bc/beancounter.c | 2 --
- kernel/pid.c | 1 -
- 4 files changed, 5 deletions(-)
- diff --git a/fs/fs_struct.c b/fs/fs_struct.c
- index 296406b..339934e 100644
- --- a/fs/fs_struct.c
- +++ b/fs/fs_struct.c
- @@ -90,7 +90,6 @@ void free_fs_struct(struct fs_struct *fs)
- path_put(&fs->pwd);
- kmem_cache_free(fs_cachep, fs);
- }
- -EXPORT_SYMBOL(free_fs_struct);
- void exit_fs(struct task_struct *tsk)
- {
- diff --git a/fs/namespace.c b/fs/namespace.c
- index 942ba23..aff3577 100644
- --- a/fs/namespace.c
- +++ b/fs/namespace.c
- @@ -2769,7 +2769,6 @@ void put_mnt_ns(struct mnt_namespace *ns)
- namespace_unlock();
- free_mnt_ns(ns);
- }
- -EXPORT_SYMBOL(put_mnt_ns);
- struct vfsmount *kern_mount_data(struct file_system_type *type, void *data)
- {
- diff --git a/kernel/bc/beancounter.c b/kernel/bc/beancounter.c
- index 362cf4e..417e2c0 100644
- --- a/kernel/bc/beancounter.c
- +++ b/kernel/bc/beancounter.c
- @@ -400,7 +400,6 @@ struct user_beancounter *get_beancounter_by_name(const char *name, int create)
- cgroup_kernel_close(cg);
- return ub;
- }
- -EXPORT_SYMBOL(get_beancounter_by_name);
- struct user_beancounter *get_beancounter_byuid(uid_t uid, int create)
- {
- @@ -409,7 +408,6 @@ struct user_beancounter *get_beancounter_byuid(uid_t uid, int create)
- snprintf(name, sizeof(name), "%u", uid);
- return get_beancounter_by_name(name, create);
- }
- -EXPORT_SYMBOL(get_beancounter_byuid);
- uid_t ub_legacy_id(struct user_beancounter *ub)
- {
- diff --git a/kernel/pid.c b/kernel/pid.c
- index fe178dd..2e11ac4 100644
- --- a/kernel/pid.c
- +++ b/kernel/pid.c
- @@ -495,7 +495,6 @@ struct task_struct *find_task_by_vpid(pid_t vnr)
- {
- return find_task_by_pid_ns(vnr, task_active_pid_ns(current));
- }
- -EXPORT_SYMBOL(find_task_by_vpid);
- struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
- {
- --
- 1.9.1
- From 6c97e5018c74b81a2fa79f7e5dd1d3ce73251044 Mon Sep 17 00:00:00 2001
- From: root <root@localhost.localdomain>
- Date: Mon, 29 Dec 2014 17:11:14 -0500
- Subject: [PATCH 04/10] CL7: drop GPL license
- ---
- kernel/lockdep.c | 24 ++++++++++++------------
- kernel/rcupdate.c | 26 +++++++++++++-------------
- kernel/rcutree.c | 2 +-
- 3 files changed, 26 insertions(+), 26 deletions(-)
- diff --git a/kernel/lockdep.c b/kernel/lockdep.c
- index c3de86d..919f121 100644
- --- a/kernel/lockdep.c
- +++ b/kernel/lockdep.c
- @@ -2998,7 +2998,7 @@ void lockdep_init_map(struct lockdep_map *lock, const char *name,
- EXPORT_SYMBOL(lockdep_init_map);
- struct lock_class_key __lockdep_no_validate__;
- -EXPORT_SYMBOL_GPL(__lockdep_no_validate__);
- +EXPORT_SYMBOL(__lockdep_no_validate__);
- static int
- print_lock_nested_lock_not_held(struct task_struct *curr,
- @@ -3578,7 +3578,7 @@ void lock_set_class(struct lockdep_map *lock, const char *name,
- current->lockdep_recursion = 0;
- raw_local_irq_restore(flags);
- }
- -EXPORT_SYMBOL_GPL(lock_set_class);
- +EXPORT_SYMBOL(lock_set_class);
- /*
- * We are not always called with irqs disabled - do that here,
- @@ -3603,7 +3603,7 @@ void lock_acquire(struct lockdep_map *lock, unsigned int subclass,
- current->lockdep_recursion = 0;
- raw_local_irq_restore(flags);
- }
- -EXPORT_SYMBOL_GPL(lock_acquire);
- +EXPORT_SYMBOL(lock_acquire);
- void lock_release(struct lockdep_map *lock, int nested,
- unsigned long ip)
- @@ -3621,7 +3621,7 @@ void lock_release(struct lockdep_map *lock, int nested,
- current->lockdep_recursion = 0;
- raw_local_irq_restore(flags);
- }
- -EXPORT_SYMBOL_GPL(lock_release);
- +EXPORT_SYMBOL(lock_release);
- int lock_is_held(struct lockdep_map *lock)
- {
- @@ -3641,7 +3641,7 @@ int lock_is_held(struct lockdep_map *lock)
- return ret;
- }
