1. 21 10月, 2015 1 次提交
    • D
      KEYS: Merge the type-specific data with the payload data · 146aa8b1
      David Howells 提交于
      Merge the type-specific data with the payload data into one four-word chunk
      as it seems pointless to keep them separate.
      
      Use user_key_payload() for accessing the payloads of overloaded
      user-defined keys.
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      cc: linux-cifs@vger.kernel.org
      cc: ecryptfs@vger.kernel.org
      cc: linux-ext4@vger.kernel.org
      cc: linux-f2fs-devel@lists.sourceforge.net
      cc: linux-nfs@vger.kernel.org
      cc: ceph-devel@vger.kernel.org
      cc: linux-ima-devel@lists.sourceforge.net
      146aa8b1
  2. 18 8月, 2015 1 次提交
  3. 02 6月, 2015 1 次提交
  4. 24 4月, 2015 2 次提交
  5. 04 2月, 2015 1 次提交
  6. 17 9月, 2014 1 次提交
  7. 23 7月, 2014 1 次提交
  8. 18 7月, 2014 1 次提交
    • D
      KEYS: Allow special keys (eg. DNS results) to be invalidated by CAP_SYS_ADMIN · 0c7774ab
      David Howells 提交于
      Special kernel keys, such as those used to hold DNS results for AFS, CIFS and
      NFS and those used to hold idmapper results for NFS, used to be
      'invalidateable' with key_revoke().  However, since the default permissions for
      keys were reduced:
      
      	Commit: 96b5c8fe
      	KEYS: Reduce initial permissions on keys
      
      it has become impossible to do this.
      
      Add a key flag (KEY_FLAG_ROOT_CAN_INVAL) that will permit a key to be
      invalidated by root.  This should not be used for system keyrings as the
      garbage collector will try and remove any invalidate key.  For system keyrings,
      KEY_FLAG_ROOT_CAN_CLEAR can be used instead.
      
      After this, from userspace, keyctl_invalidate() and "keyctl invalidate" can be
      used by any possessor of CAP_SYS_ADMIN (typically root) to invalidate DNS and
      idmapper keys.  Invalidated keys are immediately garbage collected and will be
      immediately rerequested if needed again.
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Tested-by: NSteve Dickson <steved@redhat.com>
      0c7774ab
  9. 01 9月, 2013 1 次提交
  10. 30 8月, 2013 1 次提交
  11. 22 8月, 2013 2 次提交
  12. 29 6月, 2013 1 次提交
  13. 21 3月, 2013 1 次提交
  14. 23 2月, 2013 1 次提交
  15. 13 2月, 2013 2 次提交
  16. 03 10月, 2012 2 次提交
  17. 02 10月, 2012 2 次提交
  18. 29 9月, 2012 3 次提交
  19. 17 8月, 2012 2 次提交
  20. 31 7月, 2012 2 次提交
    • B
      NFS: Keep module parameters in the generic NFS client · fac1e8e4
      Bryan Schumaker 提交于
      Otherwise we break backwards compatibility when v4 becomes a modules.
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      fac1e8e4
    • D
      NFS: Fix a number of bugs in the idmapper · a427b9ec
      David Howells 提交于
      Fix a number of bugs in the NFS idmapper code:
      
       (1) Only registered key types can be passed to the core keys code, so
           register the legacy idmapper key type.
      
           This is a requirement because the unregister function cleans up keys
           belonging to that key type so that there aren't dangling pointers to the
           module left behind - including the key->type pointer.
      
       (2) Rename the legacy key type.  You can't have two key types with the same
           name, and (1) would otherwise require that.
      
       (3) complete_request_key() must be called in the error path of
           nfs_idmap_legacy_upcall().
      
       (4) There is one idmap struct for each nfs_client struct.  This means that
           idmap->idmap_key_cons is shared without the use of a lock.  This is a
           problem because key_instantiate_and_link() - as called indirectly by
           idmap_pipe_downcall() - releases anyone waiting for the key to be
           instantiated.
      
           What happens is that idmap_pipe_downcall() running in the rpc.idmapd
           thread, releases the NFS filesystem in whatever thread that is running in
           to continue.  This may then make another idmapper call, overwriting
           idmap_key_cons before idmap_pipe_downcall() gets the chance to call
           complete_request_key().
      
           I *think* that reading idmap_key_cons only once, before
           key_instantiate_and_link() is called, and then caching the result in a
           variable is sufficient.
      
      Bug (4) is the cause of:
      
      BUG: unable to handle kernel NULL pointer dereference at           (null)
      IP: [<          (null)>]           (null)
      PGD 0
      Oops: 0010 [#1] SMP
      CPU 1
      Modules linked in: ppdev parport_pc lp parport ip6table_filter ip6_tables ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack nfs fscache xt_CHECKSUM auth_rpcgss iptable_mangle nfs_acl bridge stp llc lockd be2iscsi iscsi_boot_sysfs bnx2i cnic uio cxgb4i cxgb4 cxgb3i libcxgbi cxgb3 mdio ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi snd_hda_codec_realtek snd_usb_audio snd_hda_intel snd_hda_codec snd_seq snd_pcm snd_hwdep snd_usbmidi_lib snd_rawmidi snd_timer uvcvideo videobuf2_core videodev media videobuf2_vmalloc snd_seq_device videobuf2_memops e1000e vhost_net iTCO_wdt joydev coretemp snd soundcore macvtap macvlan i2c_i801 snd_page_alloc tun iTCO_vendor_support microcode kvm_intel kvm sunrpc hid_logitech_dj usb_storage i915 drm_kms_helper drm i2c_algo_bit i2c_core video [last unloaded: scsi_wait_scan]
      Pid: 1229, comm: rpc.idmapd Not tainted 3.4.2-1.fc16.x86_64 #1 Gateway DX4710-UB801A/G33M05G1
      RIP: 0010:[<0000000000000000>]  [<          (null)>]           (null)
      RSP: 0018:ffff8801a3645d40  EFLAGS: 00010246
      RAX: ffff880077707e30 RBX: ffff880077707f50 RCX: ffff8801a18ccd80
      RDX: 0000000000000006 RSI: ffff8801a3645e75 RDI: ffff880077707f50
      RBP: ffff8801a3645d88 R08: ffff8801a430f9c0 R09: ffff8801a3645db0
      R10: 000000000000000a R11: 0000000000000246 R12: ffff8801a18ccd80
      R13: ffff8801a3645e75 R14: ffff8801a430f9c0 R15: 0000000000000006
      FS:  00007fb6fb51a700(0000) GS:ffff8801afc80000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000000000000000 CR3: 00000001a49b0000 CR4: 00000000000027e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      Process rpc.idmapd (pid: 1229, threadinfo ffff8801a3644000, task ffff8801a3bf9710)
      Stack:
       ffffffff81260878 ffff8801a3645db0 ffff8801a3645db0 ffff880077707a90
       ffff880077707f50 ffff8801a18ccd80 0000000000000006 ffff8801a3645e75
       ffff8801a430f9c0 ffff8801a3645dd8 ffffffff81260983 ffff8801a3645de8
      Call Trace:
       [<ffffffff81260878>] ? __key_instantiate_and_link+0x58/0x100
       [<ffffffff81260983>] key_instantiate_and_link+0x63/0xa0
       [<ffffffffa057062b>] idmap_pipe_downcall+0x1cb/0x1e0 [nfs]
       [<ffffffffa0107f57>] rpc_pipe_write+0x67/0x90 [sunrpc]
       [<ffffffff8117f833>] vfs_write+0xb3/0x180
       [<ffffffff8117fb5a>] sys_write+0x4a/0x90
       [<ffffffff81600329>] system_call_fastpath+0x16/0x1b
      Code:  Bad RIP value.
      RIP  [<          (null)>]           (null)
       RSP <ffff8801a3645d40>
      CR2: 0000000000000000
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Reviewed-by: NSteve Dickson <steved@redhat.com>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      Cc: stable@vger.kernel.org [>= 3.4]
      a427b9ec
  21. 21 6月, 2012 1 次提交
  22. 24 5月, 2012 2 次提交
  23. 23 5月, 2012 1 次提交
  24. 15 5月, 2012 1 次提交
  25. 29 4月, 2012 1 次提交
  26. 13 3月, 2012 1 次提交
  27. 12 3月, 2012 1 次提交
    • T
      NFS: Fix a number of sparse warnings · 17280175
      Trond Myklebust 提交于
      Fix a number of "warning: symbol 'foo' was not declared. Should it be
      static?" conditions.
      
      Fix 2 cases of "warning: Using plain integer as NULL pointer"
      
      fs/nfs/delegation.c:263:31: warning: restricted fmode_t degrades to integer
        - We want to allow upgrades to a WRITE delegation, but should otherwise
          consider servers that hand out duplicate delegations to be borken.
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      17280175
  28. 02 3月, 2012 1 次提交
  29. 28 2月, 2012 1 次提交
  30. 15 2月, 2012 1 次提交