Untitled

From f21b5d48ee6a548f8c2ff6221b6ba9f28b08c7d1 Mon Sep 17 00:00:00 2001
From: Andrew Perepechko <panda@cloudlinux.com>
Date: Tue, 30 Dec 2014 20:18:24 +0300
Subject: [PATCH 02/10] initial lve commit

---
 fs/fs_struct.c          |  1 +
 fs/namespace.c          |  1 +
 include/linux/nsproxy.h |  1 +
 include/linux/ve.h      |  2 ++
 kernel/bc/beancounter.c |  2 ++
 kernel/cgroup.c         |  2 +-
 kernel/nsproxy.c        | 17 +++++++++++++++++
 kernel/pid.c            |  1 +
 8 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/fs/fs_struct.c b/fs/fs_struct.c
index 339934e..296406b 100644
--- a/fs/fs_struct.c
+++ b/fs/fs_struct.c
@@ -90,6 +90,7 @@ void free_fs_struct(struct fs_struct *fs)
 	path_put(&fs->pwd);
 	kmem_cache_free(fs_cachep, fs);
 }
+EXPORT_SYMBOL(free_fs_struct);

 void exit_fs(struct task_struct *tsk)
 {
diff --git a/fs/namespace.c b/fs/namespace.c
index aff3577..942ba23 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2769,6 +2769,7 @@ void put_mnt_ns(struct mnt_namespace *ns)
 	namespace_unlock();
 	free_mnt_ns(ns);
 }
+EXPORT_SYMBOL(put_mnt_ns);

 struct vfsmount *kern_mount_data(struct file_system_type *type, void *data)
 {
diff --git a/include/linux/nsproxy.h b/include/linux/nsproxy.h
index 9d529ab..380e750 100644
--- a/include/linux/nsproxy.h
+++ b/include/linux/nsproxy.h
@@ -62,6 +62,7 @@ static inline struct nsproxy *task_nsproxy(struct task_struct *tsk)
 	return rcu_dereference(tsk->nsproxy);
 }

+struct nsproxy *duplicate_nsproxy(struct nsproxy *nsproxy);
 int copy_namespaces(unsigned long flags, struct task_struct *tsk, int force_admin);
 void exit_task_namespaces(struct task_struct *tsk);
 void switch_task_namespaces(struct task_struct *tsk, struct nsproxy *new);
diff --git a/include/linux/ve.h b/include/linux/ve.h
index 6637dd5..3474540 100644
--- a/include/linux/ve.h
+++ b/include/linux/ve.h
@@ -130,6 +130,8 @@ struct ve_struct {
 #if IS_ENABLED(CONFIG_DEVTMPFS)
 	struct path		devtmpfs_root;
 #endif
+
+	void			*lve;
 };

 #define VE_MEMINFO_DEFAULT      1       /* default behaviour */
diff --git a/kernel/bc/beancounter.c b/kernel/bc/beancounter.c
index 417e2c0..362cf4e 100644
--- a/kernel/bc/beancounter.c
+++ b/kernel/bc/beancounter.c
@@ -400,6 +400,7 @@ struct user_beancounter *get_beancounter_by_name(const char *name, int create)
 	cgroup_kernel_close(cg);
 	return ub;
 }
+EXPORT_SYMBOL(get_beancounter_by_name);

 struct user_beancounter *get_beancounter_byuid(uid_t uid, int create)
 {
@@ -408,6 +409,7 @@ struct user_beancounter *get_beancounter_byuid(uid_t uid, int create)
 	snprintf(name, sizeof(name), "%u", uid);
 	return get_beancounter_by_name(name, create);
 }
+EXPORT_SYMBOL(get_beancounter_byuid);

 uid_t ub_legacy_id(struct user_beancounter *ub)
 {
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index ce08ef9..dda4b79 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -5158,7 +5158,7 @@ void __css_put(struct cgroup_subsys_state *css)
 	if (v == 0)
 		queue_work(cgroup_destroy_wq, &css->dput_work);
 }
-EXPORT_SYMBOL_GPL(__css_put);
+EXPORT_SYMBOL(__css_put);

 /*
  * Notify userspace when a cgroup is released, by running the
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index 875cb82..71dc279 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -26,6 +26,8 @@
 #include <linux/file.h>
 #include <linux/syscalls.h>

+#include "../fs/mount.h"
+
 static struct kmem_cache *nsproxy_cachep;

 struct nsproxy init_nsproxy = {
@@ -59,6 +61,21 @@ static inline struct nsproxy *create_nsproxy(void)
 	return nsproxy;
 }

+struct nsproxy *duplicate_nsproxy(struct nsproxy *nsproxy)
+{
+	struct nsproxy *ns = create_nsproxy();
+	if (ns) {
+		*ns = *nsproxy;
+		atomic_set(&ns->count, 1);
+		get_uts_ns(ns->uts_ns);
+		get_ipc_ns(ns->ipc_ns);
+		get_mnt_ns(ns->mnt_ns);
+		get_pid_ns(ns->pid_ns);
+		get_net(ns->net_ns);
+	}
+	return ns;
+}
+
 /*
  * Create new nsproxy and all of its the associated namespaces.
  * Return the newly created nsproxy.  Do not attach this to the task,
diff --git a/kernel/pid.c b/kernel/pid.c
index 2e11ac4..fe178dd 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -495,6 +495,7 @@ struct task_struct *find_task_by_vpid(pid_t vnr)
 {
 	return find_task_by_pid_ns(vnr, task_active_pid_ns(current));
 }
+EXPORT_SYMBOL(find_task_by_vpid);

 struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
 {
--
1.9.1

From 45c6976de863b8b746e3fe2353d800037cdfc97d Mon Sep 17 00:00:00 2001
From: root <root@localhost.localdomain>
Date: Sun, 28 Dec 2014 17:31:27 -0500
Subject: [PATCH 03/10] CL7: remove unnecessary export