- -EXPORT_SYMBOL_GPL(lock_is_held);
- +EXPORT_SYMBOL(lock_is_held);
- void lockdep_set_current_reclaim_state(gfp_t gfp_mask)
- {
- @@ -3814,7 +3814,7 @@ void lock_contended(struct lockdep_map *lock, unsigned long ip)
- current->lockdep_recursion = 0;
- raw_local_irq_restore(flags);
- }
- -EXPORT_SYMBOL_GPL(lock_contended);
- +EXPORT_SYMBOL(lock_contended);
- void lock_acquired(struct lockdep_map *lock, unsigned long ip)
- {
- @@ -3833,7 +3833,7 @@ void lock_acquired(struct lockdep_map *lock, unsigned long ip)
- current->lockdep_recursion = 0;
- raw_local_irq_restore(flags);
- }
- -EXPORT_SYMBOL_GPL(lock_acquired);
- +EXPORT_SYMBOL(lock_acquired);
- #endif
- /*
- @@ -4088,7 +4088,7 @@ void debug_check_no_locks_freed(const void *mem_from, unsigned long mem_len)
- }
- local_irq_restore(flags);
- }
- -EXPORT_SYMBOL_GPL(debug_check_no_locks_freed);
- +EXPORT_SYMBOL(debug_check_no_locks_freed);
- static void print_held_locks_bug(void)
- {
- @@ -4113,7 +4113,7 @@ void debug_check_no_locks_held(void)
- if (unlikely(current->lockdep_depth > 0))
- print_held_locks_bug();
- }
- -EXPORT_SYMBOL_GPL(debug_check_no_locks_held);
- +EXPORT_SYMBOL(debug_check_no_locks_held);
- void debug_show_all_locks(void)
- {
- @@ -4171,7 +4171,7 @@ retry:
- if (unlock)
- read_unlock(&tasklist_lock);
- }
- -EXPORT_SYMBOL_GPL(debug_show_all_locks);
- +EXPORT_SYMBOL(debug_show_all_locks);
- /*
- * Careful: only use this function if you are sure that
- @@ -4185,7 +4185,7 @@ void debug_show_held_locks(struct task_struct *task)
- }
- lockdep_print_held_locks(task);
- }
- -EXPORT_SYMBOL_GPL(debug_show_held_locks);
- +EXPORT_SYMBOL(debug_show_held_locks);
- void lockdep_sys_exit(void)
- {
- @@ -4254,4 +4254,4 @@ void lockdep_rcu_suspicious(const char *file, const int line, const char *s)
- printk("\nstack backtrace:\n");
- dump_stack();
- }
- -EXPORT_SYMBOL_GPL(lockdep_rcu_suspicious);
- +EXPORT_SYMBOL(lockdep_rcu_suspicious);
- diff --git a/kernel/rcupdate.c b/kernel/rcupdate.c
- index 48ab703..3fab23e 100644
- --- a/kernel/rcupdate.c
- +++ b/kernel/rcupdate.c
- @@ -67,7 +67,7 @@ void __rcu_read_lock(void)
- current->rcu_read_lock_nesting++;
- barrier(); /* critical section after entry code. */
- }
- -EXPORT_SYMBOL_GPL(__rcu_read_lock);
- +EXPORT_SYMBOL(__rcu_read_lock);
- /*
- * Preemptible RCU implementation for rcu_read_unlock().
- @@ -102,7 +102,7 @@ void __rcu_read_unlock(void)
- }
- #endif /* #ifdef CONFIG_PROVE_LOCKING */
- }
- -EXPORT_SYMBOL_GPL(__rcu_read_unlock);
- +EXPORT_SYMBOL(__rcu_read_unlock);
- /*
- * Check for a task exiting while in a preemptible-RCU read-side
- @@ -134,17 +134,17 @@ void exit_rcu(void)
- static struct lock_class_key rcu_lock_key;
- struct lockdep_map rcu_lock_map =
- STATIC_LOCKDEP_MAP_INIT("rcu_read_lock", &rcu_lock_key);
- -EXPORT_SYMBOL_GPL(rcu_lock_map);
- +EXPORT_SYMBOL(rcu_lock_map);
- static struct lock_class_key rcu_bh_lock_key;
- struct lockdep_map rcu_bh_lock_map =
- STATIC_LOCKDEP_MAP_INIT("rcu_read_lock_bh", &rcu_bh_lock_key);
- -EXPORT_SYMBOL_GPL(rcu_bh_lock_map);
- +EXPORT_SYMBOL(rcu_bh_lock_map);
- static struct lock_class_key rcu_sched_lock_key;
- struct lockdep_map rcu_sched_lock_map =
- STATIC_LOCKDEP_MAP_INIT("rcu_read_lock_sched", &rcu_sched_lock_key);
- -EXPORT_SYMBOL_GPL(rcu_sched_lock_map);
- +EXPORT_SYMBOL(rcu_sched_lock_map);
- #endif
- #ifdef CONFIG_DEBUG_LOCK_ALLOC
- @@ -154,7 +154,7 @@ int debug_lockdep_rcu_enabled(void)
- return rcu_scheduler_active && debug_locks &&
- current->lockdep_recursion == 0;
- }
- -EXPORT_SYMBOL_GPL(debug_lockdep_rcu_enabled);
- +EXPORT_SYMBOL(debug_lockdep_rcu_enabled);
- /**
- * rcu_read_lock_bh_held() - might we be in RCU-bh read-side critical section?
