1. 11 9月, 2009 1 次提交
  2. 19 5月, 2009 1 次提交
    • M
      splice: fix kmaps in default_file_splice_write() · b2858d7d
      Miklos Szeredi 提交于
      Unfortunately multiple kmap() within a single thread are deadlockable,
      so writing out multiple buffers with writev() isn't possible.
      
      Change the implementation so that it does a separate write() for each
      buffer.  This actually simplifies the code a lot since the
      splice_from_pipe() helper can be used.
      
      This limitation is caused by HIGHMEM pages, and so only affects a
      subset of architectures and configurations.  In the future it may be
      worth to implement default_file_splice_write() in a more efficient way
      on configs that allow it.
      Signed-off-by: NMiklos Szeredi <mszeredi@suse.cz>
      Signed-off-by: NJens Axboe <jens.axboe@oracle.com>
      b2858d7d
  3. 14 5月, 2009 1 次提交
  4. 13 5月, 2009 1 次提交
  5. 11 5月, 2009 3 次提交
    • M
      splice: implement default splice_write method · 0b0a47f5
      Miklos Szeredi 提交于
      If f_op->splice_write() is not implemented, fall back to a plain write.
      Use vfs_writev() to write from the pipe buffers.
      
      This will allow splice on all filesystems and file types.  This
      includes "direct_io" files in fuse which bypass the page cache.
      Signed-off-by: NMiklos Szeredi <mszeredi@suse.cz>
      Signed-off-by: NJens Axboe <jens.axboe@oracle.com>
      0b0a47f5
    • M
      splice: implement default splice_read method · 6818173b
      Miklos Szeredi 提交于
      If f_op->splice_read() is not implemented, fall back to a plain read.
      Use vfs_readv() to read into previously allocated pages.
      
      This will allow splice and functions using splice, such as the loop
      device, to work on all filesystems.  This includes "direct_io" files
      in fuse which bypass the page cache.
      Signed-off-by: NMiklos Szeredi <mszeredi@suse.cz>
      Signed-off-by: NJens Axboe <jens.axboe@oracle.com>
      6818173b
    • M
      splice: implement pipe to pipe splicing · 7c77f0b3
      Miklos Szeredi 提交于
      Allow splice(2) to work when both the input and the output is a pipe.
      
      Based on the impementation of the tee(2) syscall, but instead of
      duplicating the buffer references move the buffers from the input pipe
      to the output pipe.
      
      Moving the whole buffer only succeeds if the full length of the buffer
      is spliced.  Otherwise duplicate the buffer, just like tee(2), set the
      length of the output buffer and advance the offset on the input
      buffer.
      
      Since splice is operating on two pipes, special care needs to be taken
      with locking to prevent AN ABBA deadlock.  Again this is done
      similarly to the tee(2) syscall, first preparing the input and output
      pipes so there's data to consume and space for that data, and then
      doing the move operation while holding both locks.
      
      If other processes are doing I/O on the same pipes parallel to the
      splice, then by the time both inodes are locked there might be no
      buffers left to move, or no space to move them to.  In this case retry
      the whole operation, including the preparation phase.  This could lead
      to starvation, but I'm not sure if that's serious enough to worry
      about.
      Signed-off-by: NMiklos Szeredi <mszeredi@suse.cz>
      Signed-off-by: NJens Axboe <jens.axboe@oracle.com>
      7c77f0b3
  6. 17 4月, 2009 1 次提交
  7. 15 4月, 2009 6 次提交
  8. 07 4月, 2009 1 次提交
    • M
      splice: fix deadlock in splicing to file · 7bfac9ec
      Miklos Szeredi 提交于
      There's a possible deadlock in generic_file_splice_write(),
      splice_from_pipe() and ocfs2_file_splice_write():
      
       - task A calls generic_file_splice_write()
       - this calls inode_double_lock(), which locks i_mutex on both
         pipe->inode and target inode
       - ordering depends on inode pointers, can happen that pipe->inode is
         locked first
       - __splice_from_pipe() needs more data, calls pipe_wait()
       - this releases lock on pipe->inode, goes to interruptible sleep
       - task B calls generic_file_splice_write(), similarly to the first
       - this locks pipe->inode, then tries to lock inode, but that is
         already held by task A
       - task A is interrupted, it tries to lock pipe->inode, but fails, as
         it is already held by task B
       - ABBA deadlock
      
      Fix this by explicitly ordering locks: the outer lock must be on
      target inode and the inner lock (which is later unlocked and relocked)
      must be on pipe->inode.  This is OK, pipe inodes and target inodes
      form two nonoverlapping sets, generic_file_splice_write() and friends
      are not called with a target which is a pipe.
      Signed-off-by: NMiklos Szeredi <mszeredi@suse.cz>
      Acked-by: NMark Fasheh <mfasheh@suse.com>
      Acked-by: NJens Axboe <jens.axboe@oracle.com>
      Cc: stable@kernel.org
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      7bfac9ec
  9. 03 4月, 2009 1 次提交
  10. 14 1月, 2009 1 次提交
  11. 09 1月, 2009 1 次提交
    • K
      memcg: synchronized LRU · 08e552c6
      KAMEZAWA Hiroyuki 提交于
      A big patch for changing memcg's LRU semantics.
      
