1. 25 10月, 2013 1 次提交
  2. 18 9月, 2013 2 次提交
  3. 26 8月, 2013 1 次提交
    • W
      fs/9p: avoid accessing utsname after namespace has been torn down · 50192abe
      Will Deacon 提交于
      During trinity fuzzing in a kvmtool guest, I stumbled across the
      following:
      
      Unable to handle kernel NULL pointer dereference at virtual address 00000004
      PC is at v9fs_file_do_lock+0xc8/0x1a0
      LR is at v9fs_file_do_lock+0x48/0x1a0
      [<c01e2ed0>] (v9fs_file_do_lock+0xc8/0x1a0) from [<c0119154>] (locks_remove_flock+0x8c/0x124)
      [<c0119154>] (locks_remove_flock+0x8c/0x124) from [<c00d9bf0>] (__fput+0x58/0x1e4)
      [<c00d9bf0>] (__fput+0x58/0x1e4) from [<c0044340>] (task_work_run+0xac/0xe8)
      [<c0044340>] (task_work_run+0xac/0xe8) from [<c002e36c>] (do_exit+0x6bc/0x8d8)
      [<c002e36c>] (do_exit+0x6bc/0x8d8) from [<c002e674>] (do_group_exit+0x3c/0xb0)
      [<c002e674>] (do_group_exit+0x3c/0xb0) from [<c002e6f8>] (__wake_up_parent+0x0/0x18)
      
      I believe this is due to an attempt to access utsname()->nodename, after
      exit_task_namespaces() has been called, leaving current->nsproxy->uts_ns
      as NULL and causing the above dereference.
      
      A similar issue was fixed for lockd in 9a1b6bf8 ("LOCKD: Don't call
      utsname()->nodename from nlmclnt_setlockargs"), so this patch attempts
      something similar for 9pfs.
      
      Cc: Eric Van Hensbergen <ericvh@gmail.com>
      Cc: Ron Minnich <rminnich@sandia.gov>
      Cc: Latchesar Ionkov <lucho@ionkov.net>
      Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      Signed-off-by: NEric Van Hensbergen <ericvh@gmail.com>
      50192abe
  4. 30 7月, 2013 1 次提交
  5. 08 7月, 2013 2 次提交
  6. 29 6月, 2013 1 次提交
  7. 22 5月, 2013 1 次提交
    • L
      mm: change invalidatepage prototype to accept length · d47992f8
      Lukas Czerner 提交于
      Currently there is no way to truncate partial page where the end
      truncate point is not at the end of the page. This is because it was not
      needed and the functionality was enough for file system truncate
      operation to work properly. However more file systems now support punch
      hole feature and it can benefit from mm supporting truncating page just
      up to the certain point.
      
      Specifically, with this functionality truncate_inode_pages_range() can
      be changed so it supports truncating partial page at the end of the
      range (currently it will BUG_ON() if 'end' is not at the end of the
      page).
      
      This commit changes the invalidatepage() address space operation
      prototype to accept range to be invalidated and update all the instances
      for it.
      
      We also change the block_invalidatepage() in the same way and actually
      make a use of the new length argument implementing range invalidation.
      
      Actual file system implementations will follow except the file systems
      where the changes are really simple and should not change the behaviour
      in any way .Implementation for truncate_page_range() which will be able
      to accept page unaligned ranges will follow as well.
      Signed-off-by: NLukas Czerner <lczerner@redhat.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Hugh Dickins <hughd@google.com>
      d47992f8
  8. 08 5月, 2013 1 次提交
  9. 04 3月, 2013 1 次提交
    • E
      fs: Limit sys_mount to only request filesystem modules. · 7f78e035
      Eric W. Biederman 提交于
      Modify the request_module to prefix the file system type with "fs-"
      and add aliases to all of the filesystems that can be built as modules
      to match.
      
      A common practice is to build all of the kernel code and leave code
      that is not commonly needed as modules, with the result that many
      users are exposed to any bug anywhere in the kernel.
      
      Looking for filesystems with a fs- prefix limits the pool of possible
      modules that can be loaded by mount to just filesystems trivially
      making things safer with no real cost.
      
      Using aliases means user space can control the policy of which
      filesystem modules are auto-loaded by editing /etc/modprobe.d/*.conf
      with blacklist and alias directives.  Allowing simple, safe,
      well understood work-arounds to known problematic software.
      
      This also addresses a rare but unfortunate problem where the filesystem
      name is not the same as it's module name and module auto-loading
      would not work.  While writing this patch I saw a handful of such
      cases.  The most significant being autofs that lives in the module
      autofs4.
      