- @@ -181,7 +181,7 @@ int rcu_read_lock_bh_held(void)
- return 0;
- return in_softirq() || irqs_disabled();
- }
- -EXPORT_SYMBOL_GPL(rcu_read_lock_bh_held);
- +EXPORT_SYMBOL(rcu_read_lock_bh_held);
- #endif /* #ifdef CONFIG_DEBUG_LOCK_ALLOC */
- @@ -214,7 +214,7 @@ void wait_rcu_gp(call_rcu_func_t crf)
- wait_for_completion(&rcu.completion);
- destroy_rcu_head_on_stack(&rcu.head);
- }
- -EXPORT_SYMBOL_GPL(wait_rcu_gp);
- +EXPORT_SYMBOL(wait_rcu_gp);
- #ifdef CONFIG_PROVE_RCU
- /*
- @@ -224,7 +224,7 @@ int rcu_my_thread_group_empty(void)
- {
- return thread_group_empty(current);
- }
- -EXPORT_SYMBOL_GPL(rcu_my_thread_group_empty);
- +EXPORT_SYMBOL(rcu_my_thread_group_empty);
- #endif /* #ifdef CONFIG_PROVE_RCU */
- #ifdef CONFIG_DEBUG_OBJECTS_RCU_HEAD
- @@ -375,7 +375,7 @@ void init_rcu_head_on_stack(struct rcu_head *head)
- {
- debug_object_init_on_stack(head, &rcuhead_debug_descr);
- }
- -EXPORT_SYMBOL_GPL(init_rcu_head_on_stack);
- +EXPORT_SYMBOL(init_rcu_head_on_stack);
- /**
- * destroy_rcu_head_on_stack() - destroy on-stack rcu_head for debugobjects
- @@ -392,7 +392,7 @@ void destroy_rcu_head_on_stack(struct rcu_head *head)
- {
- debug_object_free(head, &rcuhead_debug_descr);
- }
- -EXPORT_SYMBOL_GPL(destroy_rcu_head_on_stack);
- +EXPORT_SYMBOL(destroy_rcu_head_on_stack);
- struct debug_obj_descr rcuhead_debug_descr = {
- .name = "rcu_head",
- @@ -400,7 +400,7 @@ struct debug_obj_descr rcuhead_debug_descr = {
- .fixup_activate = rcuhead_fixup_activate,
- .fixup_free = rcuhead_fixup_free,
- };
- -EXPORT_SYMBOL_GPL(rcuhead_debug_descr);
- +EXPORT_SYMBOL(rcuhead_debug_descr);
- #endif /* #ifdef CONFIG_DEBUG_OBJECTS_RCU_HEAD */
- #if defined(CONFIG_TREE_RCU) || defined(CONFIG_TREE_PREEMPT_RCU) || defined(CONFIG_RCU_TRACE)
- @@ -410,7 +410,7 @@ void do_trace_rcu_torture_read(char *rcutorturename, struct rcu_head *rhp,
- {
- trace_rcu_torture_read(rcutorturename, rhp, secs, c_old, c);
- }
- -EXPORT_SYMBOL_GPL(do_trace_rcu_torture_read);
- +EXPORT_SYMBOL(do_trace_rcu_torture_read);
- #else
- #define do_trace_rcu_torture_read(rcutorturename, rhp, secs, c_old, c) \
- do { } while (0)
- diff --git a/kernel/rcutree.c b/kernel/rcutree.c
- index 3538001..6d70ad5 100644
- --- a/kernel/rcutree.c
- +++ b/kernel/rcutree.c
- @@ -725,7 +725,7 @@ bool rcu_lockdep_current_cpu_online(void)
- preempt_enable();
- return ret;
- }
- -EXPORT_SYMBOL_GPL(rcu_lockdep_current_cpu_online);
- +EXPORT_SYMBOL(rcu_lockdep_current_cpu_online);
- #endif /* #if defined(CONFIG_PROVE_RCU) && defined(CONFIG_HOTPLUG_CPU) */
- --
- 1.9.1
- From 9408c483e21c848af4029861721f7c43acf597f3 Mon Sep 17 00:00:00 2001
- From: Andrew Perepechko <panda@cloudlinux.com>
- Date: Thu, 22 Jan 2015 14:16:27 +0300
- Subject: [PATCH 06/10] the patch fixes double I/O accounting for iolimits
- ---
- mm/page-writeback.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
- diff --git a/mm/page-writeback.c b/mm/page-writeback.c
- index 0ae8d31..b0f33bf 100644
- --- a/mm/page-writeback.c
- +++ b/mm/page-writeback.c
- @@ -2039,7 +2039,7 @@ void account_page_dirtied(struct page *page, struct address_space *mapping)
- __inc_zone_page_state(page, NR_DIRTIED);
- __inc_bdi_stat(mapping->backing_dev_info, BDI_RECLAIMABLE);
- __inc_bdi_stat(mapping->backing_dev_info, BDI_DIRTIED);
- - task_io_account_write(PAGE_CACHE_SIZE);
- + task_io_account_dirty(PAGE_CACHE_SIZE);
- current->nr_dirtied++;
- this_cpu_inc(bdp_ratelimits);
- }
- --
- 1.9.1
- From 3fd6eaf48887c3eb504178b428e5968e2facdcac Mon Sep 17 00:00:00 2001
- From: Andrew Perepechko <panda@cloudlinux.com>
- Date: Thu, 29 Jan 2015 16:55:17 +0300
- Subject: [PATCH 07/10] VIRTINFO_EXEC support
- ---
- fs/exec.c | 4 ++++
- include/linux/virtinfo.h | 1 +
- 2 files changed, 5 insertions(+)
- diff --git a/fs/exec.c b/fs/exec.c
- index bb06152..2de8157 100644
- --- a/fs/exec.c
- +++ b/fs/exec.c
- @@ -858,6 +858,10 @@ static int exec_mmap(struct linux_binprm *bprm)
- struct task_struct *tsk;
- struct mm_struct *old_mm, *active_mm, *mm;
- + if (virtinfo_notifier_call(VITYPE_GENERAL, VIRTINFO_EXEC,
- + bprm) & NOTIFY_FAIL)
- + return -EPERM;
- +
- /* Notify parent that we're no longer interested in the old VM */
- tsk = current;
- old_mm = current->mm;
- diff --git a/include/linux/virtinfo.h b/include/linux/virtinfo.h
- index e8cb94c..52c1051 100644
- --- a/include/linux/virtinfo.h
- +++ b/include/linux/virtinfo.h
- @@ -63,6 +63,7 @@ int meminfo_proc_show_ub(struct seq_file *m, void *v,
- #define VIRTINFO_SYSINFO 2
- #define VIRTINFO_VMSTAT 3
- #define VIRTINFO_OOMKILL 4
- +#define VIRTINFO_EXEC 5
- #define VIRTINFO_IO_ACCOUNT 0
- #define VIRTINFO_IO_PREPARE 1
- --
- 1.9.1
- From ab53a38a812bee656ac1982d35a26e3f91f93107 Mon Sep 17 00:00:00 2001
- From: Andrew Perepechko <panda@cloudlinux.com>
- Date: Thu, 29 Jan 2015 22:48:38 +0300
- Subject: [PATCH 08/10] set ubc_ioprio to 0
- ubc_ioprio=1 breaks enter-on-exec functionality
- by ub_attach_task -> ub_blkio_cgroup_attach_task ->
- cgroup_kernel_open(blkio_cgroup_root...) = -EACCES.