---
 fs/fs_struct.c          | 1 -
 fs/namespace.c          | 1 -
 kernel/bc/beancounter.c | 2 --
 kernel/pid.c            | 1 -
 4 files changed, 5 deletions(-)

diff --git a/fs/fs_struct.c b/fs/fs_struct.c
index 296406b..339934e 100644
--- a/fs/fs_struct.c
+++ b/fs/fs_struct.c
@@ -90,7 +90,6 @@ void free_fs_struct(struct fs_struct *fs)
 	path_put(&fs->pwd);
 	kmem_cache_free(fs_cachep, fs);
 }
-EXPORT_SYMBOL(free_fs_struct);

 void exit_fs(struct task_struct *tsk)
 {
diff --git a/fs/namespace.c b/fs/namespace.c
index 942ba23..aff3577 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2769,7 +2769,6 @@ void put_mnt_ns(struct mnt_namespace *ns)
 	namespace_unlock();
 	free_mnt_ns(ns);
 }
-EXPORT_SYMBOL(put_mnt_ns);

 struct vfsmount *kern_mount_data(struct file_system_type *type, void *data)
 {
diff --git a/kernel/bc/beancounter.c b/kernel/bc/beancounter.c
index 362cf4e..417e2c0 100644
--- a/kernel/bc/beancounter.c
+++ b/kernel/bc/beancounter.c
@@ -400,7 +400,6 @@ struct user_beancounter *get_beancounter_by_name(const char *name, int create)
 	cgroup_kernel_close(cg);
 	return ub;
 }
-EXPORT_SYMBOL(get_beancounter_by_name);

 struct user_beancounter *get_beancounter_byuid(uid_t uid, int create)
 {
@@ -409,7 +408,6 @@ struct user_beancounter *get_beancounter_byuid(uid_t uid, int create)
 	snprintf(name, sizeof(name), "%u", uid);
 	return get_beancounter_by_name(name, create);
 }
-EXPORT_SYMBOL(get_beancounter_byuid);

 uid_t ub_legacy_id(struct user_beancounter *ub)
 {
diff --git a/kernel/pid.c b/kernel/pid.c
index fe178dd..2e11ac4 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -495,7 +495,6 @@ struct task_struct *find_task_by_vpid(pid_t vnr)
 {
 	return find_task_by_pid_ns(vnr, task_active_pid_ns(current));
 }
-EXPORT_SYMBOL(find_task_by_vpid);

 struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
 {
--
1.9.1

From 6c97e5018c74b81a2fa79f7e5dd1d3ce73251044 Mon Sep 17 00:00:00 2001
From: root <root@localhost.localdomain>
Date: Mon, 29 Dec 2014 17:11:14 -0500
Subject: [PATCH 04/10] CL7: drop GPL license

---
 kernel/lockdep.c  | 24 ++++++++++++------------
 kernel/rcupdate.c | 26 +++++++++++++-------------
 kernel/rcutree.c  |  2 +-
 3 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/kernel/lockdep.c b/kernel/lockdep.c
index c3de86d..919f121 100644
--- a/kernel/lockdep.c
+++ b/kernel/lockdep.c
@@ -2998,7 +2998,7 @@ void lockdep_init_map(struct lockdep_map *lock, const char *name,
 EXPORT_SYMBOL(lockdep_init_map);

 struct lock_class_key __lockdep_no_validate__;
-EXPORT_SYMBOL_GPL(__lockdep_no_validate__);
+EXPORT_SYMBOL(__lockdep_no_validate__);

 static int
 print_lock_nested_lock_not_held(struct task_struct *curr,
@@ -3578,7 +3578,7 @@ void lock_set_class(struct lockdep_map *lock, const char *name,
 	current->lockdep_recursion = 0;
 	raw_local_irq_restore(flags);
 }
-EXPORT_SYMBOL_GPL(lock_set_class);
+EXPORT_SYMBOL(lock_set_class);

 /*
  * We are not always called with irqs disabled - do that here,
@@ -3603,7 +3603,7 @@ void lock_acquire(struct lockdep_map *lock, unsigned int subclass,
 	current->lockdep_recursion = 0;
 	raw_local_irq_restore(flags);
 }
-EXPORT_SYMBOL_GPL(lock_acquire);
+EXPORT_SYMBOL(lock_acquire);

 void lock_release(struct lockdep_map *lock, int nested,
 			  unsigned long ip)
@@ -3621,7 +3621,7 @@ void lock_release(struct lockdep_map *lock, int nested,
 	current->lockdep_recursion = 0;
 	raw_local_irq_restore(flags);
 }
-EXPORT_SYMBOL_GPL(lock_release);
+EXPORT_SYMBOL(lock_release);

 int lock_is_held(struct lockdep_map *lock)
 {
@@ -3641,7 +3641,7 @@ int lock_is_held(struct lockdep_map *lock)

 	return ret;
 }
-EXPORT_SYMBOL_GPL(lock_is_held);
+EXPORT_SYMBOL(lock_is_held);

 void lockdep_set_current_reclaim_state(gfp_t gfp_mask)
 {
@@ -3814,7 +3814,7 @@ void lock_contended(struct lockdep_map *lock, unsigned long ip)
 	current->lockdep_recursion = 0;
 	raw_local_irq_restore(flags);
 }
-EXPORT_SYMBOL_GPL(lock_contended);
+EXPORT_SYMBOL(lock_contended);

 void lock_acquired(struct lockdep_map *lock, unsigned long ip)
 {
@@ -3833,7 +3833,7 @@ void lock_acquired(struct lockdep_map *lock, unsigned long ip)
 	current->lockdep_recursion = 0;
 	raw_local_irq_restore(flags);
 }
-EXPORT_SYMBOL_GPL(lock_acquired);
+EXPORT_SYMBOL(lock_acquired);
 #endif

 /*
@@ -4088,7 +4088,7 @@ void debug_check_no_locks_freed(const void *mem_from, unsigned long mem_len)
 	}
 	local_irq_restore(flags);
 }
-EXPORT_SYMBOL_GPL(debug_check_no_locks_freed);
+EXPORT_SYMBOL(debug_check_no_locks_freed);

 static void print_held_locks_bug(void)
 {
@@ -4113,7 +4113,7 @@ void debug_check_no_locks_held(void)
 	if (unlikely(current->lockdep_depth > 0))
 		print_held_locks_bug();
 }
-EXPORT_SYMBOL_GPL(debug_check_no_locks_held);
+EXPORT_SYMBOL(debug_check_no_locks_held);

 void debug_show_all_locks(void)
 {
@@ -4171,7 +4171,7 @@ retry:
 	if (unlock)
 		read_unlock(&tasklist_lock);
 }
-EXPORT_SYMBOL_GPL(debug_show_all_locks);
+EXPORT_SYMBOL(debug_show_all_locks);

