1. 17 4月, 2013 1 次提交
  2. 01 4月, 2013 1 次提交
    • P
      Revert "lockdep: check that no locks held at freeze time" · dbf520a9
      Paul Walmsley 提交于
      This reverts commit 6aa97070.
      
      Commit 6aa97070 ("lockdep: check that no locks held at freeze time")
      causes problems with NFS root filesystems.  The failures were noticed on
      OMAP2 and 3 boards during kernel init:
      
        [ BUG: swapper/0/1 still has locks held! ]
        3.9.0-rc3-00344-ga937536b #1 Not tainted
        -------------------------------------
        1 lock held by swapper/0/1:
         #0:  (&type->s_umount_key#13/1){+.+.+.}, at: [<c011e84c>] sget+0x248/0x574
      
        stack backtrace:
          rpc_wait_bit_killable
          __wait_on_bit
          out_of_line_wait_on_bit
          __rpc_execute
          rpc_run_task
          rpc_call_sync
          nfs_proc_get_root
          nfs_get_root
          nfs_fs_mount_common
          nfs_try_mount
          nfs_fs_mount
          mount_fs
          vfs_kern_mount
          do_mount
          sys_mount
          do_mount_root
          mount_root
          prepare_namespace
          kernel_init_freeable
          kernel_init
      
      Although the rootfs mounts, the system is unstable.  Here's a transcript
      from a PM test:
      
        http://www.pwsan.com/omap/testlogs/test_v3.9-rc3/20130317194234/pm/37xxevm/37xxevm_log.txt
      
      Here's what the test log should look like:
      
        http://www.pwsan.com/omap/testlogs/test_v3.8/20130218214403/pm/37xxevm/37xxevm_log.txt
      
      Mailing list discussion is here:
      
        http://lkml.org/lkml/2013/3/4/221
      
      Deal with this for v3.9 by reverting the problem commit, until folks can
      figure out the right long-term course of action.
      Signed-off-by: NPaul Walmsley <paul@pwsan.com>
      Cc: Mandeep Singh Baines <msb@chromium.org>
      Cc: Jeff Layton <jlayton@redhat.com>
      Cc: Shawn Guo <shawn.guo@linaro.org>
      Cc: <maciej.rutecki@gmail.com>
      Cc: Fengguang Wu <fengguang.wu@intel.com>
      Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Ben Chan <benchan@chromium.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Rafael J. Wysocki <rjw@sisk.pl>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      dbf520a9
  3. 29 3月, 2013 1 次提交
  4. 27 3月, 2013 3 次提交
    • E
      userns: Restrict when proc and sysfs can be mounted · 87a8ebd6
      Eric W. Biederman 提交于
      Only allow unprivileged mounts of proc and sysfs if they are already
      mounted when the user namespace is created.
      
      proc and sysfs are interesting because they have content that is
      per namespace, and so fresh mounts are needed when new namespaces
      are created while at the same time proc and sysfs have content that
      is shared between every instance.
      
      Respect the policy of who may see the shared content of proc and sysfs
      by only allowing new mounts if there was an existing mount at the time
      the user namespace was created.
      
      In practice there are only two interesting cases: proc and sysfs are
      mounted at their usual places, proc and sysfs are not mounted at all
      (some form of mount namespace jail).
      
      Cc: stable@vger.kernel.org
      Acked-by: NSerge Hallyn <serge.hallyn@canonical.com>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      87a8ebd6
    • E
      vfs: Add a mount flag to lock read only bind mounts · 90563b19
      Eric W. Biederman 提交于
      When a read-only bind mount is copied from mount namespace in a higher
      privileged user namespace to a mount namespace in a lesser privileged
      user namespace, it should not be possible to remove the the read-only
      restriction.
      
      Add a MNT_LOCK_READONLY mount flag to indicate that a mount must
      remain read-only.
      
      CC: stable@vger.kernel.org
      Acked-by: NSerge Hallyn <serge.hallyn@canonical.com>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      90563b19
    • E
      userns: Don't allow creation if the user is chrooted · 3151527e
      Eric W. Biederman 提交于
      Guarantee that the policy of which files may be access that is
      established by setting the root directory will not be violated
      by user namespaces by verifying that the root directory points
      to the root of the mount namespace at the time of user namespace
      creation.
      
      Changing the root is a privileged operation, and as a matter of policy
      it serves to limit unprivileged processes to files below the current
      root directory.
      
