1. 13 2月, 2013 10 次提交
  2. 12 2月, 2013 14 次提交
  3. 28 1月, 2013 1 次提交
  4. 27 1月, 2013 6 次提交
    • E
      userns: Allow the userns root to mount tmpfs. · 2b8576cb
      Eric W. Biederman 提交于
      There is no backing store to tmpfs and file creation rules are the
      same as for any other filesystem so it is semantically safe to allow
      unprivileged users to mount it.  ramfs is safe for the same reasons so
      allow either flavor of tmpfs to be mounted by a user namespace root
      user.
      
      The memory control group successfully limits how much memory tmpfs can
      consume on any system that cares about a user namespace root using
      tmpfs to exhaust memory the memory control group can be deployed.
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      2b8576cb
    • E
      userns: Allow the userns root to mount ramfs. · b3c6761d
      Eric W. Biederman 提交于
      There is no backing store to ramfs and file creation
      rules are the same as for any other filesystem so
      it is semantically safe to allow unprivileged users
      to mount it.
      
      The memory control group successfully limits how much
      memory ramfs can consume on any system that cares about
      a user namespace root using ramfs to exhaust memory
      the memory control group can be deployed.
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      b3c6761d
    • E
      userns: Allow the userns root to mount of devpts · ec2aa8e8
      Eric W. Biederman 提交于
      - The context in which devpts is mounted has no effect on the creation
        of ptys as the /dev/ptmx interface has been used by unprivileged
        users for many years.
      
      - Only support unprivileged mounts in combination with the newinstance
        option to ensure that mounting of /dev/pts in a user namespace will
        not allow the options of an existing mount of devpts to be modified.
      
      - Create /dev/pts/ptmx as the root user in the user namespace that
        mounts devpts so that it's permissions to be changed.
      Acked-by: NSerge Hallyn <serge.hallyn@canonical.com>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      ec2aa8e8
    • E
      userns: Recommend use of memory control groups. · e11f0ae3
      Eric W. Biederman 提交于
      In the help text describing user namespaces recommend use of memory
      control groups.  In many cases memory control groups are the only
      mechanism there is to limit how much memory a user who can create
      user namespaces can use.
      Acked-by: NSerge Hallyn <serge.hallyn@canonical.com>
      Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
      e11f0ae3
    • E
      userns: Allow any uid or gid mappings that don't overlap. · 0bd14b4f
      Eric W. Biederman 提交于
      When I initially wrote the code for /proc/<pid>/uid_map.  I was lazy
      and avoided duplicate mappings by the simple expedient of ensuring the
      first number in a new extent was greater than any number in the
      previous extent.
      
      Unfortunately that precludes a number of valid mappings, and someone
      noticed and complained.  So use a simple check to ensure that ranges
      in the mapping extents don't overlap.
      Acked-by: NSerge Hallyn <serge.hallyn@canonical.com>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      0bd14b4f
    • E
      userns: Avoid recursion in put_user_ns · c61a2810
      Eric W. Biederman 提交于
      When freeing a deeply nested user namespace free_user_ns calls
      put_user_ns on it's parent which may in turn call free_user_ns again.
      When -fno-optimize-sibling-calls is passed to gcc one stack frame per
      user namespace is left on the stack, potentially overflowing the
      kernel stack.  CONFIG_FRAME_POINTER forces -fno-optimize-sibling-calls
      so we can't count on gcc to optimize this code.
      
      Remove struct kref and use a plain atomic_t.  Making the code more
      flexible and easier to comprehend.  Make the loop in free_user_ns
      explict to guarantee that the stack does not overflow with
      CONFIG_FRAME_POINTER enabled.
      
      I have tested this fix with a simple program that uses unshare to
      create a deeply nested user namespace structure and then calls exit.
      With 1000 nesteuser namespaces before this change running my test
      program causes the kernel to die a horrible death.  With 10,000,000
      nested user namespaces after this change my test program runs to
      completion and causes no harm.
      Acked-by: NSerge Hallyn <serge.hallyn@canonical.com>
      Pointed-out-by: NVasily Kulikov <segoon@openwall.com>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      c61a2810
  5. 27 12月, 2012 1 次提交
  6. 26 12月, 2012 3 次提交
    • E
      f2fs: Don't assign e_id in f2fs_acl_from_disk · 48c6d121
      Eric W. Biederman 提交于
      With user namespaces enabled building f2fs fails with:
      
       CC      fs/f2fs/acl.o
      fs/f2fs/acl.c: In function ‘f2fs_acl_from_disk’:
      fs/f2fs/acl.c:85:21: error: ‘struct posix_acl_entry’ has no member named ‘e_id’
      make[2]: *** [fs/f2fs/acl.o] Error 1
      make[2]: Target `__build' not remade because of errors.
      
      e_id is a backwards compatibility field only used for file systems
      that haven't been converted to use kuids and kgids.  When the posix
      acl tag field is neither ACL_USER nor ACL_GROUP assigning e_id is
      unnecessary.  Remove the assignment so f2fs will build with user
      namespaces enabled.
      