- We also do not need blkio functionality, as we
- implement our own I/O throttling.
- ---
- kernel/bc/beancounter.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
- diff --git a/kernel/bc/beancounter.c b/kernel/bc/beancounter.c
- index 417e2c0..18ccbf8 100644
- --- a/kernel/bc/beancounter.c
- +++ b/kernel/bc/beancounter.c
- @@ -81,7 +81,7 @@ const char *ub_rnames[] = {
- unsigned int ub_dcache_threshold __read_mostly = 4 * 1024; /* ~7Mb per container */
- -static int ubc_ioprio = 1;
- +static int ubc_ioprio = 0;
- /* default maximum perpcu resources precharge */
- int ub_resource_precharge[UB_RESOURCES] = {
- --
- 1.9.1
- From 8e07d85e02dcda67174f054f1a2018b2e7a354a0 Mon Sep 17 00:00:00 2001
- From: Alexey Lyashkov <alexey_lyashkov@xyratex.com>
- Date: Thu, 22 Jan 2015 16:10:57 -0500
- Subject: [PATCH 09/10] Hide proc directories from user
- The commit combines next commits from CL6:
- 1. 5b746e8 Hide proc directories from user
- 2. 80fdaee /proc/cpuinfo should be visible to everyone
- 3. dd66bde Root can see all proc elements in all cases inspite off
- proc_super_gid value
- 4. 8ffdd6c add proc_can_see_other_uid to sysctl tree.
- 5. a84b463 add fs.proc_can_see_other_uid and super gid
- Signed-off-by: Vladimir Meshkov <vmeshkov@cloudlinux.com>
- ---
- fs/proc/base.c | 19 ++++++++++++++++-
- fs/proc/generic.c | 56 +++++++++++++++++++++++++++++++++++++++++++------
- include/linux/proc_fs.h | 1 +
- kernel/sysctl.c | 17 +++++++++++++++
- 4 files changed, 86 insertions(+), 7 deletions(-)
- diff --git a/fs/proc/base.c b/fs/proc/base.c
- index cc5b876..7d946ac 100644
- --- a/fs/proc/base.c
- +++ b/fs/proc/base.c
- @@ -2951,6 +2951,9 @@ out:
- return result;
- }
- +int proc_can_see_other_uid = 1;
- +gid_t proc_super_gid = 0;
- +
- /*
- * Find the first task with tgid >= tgid
- *
- @@ -2962,6 +2965,9 @@ struct tgid_iter {
- static struct tgid_iter next_tgid(struct pid_namespace *ns, struct tgid_iter iter)
- {
- struct pid *pid;
- + kgid_t proc_super_kgid;
- + kuid_t cur_euid;
- + kuid_t tsk_euid;
- if (iter.task)
- put_task_struct(iter.task);
- @@ -2970,8 +2976,19 @@ retry:
- iter.task = NULL;
- pid = find_ge_pid(iter.tgid, ns);
- if (pid) {
- - iter.tgid = pid_nr_ns(pid, ns);
- + proc_super_kgid = make_kgid(current_user_ns(), proc_super_gid);
- iter.task = pid_task(pid, PIDTYPE_PID);
- + cur_euid = current_euid();
- + if (iter.task != NULL) {
- + tsk_euid = task_euid(iter.task);
- + if (!proc_can_see_other_uid && !capable(CAP_SYS_RESOURCE) &&
- + !(proc_super_gid && in_group_p(proc_super_kgid)) &&
- + !uid_eq(cur_euid, tsk_euid))
- + iter.task = NULL;
- + }
- +
- + iter.tgid = pid_nr_ns(pid, ns);
- +
- /* What we to know is if the pid we have find is the
- * pid of a thread_group_leader. Testing for task
- * being a thread_group_leader is the obvious thing
- diff --git a/fs/proc/generic.c b/fs/proc/generic.c
- index e6c3eae..46d5ecd 100644
- --- a/fs/proc/generic.c
- +++ b/fs/proc/generic.c
- @@ -27,6 +27,8 @@
- #include "internal.h"
- +static kgid_t proc_super_kgid;
- +
- DEFINE_SPINLOCK(proc_subdir_lock);
- static int proc_match(unsigned int len, const char *name, struct proc_dir_entry *de)
- @@ -204,6 +206,41 @@ static const struct dentry_operations proc_dentry_operations =
- .d_delete = proc_delete_dentry,
- };
- +static char *names_white_list[] = {"version", "stat", "uptime",
- +"loadavg", "filesystems", "stat", "cmdline", "meminfo", "mounts", "tcp",
- +"tcp6", "udp", "udp6", "assocs", "raw", "raw6", "unix", "dev",
- +"net", "cpuinfo" //access to /proc/net/tcp, tcp6, udp, udp6, assocs, raw, raw6, unix
- +};
- +static int names_white_list_sizes[ARRAY_SIZE(names_white_list)];
- +static int is_white_list_initialized = 0;
- +
- +static int proc_check_access(const char *name, int namelen)
- +{
- + int i;
- +
- + if (!is_white_list_initialized) {
- + for (i = 0; i < ARRAY_SIZE(names_white_list); i++)
- + names_white_list_sizes[i] = strlen(names_white_list[i]);
- + is_white_list_initialized = 1;
- + }
- +
- + for (i = 0; i < ARRAY_SIZE(names_white_list); i++) {
- + if (namelen != names_white_list_sizes[i])
- + continue;
- + if (memcmp(name, names_white_list[i], namelen))
- + continue;
- + return 1;
- + }
- +
- + return 0;
- +}
- +
- +extern gid_t proc_super_gid;
- +#define PDE_IS_NOT_ACCESSIBLY(de) (!in_group_p(proc_super_kgid) \
- + && !de->access \
- + && !capable(CAP_SYS_RESOURCE))
- +#define PDE_IS_ACCESSIBLY(de) (!PDE_IS_NOT_ACCESSIBLY(de))
- +
- /*
- * Don't create negative dentries here, return -ENOENT by hand
- * instead.