      For reasons of simplicity and comprehensibility the privilege to
      change the root directory is gated solely on the CAP_SYS_CHROOT
      capability in the user namespace.  Therefore when creating a user
      namespace we must ensure that the policy of which files may be access
      can not be violated by changing the root directory.
      
      Anyone who runs a processes in a chroot and would like to use user
      namespace can setup the same view of filesystems with a mount
      namespace instead.  With this result that this is not a practical
      limitation for using user namespaces.
      
      Cc: stable@vger.kernel.org
      Acked-by: NSerge Hallyn <serge.hallyn@canonical.com>
      Reported-by: NAndy Lutomirski <luto@amacapital.net>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      3151527e
  5. 26 3月, 2013 1 次提交
    • L
      usb: add find_raw_port_number callback to struct hc_driver() · 3f5eb141
      Lan Tianyu 提交于
      xhci driver divides the root hub into two logical hubs which work
      respectively for usb 2.0 and usb 3.0 devices. They are independent
      devices in the usb core. But in the ACPI table, it's one device node
      and all usb2.0 and usb3.0 ports are under it. Binding usb port with
      its acpi node needs the raw port number which is reflected in the xhci
      extended capabilities table. This patch is to add find_raw_port_number
      callback to struct hc_driver(), fill it with xhci_find_raw_port_number()
      which will return raw port number and add a wrap usb_hcd_find_raw_port_number().
      
      Otherwise, refactor xhci_find_real_port_number(). Using
      xhci_find_raw_port_number() to get real index in the HW port status
      registers instead of scanning through the xHCI roothub port array.
      This can help to speed up.
      
      All addresses in xhci->usb2_ports and xhci->usb3_ports array are
      kown good ports and don't include following bad ports in the extended
      capabilities talbe.
           (1) root port that doesn't have an entry
           (2) root port with unknown speed
           (3) root port that is listed twice and with different speeds.
      
      So xhci_find_raw_port_number() will only return port num of good ones
      and never touch bad ports above.
      Signed-off-by: NLan Tianyu <tianyu.lan@intel.com>
      Signed-off-by: NSarah Sharp <sarah.a.sharp@linux.intel.com>
      3f5eb141
  6. 23 3月, 2013 3 次提交
    • R
      mm: zone_end_pfn is too small · f9228b20
      Russ Anderson 提交于
      Booting with 32 TBytes memory hits BUG at mm/page_alloc.c:552! (output
      below).
      
      The key hint is "page 4294967296 outside zone".
      4294967296 = 0x100000000 (bit 32 is set).
      
      The problem is in include/linux/mmzone.h:
      
        530 static inline unsigned zone_end_pfn(const struct zone *zone)
        531 {
        532         return zone->zone_start_pfn + zone->spanned_pages;
        533 }
      
      zone_end_pfn is "unsigned" (32 bits).  Changing it to "unsigned long"
      (64 bits) fixes the problem.
      
      zone_end_pfn() was added recently in commit 108bcc96 ("mm: add & use
      zone_end_pfn() and zone_spans_pfn()")
      
      Output from the failure.
      
        No AGP bridge found
        page 4294967296 outside zone [ 4294967296 - 4327469056 ]
        ------------[ cut here ]------------
        kernel BUG at mm/page_alloc.c:552!
        invalid opcode: 0000 [#1] SMP
        Modules linked in:
        CPU 0
        Pid: 0, comm: swapper Not tainted 3.9.0-rc2.dtp+ #10
        RIP: free_one_page+0x382/0x430
        Process swapper (pid: 0, threadinfo ffffffff81942000, task ffffffff81955420)
        Call Trace:
          __free_pages_ok+0x96/0xb0
          __free_pages+0x25/0x50
          __free_pages_bootmem+0x8a/0x8c
          __free_memory_core+0xea/0x131
          free_low_memory_core_early+0x4a/0x98
          free_all_bootmem+0x45/0x47
          mem_init+0x7b/0x14c
          start_kernel+0x216/0x433
          x86_64_start_reservations+0x2a/0x2c
          x86_64_start_kernel+0x144/0x153
        Code: 89 f1 ba 01 00 00 00 31 f6 d3 e2 4c 89 ef e8 66 a4 01 00 e9 2c fe ff ff 0f 0b eb fe 0f 0b 66 66 2e 0f 1f 84 00 00 00 00 00 eb f3 <0f> 0b eb fe 0f 0b 0f 1f 84 00 00 00 00 00 eb f6 0f 0b eb fe 49
      Signed-off-by: NRuss Anderson <rja@sgi.com>
      Reported-by: NGeorge Beshers <gbeshers@sgi.com>
      Acked-by: NHedi Berriche <hedi@sgi.com>
      Cc: Cody P Schafer <cody@linux.vnet.ibm.com>
      Cc: Michal Hocko <mhocko@suse.cz>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      f9228b20
    • F
      printk: Provide a wake_up_klogd() off-case · dc72c32e
      Frederic Weisbecker 提交于
      wake_up_klogd() is useless when CONFIG_PRINTK=n because neither printk()
      nor printk_sched() are in use and there are actually no waiter on
      log_wait waitqueue.  It should be a stub in this case for users like
      bust_spinlocks().
      
