1. 18 10月, 2015 1 次提交
  2. 24 9月, 2015 2 次提交
  3. 05 9月, 2015 1 次提交
    • K
      fs: create and use seq_show_option for escaping · a068acf2
      Kees Cook 提交于
      Many file systems that implement the show_options hook fail to correctly
      escape their output which could lead to unescaped characters (e.g.  new
      lines) leaking into /proc/mounts and /proc/[pid]/mountinfo files.  This
      could lead to confusion, spoofed entries (resulting in things like
      systemd issuing false d-bus "mount" notifications), and who knows what
      else.  This looks like it would only be the root user stepping on
      themselves, but it's possible weird things could happen in containers or
      in other situations with delegated mount privileges.
      
      Here's an example using overlay with setuid fusermount trusting the
      contents of /proc/mounts (via the /etc/mtab symlink).  Imagine the use
      of "sudo" is something more sneaky:
      
        $ BASE="ovl"
        $ MNT="$BASE/mnt"
        $ LOW="$BASE/lower"
        $ UP="$BASE/upper"
        $ WORK="$BASE/work/ 0 0
        none /proc fuse.pwn user_id=1000"
        $ mkdir -p "$LOW" "$UP" "$WORK"
        $ sudo mount -t overlay -o "lowerdir=$LOW,upperdir=$UP,workdir=$WORK" none /mnt
        $ cat /proc/mounts
        none /root/ovl/mnt overlay rw,relatime,lowerdir=ovl/lower,upperdir=ovl/upper,workdir=ovl/work/ 0 0
        none /proc fuse.pwn user_id=1000 0 0
        $ fusermount -u /proc
        $ cat /proc/mounts
        cat: /proc/mounts: No such file or directory
      
      This fixes the problem by adding new seq_show_option and
      seq_show_option_n helpers, and updating the vulnerable show_option
      handlers to use them as needed.  Some, like SELinux, need to be open
      coded due to unusual existing escape mechanisms.
      
      [akpm@linux-foundation.org: add lost chunk, per Kees]
      [keescook@chromium.org: seq_show_option should be using const parameters]
      Signed-off-by: NKees Cook <keescook@chromium.org>
      Acked-by: NSerge Hallyn <serge.hallyn@canonical.com>
      Acked-by: NJan Kara <jack@suse.com>
      Acked-by: NPaul Moore <paul@paul-moore.com>
      Cc: J. R. Okajima <hooanon05g@gmail.com>
      Signed-off-by: NKees Cook <keescook@chromium.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      a068acf2
  4. 16 8月, 2015 2 次提交
    • T
      Revert "ext4: remove block_device_ejected" · bdfe0cbd
      Theodore Ts'o 提交于
      This reverts commit 08439fec.
      
      Unfortunately we still need to test for bdi->dev to avoid a crash when a
      USB stick is yanked out while a file system is mounted:
      
         usb 2-2: USB disconnect, device number 2
         Buffer I/O error on dev sdb1, logical block 15237120, lost sync page write
         JBD2: Error -5 detected when updating journal superblock for sdb1-8.
         BUG: unable to handle kernel paging request at 34beb000
         IP: [<c136ce88>] __percpu_counter_add+0x18/0xc0
         *pdpt = 0000000023db9001 *pde = 0000000000000000 
         Oops: 0000 [#1] SMP 
         CPU: 0 PID: 4083 Comm: umount Tainted: G     U     OE   4.1.1-040101-generic #201507011435
         Hardware name: LENOVO 7675CTO/7675CTO, BIOS 7NETC2WW (2.22 ) 03/22/2011
         task: ebf06b50 ti: ebebc000 task.ti: ebebc000
         EIP: 0060:[<c136ce88>] EFLAGS: 00010082 CPU: 0
         EIP is at __percpu_counter_add+0x18/0xc0
         EAX: f21c8e88 EBX: f21c8e88 ECX: 00000000 EDX: 00000001
         ESI: 00000001 EDI: 00000000 EBP: ebebde60 ESP: ebebde40
          DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
         CR0: 8005003b CR2: 34beb000 CR3: 33354200 CR4: 000007f0
         Stack:
          c1abe100 edcb0098 edcb00ec ffffffff f21c8e68 ffffffff f21c8e68 f286d160
          ebebde84 c1160454 00000010 00000282 f72a77f8 00000984 f72a77f8 f286d160
          f286d170 ebebdea0 c11e613f 00000000 00000282 f72a77f8 edd7f4d0 00000000
         Call Trace:
          [<c1160454>] account_page_dirtied+0x74/0x110
          [<c11e613f>] __set_page_dirty+0x3f/0xb0
          [<c11e6203>] mark_buffer_dirty+0x53/0xc0
          [<c124a0cb>] ext4_commit_super+0x17b/0x250
          [<c124ac71>] ext4_put_super+0xc1/0x320
          [<c11f04ba>] ? fsnotify_unmount_inodes+0x1aa/0x1c0
          [<c11cfeda>] ? evict_inodes+0xca/0xe0
          [<c11b925a>] generic_shutdown_super+0x6a/0xe0
          [<c10a1df0>] ? prepare_to_wait_event+0xd0/0xd0
          [<c1165a50>] ? unregister_shrinker+0x40/0x50
          [<c11b92f6>] kill_block_super+0x26/0x70
          [<c11b94f5>] deactivate_locked_super+0x45/0x80
          [<c11ba007>] deactivate_super+0x47/0x60
          [<c11d2b39>] cleanup_mnt+0x39/0x80
          [<c11d2bc0>] __cleanup_mnt+0x10/0x20
          [<c1080b51>] task_work_run+0x91/0xd0
          [<c1011e3c>] do_notify_resume+0x7c/0x90
          [<c1720da5>] work_notify
         Code: 8b 55 e8 e9 f4 fe ff ff 90 90 90 90 90 90 90 90 90 90 90 55 89 e5 83 ec 20 89 5d f4 89 c3 89 75 f8 89 d6 89 7d fc 89 cf 8b 48 14 <64> 8b 01 89 45 ec 89 c2 8b 45 08 c1 fa 1f 01 75 ec 89 55 f0 89
         EIP: [<c136ce88>] __percpu_counter_add+0x18/0xc0 SS:ESP 0068:ebebde40
         CR2: 0000000034beb000
         ---[ end trace dd564a7bea834ecd ]---
      
