1. 20 11月, 2012 6 次提交
  2. 19 11月, 2012 8 次提交
    • E
      vfs: Allow unprivileged manipulation of the mount namespace. · 0c55cfc4
      Eric W. Biederman 提交于
      - Add a filesystem flag to mark filesystems that are safe to mount as
        an unprivileged user.
      
      - Add a filesystem flag to mark filesystems that don't need MNT_NODEV
        when mounted by an unprivileged user.
      
      - Relax the permission checks to allow unprivileged users that have
        CAP_SYS_ADMIN permissions in the user namespace referred to by the
        current mount namespace to be allowed to mount, unmount, and move
        filesystems.
      Acked-by: N"Serge E. Hallyn" <serge@hallyn.com>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      0c55cfc4
    • E
      vfs: Add a user namespace reference from struct mnt_namespace · 771b1371
      Eric W. Biederman 提交于
      This will allow for support for unprivileged mounts in a new user namespace.
      Acked-by: N"Serge E. Hallyn" <serge@hallyn.com>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      771b1371
    • E
      vfs: Add setns support for the mount namespace · 8823c079
      Eric W. Biederman 提交于
      setns support for the mount namespace is a little tricky as an
      arbitrary decision must be made about what to set fs->root and
      fs->pwd to, as there is no expectation of a relationship between
      the two mount namespaces.  Therefore I arbitrarily find the root
      mount point, and follow every mount on top of it to find the top
      of the mount stack.  Then I set fs->root and fs->pwd to that
      location.  The topmost root of the mount stack seems like a
      reasonable place to be.
      
      Bind mount support for the mount namespace inodes has the
      possibility of creating circular dependencies between mount
      namespaces.  Circular dependencies can result in loops that
      prevent mount namespaces from every being freed.  I avoid
      creating those circular dependencies by adding a sequence number
      to the mount namespace and require all bind mounts be of a
      younger mount namespace into an older mount namespace.
      
      Add a helper function proc_ns_inode so it is possible to
      detect when we are attempting to bind mound a namespace inode.
      Acked-by: NSerge Hallyn <serge.hallyn@canonical.com>
      Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
      8823c079
    • E
      pidns: Add setns support · 57e8391d
      Eric W. Biederman 提交于
      - Pid namespaces are designed to be inescapable so verify that the
        passed in pid namespace is a child of the currently active
        pid namespace or the currently active pid namespace itself.
      
        Allowing the currently active pid namespace is important so
        the effects of an earlier setns can be cancelled.
      Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
      57e8391d
    • E
      pidns: Make the pidns proc mount/umount logic obvious. · 0a01f2cc
      Eric W. Biederman 提交于
      Track the number of pids in the proc hash table.  When the number of
      pids goes to 0 schedule work to unmount the kernel mount of proc.
      
      Move the mount of proc into alloc_pid when we allocate the pid for
      init.
      
      Remove the surprising calls of pid_ns_release proc in fork and
      proc_flush_task.  Those code paths really shouldn't know about proc
      namespace implementation details and people have demonstrated several
      times that finding and understanding those code paths is difficult and
      non-obvious.
      
      Because of the call path detach pid is alwasy called with the
      rtnl_lock held free_pid is not allowed to sleep, so the work to
      unmounting proc is moved to a work queue.  This has the side benefit
      of not blocking the entire world waiting for the unnecessary
      rcu_barrier in deactivate_locked_super.
      
      In the process of making the code clear and obvious this fixes a bug
      reported by Gao feng <gaofeng@cn.fujitsu.com> where we would leak a
      mount of proc during clone(CLONE_NEWPID|CLONE_NEWNET) if copy_pid_ns
      succeeded and copy_net_ns failed.
      Acked-by: N"Serge E. Hallyn" <serge@hallyn.com>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      0a01f2cc
    • E
      pidns: Capture the user namespace and filter ns_last_pid · 49f4d8b9
      Eric W. Biederman 提交于
      - Capture the the user namespace that creates the pid namespace
      - Use that user namespace to test if it is ok to write to
        /proc/sys/kernel/ns_last_pid.
      