      Otherwise this results in this warning when CONFIG_PRINTK=n and
      CONFIG_IRQ_WORK=n:
      
      	kernel/built-in.o In function `wake_up_klogd':
      	(.text.wake_up_klogd+0xb4): undefined reference to `irq_work_queue'
      
      To fix this, provide an off-case for wake_up_klogd() when
      CONFIG_PRINTK=n.
      
      There is much more from console_unlock() and other console related code
      in printk.c that should be moved under CONFIG_PRINTK.  But for now,
      focus on a minimal fix as we passed the merged window already.
      
      [akpm@linux-foundation.org: include printk.h in bust_spinlocks.c]
      Signed-off-by: NFrederic Weisbecker <fweisbec@gmail.com>
      Reported-by: NJames Hogan <james.hogan@imgtec.com>
      Cc: James Hogan <james.hogan@imgtec.com>
      Cc: Steven Rostedt <rostedt@goodmis.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Ingo Molnar <mingo@kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      dc72c32e
    • J
      irq_work.h: fix warning when CONFIG_IRQ_WORK=n · fe8d5261
      James Hogan 提交于
      A randconfig caught repeated compiler warnings when CONFIG_IRQ_WORK=n
      due to the definition of a non-inline static function in
      <linux/irq_work.h>:
      
        include/linux/irq_work.h +40 : warning: 'irq_work_needs_cpu' defined but not used
      
      Make it inline to supress the warning.  This is caused commit
      00b42959 ("irq_work: Don't stop the tick with pending works") merged
      in v3.9-rc1.
      Signed-off-by: NJames Hogan <james.hogan@imgtec.com>
      Signed-off-by: NFrederic Weisbecker <fweisbec@gmail.com>
      Cc: Steven Rostedt <rostedt@goodmis.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      fe8d5261
  7. 22 3月, 2013 2 次提交
  8. 21 3月, 2013 2 次提交
  9. 20 3月, 2013 1 次提交
  10. 19 3月, 2013 2 次提交
    • M
      ARM: video: mxs: Fix mxsfb misconfiguring VDCTRL0 · 6a15075e
      Marek Vasut 提交于
      The issue fixed by this patch manifests only then using X11
      with mxsfb driver. The X11 will display either shifted image
      or otherwise distorted image on the LCD.
      
      The problem is that the X11 tries to reconfigure the framebuffer
      and along the way calls fb_ops.fb_set_par() with X11's desired
      configuration values. The field of particular interest is
      fb_info->var.sync which contains non-standard values if
      configured by kernel. These are either FB_SYNC_DATA_ENABLE_HIGH_ACT,
      FB_SYNC_DOTCLK_FAILING_ACT or both, depending on the platform
      configuration. Both of these values are defined in the
      include/linux/mxsfb.h file.
      
      The driver interprets these values and configures the LCD controller
      accordingly. Yet X11 only has access to the standard values for this
      field defined in include/uapi/linux/fb.h and thus, unlike kernel,
      omits these special values. This results in distorted image on the
      LCD.
      
      This patch moves these non-standard values into new field of the
      mxsfb_platform_data structure so the driver can in turn check this
      field instead of the video mode field for these specific portions.
      
      Moreover, this patch prefixes these values with MXSFB_SYNC_ prefix
      instead of FB_SYNC_ prefix to prevent confusion of subsequent users.
      Signed-off-by: NMarek Vasut <marex@denx.de>
      Cc: Fabio Estevam <fabio.estevam@freescale.com>
      Cc: Linux ARM <linux-arm-kernel@lists.infradead.org>
      Cc: Linux FBDEV <linux-fbdev@vger.kernel.org>
      Cc: Lothar Waßmann <LW@karo-electronics.de>
      Cc: Sascha Hauer <kernel@pengutronix.de>
      Tested-by: NFabio Estevam <fabio.estevam@freescale.com>
      Signed-off-by: NShawn Guo <shawn.guo@linaro.org>
      6a15075e
    • K
      KVM: allow host header to be included even for !CONFIG_KVM · f445f11e
      Kevin Hilman 提交于
      The new context tracking subsystem unconditionally includes kvm_host.h
      headers for the guest enter/exit macros.  This causes a compile
      failure when KVM is not enabled.
      