      This is relevant to user namespaces because we can reach the request
      module in get_fs_type() without having any special permissions, and
      people get uncomfortable when a user specified string (in this case
      the filesystem type) goes all of the way to request_module.
      
      After having looked at this issue I don't think there is any
      particular reason to perform any filtering or permission checks beyond
      making it clear in the module request that we want a filesystem
      module.  The common pattern in the kernel is to call request_module()
      without regards to the users permissions.  In general all a filesystem
      module does once loaded is call register_filesystem() and go to sleep.
      Which means there is not much attack surface exposed by loading a
      filesytem module unless the filesystem is mounted.  In a user
      namespace filesystems are not mounted unless .fs_flags = FS_USERNS_MOUNT,
      which most filesystems do not set today.
      Acked-by: NSerge Hallyn <serge.hallyn@canonical.com>
      Acked-by: NKees Cook <keescook@chromium.org>
      Reported-by: NKees Cook <keescook@google.com>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      7f78e035
  10. 28 2月, 2013 8 次提交
  11. 26 2月, 2013 7 次提交
  12. 23 2月, 2013 1 次提交
  13. 22 2月, 2013 1 次提交
  14. 12 2月, 2013 5 次提交
    • E
      9p: Modify v9fs_get_fsgid_for_create to return a kgid · d4ef4e35
      Eric W. Biederman 提交于
      Modify v9fs_get_fsgid_for_create to return a kgid and modify all of
      the variables that hold the result of v9fs_get_fsgid_for_create to be
      of type kgid_t.
      
      Cc: Eric Van Hensbergen <ericvh@gmail.com>
      Cc: Ron Minnich <rminnich@gmail.com>
      Cc: Latchesar Ionkov <lucho@ionkov.net>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      d4ef4e35
    • E
      9p: Modify struct v9fs_session_info to use a kuids and kgids · 76ed23a5
      Eric W. Biederman 提交于
      Change struct v9fs_session_info and the code that popluates it to use
      kuids and kgids.  When parsing the 9p mount options convert the
      dfltuid, dflutgid, and the session uid from the current user namespace
      into kuids and kgids.  Modify V9FS_DEFUID and V9FS_DEFGUID to be kuid
      and kgid values.
      
      Cc: Eric Van Hensbergen <ericvh@gmail.com>
      Cc: Ron Minnich <rminnich@gmail.com>
      Cc: Latchesar Ionkov <lucho@ionkov.net>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      76ed23a5
    • E
      9p: Modify struct 9p_fid to use a kuid_t not a uid_t · b4642556
      Eric W. Biederman 提交于
      Change struct 9p_fid and it's associated functions to
      use kuid_t's instead of uid_t.
      
      Cc: Eric Van Hensbergen <ericvh@gmail.com>
      Cc: Ron Minnich <rminnich@gmail.com>
      Cc: Latchesar Ionkov <lucho@ionkov.net>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      b4642556
    • E
      9p: Modify the stat structures to use kuid_t and kgid_t · 447c5094
      Eric W. Biederman 提交于
      9p has thre strucrtures that can encode inode stat information.  Modify
      all of those structures to contain kuid_t and kgid_t values.  Modify
      he wire encoders and decoders of those structures to use 'u' and 'g' instead of
      'd' in the format string where uids and gids are present.
      
      This results in all kuid and kgid conversion to and from on the wire values
      being performed by the same code in protocol.c where the client is known
      at the time of the conversion.
      
      Cc: Eric Van Hensbergen <ericvh@gmail.com>
      Cc: Ron Minnich <rminnich@gmail.com>
      Cc: Latchesar Ionkov <lucho@ionkov.net>
      Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
      447c5094
    • E
      9p: Transmit kuid and kgid values · f791f7c5
      Eric W. Biederman 提交于
      Modify the p9_client_rpc format specifiers of every function that
      directly transmits a uid or a gid from 'd' to 'u' or 'g' as
      appropriate.
      
      Modify those same functions to take kuid_t and kgid_t parameters
      instead of uid_t and gid_t parameters.
      
      Cc: Eric Van Hensbergen <ericvh@gmail.com>
      Cc: Ron Minnich <rminnich@gmail.com>
      Cc: Latchesar Ionkov <lucho@ionkov.net>
      Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
      f791f7c5
  15. 11 2月, 2013 3 次提交
    • M
      fs/9p: Fix atomic_open · b6f4bee0
      M. Mohan Kumar 提交于
      Return EEXISTS if requested file already exists, without this patch open
      call will always succeed even if the file exists and user specified
      O_CREAT|O_EXCL.
      