      Zhao Hongjiang <zhaohongjiang@huawei.com> noticed I was missing a put_user_ns
      in when destroying a pid_ns.  I have foloded his patch into this one
      so that bisects will work properly.
      Acked-by: NSerge Hallyn <serge.hallyn@canonical.com>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      49f4d8b9
    • E
      userns: make each net (net_ns) belong to a user_ns · 038e7332
      Eric W. Biederman 提交于
      The user namespace which creates a new network namespace owns that
      namespace and all resources created in it.  This way we can target
      capability checks for privileged operations against network resources to
      the user_ns which created the network namespace in which the resource
      lives.  Privilege to the user namespace which owns the network
      namespace, or any parent user namespace thereof, provides the same
      privilege to the network resource.
      
      This patch is reworked from a version originally by
      Serge E. Hallyn <serge.hallyn@canonical.com>
      Acked-by: NSerge Hallyn <serge.hallyn@canonical.com>
      Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
      038e7332
    • E
      netns: Deduplicate and fix copy_net_ns when !CONFIG_NET_NS · d727abcb
      Eric W. Biederman 提交于
      The copy of copy_net_ns used when the network stack is not
      built is broken as it does not return -EINVAL when attempting
      to create a new network namespace.  We don't even have
      a previous network namespace.
      
      Since we need a copy of copy_net_ns in net/net_namespace.h that is
      available when the networking stack is not built at all move the
      correct version of copy_net_ns from net_namespace.c into net_namespace.h
      Leaving us with just 2 versions of copy_net_ns.  One version for when
      we compile in network namespace suport and another stub for all other
      occasions.
      Acked-by: NSerge Hallyn <serge.hallyn@canonical.com>
      Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
      d727abcb
  3. 29 10月, 2012 2 次提交
  4. 26 10月, 2012 1 次提交
  5. 25 10月, 2012 2 次提交
  6. 24 10月, 2012 2 次提交
  7. 23 10月, 2012 3 次提交
  8. 22 10月, 2012 1 次提交
  9. 20 10月, 2012 4 次提交
  10. 19 10月, 2012 1 次提交
  11. 18 10月, 2012 4 次提交
    • K
      of/irq: sparse fixes · d2e41518
      Kim Phillips 提交于
      drivers/of/irq.c:195:57: warning: restricted __be32 degrades to integer
      drivers/of/irq.c:196:51: warning: restricted __be32 degrades to integer
      drivers/of/irq.c:199:57: warning: restricted __be32 degrades to integer
      drivers/of/irq.c:201:58: warning: restricted __be32 degrades to integer
      drivers/of/irq.c:470:37: warning: incorrect type in assignment (different modifiers)
      drivers/of/irq.c:470:37:    expected int ( *[usertype] irq_init_cb )( ... )
      drivers/of/irq.c:470:37:    got void const *const data
      drivers/of/irq.c:96:5: error: symbol 'of_irq_map_raw' redeclared with different type (originally declared at include/linux/of_irq.h:61) - incompatible argument 2 (different base types)
      
