1. 10 12月, 2011 1 次提交
    • S
      PM / Sleep: Fix freezer failures due to racy usermodehelper_is_disabled() · b298d289
      Srivatsa S. Bhat 提交于
      Commit a144c6a6 (PM: Print a warning if firmware is requested when tasks
      are frozen) introduced usermodehelper_is_disabled() to warn and exit
      immediately if firmware is requested when usermodehelpers are disabled.
      
      However, it is racy. Consider the following scenario, currently used in
      drivers/base/firmware_class.c:
      
      ...
      if (usermodehelper_is_disabled())
              goto out;
      
      /* Do actual work */
      ...
      
      out:
              return err;
      
      Nothing prevents someone from disabling usermodehelpers just after the check
      in the 'if' condition, which means that it is quite possible to try doing the
      "actual work" with usermodehelpers disabled, leading to undesirable
      consequences.
      
      In particular, this race condition in _request_firmware() causes task freezing
      failures whenever suspend/hibernation is in progress because, it wrongly waits
      to get the firmware/microcode image from userspace when actually the
      usermodehelpers are disabled or userspace has been frozen.
      Some of the example scenarios that cause freezing failures due to this race
      are those that depend on userspace via request_firmware(), such as x86
      microcode module initialization and microcode image reload.
      
      Previous discussions about this issue can be found at:
      http://thread.gmane.org/gmane.linux.kernel/1198291/focus=1200591
      
      This patch adds proper synchronization to fix this issue.
      
      It is to be noted that this patchset fixes the freezing failures but doesn't
      remove the warnings. IOW, it does not attempt to add explicit synchronization
      to x86 microcode driver to avoid requesting microcode image at inopportune
      moments. Because, the warnings were introduced to highlight such cases, in the
      first place. And we need not silence the warnings, since we take care of the
      *real* problem (freezing failure) and hence, after that, the warnings are
      pretty harmless anyway.
      Signed-off-by: NSrivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
      Signed-off-by: NRafael J. Wysocki <rjw@sisk.pl>
      b298d289
  2. 01 11月, 2011 1 次提交
  3. 18 6月, 2011 1 次提交
    • D
      KEYS/DNS: Fix ____call_usermodehelper() to not lose the session keyring · 87966996
      David Howells 提交于
      ____call_usermodehelper() now erases any credentials set by the
      subprocess_inf::init() function.  The problem is that commit
      17f60a7d ("capabilites: allow the application of capability limits
      to usermode helpers") creates and commits new credentials with
      prepare_kernel_cred() after the call to the init() function.  This wipes
      all keyrings after umh_keys_init() is called.
      
      The best way to deal with this is to put the init() call just prior to
      the commit_creds() call, and pass the cred pointer to init().  That
      means that umh_keys_init() and suchlike can modify the credentials
      _before_ they are published and potentially in use by the rest of the
      system.
      
      This prevents request_key() from working as it is prevented from passing
      the session keyring it set up with the authorisation token to
      /sbin/request-key, and so the latter can't assume the authority to
      instantiate the key.  This causes the in-kernel DNS resolver to fail
      with ENOKEY unconditionally.
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Acked-by: NEric Paris <eparis@redhat.com>
      Tested-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      87966996
  4. 18 5月, 2011 2 次提交
  5. 04 4月, 2011 1 次提交
    • E
      capabilites: allow the application of capability limits to usermode helpers · 17f60a7d
      Eric Paris 提交于
      There is no way to limit the capabilities of usermodehelpers. This problem
      reared its head recently when someone complained that any user with
      cap_net_admin was able to load arbitrary kernel modules, even though the user
      didn't have cap_sys_module.  The reason is because the actual load is done by
      a usermode helper and those always have the full cap set.  This patch addes new
      sysctls which allow us to bound the permissions of usermode helpers.
      
      /proc/sys/kernel/usermodehelper/bset
      /proc/sys/kernel/usermodehelper/inheritable
      
      You must have CAP_SYS_MODULE  and CAP_SETPCAP to change these (changes are
      &= ONLY).  When the kernel launches a usermodehelper it will do so with these
      as the bset and pI.
      