- @@ -221,6 +258,9 @@ struct dentry *proc_lookup_de(struct proc_dir_entry *de, struct inode *dir,
- if (in_container && !(de->mode & S_ISVTX))
- continue;
- if (!memcmp(dentry->d_name.name, de->name, de->namelen)) {
- + proc_super_kgid = make_kgid(current_user_ns(), proc_super_gid);
- + if (de && PDE_IS_NOT_ACCESSIBLY(de))
- + return NULL;
- pde_get(de);
- spin_unlock(&proc_subdir_lock);
- inode = proc_get_inode(dir->i_sb, de);
- @@ -259,6 +299,7 @@ int proc_readdir_de(struct proc_dir_entry *de, struct file *filp, void *dirent,
- int ret = 0;
- bool in_container = proc_in_container(filp->f_path.dentry->d_sb);
- + proc_super_kgid = make_kgid(current_user_ns(), proc_super_gid);
- ino = inode->i_ino;
- i = filp->f_pos;
- switch (i) {
- @@ -304,13 +345,15 @@ int proc_readdir_de(struct proc_dir_entry *de, struct file *filp, void *dirent,
- /* filldir passes info to user space */
- pde_get(de);
- - spin_unlock(&proc_subdir_lock);
- - if (filldir(dirent, de->name, de->namelen, filp->f_pos,
- - de->low_ino, de->mode >> 12) < 0) {
- - pde_put(de);
- - goto out;
- + if (PDE_IS_ACCESSIBLY(de)) {
- + spin_unlock(&proc_subdir_lock);
- + if (filldir(dirent, de->name, de->namelen, filp->f_pos,
- + de->low_ino, de->mode >> 12) < 0) {
- + pde_put(de);
- + goto out;
- + }
- + spin_lock(&proc_subdir_lock);
- }
- - spin_lock(&proc_subdir_lock);
- filp->f_pos++;
- next = de->next;
- pde_put(de);
- @@ -426,6 +469,7 @@ static struct proc_dir_entry *__proc_create(struct proc_dir_entry **parent,
- atomic_set(&ent->count, 1);
- spin_lock_init(&ent->pde_unload_lock);
- INIT_LIST_HEAD(&ent->pde_openers);
- + ent->access = proc_check_access(name, len);
- out:
- return ent;
- }
- diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
- index 3ad9873..74d3410 100644
- --- a/include/linux/proc_fs.h
- +++ b/include/linux/proc_fs.h
- @@ -25,6 +25,7 @@ struct proc_dir_entry {
- struct list_head pde_openers; /* who did ->open, but not ->release */
- spinlock_t pde_unload_lock; /* proc_fops checks and pde_users bumps */
- u8 namelen;
- + int access;
- char name[];
- };
- diff --git a/kernel/sysctl.c b/kernel/sysctl.c
- index e7e1dce..80d3349 100644
- --- a/kernel/sysctl.c
- +++ b/kernel/sysctl.c
- @@ -1521,6 +1521,9 @@ static struct ctl_table binfmt_misc_table[] = {
- };
- #endif
- +extern int proc_can_see_other_uid; /* fs/procfs/ */
- +extern gid_t proc_super_gid;
- +
- static struct ctl_table fs_table[] = {
- {
- .procname = "relatime_interval",
- @@ -1699,6 +1702,20 @@ static struct ctl_table fs_table[] = {
- .proc_handler = &pipe_proc_fn,
- .extra1 = &pipe_min_size,
- },
- + {
- + .procname = "proc_can_see_other_uid",
- + .mode = 0600,
- + .data = &proc_can_see_other_uid,
- + .maxlen = sizeof(proc_can_see_other_uid),
- + .proc_handler = &proc_dointvec,
- + },
- + {
- + .procname = "proc_super_gid",
- + .mode = 0600,
- + .data = &proc_super_gid,
- + .maxlen = sizeof(proc_super_gid),
- + .proc_handler = &proc_dointvec,
- + },
- { }
- };
- --
- 1.9.1
- From 0000a05e09b6ff583650fb70c7b685f801050f81 Mon Sep 17 00:00:00 2001
- From: Sergey Cherementsev <cherementsev@cloudlinux.com>
- Date: Thu, 29 Jan 2015 09:12:31 -0500
- Subject: [PATCH 10/10] Symlink owner handler
- The patch has been ported from CL6, commit e3488488
- Signed-off-by: Vladimir Meshkov <vmeshkov@cloudlinux.com>
- ---
- fs/Kconfig | 25 +++++++++++++++++++++++++
- fs/namei.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
- kernel/sysctl.c | 21 +++++++++++++++++++++
- 3 files changed, 95 insertions(+)
- diff --git a/fs/Kconfig b/fs/Kconfig
- index eaf7c12..38281e2 100644
- --- a/fs/Kconfig
- +++ b/fs/Kconfig
- @@ -4,6 +4,31 @@
- menu "File systems"
- +config SYMLINKOWN
- + bool
- + default y
- + help
- + Apache's SymlinksIfOwnerMatch option has an inherent race condition
- + that prevents it from being used as a security feature. As Apache
- + verifies the symlink by performing a stat() against the target of
- + the symlink before it is followed, an attacker can setup a symlink
- + to point to a same-owned file, then replace the symlink with one
- + that targets another user's file just after Apache "validates" the
- + symlink -- a classic TOCTOU race. If you say Y here, a complete,
- + race-free replacement for Apache's "SymlinksIfOwnerMatch" option
- + will be in place for the group you specify. If the sysctl option
- + is enabled, a sysctl option with name "enforce_symlinksifowner" is
- + created.