      Fix by adding an IS_ENABLED(CONFIG_KVM) check to kvm_host so it can
      be included/compiled even when KVM is not enabled.
      
      Cc: Frederic Weisbecker <fweisbec@gmail.com>
      Signed-off-by: NKevin Hilman <khilman@linaro.org>
      Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>
      f445f11e
  11. 18 3月, 2013 2 次提交
  12. 17 3月, 2013 1 次提交
  13. 16 3月, 2013 3 次提交
  14. 15 3月, 2013 1 次提交
    • P
      list: Fix double fetch of pointer in hlist_entry_safe() · f65846a1
      Paul E. McKenney 提交于
      The current version of hlist_entry_safe() fetches the pointer twice,
      once to test for NULL and the other to compute the offset back to the
      enclosing structure.  This is OK for normal lock-based use because in
      that case, the pointer cannot change.  However, when the pointer is
      protected by RCU (as in "rcu_dereference(p)"), then the pointer can
      change at any time.  This use case can result in the following sequence
      of events:
      
      1.	CPU 0 invokes hlist_entry_safe(), fetches the RCU-protected
      	pointer as sees that it is non-NULL.
      
      2.	CPU 1 invokes hlist_del_rcu(), deleting the entry that CPU 0
      	just fetched a pointer to.  Because this is the last entry
      	in the list, the pointer fetched by CPU 0 is now NULL.
      
      3.	CPU 0 refetches the pointer, obtains NULL, and then gets a
      	NULL-pointer crash.
      
      This commit therefore applies gcc's "({ })" statement expression to
      create a temporary variable so that the specified pointer is fetched
      only once, avoiding the above sequence of events.  Please note that
      it is the caller's responsibility to use rcu_dereference() as needed.
      This allows RCU-protected uses to work correctly without imposing
      any additional overhead on the non-RCU case.
      
      Many thanks to Eric Dumazet for spotting root cause!
      Reported-by: NCAI Qian <caiqian@redhat.com>
      Reported-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      Tested-by: NLi Zefan <lizefan@huawei.com>
      f65846a1
  15. 14 3月, 2013 5 次提交
    • P
      skb: Propagate pfmemalloc on skb from head page only · cca7af38
      Pavel Emelyanov 提交于
      Hi.
      
      I'm trying to send big chunks of memory from application address space via
      TCP socket using vmsplice + splice like this
      
         mem = mmap(128Mb);
         vmsplice(pipe[1], mem); /* splice memory into pipe */
         splice(pipe[0], tcp_socket); /* send it into network */
      
      When I'm lucky and a huge page splices into the pipe and then into the socket
      _and_ client and server ends of the TCP connection are on the same host,
      communicating via lo, the whole connection gets stuck! The sending queue
      becomes full and app stops writing/splicing more into it, but the receiving
      queue remains empty, and that's why.
      
      The __skb_fill_page_desc observes a tail page of a huge page and erroneously
      propagates its page->pfmemalloc value onto socket (the pfmemalloc on tail pages
      contain garbage). Then this skb->pfmemalloc leaks through lo and due to the
      
          tcp_v4_rcv
          sk_filter
              if (skb->pfmemalloc && !sock_flag(sk, SOCK_MEMALLOC)) /* true */
                  return -ENOMEM
              goto release_and_discard;
      
      no packets reach the socket. Even TCP re-transmits are dropped by this, as skb
      cloning clones the pfmemalloc flag as well.
      
      That said, here's the proper page->pfmemalloc propagation onto socket: we
      must check the huge-page's head page only, other pages' pfmemalloc and mapping
      values do not contain what is expected in this place. However, I'm not sure
      whether this fix is _complete_, since pfmemalloc propagation via lo also
      oesn't look great.
      
      Both, bit propagation from page to skb and this check in sk_filter, were
      introduced by c48a11c7 (netvm: propagate page->pfmemalloc to skb), in v3.5 so
      Mel and stable@ are in Cc.
      Signed-off-by: NPavel Emelyanov <xemul@parallels.com>
      Acked-by: NEric Dumazet <edumazet@google.com>
      Acked-by: NMel Gorman <mgorman@suse.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      cca7af38
    • E
      tcp: fix skb_availroom() · 16fad69c
      Eric Dumazet 提交于
      Chrome OS team reported a crash on a Pixel ChromeBook in TCP stack :
      
      https://code.google.com/p/chromium/issues/detail?id=182056
      
      commit a21d4572 (tcp: avoid order-1 allocations on wifi and tx
      path) did a poor choice adding an 'avail_size' field to skb, while
      what we really needed was a 'reserved_tailroom' one.
      
      It would have avoided commit 22b4a4f2 (tcp: fix retransmit of
      partially acked frames) and this commit.
      
      Crash occurs because skb_split() is not aware of the 'avail_size'
      management (and should not be aware)
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Reported-by: NMukesh Agrawal <quiche@chromium.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      16fad69c
    • B
      mtd: nand: reintroduce NAND_NO_READRDY as NAND_NEED_READRDY · 5bc7c33c
      Brian Norris 提交于
      This partially reverts commit 1696e6bc
      ("mtd: nand: kill NAND_NO_READRDY").
      
      In that patch I overlooked a few things.
      
      The original documentation for NAND_NO_READRDY included "True for all
      large page devices, as they do not support autoincrement." I was
      conflating "not support autoincrement" with the NAND_NO_AUTOINCR option,
      which was in fact doing nothing. So, when I dropped NAND_NO_AUTOINCR, I
      concluded that I then could harmlessly drop NAND_NO_READRDY. But of
      course the fact the NAND_NO_AUTOINCR was doing nothing didn't mean
      NAND_NO_READRDY was doing nothing...
      
      So, NAND_NO_READRDY is re-introduced as NAND_NEED_READRDY and applied
      only to those few remaining small-page NAND which needed it in the first
      place.
      
      Cc: stable@kernel.org [3.5+]
      Reported-by: NAlexander Shiyan <shc_work@mail.ru>
      Tested-by: NAlexander Shiyan <shc_work@mail.ru>
      Signed-off-by: NBrian Norris <computersforpeace@gmail.com>
      Signed-off-by: NDavid Woodhouse <David.Woodhouse@intel.com>
      5bc7c33c
    • T
      idr: deprecate idr_pre_get() and idr_get_new[_above]() · c8615d37
      Tejun Heo 提交于
      Now that all in-kernel users are converted to ues the new alloc
      interface, mark the old interface deprecated.  We should be able to
      remove these in a few releases.
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      c8615d37
    • A
      include/linux/res_counter.h needs errno.h · ebf47beb
      Andrew Morton 提交于
      alpha allmodconfig:
      
        In file included from mm/memcontrol.c:28:
        include/linux/res_counter.h: In function 'res_counter_set_limit':
        include/linux/res_counter.h:203: error: 'EBUSY' undeclared (first use in this function)
        include/linux/res_counter.h:203: error: (Each undeclared identifier is reported only once
        include/linux/res_counter.h:203: error: for each function it appears in.)
      
      Cc: Kamezawa Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
      Cc: Glauber Costa <glommer@parallels.com>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Frederic Weisbecker <fweisbec@redhat.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      ebf47beb
  16. 13 3月, 2013 2 次提交
  17. 12 3月, 2013 3 次提交
  18. 09 3月, 2013 1 次提交
  19. 05 3月, 2013 1 次提交
    • N
      usb: gadget: composite: fix kernel-doc warnings · 43febb27
      Nishanth Menon 提交于
      A few trivial fixes for composite driver:
      
      Warning(include/linux/usb/composite.h:165): No description found for parameter
      	'fs_descriptors'
      Warning(include/linux/usb/composite.h:165): Excess struct/union/enum/typedef
      	member 'descriptors' description in 'usb_function'
      Warning(include/linux/usb/composite.h:321): No description found for parameter
      	'gadget_driver'
      Warning(drivers/usb/gadget/composite.c:1777): Excess function parameter 'bind'
      	description in 'usb_composite_probe'
      
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Jiri Kosina <trivial@kernel.org>
      Cc: linux-usb@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Signed-off-by: NNishanth Menon <nm@ti.com>
      Signed-off-by: NFelipe Balbi <balbi@ti.com>
      43febb27
  20. 04 3月, 2013 2 次提交
    • K
      eCryptfs: allow userspace messaging to be disabled · 290502be
      Kees Cook 提交于
      When the userspace messaging (for the less common case of userspace key
      wrap/unwrap via ecryptfsd) is not needed, allow eCryptfs to build with
      it removed. This saves on kernel code size and reduces potential attack
      surface by removing the /dev/ecryptfs node.
      Signed-off-by: NKees Cook <keescook@chromium.org>
      Signed-off-by: NTyler Hicks <tyhicks@canonical.com>
      290502be
    • E
      fs: Limit sys_mount to only request filesystem modules. · 7f78e035
      Eric W. Biederman 提交于
      Modify the request_module to prefix the file system type with "fs-"
      and add aliases to all of the filesystems that can be built as modules
      to match.
      
      A common practice is to build all of the kernel code and leave code
      that is not commonly needed as modules, with the result that many
      users are exposed to any bug anywhere in the kernel.
      
      Looking for filesystems with a fs- prefix limits the pool of possible
      modules that can be loaded by mount to just filesystems trivially
      making things safer with no real cost.
      
      Using aliases means user space can control the policy of which
      filesystem modules are auto-loaded by editing /etc/modprobe.d/*.conf
      with blacklist and alias directives.  Allowing simple, safe,
      well understood work-arounds to known problematic software.
      
      This also addresses a rare but unfortunate problem where the filesystem
      name is not the same as it's module name and module auto-loading
      would not work.  While writing this patch I saw a handful of such
      cases.  The most significant being autofs that lives in the module
      autofs4.
      
      This is relevant to user namespaces because we can reach the request
      module in get_fs_type() without having any special permissions, and
      people get uncomfortable when a user specified string (in this case
      the filesystem type) goes all of the way to request_module.
      
      After having looked at this issue I don't think there is any
      particular reason to perform any filtering or permission checks beyond
      making it clear in the module request that we want a filesystem
      module.  The common pattern in the kernel is to call request_module()
      without regards to the users permissions.  In general all a filesystem
      module does once loaded is call register_filesystem() and go to sleep.
      Which means there is not much attack surface exposed by loading a
      filesytem module unless the filesystem is mounted.  In a user
      namespace filesystems are not mounted unless .fs_flags = FS_USERNS_MOUNT,
      which most filesystems do not set today.
      Acked-by: NSerge Hallyn <serge.hallyn@canonical.com>
      Acked-by: NKees Cook <keescook@chromium.org>
      Reported-by: NKees Cook <keescook@google.com>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      7f78e035
  21. 03 3月, 2013 2 次提交
    • J
      mm: define VM_GROWSUP for CONFIG_METAG · 9ca52ed9
      James Hogan 提交于
      Commit cc2383ec ("mm: introduce
      arch-specific vma flag VM_ARCH_1") merged in v3.7-rc1.
      
      The above commit combined several arch-specific vma flags into one, and
      in the process it changed the VM_GROWSUP definition to depend on
      specific architectures rather than CONFIG_STACK_GROWSUP. Therefore add
      an ifdef for CONFIG_METAG to also set VM_GROWSUP.
      Signed-off-by: NJames Hogan <james.hogan@imgtec.com>
      Cc: Konstantin Khlebnikov <khlebnikov@openvz.org>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Mel Gorman <mgorman@suse.de>
      Cc: Michel Lespinasse <walken@google.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: linux-mm@kvack.org
      9ca52ed9
    • J
      metag: Internal and external irqchips · 5698c50d
      James Hogan 提交于
      Meta core internal interrupts (from HWSTATMETA and friends) are vectored
      onto the TR1 core trigger for the current thread. This is demultiplexed
      in irq-metag.c to individual Linux IRQs for each internal interrupt.
      
      External SoC interrupts (from HWSTATEXT and friends) are vectored onto
      the TR2 core trigger for the current thread. This is demultiplexed in
      irq-metag-ext.c to individual Linux IRQs for each external SoC interrupt.
      The external irqchip has devicetree bindings for configuring the number
      of irq banks and the type of masking available.
      Signed-off-by: NJames Hogan <james.hogan@imgtec.com>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Grant Likely <grant.likely@secretlab.ca>
      Cc: Rob Herring <rob.herring@calxeda.com>
      Cc: Rob Landley <rob@landley.net>
      Cc: Dom Cobley <popcornmix@gmail.com>
      Cc: Simon Arlott <simon@fire.lp0.eu>
      Cc: Viresh Kumar <viresh.kumar@linaro.org>
      Cc: Maxime Ripard <maxime.ripard@free-electrons.com>
      Cc: devicetree-discuss@lists.ozlabs.org
      Cc: linux-doc@vger.kernel.org
      5698c50d