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=101011Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      Cc: stable@vger.kernel.org
      bdfe0cbd
    • T
      ext4: ratelimit the file system mounted message · e294a537
      Theodore Ts'o 提交于
      The xfstests ext4/305 will mount and unmount the same file system over
      4,000 times, and each one of these will cause a system log message.
      Ratelimit this message since if we are getting more than a few dozen
      of these messages, they probably aren't going to be helpful.
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      
      e294a537
  5. 15 8月, 2015 1 次提交
  6. 24 7月, 2015 1 次提交
    • J
      fs: Remove ext3 filesystem driver · c290ea01
      Jan Kara 提交于
      The functionality of ext3 is fully supported by ext4 driver. Major
      distributions (SUSE, RedHat) already use ext4 driver to handle ext3
      filesystems for quite some time. There is some ugliness in mm resulting
      from jbd cleaning buffers in a dirty page without cleaning page dirty
      bit and also support for buffer bouncing in the block layer when stable
      pages are required is there only because of jbd. So let's remove the
      ext3 driver. This saves us some 28k lines of duplicated code.
      Acked-by: NTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: NJan Kara <jack@suse.cz>
      c290ea01
  7. 23 7月, 2015 1 次提交
    • D
      ext4, jbd2: add REQ_FUA flag when recording an error in the superblock · 564bc402
      Daeho Jeong 提交于
      When an error condition is detected, an error status should be recorded into
      superblocks of EXT4 or JBD2. However, the write request is submitted now
      without REQ_FUA flag, even in "barrier=1" mode, which is followed by
      panic() function in "errors=panic" mode. On mobile devices which make
      whole system reset as soon as kernel panic occurs, this write request
      containing an error flag will disappear just from storage cache without
      written to the physical cells. Therefore, when next start, even forever,
      the error flag cannot be shown in both superblocks, and e2fsck cannot fix
      the filesystem problems automatically, unless e2fsck is executed in
      force checking mode.
      
      [ Changed use test_opt(sb, BARRIER) of checking the journal flags -- TYT ]
      Signed-off-by: NDaeho Jeong <daeho.jeong@samsung.com>
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      564bc402
  8. 22 7月, 2015 2 次提交
    • C
      ext4: reject journal options for ext2 mounts · 5ba92bcf
      Carlos Maiolino 提交于
      There is no reason to allow ext2 filesystems be mounted with journal
      mount options. So, this patch adds them to the MOPT_NO_EXT2 mount
      options list.
      Signed-off-by: NCarlos Maiolino <cmaiolino@redhat.com>
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      5ba92bcf
    • T
      ext4: implement cgroup writeback support · 001e4a87
      Tejun Heo 提交于
      For ordered and writeback data modes, all data IOs go through
      ext4_io_submit.  This patch adds cgroup writeback support by invoking
      wbc_init_bio() from io_submit_init_bio() and wbc_account_io() in
      io_submit_add_bh().  Journal data which is written by jbd2 worker is
      left alone by this patch and will always be written out from the root
      cgroup.
      
      ext4_fill_super() is updated to set MS_CGROUPWB when data mode is
      either ordered or writeback.  In journaled data mode, most IOs become
      synchronous through the journal and enabling cgroup writeback support
      doesn't make much sense or difference.  Journaled data mode is left
      alone.
      