      Now,
        - page_cgroup is linked to mem_cgroup's its own LRU (per zone).
      
        - LRU of page_cgroup is not synchronous with global LRU.
      
        - page and page_cgroup is one-to-one and statically allocated.
      
        - To find page_cgroup is on what LRU, you have to check pc->mem_cgroup as
          - lru = page_cgroup_zoneinfo(pc, nid_of_pc, zid_of_pc);
      
        - SwapCache is handled.
      
      And, when we handle LRU list of page_cgroup, we do following.
      
      	pc = lookup_page_cgroup(page);
      	lock_page_cgroup(pc); .....................(1)
      	mz = page_cgroup_zoneinfo(pc);
      	spin_lock(&mz->lru_lock);
      	.....add to LRU
      	spin_unlock(&mz->lru_lock);
      	unlock_page_cgroup(pc);
      
      But (1) is spin_lock and we have to be afraid of dead-lock with zone->lru_lock.
      So, trylock() is used at (1), now. Without (1), we can't trust "mz" is correct.
      
      This is a trial to remove this dirty nesting of locks.
      This patch changes mz->lru_lock to be zone->lru_lock.
      Then, above sequence will be written as
      
              spin_lock(&zone->lru_lock); # in vmscan.c or swap.c via global LRU
      	mem_cgroup_add/remove/etc_lru() {
      		pc = lookup_page_cgroup(page);
      		mz = page_cgroup_zoneinfo(pc);
      		if (PageCgroupUsed(pc)) {
      			....add to LRU
      		}
              spin_lock(&zone->lru_lock); # in vmscan.c or swap.c via global LRU
      
      This is much simpler.
      (*) We're safe even if we don't take lock_page_cgroup(pc). Because..
          1. When pc->mem_cgroup can be modified.
             - at charge.
             - at account_move().
          2. at charge
             the PCG_USED bit is not set before pc->mem_cgroup is fixed.
          3. at account_move()
             the page is isolated and not on LRU.
      
      Pros.
        - easy for maintenance.
        - memcg can make use of laziness of pagevec.
        - we don't have to duplicated LRU/Active/Unevictable bit in page_cgroup.
        - LRU status of memcg will be synchronized with global LRU's one.
        - # of locks are reduced.
        - account_move() is simplified very much.
      Cons.
        - may increase cost of LRU rotation.
          (no impact if memcg is not configured.)
      Signed-off-by: NKAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
      Cc: Li Zefan <lizf@cn.fujitsu.com>
      Cc: Balbir Singh <balbir@in.ibm.com>
      Cc: Pavel Emelyanov <xemul@openvz.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      08e552c6
  12. 31 10月, 2008 1 次提交
  13. 10 10月, 2008 1 次提交
    • L
      Don't allow splice() to files opened with O_APPEND · efc968d4
      Linus Torvalds 提交于
      This is debatable, but while we're debating it, let's disallow the
      combination of splice and an O_APPEND destination.
      
      It's not entirely clear what the semantics of O_APPEND should be, and
      POSIX apparently expects pwrite() to ignore O_APPEND, for example.  So
      we could make up any semantics we want, including the old ones.
      
      But Miklos convinced me that we should at least give it some thought,
      and that accepting writes at arbitrary offsets is wrong at least for
      IS_APPEND() files (which always have O_APPEND set, even if the reverse
      isn't true: you can obviously have O_APPEND set on a regular file).
      
      So disallow O_APPEND entirely for now.  I doubt anybody cares, and this
      way we have one less gray area to worry about.
      Reported-and-argued-for-by: NMiklos Szeredi <miklos@szeredi.hu>
      Acked-by: NJens Axboe <ens.axboe@oracle.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      efc968d4
  14. 05 8月, 2008 1 次提交
  15. 27 7月, 2008 2 次提交
  16. 04 7月, 2008 1 次提交
  17. 28 5月, 2008 2 次提交
  18. 08 5月, 2008 1 次提交
  19. 07 5月, 2008 1 次提交
  20. 29 4月, 2008 1 次提交
  21. 10 4月, 2008 1 次提交
  22. 04 4月, 2008 1 次提交
    • H
      splice: use mapping_gfp_mask · 4cd13504
      Hugh Dickins 提交于
      The loop block driver is careful to mask __GFP_IO|__GFP_FS out of its
      mapping_gfp_mask, to avoid hangs under memory pressure.  But nowadays
      it uses splice, usually going through __generic_file_splice_read.  That
      must use mapping_gfp_mask instead of GFP_KERNEL to avoid those hangs.
      Signed-off-by: NHugh Dickins <hugh@veritas.com>
      Cc: Jens Axboe <jens.axboe@oracle.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      4cd13504
  23. 04 3月, 2008 1 次提交
  24. 11 2月, 2008 1 次提交
  25. 09 2月, 2008 1 次提交
  26. 01 2月, 2008 1 次提交
  27. 30 1月, 2008 1 次提交
  28. 29 1月, 2008 1 次提交
  29. 25 1月, 2008 1 次提交
  30. 17 10月, 2007 2 次提交
    • S
      Implement file posix capabilities · b5376771
      Serge E. Hallyn 提交于
      Implement file posix capabilities.  This allows programs to be given a
      subset of root's powers regardless of who runs them, without having to use
      setuid and giving the binary all of root's powers.
      