 /*
  * Careful: only use this function if you are sure that
@@ -4185,7 +4185,7 @@ void debug_show_held_locks(struct task_struct *task)
 	}
 	lockdep_print_held_locks(task);
 }
-EXPORT_SYMBOL_GPL(debug_show_held_locks);
+EXPORT_SYMBOL(debug_show_held_locks);

 void lockdep_sys_exit(void)
 {
@@ -4254,4 +4254,4 @@ void lockdep_rcu_suspicious(const char *file, const int line, const char *s)
 	printk("\nstack backtrace:\n");
 	dump_stack();
 }
-EXPORT_SYMBOL_GPL(lockdep_rcu_suspicious);
+EXPORT_SYMBOL(lockdep_rcu_suspicious);
diff --git a/kernel/rcupdate.c b/kernel/rcupdate.c
index 48ab703..3fab23e 100644
--- a/kernel/rcupdate.c
+++ b/kernel/rcupdate.c
@@ -67,7 +67,7 @@ void __rcu_read_lock(void)
 	current->rcu_read_lock_nesting++;
 	barrier();  /* critical section after entry code. */
 }
-EXPORT_SYMBOL_GPL(__rcu_read_lock);
+EXPORT_SYMBOL(__rcu_read_lock);

 /*
  * Preemptible RCU implementation for rcu_read_unlock().
@@ -102,7 +102,7 @@ void __rcu_read_unlock(void)
 	}
 #endif /* #ifdef CONFIG_PROVE_LOCKING */
 }
-EXPORT_SYMBOL_GPL(__rcu_read_unlock);
+EXPORT_SYMBOL(__rcu_read_unlock);

 /*
  * Check for a task exiting while in a preemptible-RCU read-side
@@ -134,17 +134,17 @@ void exit_rcu(void)
 static struct lock_class_key rcu_lock_key;
 struct lockdep_map rcu_lock_map =
 	STATIC_LOCKDEP_MAP_INIT("rcu_read_lock", &rcu_lock_key);
-EXPORT_SYMBOL_GPL(rcu_lock_map);
+EXPORT_SYMBOL(rcu_lock_map);

 static struct lock_class_key rcu_bh_lock_key;
 struct lockdep_map rcu_bh_lock_map =
 	STATIC_LOCKDEP_MAP_INIT("rcu_read_lock_bh", &rcu_bh_lock_key);
-EXPORT_SYMBOL_GPL(rcu_bh_lock_map);
+EXPORT_SYMBOL(rcu_bh_lock_map);

 static struct lock_class_key rcu_sched_lock_key;
 struct lockdep_map rcu_sched_lock_map =
 	STATIC_LOCKDEP_MAP_INIT("rcu_read_lock_sched", &rcu_sched_lock_key);
-EXPORT_SYMBOL_GPL(rcu_sched_lock_map);
+EXPORT_SYMBOL(rcu_sched_lock_map);
 #endif

 #ifdef CONFIG_DEBUG_LOCK_ALLOC
@@ -154,7 +154,7 @@ int debug_lockdep_rcu_enabled(void)
 	return rcu_scheduler_active && debug_locks &&
 	       current->lockdep_recursion == 0;
 }
-EXPORT_SYMBOL_GPL(debug_lockdep_rcu_enabled);
+EXPORT_SYMBOL(debug_lockdep_rcu_enabled);

 /**
  * rcu_read_lock_bh_held() - might we be in RCU-bh read-side critical section?
@@ -181,7 +181,7 @@ int rcu_read_lock_bh_held(void)
 		return 0;
 	return in_softirq() || irqs_disabled();
 }
-EXPORT_SYMBOL_GPL(rcu_read_lock_bh_held);
+EXPORT_SYMBOL(rcu_read_lock_bh_held);

 #endif /* #ifdef CONFIG_DEBUG_LOCK_ALLOC */

@@ -214,7 +214,7 @@ void wait_rcu_gp(call_rcu_func_t crf)
 	wait_for_completion(&rcu.completion);
 	destroy_rcu_head_on_stack(&rcu.head);
 }
-EXPORT_SYMBOL_GPL(wait_rcu_gp);
+EXPORT_SYMBOL(wait_rcu_gp);

 #ifdef CONFIG_PROVE_RCU
 /*
@@ -224,7 +224,7 @@ int rcu_my_thread_group_empty(void)
 {
 	return thread_group_empty(current);
 }
-EXPORT_SYMBOL_GPL(rcu_my_thread_group_empty);
+EXPORT_SYMBOL(rcu_my_thread_group_empty);
 #endif /* #ifdef CONFIG_PROVE_RCU */

 #ifdef CONFIG_DEBUG_OBJECTS_RCU_HEAD
@@ -375,7 +375,7 @@ void init_rcu_head_on_stack(struct rcu_head *head)
 {
 	debug_object_init_on_stack(head, &rcuhead_debug_descr);
 }
-EXPORT_SYMBOL_GPL(init_rcu_head_on_stack);
+EXPORT_SYMBOL(init_rcu_head_on_stack);

 /**
  * destroy_rcu_head_on_stack() - destroy on-stack rcu_head for debugobjects
@@ -392,7 +392,7 @@ void destroy_rcu_head_on_stack(struct rcu_head *head)
 {
 	debug_object_free(head, &rcuhead_debug_descr);
 }
-EXPORT_SYMBOL_GPL(destroy_rcu_head_on_stack);
+EXPORT_SYMBOL(destroy_rcu_head_on_stack);

 struct debug_obj_descr rcuhead_debug_descr = {
 	.name = "rcu_head",
@@ -400,7 +400,7 @@ struct debug_obj_descr rcuhead_debug_descr = {
 	.fixup_activate = rcuhead_fixup_activate,
 	.fixup_free = rcuhead_fixup_free,
 };
-EXPORT_SYMBOL_GPL(rcuhead_debug_descr);
+EXPORT_SYMBOL(rcuhead_debug_descr);
 #endif /* #ifdef CONFIG_DEBUG_OBJECTS_RCU_HEAD */