      Cc: Namjae Jeon <namjae.jeon@samsung.com>
      Cc: Amit Sahrawat <a.sahrawat@samsung.com>
      Acked-by: NJaegeuk Kim <jaegeuk.kim@samsung.com>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      48c6d121
    • E
      proc: Allow proc_free_inum to be called from any context · dfb2ea45
      Eric W. Biederman 提交于
      While testing the pid namespace code I hit this nasty warning.
      
      [  176.262617] ------------[ cut here ]------------
      [  176.263388] WARNING: at /home/eric/projects/linux/linux-userns-devel/kernel/softirq.c:160 local_bh_enable_ip+0x7a/0xa0()
      [  176.265145] Hardware name: Bochs
      [  176.265677] Modules linked in:
      [  176.266341] Pid: 742, comm: bash Not tainted 3.7.0userns+ #18
      [  176.266564] Call Trace:
      [  176.266564]  [<ffffffff810a539f>] warn_slowpath_common+0x7f/0xc0
      [  176.266564]  [<ffffffff810a53fa>] warn_slowpath_null+0x1a/0x20
      [  176.266564]  [<ffffffff810ad9ea>] local_bh_enable_ip+0x7a/0xa0
      [  176.266564]  [<ffffffff819308c9>] _raw_spin_unlock_bh+0x19/0x20
      [  176.266564]  [<ffffffff8123dbda>] proc_free_inum+0x3a/0x50
      [  176.266564]  [<ffffffff8111d0dc>] free_pid_ns+0x1c/0x80
      [  176.266564]  [<ffffffff8111d195>] put_pid_ns+0x35/0x50
      [  176.266564]  [<ffffffff810c608a>] put_pid+0x4a/0x60
      [  176.266564]  [<ffffffff8146b177>] tty_ioctl+0x717/0xc10
      [  176.266564]  [<ffffffff810aa4d5>] ? wait_consider_task+0x855/0xb90
      [  176.266564]  [<ffffffff81086bf9>] ? default_spin_lock_flags+0x9/0x10
      [  176.266564]  [<ffffffff810cab0a>] ? remove_wait_queue+0x5a/0x70
      [  176.266564]  [<ffffffff811e37e8>] do_vfs_ioctl+0x98/0x550
      [  176.266564]  [<ffffffff810b8a0f>] ? recalc_sigpending+0x1f/0x60
      [  176.266564]  [<ffffffff810b9127>] ? __set_task_blocked+0x37/0x80
      [  176.266564]  [<ffffffff810ab95b>] ? sys_wait4+0xab/0xf0
      [  176.266564]  [<ffffffff811e3d31>] sys_ioctl+0x91/0xb0
      [  176.266564]  [<ffffffff810a95f0>] ? task_stopped_code+0x50/0x50
      [  176.266564]  [<ffffffff81939199>] system_call_fastpath+0x16/0x1b
      [  176.266564] ---[ end trace 387af88219ad6143 ]---
      
      It turns out that spin_unlock_bh(proc_inum_lock) is not safe when
      put_pid is called with another spinlock held and irqs disabled.
      
      For now take the easy path and use spin_lock_irqsave(proc_inum_lock)
      in proc_free_inum and spin_loc_irq in proc_alloc_inum(proc_inum_lock).
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      dfb2ea45
    • E
      pidns: Stop pid allocation when init dies · c876ad76
      Eric W. Biederman 提交于
      Oleg pointed out that in a pid namespace the sequence.
      - pid 1 becomes a zombie
      - setns(thepidns), fork,...
      - reaping pid 1.
      - The injected processes exiting.
      
      Can lead to processes attempting access their child reaper and
      instead following a stale pointer.
      
      That waitpid for init can return before all of the processes in
      the pid namespace have exited is also unfortunate.
      
      Avoid these problems by disabling the allocation of new pids in a pid
      namespace when init dies, instead of when the last process in a pid
      namespace is reaped.
      Pointed-out-by: NOleg Nesterov <oleg@redhat.com>
      Reviewed-by: NOleg Nesterov <oleg@redhat.com>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      c876ad76
  7. 25 12月, 2012 1 次提交
  8. 22 12月, 2012 4 次提交
    • L
      Linux 3.8-rc1 · a49f0d1e
      Linus Torvalds 提交于
      a49f0d1e
    • L
      Merge git://www.linux-watchdog.org/linux-watchdog · 4fe19a13
      Linus Torvalds 提交于
      Pull watchdog updates from Wim Van Sebroeck:
       "This includes some fixes and code improvements (like
        clk_prepare_enable and clk_disable_unprepare), conversion from the
        omap_wdt and twl4030_wdt drivers to the watchdog framework, addition
        of the SB8x0 chipset support and the DA9055 Watchdog driver and some
        OF support for the davinci_wdt driver."
      
      * git://www.linux-watchdog.org/linux-watchdog: (22 commits)
        watchdog: mei: avoid oops in watchdog unregister code path
        watchdog: Orion: Fix possible null-deference in orion_wdt_probe
        watchdog: sp5100_tco: Add SB8x0 chipset support
        watchdog: davinci_wdt: add OF support
        watchdog: da9052: Fix invalid free of devm_ allocated data
        watchdog: twl4030_wdt: Change TWL4030_MODULE_PM_RECEIVER to TWL_MODULE_PM_RECEIVER
        watchdog: remove depends on CONFIG_EXPERIMENTAL
        watchdog: Convert dev_printk(KERN_<LEVEL> to dev_<level>(
        watchdog: DA9055 Watchdog driver
        watchdog: omap_wdt: eliminate goto
        watchdog: omap_wdt: delete redundant platform_set_drvdata() calls
        watchdog: omap_wdt: convert to devm_ functions
        watchdog: omap_wdt: convert to new watchdog core
        watchdog: WatchDog Timer Driver Core: fix comment
        watchdog: s3c2410_wdt: use clk_prepare_enable and clk_disable_unprepare
        watchdog: imx2_wdt: Select the driver via ARCH_MXC
        watchdog: cpu5wdt.c: add missing del_timer call
        watchdog: hpwdt.c: Increase version string
        watchdog: Convert twl4030_wdt to watchdog core
        davinci_wdt: preparation for switch to common clock framework
        ...
      4fe19a13
    • L
      Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6 · 769cb858
      Linus Torvalds 提交于
      Pull CIFS fixes from Steve French:
       "Misc small cifs fixes"
      
      * 'for-next' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: eliminate cifsERROR variable
        cifs: don't compare uniqueids in cifs_prime_dcache unless server inode numbers are in use
        cifs: fix double-free of "string" in cifs_parse_mount_options
      769cb858
    • L
      Merge tag 'dm-3.8-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/agk/linux-dm · b49249d1
      Linus Torvalds 提交于
      Pull dm update from Alasdair G Kergon:
       "Miscellaneous device-mapper fixes, cleanups and performance
        improvements.
      
        Of particular note:
         - Disable broken WRITE SAME support in all targets except linear and
           striped.  Use it when kcopyd is zeroing blocks.
         - Remove several mempools from targets by moving the data into the
           bio's new front_pad area(which dm calls 'per_bio_data').
         - Fix a race in thin provisioning if discards are misused.
         - Prevent userspace from interfering with the ioctl parameters and
           use kmalloc for the data buffer if it's small instead of vmalloc.
         - Throttle some annoying error messages when I/O fails."
      
      * tag 'dm-3.8-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/agk/linux-dm: (36 commits)
        dm stripe: add WRITE SAME support
        dm: remove map_info
        dm snapshot: do not use map_context
        dm thin: dont use map_context
        dm raid1: dont use map_context
        dm flakey: dont use map_context
        dm raid1: rename read_record to bio_record
        dm: move target request nr to dm_target_io
        dm snapshot: use per_bio_data
        dm verity: use per_bio_data
        dm raid1: use per_bio_data
        dm: introduce per_bio_data
        dm kcopyd: add WRITE SAME support to dm_kcopyd_zero
        dm linear: add WRITE SAME support
        dm: add WRITE SAME support
        dm: prepare to support WRITE SAME
        dm ioctl: use kmalloc if possible
        dm ioctl: remove PF_MEMALLOC
        dm persistent data: improve improve space map block alloc failure message
        dm thin: use DMERR_LIMIT for errors
        ...
      b49249d1