      drivers/of/of_pci_irq.c:91:40: warning: incorrect type in argument 2 (different base types)
      drivers/of/of_pci_irq.c:91:40:    expected unsigned int const [usertype] *intspec
      drivers/of/of_pci_irq.c:91:40:    got restricted __be32 *<noident>
      drivers/of/of_pci_irq.c:91:53: warning: incorrect type in argument 4 (different base types)
      drivers/of/of_pci_irq.c:91:53:    expected unsigned int const [usertype] *addr
      drivers/of/of_pci_irq.c:91:53:    got restricted __be32 *<noident>
      Signed-off-by: NKim Phillips <kim.phillips@freescale.com>
      Signed-off-by: NRob Herring <rob.herring@calxeda.com>
      d2e41518
    • K
      of/address: sparse fixes · 47b1e689
      Kim Phillips 提交于
      drivers/of/address.c:66:29: warning: incorrect type in argument 1 (different base types)
      drivers/of/address.c:66:29:    expected restricted __be32 const [usertype] *cell
      drivers/of/address.c:66:29:    got unsigned int [usertype] *addr
      drivers/of/address.c:87:32: warning: incorrect type in argument 1 (different base types)
      drivers/of/address.c:87:32:    expected restricted __be32 const [usertype] *cell
      drivers/of/address.c:87:32:    got unsigned int [usertype] *addr
      drivers/of/address.c:91:30: warning: incorrect type in assignment (different base types)
      drivers/of/address.c:91:30:    expected unsigned int [unsigned] [usertype] <noident>
      drivers/of/address.c:91:30:    got restricted __be32 [usertype] <noident>
      drivers/of/address.c:92:22: warning: incorrect type in assignment (different base types)
      drivers/of/address.c:92:22:    expected unsigned int [unsigned] [usertype] <noident>
      drivers/of/address.c:92:22:    got restricted __be32 [usertype] <noident>
      drivers/of/address.c:147:35: warning: incorrect type in argument 1 (different base types)
      drivers/of/address.c:147:35:    expected restricted __be32 const [usertype] *addr
      drivers/of/address.c:147:35:    got unsigned int [usertype] *addr
      drivers/of/address.c:157:34: warning: incorrect type in argument 1 (different base types)
      drivers/of/address.c:157:34:    expected restricted __be32 const [usertype] *cell
      drivers/of/address.c:157:34:    got unsigned int [usertype] *
      drivers/of/address.c:256:29: warning: restricted __be32 degrades to integer
      drivers/of/address.c:256:36: warning: restricted __be32 degrades to integer
      drivers/of/address.c:262:34: warning: incorrect type in argument 1 (different base types)
      drivers/of/address.c:262:34:    expected restricted __be32 const [usertype] *cell
      drivers/of/address.c:262:34:    got unsigned int [usertype] *
      drivers/of/address.c:372:41: warning: incorrect type in argument 1 (different base types)
      drivers/of/address.c:372:41:    expected restricted __be32 const [usertype] *cell
      drivers/of/address.c:372:41:    got unsigned int [usertype] *addr
      drivers/of/address.c:395:53: warning: incorrect type in argument 2 (different base types)
      drivers/of/address.c:395:53:    expected restricted __be32 const [usertype] *addr
      drivers/of/address.c:395:53:    got unsigned int [usertype] *addr
      drivers/of/address.c:443:50: warning: incorrect type in argument 2 (different base types)
      drivers/of/address.c:443:50:    expected restricted __be32 const [usertype] *addr
      drivers/of/address.c:443:50:    got unsigned int *<noident>
      drivers/of/address.c:455:49: warning: incorrect type in argument 1 (different base types)
      drivers/of/address.c:455:49:    expected restricted __be32 const [usertype] *cell
      drivers/of/address.c:455:49:    got unsigned int *<noident>
      drivers/of/address.c:480:60: warning: incorrect type in argument 2 (different base types)
      drivers/of/address.c:480:60:    expected restricted __be32 const [usertype] *addr
      drivers/of/address.c:480:60:    got unsigned int *<noident>
      drivers/of/address.c:412:5: warning: symbol '__of_translate_address' was not declared. Should it be static?
      drivers/of/address.c:520:14: error: symbol 'of_get_address' redeclared with different type (originally declared at include/linux/of_address.h:22) - different base types
      Signed-off-by: NKim Phillips <kim.phillips@freescale.com>
      Signed-off-by: NRob Herring <rob.herring@calxeda.com>
      47b1e689
    • O
      of: add stub of_get_child_by_name for non-OF builds · 25c040c9
      Olof Johansson 提交于
      Fixes build error on s3c6400_defconfig, introduced by commit
      06455bbc, "dt/s3c64xx/spi: Use
      of_get_child_by_name to get a named child".
      
      drivers/spi/spi-s3c64xx.c: In function 's3c64xx_get_slave_ctrldata':
      drivers/spi/spi-s3c64xx.c:838:2: error: implicit declaration of function
          'of_get_child_by_name' [-Werror=implicit-function-declaration]
      Signed-off-by: NOlof Johansson <olof@lixom.net>
      Signed-off-by: NRob Herring <rob.herring@calxeda.com>
      25c040c9
    • G
      USB: usb.h: remove dbg() macro · 2c78040c
      Greg Kroah-Hartman 提交于
      There are no users of this macro anymore in the kernel tree, so finally
      delete it.
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      2c78040c
  12. 17 10月, 2012 6 次提交