 #if defined(CONFIG_TREE_RCU) || defined(CONFIG_TREE_PREEMPT_RCU) || defined(CONFIG_RCU_TRACE)
@@ -410,7 +410,7 @@ void do_trace_rcu_torture_read(char *rcutorturename, struct rcu_head *rhp,
 {
 	trace_rcu_torture_read(rcutorturename, rhp, secs, c_old, c);
 }
-EXPORT_SYMBOL_GPL(do_trace_rcu_torture_read);
+EXPORT_SYMBOL(do_trace_rcu_torture_read);
 #else
 #define do_trace_rcu_torture_read(rcutorturename, rhp, secs, c_old, c) \
 	do { } while (0)
diff --git a/kernel/rcutree.c b/kernel/rcutree.c
index 3538001..6d70ad5 100644
--- a/kernel/rcutree.c
+++ b/kernel/rcutree.c
@@ -725,7 +725,7 @@ bool rcu_lockdep_current_cpu_online(void)
 	preempt_enable();
 	return ret;
 }
-EXPORT_SYMBOL_GPL(rcu_lockdep_current_cpu_online);
+EXPORT_SYMBOL(rcu_lockdep_current_cpu_online);

 #endif /* #if defined(CONFIG_PROVE_RCU) && defined(CONFIG_HOTPLUG_CPU) */

--
1.9.1

From 9408c483e21c848af4029861721f7c43acf597f3 Mon Sep 17 00:00:00 2001
From: Andrew Perepechko <panda@cloudlinux.com>
Date: Thu, 22 Jan 2015 14:16:27 +0300
Subject: [PATCH 06/10] the patch fixes double I/O accounting for iolimits

---
 mm/page-writeback.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/page-writeback.c b/mm/page-writeback.c
index 0ae8d31..b0f33bf 100644
--- a/mm/page-writeback.c
+++ b/mm/page-writeback.c
@@ -2039,7 +2039,7 @@ void account_page_dirtied(struct page *page, struct address_space *mapping)
 		__inc_zone_page_state(page, NR_DIRTIED);
 		__inc_bdi_stat(mapping->backing_dev_info, BDI_RECLAIMABLE);
 		__inc_bdi_stat(mapping->backing_dev_info, BDI_DIRTIED);
-		task_io_account_write(PAGE_CACHE_SIZE);
+		task_io_account_dirty(PAGE_CACHE_SIZE);
 		current->nr_dirtied++;
 		this_cpu_inc(bdp_ratelimits);
 	}
--
1.9.1

From 3fd6eaf48887c3eb504178b428e5968e2facdcac Mon Sep 17 00:00:00 2001
From: Andrew Perepechko <panda@cloudlinux.com>
Date: Thu, 29 Jan 2015 16:55:17 +0300
Subject: [PATCH 07/10] VIRTINFO_EXEC support

---
 fs/exec.c                | 4 ++++
 include/linux/virtinfo.h | 1 +
 2 files changed, 5 insertions(+)

diff --git a/fs/exec.c b/fs/exec.c
index bb06152..2de8157 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -858,6 +858,10 @@ static int exec_mmap(struct linux_binprm *bprm)
 	struct task_struct *tsk;
 	struct mm_struct *old_mm, *active_mm, *mm;

+	if (virtinfo_notifier_call(VITYPE_GENERAL, VIRTINFO_EXEC,
+				   bprm) & NOTIFY_FAIL)
+		return -EPERM;
+
 	/* Notify parent that we're no longer interested in the old VM */
 	tsk = current;
 	old_mm = current->mm;
diff --git a/include/linux/virtinfo.h b/include/linux/virtinfo.h
index e8cb94c..52c1051 100644
--- a/include/linux/virtinfo.h
+++ b/include/linux/virtinfo.h
@@ -63,6 +63,7 @@ int meminfo_proc_show_ub(struct seq_file *m, void *v,
 #define VIRTINFO_SYSINFO	2
 #define VIRTINFO_VMSTAT		3
 #define VIRTINFO_OOMKILL	4
+#define VIRTINFO_EXEC		5

 #define VIRTINFO_IO_ACCOUNT	0
 #define VIRTINFO_IO_PREPARE	1
--
1.9.1

From ab53a38a812bee656ac1982d35a26e3f91f93107 Mon Sep 17 00:00:00 2001
From: Andrew Perepechko <panda@cloudlinux.com>
Date: Thu, 29 Jan 2015 22:48:38 +0300
Subject: [PATCH 08/10] set ubc_ioprio to 0

ubc_ioprio=1 breaks enter-on-exec functionality
by ub_attach_task -> ub_blkio_cgroup_attach_task ->
cgroup_kernel_open(blkio_cgroup_root...) = -EACCES.

We also do not need blkio functionality, as we
implement our own I/O throttling.
---
 kernel/bc/beancounter.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/bc/beancounter.c b/kernel/bc/beancounter.c
index 417e2c0..18ccbf8 100644
--- a/kernel/bc/beancounter.c
+++ b/kernel/bc/beancounter.c
@@ -81,7 +81,7 @@ const char *ub_rnames[] = {

 unsigned int ub_dcache_threshold __read_mostly = 4 * 1024; /* ~7Mb per container */

-static int ubc_ioprio = 1;
+static int ubc_ioprio = 0;

 /* default maximum perpcu resources precharge */
 int ub_resource_precharge[UB_RESOURCES] = {
--
1.9.1

From 8e07d85e02dcda67174f054f1a2018b2e7a354a0 Mon Sep 17 00:00:00 2001
From: Alexey Lyashkov <alexey_lyashkov@xyratex.com>
Date: Thu, 22 Jan 2015 16:10:57 -0500
Subject: [PATCH 09/10] Hide proc directories from user

The commit combines next commits from CL6:
1. 5b746e8 Hide proc directories from user
2. 80fdaee /proc/cpuinfo should be visible to everyone
3. dd66bde Root can see all proc elements in all cases inspite off
           proc_super_gid value
4. 8ffdd6c add proc_can_see_other_uid to sysctl tree.
5. a84b463 add fs.proc_can_see_other_uid and super gid