      Lightly tested with sequential data write workload.  Behaves as
      expected.
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      001e4a87
  9. 26 6月, 2015 1 次提交
  10. 24 6月, 2015 1 次提交
  11. 23 6月, 2015 1 次提交
    • T
      ext4: set lazytime on remount if MS_LAZYTIME is set by mount · a2fd66d0
      Theodore Ts'o 提交于
      Newer versions of mount parse the lazytime feature and pass it to the
      mount system call via the flags field in the mount system call,
      removing the lazytime string from the mount options list.  So we need
      to check for the presence of MS_LAZYTIME and set it in sb->s_flags in
      order for this flag to be set on a remount.
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      Cc: stable@vger.kernel.org
      a2fd66d0
  12. 21 6月, 2015 2 次提交
    • T
      ext4: prevent ext4_quota_write() from failing due to ENOSPC · c5e298ae
      Theodore Ts'o 提交于
      In order to prevent quota block tracking to be inaccurate when
      ext4_quota_write() fails with ENOSPC, we make two changes.  The quota
      file can now use the reserved block (since the quota file is arguably
      file system metadata), and ext4_quota_write() now uses
      ext4_should_retry_alloc() to retry the block allocation after a commit
      has completed and released some blocks for allocation.
      
      This fixes failures of xfstests generic/270:
      
      Quota error (device vdc): write_blk: dquota write failed
      Quota error (device vdc): qtree_write_dquot: Error -28 occurred while creating quota
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      c5e298ae
    • T
      ext4: call sync_blockdev() before invalidate_bdev() in put_super() · 89d96a6f
      Theodore Ts'o 提交于
      Normally all of the buffers will have been forced out to disk before
      we call invalidate_bdev(), but there will be some cases, where a file
      system operation was aborted due to an ext4_error(), where there may
      still be some dirty buffers in the buffer cache for the device.  So
      try to force them out to memory before calling invalidate_bdev().
      
      This fixes a warning triggered by generic/081:
      
      WARNING: CPU: 1 PID: 3473 at /usr/projects/linux/ext4/fs/block_dev.c:56 __blkdev_put+0xb5/0x16f()
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      Cc: stable@vger.kernel.org
      89d96a6f
  13. 16 6月, 2015 1 次提交
    • A
      ext4: improve warning directory handling messages · b03a2f7e
      Andreas Dilger 提交于
      Several ext4_warning() messages in the directory handling code do not
      report the inode number of the (potentially corrupt) directory where a
      problem is seen, and others report this in an ad-hoc manner.  Add an
      ext4_warning_inode() helper to print the inode number and command name
      consistent with ext4_error_inode().
      
      Consolidate the place in ext4.h that these macros are defined.
      
      Clean up some other directory error and warning messages to print the
      calling function name.
      
      Minor code style fixes in nearby lines.
      Signed-off-by: NAndreas Dilger <adilger@dilger.ca>
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      b03a2f7e
  14. 13 6月, 2015 1 次提交
  15. 02 6月, 2015 1 次提交
    • T
      writeback: separate out include/linux/backing-dev-defs.h · 66114cad
      Tejun Heo 提交于
      With the planned cgroup writeback support, backing-dev related
      declarations will be more widely used across block and cgroup;
      unfortunately, including backing-dev.h from include/linux/blkdev.h
      makes cyclic include dependency quite likely.
      
      This patch separates out backing-dev-defs.h which only has the
      essential definitions and updates blkdev.h to include it.  c files
      which need access to more backing-dev details now include
      backing-dev.h directly.  This takes backing-dev.h off the common
      include dependency chain making it a lot easier to use it across block
      and cgroup.
      
      v2: fs/fat build failure fixed.
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Reviewed-by: NJan Kara <jack@suse.cz>
      Cc: Jens Axboe <axboe@kernel.dk>
      Signed-off-by: NJens Axboe <axboe@fb.com>
      66114cad
  16. 01 6月, 2015 2 次提交
  17. 19 5月, 2015 3 次提交
    • T
      ext4: clean up superblock encryption mode fields · f5aed2c2
      Theodore Ts'o 提交于
      The superblock fields s_file_encryption_mode and s_dir_encryption_mode
      are vestigal, so remove them as a cleanup.  While we're at it, allow
      file systems with both encryption and inline_data enabled at the same
      time to work correctly.  We can't have encrypted inodes with inline
      data, but there's no reason to prohibit unencrypted inodes from using
      the inline data feature.
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      f5aed2c2
    • T
      ext4 crypto: reorganize how we store keys in the inode · b7236e21
      Theodore Ts'o 提交于
      This is a pretty massive patch which does a number of different things:
      
      1) The per-inode encryption information is now stored in an allocated
         data structure, ext4_crypt_info, instead of directly in the node.
         This reduces the size usage of an in-memory inode when it is not
         using encryption.
      