- +
- +config SYMLINKOWN_GID
- + int "GID for users with kernel-enforced SymlinksIfOwnerMatch"
- + depends on SYMLINKOWN
- + default 1006
- + help
- + Setting this GID determines what group kernel-enforced
- + SymlinksIfOwnerMatch will be enabled for. If the sysctl option
- + is enabled, a sysctl option with name "symlinkown_gid" is created.
- +
- # Use unaligned word dcache accesses
- config DCACHE_WORD_ACCESS
- bool
- diff --git a/fs/namei.c b/fs/namei.c
- index 5b01462..07336b2 100644
- --- a/fs/namei.c
- +++ b/fs/namei.c
- @@ -130,6 +130,9 @@ void final_putname(struct filename *name)
- #define EMBEDDED_NAME_MAX (PATH_MAX - sizeof(struct filename))
- +static int
- +handle_symlink_owner(const struct path *link, const struct inode *target);
- +
- static struct filename *
- getname_flags(const char __user *filename, int flags, int *empty)
- {
- @@ -880,6 +883,10 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
- put_link(nd, link, *p);
- }
- + if (!error && !(nd->flags & LOOKUP_PARENT) &&
- + handle_symlink_owner(link, nd->path.dentry->d_inode))
- + error = -EACCES;
- +
- return error;
- out_put_nd_path:
- @@ -1771,6 +1778,48 @@ static inline unsigned long hash_name(const char *name, unsigned int *hashp)
- #endif
- +#ifdef CONFIG_SYMLINKOWN
- +int enable_symlinkown = 1;
- +gid_t symlinkown_gid = CONFIG_SYMLINKOWN_GID;
- +#endif
- +
- +static int
- +handle_symlink_owner(const struct path *link, const struct inode *target)
- +{
- +#ifdef CONFIG_SYMLINKOWN
- + const struct inode *link_inode = link->dentry->d_inode;
- + const struct cred *cred;
- + kgid_t symlinkown_kgid = make_kgid(current_user_ns(), symlinkown_gid);
- + int ngroups;
- +
- + if (enable_symlinkown && target && link_inode &&
- + uid_valid(link_inode->i_uid) &&
- + !uid_eq(link_inode->i_uid, target->i_uid)) {
- + if (enable_symlinkown == 1) {
- + if (in_group_p(symlinkown_kgid))
- + goto eacces;
- + } else {
- + cred = current_cred();
- + ngroups = cred->group_info->ngroups;
- + if (ngroups && gid_gt(GROUP_AT(cred->group_info,
- + ngroups - 1), symlinkown_kgid))
- + goto eacces;
- + if (gid_gt(cred->fsgid, symlinkown_kgid))
- + goto eacces;
- + }
- + return 0;
- +eacces:
- + if (printk_ratelimit())
- + printk(KERN_DEBUG "access denied %p uid %u target uid %u!\n",
- + link->dentry,
- + from_kuid(current_user_ns(), link_inode->i_uid),
- + from_kuid(current_user_ns(), target->i_uid));
- + return -EACCES;
- + }
- +#endif
- + return 0;
- +}
- +
- /*
- * Name resolution.
