diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index 1fe06f7929fbc2bbc201ca8faa17144b6f9e525b..371e7aab3eac2d8405e9e0af0404da2de3561136 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -247,6 +247,12 @@ static bool sanity_check_inode(struct inode *inode, struct page *node_page) return false; } + if (ino_of_node(node_page) == fi->i_xattr_nid) { + f2fs_warn(sbi, "%s: corrupted inode i_ino=%lx, xnid=%x, run fsck to fix.", + __func__, inode->i_ino, fi->i_xattr_nid); + return false; + } + if (f2fs_has_extra_attr(inode) && f2fs_sb_has_flexible_inline_xattr(sbi) && f2fs_has_inline_xattr(inode) && diff --git a/kernel/events/core.c b/kernel/events/core.c index ef08b894a252ba24277817f1d41cf76d70c0b11e..c26c500459d4268dc7ef9e5f6142fbcb9a72c9ac 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -6608,6 +6608,10 @@ perf_sample_ustack_size(u16 stack_size, u16 header_size, if (!regs) return 0; + /* No mm, no stack, no dump. */ + if (!current->mm) + return 0; + /* * Check if we fit in with the requested stack size into the: * - TASK_SIZE @@ -7199,6 +7203,9 @@ perf_callchain(struct perf_event *event, struct pt_regs *regs) const u32 max_stack = event->attr.sample_max_stack; struct perf_callchain_entry *callchain; + if (!current->mm) + user = false; + if (!kernel && !user) return &__empty_callchain; @@ -9787,7 +9794,7 @@ static int perf_uprobe_event_init(struct perf_event *event) if (event->attr.type != perf_uprobe.type) return -ENOENT; - if (!perfmon_capable()) + if (!capable(CAP_SYS_ADMIN)) return -EACCES; /* diff --git a/kernel/exit.c b/kernel/exit.c index 4065a6a958310ed7246f0e0e662f55d391326e72..0f633a7c535cbbb45400cbb17716f3cb64d41eff 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -857,6 +857,15 @@ void __noreturn do_exit(long code) tsk->exit_code = code; taskstats_exit(tsk, group_dead); + /* + * Since sampling can touch ->mm, make sure to stop everything before we + * tear it down. + * + * Also flushes inherited counters to the parent - before the parent + * gets woken up by child-exit notifications. + */ + perf_event_exit_task(tsk); + exit_mm(); if (group_dead) @@ -873,14 +882,6 @@ void __noreturn do_exit(long code) exit_task_work(tsk); exit_thread(tsk); - /* - * Flush inherited counters to the parent - before the parent - * gets woken up by child-exit notifications. - * - * because of cgroup mode, must be called before cgroup_exit() - */ - perf_event_exit_task(tsk); - sched_autogroup_exit_task(tsk); cgroup_exit(tsk); diff --git a/net/atm/lec.c b/net/atm/lec.c index 7226c784dbe0c70e4d6899634cb3821ff5a61960..012144bb2fd06684c7aed0cb3e46c656c855e8ca 100644 --- a/net/atm/lec.c +++ b/net/atm/lec.c @@ -905,7 +905,6 @@ static void *lec_itf_walk(struct lec_state *state, loff_t *l) v = (dev && netdev_priv(dev)) ? lec_priv_walk(state, l, netdev_priv(dev)) : NULL; if (!v && dev) { - dev_put(dev); /* Partial state reset for the next time we get called */ dev = NULL; } @@ -929,6 +928,7 @@ static void *lec_seq_start(struct seq_file *seq, loff_t *pos) { struct lec_state *state = seq->private; + mutex_lock(&lec_mutex); state->itf = 0; state->dev = NULL; state->locked = NULL; @@ -946,8 +946,9 @@ static void lec_seq_stop(struct seq_file *seq, void *v) if (state->dev) { spin_unlock_irqrestore(&state->locked->lec_arp_lock, state->flags); - dev_put(state->dev); + state->dev = NULL; } + mutex_unlock(&lec_mutex); } static void *lec_seq_next(struct seq_file *seq, void *v, loff_t *pos) diff --git a/net/ipv6/calipso.c b/net/ipv6/calipso.c index 0ea66e9db249510e0d9aca7f4049d37965e95bbd..b24afbf3dbe4ef75cc7363ef4ad7569ca964c57b 100644 --- a/net/ipv6/calipso.c +++ b/net/ipv6/calipso.c @@ -1195,6 +1195,10 @@ static int calipso_req_setattr(struct request_sock *req, struct ipv6_opt_hdr *old, *new; struct sock *sk = sk_to_full_sk(req_to_sk(req)); + /* sk is NULL for SYN+ACK w/ SYN Cookie */ + if (!sk) + return -ENOMEM; + if (req_inet->ipv6_opt && req_inet->ipv6_opt->hopopt) old = req_inet->ipv6_opt->hopopt; else @@ -1235,6 +1239,10 @@ static void calipso_req_delattr(struct request_sock *req) struct ipv6_txoptions *txopts; struct sock *sk = sk_to_full_sk(req_to_sk(req)); + /* sk is NULL for SYN+ACK w/ SYN Cookie */ + if (!sk) + return; + if (!req_inet->ipv6_opt || !req_inet->ipv6_opt->hopopt) return;