      -v2:	make globals static
      	create spinlock to protect globals
      
      -v3:	require both CAP_SETPCAP and CAP_SYS_MODULE
      -v4:	fix the typo s/CAP_SET_PCAP/CAP_SETPCAP/ because I didn't commit
      Signed-off-by: NEric Paris <eparis@redhat.com>
      No-objection-from: Serge E. Hallyn <serge.hallyn@canonical.com>
      Acked-by: NDavid Howells <dhowells@redhat.com>
      Acked-by: NSerge E. Hallyn <serge.hallyn@canonical.com>
      Acked-by: NAndrew G. Morgan <morgan@kernel.org>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      17f60a7d
  6. 28 5月, 2010 4 次提交
    • O
      umh: creds: kill subprocess_info->cred logic · c70a626d
      Oleg Nesterov 提交于
      Now that nobody ever changes subprocess_info->cred we can kill this member
      and related code.  ____call_usermodehelper() always runs in the context of
      freshly forked kernel thread, it has the proper ->cred copied from its
      parent kthread, keventd.
      Signed-off-by: NOleg Nesterov <oleg@redhat.com>
      Acked-by: NNeil Horman <nhorman@tuxdriver.com>
      Acked-by: NDavid Howells <dhowells@redhat.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      c70a626d
    • O
      umh: creds: convert call_usermodehelper_keys() to use subprocess_info->init() · 685bfd2c
      Oleg Nesterov 提交于
      call_usermodehelper_keys() uses call_usermodehelper_setkeys() to change
      subprocess_info->cred in advance.  Now that we have info->init() we can
      change this code to set tgcred->session_keyring in context of execing
      kernel thread.
      
      Note: since currently call_usermodehelper_keys() is never called with
      UMH_NO_WAIT, call_usermodehelper_keys()->key_get() and umh_keys_cleanup()
      are not really needed, we could rely on install_session_keyring_to_cred()
      which does key_get() on success.
      Signed-off-by: NOleg Nesterov <oleg@redhat.com>
      Acked-by: NNeil Horman <nhorman@tuxdriver.com>
      Acked-by: NDavid Howells <dhowells@redhat.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      685bfd2c
    • N
      exec: replace call_usermodehelper_pipe with use of umh init function and resolve limit · 898b374a
      Neil Horman 提交于
      The first patch in this series introduced an init function to the
      call_usermodehelper api so that processes could be customized by caller.
      This patch takes advantage of that fact, by customizing the helper in
      do_coredump to create the pipe and set its core limit to one (for our
      recusrsion check).  This lets us clean up the previous uglyness in the
      usermodehelper internals and factor call_usermodehelper out entirely.
      While I'm at it, we can also modify the helper setup to look for a core
      limit value of 1 rather than zero for our recursion check
      Signed-off-by: NNeil Horman <nhorman@tuxdriver.com>
      Reviewed-by: NOleg Nesterov <oleg@redhat.com>
      Cc: Andi Kleen <andi@firstfloor.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      898b374a
    • N
      kmod: add init function to usermodehelper · a06a4dc3
      Neil Horman 提交于
      About 6 months ago, I made a set of changes to how the core-dump-to-a-pipe
      feature in the kernel works.  We had reports of several races, including
      some reports of apps bypassing our recursion check so that a process that
      was forked as part of a core_pattern setup could infinitely crash and
      refork until the system crashed.
      
      We fixed those by improving our recursion checks.  The new check basically
      refuses to fork a process if its core limit is zero, which works well.
      
      Unfortunately, I've been getting grief from maintainer of user space
      programs that are inserted as the forked process of core_pattern.  They
      contend that in order for their programs (such as abrt and apport) to
      work, all the running processes in a system must have their core limits
      set to a non-zero value, to which I say 'yes'.  I did this by design, and
      think thats the right way to do things.
      
      But I've been asked to ease this burden on user space enough times that I
      thought I would take a look at it.  The first suggestion was to make the
      recursion check fail on a non-zero 'special' number, like one.  That way
      the core collector process could set its core size ulimit to 1, and enable
      the kernel's recursion detection.  This isn't a bad idea on the surface,
      but I don't like it since its opt-in, in that if a program like abrt or
      apport has a bug and fails to set such a core limit, we're left with a
      recursively crashing system again.
      
      So I've come up with this.  What I've done is modify the
      call_usermodehelper api such that an extra parameter is added, a function
      pointer which will be called by the user helper task, after it forks, but
      before it exec's the required process.  This will give the caller the
      opportunity to get a call back in the processes context, allowing it to do
      whatever it needs to to the process in the kernel prior to exec-ing the
      user space code.  In the case of do_coredump, this callback is ues to set
      the core ulimit of the helper process to 1.  This elimnates the opt-in
      problem that I had above, as it allows the ulimit for core sizes to be set
      to the value of 1, which is what the recursion check looks for in
      do_coredump.
      
      This patch:
      
      Create new function call_usermodehelper_fns() and allow it to assign both
      an init and cleanup function, as we'll as arbitrary data.
      
      The init function is called from the context of the forked process and
      allows for customization of the helper process prior to calling exec.  Its
      return code gates the continuation of the process, or causes its exit.
      Also add an arbitrary data pointer to the subprocess_info struct allowing
      for data to be passed from the caller to the new process, and the
      subsequent cleanup process
      
      Also, use this patch to cleanup the cleanup function.  It currently takes
      an argp and envp pointer for freeing, which is ugly.  Lets instead just
      make the subprocess_info structure public, and pass that to the cleanup
      and init routines
      Signed-off-by: NNeil Horman <nhorman@tuxdriver.com>
      Reviewed-by: NOleg Nesterov <oleg@redhat.com>
      Cc: Andi Kleen <andi@firstfloor.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      a06a4dc3
  7. 13 3月, 2010 1 次提交
  8. 09 4月, 2009 1 次提交
  9. 31 3月, 2009 1 次提交
    • A
      module: create a request_module_nowait() · acae0515
      Arjan van de Ven 提交于
      There seems to be a common pattern in the kernel where drivers want to
      call request_module() from inside a module_init() function. Currently
      this would deadlock.
      