Signed-off-by: Vladimir Meshkov <vmeshkov@cloudlinux.com>
---
 fs/proc/base.c          | 19 ++++++++++++++++-
 fs/proc/generic.c       | 56 +++++++++++++++++++++++++++++++++++++++++++------
 include/linux/proc_fs.h |  1 +
 kernel/sysctl.c         | 17 +++++++++++++++
 4 files changed, 86 insertions(+), 7 deletions(-)

diff --git a/fs/proc/base.c b/fs/proc/base.c
index cc5b876..7d946ac 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2951,6 +2951,9 @@ out:
 	return result;
 }

+int proc_can_see_other_uid = 1;
+gid_t proc_super_gid = 0;
+
 /*
  * Find the first task with tgid >= tgid
  *
@@ -2962,6 +2965,9 @@ struct tgid_iter {
 static struct tgid_iter next_tgid(struct pid_namespace *ns, struct tgid_iter iter)
 {
 	struct pid *pid;
+	kgid_t proc_super_kgid;
+	kuid_t cur_euid;
+	kuid_t tsk_euid;

 	if (iter.task)
 		put_task_struct(iter.task);
@@ -2970,8 +2976,19 @@ retry:
 	iter.task = NULL;
 	pid = find_ge_pid(iter.tgid, ns);
 	if (pid) {
-		iter.tgid = pid_nr_ns(pid, ns);
+		proc_super_kgid = make_kgid(current_user_ns(), proc_super_gid);
 		iter.task = pid_task(pid, PIDTYPE_PID);
+		cur_euid = current_euid();
+		if (iter.task != NULL) {
+			tsk_euid = task_euid(iter.task);
+			if (!proc_can_see_other_uid && !capable(CAP_SYS_RESOURCE) &&
+				!(proc_super_gid && in_group_p(proc_super_kgid)) &&
+				!uid_eq(cur_euid, tsk_euid))
+				iter.task = NULL;
+		}
+
+		iter.tgid = pid_nr_ns(pid, ns);
+
 		/* What we to know is if the pid we have find is the
 		 * pid of a thread_group_leader.  Testing for task
 		 * being a thread_group_leader is the obvious thing
diff --git a/fs/proc/generic.c b/fs/proc/generic.c
index e6c3eae..46d5ecd 100644
--- a/fs/proc/generic.c
+++ b/fs/proc/generic.c
@@ -27,6 +27,8 @@

 #include "internal.h"

+static kgid_t proc_super_kgid;
+
 DEFINE_SPINLOCK(proc_subdir_lock);

 static int proc_match(unsigned int len, const char *name, struct proc_dir_entry *de)
@@ -204,6 +206,41 @@ static const struct dentry_operations proc_dentry_operations =
 	.d_delete	= proc_delete_dentry,
 };

+static char *names_white_list[] = {"version", "stat", "uptime",
+"loadavg", "filesystems", "stat", "cmdline", "meminfo", "mounts", "tcp",
+"tcp6", "udp", "udp6", "assocs", "raw", "raw6", "unix", "dev",
+"net", "cpuinfo" //access to /proc/net/tcp, tcp6, udp, udp6, assocs, raw, raw6, unix
+};
+static int names_white_list_sizes[ARRAY_SIZE(names_white_list)];
+static int is_white_list_initialized = 0;
+
+static int proc_check_access(const char *name, int namelen)
+{
+	int i;
+
+	if (!is_white_list_initialized) {
+		for (i = 0; i < ARRAY_SIZE(names_white_list); i++)
+			names_white_list_sizes[i] = strlen(names_white_list[i]);
+			is_white_list_initialized = 1;
+	}
+
+	for (i = 0; i < ARRAY_SIZE(names_white_list); i++) {
+		if (namelen != names_white_list_sizes[i])
+			continue;
+		if (memcmp(name, names_white_list[i], namelen))
+			continue;
+		return 1;
+	}
+
+	return 0;
+}
+
+extern gid_t proc_super_gid;
+#define PDE_IS_NOT_ACCESSIBLY(de)      (!in_group_p(proc_super_kgid) \
+											&& !de->access \
+											&& !capable(CAP_SYS_RESOURCE))
+#define PDE_IS_ACCESSIBLY(de)          (!PDE_IS_NOT_ACCESSIBLY(de))
+
 /*
  * Don't create negative dentries here, return -ENOENT by hand
  * instead.
@@ -221,6 +258,9 @@ struct dentry *proc_lookup_de(struct proc_dir_entry *de, struct inode *dir,
 		if (in_container && !(de->mode & S_ISVTX))
 			continue;
 		if (!memcmp(dentry->d_name.name, de->name, de->namelen)) {
+			proc_super_kgid = make_kgid(current_user_ns(), proc_super_gid);
+			if (de && PDE_IS_NOT_ACCESSIBLY(de))
+				return NULL;
 			pde_get(de);
 			spin_unlock(&proc_subdir_lock);
 			inode = proc_get_inode(dir->i_sb, de);
@@ -259,6 +299,7 @@ int proc_readdir_de(struct proc_dir_entry *de, struct file *filp, void *dirent,
 	int ret = 0;
 	bool in_container = proc_in_container(filp->f_path.dentry->d_sb);

+	proc_super_kgid = make_kgid(current_user_ns(), proc_super_gid);
 	ino = inode->i_ino;
 	i = filp->f_pos;
 	switch (i) {
@@ -304,13 +345,15 @@ int proc_readdir_de(struct proc_dir_entry *de, struct file *filp, void *dirent,

 				/* filldir passes info to user space */
 				pde_get(de);
-				spin_unlock(&proc_subdir_lock);
-				if (filldir(dirent, de->name, de->namelen, filp->f_pos,
-					    de->low_ino, de->mode >> 12) < 0) {
-					pde_put(de);
-					goto out;
+				if (PDE_IS_ACCESSIBLY(de)) {
+					spin_unlock(&proc_subdir_lock);
+					if (filldir(dirent, de->name, de->namelen, filp->f_pos,
+						de->low_ino, de->mode >> 12) < 0) {
+						pde_put(de);
+						goto out;
+					}
+					spin_lock(&proc_subdir_lock);
 				}
-				spin_lock(&proc_subdir_lock);
 				filp->f_pos++;
 				next = de->next;
 				pde_put(de);
@@ -426,6 +469,7 @@ static struct proc_dir_entry *__proc_create(struct proc_dir_entry **parent,
 	atomic_set(&ent->count, 1);
 	spin_lock_init(&ent->pde_unload_lock);
 	INIT_LIST_HEAD(&ent->pde_openers);
+	ent->access = proc_check_access(name, len);
 out:
 	return ent;
 }
diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
index 3ad9873..74d3410 100644
--- a/include/linux/proc_fs.h
+++ b/include/linux/proc_fs.h
@@ -25,6 +25,7 @@ struct proc_dir_entry {
 	struct list_head pde_openers;	/* who did ->open, but not ->release */
 	spinlock_t pde_unload_lock; /* proc_fops checks and pde_users bumps */
 	u8 namelen;
+	int access;
 	char name[];
 };