      This version works with Kaigai Kohei's userspace tools, found at
      http://www.kaigai.gr.jp/index.php.  For more information on how to use this
      patch, Chris Friedhoff has posted a nice page at
      http://www.friedhoff.org/fscaps.html.
      
      Changelog:
      	Nov 27:
      	Incorporate fixes from Andrew Morton
      	(security-introduce-file-caps-tweaks and
      	security-introduce-file-caps-warning-fix)
      	Fix Kconfig dependency.
      	Fix change signaling behavior when file caps are not compiled in.
      
      	Nov 13:
      	Integrate comments from Alexey: Remove CONFIG_ ifdef from
      	capability.h, and use %zd for printing a size_t.
      
      	Nov 13:
      	Fix endianness warnings by sparse as suggested by Alexey
      	Dobriyan.
      
      	Nov 09:
      	Address warnings of unused variables at cap_bprm_set_security
      	when file capabilities are disabled, and simultaneously clean
      	up the code a little, by pulling the new code into a helper
      	function.
      
      	Nov 08:
      	For pointers to required userspace tools and how to use
      	them, see http://www.friedhoff.org/fscaps.html.
      
      	Nov 07:
      	Fix the calculation of the highest bit checked in
      	check_cap_sanity().
      
      	Nov 07:
      	Allow file caps to be enabled without CONFIG_SECURITY, since
      	capabilities are the default.
      	Hook cap_task_setscheduler when !CONFIG_SECURITY.
      	Move capable(TASK_KILL) to end of cap_task_kill to reduce
      	audit messages.
      
      	Nov 05:
      	Add secondary calls in selinux/hooks.c to task_setioprio and
      	task_setscheduler so that selinux and capabilities with file
      	cap support can be stacked.
      
      	Sep 05:
      	As Seth Arnold points out, uid checks are out of place
      	for capability code.
      
      	Sep 01:
      	Define task_setscheduler, task_setioprio, cap_task_kill, and
      	task_setnice to make sure a user cannot affect a process in which
      	they called a program with some fscaps.
      
      	One remaining question is the note under task_setscheduler: are we
      	ok with CAP_SYS_NICE being sufficient to confine a process to a
      	cpuset?
      
      	It is a semantic change, as without fsccaps, attach_task doesn't
      	allow CAP_SYS_NICE to override the uid equivalence check.  But since
      	it uses security_task_setscheduler, which elsewhere is used where
      	CAP_SYS_NICE can be used to override the uid equivalence check,
      	fixing it might be tough.
      
      	     task_setscheduler
      		 note: this also controls cpuset:attach_task.  Are we ok with
      		     CAP_SYS_NICE being used to confine to a cpuset?
      	     task_setioprio
      	     task_setnice
      		 sys_setpriority uses this (through set_one_prio) for another
      		 process.  Need same checks as setrlimit
      
      	Aug 21:
      	Updated secureexec implementation to reflect the fact that
      	euid and uid might be the same and nonzero, but the process
      	might still have elevated caps.
      
      	Aug 15:
      	Handle endianness of xattrs.
      	Enforce capability version match between kernel and disk.
      	Enforce that no bits beyond the known max capability are
      	set, else return -EPERM.
      	With this extra processing, it may be worth reconsidering
      	doing all the work at bprm_set_security rather than
      	d_instantiate.
      
      	Aug 10:
      	Always call getxattr at bprm_set_security, rather than
      	caching it at d_instantiate.
      
      [morgan@kernel.org: file-caps clean up for linux/capability.h]
      [bunk@kernel.org: unexport cap_inode_killpriv]
      Signed-off-by: NSerge E. Hallyn <serue@us.ibm.com>
      Cc: Stephen Smalley <sds@tycho.nsa.gov>
      Cc: James Morris <jmorris@namei.org>
      Cc: Chris Wright <chrisw@sous-sol.org>
      Cc: Andrew Morgan <morgan@kernel.org>
      Signed-off-by: NAndrew Morgan <morgan@kernel.org>
      Signed-off-by: NAdrian Bunk <bunk@kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      b5376771
    • N
      fs: introduce write_begin, write_end, and perform_write aops · afddba49
      Nick Piggin 提交于
      These are intended to replace prepare_write and commit_write with more
      flexible alternatives that are also able to avoid the buffered write
      deadlock problems efficiently (which prepare_write is unable to do).
      
      [mark.fasheh@oracle.com: API design contributions, code review and fixes]
      [akpm@linux-foundation.org: various fixes]
      [dmonakhov@sw.ru: new aop block_write_begin fix]
      Signed-off-by: NNick Piggin <npiggin@suse.de>
      Signed-off-by: NMark Fasheh <mark.fasheh@oracle.com>
      Signed-off-by: NDmitriy Monakhov <dmonakhov@openvz.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      afddba49