      2) We drop the ext4_fname_crypto_ctx entirely, and use the per-inode
         encryption structure instead.  This remove an unnecessary memory
         allocation and free for the fname_crypto_ctx as well as allowing us
         to reuse the ctfm in a directory for multiple lookups and file
         creations.
      
      3) We also cache the inode's policy information in the ext4_crypt_info
         structure so we don't have to continually read it out of the
         extended attributes.
      
      4) We now keep the keyring key in the inode's encryption structure
         instead of releasing it after we are done using it to derive the
         per-inode key.  This allows us to test to see if the key has been
         revoked; if it has, we prevent the use of the derived key and free
         it.
      
      5) When an inode is released (or when the derived key is freed), we
         will use memset_explicit() to zero out the derived key, so it's not
         left hanging around in memory.  This implies that when a user logs
         out, it is important to first revoke the key, and then unlink it,
         and then finally, to use "echo 3 > /proc/sys/vm/drop_caches" to
         release any decrypted pages and dcache entries from the system
         caches.
      
      6) All this, and we also shrink the number of lines of code by around
         100.  :-)
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      b7236e21
    • T
      ext4 crypto: separate kernel and userspace structure for the key · e2881b1b
      Theodore Ts'o 提交于
      Use struct ext4_encryption_key only for the master key passed via the
      kernel keyring.
      
      For internal kernel space users, we now use struct ext4_crypt_info.
      This will allow us to put information from the policy structure so we
      can cache it and avoid needing to constantly looking up the extended
      attribute.  We will do this in a spearate patch.  This patch is mostly
      mechnical to make it easier for patch review.
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      e2881b1b
  18. 15 5月, 2015 1 次提交
  19. 16 4月, 2015 2 次提交
  20. 12 4月, 2015 1 次提交
    • M
      ext4 crypto: add ext4 encryption facilities · b30ab0e0
      Michael Halcrow 提交于
      On encrypt, we will re-assign the buffer_heads to point to a bounce
      page rather than the control_page (which is the original page to write
      that contains the plaintext). The block I/O occurs against the bounce
      page.  On write completion, we re-assign the buffer_heads to the
      original plaintext page.
      
      On decrypt, we will attach a read completion callback to the bio
      struct. This read completion will decrypt the read contents in-place
      prior to setting the page up-to-date.
      
      The current encryption mode, AES-256-XTS, lacks cryptographic
      integrity. AES-256-GCM is in-plan, but we will need to devise a
      mechanism for handling the integrity data.
      Signed-off-by: NMichael Halcrow <mhalcrow@google.com>
      Signed-off-by: NIldar Muslukhov <ildarm@google.com>
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      b30ab0e0
  21. 03 4月, 2015 2 次提交
  22. 04 3月, 2015 1 次提交
  23. 17 2月, 2015 1 次提交
  24. 13 2月, 2015 3 次提交
  25. 05 2月, 2015 1 次提交
    • T
      ext4: add optimization for the lazytime mount option · a26f4992
      Theodore Ts'o 提交于
      Add an optimization for the MS_LAZYTIME mount option so that we will
      opportunistically write out any inodes with the I_DIRTY_TIME flag set
      in a particular inode table block when we need to update some inode in
      that inode table block anyway.
      
      Also add some temporary code so that we can set the lazytime mount
      option without needing a modified /sbin/mount program which can set
      MS_LAZYTIME.  We can eventually make this go away once util-linux has
      added support.
      
      Google-Bug-Id: 18297052
      Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      a26f4992
  26. 30 1月, 2015 1 次提交
    • J
      ext4: Use generic helpers for quotaon and quotaoff · 1fa5efe3
      Jan Kara 提交于
      Ext4 can just use the generic helpers provided by quota code for turning
      quotas on and off when quota files are stored as system inodes. The only
      difference is the feature test in ext4_quota_on_sysfile() but the same
      is achieved in dquot_quota_enable() by checking whether usage tracking
      for the corresponding quota type is enabled (which can happen only if
      quota feature is set).
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NJan Kara <jack@suse.cz>
      1fa5efe3
  27. 27 1月, 2015 1 次提交
  28. 21 1月, 2015 1 次提交
  29. 03 1月, 2015 1 次提交