- * This is the basic name resolution function, turning a pathname into
- diff --git a/kernel/sysctl.c b/kernel/sysctl.c
- index 80d3349..9c2eb34 100644
- --- a/kernel/sysctl.c
- +++ b/kernel/sysctl.c
- @@ -188,6 +188,11 @@ static int proc_dostring_coredump(struct ctl_table *table, int write,
- void __user *buffer, size_t *lenp, loff_t *ppos);
- #endif
- +#ifdef CONFIG_SYMLINKOWN
- +extern int enable_symlinkown;
- +extern gid_t symlinkown_gid;
- +#endif
- +
- #ifdef CONFIG_MAGIC_SYSRQ
- /* Note: sysrq code uses it's own private copy */
- static int __sysrq_enabled = SYSRQ_DEFAULT_ENABLE;
- @@ -1716,6 +1721,22 @@ static struct ctl_table fs_table[] = {
- .maxlen = sizeof(proc_super_gid),
- .proc_handler = &proc_dointvec,
- },
- +#ifdef CONFIG_SYMLINKOWN
- + {
- + .procname = "enforce_symlinksifowner",
- + .mode = 0600,
- + .data = &enable_symlinkown,
- + .maxlen = sizeof(enable_symlinkown),
- + .proc_handler = &proc_dointvec,
- + },
- + {
- + .procname = "symlinkown_gid",
- + .mode = 0600,
- + .data = &symlinkown_gid,
- + .maxlen = sizeof(symlinkown_gid),
- + .proc_handler = &proc_dointvec,
- + },
- +#endif
- { }
- };
- --
- 1.9.1
- diff --git a/fs/proc/generic.c b/fs/proc/generic.c
- index 46d5ecd..b14ac43 100644
- --- a/fs/proc/generic.c
- +++ b/fs/proc/generic.c
- @@ -259,8 +259,10 @@ struct dentry *proc_lookup_de(struct proc_dir_entry *de, struct inode *dir,
- continue;
- if (!memcmp(dentry->d_name.name, de->name, de->namelen)) {
- proc_super_kgid = make_kgid(current_user_ns(), proc_super_gid);
- - if (de && PDE_IS_NOT_ACCESSIBLY(de))
- + if (de && PDE_IS_NOT_ACCESSIBLY(de)) {
- + spin_unlock(&proc_subdir_lock);
- return NULL;
- + }
- pde_get(de);
- spin_unlock(&proc_subdir_lock);
- inode = proc_get_inode(dir->i_sb, de);
- From 66bf59df7e5bbd73ade2d85d1909be68469af8b9 Mon Sep 17 00:00:00 2001
- From: Andrew Perepechko <panda@cloudlinux.com>
- Date: Fri, 20 Mar 2015 21:38:26 +0300
- Subject: [PATCH 12/12] IOPS accounting support for noop and as
- ---
- block/cfq-iosched.c | 3 +++
- block/deadline-iosched.c | 3 +++
- block/noop-iosched.c | 2 ++
- 3 files changed, 8 insertions(+)
- diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c
- index c410752..2fe3e75 100644
- --- a/block/cfq-iosched.c
- +++ b/block/cfq-iosched.c
- @@ -14,6 +14,7 @@
- #include <linux/rbtree.h>
- #include <linux/ioprio.h>
- #include <linux/blktrace_api.h>
- +#include <linux/virtinfo.h>
- #include "blk.h"
- #include "blk-cgroup.h"
- @@ -3923,6 +3924,8 @@ static void cfq_insert_request(struct request_queue *q, struct request *rq)
- cfqg_stats_update_io_add(RQ_CFQG(rq), cfqd->serving_group,
- rq->cmd_flags);
- cfq_rq_enqueued(cfqd, cfqq, rq);
- +
- + virtinfo_notifier_call_irq(VITYPE_IO, VIRTINFO_IO_OP_ACCOUNT, NULL);
- }
- /*
- diff --git a/block/deadline-iosched.c b/block/deadline-iosched.c
- index 20614a3..9543233 100644
- --- a/block/deadline-iosched.c
- +++ b/block/deadline-iosched.c
- @@ -13,6 +13,7 @@
- #include <linux/init.h>
- #include <linux/compiler.h>
- #include <linux/rbtree.h>
- +#include <linux/virtinfo.h>
- /*
- * See Documentation/block/deadline-iosched.txt
- @@ -108,6 +109,8 @@ deadline_add_request(struct request_queue *q, struct request *rq)
- */
- rq_set_fifo_time(rq, jiffies + dd->fifo_expire[data_dir]);
- list_add_tail(&rq->queuelist, &dd->fifo_list[data_dir]);
- +
- + virtinfo_notifier_call_irq(VITYPE_IO, VIRTINFO_IO_OP_ACCOUNT, NULL);
- }
- /*
- diff --git a/block/noop-iosched.c b/block/noop-iosched.c
- index 3de89d4..6f14f83 100644
- --- a/block/noop-iosched.c
- +++ b/block/noop-iosched.c
- @@ -7,6 +7,7 @@
- #include <linux/module.h>
- #include <linux/slab.h>
- #include <linux/init.h>
- +#include <linux/virtinfo.h>
- struct noop_data {
- struct list_head queue;
- @@ -37,6 +38,7 @@ static void noop_add_request(struct request_queue *q, struct request *rq)
- struct noop_data *nd = q->elevator->elevator_data;
- list_add_tail(&rq->queuelist, &nd->queue);
- + virtinfo_notifier_call_irq(VITYPE_IO, VIRTINFO_IO_OP_ACCOUNT, NULL);
- }
- static struct request *
- --
- 1.9.1
- From be2f57f5a7eaf6fd003146120623d07ea10b7b3b Mon Sep 17 00:00:00 2001
- From: Andrew Perepechko <panda@cloudlinux.com>
- Date: Mon, 18 May 2015 22:06:58 +0300
- Subject: [PATCH] properly charge and uncharge shmem
- Currently, shmem_lock immediately and
- unconditionally uncharges what it has
- just charged for a lock request.