      Following test code can be used to verify this patch. Without this patch
      executing following test code on 9p mount will result in printing 'test case
      failed' always.
      
      main()
      {
              int fd;
      
              /* first create the file */
              fd = open("./file", O_CREAT|O_WRONLY);
              if (fd < 0) {
                      perror("open");
                      return -1;
              }
              close(fd);
      
              /* Now opening same file with O_CREAT|O_EXCL should fail */
              fd = open("./file", O_CREAT|O_EXCL);
              if (fd < 0 && errno == EEXIST)
      	        printf("test case pass\n");
              else
      	        printf("test case failed\n");
              close(fd);
              return 0;
      }
      Signed-off-by: NM. Mohan Kumar <mohan@in.ibm.com>
      Signed-off-by: NEric Van Hensbergen <ericvh@gmail.com>
      b6f4bee0
    • A
      fs/9p: Don't use O_TRUNC flag in TOPEN and TLOPEN request · 03f0e022
      Aneesh Kumar K.V 提交于
      We do the truncate via setattr request, hence don't pass the O_TRUNC flag in
      open request. Without this patch we end up sending zero sized write request
      to server when we try to truncate. Some servers (VirtFS) were not handling that
      properly.
      Reported-by: NM. Mohan Kumar <mohan@in.ibm.com>
      Signed-off-by: NAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
      Signed-off-by: NEric Van Hensbergen <ericvh@gmail.com>
      03f0e022
    • A
      locking in fs/9p ->readdir() · 7ffdea7e
      Al Viro 提交于
      	... is really excessive.  First of all, ->readdir() is serialized by
      file->f_path.dentry->d_inode->i_mutex; playing with file->f_path.dentry->d_lock
      is not buying you anything.  Moreover, rdir->mutex is pointless for exactly
      the same reason - you'll never see contention on it.
      
      	While we are at it, there's no point in having rdir->buf a pointer -
      you have it point just past the end of rdir, so it might as well be a flex
      array (and no, it's not a gccism).
      
      	Absolutely untested patch follows:
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: NEric Van Hensbergen <ericvh@gmail.com>
      7ffdea7e
  16. 22 1月, 2013 1 次提交
  17. 09 10月, 2012 1 次提交
    • K
      mm: kill vma flag VM_CAN_NONLINEAR · 0b173bc4
      Konstantin Khlebnikov 提交于
      Move actual pte filling for non-linear file mappings into the new special
      vma operation: ->remap_pages().
      
      Filesystems must implement this method to get non-linear mapping support,
      if it uses filemap_fault() then generic_file_remap_pages() can be used.
      
      Now device drivers can implement this method and obtain nonlinear vma support.
      Signed-off-by: NKonstantin Khlebnikov <khlebnikov@openvz.org>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: Carsten Otte <cotte@de.ibm.com>
      Cc: Chris Metcalf <cmetcalf@tilera.com>	#arch/tile
      Cc: Cyrill Gorcunov <gorcunov@openvz.org>
      Cc: Eric Paris <eparis@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Hugh Dickins <hughd@google.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: James Morris <james.l.morris@oracle.com>
      Cc: Jason Baron <jbaron@redhat.com>
      Cc: Kentaro Takeda <takedakn@nttdata.co.jp>
      Cc: Matt Helsley <matthltc@us.ibm.com>
      Cc: Nick Piggin <npiggin@kernel.dk>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Robert Richter <robert.richter@amd.com>
      Cc: Suresh Siddha <suresh.b.siddha@intel.com>
      Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Cc: Venkatesh Pallipadi <venki@google.com>
      Acked-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      0b173bc4
  18. 03 10月, 2012 1 次提交
  19. 18 9月, 2012 1 次提交
    • E
      userns: Pass a userns parameter into posix_acl_to_xattr and posix_acl_from_xattr · 5f3a4a28
      Eric W. Biederman 提交于
       - Pass the user namespace the uid and gid values in the xattr are stored
         in into posix_acl_from_xattr.
      
       - Pass the user namespace kuid and kgid values should be converted into
         when storing uid and gid values in an xattr in posix_acl_to_xattr.
      
      - Modify all callers of posix_acl_from_xattr and posix_acl_to_xattr to
        pass in &init_user_ns.
      
      In the short term this change is not strictly needed but it makes the
      code clearer.  In the longer term this change is necessary to be able to
      mount filesystems outside of the initial user namespace that natively
      store posix acls in the linux xattr format.
      
      Cc: Theodore Tso <tytso@mit.edu>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andreas Dilger <adilger.kernel@dilger.ca>
      Cc: Jan Kara <jack@suse.cz>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      5f3a4a28