- 06 7月, 2016 1 次提交
-
-
由 Jann Horn 提交于
In orangefs_inode_getxattr(), an fsuid is written to dmesg. The kuid is converted to a userspace uid via from_kuid(current_user_ns(), [...]), but since dmesg is global, init_user_ns should be used here instead. In copy_attributes_from_inode(), op_alloc() and fill_default_sys_attrs(), upcall structures are populated with uids/gids that have been mapped into the caller's namespace. However, those upcall structures are read by another process (the userspace filesystem driver), and that process might be running in another namespace. This effectively lets any user spoof its uid and gid as seen by the userspace filesystem driver. To fix the second issue, I just construct the opcall structures with init_user_ns uids/gids and require the filesystem server to run in the init namespace. Since orangefs is full of global state anyway (as the error message in DUMP_DEVICE_ERROR explains, there can only be one userspace orangefs filesystem driver at once), that shouldn't be a problem. [ Why does orangefs even exist in the kernel if everything does upcalls into userspace? What does orangefs do that couldn't be done with the FUSE interface? If there is no good answer to those questions, I'd prefer to see orangefs kicked out of the kernel. Can that be done for something that shipped in a release? According to commit f7ab093f ("Orangefs: kernel client part 1"), they even already have a FUSE daemon, and the only rational reason (apart from "but most of our users report preferring to use our kernel module instead") given for not wanting to use FUSE is one "in-the-works" feature that could probably be integated into FUSE instead. ] This patch has been compile-tested. Signed-off-by: NJann Horn <jannh@google.com> Signed-off-by: NMike Marshall <hubcap@omnibond.com>
-
- 20 2月, 2016 4 次提交
-
-
由 Al Viro 提交于
not needed anymore Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NMike Marshall <hubcap@omnibond.com>
-
由 Al Viro 提交于
shouldn't be needed now Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NMike Marshall <hubcap@omnibond.com>
-
由 Al Viro 提交于
turn op->waitq into struct completion... Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NMike Marshall <hubcap@omnibond.com>
-
由 Al Viro 提交于
Make cancels reuse the aborted read/write op, to make sure they do not fail on lack of memory. Don't issue a cancel unless the daemon has seen our read/write, has not replied and isn't being shut down. If cancel *is* issued, don't wait for it to complete; stash the slot in there and just have it freed when cancel is finally replied to or purged (and delay dropping the reference until then, obviously). Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NMike Marshall <hubcap@omnibond.com>
-
- 05 2月, 2016 1 次提交
-
-
由 Mike Marshall 提交于
A couple of caches were no longer needed: - iov_iter improvements to orangefs_devreq_write_iter eliminated the need for the dev_req_cache. - removal (months ago) of the old AIO code eliminated the need for the kiocb_cache. Also, deobfuscation of use of GFP_KERNEL when calling kmem_cache_(z)alloc for remaining caches. Signed-off-by: NMike Marshall <hubcap@omnibond.com>
-
- 24 1月, 2016 3 次提交
-
-
由 Al Viro 提交于
fold orangefs_op_initialize() in there, don't bother locking something nobody else could've seen yet, use kmem_cache_zalloc() instead of explicit memset()... Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NMike Marshall <hubcap@omnibond.com>
-
由 Al Viro 提交于
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NMike Marshall <hubcap@omnibond.com>
-
由 Al Viro 提交于
* create with refcount 1 * make op_release() decrement and free if zero (i.e. old put_op() has become that). * mark when submitter has given up waiting; from that point nobody else can move between the lists, change state, etc. * have daemon read/write_iter grab a reference when picking op and *always* give it up in the end * don't put into hash until we know it's been successfully passed to daemon * move op->lock _lower_ than htab_in_progress_lock (and make sure to take it in purge_inprogress_ops()) Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NMike Marshall <hubcap@omnibond.com>
-
- 14 1月, 2016 1 次提交
-
-
由 Mike Marshall 提交于
The op structure's ref_count member hasn't got anything to do with asynchronous I/O. Signed-off-by: NMike Marshall <hubcap@omnibond.com>
-
- 18 12月, 2015 1 次提交
-
-
由 Martin Brandenburg 提交于
There was previously MAX_ALIGNED_DEV_REQ_(UP|DOWN)SIZE macros which evaluated to MAX_DEV_REQ_(UP|DOWN)SIZE+8. As it is unclear what this is for, other than creating a situation where we accept more data than we can parse, it is removed. Signed-off-by: NMike Marshall <hubcap@omnibond.com> Signed-off-by: NMartin Brandenburg <martin@omnibond.com>
-
- 05 12月, 2015 1 次提交
-
-
由 Mike Marshall 提交于
Also changed references within source files that referred to header files whose names had changed. Signed-off-by: NMike Marshall <hubcap@omnibond.com>
-
- 04 12月, 2015 1 次提交
-
-
由 Yi Liu 提交于
OrangeFS was formerly known as PVFS2 and retains the name in many places. I leave the device /dev/pvfs2-req since this affects userspace. I leave the filesystem type pvfs2 since this affects userspace. Further the OrangeFS sysint library reads fstab for an entry of type pvfs2 independently of kernel mounts. I leave extended attribute keys user.pvfs2 and system.pvfs2 as the sysint library understands these. I leave references to userspace binaries still named pvfs2. I leave the filenames. Signed-off-by: NYi Liu <yi9@clemson.edu> [martin@omnibond.com: clairify above constraints and merge] Signed-off-by: NMartin Brandenburg <martin@omnibond.com> Signed-off-by: NMike Marshall <hubcap@omnibond.com>
-
- 14 11月, 2015 1 次提交
-
-
由 Martin Brandenburg 提交于
Also removes remnants of iox (readx/writex) which previously used trailers, but no longer exist. Signed-off-by: NMartin Brandenburg <martin@omnibond.com> Signed-off-by: NMike Marshall <hubcap@omnibond.com>
-
- 03 10月, 2015 1 次提交
-
-
由 Mike Marshall 提交于
Signed-off-by: NMike Marshall <hubcap@omnibond.com>
-