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index e7e1dce..80d3349 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -1521,6 +1521,9 @@ static struct ctl_table binfmt_misc_table[] = {
 };
 #endif

+extern int proc_can_see_other_uid; /* fs/procfs/ */
+extern gid_t proc_super_gid;
+
 static struct ctl_table fs_table[] = {
 	{
 		.procname	= "relatime_interval",
@@ -1699,6 +1702,20 @@ static struct ctl_table fs_table[] = {
 		.proc_handler	= &pipe_proc_fn,
 		.extra1		= &pipe_min_size,
 	},
+	{
+		.procname	= "proc_can_see_other_uid",
+		.mode		= 0600,
+		.data		= &proc_can_see_other_uid,
+		.maxlen		= sizeof(proc_can_see_other_uid),
+		.proc_handler	= &proc_dointvec,
+	},
+	{
+		.procname	= "proc_super_gid",
+		.mode		= 0600,
+		.data		= &proc_super_gid,
+		.maxlen		= sizeof(proc_super_gid),
+		.proc_handler	= &proc_dointvec,
+	},
 	{ }
 };

--
1.9.1

From 0000a05e09b6ff583650fb70c7b685f801050f81 Mon Sep 17 00:00:00 2001
From: Sergey Cherementsev <cherementsev@cloudlinux.com>
Date: Thu, 29 Jan 2015 09:12:31 -0500
Subject: [PATCH 10/10] Symlink owner handler

The patch has been ported from CL6, commit e3488488

Signed-off-by: Vladimir Meshkov <vmeshkov@cloudlinux.com>
---
 fs/Kconfig      | 25 +++++++++++++++++++++++++
 fs/namei.c      | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 kernel/sysctl.c | 21 +++++++++++++++++++++
 3 files changed, 95 insertions(+)

diff --git a/fs/Kconfig b/fs/Kconfig
index eaf7c12..38281e2 100644
--- a/fs/Kconfig
+++ b/fs/Kconfig
@@ -4,6 +4,31 @@

 menu "File systems"

+config SYMLINKOWN
+	bool
+	default y
+	help
+		Apache's SymlinksIfOwnerMatch option has an inherent race condition
+		that prevents it from being used as a security feature.  As Apache
+		verifies the symlink by performing a stat() against the target of
+		the symlink before it is followed, an attacker can setup a symlink
+		to point to a same-owned file, then replace the symlink with one
+		that targets another user's file just after Apache "validates" the
+		symlink -- a classic TOCTOU race.  If you say Y here, a complete,
+		race-free replacement for Apache's "SymlinksIfOwnerMatch" option
+		will be in place for the group you specify. If the sysctl option
+		is enabled, a sysctl option with name "enforce_symlinksifowner" is
+		created.
+
+config SYMLINKOWN_GID
+	int "GID for users with kernel-enforced SymlinksIfOwnerMatch"
+	depends on SYMLINKOWN
+	default 1006
+	help
+		Setting this GID determines what group kernel-enforced
+		SymlinksIfOwnerMatch will be enabled for. If the sysctl option
+		is enabled, a sysctl option with name "symlinkown_gid" is created.
+
 # Use unaligned word dcache accesses
 config DCACHE_WORD_ACCESS
        bool
diff --git a/fs/namei.c b/fs/namei.c
index 5b01462..07336b2 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -130,6 +130,9 @@ void final_putname(struct filename *name)

 #define EMBEDDED_NAME_MAX	(PATH_MAX - sizeof(struct filename))

+static int
+handle_symlink_owner(const struct path *link, const struct inode *target);
+
 static struct filename *
 getname_flags(const char __user *filename, int flags, int *empty)
 {
@@ -880,6 +883,10 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
 			put_link(nd, link, *p);
 	}

+	if (!error && !(nd->flags & LOOKUP_PARENT) &&
+		handle_symlink_owner(link, nd->path.dentry->d_inode))
+		error = -EACCES;
+
 	return error;

 out_put_nd_path:
@@ -1771,6 +1778,48 @@ static inline unsigned long hash_name(const char *name, unsigned int *hashp)

 #endif

+#ifdef CONFIG_SYMLINKOWN
+int enable_symlinkown = 1;
+gid_t symlinkown_gid = CONFIG_SYMLINKOWN_GID;
+#endif
+
+static int
+handle_symlink_owner(const struct path *link, const struct inode *target)
+{
+#ifdef CONFIG_SYMLINKOWN
+	const struct inode *link_inode = link->dentry->d_inode;
+	const struct cred *cred;
+	kgid_t symlinkown_kgid = make_kgid(current_user_ns(), symlinkown_gid);
+	int ngroups;
+
+	if (enable_symlinkown && target && link_inode &&
+		uid_valid(link_inode->i_uid) &&
+		!uid_eq(link_inode->i_uid, target->i_uid)) {
+		if (enable_symlinkown == 1) {
+			if (in_group_p(symlinkown_kgid))
+				goto eacces;
+		} else {
+			cred = current_cred();
+			ngroups = cred->group_info->ngroups;
+			if (ngroups && gid_gt(GROUP_AT(cred->group_info,
+				ngroups - 1), symlinkown_kgid))
+				goto eacces;
+			if (gid_gt(cred->fsgid, symlinkown_kgid))
+				goto eacces;
+		}
+		return 0;
+eacces:
+		if (printk_ratelimit())
+			printk(KERN_DEBUG "access denied %p uid %u target uid %u!\n",
+				link->dentry,
+				from_kuid(current_user_ns(), link_inode->i_uid),
+				from_kuid(current_user_ns(), target->i_uid));
+		return -EACCES;
+	}
+#endif
+	return 0;
+}
+
 /*
  * Name resolution.
  * This is the basic name resolution function, turning a pathname into
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 80d3349..9c2eb34 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -188,6 +188,11 @@ static int proc_dostring_coredump(struct ctl_table *table, int write,
 		void __user *buffer, size_t *lenp, loff_t *ppos);
 #endif