      As a result, several drivers go through hoops like scheduling things via
      kevent, or creating custom work queues (because kevent can deadlock on them).
      
      This patch changes this to use a request_module_nowait() function macro instead,
      which just fires the modprobe off but doesn't wait for it, and thus avoids the
      original deadlock entirely.
      
      On my laptop this already results in one less kernel thread running..
      
      (Includes Jiri's patch to use enum umh_wait)
      Signed-off-by: NArjan van de Ven <arjan@linux.intel.com>
      Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (bool-ified)
      Cc: Jiri Slaby <jirislaby@gmail.com>
      acae0515
  10. 17 10月, 2008 1 次提交
  11. 26 7月, 2008 1 次提交
  12. 22 7月, 2008 2 次提交
  13. 18 7月, 2007 2 次提交
    • J
      usermodehelper: Tidy up waiting · 86313c48
      Jeremy Fitzhardinge 提交于
      Rather than using a tri-state integer for the wait flag in
      call_usermodehelper_exec, define a proper enum, and use that.  I've
      preserved the integer values so that any callers I've missed should
      still work OK.
      Signed-off-by: NJeremy Fitzhardinge <jeremy@xensource.com>
      Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
      Cc: Randy Dunlap <randy.dunlap@oracle.com>
      Cc: Christoph Hellwig <hch@infradead.org>
      Cc: Andi Kleen <ak@suse.de>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Johannes Berg <johannes@sipsolutions.net>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: Bjorn Helgaas <bjorn.helgaas@hp.com>
      Cc: Joel Becker <joel.becker@oracle.com>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Kay Sievers <kay.sievers@vrfy.org>
      Cc: Srivatsa Vaddagiri <vatsa@in.ibm.com>
      Cc: Oleg Nesterov <oleg@tv-sign.ru>
      Cc: David Howells <dhowells@redhat.com>
      86313c48
    • J
      usermodehelper: split setup from execution · 0ab4dc92
      Jeremy Fitzhardinge 提交于
      Rather than having hundreds of variations of call_usermodehelper for
      various pieces of usermode state which could be set up, split the
      info allocation and initialization from the actual process execution.
      
      This means the general pattern becomes:
       info = call_usermodehelper_setup(path, argv, envp); /* basic state */
       call_usermodehelper_<SET EXTRA STATE>(info, stuff...);	/* extra state */
       call_usermodehelper_exec(info, wait);	/* run process and free info */
      
      This patch introduces wrappers for all the existing calling styles for
      call_usermodehelper_*, but folds their implementations into one.
      Signed-off-by: NJeremy Fitzhardinge <jeremy@xensource.com>
      Cc: Andi Kleen <ak@suse.de>
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: David Howells <dhowells@redhat.com>
      Cc: Bj?rn Steinbrink <B.Steinbrink@gmx.de>
      Cc: Randy Dunlap <randy.dunlap@oracle.com>
      0ab4dc92
  14. 24 2月, 2007 1 次提交
  15. 17 2月, 2007 1 次提交
    • K
      Driver core: let request_module() send a /sys/modules/kmod/-uevent · c353c3fb
      Kay Sievers 提交于
      On recent systems, calls to /sbin/modprobe are handled by udev depending
      on the kind of device the kernel has discovered. This patch creates an
      uevent for the kernels internal request_module(), to let udev take control
      over the request, instead of forking the binary directly by the kernel.
      The direct execution of /sbin/modprobe can be disabled by setting:
        /sys/module/kmod/mod_request_helper (/proc/sys/kernel/modprobe)
      to an empty string, the same way /proc/sys/kernel/hotplug is disabled on an
      udev system.
      Signed-off-by: NKay Sievers <kay.sievers@vrfy.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
      c353c3fb
  16. 01 10月, 2006 1 次提交
  17. 26 4月, 2006 1 次提交
  18. 24 6月, 2005 1 次提交
  19. 17 4月, 2005 1 次提交
    • L
      Linux-2.6.12-rc2 · 1da177e4
      Linus Torvalds 提交于
      Initial git repository build. I'm not bothering with the full history,
      even though we have it. We can create a separate "historical" git
      archive of that later if we want to, and in the meantime it's about
      3.2GB when imported into git - space that would just make the early
      git days unnecessarily complicated, when we don't have a lot of good
      infrastructure for it.
      
      Let it rip!
      1da177e4