whiterose

linux unikernel
Log | Files | Refs | README | LICENSE | git clone https://git.ne02ptzero.me/git/whiterose

commit 9b286efeb5eb5aaa2712873fc1f928b2f879dbde
parent 47f3f4eb7834ea424b0704bffd0d3e3c8ffbc3a1
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Sat,  5 Jan 2019 13:18:59 -0800

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull trivial vfs updates from Al Viro:
 "A few cleanups + Neil's namespace_unlock() optimization"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  exec: make prepare_bprm_creds static
  genheaders: %-<width>s had been there since v6; %-*s - since v7
  VFS: use synchronize_rcu_expedited() in namespace_unlock()
  iov_iter: reduce code duplication

Diffstat:
Mfs/exec.c | 2+-
Mfs/namespace.c | 2+-
Minclude/linux/binfmts.h | 1-
Mlib/iov_iter.c | 54+++++++++++++++++++++++++++---------------------------
Mscripts/selinux/genheaders/genheaders.c | 29+++++++++--------------------
5 files changed, 38 insertions(+), 50 deletions(-)

diff --git a/fs/exec.c b/fs/exec.c @@ -1402,7 +1402,7 @@ EXPORT_SYMBOL(finalize_exec); * Or, if exec fails before, free_bprm() should release ->cred and * and unlock. */ -int prepare_bprm_creds(struct linux_binprm *bprm) +static int prepare_bprm_creds(struct linux_binprm *bprm) { if (mutex_lock_interruptible(&current->signal->cred_guard_mutex)) return -ERESTARTNOINTR; diff --git a/fs/namespace.c b/fs/namespace.c @@ -1360,7 +1360,7 @@ static void namespace_unlock(void) if (likely(hlist_empty(&head))) return; - synchronize_rcu(); + synchronize_rcu_expedited(); group_pin_kill(&head); } diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h @@ -139,7 +139,6 @@ extern int transfer_args_to_stack(struct linux_binprm *bprm, extern int bprm_change_interp(const char *interp, struct linux_binprm *bprm); extern int copy_strings_kernel(int argc, const char *const *argv, struct linux_binprm *bprm); -extern int prepare_bprm_creds(struct linux_binprm *bprm); extern void install_exec_creds(struct linux_binprm *bprm); extern void set_binfmt(struct linux_binfmt *new); extern ssize_t read_code(struct file *, unsigned long, loff_t, size_t); diff --git a/lib/iov_iter.c b/lib/iov_iter.c @@ -561,13 +561,20 @@ static size_t copy_pipe_to_iter(const void *addr, size_t bytes, return bytes; } +static __wsum csum_and_memcpy(void *to, const void *from, size_t len, + __wsum sum, size_t off) +{ + __wsum next = csum_partial_copy_nocheck(from, to, len, 0); + return csum_block_add(sum, next, off); +} + static size_t csum_and_copy_to_pipe_iter(const void *addr, size_t bytes, __wsum *csum, struct iov_iter *i) { struct pipe_inode_info *pipe = i->pipe; size_t n, r; size_t off = 0; - __wsum sum = *csum, next; + __wsum sum = *csum; int idx; if (!sanity(i)) @@ -579,8 +586,7 @@ static size_t csum_and_copy_to_pipe_iter(const void *addr, size_t bytes, for ( ; n; idx = next_idx(idx, pipe), r = 0) { size_t chunk = min_t(size_t, n, PAGE_SIZE - r); char *p = kmap_atomic(pipe->bufs[idx].page); - next = csum_partial_copy_nocheck(addr, p + r, chunk, 0); - sum = csum_block_add(sum, next, off); + sum = csum_and_memcpy(p + r, addr, chunk, sum, off); kunmap_atomic(p); i->idx = idx; i->iov_offset = r + chunk; @@ -1401,17 +1407,15 @@ size_t csum_and_copy_from_iter(void *addr, size_t bytes, __wsum *csum, err ? v.iov_len : 0; }), ({ char *p = kmap_atomic(v.bv_page); - next = csum_partial_copy_nocheck(p + v.bv_offset, - (to += v.bv_len) - v.bv_len, - v.bv_len, 0); + sum = csum_and_memcpy((to += v.bv_len) - v.bv_len, + p + v.bv_offset, v.bv_len, + sum, off); kunmap_atomic(p); - sum = csum_block_add(sum, next, off); off += v.bv_len; }),({ - next = csum_partial_copy_nocheck(v.iov_base, - (to += v.iov_len) - v.iov_len, - v.iov_len, 0); - sum = csum_block_add(sum, next, off); + sum = csum_and_memcpy((to += v.iov_len) - v.iov_len, + v.iov_base, v.iov_len, + sum, off); off += v.iov_len; }) ) @@ -1445,17 +1449,15 @@ bool csum_and_copy_from_iter_full(void *addr, size_t bytes, __wsum *csum, 0; }), ({ char *p = kmap_atomic(v.bv_page); - next = csum_partial_copy_nocheck(p + v.bv_offset, - (to += v.bv_len) - v.bv_len, - v.bv_len, 0); + sum = csum_and_memcpy((to += v.bv_len) - v.bv_len, + p + v.bv_offset, v.bv_len, + sum, off); kunmap_atomic(p); - sum = csum_block_add(sum, next, off); off += v.bv_len; }),({ - next = csum_partial_copy_nocheck(v.iov_base, - (to += v.iov_len) - v.iov_len, - v.iov_len, 0); - sum = csum_block_add(sum, next, off); + sum = csum_and_memcpy((to += v.iov_len) - v.iov_len, + v.iov_base, v.iov_len, + sum, off); off += v.iov_len; }) ) @@ -1493,17 +1495,15 @@ size_t csum_and_copy_to_iter(const void *addr, size_t bytes, void *csump, err ? v.iov_len : 0; }), ({ char *p = kmap_atomic(v.bv_page); - next = csum_partial_copy_nocheck((from += v.bv_len) - v.bv_len, - p + v.bv_offset, - v.bv_len, 0); + sum = csum_and_memcpy(p + v.bv_offset, + (from += v.bv_len) - v.bv_len, + v.bv_len, sum, off); kunmap_atomic(p); - sum = csum_block_add(sum, next, off); off += v.bv_len; }),({ - next = csum_partial_copy_nocheck((from += v.iov_len) - v.iov_len, - v.iov_base, - v.iov_len, 0); - sum = csum_block_add(sum, next, off); + sum = csum_and_memcpy(v.iov_base, + (from += v.iov_len) - v.iov_len, + v.iov_len, sum, off); off += v.iov_len; }) ) diff --git a/scripts/selinux/genheaders/genheaders.c b/scripts/selinux/genheaders/genheaders.c @@ -19,8 +19,6 @@ struct security_class_mapping { #include "classmap.h" #include "initial_sid_to_string.h" -#define max(x, y) (((int)(x) > (int)(y)) ? x : y) - const char *progname; static void usage(void) @@ -46,11 +44,9 @@ static char *stoupperx(const char *s) int main(int argc, char *argv[]) { - int i, j, k; + int i, j; int isids_len; FILE *fout; - const char *needle = "SOCKET"; - char *substr; progname = argv[0]; @@ -80,20 +76,14 @@ int main(int argc, char *argv[]) for (i = 0; secclass_map[i].name; i++) { struct security_class_mapping *map = &secclass_map[i]; - fprintf(fout, "#define SECCLASS_%s", map->name); - for (j = 0; j < max(1, 40 - strlen(map->name)); j++) - fprintf(fout, " "); - fprintf(fout, "%2d\n", i+1); + fprintf(fout, "#define SECCLASS_%-39s %2d\n", map->name, i+1); } fprintf(fout, "\n"); for (i = 1; i < isids_len; i++) { const char *s = initial_sid_to_string[i]; - fprintf(fout, "#define SECINITSID_%s", s); - for (j = 0; j < max(1, 40 - strlen(s)); j++) - fprintf(fout, " "); - fprintf(fout, "%2d\n", i); + fprintf(fout, "#define SECINITSID_%-39s %2d\n", s, i); } fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1); fprintf(fout, "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n"); @@ -101,9 +91,10 @@ int main(int argc, char *argv[]) fprintf(fout, "\tbool sock = false;\n\n"); fprintf(fout, "\tswitch (kern_tclass) {\n"); for (i = 0; secclass_map[i].name; i++) { + static char s[] = "SOCKET"; struct security_class_mapping *map = &secclass_map[i]; - substr = strstr(map->name, needle); - if (substr && strcmp(substr, needle) == 0) + int len = strlen(map->name), l = sizeof(s) - 1; + if (len >= l && memcmp(map->name + len - l, s, l) == 0) fprintf(fout, "\tcase SECCLASS_%s:\n", map->name); } fprintf(fout, "\t\tsock = true;\n"); @@ -129,17 +120,15 @@ int main(int argc, char *argv[]) for (i = 0; secclass_map[i].name; i++) { struct security_class_mapping *map = &secclass_map[i]; + int len = strlen(map->name); for (j = 0; map->perms[j]; j++) { if (j >= 32) { fprintf(stderr, "Too many permissions to fit into an access vector at (%s, %s).\n", map->name, map->perms[j]); exit(5); } - fprintf(fout, "#define %s__%s", map->name, - map->perms[j]); - for (k = 0; k < max(1, 40 - strlen(map->name) - strlen(map->perms[j])); k++) - fprintf(fout, " "); - fprintf(fout, "0x%08xU\n", (1<<j)); + fprintf(fout, "#define %s__%-*s 0x%08xU\n", map->name, + 39-len, map->perms[j], 1U<<j); } }