- This, indeed, causes a double uncharge
- with something like the following:
- shmid = shmget(12345, 8192, IPC_CREAT | 0666);
- rc = shmctl(shmid, SHM_LOCK, NULL);
- shmctl(shmid, IPC_RMID, 0);
- with the following in the kernel log:
- [ 455.815025] Uncharging too much 2 h 0, res lockedpages ub 0
- Signed-off-by: Andrew Perepechko <panda@cloudlinux.com>
- ---
- mm/shmem.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
- diff --git a/mm/shmem.c b/mm/shmem.c
- index 41925dc..e21ce51 100644
- --- a/mm/shmem.c
- +++ b/mm/shmem.c
- @@ -1359,11 +1359,13 @@ int shmem_lock(struct file *file, int lock, struct user_struct *user)
- mapping_set_unevictable(file->f_mapping);
- }
- if (!lock && (info->flags & VM_LOCKED) && user) {
- + ub_lockedshm_uncharge(info, inode->i_size);
- user_shm_unlock(inode->i_size, user);
- info->flags &= ~VM_LOCKED;
- mapping_clear_unevictable(file->f_mapping);
- }
- - retval = 0;
- + spin_unlock(&info->lock);
- + return 0;
- out_nomem:
- ub_lockedshm_uncharge(info, inode->i_size);
- --
- 1.9.1
- kpatch-description: kernel: splice: lack of generic write checks
- kpatch-kernel: kernel-3.10.0-123.20.1.el7
- kpatch-cve: CVE-2014-7822
- kpatch-cvss: 4.6
- kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2014-7822
- diff -upr linux-3.10.0-123.13.2.el7/fs/splice.c linux-3.10.0-123.20.1.el7/fs/splice.c
- --- linux-3.10.0-123.13.2.el7/fs/splice.c 2014-12-13 03:14:08.000000000 +0300
- +++ linux-3.10.0-123.20.1.el7/fs/splice.c 2015-01-21 17:00:38.000000000 +0300
- @@ -1098,6 +1098,7 @@ static long do_splice_from(struct pipe_i
- {
- ssize_t (*splice_write)(struct pipe_inode_info *, struct file *,
- loff_t *, size_t, unsigned int);
- + struct inode *inode = out->f_mapping->host;
- int ret;
- if (unlikely(!(out->f_mode & FMODE_WRITE)))
- @@ -1110,6 +1111,10 @@ static long do_splice_from(struct pipe_i
- if (unlikely(ret < 0))
- return ret;
- + ret = generic_write_checks(out, ppos, &len, S_ISBLK(inode->i_mode));
- + if (ret)
- + return ret;
- +
- if (out->f_op && out->f_op->splice_write)
- splice_write = out->f_op->splice_write;
- else
- diff --git a/include/bc/sock_orphan.h b/include/bc/sock_orphan.h
- index a737d9e..a8904ea 100644
- --- a/include/bc/sock_orphan.h
- +++ b/include/bc/sock_orphan.h
- @@ -41,13 +41,15 @@ static inline int ub_get_orphan_count(struct sock *sk)
- static inline int ub_too_many_orphans(struct sock *sk, int count)
- {
- + struct net *net = sock_net(sk);
- +
- #ifdef CONFIG_BEANCOUNTERS
- if (__ub_too_many_orphans(sk, count))
- return 1;
- #endif
- return (ub_get_orphan_count(sk) > sysctl_tcp_max_orphans ||
- (sk->sk_wmem_queued > SOCK_MIN_SNDBUF &&
- - atomic_long_read(&tcp_memory_allocated) > sysctl_tcp_mem[2]));
- + atomic_long_read(&tcp_memory_allocated) > net->ipv4.sysctl_tcp_mem[2]));
- }
- struct inet_timewait_sock;
- From 6eb2ae1c79b37c91f65a80273bda153faec34253 Mon Sep 17 00:00:00 2001
- From: Dmitry Monakhov <dmonakhov@openvz.org>
- Date: Tue, 9 Jun 2015 12:59:39 +0400
- Subject: [PATCH] pfcache: fix path refcounting hazzard
- peer's path management was broken during porting from rhel6 to rhel7
- - open_mapping_peer no longer responsible for path drop on error.
- - fix refcounting during race peer_open/peer_close
- #TESTCASE:
- VEID=101
- mkdir /tmp/pfcache
- mount -ttmpfs none /tmp/pfcache
- vzctl create $VEID
- vzctl mount $VEID
- dd if=/dev/zero of=/vz/root/$VEID/bin/f1 bs=4k count=1
- cp /vz/root/$VEID/bin/f1 /pfcache/1c/eaf73df40e531df3bfb26b4fb7cd95fb7bff1d
- vzctl umount $VEID
- mount /vz/root/$VEID -oremount,balloon_ino=12,pfcache_csum,pfcache=/tmp/pfcache
- stat /vz/root/$VEID/bin/f1 | echo FAIL
- vzctl umount $VEID
- umount /tmp/pfcache || echo FAIL
- Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
- Acked-by: Andrew Vagin <avagin@odin.com>
- Reported-by: Oleksiy Shchukin <oshchukin@cloudlinux.com>
- ---
- fs/ext4/pfcache.c | 2 +-
- mm/memory.c | 7 +------
- 2 files changed, 2 insertions(+), 7 deletions(-)
- diff --git a/fs/ext4/pfcache.c b/fs/ext4/pfcache.c
- index 2789508..b75c26d 100644
- --- a/fs/ext4/pfcache.c
- +++ b/fs/ext4/pfcache.c
- @@ -77,6 +77,7 @@ int ext4_open_pfcache(struct inode *inode)
- ret = open_mapping_peer(inode->i_mapping, &path, &init_cred);
- if (!ret)
- percpu_counter_inc(&EXT4_SB(inode->i_sb)->s_pfcache_peers);
- + path_put(&path);
- return ret;
- }
- @@ -193,7 +194,6 @@ int ext4_relink_pfcache(struct super_block *sb, char *new_root, bool new_sb)
- }
- if (path.mnt) {
- - path_get(&path);
- if (!open_mapping_peer(inode->i_mapping,
- &path, &init_cred))
- nr_opened++;
- diff --git a/mm/memory.c b/mm/memory.c
- index 2f09839..618c36c 100644
- --- a/mm/memory.c
- +++ b/mm/memory.c
- @@ -4317,7 +4317,6 @@ restart:
- if (!peer->i_peer_file) {
- file = dentry_open(path, O_RDONLY | O_LARGEFILE, cred);
- if (IS_ERR(file)) {
- - path_put(path);
- return PTR_ERR(file);
- }
- @@ -4334,8 +4333,6 @@ restart:
- }
- if (peer->i_peer_file) {
- spin_unlock(&inode->i_lock);
- - *path = file->f_path;
- - path_get(path);
- fput(file);
- file = NULL;
- goto restart;
- @@ -4361,9 +4358,7 @@ restart:
- if (file) {
- file_accessed(file);
- fput(file);
- - } else
- - path_put(path);
- -
- + }
- return 0;
- }
- EXPORT_SYMBOL(open_mapping_peer);
- --
- 1.8.3.1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement