1. 07 5月, 2013 6 次提交
  2. 04 3月, 2013 1 次提交
    • E
      fs: Limit sys_mount to only request filesystem modules. · 7f78e035
      Eric W. Biederman 提交于
      Modify the request_module to prefix the file system type with "fs-"
      and add aliases to all of the filesystems that can be built as modules
      to match.
      
      A common practice is to build all of the kernel code and leave code
      that is not commonly needed as modules, with the result that many
      users are exposed to any bug anywhere in the kernel.
      
      Looking for filesystems with a fs- prefix limits the pool of possible
      modules that can be loaded by mount to just filesystems trivially
      making things safer with no real cost.
      
      Using aliases means user space can control the policy of which
      filesystem modules are auto-loaded by editing /etc/modprobe.d/*.conf
      with blacklist and alias directives.  Allowing simple, safe,
      well understood work-arounds to known problematic software.
      
      This also addresses a rare but unfortunate problem where the filesystem
      name is not the same as it's module name and module auto-loading
      would not work.  While writing this patch I saw a handful of such
      cases.  The most significant being autofs that lives in the module
      autofs4.
      
      This is relevant to user namespaces because we can reach the request
      module in get_fs_type() without having any special permissions, and
      people get uncomfortable when a user specified string (in this case
      the filesystem type) goes all of the way to request_module.
      
      After having looked at this issue I don't think there is any
      particular reason to perform any filtering or permission checks beyond
      making it clear in the module request that we want a filesystem
      module.  The common pattern in the kernel is to call request_module()
      without regards to the users permissions.  In general all a filesystem
      module does once loaded is call register_filesystem() and go to sleep.
      Which means there is not much attack surface exposed by loading a
      filesytem module unless the filesystem is mounted.  In a user
      namespace filesystems are not mounted unless .fs_flags = FS_USERNS_MOUNT,
      which most filesystems do not set today.
      Acked-by: NSerge Hallyn <serge.hallyn@canonical.com>
      Acked-by: NKees Cook <keescook@chromium.org>
      Reported-by: NKees Cook <keescook@google.com>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      7f78e035
  3. 21 2月, 2013 8 次提交
    • M
      Btrfs: fix remount vs autodefrag · dc81cdc5
      Miao Xie 提交于
      If we remount the fs to close the auto defragment or make the fs R/O,
      we should stop the auto defragment.
      Signed-off-by: NMiao Xie <miaox@cn.fujitsu.com>
      Signed-off-by: NChris Mason <chris.mason@fusionio.com>
      dc81cdc5
    • M
      Btrfs: fix uncompleted transaction · d4edf39b
      Miao Xie 提交于
      In some cases, we need commit the current transaction, but don't want
      to start a new one if there is no running transaction, so we introduce
      the function - btrfs_attach_transaction(), which can catch the current
      transaction, and return -ENOENT if there is no running transaction.
      
      But no running transaction doesn't mean the current transction completely,
      because we removed the running transaction before it completes. In some
      cases, it doesn't matter. But in some special cases, such as freeze fs, we
      hope the transaction is fully on disk, it will introduce some bugs, for
      example, we may feeze the fs and dump the data in the disk, if the transction
      doesn't complete, we would dump inconsistent data. So we need fix the above
      problem for those cases.
      
      We fixes this problem by introducing a function:
      	btrfs_attach_transaction_barrier()
      if we hope all the transaction is fully on the disk, even they are not
      running, we can use this function.
      Signed-off-by: NMiao Xie <miaox@cn.fujitsu.com>
      Signed-off-by: NJosef Bacik <jbacik@fusionio.com>
      d4edf39b
    • E
      btrfs: fix varargs in __btrfs_std_error · 37252a66
      Eric Sandeen 提交于
      __btrfs_std_error didn't always properly call va_end,
      and might call va_start even if fmt was NULL.
      
      Move all the varargs handling into the block where we
      have fmt.
      Signed-off-by: NEric Sandeen <sandeen@redhat.com>
      Signed-off-by: NJosef Bacik <jbacik@fusionio.com>
      37252a66
    • E
      btrfs: annotate intentional switch case fallthroughs · 1c697d4a
      Eric Sandeen 提交于
      This keeps static checkers happy.
      Signed-off-by: NEric Sandeen <sandeen@redhat.com>
      Signed-off-by: NJosef Bacik <jbacik@fusionio.com>
      1c697d4a
    • E
      btrfs: handle null fs_info in btrfs_panic() · aa43a17c
      Eric Sandeen 提交于
      At least backref_tree_panic() can apparently pass
      in a null fs_info, so handle that in __btrfs_panic
      to get the message out on the console.
      
      The btrfs_panic macro also uses fs_info, but that's
      largely pointless; it's testing to see if
      BTRFS_MOUNT_PANIC_ON_FATAL_ERROR is not set.
      But if it *were* set, __btrfs_panic() would have,
      well, paniced and we wouldn't be here, testing it!
      So just BUG() at this point.
      
      And since we only use fs_info once now, just use it
      directly.
      Signed-off-by: NEric Sandeen <sandeen@redhat.com>
      Signed-off-by: NJosef Bacik <jbacik@fusionio.com>
      aa43a17c
    • E
      5a016047
    • M
      Btrfs: use bit operation for ->fs_state · 87533c47
      Miao Xie 提交于
      There is no lock to protect fs_info->fs_state, it will introduce
      some problems, such as the value may be covered by the other task
      when several tasks modify it. For example:
      	Task0 - CPU0		Task1 - CPU1
      	mov %fs_state rax
      	or $0x1 rax
      				mov %fs_state rax
      				or $0x2 rax
      	mov rax %fs_state
      				mov rax %fs_state
      The expected value is 3, but in fact, it is 2.
      
      Though this problem doesn't happen now (because there is only one
      flag currently), the code is error prone, if we add other flags,
      the above problem will happen to a certainty.
      
      Now we use bit operation for it to fix the above problem.
      In this way, we can make the code more robust and be easy to
      add new flags.
      Signed-off-by: NMiao Xie <miaox@cn.fujitsu.com>
      Signed-off-by: NJosef Bacik <jbacik@fusionio.com>
      87533c47
    • M
      Btrfs: protect fs_info->alloc_start · c018daec
      Miao Xie 提交于
      fs_info->alloc_start is a 64bits variant, can be accessed by
      multi-task, but it is not protected strictly, it can be changed
      while we are accessing it. On 32bit machine, we will get wrong
      value because we access it by two instructions.(In fact, it is
      also possible that the same problem happens on the 64bit machine,
      because the compiler may split the 64bit operation into two 32bit
      operation.)
      
      For example:
      Assuming -> alloc_start is 0x0000 0000 0001 0000 at the beginning,
      then we remount and set ->alloc_start to 0x0000 0100 0000 0000.
      	Task0 			Task1
      				load high 32 bits
      	set high 32 bits
      	set low 32 bits
      				load low 32 bits
      
      Task1 will get 0.
      
      This patch fixes this problem by using two locks to protect it
      	fs_info->chunk_mutex
      	sb->s_umount
      On the read side, we just need get one of these two locks, and on
      the write side, we must lock all of them.
      Signed-off-by: NMiao Xie <miaox@cn.fujitsu.com>
      Signed-off-by: NJosef Bacik <jbacik@fusionio.com>
      c018daec
  4. 20 2月, 2013 2 次提交
  5. 25 1月, 2013 1 次提交
  6. 17 12月, 2012 1 次提交
  7. 13 12月, 2012 6 次提交
  8. 09 10月, 2012 3 次提交
    • A
      Btrfs: make compress and nodatacow mount options mutually exclusive · bedb2cca
      Andrei Popa 提交于
      If a filesystem is mounted with compression and then remounted by adding nodatacow,
      the compression is disabled but the compress flag is still visible.
      Also, if a filesystem is mounted with nodatacow and then remounted with compression,
      nodatacow flag is still present but it's not active.
      This patch:
      - removes compress flags and notifies that the compression has been disabled if the
        filesystem is mounted with nodatacow
      - removes nodatacow and nodatasum flags if mounted with compress.
      Signed-off-by: NAndrei Popa <andrei.popa@i-neo.ro>
      bedb2cca
    • D
      btrfs: fix message printing · 48940662
      Daniel J Blueman 提交于
      Fix various messages to include newline and module prefix.
      Signed-off-by: NDaniel J Blueman <daniel@quora.org>
      48940662
    • M
      Btrfs: fix orphan transaction on the freezed filesystem · 354aa0fb
      Miao Xie 提交于
      With the following debug patch:
      
       static int btrfs_freeze(struct super_block *sb)
       {
      + 	struct btrfs_fs_info *fs_info = btrfs_sb(sb);
      +	struct btrfs_transaction *trans;
      +
      +	spin_lock(&fs_info->trans_lock);
      +	trans = fs_info->running_transaction;
      +	if (trans) {
      +		printk("Transid %llu, use_count %d, num_writer %d\n",
      +			trans->transid, atomic_read(&trans->use_count),
      +			atomic_read(&trans->num_writers));
      +	}
      +	spin_unlock(&fs_info->trans_lock);
       	return 0;
       }
      
      I found there was a orphan transaction after the freeze operation was done.
      
      It is because the transaction may not be committed when the transaction handle
      end even though it is the last handle of the current transaction. This design
      avoid committing the transaction frequently, but also introduce the above
      problem.
      
      So I add btrfs_attach_transaction() which can catch the current transaction
      and commit it. If there is no transaction, it will return ENOENT, and do not
      anything.
      
      This function also can be used to instead of btrfs_join_transaction_freeze()
      because it don't increase the writer counter and don't start a new transaction,
      so it also can fix the deadlock between sync and freeze.
      
      Besides that, it is used to instead of btrfs_join_transaction() in
      transaction_kthread(), because if there is no transaction, the transaction
      kthread needn't anything.
      Signed-off-by: NMiao Xie <miaox@cn.fujitsu.com>
      354aa0fb
  9. 04 10月, 2012 3 次提交
  10. 02 10月, 2012 2 次提交
    • M
      Btrfs: output more information when aborting a unused transaction handle · 69ce977a
      Miao Xie 提交于
      Though we dump the stack information when aborting a unused transaction
      handle, we don't know the correct place where we decide to abort the
      transaction handle if one function has several place where the transaction
      abort function is invoked and jumps to the same place after this call.
      And beside that we also don't know the reason why we jump to abort
      the current handle. So I modify the transaction abort function and make
      it output the function name, line and error information.
      Signed-off-by: NMiao Xie <miaox@cn.fujitsu.com>
      69ce977a
    • M
      Btrfs: use a slab for ordered extents allocation · 6352b91d
      Miao Xie 提交于
      The ordered extent allocation is in the fast path of the IO, so use a slab
      to improve the speed of the allocation.
      
       "Size of the struct is 280, so this will fall into the size-512 bucket,
        giving 8 objects per page, while own slab will pack 14 objects into a page.
      
        Another benefit I see is to check for leaked objects when the module is
        removed (and the cache destroy takes place)."
      						-- David Sterba
      Signed-off-by: NMiao Xie <miaox@cn.fujitsu.com>
      6352b91d
  11. 29 8月, 2012 2 次提交
    • J
      Btrfs: fix deadlock with freeze and sync V2 · bd7de2c9
      Josef Bacik 提交于
      We can deadlock with freeze right now because we unconditionally start a
      transaction in our ->sync_fs() call.  To fix this just check and see if we
      have a running transaction to commit.  This saves us from the deadlock
      because at this point we'll have the umount sem for the sb so we're safe
      from freezes coming in after we've done our check.  With this patch the
      freeze xfstests no longer deadlocks.  Thanks,
      Signed-off-by: NJosef Bacik <jbacik@fusionio.com>
      Signed-off-by: NChris Mason <chris.mason@oracle.com>
      bd7de2c9
    • J
      Btrfs: do not use missing devices when showing devname · aa9ddcd4
      Josef Bacik 提交于
      If you do the following
      
      mkfs.btrfs /dev/sdb /dev/sdc
      rmmod btrfs
      dd if=/dev/zero of=/dev/sdb bs=1M count=1
      mount -o degraded /dev/sdc /mnt/btrfs-test
      
      the box will panic trying to deref the name for the missing dev since it is
      the lower numbered devid.  So fix show_devname to not use missing devices.
      Thanks,
      Signed-off-by: NJosef Bacik <jbacik@fusionio.com>
      aa9ddcd4
  12. 04 8月, 2012 1 次提交
  13. 31 7月, 2012 1 次提交
  14. 26 7月, 2012 1 次提交
  15. 24 7月, 2012 2 次提交
    • J
      Btrfs: add DEVICE_READY ioctl · 02db0844
      Josef Bacik 提交于
      This will be used in conjunction with btrfs device ready <dev>.  This is
      needed for initrd's to have a nice and lightweight way to tell if all of the
      devices needed for a file system are in the cache currently.  This keeps
      them from having to do mount+sleep loops waiting for devices to show up.
      Thanks,
      Signed-off-by: NJosef Bacik <jbacik@fusionio.com>
      02db0844
    • A
      Btrfs: allow mount -o remount,compress=no · 063849ea
      Arnd Hannemann 提交于
      Btrfs allows to turn on compression on a mounted and used filesystem
      by issuing mount -o remount,compress=lzo.
      This patch allows to turn compression off again
      while the filesystem is mounted. As suggested by David Sterba
      if the compress-force option was set, it is implicitly cleared
      if compression is turned off.
      Tested-by: NDavid Sterba <dsterba@suse.cz>
      Signed-off-by: NArnd Hannemann <arnd@arndnet.de>
      063849ea