+#ifdef CONFIG_SYMLINKOWN
+extern int enable_symlinkown;
+extern gid_t symlinkown_gid;
+#endif
+
 #ifdef CONFIG_MAGIC_SYSRQ
 /* Note: sysrq code uses it's own private copy */
 static int __sysrq_enabled = SYSRQ_DEFAULT_ENABLE;
@@ -1716,6 +1721,22 @@ static struct ctl_table fs_table[] = {
 		.maxlen		= sizeof(proc_super_gid),
 		.proc_handler	= &proc_dointvec,
 	},
+#ifdef CONFIG_SYMLINKOWN
+	{
+		.procname	= "enforce_symlinksifowner",
+		.mode		= 0600,
+		.data		= &enable_symlinkown,
+		.maxlen		= sizeof(enable_symlinkown),
+		.proc_handler   = &proc_dointvec,
+	},
+	{
+		.procname	= "symlinkown_gid",
+		.mode		= 0600,
+		.data		= &symlinkown_gid,
+		.maxlen		= sizeof(symlinkown_gid),
+		.proc_handler	= &proc_dointvec,
+	},
+#endif
 	{ }
 };

--
1.9.1

diff --git a/fs/proc/generic.c b/fs/proc/generic.c
index 46d5ecd..b14ac43 100644
--- a/fs/proc/generic.c
+++ b/fs/proc/generic.c
@@ -259,8 +259,10 @@ struct dentry *proc_lookup_de(struct proc_dir_entry *de, struct inode *dir,
 			continue;
 		if (!memcmp(dentry->d_name.name, de->name, de->namelen)) {
 			proc_super_kgid = make_kgid(current_user_ns(), proc_super_gid);
-			if (de && PDE_IS_NOT_ACCESSIBLY(de))
+			if (de && PDE_IS_NOT_ACCESSIBLY(de)) {
+				spin_unlock(&proc_subdir_lock);
 				return NULL;
+			}
 			pde_get(de);
 			spin_unlock(&proc_subdir_lock);
 			inode = proc_get_inode(dir->i_sb, de);
From 66bf59df7e5bbd73ade2d85d1909be68469af8b9 Mon Sep 17 00:00:00 2001
From: Andrew Perepechko <panda@cloudlinux.com>
Date: Fri, 20 Mar 2015 21:38:26 +0300
Subject: [PATCH 12/12] IOPS accounting support for noop and as

---
 block/cfq-iosched.c      | 3 +++
 block/deadline-iosched.c | 3 +++
 block/noop-iosched.c     | 2 ++
 3 files changed, 8 insertions(+)

diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c
index c410752..2fe3e75 100644
--- a/block/cfq-iosched.c
+++ b/block/cfq-iosched.c
@@ -14,6 +14,7 @@
 #include <linux/rbtree.h>
 #include <linux/ioprio.h>
 #include <linux/blktrace_api.h>
+#include <linux/virtinfo.h>
 #include "blk.h"
 #include "blk-cgroup.h"

@@ -3923,6 +3924,8 @@ static void cfq_insert_request(struct request_queue *q, struct request *rq)
 	cfqg_stats_update_io_add(RQ_CFQG(rq), cfqd->serving_group,
 				 rq->cmd_flags);
 	cfq_rq_enqueued(cfqd, cfqq, rq);
+
+	virtinfo_notifier_call_irq(VITYPE_IO, VIRTINFO_IO_OP_ACCOUNT, NULL);
 }

 /*
diff --git a/block/deadline-iosched.c b/block/deadline-iosched.c
index 20614a3..9543233 100644
--- a/block/deadline-iosched.c
+++ b/block/deadline-iosched.c
@@ -13,6 +13,7 @@
 #include <linux/init.h>
 #include <linux/compiler.h>
 #include <linux/rbtree.h>
+#include <linux/virtinfo.h>

 /*
  * See Documentation/block/deadline-iosched.txt
@@ -108,6 +109,8 @@ deadline_add_request(struct request_queue *q, struct request *rq)
 	 */
 	rq_set_fifo_time(rq, jiffies + dd->fifo_expire[data_dir]);
 	list_add_tail(&rq->queuelist, &dd->fifo_list[data_dir]);
+
+	virtinfo_notifier_call_irq(VITYPE_IO, VIRTINFO_IO_OP_ACCOUNT, NULL);
 }

 /*
diff --git a/block/noop-iosched.c b/block/noop-iosched.c
index 3de89d4..6f14f83 100644
--- a/block/noop-iosched.c
+++ b/block/noop-iosched.c
@@ -7,6 +7,7 @@
 #include <linux/module.h>
 #include <linux/slab.h>
 #include <linux/init.h>
+#include <linux/virtinfo.h>

 struct noop_data {
 	struct list_head queue;
@@ -37,6 +38,7 @@ static void noop_add_request(struct request_queue *q, struct request *rq)
 	struct noop_data *nd = q->elevator->elevator_data;

 	list_add_tail(&rq->queuelist, &nd->queue);
+	virtinfo_notifier_call_irq(VITYPE_IO, VIRTINFO_IO_OP_ACCOUNT, NULL);
 }

 static struct request *
--
1.9.1

From be2f57f5a7eaf6fd003146120623d07ea10b7b3b Mon Sep 17 00:00:00 2001
From: Andrew Perepechko <panda@cloudlinux.com>
Date: Mon, 18 May 2015 22:06:58 +0300
Subject: [PATCH] properly charge and uncharge shmem

Currently, shmem_lock immediately and
unconditionally uncharges what it has
just charged for a lock request.

This, indeed, causes a double uncharge
with something like the following:

  shmid = shmget(12345, 8192, IPC_CREAT | 0666);
  rc = shmctl(shmid, SHM_LOCK, NULL);
  shmctl(shmid, IPC_RMID, 0);

with the following in the kernel log:

[  455.815025] Uncharging too much 2 h 0, res lockedpages ub 0

Signed-off-by: Andrew Perepechko <panda@cloudlinux.com>
---
 mm/shmem.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/mm/shmem.c b/mm/shmem.c
index 41925dc..e21ce51 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -1359,11 +1359,13 @@ int shmem_lock(struct file *file, int lock, struct user_struct *user)
 		mapping_set_unevictable(file->f_mapping);
 	}
 	if (!lock && (info->flags & VM_LOCKED) && user) {
+		ub_lockedshm_uncharge(info, inode->i_size);
 		user_shm_unlock(inode->i_size, user);
 		info->flags &= ~VM_LOCKED;
 		mapping_clear_unevictable(file->f_mapping);
 	}
-	retval = 0;
+	spin_unlock(&info->lock);
+	return 0;

 out_nomem:
 	ub_lockedshm_uncharge(info, inode->i_size);
--
1.9.1

kpatch-description: kernel: splice: lack of generic write checks
kpatch-kernel: kernel-3.10.0-123.20.1.el7
kpatch-cve: CVE-2014-7822
kpatch-cvss: 4.6
kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2014-7822

diff -upr linux-3.10.0-123.13.2.el7/fs/splice.c linux-3.10.0-123.20.1.el7/fs/splice.c
--- linux-3.10.0-123.13.2.el7/fs/splice.c	2014-12-13 03:14:08.000000000 +0300
+++ linux-3.10.0-123.20.1.el7/fs/splice.c	2015-01-21 17:00:38.000000000 +0300
@@ -1098,6 +1098,7 @@ static long do_splice_from(struct pipe_i
 {
 	ssize_t (*splice_write)(struct pipe_inode_info *, struct file *,
 				loff_t *, size_t, unsigned int);
+	struct inode *inode = out->f_mapping->host;
 	int ret;

 	if (unlikely(!(out->f_mode & FMODE_WRITE)))
@@ -1110,6 +1111,10 @@ static long do_splice_from(struct pipe_i
 	if (unlikely(ret < 0))
 		return ret;

+	ret = generic_write_checks(out, ppos, &len, S_ISBLK(inode->i_mode));
+	if (ret)
+		return ret;
+
 	if (out->f_op && out->f_op->splice_write)
 		splice_write = out->f_op->splice_write;
 	else
diff --git a/include/bc/sock_orphan.h b/include/bc/sock_orphan.h
index a737d9e..a8904ea 100644
--- a/include/bc/sock_orphan.h
+++ b/include/bc/sock_orphan.h
@@ -41,13 +41,15 @@ static inline int ub_get_orphan_count(struct sock *sk)

 static inline int ub_too_many_orphans(struct sock *sk, int count)
 {
+	struct net *net = sock_net(sk);
+
 #ifdef CONFIG_BEANCOUNTERS
 	if (__ub_too_many_orphans(sk, count))
 		return 1;
 #endif
 	return (ub_get_orphan_count(sk) > sysctl_tcp_max_orphans ||
 		(sk->sk_wmem_queued > SOCK_MIN_SNDBUF &&
-		 atomic_long_read(&tcp_memory_allocated) > sysctl_tcp_mem[2]));
+		 atomic_long_read(&tcp_memory_allocated) > net->ipv4.sysctl_tcp_mem[2]));
 }

 struct inet_timewait_sock;
From 6eb2ae1c79b37c91f65a80273bda153faec34253 Mon Sep 17 00:00:00 2001
From: Dmitry Monakhov <dmonakhov@openvz.org>
Date: Tue, 9 Jun 2015 12:59:39 +0400
Subject: [PATCH] pfcache: fix path refcounting hazzard

peer's path management was broken during porting from rhel6 to rhel7

- open_mapping_peer no longer responsible for path drop on error.
- fix refcounting during race peer_open/peer_close

#TESTCASE:
VEID=101
mkdir /tmp/pfcache
mount -ttmpfs none /tmp/pfcache
vzctl create $VEID
vzctl mount $VEID
dd if=/dev/zero of=/vz/root/$VEID/bin/f1 bs=4k count=1
cp /vz/root/$VEID/bin/f1 /pfcache/1c/eaf73df40e531df3bfb26b4fb7cd95fb7bff1d
vzctl umount $VEID
mount /vz/root/$VEID -oremount,balloon_ino=12,pfcache_csum,pfcache=/tmp/pfcache
stat /vz/root/$VEID/bin/f1 | echo FAIL
vzctl umount $VEID
umount /tmp/pfcache || echo FAIL

Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
Acked-by: Andrew Vagin <avagin@odin.com>
Reported-by: Oleksiy Shchukin <oshchukin@cloudlinux.com>
---
 fs/ext4/pfcache.c | 2 +-
 mm/memory.c       | 7 +------
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/fs/ext4/pfcache.c b/fs/ext4/pfcache.c
index 2789508..b75c26d 100644
--- a/fs/ext4/pfcache.c
+++ b/fs/ext4/pfcache.c
@@ -77,6 +77,7 @@ int ext4_open_pfcache(struct inode *inode)
 	ret = open_mapping_peer(inode->i_mapping, &path, &init_cred);
 	if (!ret)
 		percpu_counter_inc(&EXT4_SB(inode->i_sb)->s_pfcache_peers);
+	path_put(&path);
 	return ret;
 }

@@ -193,7 +194,6 @@ int ext4_relink_pfcache(struct super_block *sb, char *new_root, bool new_sb)
 		}

 		if (path.mnt) {
-			path_get(&path);
 			if (!open_mapping_peer(inode->i_mapping,
 						&path, &init_cred))
 				nr_opened++;
diff --git a/mm/memory.c b/mm/memory.c
index 2f09839..618c36c 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -4317,7 +4317,6 @@ restart:
 	if (!peer->i_peer_file) {
 		file = dentry_open(path, O_RDONLY | O_LARGEFILE, cred);
 		if (IS_ERR(file)) {
-			path_put(path);
 			return PTR_ERR(file);
 		}

@@ -4334,8 +4333,6 @@ restart:
 		}
 		if (peer->i_peer_file) {
 			spin_unlock(&inode->i_lock);
-			*path = file->f_path;
-			path_get(path);
 			fput(file);
 			file = NULL;
 			goto restart;
@@ -4361,9 +4358,7 @@ restart:
 	if (file) {
 		file_accessed(file);
 		fput(file);
-	} else
-		path_put(path);
-
+	}
 	return 0;
 }
 EXPORT_SYMBOL(open_mapping_peer);
--
1.8.3.1